scimitar 1.8.1 → 1.10.0

data/spec/models/scimitar/schema/user_spec.rb

@@ -27,7 +27,7 @@ RSpec.describe Scimitar::Schema::User do
         "subAttributes": [
           {
             "multiValued": false,
-            "required": true,
+            "required": false,
             "caseExact": false,
             "mutability": "readWrite",
             "uniqueness": "none",
@@ -37,7 +37,7 @@ RSpec.describe Scimitar::Schema::User do
           },
           {
             "multiValued": false,
-            "required": true,
+            "required": false,
             "caseExact": false,
             "mutability": "readWrite",
             "uniqueness": "none",

data/spec/requests/active_record_backed_resources_controller_spec.rb

@@ -14,7 +14,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     ids = 3.times.map { SecureRandom.uuid }.sort()
 
     @u1 = MockUser.create!(primary_key: ids.shift(), username: '1', first_name: 'Foo', last_name: 'Ark', home_email_address: 'home_1@test.com', scim_uid: '001', created_at: lmt, updated_at: lmt + 1)
-    @u2 = MockUser.create!(primary_key: ids.shift(), username: '2', first_name: 'Foo', last_name: 'Bar', home_email_address: 'home_2@test.com', scim_uid: '002', created_at: lmt, updated_at: lmt + 2)
+    @u2 = MockUser.create!(primary_key: ids.shift(), username: '2', first_name: 'Foo', last_name: 'Bar', home_email_address: 'home_2@test.com', scim_uid: '002', created_at: lmt, updated_at: lmt + 2, password: 'oldpassword')
     @u3 = MockUser.create!(primary_key: ids.shift(), username: '3', first_name: 'Foo',                   home_email_address: 'home_3@test.com', scim_uid: '003', created_at: lmt, updated_at: lmt + 3)
 
     @g1 = MockGroup.create!(display_name: 'Group 1')
@@ -107,6 +107,37 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(usernames).to match_array(['2'])
       end
 
+      it 'returns only the requested attributes' do
+        get '/Users', params: {
+          format: :scim,
+          attributes: "id,name"
+        }
+
+        expect(response.status                 ).to eql(200)
+        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+        result = JSON.parse(response.body)
+
+        expect(result['totalResults']).to eql(3)
+        expect(result['Resources'].size).to eql(3)
+
+        keys = result['Resources'].map { |resource| resource.keys }.flatten.uniq
+
+        expect(keys).to match_array(%w[
+          id
+          meta
+          name
+          schemas
+          urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
+          urn:ietf:params:scim:schemas:extension:manager:1.0:User
+        ])
+        expect(result.dig('Resources', 0, 'id')).to eql @u1.primary_key.to_s
+        expect(result.dig('Resources', 0, 'name', 'givenName')).to eql 'Foo'
+        expect(result.dig('Resources', 0, 'name', 'familyName')).to eql 'Ark'
+      end
+
+      # https://github.com/RIPAGlobal/scimitar/issues/37
+      #
       it 'applies a filter, with case-insensitive attribute matching (GitHub issue #37)' do
         get '/Users', params: {
           format: :scim,
@@ -128,6 +159,30 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(usernames).to match_array(['2'])
       end
 
+      # https://github.com/RIPAGlobal/scimitar/issues/115
+      #
+      it 'handles broken Microsoft filters (GitHub issue #115)' do
+        get '/Users', params: {
+          format: :scim,
+          filter: 'name[givenName eq "FOO"].familyName pr and emails ne "home_1@test.com"'
+        }
+
+        expect(response.status                 ).to eql(200)
+        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+        result = JSON.parse(response.body)
+
+        expect(result['totalResults']).to eql(1)
+        expect(result['Resources'].size).to eql(1)
+
+        ids = result['Resources'].map { |resource| resource['id'] }
+        expect(ids).to match_array([@u2.primary_key.to_s])
+
+        usernames = result['Resources'].map { |resource| resource['userName'] }
+        expect(usernames).to match_array(['2'])
+      end
+
+
       # Strange attribute capitalisation in tests here builds on test coverage
       # for now-fixed GitHub issue #37.
       #
@@ -345,6 +400,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
 
