RubyGems - scimitar - Versions diffs - 1.8.2 → 2.0.0 - Mend

scimitar 1.8.2 → 2.0.0

Files changed (54) hide show

checksums.yaml +4 -4
data/app/controllers/scimitar/active_record_backed_resources_controller.rb +20 -94
data/app/controllers/scimitar/application_controller.rb +13 -41
data/app/controllers/scimitar/schemas_controller.rb +0 -5
data/app/models/scimitar/complex_types/address.rb +6 -0
data/app/models/scimitar/engine_configuration.rb +5 -13
data/app/models/scimitar/error_response.rb +0 -12
data/app/models/scimitar/lists/query_parser.rb +10 -25
data/app/models/scimitar/resource_invalid_error.rb +1 -1
data/app/models/scimitar/resources/base.rb +4 -17
data/app/models/scimitar/resources/mixin.rb +42 -539
data/app/models/scimitar/schema/address.rb +0 -1
data/app/models/scimitar/schema/attribute.rb +5 -14
data/app/models/scimitar/schema/base.rb +1 -1
data/app/models/scimitar/schema/vdtp.rb +1 -1
data/app/models/scimitar/service_provider_configuration.rb +3 -14
data/config/initializers/scimitar.rb +3 -28
data/lib/scimitar/support/hash_with_indifferent_case_insensitive_access.rb +10 -140
data/lib/scimitar/version.rb +2 -2
data/lib/scimitar.rb +2 -7
data/spec/apps/dummy/app/controllers/mock_groups_controller.rb +1 -1
data/spec/apps/dummy/app/models/mock_group.rb +1 -1
data/spec/apps/dummy/app/models/mock_user.rb +8 -36
data/spec/apps/dummy/config/application.rb +1 -0
data/spec/apps/dummy/config/environments/test.rb +28 -5
data/spec/apps/dummy/config/initializers/scimitar.rb +10 -61
data/spec/apps/dummy/config/routes.rb +7 -28
data/spec/apps/dummy/db/migrate/20210304014602_create_mock_users.rb +1 -10
data/spec/apps/dummy/db/migrate/20210308044214_create_join_table_mock_groups_mock_users.rb +3 -8
data/spec/apps/dummy/db/schema.rb +4 -11
data/spec/controllers/scimitar/application_controller_spec.rb +3 -126
data/spec/controllers/scimitar/resource_types_controller_spec.rb +2 -2
data/spec/controllers/scimitar/schemas_controller_spec.rb +2 -10
data/spec/models/scimitar/complex_types/address_spec.rb +4 -3
data/spec/models/scimitar/complex_types/email_spec.rb +2 -0
data/spec/models/scimitar/lists/query_parser_spec.rb +9 -76
data/spec/models/scimitar/resources/base_spec.rb +70 -216
data/spec/models/scimitar/resources/base_validation_spec.rb +2 -27
data/spec/models/scimitar/resources/mixin_spec.rb +129 -1447
data/spec/models/scimitar/schema/attribute_spec.rb +3 -22
data/spec/models/scimitar/schema/base_spec.rb +1 -1
data/spec/models/scimitar/schema/user_spec.rb +0 -10
data/spec/requests/active_record_backed_resources_controller_spec.rb +68 -787
data/spec/requests/application_controller_spec.rb +3 -16
data/spec/spec_helper.rb +0 -8
data/spec/support/hash_with_indifferent_case_insensitive_access_spec.rb +0 -108
metadata +14 -25
data/LICENSE.txt +0 -21
data/README.md +0 -710
data/lib/scimitar/support/utilities.rb +0 -51
data/spec/apps/dummy/app/controllers/custom_create_mock_users_controller.rb +0 -25
data/spec/apps/dummy/app/controllers/custom_replace_mock_users_controller.rb +0 -25
data/spec/apps/dummy/app/controllers/custom_save_mock_users_controller.rb +0 -24
data/spec/apps/dummy/app/controllers/custom_update_mock_users_controller.rb +0 -25

data/spec/requests/active_record_backed_resources_controller_spec.rb CHANGED Viewed

@@ -1,42 +1,25 @@
 require 'spec_helper'
-require 'time'
 RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
   before :each do
     allow_any_instance_of(Scimitar::ApplicationController).to receive(:authenticated?).and_return(true)
-    # If a sort order is unspecified, the controller defaults to ID ascending.
-    # With UUID based IDs, testing life is made easier by ensuring that the
-    # creation order matches an ascending UUID sort order (which is what would
-    # happen if we were using integer primary keys).
