RubyGems - scimitar - Versions diffs - 1.8.2 → 2.0.0 - Mend

scimitar 1.8.2 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

checksums.yaml +4 -4
data/app/controllers/scimitar/active_record_backed_resources_controller.rb +20 -94
data/app/controllers/scimitar/application_controller.rb +13 -41
data/app/controllers/scimitar/schemas_controller.rb +0 -5
data/app/models/scimitar/complex_types/address.rb +6 -0
data/app/models/scimitar/engine_configuration.rb +5 -13
data/app/models/scimitar/error_response.rb +0 -12
data/app/models/scimitar/lists/query_parser.rb +10 -25
data/app/models/scimitar/resource_invalid_error.rb +1 -1
data/app/models/scimitar/resources/base.rb +4 -17
data/app/models/scimitar/resources/mixin.rb +42 -539
data/app/models/scimitar/schema/address.rb +0 -1
data/app/models/scimitar/schema/attribute.rb +5 -14
data/app/models/scimitar/schema/base.rb +1 -1
data/app/models/scimitar/schema/vdtp.rb +1 -1
data/app/models/scimitar/service_provider_configuration.rb +3 -14
data/config/initializers/scimitar.rb +3 -28
data/lib/scimitar/support/hash_with_indifferent_case_insensitive_access.rb +10 -140
data/lib/scimitar/version.rb +2 -2
data/lib/scimitar.rb +2 -7
data/spec/apps/dummy/app/controllers/mock_groups_controller.rb +1 -1
data/spec/apps/dummy/app/models/mock_group.rb +1 -1
data/spec/apps/dummy/app/models/mock_user.rb +8 -36
data/spec/apps/dummy/config/application.rb +1 -0
data/spec/apps/dummy/config/environments/test.rb +28 -5
data/spec/apps/dummy/config/initializers/scimitar.rb +10 -61
data/spec/apps/dummy/config/routes.rb +7 -28
data/spec/apps/dummy/db/migrate/20210304014602_create_mock_users.rb +1 -10
data/spec/apps/dummy/db/migrate/20210308044214_create_join_table_mock_groups_mock_users.rb +3 -8
data/spec/apps/dummy/db/schema.rb +4 -11
data/spec/controllers/scimitar/application_controller_spec.rb +3 -126
data/spec/controllers/scimitar/resource_types_controller_spec.rb +2 -2
data/spec/controllers/scimitar/schemas_controller_spec.rb +2 -10
data/spec/models/scimitar/complex_types/address_spec.rb +4 -3
data/spec/models/scimitar/complex_types/email_spec.rb +2 -0
data/spec/models/scimitar/lists/query_parser_spec.rb +9 -76
data/spec/models/scimitar/resources/base_spec.rb +70 -216
data/spec/models/scimitar/resources/base_validation_spec.rb +2 -27
data/spec/models/scimitar/resources/mixin_spec.rb +129 -1447
data/spec/models/scimitar/schema/attribute_spec.rb +3 -22
data/spec/models/scimitar/schema/base_spec.rb +1 -1
data/spec/models/scimitar/schema/user_spec.rb +0 -10
data/spec/requests/active_record_backed_resources_controller_spec.rb +68 -787
data/spec/requests/application_controller_spec.rb +3 -16
data/spec/spec_helper.rb +0 -8
data/spec/support/hash_with_indifferent_case_insensitive_access_spec.rb +0 -108
metadata +14 -25
data/LICENSE.txt +0 -21
data/README.md +0 -710
data/lib/scimitar/support/utilities.rb +0 -51
data/spec/apps/dummy/app/controllers/custom_create_mock_users_controller.rb +0 -25
data/spec/apps/dummy/app/controllers/custom_replace_mock_users_controller.rb +0 -25
data/spec/apps/dummy/app/controllers/custom_save_mock_users_controller.rb +0 -24
data/spec/apps/dummy/app/controllers/custom_update_mock_users_controller.rb +0 -25

data/spec/requests/active_record_backed_resources_controller_spec.rb CHANGED Viewed

@@ -1,42 +1,25 @@
 require 'spec_helper'
-require 'time'
 RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
   before :each do
     allow_any_instance_of(Scimitar::ApplicationController).to receive(:authenticated?).and_return(true)
-    # If a sort order is unspecified, the controller defaults to ID ascending.
-    # With UUID based IDs, testing life is made easier by ensuring that the
-    # creation order matches an ascending UUID sort order (which is what would
-    # happen if we were using integer primary keys).
