scimitar 1.8.1 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ed2a0e01326248966fb009845e4fa05f4cae800b79bc3d85497960c833869f24
-  data.tar.gz: c7f92d402444abf8b4df77d8b404c85ff90b06e113126ebafe75c8935608f869
+  metadata.gz: 95a2166cc921a400959f9d8d4398f6bf8ecb772f8d7a0a0a73950892e85d808a
+  data.tar.gz: cdf5aab3812f10f69c96304e738a150f4208850267527b66d36eeb99548d7b1f
 SHA512:
-  metadata.gz: 834cbc912ea8cdf996cb74a57d4f24495b3e0b005924635829ddb5ab99025ca17bdec5aef58c79353af189bb3304c4560017b31c9089614af4cf4b00832909b9
-  data.tar.gz: 71398ecaa9a879cd37fe41867526a824b9cc4db32efd8c3a23012e086a5509a95db66140f7e0c623bc3bde4ac648f5eca5f51bd99e5a7b2322b65d326ff7ea4d
+  metadata.gz: f0925517599b107e44fd93db9be142aebe608892c2c5069c50d22b353c51238290710474b062a002fdb010be3d783c4dea3b314f72f47b4aca3c2385a8fc1377
+  data.tar.gz: eef6eebfc64bb2d4adabfca110f26e3a6c9e227f47387da6fb384925899ddf0ae260cf68176f24040a6bb356cf34f6576c920bd44264d4a1fee415aeadc237e6

data/app/controllers/scimitar/active_record_backed_resources_controller.rb

@@ -21,8 +21,6 @@ module Scimitar
 
     rescue_from ActiveRecord::RecordNotFound, with: :handle_resource_not_found # See Scimitar::ApplicationController
 
-    before_action :obtain_id_column_name_from_attribute_map
-
     # GET (list)
     #
     def index
@@ -39,13 +37,12 @@ module Scimitar
       pagination_info = scim_pagination_info(query.count())
 
       page_of_results = query
-        .order(@id_column => :asc)
         .offset(pagination_info.offset)
         .limit(pagination_info.limit)
         .to_a()
 
       super(pagination_info, page_of_results) do | record |
-        record_to_scim(record)
+        record.to_scim(location: url_for(action: :show, id: record.id))
       end
     end
 
@@ -54,61 +51,45 @@ module Scimitar
     def show
       super do |record_id|
         record = self.find_record(record_id)
-        record_to_scim(record)
+        record.to_scim(location: url_for(action: :show, id: record_id))
       end
     end
 
     # POST (create)
     #
-    # Calls #save! on the new record if no block is given, else invokes the
-    # block, passing it the new ActiveRecord model instance to be saved. It
-    # is up to the block to make any further changes and persist the record.
-    #
-    # Blocks are invoked from within a wrapping database transaction.
-    # ActiveRecord::RecordInvalid exceptions are handled for you, rendering
-    # an appropriate SCIM error.
-    #
-    def create(&block)
+    def create
       super do |scim_resource|
         self.storage_class().transaction do
           record = self.storage_class().new
           record.from_scim!(scim_hash: scim_resource.as_json())
-          self.save!(record, &block)
-          record_to_scim(record)
+          self.save!(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
 
     # PUT (replace)
     #
-    # Calls #save! on the updated record if no block is given, else invokes the
-    # block, passing the updated record which the block must persist, with the
-    # same rules as for #create.
-    #
-    def replace(&block)
+    def replace
       super do |record_id, scim_resource|
         self.storage_class().transaction do
           record = self.find_record(record_id)
           record.from_scim!(scim_hash: scim_resource.as_json())
-          self.save!(record, &block)
-          record_to_scim(record)
+          self.save!(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
 
     # PATCH (update)
     #
-    # Calls #save! on the updated record if no block is given, else invokes the
-    # block, passing the updated record which the block must persist, with the
-    # same rules as for #create.
-    #
-    def update(&block)
+    def update
       super do |record_id, patch_hash|
         self.storage_class().transaction do
           record = self.find_record(record_id)
           record.from_scim_patch!(patch_hash: patch_hash)
-          self.save!(record, &block)
-          record_to_scim(record)
+          self.save!(record)
+          record.to_scim(location: url_for(action: :show, id: record.id))
         end
       end
     end
@@ -150,43 +131,19 @@ module Scimitar
         raise NotImplementedError
       end
 