-    #
-    lmt = Time.parse("2023-01-09 14:25:00 +1300")
-    ids = 3.times.map { SecureRandom.uuid }.sort()
-    @u1 = MockUser.create!(primary_key: ids.shift(), username: '1', first_name: 'Foo', last_name: 'Ark', home_email_address: 'home_1@test.com', scim_uid: '001', created_at: lmt, updated_at: lmt + 1)
-    @u2 = MockUser.create!(primary_key: ids.shift(), username: '2', first_name: 'Foo', last_name: 'Bar', home_email_address: 'home_2@test.com', scim_uid: '002', created_at: lmt, updated_at: lmt + 2, password: 'oldpassword')
-    @u3 = MockUser.create!(primary_key: ids.shift(), username: '3', first_name: 'Foo',                   home_email_address: 'home_3@test.com', scim_uid: '003', created_at: lmt, updated_at: lmt + 3)
-    @g1 = MockGroup.create!(display_name: 'Group 1')
-    @g2 = MockGroup.create!(display_name: 'Group 2')
-    @g3 = MockGroup.create!(display_name: 'Group 3')
+    @u1 = MockUser.create(username: '1', first_name: 'Foo', last_name: 'Ark', home_email_address: 'home_1@test.com')
+    @u2 = MockUser.create(username: '2', first_name: 'Foo', last_name: 'Bar', home_email_address: 'home_2@test.com')
+    @u3 = MockUser.create(username: '3', first_name: 'Foo',                   home_email_address: 'home_3@test.com')
   end
   # ===========================================================================
   context '#index' do
     context 'with no items' do
-      before :each do
+      it 'returns empty list' do
         MockUser.delete_all
-      end
-      it 'returns empty list' do
         expect_any_instance_of(MockUsersController).to receive(:index).once.and_call_original
         get '/Users', params: { format: :scim }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
         expect(result['totalResults']).to eql(0)
@@ -46,172 +29,55 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     end # "context 'with no items' do"
     context 'with items' do
-      context 'with a UUID, renamed primary key column' do
-        it 'returns all items' do
-          get '/Users', params: { format: :scim }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(3)
-          expect(result['Resources'].size).to eql(3)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@u1.primary_key.to_s, @u2.primary_key.to_s, @u3.primary_key.to_s])
-          usernames = result['Resources'].map { |resource| resource['userName'] }
-          expect(usernames).to match_array(['1', '2', '3'])
-        end
-      end # "context 'with a UUID, renamed primary key column' do"
-      context 'with an integer, conventionally named primary key column' do
-        it 'returns all items' do
-          get '/Groups', params: { format: :scim }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(3)
-          expect(result['Resources'].size).to eql(3)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@g1.id.to_s, @g2.id.to_s, @g3.id.to_s])
-          usernames = result['Resources'].map { |resource| resource['displayName'] }
-          expect(usernames).to match_array(['Group 1', 'Group 2', 'Group 3'])
-        end
-      end # "context 'with an integer, conventionally named primary key column' do"
-      it 'applies a filter, with case-insensitive value comparison' do
-        get '/Users', params: {
-          format: :scim,
-          filter: 'name.givenName eq "FOO" and name.familyName pr and emails ne "home_1@test.com"'
-        }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      it 'returns all items' do
+        get '/Users', params: { format: :scim }
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
-        expect(result['totalResults']).to eql(1)
-        expect(result['Resources'].size).to eql(1)
+        expect(result['totalResults']).to eql(3)
+        expect(result['Resources'].size).to eql(3)
         ids = result['Resources'].map { |resource| resource['id'] }
-        expect(ids).to match_array([@u2.primary_key.to_s])
+        expect(ids).to match_array([@u1.id.to_s, @u2.id.to_s, @u3.id.to_s])
         usernames = result['Resources'].map { |resource| resource['userName'] }
-        expect(usernames).to match_array(['2'])
+        expect(usernames).to match_array(['1', '2', '3'])
       end
-      it 'applies a filter, with case-insensitive attribute matching (GitHub issue #37)' do
+      it 'applies a filter, with case-insensitive value comparison' do
         get '/Users', params: {
           format: :scim,
-          filter: 'name.GIVENNAME eq "Foo" and name.Familyname pr and emails ne "home_1@test.com"'
+          filter: 'name.givenName eq "Foo" and name.familyName pr and emails ne "home_1@TEST.COM"'
         }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
         expect(result['totalResults']).to eql(1)
         expect(result['Resources'].size).to eql(1)
         ids = result['Resources'].map { |resource| resource['id'] }
-        expect(ids).to match_array([@u2.primary_key.to_s])
+        expect(ids).to match_array([@u2.id.to_s])
         usernames = result['Resources'].map { |resource| resource['userName'] }
         expect(usernames).to match_array(['2'])
       end
-      # Strange attribute capitalisation in tests here builds on test coverage
-      # for now-fixed GitHub issue #37.
