scimitar 2.3.0 → 2.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/models/scimitar/resources/mixin.rb +108 -3
- data/lib/scimitar/version.rb +2 -2
- data/spec/apps/dummy/app/models/mock_user.rb +9 -1
- data/spec/apps/dummy/config/initializers/scimitar.rb +37 -0
- data/spec/apps/dummy/config/routes.rb +1 -0
- data/spec/apps/dummy/db/migrate/20210304014602_create_mock_users.rb +8 -0
- data/spec/apps/dummy/db/schema.rb +2 -0
- data/spec/controllers/scimitar/schemas_controller_spec.rb +2 -2
- data/spec/models/scimitar/resources/base_spec.rb +161 -66
- data/spec/models/scimitar/resources/mixin_spec.rb +673 -5
- data/spec/requests/active_record_backed_resources_controller_spec.rb +136 -0
- metadata +10 -10
@@ -691,6 +691,142 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
|
|
691
691
|
result = JSON.parse(response.body)
|
692
692
|
expect(result['status']).to eql('404')
|
693
693
|
end
|
694
|
+
|
695
|
+
context 'when removing users from groups' do
|
696
|
+
before :each do
|
697
|
+
@g1.mock_users << @u1
|
698
|
+
@g1.mock_users << @u2
|
699
|
+
@g1.mock_users << @u3
|
700
|
+
|
701
|
+
# (Self-check) Verify group representation
|
702
|
+
#
|
703
|
+
get "/Groups/#{@g1.id}", params: { format: :scim }
|
704
|
+
|
705
|
+
expect(response.status).to eql(200)
|
706
|
+
result = JSON.parse(response.body)
|
707
|
+
|
708
|
+
expect(result['members'].map { |m| m['value'] }.sort()).to eql(MockUser.pluck(:primary_key).sort())
|
709
|
+
end
|
710
|
+
|
711
|
+
it 'can remove all users' do
|
712
|
+
expect {
|
713
|
+
expect {
|
714
|
+
patch "/Groups/#{@g1.id}", params: {
|
715
|
+
format: :scim,
|
716
|
+
Operations: [
|
717
|
+
{
|
718
|
+
op: 'remove',
|
719
|
+
path: 'members'
|
720
|
+
}
|
721
|
+
]
|
722
|
+
}
|
723
|
+
}.to_not change { MockUser.count }
|
724
|
+
}.to_not change { MockGroup.count }
|
725
|
+
|
726
|
+
get "/Groups/#{@g1.id}", params: { format: :scim }
|
727
|
+
|
728
|
+
expect(response.status).to eql(200)
|
729
|
+
result = JSON.parse(response.body)
|
730
|
+
|
731
|
+
expect(result['members']).to be_empty
|
732
|
+
expect(@g1.reload().mock_users).to be_empty
|
733
|
+
end
|
734
|
+
|
735
|
+
# Define via 'let':
|
736
|
+
#
|
737
|
+
# * Hash 'payload', to send via 'patch'
|
738
|
+
# * MockUser 'removed_user', which is the user that should be removed
|
739
|
+
#
|
740
|
+
shared_examples 'a user remover' do
|
741
|
+
it 'which removes the identified user' do
|
742
|
+
expect {
|
743
|
+
expect {
|
744
|
+
patch "/Groups/#{@g1.id}", params: payload()
|
745
|
+
}.to_not change { MockUser.count }
|
746
|
+
}.to_not change { MockGroup.count }
|
747
|
+
|
748
|
+
expected_remaining_user_ids = MockUser
|
749
|
+
.where.not(primary_key: removed_user().id)
|
750
|
+
.pluck(:primary_key)
|
751
|
+
.sort()
|
752
|
+
|
753
|
+
get "/Groups/#{@g1.id}", params: { format: :scim }
|
754
|
+
|
755
|
+
expect(response.status).to eql(200)
|
756
|
+
result = JSON.parse(response.body)
|
757
|
+
|
758
|
+
expect(result['members'].map { |m| m['value'] }.sort()).to eql(expected_remaining_user_ids)
|
759
|
+
expect(@g1.reload().mock_users.map(&:primary_key).sort()).to eql(expected_remaining_user_ids)
|
760
|
+
end
|
761
|
+
end
|
762
|
+
|
763
|
+
# https://tools.ietf.org/html/rfc7644#section-3.5.2.2
|
764
|
+
#
|
765
|
+
context 'and using an RFC-compliant payload' do
|
766
|
+
let(:removed_user) { @u2 }
|
767
|
+
let(:payload) do
|
768
|
+
{
|
769
|
+
format: :scim,
|
770
|
+
Operations: [
|
771
|
+
{
|
772
|
+
op: 'remove',
|
773
|
+
path: "members[value eq \"#{removed_user().primary_key}\"]",
|
774
|
+
}
|
775
|
+
]
|
776
|
+
}
|
777
|
+
end
|
778
|
+
|
779
|
+
it_behaves_like 'a user remover'
|
780
|
+
end # context 'and using an RFC-compliant payload' do
|
781
|
+
|
782
|
+