           attributes = {
             userName: '4',
+            password: 'correcthorsebatterystaple',
             name: {
               givenName: 'Given',
               familyName: 'Family'
@@ -379,11 +435,82 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           expect(result['id']).to eql(new_mock.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           expect(new_mock.username).to eql('4')
+          expect(new_mock.password).to eql('correcthorsebatterystaple')
           expect(new_mock.first_name).to eql('Given')
           expect(new_mock.last_name).to eql('Family')
           expect(new_mock.home_email_address).to eql('home_4@test.com')
           expect(new_mock.work_email_address).to eql('work_4@test.com')
         end
+
+        it 'with schema ID value keys without inline attributes' do
+          mock_before = MockUser.all.to_a
+
+          attributes = {
+            userName: '4',
+            'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User': {
+              organization: 'Foo Bar!',
+              department:   'Bar Foo!'
+            },
+            'urn:ietf:params:scim:schemas:extension:manager:1.0:User': {
+              manager: 'Foo Baz!'
+            }
+          }
+
+          attributes = spec_helper_hupcase(attributes) if force_upper_case
+
+          expect {
+            post "/Users", params: attributes.merge(format: :scim)
+          }.to change { MockUser.count }.by(1)
+
+          mock_after = MockUser.all.to_a
+          new_mock = (mock_after - mock_before).first
+
+          expect(response.status                 ).to eql(201)
+          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+          result = JSON.parse(response.body)
+
+          expect(new_mock.organization).to eql('Foo Bar!')
+          expect(new_mock.department  ).to eql('Bar Foo!')
+          expect(new_mock.manager     ).to eql('Foo Baz!')
+
+          expect(result['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['organization']).to eql(new_mock.organization)
+          expect(result['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['department'  ]).to eql(new_mock.department  )
+          expect(result['urn:ietf:params:scim:schemas:extension:manager:1.0:User'   ]['manager'     ]).to eql(new_mock.manager     )
+        end
+
+        it 'with schema ID value keys that have inline attributes' do
+          mock_before = MockUser.all.to_a
+
+          attributes = {
+            userName: '4',
+            'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization': 'Foo Bar!',
+            'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department':   'Bar Foo!',
+            'urn:ietf:params:scim:schemas:extension:manager:1.0:User:manager':         'Foo Baz!'
+          }
+
+          attributes = spec_helper_hupcase(attributes) if force_upper_case
+
+          expect {
+            post "/Users", params: attributes.merge(format: :scim)
+          }.to change { MockUser.count }.by(1)
+
+          mock_after = MockUser.all.to_a
+          new_mock = (mock_after - mock_before).first
+
+          expect(response.status                 ).to eql(201)
+          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+          result = JSON.parse(response.body)
+
+          expect(new_mock.organization).to eql('Foo Bar!')
+          expect(new_mock.department  ).to eql('Bar Foo!')
+          expect(new_mock.manager     ).to eql('Foo Baz!')
+
+          expect(result['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['organization']).to eql(new_mock.organization)
+          expect(result['urn:ietf:params:scim:schemas:extension:enterprise:2.0:User']['department'  ]).to eql(new_mock.department  )
+          expect(result['urn:ietf:params:scim:schemas:extension:manager:1.0:User'   ]['manager'     ]).to eql(new_mock.manager     )
+        end
       end # "shared_examples 'a creator' do | force_upper_case: |"
 
       context 'using schema-matched case' do
@@ -511,6 +638,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
 
         result = JSON.parse(response.body)
+
         expect(result['scimType']).to eql('invalidValue')
         expect(result['detail']).to include('is reserved')
       end
@@ -522,14 +650,41 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
   context '#replace' do
     shared_examples 'a replacer' do | force_upper_case: |
       it 'which replaces all attributes in an instance' do
-        attributes = { userName: '4' }  # Minimum required by schema
+        attributes = { userName: '4' } # Minimum required by schema
         attributes = spec_helper_hupcase(attributes) if force_upper_case
 