-      #
-      context '"meta" / IDs (GitHub issue #36)' do
-        it 'applies a filter on primary keys, using direct comparison (rather than e.g. case-insensitive operators)' do
-          get '/Users', params: {
-            format: :scim,
-            filter: "id eq \"#{@u3.primary_key}\""
-          }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(1)
-          expect(result['Resources'].size).to eql(1)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@u3.primary_key.to_s])
-          usernames = result['Resources'].map { |resource| resource['userName'] }
-          expect(usernames).to match_array(['3'])
-        end
-        it 'applies a filter on external IDs, using direct comparison' do
-          get '/Users', params: {
-            format: :scim,
-            filter: "externalID eq \"#{@u2.scim_uid}\""
-          }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(1)
-          expect(result['Resources'].size).to eql(1)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@u2.primary_key.to_s])
-          usernames = result['Resources'].map { |resource| resource['userName'] }
-          expect(usernames).to match_array(['2'])
-        end
-        it 'applies a filter on "meta" entries, using direct comparison' do
-          get '/Users', params: {
-            format: :scim,
-            filter: "Meta.LastModified eq \"#{@u3.updated_at}\""
-          }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['totalResults']).to eql(1)
-          expect(result['Resources'].size).to eql(1)
-          ids = result['Resources'].map { |resource| resource['id'] }
-          expect(ids).to match_array([@u3.primary_key.to_s])
-          usernames = result['Resources'].map { |resource| resource['userName'] }
-          expect(usernames).to match_array(['3'])
-        end
-      end # "context '"meta" / IDs (GitHub issue #36)' do"
       it 'obeys a page size' do
         get '/Users', params: {
           format: :scim,
           count:  2
         }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
         expect(result['totalResults']).to eql(3)
         expect(result['Resources'].size).to eql(2)
         ids = result['Resources'].map { |resource| resource['id'] }
-        expect(ids).to match_array([@u1.primary_key.to_s, @u2.primary_key.to_s])
+        expect(ids).to match_array([@u1.id.to_s, @u2.id.to_s])
         usernames = result['Resources'].map { |resource| resource['userName'] }
         expect(usernames).to match_array(['1', '2'])
@@ -223,16 +89,14 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           startIndex: 2
         }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
         expect(result['totalResults']).to eql(3)
         expect(result['Resources'].size).to eql(2)
         ids = result['Resources'].map { |resource| resource['id'] }
-        expect(ids).to match_array([@u2.primary_key.to_s, @u3.primary_key.to_s])
+        expect(ids).to match_array([@u2.id.to_s, @u3.id.to_s])
         usernames = result['Resources'].map { |resource| resource['userName'] }
         expect(usernames).to match_array(['2', '3'])
@@ -246,11 +110,8 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           filter: 'name.givenName'
         }
-        expect(response.status                 ).to eql(400)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(400)
         result = JSON.parse(response.body)
         expect(result['scimType']).to eql('invalidFilter')
       end
     end # "context 'with bad calls' do"
@@ -259,47 +120,24 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
   # ===========================================================================
   context '#show' do
-    context 'with a UUID, renamed primary key column' do
-      it 'shows an item' do
-        expect_any_instance_of(MockUsersController).to receive(:show).once.and_call_original
-        get "/Users/#{@u2.primary_key}", params: { format: :scim }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['userName']).to eql('2')
-        expect(result['name']['familyName']).to eql('Bar')
-        expect(result['meta']['resourceType']).to eql('User')
-      end
-    end # "context 'with a UUID, renamed primary key column' do"
-    context 'with an integer, conventionally named primary key column' do
-      it 'shows an item' do
-        expect_any_instance_of(MockGroupsController).to receive(:show).once.and_call_original
-        get "/Groups/#{@g2.id}", params: { format: :scim }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+    it 'shows an item' do
+      expect_any_instance_of(MockUsersController).to receive(:show).once.and_call_original
+      get "/Users/#{@u2.id}", params: { format: :scim }
-        result = JSON.parse(response.body)
+      expect(response.status).to eql(200)
+      result = JSON.parse(response.body)
-        expect(result['id']).to eql(@g2.id.to_s) # Note - ID was converted String; not Integer
-        expect(result['displayName']).to eql('Group 2')
-        expect(result['meta']['resourceType']).to eql('Group')
-      end
-    end # "context 'with an integer, conventionally named primary key column' do"
+      expect(result['id']).to eql(@u2.id.to_s) # Note - ID was converted String; not Integer
+      expect(result['userName']).to eql('2')
+      expect(result['name']['familyName']).to eql('Bar')
+      expect(result['meta']['resourceType']).to eql('User')
+    end
     it 'renders 404' do
       get '/Users/xyz', params: { format: :scim }
-      expect(response.status                 ).to eql(404)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(404)
       result = JSON.parse(response.body)
       expect(result['status']).to eql('404')
     end
   end # "context '#show' do"
@@ -312,15 +150,10 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         it 'with minimal parameters' do
           mock_before = MockUser.all.to_a
-          attributes = { userName: '4' } # Minimum required by schema
+          attributes = { userName: '4' }  # Minimum required by schema
           attributes = spec_helper_hupcase(attributes) if force_upper_case
-          # Prove that certain known pathways are called; can then unit test
-          # those if need be and be sure that this covers #create actions.