-    #
-    lmt = Time.parse("2023-01-09 14:25:00 +1300")
-    ids = 3.times.map { SecureRandom.uuid }.sort()
-    @u1 = MockUser.create!(primary_key: ids.shift(), username: '1', first_name: 'Foo', last_name: 'Ark', home_email_address: 'home_1@test.com', scim_uid: '001', created_at: lmt, updated_at: lmt + 1)
-    @u2 = MockUser.create!(primary_key: ids.shift(), username: '2', first_name: 'Foo', last_name: 'Bar', home_email_address: 'home_2@test.com', scim_uid: '002', created_at: lmt, updated_at: lmt + 2, password: 'oldpassword')
-    @u3 = MockUser.create!(primary_key: ids.shift(), username: '3', first_name: 'Foo',                   home_email_address: 'home_3@test.com', scim_uid: '003', created_at: lmt, updated_at: lmt + 3)
-    @g1 = MockGroup.create!(display_name: 'Group 1')
-    @g2 = MockGroup.create!(display_name: 'Group 2')
-    @g3 = MockGroup.create!(display_name: 'Group 3')
+    @u1 = MockUser.create(username: '1', first_name: 'Foo', last_name: 'Ark', home_email_address: 'home_1@test.com')
+    @u2 = MockUser.create(username: '2', first_name: 'Foo', last_name: 'Bar', home_email_address: 'home_2@test.com')
+    @u3 = MockUser.create(username: '3', first_name: 'Foo',                   home_email_address: 'home_3@test.com')
   end
   # ===========================================================================
   context '#index' do
     context 'with no items' do
-      before :each do
+      it 'returns empty list' do
         MockUser.delete_all
-      end
-      it 'returns empty list' do
         expect_any_instance_of(MockUsersController).to receive(:index).once.and_call_original
         get '/Users', params: { format: :scim }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
         expect(result['totalResults']).to eql(0)
@@ -46,172 +29,55 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     end # "context 'with no items' do"
     context 'with items' do
-      context 'with a UUID, renamed primary key column' do
-        it 'returns all items' do
-          get '/Users', params: { format: :scim }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(3)
-          expect(result['Resources'].size).to eql(3)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@u1.primary_key.to_s, @u2.primary_key.to_s, @u3.primary_key.to_s])
-          usernames = result['Resources'].map { |resource| resource['userName'] }
-          expect(usernames).to match_array(['1', '2', '3'])
-        end
-      end # "context 'with a UUID, renamed primary key column' do"
-      context 'with an integer, conventionally named primary key column' do
-        it 'returns all items' do
-          get '/Groups', params: { format: :scim }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(3)
-          expect(result['Resources'].size).to eql(3)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@g1.id.to_s, @g2.id.to_s, @g3.id.to_s])
-          usernames = result['Resources'].map { |resource| resource['displayName'] }
-          expect(usernames).to match_array(['Group 1', 'Group 2', 'Group 3'])
-        end
-      end # "context 'with an integer, conventionally named primary key column' do"
-      it 'applies a filter, with case-insensitive value comparison' do
-        get '/Users', params: {
-          format: :scim,
-          filter: 'name.givenName eq "FOO" and name.familyName pr and emails ne "home_1@test.com"'
-        }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      it 'returns all items' do
+        get '/Users', params: { format: :scim }
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
-        expect(result['totalResults']).to eql(1)
-        expect(result['Resources'].size).to eql(1)
+        expect(result['totalResults']).to eql(3)
+        expect(result['Resources'].size).to eql(3)
         ids = result['Resources'].map { |resource| resource['id'] }
-        expect(ids).to match_array([@u2.primary_key.to_s])
+        expect(ids).to match_array([@u1.id.to_s, @u2.id.to_s, @u3.id.to_s])
         usernames = result['Resources'].map { |resource| resource['userName'] }
-        expect(usernames).to match_array(['2'])
+        expect(usernames).to match_array(['1', '2', '3'])
       end
-      it 'applies a filter, with case-insensitive attribute matching (GitHub issue #37)' do
+      it 'applies a filter, with case-insensitive value comparison' do
         get '/Users', params: {
           format: :scim,
-          filter: 'name.GIVENNAME eq "Foo" and name.Familyname pr and emails ne "home_1@test.com"'
+          filter: 'name.givenName eq "Foo" and name.familyName pr and emails ne "home_1@TEST.COM"'
         }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
         expect(result['totalResults']).to eql(1)
         expect(result['Resources'].size).to eql(1)
         ids = result['Resources'].map { |resource| resource['id'] }
-        expect(ids).to match_array([@u2.primary_key.to_s])
+        expect(ids).to match_array([@u2.id.to_s])
         usernames = result['Resources'].map { |resource| resource['userName'] }
         expect(usernames).to match_array(['2'])
       end
-      # Strange attribute capitalisation in tests here builds on test coverage
-      # for now-fixed GitHub issue #37.