-      # Return an Array of exceptions that #save! can rescue and handle with a
-      # SCIM error automatically.
-      #
-      def scimitar_rescuable_exceptions
-        [
-          ActiveRecord::RecordInvalid,
-          ActiveRecord::RecordNotSaved,
-          ActiveRecord::RecordNotUnique,
-        ]
-      end
-
       # Find a record by ID. Subclasses can override this if they need special
       # lookup behaviour.
       #
       # +record_id+:: Record ID (SCIM schema 'id' value - "our" ID).
       #
       def find_record(record_id)
-        self.storage_scope().find_by!(@id_column => record_id)
-      end
-
-      # DRY up controller actions - pass a record; returns the SCIM
-      # representation, with a "show" location specified via #url_for.
-      #
-      def record_to_scim(record)
-        record.to_scim(location: url_for(action: :show, id: record.send(@id_column)))
+        self.storage_scope().find(record_id)
       end
 
       # Save a record, dealing with validation exceptions by raising SCIM
       # errors.
       #
-      # +record+:: ActiveRecord subclass to save.
-      #
-      # If you just let this superclass handle things, it'll call the standard
-      # +#save!+ method on the record. If you pass a block, then this block is
-      # invoked and passed the ActiveRecord model instance to be saved. You can
-      # then do things like calling a different method, using a service object
-      # of some kind, perform audit-related operations and so-on.
+      # +record+:: ActiveRecord subclass to save (via #save!).
       #
       # The return value is not used internally, making life easier for
       # overriding subclasses to "do the right thing" / avoid mistakes (instead
@@ -194,31 +151,11 @@ module Scimitar
       # and relying upon this to generate correct response payloads - an early
       # version of the gem did this and it caused a confusing subclass bug).
       #
-      def save!(record, &block)
-        if block_given?
-          yield(record)
-        else
-          record.save!
-        end
-      rescue *self.scimitar_rescuable_exceptions() => exception
-        handle_on_save_exception(record, exception)
-      end
+      def save!(record)
+        record.save!
 
-      # Deal with exceptions related to errors upon saving, by responding with
-      # an appropriate SCIM error. This is most effective if the record has
-      # validation errors defined, but falls back to the provided exception's
-      # message otherwise.
-      #
-      # +record+::    The record that provoked the exception. Mandatory.
-      # +exception+:: The exception that was raised. If omitted, a default of
-      #               'Unknown', in English with no I18n, is used.
-      #
-      def handle_on_save_exception(record, exception = RuntimeError.new('Unknown'))
-        details = if record.errors.present?
-          record.errors.full_messages.join('; ')
-        else
-          exception.message
-        end
+      rescue ActiveRecord::RecordInvalid => exception
+        joined_errors = record.errors.full_messages.join('; ')
 
         # https://tools.ietf.org/html/rfc7644#page-12
         #
@@ -228,27 +165,16 @@ module Scimitar
         #   status code 409 (Conflict) with a "scimType" error code of
         #   "uniqueness"
         #
-        if exception.is_a?(ActiveRecord::RecordNotUnique) || record.errors.any? { | e | e.type == :taken }
+        if record.errors.any? { | e | e.type == :taken }
           raise Scimitar::ErrorResponse.new(
             status:   409,
             scimType: 'uniqueness',
-            detail:   "Operation failed due to a uniqueness constraint: #{details}"
+            detail:   joined_errors
           )
         else
-          raise Scimitar::ResourceInvalidError.new(details)
+          raise Scimitar::ResourceInvalidError.new(joined_errors)
         end
       end
 