-          #
           expect_any_instance_of(MockUsersController).to receive(:create).once.and_call_original
-          expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
           expect {
             post "/Users", params: attributes.merge(format: :scim)
           }.to change { MockUser.count }.by(1)
@@ -328,12 +161,10 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           mock_after = MockUser.all.to_a
           new_mock = (mock_after - mock_before).first
-          expect(response.status                 ).to eql(201)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(201)
           result = JSON.parse(response.body)
-          expect(result['id']).to eql(new_mock.primary_key.to_s)
+          expect(result['id']).to eql(new_mock.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           expect(new_mock.username).to eql('4')
         end
@@ -345,12 +176,10 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           attributes = {
             userName: '4',
-            password: 'correcthorsebatterystaple',
             name: {
               givenName: 'Given',
               familyName: 'Family'
             },
-            meta: { resourceType: 'User' },
             emails: [
               {
                 type: 'work',
@@ -372,15 +201,12 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           mock_after = MockUser.all.to_a
           new_mock = (mock_after - mock_before).first
-          expect(response.status                 ).to eql(201)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(201)
           result = JSON.parse(response.body)
           expect(result['id']).to eql(new_mock.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           expect(new_mock.username).to eql('4')
-          expect(new_mock.password).to eql('correcthorsebatterystaple')
           expect(new_mock.first_name).to eql('Given')
           expect(new_mock.last_name).to eql('Family')
           expect(new_mock.home_email_address).to eql('home_4@test.com')
@@ -406,11 +232,8 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(409)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(409)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('uniqueness')
       expect(result['detail']).to include('already been taken')
     end
@@ -423,11 +246,8 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
       expect(result['detail']).to include('is required')
     end
@@ -440,84 +260,12 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
       expect(result['detail']).to include('is reserved')
     end
-    context 'with a block' do
-      it 'invokes the block' do
-        mock_before = MockUser.all.to_a
-        expect_any_instance_of(CustomCreateMockUsersController).to receive(:create).once.and_call_original
-        expect {
-          post "/CustomCreateUsers", params: {
-            format:   :scim,
-            userName: '4' # Minimum required by schema
-          }
-        }.to change { MockUser.count }.by(1)
-        mock_after = MockUser.all.to_a
-        new_mock = (mock_after - mock_before).first
-        expect(response.status                 ).to eql(201)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(new_mock.id.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        expect(new_mock.first_name).to eql(CustomCreateMockUsersController::OVERRIDDEN_NAME)
-      end
-      it 'returns 409 for duplicates (by Rails validation)' do
-        existing_user = MockUser.create!(
-          username:           '4',
-          first_name:         'Will Be Overridden',
-          last_name:          'Baz',
-          home_email_address: 'random@test.com',
-          scim_uid:           '999'
-        )
-        expect_any_instance_of(CustomCreateMockUsersController).to receive(:create).once.and_call_original
-        expect {
-          post "/CustomCreateUsers", params: {
-            format:   :scim,
-            userName: '4' # Already exists
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(409)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['scimType']).to eql('uniqueness')
-        expect(result['detail']).to include('already been taken')
-      end
-      it 'notes Rails validation failures' do
-        expect_any_instance_of(CustomCreateMockUsersController).to receive(:create).once.and_call_original
-        expect {
-          post "/CustomCreateUsers", params: {
-            format:   :scim,
-            userName: MockUser::INVALID_USERNAME
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(400)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['scimType']).to eql('invalidValue')
-        expect(result['detail']).to include('is reserved')
-      end
-    end # "context 'with a block' do"
   end # "context '#create' do"
   # ===========================================================================
@@ -525,64 +273,26 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
   context '#replace' do
     shared_examples 'a replacer' do | force_upper_case: |
       it 'which replaces all attributes in an instance' do
-        attributes = { userName: '4' } # Minimum required by schema
+        attributes = { userName: '4' }  # Minimum required by schema
         attributes = spec_helper_hupcase(attributes) if force_upper_case
-        # Prove that certain known pathways are called; can then unit test
-        # those if need be and be sure that this covers #replace actions.