-      #
-      context '"meta" / IDs (GitHub issue #36)' do
-        it 'applies a filter on primary keys, using direct comparison (rather than e.g. case-insensitive operators)' do
-          get '/Users', params: {
-            format: :scim,
-            filter: "id eq \"#{@u3.primary_key}\""
-          }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(1)
-          expect(result['Resources'].size).to eql(1)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@u3.primary_key.to_s])
-          usernames = result['Resources'].map { |resource| resource['userName'] }
-          expect(usernames).to match_array(['3'])
-        end
-        it 'applies a filter on external IDs, using direct comparison' do
-          get '/Users', params: {
-            format: :scim,
-            filter: "externalID eq \"#{@u2.scim_uid}\""
-          }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(1)
-          expect(result['Resources'].size).to eql(1)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@u2.primary_key.to_s])
-          usernames = result['Resources'].map { |resource| resource['userName'] }
-          expect(usernames).to match_array(['2'])
-        end
-        it 'applies a filter on "meta" entries, using direct comparison' do
-          get '/Users', params: {
-            format: :scim,
-            filter: "Meta.LastModified eq \"#{@u3.updated_at}\""
-          }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(1)
-          expect(result['Resources'].size).to eql(1)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@u3.primary_key.to_s])
-          usernames = result['Resources'].map { |resource| resource['userName'] }
-          expect(usernames).to match_array(['3'])
-        end
-      end # "context '"meta" / IDs (GitHub issue #36)' do"
       it 'obeys a page size' do
         get '/Users', params: {
           format: :scim,
           count:  2
         }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
         expect(result['totalResults']).to eql(3)
         expect(result['Resources'].size).to eql(2)
         ids = result['Resources'].map { |resource| resource['id'] }
-        expect(ids).to match_array([@u1.primary_key.to_s, @u2.primary_key.to_s])
+        expect(ids).to match_array([@u1.id.to_s, @u2.id.to_s])
         usernames = result['Resources'].map { |resource| resource['userName'] }
         expect(usernames).to match_array(['1', '2'])
@@ -223,16 +89,14 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           startIndex: 2
         }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
         expect(result['totalResults']).to eql(3)
         expect(result['Resources'].size).to eql(2)
         ids = result['Resources'].map { |resource| resource['id'] }
-        expect(ids).to match_array([@u2.primary_key.to_s, @u3.primary_key.to_s])
+        expect(ids).to match_array([@u2.id.to_s, @u3.id.to_s])
         usernames = result['Resources'].map { |resource| resource['userName'] }
         expect(usernames).to match_array(['2', '3'])
@@ -246,11 +110,8 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           filter: 'name.givenName'
         }
-        expect(response.status                 ).to eql(400)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(400)
         result = JSON.parse(response.body)
         expect(result['scimType']).to eql('invalidFilter')
       end
     end # "context 'with bad calls' do"
@@ -259,47 +120,24 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
   # ===========================================================================
   context '#show' do
-    context 'with a UUID, renamed primary key column' do
-      it 'shows an item' do
-        expect_any_instance_of(MockUsersController).to receive(:show).once.and_call_original
-        get "/Users/#{@u2.primary_key}", params: { format: :scim }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['userName']).to eql('2')
-        expect(result['name']['familyName']).to eql('Bar')
-        expect(result['meta']['resourceType']).to eql('User')
-      end
-    end # "context 'with a UUID, renamed primary key column' do"
-    context 'with an integer, conventionally named primary key column' do
-      it 'shows an item' do
-        expect_any_instance_of(MockGroupsController).to receive(:show).once.and_call_original
-        get "/Groups/#{@g2.id}", params: { format: :scim }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+    it 'shows an item' do
+      expect_any_instance_of(MockUsersController).to receive(:show).once.and_call_original
+      get "/Users/#{@u2.id}", params: { format: :scim }
-        result = JSON.parse(response.body)
+      expect(response.status).to eql(200)
+      result = JSON.parse(response.body)
-        expect(result['id']).to eql(@g2.id.to_s) # Note - ID was converted String; not Integer
-        expect(result['displayName']).to eql('Group 2')
-        expect(result['meta']['resourceType']).to eql('Group')
-      end
-    end # "context 'with an integer, conventionally named primary key column' do"
+      expect(result['id']).to eql(@u2.id.to_s) # Note - ID was converted String; not Integer
+      expect(result['userName']).to eql('2')
+      expect(result['name']['familyName']).to eql('Bar')
+      expect(result['meta']['resourceType']).to eql('User')
+    end
     it 'renders 404' do
       get '/Users/xyz', params: { format: :scim }
-      expect(response.status                 ).to eql(404)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(404)
       result = JSON.parse(response.body)
       expect(result['status']).to eql('404')
     end
   end # "context '#show' do"
@@ -312,15 +150,10 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         it 'with minimal parameters' do
           mock_before = MockUser.all.to_a
-          attributes = { userName: '4' } # Minimum required by schema
+          attributes = { userName: '4' }  # Minimum required by schema
           attributes = spec_helper_hupcase(attributes) if force_upper_case
-          # Prove that certain known pathways are called; can then unit test
-          # those if need be and be sure that this covers #create actions.