         # Prove that certain known pathways are called; can then unit test
         # those if need be and be sure that this covers #replace actions.
         #
         expect_any_instance_of(MockUsersController).to receive(:replace).once.and_call_original
-        expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
+        expect_any_instance_of(MockUsersController).to receive(:save!  ).once.and_call_original
+        expect {
+          put "/Users/#{@u2.primary_key}", params: attributes.merge(format: :scim)
+        }.to_not change { MockUser.count }
+
+        expect(response.status                 ).to eql(200)
+        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+        result = JSON.parse(response.body)
+
+        expect(result['id']).to eql(@u2.primary_key.to_s)
+        expect(result['meta']['resourceType']).to eql('User')
+
+        expect(result).to     have_key('name')
+        expect(result).to_not have_key('password')
+
+        @u2.reload
+
+        expect(@u2.username).to eql('4')
+        expect(@u2.first_name).to be_nil
+        expect(@u2.last_name).to be_nil
+        expect(@u2.home_email_address).to be_nil
+        expect(@u2.password).to be_nil
+      end
+
+      it 'can replace passwords' do
+        attributes = { userName: '4', password: 'correcthorsebatterystaple' }
+        attributes = spec_helper_hupcase(attributes) if force_upper_case
 
         expect {
           put "/Users/#{@u2.primary_key}", params: attributes.merge(format: :scim)
@@ -543,12 +698,16 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(result['id']).to eql(@u2.primary_key.to_s)
         expect(result['meta']['resourceType']).to eql('User')
 
+        expect(result).to     have_key('name')
+        expect(result).to_not have_key('password')
+
         @u2.reload
 
         expect(@u2.username).to eql('4')
         expect(@u2.first_name).to be_nil
         expect(@u2.last_name).to be_nil
         expect(@u2.home_email_address).to be_nil
+        expect(@u2.password).to eql('correcthorsebatterystaple')
       end
     end # "shared_examples 'a replacer' do | force_upper_case: |"
 
@@ -626,7 +785,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
 
     context 'with a block' do
       it 'invokes the block' do
-        attributes = { userName: '4' }  # Minimum required by schema
+        attributes = { userName: '4' } # Minimum required by schema
 
         expect_any_instance_of(CustomReplaceMockUsersController).to receive(:replace).once.and_call_original
         expect {
@@ -681,7 +840,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
 
   context '#update' do
     shared_examples 'an updater' do | force_upper_case: |
-      it 'which patches specific attributes' do
+      it 'which patches regular attributes' do
         payload = {
           Operations: [
             {
@@ -717,6 +876,9 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(result['id']).to eql(@u2.primary_key.to_s)
         expect(result['meta']['resourceType']).to eql('User')
 
+        expect(result).to     have_key('name')
+        expect(result).to_not have_key('password')
+
         @u2.reload
 