-        #
         expect_any_instance_of(MockUsersController).to receive(:replace).once.and_call_original
-        expect_any_instance_of(MockUsersController).to receive(:save!  ).once.and_call_original
         expect {
-          put "/Users/#{@u2.primary_key}", params: attributes.merge(format: :scim)
+          put "/Users/#{@u2.id}", params: attributes.merge(format: :scim)
         }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        expect(result).to     have_key('name')
-        expect(result).to_not have_key('password')
-        @u2.reload
-        expect(@u2.username).to eql('4')
-        expect(@u2.first_name).to be_nil
-        expect(@u2.last_name).to be_nil
-        expect(@u2.home_email_address).to be_nil
-        expect(@u2.password).to be_nil
-      end
-      it 'can replace passwords' do
-        attributes = { userName: '4', password: 'correcthorsebatterystaple' }
-        attributes = spec_helper_hupcase(attributes) if force_upper_case
-        expect {
-          put "/Users/#{@u2.primary_key}", params: attributes.merge(format: :scim)
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
+        expect(result['id']).to eql(@u2.id.to_s)
         expect(result['meta']['resourceType']).to eql('User')
-        expect(result).to     have_key('name')
-        expect(result).to_not have_key('password')
         @u2.reload
         expect(@u2.username).to eql('4')
         expect(@u2.first_name).to be_nil
         expect(@u2.last_name).to be_nil
         expect(@u2.home_email_address).to be_nil
-        expect(@u2.password).to eql('correcthorsebatterystaple')
       end
     end # "shared_examples 'a replacer' do | force_upper_case: |"
@@ -596,17 +306,14 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     it 'notes schema validation failures' do
       expect {
-        put "/Users/#{@u2.primary_key}", params: {
+        put "/Users/#{@u2.id}", params: {
           format: :scim
           # userName parameter is required by schema, but missing
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
       expect(result['detail']).to include('is required')
@@ -620,15 +327,13 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     it 'notes Rails validation failures' do
       expect {
-        put "/Users/#{@u2.primary_key}", params: {
+        post "/Users", params: {
           format: :scim,
           userName: MockUser::INVALID_USERNAME
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
@@ -650,72 +355,17 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(404)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(404)
       result = JSON.parse(response.body)
       expect(result['status']).to eql('404')
     end
-    context 'with a block' do
-      it 'invokes the block' do
-        attributes = { userName: '4' } # Minimum required by schema
-        expect_any_instance_of(CustomReplaceMockUsersController).to receive(:replace).once.and_call_original
-        expect {
-          put "/CustomReplaceUsers/#{@u2.primary_key}", params: {
-            format:   :scim,
-            userName: '4'
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        @u2.reload
-        expect(@u2.username  ).to eql('4')
-        expect(@u2.first_name).to eql(CustomReplaceMockUsersController::OVERRIDDEN_NAME)
-      end
-      it 'notes Rails validation failures' do
-        expect_any_instance_of(CustomReplaceMockUsersController).to receive(:replace).once.and_call_original
-        expect {
-          put "/CustomReplaceUsers/#{@u2.primary_key}", params: {
-            format:   :scim,
-            userName: MockUser::INVALID_USERNAME
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(400)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['scimType']).to eql('invalidValue')
-        expect(result['detail']).to include('is reserved')
-        @u2.reload
-        expect(@u2.username).to eql('2')
-        expect(@u2.first_name).to eql('Foo')
-        expect(@u2.last_name).to eql('Bar')
-        expect(@u2.home_email_address).to eql('home_2@test.com')
-      end
-    end # "context 'with a block' do"
   end # "context '#replace' do"
   # ===========================================================================
   context '#update' do
     shared_examples 'an updater' do | force_upper_case: |
-      it 'which patches regular attributes' do
+      it 'which patches specific attributes' do
         payload = {
           Operations: [
             {
@@ -733,27 +383,17 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         payload = spec_helper_hupcase(payload) if force_upper_case
-        # Prove that certain known pathways are called; can then unit test
-        # those if need be and be sure that this covers #update actions.