-          #
           expect_any_instance_of(MockUsersController).to receive(:create).once.and_call_original
-          expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
           expect {
             post "/Users", params: attributes.merge(format: :scim)
           }.to change { MockUser.count }.by(1)
@@ -328,12 +161,10 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           mock_after = MockUser.all.to_a
           new_mock = (mock_after - mock_before).first
-          expect(response.status                 ).to eql(201)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(201)
           result = JSON.parse(response.body)
-          expect(result['id']).to eql(new_mock.primary_key.to_s)
+          expect(result['id']).to eql(new_mock.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           expect(new_mock.username).to eql('4')
         end
@@ -345,12 +176,10 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           attributes = {
             userName: '4',
-            password: 'correcthorsebatterystaple',
             name: {
               givenName: 'Given',
               familyName: 'Family'
             },
-            meta: { resourceType: 'User' },
             emails: [
               {
                 type: 'work',
@@ -372,15 +201,12 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           mock_after = MockUser.all.to_a
           new_mock = (mock_after - mock_before).first
-          expect(response.status                 ).to eql(201)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(201)
           result = JSON.parse(response.body)
           expect(result['id']).to eql(new_mock.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           expect(new_mock.username).to eql('4')
-          expect(new_mock.password).to eql('correcthorsebatterystaple')
           expect(new_mock.first_name).to eql('Given')
           expect(new_mock.last_name).to eql('Family')
           expect(new_mock.home_email_address).to eql('home_4@test.com')
@@ -406,11 +232,8 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(409)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(409)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('uniqueness')
       expect(result['detail']).to include('already been taken')
     end
@@ -423,11 +246,8 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
       expect(result['detail']).to include('is required')
     end
@@ -440,84 +260,12 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
       expect(result['detail']).to include('is reserved')
     end
-    context 'with a block' do
-      it 'invokes the block' do
-        mock_before = MockUser.all.to_a
-        expect_any_instance_of(CustomCreateMockUsersController).to receive(:create).once.and_call_original
-        expect {
-          post "/CustomCreateUsers", params: {
-            format:   :scim,
-            userName: '4' # Minimum required by schema
-          }
-        }.to change { MockUser.count }.by(1)
-        mock_after = MockUser.all.to_a
-        new_mock = (mock_after - mock_before).first
-        expect(response.status                 ).to eql(201)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(new_mock.id.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        expect(new_mock.first_name).to eql(CustomCreateMockUsersController::OVERRIDDEN_NAME)
-      end
-      it 'returns 409 for duplicates (by Rails validation)' do
-        existing_user = MockUser.create!(
-          username:           '4',
-          first_name:         'Will Be Overridden',
-          last_name:          'Baz',
-          home_email_address: 'random@test.com',
-          scim_uid:           '999'
-        )
-        expect_any_instance_of(CustomCreateMockUsersController).to receive(:create).once.and_call_original
-        expect {
-          post "/CustomCreateUsers", params: {
-            format:   :scim,
-            userName: '4' # Already exists
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(409)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['scimType']).to eql('uniqueness')
-        expect(result['detail']).to include('already been taken')
-      end
-      it 'notes Rails validation failures' do
-        expect_any_instance_of(CustomCreateMockUsersController).to receive(:create).once.and_call_original
-        expect {
-          post "/CustomCreateUsers", params: {
-            format:   :scim,
-            userName: MockUser::INVALID_USERNAME
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(400)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['scimType']).to eql('invalidValue')
-        expect(result['detail']).to include('is reserved')
-      end
-    end # "context 'with a block' do"
   end # "context '#create' do"
   # ===========================================================================
@@ -525,64 +273,26 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
   context '#replace' do
     shared_examples 'a replacer' do | force_upper_case: |
       it 'which replaces all attributes in an instance' do
-        attributes = { userName: '4' } # Minimum required by schema
+        attributes = { userName: '4' }  # Minimum required by schema
         attributes = spec_helper_hupcase(attributes) if force_upper_case
-        # Prove that certain known pathways are called; can then unit test
-        # those if need be and be sure that this covers #replace actions.