# https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#update-group-remove-members
|
783
|
+
#
|
784
|
+
context 'and using a Microsoft variant payload' do
|
785
|
+
let(:removed_user) { @u2 }
|
786
|
+
let(:payload) do
|
787
|
+
{
|
788
|
+
format: :scim,
|
789
|
+
Operations: [
|
790
|
+
{
|
791
|
+
op: 'remove',
|
792
|
+
path: 'members',
|
793
|
+
value: [{
|
794
|
+
'$ref' => nil,
|
795
|
+
'value' => removed_user().primary_key
|
796
|
+
}]
|
797
|
+
}
|
798
|
+
]
|
799
|
+
}
|
800
|
+
end
|
801
|
+
|
802
|
+
it_behaves_like 'a user remover'
|
803
|
+
end # context 'and using a Microsoft variant payload' do
|
804
|
+
|
805
|
+
# https://help.salesforce.com/s/articleView?id=sf.identity_scim_manage_groups.htm&type=5
|
806
|
+
#
|
807
|
+
context 'and using a Salesforce variant payload' do
|
808
|
+
let(:removed_user) { @u2 }
|
809
|
+
let(:payload) do
|
810
|
+
{
|
811
|
+
format: :scim,
|
812
|
+
Operations: [
|
813
|
+
{
|
814
|
+
op: 'remove',
|
815
|
+
path: 'members',
|
816
|
+
value: {
|
817
|
+
'members' => [{
|
818
|
+
'$ref' => nil,
|
819
|
+
'value' => removed_user().primary_key
|
820
|
+
}]
|
821
|
+
}
|
822
|
+
}
|
823
|
+
]
|
824
|
+
}
|
825
|
+
end
|
826
|
+
|
827
|
+
it_behaves_like 'a user remover'
|
828
|
+
end # context 'and using a Salesforce variant payload' do
|
829
|
+
end # "context 'when removing users from groups' do"
|
694
830
|
end # "context '#update' do"
|
695
831
|
|
696
832
|
# ===========================================================================
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: scimitar
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- RIPA Global
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2023-
|
12
|
+
date: 2023-03-02 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
@@ -45,14 +45,14 @@ dependencies:
|
|
45
45
|
requirements:
|
46
46
|
- - "~>"
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version: '1.
|
48
|
+
version: '1.4'
|
49
49
|
type: :development
|
50
50
|
prerelease: false
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version: '1.
|
55
|
+
version: '1.4'
|
56
56
|
- !ruby/object:Gem::Dependency
|
57
57
|
name: simplecov-rcov
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
@@ -73,28 +73,28 @@ dependencies:
|
|
73
73
|
requirements:
|
74
74
|
- - "~>"
|
75
75
|
- !ruby/object:Gem::Version
|
76
|
-
version: '6.
|
76
|
+
version: '6.5'
|
77
77
|
type: :development
|
78
78
|
prerelease: false
|
79
79
|
version_requirements: !ruby/object:Gem::Requirement
|
80
80
|
requirements:
|
81
81
|
- - "~>"
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version: '6.
|
83
|
+
version: '6.5'
|
84
84
|
- !ruby/object:Gem::Dependency
|
85
85
|
name: rspec-rails
|
86
86
|
requirement: !ruby/object:Gem::Requirement
|
87
87
|
requirements:
|
88
88
|
- - "~>"
|
89
89
|
- !ruby/object:Gem::Version
|
90
|
-
version: '
|
90
|
+
version: '6.0'
|
91
91
|
type: :development
|
92
92
|
prerelease: false
|
93
93
|
version_requirements: !ruby/object:Gem::Requirement
|
94
94
|
requirements:
|
95
95
|
- - "~>"
|
96
96
|
- !ruby/object:Gem::Version
|
97
|
-
version: '
|
97
|
+
version: '6.0'
|
98
98
|
- !ruby/object:Gem::Dependency
|
99
99
|
name: byebug
|
100
100
|
requirement: !ruby/object:Gem::Requirement
|
@@ -115,14 +115,14 @@ dependencies:
|
|
115
115
|
requirements:
|
116
116
|
- - "~>"
|
117
117
|
- !ruby/object:Gem::Version
|
118
|
-
version: '1.
|
118
|
+
version: '1.3'
|
119
119
|
type: :development
|
120
120
|
prerelease: false
|
121
121
|
version_requirements: !ruby/object:Gem::Requirement
|
122
122
|
requirements:
|
123
123
|
- - "~>"
|
124
124
|
- !ruby/object:Gem::Version
|
125
|
-
version: '1.
|
125
|
+
version: '1.3'
|
126
126
|
description: SCIM v2 support for Users and Groups in Ruby On Rails
|
127
127
|
email:
|
128
128
|
- dev@ripaglobal.com
|