-      # Called via +before_action+ - stores in @id_column the name of whatever
-      # model column is used to store the record ID, via
-      # Scimitar::Resources::Mixin::scim_attributes_map.
-      #
-      # Default is <tt>:id</tt>.
-      #
-      def obtain_id_column_name_from_attribute_map
-        attrs      = storage_class().scim_attributes_map() || {}
-        @id_column = attrs[:id] || :id
-      end
-
   end
 end

data/app/controllers/scimitar/application_controller.rb

@@ -25,11 +25,10 @@ module Scimitar
       #
       # ...to "globally" invoke this handler if you wish.
       #
-      # +exception+:: Exception instance, used for a configured error reporter
-      #               via #handle_scim_error (if present).
+      # +_exception+:: Exception instance (currently unused).
       #
-      def handle_resource_not_found(exception)
-        handle_scim_error(NotFoundError.new(params[:id]), exception)
+      def handle_resource_not_found(_exception)
+        handle_scim_error(NotFoundError.new(params[:id]))
       end
 
       # This base controller uses:
@@ -39,22 +38,9 @@ module Scimitar
       # ...to "globally" invoke this handler for all Scimitar errors (including
       # subclasses).
       #
-      # Mandatory parameters are:
-      #
       # +error_response+:: Scimitar::ErrorResponse (or subclass) instance.
       #
-      # Optional parameters are:
-      #
-      # *exception+:: If a Ruby exception was the reason this method is being
-      #               called, pass it here. Any configured exception reporting
-      #               mechanism will be invokved with the given parameter.
-      #               Otherwise, the +error_response+ value is reported.
-      #
-      def handle_scim_error(error_response, exception = error_response)
-        unless Scimitar.engine_configuration.exception_reporter.nil?
-          Scimitar.engine_configuration.exception_reporter.call(exception)
-        end
-
+      def handle_scim_error(error_response)
         render json: error_response, status: error_response.status
       end
 
@@ -69,7 +55,7 @@ module Scimitar
       # +exception+:: Exception instance.
       #
       def handle_bad_json_error(exception)
-        handle_scim_error(ErrorResponse.new(status: 400, detail: "Invalid JSON - #{exception.message}"), exception)
+        handle_scim_error(ErrorResponse.new(status: 400, detail: "Invalid JSON - #{exception.message}"))
       end
 
       # This base controller uses:
@@ -82,7 +68,7 @@ module Scimitar
       #
       def handle_unexpected_error(exception)
         Rails.logger.error("#{exception.message}\n#{exception.backtrace}")
-        handle_scim_error(ErrorResponse.new(status: 500, detail: exception.message), exception)
+        handle_scim_error(ErrorResponse.new(status: 500, detail: exception.message))
       end
 
     # =========================================================================
@@ -96,17 +82,12 @@ module Scimitar
       # request and subclass processing.
       #
       def require_scim
-        scim_mime_type = Mime::Type.lookup_by_extension(:scim).to_s
-
-        if request.media_type.nil? || request.media_type.empty?
-          request.format = :scim
-          request.headers['CONTENT_TYPE'] = scim_mime_type
-        elsif request.media_type.downcase == scim_mime_type
+        if request.content_type&.downcase == Mime::Type.lookup_by_extension(:scim).to_s
           request.format = :scim
         elsif request.format == :scim
-          request.headers['CONTENT_TYPE'] = scim_mime_type
+          request.headers['CONTENT_TYPE'] = Mime::Type.lookup_by_extension(:scim).to_s
         else
-          handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{scim_mime_type} type is accepted."))
+          handle_scim_error(ErrorResponse.new(status: 406, detail: "Only #{Mime::Type.lookup_by_extension(:scim)} type is accepted."))
         end
       end
 
@@ -124,13 +105,8 @@ module Scimitar
         #
         # https://stackoverflow.com/questions/10239970/what-is-the-delimiter-for-www-authenticate-for-multiple-schemes
         #
-        response.set_header('WWW-Authenticate', 'Basic' ) if Scimitar.engine_configuration.basic_authenticator.present?
-        response.set_header('WWW-Authenticate', 'Bearer') if Scimitar.engine_configuration.token_authenticator.present?
-
-        # No matter what a caller might request via headers, the only content
-        # type we can ever respond with is JSON-for-SCIM.
-        #
-        response.set_header('Content-Type', "#{Mime::Type.lookup_by_extension(:scim)}; charset=utf-8")
+        response.set_header('WWW_AUTHENTICATE', 'Basic' ) if Scimitar.engine_configuration.basic_authenticator.present?
+        response.set_header('WWW_AUTHENTICATE', 'Bearer') if Scimitar.engine_configuration.token_authenticator.present?
       end
 