-        #
         expect_any_instance_of(MockUsersController).to receive(:replace).once.and_call_original
-        expect_any_instance_of(MockUsersController).to receive(:save!  ).once.and_call_original
         expect {
-          put "/Users/#{@u2.primary_key}", params: attributes.merge(format: :scim)
+          put "/Users/#{@u2.id}", params: attributes.merge(format: :scim)
         }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        expect(result).to     have_key('name')
-        expect(result).to_not have_key('password')
-        @u2.reload
-        expect(@u2.username).to eql('4')
-        expect(@u2.first_name).to be_nil
-        expect(@u2.last_name).to be_nil
-        expect(@u2.home_email_address).to be_nil
-        expect(@u2.password).to be_nil
-      end
-      it 'can replace passwords' do
-        attributes = { userName: '4', password: 'correcthorsebatterystaple' }
-        attributes = spec_helper_hupcase(attributes) if force_upper_case
-        expect {
-          put "/Users/#{@u2.primary_key}", params: attributes.merge(format: :scim)
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
+        expect(result['id']).to eql(@u2.id.to_s)
         expect(result['meta']['resourceType']).to eql('User')
-        expect(result).to     have_key('name')
-        expect(result).to_not have_key('password')
         @u2.reload
         expect(@u2.username).to eql('4')
         expect(@u2.first_name).to be_nil
         expect(@u2.last_name).to be_nil
         expect(@u2.home_email_address).to be_nil
-        expect(@u2.password).to eql('correcthorsebatterystaple')
       end
     end # "shared_examples 'a replacer' do | force_upper_case: |"
@@ -596,17 +306,14 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     it 'notes schema validation failures' do
       expect {
-        put "/Users/#{@u2.primary_key}", params: {
+        put "/Users/#{@u2.id}", params: {
           format: :scim
           # userName parameter is required by schema, but missing
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
       expect(result['detail']).to include('is required')
@@ -620,15 +327,13 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     it 'notes Rails validation failures' do
       expect {
-        put "/Users/#{@u2.primary_key}", params: {
+        post "/Users", params: {
           format: :scim,
           userName: MockUser::INVALID_USERNAME
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
@@ -650,72 +355,17 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(404)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(404)
       result = JSON.parse(response.body)
       expect(result['status']).to eql('404')
     end
-    context 'with a block' do
-      it 'invokes the block' do
-        attributes = { userName: '4' } # Minimum required by schema
-        expect_any_instance_of(CustomReplaceMockUsersController).to receive(:replace).once.and_call_original
-        expect {
-          put "/CustomReplaceUsers/#{@u2.primary_key}", params: {
-            format:   :scim,
-            userName: '4'
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        @u2.reload
-        expect(@u2.username  ).to eql('4')
-        expect(@u2.first_name).to eql(CustomReplaceMockUsersController::OVERRIDDEN_NAME)
-      end
-      it 'notes Rails validation failures' do
-        expect_any_instance_of(CustomReplaceMockUsersController).to receive(:replace).once.and_call_original
-        expect {
-          put "/CustomReplaceUsers/#{@u2.primary_key}", params: {
-            format:   :scim,
-            userName: MockUser::INVALID_USERNAME
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(400)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['scimType']).to eql('invalidValue')
-        expect(result['detail']).to include('is reserved')
-        @u2.reload
-        expect(@u2.username).to eql('2')
-        expect(@u2.first_name).to eql('Foo')
-        expect(@u2.last_name).to eql('Bar')
-        expect(@u2.home_email_address).to eql('home_2@test.com')
-      end
-    end # "context 'with a block' do"
   end # "context '#replace' do"
   # ===========================================================================
   context '#update' do
     shared_examples 'an updater' do | force_upper_case: |
-      it 'which patches regular attributes' do
+      it 'which patches specific attributes' do
         payload = {
           Operations: [
             {
@@ -733,27 +383,17 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         payload = spec_helper_hupcase(payload) if force_upper_case
-        # Prove that certain known pathways are called; can then unit test
-        # those if need be and be sure that this covers #update actions.