-        #
         expect_any_instance_of(MockUsersController).to receive(:update).once.and_call_original
-        expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
         expect {
-          patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+          patch "/Users/#{@u2.id}", params: payload.merge(format: :scim)
         }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+        expect(response.status).to eql(200)
         result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
+        expect(result['id']).to eql(@u2.id.to_s)
         expect(result['meta']['resourceType']).to eql('User')
-        expect(result).to     have_key('name')
-        expect(result).to_not have_key('password')
         @u2.reload
         expect(@u2.username).to eql('4')
@@ -761,45 +401,6 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(@u2.last_name).to eql('Bar')
         expect(@u2.home_email_address).to eql('home_2@test.com')
         expect(@u2.work_email_address).to eql('work_4@test.com')
-        expect(@u2.password).to eql('oldpassword')
-      end
-      it 'which patches "returned: \'never\'" fields' do
-        payload = {
-          Operations: [
-            {
-              op: 'replace',
-              path: 'password',
-              value: 'correcthorsebatterystaple'
-            }
-          ]
-        }
-        payload = spec_helper_hupcase(payload) if force_upper_case
-        expect {
-          patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        expect(result).to     have_key('name')
-        expect(result).to_not have_key('password')
-        @u2.reload
-        expect(@u2.username).to eql('2')
-        expect(@u2.first_name).to eql('Foo')
-        expect(@u2.last_name).to eql('Bar')
-        expect(@u2.home_email_address).to eql('home_2@test.com')
-        expect(@u2.work_email_address).to be_nil
-        expect(@u2.password).to eql('correcthorsebatterystaple')
       end
       context 'which clears attributes' do
@@ -821,15 +422,13 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           expect_any_instance_of(MockUsersController).to receive(:update).once.and_call_original
           expect {
-            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+            patch "/Users/#{@u2.id}", params: payload.merge(format: :scim)
           }.to_not change { MockUser.count }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(200)
           result = JSON.parse(response.body)
-          expect(result['id']).to eql(@u2.primary_key.to_s)
+          expect(result['id']).to eql(@u2.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           @u2.reload
@@ -855,15 +454,13 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           expect_any_instance_of(MockUsersController).to receive(:update).once.and_call_original
           expect {
-            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+            patch "/Users/#{@u2.id}", params: payload.merge(format: :scim)
           }.to_not change { MockUser.count }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(200)
           result = JSON.parse(response.body)
-          expect(result['id']).to eql(@u2.primary_key.to_s)
+          expect(result['id']).to eql(@u2.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           @u2.reload
@@ -889,15 +486,13 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
           expect_any_instance_of(MockUsersController).to receive(:update).once.and_call_original
           expect {
-            patch "/Users/#{@u2.primary_key}", params: payload.merge(format: :scim)
+            patch "/Users/#{@u2.id}", params: payload.merge(format: :scim)
           }.to_not change { MockUser.count }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+          expect(response.status).to eql(200)
           result = JSON.parse(response.body)
-          expect(result['id']).to eql(@u2.primary_key.to_s)
+          expect(result['id']).to eql(@u2.id.to_s)
           expect(result['meta']['resourceType']).to eql('User')
           @u2.reload
@@ -921,7 +516,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
     it 'notes Rails validation failures' do
       expect {
-        patch "/Users/#{@u2.primary_key}", params: {
+        patch "/Users/#{@u2.id}", params: {
           format: :scim,
           Operations: [
             {
@@ -933,9 +528,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(400)
       result = JSON.parse(response.body)
       expect(result['scimType']).to eql('invalidValue')
@@ -963,329 +556,20 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(404)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(404)
       result = JSON.parse(response.body)
       expect(result['status']).to eql('404')
     end
-    context 'when removing users from groups' do
-      before :each do
-        @g1.mock_users << @u1
-        @g1.mock_users << @u2
-        @g1.mock_users << @u3
-        # (Self-check) Verify group representation
-        #
-        get "/Groups/#{@g1.id}", params: { format: :scim }
-        expect(response.status).to eql(200)
-        result = JSON.parse(response.body)
-        expect(result['members'].map { |m| m['value'] }.sort()).to eql(MockUser.pluck(:primary_key).sort())
-      end
-      it 'can remove all users' do
-        expect {
-          expect {
-            patch "/Groups/#{@g1.id}", params: {
-              format: :scim,
-              Operations: [
-                {
-                  op: 'remove',
-                  path: 'members'
-                }
-              ]
-            }
-          }.to_not change { MockUser.count }
-        }.to_not change { MockGroup.count }