         expect(@u2.username).to eql('4')
@@ -724,6 +886,151 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(@u2.last_name).to eql('Bar')
         expect(@u2.home_email_address).to eql('home_2@test.com')
         expect(@u2.work_email_address).to eql('work_4@test.com')
+        expect(@u2.password).to eql('oldpassword')
+      end
+
+      context 'which' do
+        shared_examples 'it handles not-to-spec in-value Azure/Entra dotted attribute paths' do | operation |
+          it "and performs operation" do
+            payload = {
+              Operations: [
+                {
+                  op: 'add',
+                  value: {
+                    'name.givenName'  => 'Foo!',
+                    'name.familyName' => 'Bar!',
+                    'name.formatted'  => 'Foo! Bar!' # Unrecognised; should be ignored
+                  },
+                },
+              ]
+            }
+
+            payload = spec_helper_hupcase(payload) if force_upper_case
+            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+
+            expect(response.status                 ).to eql(200)
+            expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+            @u2.reload
+            result = JSON.parse(response.body)
+
+            expect(@u2.first_name).to eql('Foo!')
+            expect(@u2.last_name ).to eql('Bar!')
+          end
+        end
+
+        it_behaves_like 'it handles not-to-spec in-value Azure/Entra dotted attribute paths', 'add'
+        it_behaves_like 'it handles not-to-spec in-value Azure/Entra dotted attribute paths', 'replace'
+
+        shared_examples 'it handles schema ID value keys without inline attributes' do | operation |
+          it "and performs operation" do
+            payload = {
+              Operations: [
+                {
+                  op: operation,
+                  value: {
+                    'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User': {
+                      'organization' => 'Foo Bar!',
+                      'department'   => 'Bar Foo!'
+                    },
+                    'urn:ietf:params:scim:schemas:extension:manager:1.0:User': {
+                      'manager' => 'Foo Baz!'
+                    }
+                  },
+                },
+              ]
+            }
+
+            @u2.update!(organization: 'Old org')
+            payload = spec_helper_hupcase(payload) if force_upper_case
+            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+
+            expect(response.status                 ).to eql(200)
+            expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+            @u2.reload
+            result = JSON.parse(response.body)
+
+            expect(@u2.organization).to eql('Foo Bar!')
+            expect(@u2.department  ).to eql('Bar Foo!')
+            expect(@u2.manager     ).to eql('Foo Baz!')
+          end
+        end
+
+        it_behaves_like 'it handles schema ID value keys without inline attributes', 'add'
+        it_behaves_like 'it handles schema ID value keys without inline attributes', 'replace'
+
+        shared_examples 'it handles schema ID value keys with inline attributes' do
+          it "and performs operation" do
+            payload = {
+              Operations: [
+                {
+                  op: 'add',
+                  value: {
+                    'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:organization' => 'Foo Bar!',
+                    'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department'   => 'Bar Foo!',
+                    'urn:ietf:params:scim:schemas:extension:manager:1.0:User:manager'         => 'Foo Baz!'
+                  },
+                },
+              ]
+            }
+
+            @u2.update!(organization: 'Old org')
+            payload = spec_helper_hupcase(payload) if force_upper_case
+            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+
+            expect(response.status                 ).to eql(200)
+            expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+            @u2.reload
+            result = JSON.parse(response.body)
+
+            expect(@u2.organization).to eql('Foo Bar!')
+            expect(@u2.department  ).to eql('Bar Foo!')
+            expect(@u2.manager     ).to eql('Foo Baz!')
+          end
+        end
+
+        it_behaves_like 'it handles schema ID value keys with inline attributes', 'add'
+        it_behaves_like 'it handles schema ID value keys with inline attributes', 'replace'
+      end
+
+      it 'which patches "returned: \'never\'" fields' do
+        payload = {
+          Operations: [
+            {
+              op: 'replace',
+              path: 'password',
+              value: 'correcthorsebatterystaple'
+            }
+          ]
+        }
+
+        payload = spec_helper_hupcase(payload) if force_upper_case
+
+        expect {
+          patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+        }.to_not change { MockUser.count }
+
+        expect(response.status                 ).to eql(200)
+        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+
+        result = JSON.parse(response.body)
+
+        expect(result['id']).to eql(@u2.primary_key.to_s)
+        expect(result['meta']['resourceType']).to eql('User')
+
+        expect(result).to     have_key('name')
+        expect(result).to_not have_key('password')
+
+        @u2.reload
+
+        expect(@u2.username).to eql('2')
+        expect(@u2.first_name).to eql('Foo')
+        expect(@u2.last_name).to eql('Bar')
+        expect(@u2.home_email_address).to eql('home_2@test.com')
+        expect(@u2.work_email_address).to be_nil
+        expect(@u2.password).to eql('correcthorsebatterystaple')
       end
 