-        #
         expect_any_instance_of(MockUsersController).to receive(:update).once.and_call_original
-        expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
         expect {
-          patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+          patch "/Users/#{@u2.id}", params: payload.merge(format: :scim)
         }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
+        expect(result['id']).to eql(@u2.id.to_s)
         expect(result['meta']['resourceType']).to eql('User')
-        expect(result).to     have_key('name')
-        expect(result).to_not have_key('password')
         @u2.reload
         expect(@u2.username).to eql('4')
@@ -761,45 +401,6 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(@u2.last_name).to eql('Bar')
         expect(@u2.home_email_address).to eql('home_2@test.com')
         expect(@u2.work_email_address).to eql('work_4@test.com')
-        expect(@u2.password).to eql('oldpassword')
-      end
-      it 'which patches "returned: \'never\'" fields' do
-        payload = {
-          Operations: [
-            {
-              op: 'replace',
-              path: 'password',
-              value: 'correcthorsebatterystaple'
-            }
-          ]
-        }
-        payload = spec_helper_hupcase(payload) if force_upper_case
-        expect {
-          patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        expect(result).to     have_key('name')
-        expect(result).to_not have_key('password')
-        @u2.reload
-        expect(@u2.username).to eql('2')
-        expect(@u2.first_name).to eql('Foo')
-        expect(@u2.last_name).to eql('Bar')
-        expect(@u2.home_email_address).to eql('home_2@test.com')
-        expect(@u2.work_email_address).to be_nil
-        expect(@u2.password).to eql('correcthorsebatterystaple')
       end
       context 'which clears attributes' do
@@ -821,15 +422,13 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           expect_any_instance_of(MockUsersController).to receive(:update).once.and_call_original
           expect {
-            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+            patch "/Users/#{@u2.id}", params: payload.merge(format: :scim)
           }.to_not change { MockUser.count }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(200)
           result = JSON.parse(response.body)
-          expect(result['id']).to eql(@u2.primary_key.to_s)
+          expect(result['id']).to eql(@u2.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           @u2.reload
@@ -855,15 +454,13 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           expect_any_instance_of(MockUsersController).to receive(:update).once.and_call_original
           expect {
-            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+            patch "/Users/#{@u2.id}", params: payload.merge(format: :scim)
           }.to_not change { MockUser.count }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(200)
           result = JSON.parse(response.body)
-          expect(result['id']).to eql(@u2.primary_key.to_s)
+          expect(result['id']).to eql(@u2.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           @u2.reload
@@ -889,15 +486,13 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           expect_any_instance_of(MockUsersController).to receive(:update).once.and_call_original
           expect {
-            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+            patch "/Users/#{@u2.id}", params: payload.merge(format: :scim)
           }.to_not change { MockUser.count }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(200)
           result = JSON.parse(response.body)
-          expect(result['id']).to eql(@u2.primary_key.to_s)
+          expect(result['id']).to eql(@u2.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           @u2.reload
@@ -921,7 +516,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     it 'notes Rails validation failures' do
       expect {
-        patch "/Users/#{@u2.primary_key}", params: {
+        patch "/Users/#{@u2.id}", params: {
           format: :scim,
           Operations: [
             {
@@ -933,9 +528,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
@@ -963,329 +556,20 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(404)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(404)
       result = JSON.parse(response.body)
       expect(result['status']).to eql('404')
     end
-    context 'when removing users from groups' do
-      before :each do
-        @g1.mock_users << @u1
-        @g1.mock_users << @u2
-        @g1.mock_users << @u3
-        # (Self-check) Verify group representation
-        #
-        get "/Groups/#{@g1.id}", params: { format: :scim }
-        expect(response.status).to eql(200)
-        result = JSON.parse(response.body)
-        expect(result['members'].map { |m| m['value'] }.sort()).to eql(MockUser.pluck(:primary_key).sort())
-      end
-      it 'can remove all users' do
-        expect {
-          expect {
-            patch "/Groups/#{@g1.id}", params: {
-              format: :scim,
-              Operations: [
-                {
-                  op: 'remove',
-                  path: 'members'
-                }
-              ]
-            }
-          }.to_not change { MockUser.count }
-        }.to_not change { MockGroup.count }