       def authenticate
@@ -139,15 +115,11 @@ module Scimitar
 
       def authenticated?
         result = if Scimitar.engine_configuration.basic_authenticator.present?
-          authenticate_with_http_basic do |username, password|
-            instance_exec(username, password, &Scimitar.engine_configuration.basic_authenticator)
-          end
+          authenticate_with_http_basic(&Scimitar.engine_configuration.basic_authenticator)
         end
 
         result ||= if Scimitar.engine_configuration.token_authenticator.present?
-          authenticate_with_http_token do |token, options|
-            instance_exec(token, options, &Scimitar.engine_configuration.token_authenticator)
-          end
+          authenticate_with_http_token(&Scimitar.engine_configuration.token_authenticator)
         end
 
         return result

data/app/controllers/scimitar/schemas_controller.rb

@@ -4,11 +4,6 @@ module Scimitar
   class SchemasController < ApplicationController
     def index
       schemas = Scimitar::Engine.schemas
-
-      schemas.each do |schema|
-        schema.meta.location = scim_schemas_url(name: schema.id)
-      end
-
       schemas_by_id = schemas.reduce({}) do |hash, schema|
         hash[schema.id] = schema
         hash

data/app/models/scimitar/complex_types/address.rb

@@ -7,6 +7,12 @@ module Scimitar
     #
     class Address < Base
       set_schema Scimitar::Schema::Address
+
+      # Returns the JSON representation of an Address.
+      #
+      def as_json(options = {})
+        {'type' => 'work'}.merge(super(options))
+      end
     end
   end
 end

data/app/models/scimitar/engine_configuration.rb

@@ -7,23 +7,15 @@ module Scimitar
   class EngineConfiguration
     include ActiveModel::Model
 
-    attr_accessor(
-      :uses_defaults,
-      :basic_authenticator,
-      :token_authenticator,
-      :application_controller_mixin,
-      :exception_reporter,
-      :optional_value_fields_required,
-    )
+    attr_accessor :basic_authenticator,
+                  :token_authenticator,
+                  :application_controller_mixin
 
     def initialize(attributes = {})
-      @uses_defaults = attributes.empty?
 
-      # Set defaults that may be overridden by the initializer.
+      # No defaults yet - reserved for future use.
       #
-      defaults = {
-        optional_value_fields_required: true
-      }
+      defaults = {}
 
       super(defaults.merge(attributes))
     end

data/app/models/scimitar/error_response.rb

@@ -16,17 +16,5 @@ module Scimitar
       data['scimType'] = scimType if scimType
       data
     end
-
-    # Originally Scimitar used attribute "detail" for exception text; it was
-    # only for JSON responses at the time, but in hindsight was a bad choice.
-    # It should have been "message" given inheritance from StandardError, which
-    # then works properly with e.g. error reporting services.
-    #
-    # The "detail" attribute is still present, for backwards compatibility with
-    # any client code that might be using this class.
-    #
-    def message
-      self.detail
-    end
   end
 end

data/app/models/scimitar/lists/query_parser.rb

@@ -78,7 +78,7 @@ module Scimitar
       #                   method's return value here.
       #
       def initialize(attribute_map)
-        @attribute_map = attribute_map.with_indifferent_case_insensitive_access()
+        @attribute_map = attribute_map
       end
 
       # Parse SCIM filter query into RPN stack
@@ -192,7 +192,7 @@ module Scimitar
 
             ast.push(self.start_group? ? self.parse_group() : self.pop())
 