       context 'which clears attributes' do

data/spec/requests/engine_spec.rb

@@ -42,4 +42,79 @@ RSpec.describe Scimitar::Engine do
       expect(JSON.parse(response.body)['name']['familyName']).to eql('baz')
     end
   end # "context 'parameter parser' do"
+
+  # These are unit tests rather than request tests; seems like a reasonable
+  # place to put them in the absence of a standardised RSpec "engine" location.
+  #
+  context 'engine unit tests' do
+    around :each do | example |
+      license_schema = Class.new(Scimitar::Schema::Base) do
+        def initialize(options = {})
+          super(name: 'License', id: self.class.id(), description: 'Represents a License')
+        end
+        def self.id; 'urn:ietf:params:scim:schemas:license'; end
+        def self.scim_attributes; []; end
+      end
+
+      @license_resource = Class.new(Scimitar::Resources::Base) do
+        self.set_schema(license_schema)
+        def self.endpoint; '/License'; end
+      end
+
+      example.run()
+    ensure
+      Scimitar::Engine.reset_default_resources()
+      Scimitar::Engine.reset_custom_resources()
+    end
+
+    context '::resources, :add_custom_resource, ::set_default_resources' do
+      it 'returns default resources' do
+        expect(Scimitar::Engine.resources()).to match_array([Scimitar::Resources::User, Scimitar::Resources::Group])
+      end
+
+      it 'includes custom resources' do
+        Scimitar::Engine.add_custom_resource(@license_resource)
+        expect(Scimitar::Engine.resources()).to match_array([Scimitar::Resources::User, Scimitar::Resources::Group, @license_resource])
+      end
+
+      it 'notes changes to defaults' do
+        Scimitar::Engine::set_default_resources([Scimitar::Resources::User])
+        expect(Scimitar::Engine.resources()).to match_array([Scimitar::Resources::User])
+      end
+
+      it 'notes changes to defaults with custom resources added' do
+        Scimitar::Engine::set_default_resources([Scimitar::Resources::User])
+        Scimitar::Engine.add_custom_resource(@license_resource)
+        expect(Scimitar::Engine.resources()).to match_array([Scimitar::Resources::User, @license_resource])
+      end
+
+      it 'rejects bad defaults' do
+        expect {
+          Scimitar::Engine::set_default_resources([@license_resource])
+        }.to raise_error('Scimitar::Engine::set_default_resources: Only Scimitar::Resources::User, Scimitar::Resources::Group are supported')
+      end
+
+      it 'rejects empty defaults' do
+        expect {
+          Scimitar::Engine::set_default_resources([])
+        }.to raise_error('Scimitar::Engine::set_default_resources: At least one resource must be given')
+      end
+    end # "context '::resources, :add_custom_resource, ::set_default_resources' do"
+
+    context '#schemas' do
+      it 'returns schema instances from ::resources' do
+        expect(Scimitar::Engine).to receive(:resources).and_return([Scimitar::Resources::User, @license_resource])
+
+        schema_instances = Scimitar::Engine.schemas()
+        schema_classes   = schema_instances.map(&:class)
+
+        expect(schema_classes).to match_array([
+          Scimitar::Schema::User,
+          ScimSchemaExtensions::User::Enterprise,
+          ScimSchemaExtensions::User::Manager,
+          @license_resource.schemas.first
+        ])
+      end
+    end # "context '#schemas' do"
+  end # "context 'engine unit tests' do"
 end

data/spec/spec_helper.rb

@@ -19,7 +19,7 @@ require File.expand_path('../apps/dummy/config/environment', __FILE__)
 abort("The Rails environment is running in production mode!") if Rails.env.production?
 
 require 'rspec/rails'
-require 'byebug'
+require 'debug'
 require 'scimitar'
 