-        get "/Groups/#{@g1.id}", params: { format: :scim }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['members']).to be_empty
-        expect(@g1.reload().mock_users).to be_empty
-      end
-      # Define via 'let':
-      #
-      # * Hash 'payload', to send via 'patch'
-      # * MockUser 'removed_user', which is the user that should be removed
-      #
-      shared_examples 'a user remover' do
-        it 'which removes the identified user' do
-          expect {
-            expect {
-              patch "/Groups/#{@g1.id}", params: payload()
-            }.to_not change { MockUser.count }
-          }.to_not change { MockGroup.count }
-          expected_remaining_user_ids = MockUser
-            .where.not(primary_key: removed_user().id)
-            .pluck(:primary_key)
-            .sort()
-          get "/Groups/#{@g1.id}", params: { format: :scim }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['members'].map { |m| m['value'] }.sort()).to eql(expected_remaining_user_ids)
-          expect(@g1.reload().mock_users.map(&:primary_key).sort()).to eql(expected_remaining_user_ids)
-        end
-      end
-      # https://tools.ietf.org/html/rfc7644#section-3.5.2.2
-      #
-      context 'and using an RFC-compliant payload' do
-        let(:removed_user) { @u2 }
-        let(:payload) do
-          {
-            format: :scim,
-            Operations: [
-              {
-                op: 'remove',
-                path: "members[value eq \"#{removed_user().primary_key}\"]",
-              }
-            ]
-          }
-        end
-        it_behaves_like 'a user remover'
-      end # context 'and using an RFC-compliant payload' do
-      # https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#update-group-remove-members
-      #
-      context 'and using a Microsoft variant payload' do
-        let(:removed_user) { @u2 }
-        let(:payload) do
-          {
-            format: :scim,
-            Operations: [
-              {
-                op: 'remove',
-                path: 'members',
-                value: [{
-                  '$ref' => nil,
-                  'value' => removed_user().primary_key
-                }]
-              }
-            ]
-          }
-        end
-        it_behaves_like 'a user remover'
-      end # context 'and using a Microsoft variant payload' do
-      # https://help.salesforce.com/s/articleView?id=sf.identity_scim_manage_groups.htm&type=5
-      #
-      context 'and using a Salesforce variant payload' do
-        let(:removed_user) { @u2 }
-        let(:payload) do
-          {
-            format: :scim,
-            Operations: [
-              {
-                op: 'remove',
-                path: 'members',
-                value: {
-                  'members' => [{
-                    '$ref' => nil,
-                    'value' => removed_user().primary_key
-                  }]
-                }
-              }
-            ]
-          }
-        end
-        it_behaves_like 'a user remover'
-      end # context 'and using a Salesforce variant payload' do
-    end # "context 'when removing users from groups' do"
-    context 'with a block' do
-      it 'invokes the block' do
-        payload = {
-          format: :scim,
-          Operations: [
-            {
-              op: 'add',
-              path: 'userName',
-              value: '4'
-            },
-            {
-              op: 'replace',
-              path: 'emails[type eq "work"]',
-              value: { type: 'work', value: 'work_4@test.com' }
-            }
-          ]
-        }
-        expect_any_instance_of(CustomUpdateMockUsersController).to receive(:update).once.and_call_original
-        expect {
-          patch "/CustomUpdateUsers/#{@u2.primary_key}", params: payload
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        @u2.reload
-        expect(@u2.username          ).to eql('4')
-        expect(@u2.first_name        ).to eql(CustomUpdateMockUsersController::OVERRIDDEN_NAME)
-        expect(@u2.work_email_address).to eql('work_4@test.com')
-      end
-      it 'notes Rails validation failures' do
-        expect_any_instance_of(CustomUpdateMockUsersController).to receive(:update).once.and_call_original
-        expect {
-          patch "/CustomUpdateUsers/#{@u2.primary_key}", params: {
-            format: :scim,
-            Operations: [
-              {
-                op: 'add',
-                path: 'userName',
-                value: MockUser::INVALID_USERNAME
-              }
-            ]
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(400)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['scimType']).to eql('invalidValue')
-        expect(result['detail']).to include('is reserved')
-        @u2.reload
-        expect(@u2.username).to eql('2')
-        expect(@u2.first_name).to eql('Foo')
-        expect(@u2.last_name).to eql('Bar')
-        expect(@u2.home_email_address).to eql('home_2@test.com')
-      end
-    end # "context 'with a block' do"
   end # "context '#update' do"
-  # ===========================================================================
-  # In-passing parts of tests above show that #create, #replace and #update all
-  # route through #save!, so now add some unit tests for that and for exception
-  # handling overrides invoked via #save!.