-            if ast.last.is_a?(String) && !UNARY_OPERATORS.include?(ast.last.downcase) || ast.last.is_a?(Array)
+            unless ! ast.last.is_a?(String) || UNARY_OPERATORS.include?(ast.last.downcase)
               expect_op ^= true
             end
           end
@@ -601,27 +601,12 @@ module Scimitar
           column_names   = self.activerecord_columns(scim_attribute)
           value          = self.activerecord_parameter(scim_parameter)
           value_for_like = self.sql_modified_value(scim_operator, value)
-          arel_columns   = column_names.map do |column|
-            if base_scope.model.column_names.include?(column.to_s)
-              arel_table[column]
-            elsif column.is_a?(Arel::Attribute)
-              column
-            end
-          end
-
-          raise Scimitar::FilterError unless arel_columns.all?
+          all_supported  = column_names.all? { | column_name | base_scope.model.column_names.include?(column_name.to_s) }
 
-          unless case_sensitive
-            lc_scim_attribute = scim_attribute.downcase()
-
-            case_sensitive = (
-              lc_scim_attribute == 'id' ||
-              lc_scim_attribute == 'externalid' ||
-              lc_scim_attribute.start_with?('meta.')
-            )
-          end
+          raise Scimitar::FilterError unless all_supported
 
-          arel_columns.each.with_index do | arel_column, index |
+          column_names.each.with_index do | column_name, index |
+            arel_column    = arel_table[column_name]
             arel_operation = case scim_operator
               when 'eq'
                 if case_sensitive
@@ -646,9 +631,9 @@ module Scimitar
               when 'co', 'sw', 'ew'
                 arel_column.matches(value_for_like, nil, case_sensitive)
               when 'pr'
-                arel_column.relation.grouping(arel_column.not_eq_all(['', nil]))
+                arel_table.grouping(arel_column.not_eq_all(['', nil]))
               else
-                raise Scimitar::FilterError.new("Unsupported operator: '#{scim_operator}'")
+                raise Scimitar::FilterError
             end
 
             if index == 0
@@ -671,10 +656,10 @@ module Scimitar
         # +scim_attribute+:: SCIM attribute from a filter string.
         #
         def activerecord_columns(scim_attribute)
-          raise Scimitar::FilterError.new("No scim_attribute provided") if scim_attribute.blank?
+          raise Scimitar::FilterError if scim_attribute.blank?
 
           mapped_attribute = self.attribute_map()[scim_attribute]
-          raise Scimitar::FilterError.new("Unable to find domain attribute from SCIM attribute: '#{scim_attribute}'") if mapped_attribute.blank?
+          raise Scimitar::FilterError if mapped_attribute.blank?
 
           if mapped_attribute[:ignore]
             return []

data/app/models/scimitar/resource_invalid_error.rb

@@ -2,7 +2,7 @@ module Scimitar
   class ResourceInvalidError < ErrorResponse
 
     def initialize(error_message)
-      super(status: 400, scimType: 'invalidValue', detail: "Operation failed since record has become invalid: #{error_message}")
+      super(status: 400, scimType: 'invalidValue', detail:"Operation failed since record has become invalid: #{error_message}")
     end
 
   end

data/app/models/scimitar/resources/base.rb

@@ -112,7 +112,7 @@ module Scimitar
       end
 
       def self.complex_scim_attributes
-        schemas.flat_map(&:scim_attributes).select(&:complexType).group_by(&:name)
+        schema.scim_attributes.select(&:complexType).group_by(&:name)
       end
 
       def complex_type_from_hash(scim_attribute, attr_value)
@@ -138,24 +138,14 @@ module Scimitar
       end
 
       def as_json(options = {})
-        self.meta = Meta.new unless self.meta && self.meta.is_a?(Meta)
-        self.meta.resourceType = self.class.resource_type_id
-
-        non_returnable_attributes = self.class
-          .schemas
-          .flat_map(&:scim_attributes)
-          .filter_map { |attribute| attribute.name if attribute.returned == 'never' }
-
-        non_returnable_attributes << 'errors'
-
-        original_hash = super(options).except(*non_returnable_attributes)
+        self.meta = Meta.new unless self.meta
+        meta.resourceType = self.class.resource_type_id
+        original_hash = super(options).except('errors')
         original_hash.merge!('schemas' => self.class.schemas.map(&:id))
-
         self.class.extended_schemas.each do |extension_schema|
           extension_attributes = extension_schema.scim_attributes.map(&:name)
           original_hash.merge!(extension_schema.id => original_hash.extract!(*extension_attributes))
         end
-
         original_hash
       end