-        get "/Groups/#{@g1.id}", params: { format: :scim }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['members']).to be_empty
-        expect(@g1.reload().mock_users).to be_empty
-      end
-      # Define via 'let':
-      #
-      # * Hash 'payload', to send via 'patch'
-      # * MockUser 'removed_user', which is the user that should be removed
-      #
-      shared_examples 'a user remover' do
-        it 'which removes the identified user' do
-          expect {
-            expect {
-              patch "/Groups/#{@g1.id}", params: payload()
-            }.to_not change { MockUser.count }
-          }.to_not change { MockGroup.count }
-          expected_remaining_user_ids = MockUser
-            .where.not(primary_key: removed_user().id)
-            .pluck(:primary_key)
-            .sort()
-          get "/Groups/#{@g1.id}", params: { format: :scim }
-          expect(response.status                 ).to eql(200)
-          expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-          result = JSON.parse(response.body)
-          expect(result['members'].map { |m| m['value'] }.sort()).to eql(expected_remaining_user_ids)
-          expect(@g1.reload().mock_users.map(&:primary_key).sort()).to eql(expected_remaining_user_ids)
-        end
-      end
-      # https://tools.ietf.org/html/rfc7644#section-3.5.2.2
-      #
-      context 'and using an RFC-compliant payload' do
-        let(:removed_user) { @u2 }
-        let(:payload) do
-          {
-            format: :scim,
-            Operations: [
-              {
-                op: 'remove',
-                path: "members[value eq \"#{removed_user().primary_key}\"]",
-              }
-            ]
-          }
-        end
-        it_behaves_like 'a user remover'
-      end # context 'and using an RFC-compliant payload' do
-      # https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#update-group-remove-members
-      #
-      context 'and using a Microsoft variant payload' do
-        let(:removed_user) { @u2 }
-        let(:payload) do
-          {
-            format: :scim,
-            Operations: [
-              {
-                op: 'remove',
-                path: 'members',
-                value: [{
-                  '$ref' => nil,
-                  'value' => removed_user().primary_key
-                }]
-              }
-            ]
-          }
-        end
-        it_behaves_like 'a user remover'
-      end # context 'and using a Microsoft variant payload' do
-      # https://help.salesforce.com/s/articleView?id=sf.identity_scim_manage_groups.htm&type=5
-      #
-      context 'and using a Salesforce variant payload' do
-        let(:removed_user) { @u2 }
-        let(:payload) do
-          {
-            format: :scim,
-            Operations: [
-              {
-                op: 'remove',
-                path: 'members',
-                value: {
-                  'members' => [{
-                    '$ref' => nil,
-                    'value' => removed_user().primary_key
-                  }]
-                }
-              }
-            ]
-          }
-        end
-        it_behaves_like 'a user remover'
-      end # context 'and using a Salesforce variant payload' do
-    end # "context 'when removing users from groups' do"
-    context 'with a block' do
-      it 'invokes the block' do
-        payload = {
-          format: :scim,
-          Operations: [
-            {
-              op: 'add',
-              path: 'userName',
-              value: '4'
-            },
-            {
-              op: 'replace',
-              path: 'emails[type eq "work"]',
-              value: { type: 'work', value: 'work_4@test.com' }
-            }
-          ]
-        }
-        expect_any_instance_of(CustomUpdateMockUsersController).to receive(:update).once.and_call_original
-        expect {
-          patch "/CustomUpdateUsers/#{@u2.primary_key}", params: payload
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(200)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['id']).to eql(@u2.primary_key.to_s)
-        expect(result['meta']['resourceType']).to eql('User')
-        @u2.reload
-        expect(@u2.username          ).to eql('4')
-        expect(@u2.first_name        ).to eql(CustomUpdateMockUsersController::OVERRIDDEN_NAME)
-        expect(@u2.work_email_address).to eql('work_4@test.com')
-      end
-      it 'notes Rails validation failures' do
-        expect_any_instance_of(CustomUpdateMockUsersController).to receive(:update).once.and_call_original
-        expect {
-          patch "/CustomUpdateUsers/#{@u2.primary_key}", params: {
-            format: :scim,
-            Operations: [
-              {
-                op: 'add',
-                path: 'userName',
-                value: MockUser::INVALID_USERNAME
-              }
-            ]
-          }
-        }.to_not change { MockUser.count }
-        expect(response.status                 ).to eql(400)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        expect(result['scimType']).to eql('invalidValue')
-        expect(result['detail']).to include('is reserved')
-        @u2.reload
-        expect(@u2.username).to eql('2')
-        expect(@u2.first_name).to eql('Foo')
-        expect(@u2.last_name).to eql('Bar')
-        expect(@u2.home_email_address).to eql('home_2@test.com')
-      end
-    end # "context 'with a block' do"
   end # "context '#update' do"
-  # ===========================================================================
-  # In-passing parts of tests above show that #create, #replace and #update all
-  # route through #save!, so now add some unit tests for that and for exception
-  # handling overrides invoked via #save!.