-  # ===========================================================================
-  context 'overriding #save!' do
-    it 'invokes a block if given one' do
-      mock_before = MockUser.all.to_a
-      attributes = { userName: '5' } # Minimum required by schema
-      expect_any_instance_of(CustomSaveMockUsersController).to receive(:create).once.and_call_original
-      expect {
-        post "/CustomSaveUsers", params: attributes.merge(format: :scim)
-      }.to change { MockUser.count }.by(1)
-      mock_after = MockUser.all.to_a
-      new_mock = (mock_after - mock_before).first
-      expect(response.status                 ).to eql(201)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-      expect(new_mock.username).to eql(CustomSaveMockUsersController::CUSTOM_SAVE_BLOCK_USERNAME_INDICATOR)
-    end
-  end # "context 'overriding #save!' do
-  context 'custom on-save exceptions' do
-    MockUsersController.new.send(:scimitar_rescuable_exceptions).each do | exception_class |
-      it "handles out-of-box exception #{exception_class}" do
-        expect_any_instance_of(MockUsersController).to receive(:create).once.and_call_original
-        expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
-        expect_any_instance_of(MockUser).to receive(:save!).once { raise exception_class }
-        expect {
-          post "/Users", params: { format: :scim, userName: SecureRandom.uuid }
-        }.to_not change { MockUser.count }
-        expected_status, expected_prefix = if exception_class == ActiveRecord::RecordNotUnique
-          [409, 'Operation failed due to a uniqueness constraint: ']
-        else
-          [400, 'Operation failed since record has become invalid: ']
-        end
-        expect(response.status                 ).to eql(expected_status)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        # Check basic SCIM error rendering - good enough given other tests
-        # elsewhere. Exact message varies by exception.
-        #
-        expect(result['detail']).to start_with(expected_prefix)
-      end
-    end
-    it 'handles custom exceptions' do
-      exception_class = RuntimeError # (for testing only; usually, this would provoke a 500 response)
-      expect_any_instance_of(MockUsersController).to receive(:create).once.and_call_original
-      expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
-      expect_any_instance_of(MockUsersController).to receive(:scimitar_rescuable_exceptions).once { [ exception_class ] }
-      expect_any_instance_of(MockUser           ).to receive(:save!                        ).once { raise exception_class }
-      expect {
-        post "/Users", params: { format: :scim, userName: SecureRandom.uuid }
-      }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-      result = JSON.parse(response.body)
-      expect(result['detail']).to start_with('Operation failed since record has become invalid: ')
-    end
-    it 'reports other exceptions as 500s' do
-      expect_any_instance_of(MockUsersController).to receive(:create).once.and_call_original
-      expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
-      expect_any_instance_of(MockUser).to receive(:save!).once { raise RuntimeError }
-      expect {
-        post "/Users", params: { format: :scim, userName: SecureRandom.uuid }
-      }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(500)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-      result = JSON.parse(response.body)
-      expect(result['detail']).to eql('RuntimeError')
-    end
-  end
   # ===========================================================================
   context '#destroy' do
-    it 'deletes an item if given no block' do
+    it 'deletes an item if given no blok' do
       expect_any_instance_of(MockUsersController).to receive(:destroy).once.and_call_original
       expect_any_instance_of(MockUser).to receive(:destroy!).once.and_call_original
       expect {
-        delete "/Users/#{@u2.primary_key}", params: { format: :scim }
+        delete "/Users/#{@u2.id}", params: { format: :scim }
       }.to change { MockUser.count }.by(-1)
       expect(response.status).to eql(204)
@@ -1297,7 +581,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
       expect_any_instance_of(MockUser).to_not receive(:destroy!)
       expect {
-        delete "/CustomDestroyUsers/#{@u2.primary_key}", params: { format: :scim }
+        delete "/CustomDestroyUsers/#{@u2.id}", params: { format: :scim }
       }.to_not change { MockUser.count }
       expect(response.status).to eql(204)
@@ -1312,11 +596,8 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         delete '/Users/xyz', params: { format: :scim }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(404)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(404)
       result = JSON.parse(response.body)
       expect(result['status']).to eql('404')
     end
   end # "context '#destroy' do"