 # ============================================================================

data/spec/support/hash_with_indifferent_case_insensitive_access_spec.rb

@@ -37,6 +37,114 @@ RSpec.describe Scimitar::Support::HashWithIndifferentCaseInsensitiveAccess do
         expect(subject()).to_not have_key('bar')
       end
     end # "context 'where keys set as symbols' do"
+
+    context 'access and merging' do
+      before :each do
+        @original_subject = subject().to_h().dup()
+      end
+
+      it 'returns keys as Strings' do
+        subject()[:foo] = 1
+        subject()[:BAR] = 2
+
+        expect(subject().keys).to match_array(@original_subject.keys + ['foo', 'BAR'])
+      end
+
+      it 'retains original case of keys' do
+        subject()[:foo ] = 1
+        subject()['FoO'] = 40 # (first-time-set case preservation test in passing)
+        subject()[:BAR ] = 2
+        subject()['Baz'] = 3
+
+        expectation = @original_subject.merge({
+          'foo' => 40,
+          'BAR' => 2,
+          'Baz' => 3
+        })
+
+        expect(subject()).to eql(expectation)
+      end
+
+      it '#merge does not mutate the receiver and retains case of first-set keys' do
+        subject()[:foo] = 1
+        subject()[:BAR] = 2
+
+        pre_merge_subject = subject().dup()
+
+        result      = subject().merge({:FOO => { 'onE' => 40 }, :Baz => 3})
+        expectation = @original_subject.merge({
+          'foo' => { 'onE' => 40 },
+          'BAR' => 2,
+          'Baz' => 3
+        })
+
+        expect(subject()).to eql(pre_merge_subject)
+        expect(result).to eql(expectation)
+      end
+
+      it '#merge! mutates the receiver retains case of first-set keys' do
+        subject()[:foo] = 1
+        subject()[:BAR] = 2
+
+        subject().merge!({:FOO => { 'onE' => 40 }, :Baz => 3})
+
+        expectation = @original_subject.merge({
+          'foo' => { 'onE' => 40 },
+          'BAR' => 2,
+          'Baz' => 3
+        })
+
+        expect(subject()).to eql(expectation)
+      end
+
+      it '#deep_merge does not mutate the receiver and retains nested key cases' do
+        subject()[:foo] = { :one => 10 }
+        subject()[:BAR] = 2
+
+        pre_merge_subject = subject().dup()
+
+        result      = subject().deep_merge({:FOO => { 'ONE' => 40, :TWO => 20 }, :Baz => 3})
+        expectation = @original_subject.merge({
+          'foo' => { 'one' => 40, 'TWO' => 20 },
+          'BAR' => 2,
+          'Baz' => 3
+        })
+
+        expect(subject()).to eql(pre_merge_subject)
+        expect(result).to eql(expectation)
+      end
+
+      it '#deep_merge! mutates the receiver and retains nested key cases' do
+        subject()[:foo] = { :one => 10 }
+        subject()[:BAR] = 2
+
+        subject().deep_merge!({:FOO => { 'ONE' => 40, :TWO => 20 }, :Baz => 3})
+
+        expectation = @original_subject.merge({
+          'foo' => { 'one' => 40, 'TWO' => 20 },
+          'BAR' => 2,
+          'Baz' => 3
+        })
+
+        expect(subject()).to eql(expectation)
+      end
+
+      it 'retains indifferent behaviour after duplication' do
+        subject()[:foo] = { 'onE' => 40 }
+        subject()[:BAR] = 2
+
+        duplicate = subject().dup()
+        duplicate.merge!({ 'FOO' => true, 'baz' => 3 })
+
+        expectation = @original_subject.merge({
+          'foo' => true,
+          'BAR' => 2,
+          'baz' => 3
+        })
+
+        expect(duplicate.to_h).to eql(expectation.to_h)
+      end
+    end # "context 'access and merging' do"
   end # "shared_examples 'an indifferent access, case insensitive Hash' do"
 
   context 'when created directly' do