-  # ===========================================================================
-  context 'overriding #save!' do
-    it 'invokes a block if given one' do
-      mock_before = MockUser.all.to_a
-      attributes = { userName: '5' } # Minimum required by schema
-      expect_any_instance_of(CustomSaveMockUsersController).to receive(:create).once.and_call_original
-      expect {
-        post "/CustomSaveUsers", params: attributes.merge(format: :scim)
-      }.to change { MockUser.count }.by(1)
-      mock_after = MockUser.all.to_a
-      new_mock = (mock_after - mock_before).first
-      expect(response.status                 ).to eql(201)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-      expect(new_mock.username).to eql(CustomSaveMockUsersController::CUSTOM_SAVE_BLOCK_USERNAME_INDICATOR)
-    end
-  end # "context 'overriding #save!' do
-  context 'custom on-save exceptions' do
-    MockUsersController.new.send(:scimitar_rescuable_exceptions).each do | exception_class |
-      it "handles out-of-box exception #{exception_class}" do
-        expect_any_instance_of(MockUsersController).to receive(:create).once.and_call_original
-        expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
-        expect_any_instance_of(MockUser).to receive(:save!).once { raise exception_class }
-        expect {
-          post "/Users", params: { format: :scim, userName: SecureRandom.uuid }
-        }.to_not change { MockUser.count }
-        expected_status, expected_prefix = if exception_class == ActiveRecord::RecordNotUnique
-          [409, 'Operation failed due to a uniqueness constraint: ']
-        else
-          [400, 'Operation failed since record has become invalid: ']
-        end
-        expect(response.status                 ).to eql(expected_status)
-        expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-        result = JSON.parse(response.body)
-        # Check basic SCIM error rendering - good enough given other tests
-        # elsewhere. Exact message varies by exception.
-        #
-        expect(result['detail']).to start_with(expected_prefix)
-      end
-    end
-    it 'handles custom exceptions' do
-      exception_class = RuntimeError # (for testing only; usually, this would provoke a 500 response)
-      expect_any_instance_of(MockUsersController).to receive(:create).once.and_call_original
-      expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
-      expect_any_instance_of(MockUsersController).to receive(:scimitar_rescuable_exceptions).once { [ exception_class ] }
-      expect_any_instance_of(MockUser           ).to receive(:save!                        ).once { raise exception_class }
-      expect {
-        post "/Users", params: { format: :scim, userName: SecureRandom.uuid }
-      }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(400)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-      result = JSON.parse(response.body)
-      expect(result['detail']).to start_with('Operation failed since record has become invalid: ')
-    end
-    it 'reports other exceptions as 500s' do
-      expect_any_instance_of(MockUsersController).to receive(:create).once.and_call_original
-      expect_any_instance_of(MockUsersController).to receive(:save! ).once.and_call_original
-      expect_any_instance_of(MockUser).to receive(:save!).once { raise RuntimeError }
-      expect {
-        post "/Users", params: { format: :scim, userName: SecureRandom.uuid }
-      }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(500)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
-      result = JSON.parse(response.body)
-      expect(result['detail']).to eql('RuntimeError')
-    end
-  end
   # ===========================================================================
   context '#destroy' do
-    it 'deletes an item if given no block' do
+    it 'deletes an item if given no blok' do
       expect_any_instance_of(MockUsersController).to receive(:destroy).once.and_call_original
       expect_any_instance_of(MockUser).to receive(:destroy!).once.and_call_original
       expect {
-        delete "/Users/#{@u2.primary_key}", params: { format: :scim }
+        delete "/Users/#{@u2.id}", params: { format: :scim }
       }.to change { MockUser.count }.by(-1)
       expect(response.status).to eql(204)
@@ -1297,7 +581,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
       expect_any_instance_of(MockUser).to_not receive(:destroy!)
       expect {
-        delete "/CustomDestroyUsers/#{@u2.primary_key}", params: { format: :scim }
+        delete "/CustomDestroyUsers/#{@u2.id}", params: { format: :scim }
       }.to_not change { MockUser.count }
       expect(response.status).to eql(204)
@@ -1312,11 +596,8 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         delete '/Users/xyz', params: { format: :scim }
       }.to_not change { MockUser.count }
-      expect(response.status                 ).to eql(404)
-      expect(response.headers['Content-Type']).to eql('application/scim+json; charset=utf-8')
+      expect(response.status).to eql(404)
       result = JSON.parse(response.body)
       expect(result['status']).to eql('404')
     end
   end # "context '#destroy' do"