scimitar 2.5.0 → 2.11.0

data/spec/apps/dummy/app/controllers/custom_save_mock_users_controller.rb

@@ -0,0 +1,24 @@
+# For tests only - uses custom 'save!' implementation which passes a block to
+# Scimitar::ActiveRecordBackedResourcesController#save!.
+#
+class CustomSaveMockUsersController < Scimitar::ActiveRecordBackedResourcesController
+
+  CUSTOM_SAVE_BLOCK_USERNAME_INDICATOR = 'Custom save-block invoked'
+
+  protected
+
+    def save!(_record)
+      super do | record |
+        record.update!(username: CUSTOM_SAVE_BLOCK_USERNAME_INDICATOR)
+      end
+    end
+
+    def storage_class
+      MockUser
+    end
+
+    def storage_scope
+      MockUser.all
+    end
+
+end

data/spec/apps/dummy/app/controllers/custom_update_mock_users_controller.rb

@@ -0,0 +1,25 @@
+# For tests only - uses custom 'update' implementation which passes a block to
+# Scimitar::ActiveRecordBackedResourcesController#create.
+#
+class CustomUpdateMockUsersController < Scimitar::ActiveRecordBackedResourcesController
+
+  OVERRIDDEN_NAME = SecureRandom.uuid
+
+  def update
+    super do | resource |
+      resource.first_name = OVERRIDDEN_NAME
+      resource.save!
+    end
+  end
+
+  protected
+
+    def storage_class
+      MockUser
+    end
+
+    def storage_scope
+      MockUser.all
+    end
+
+end

data/spec/apps/dummy/app/models/mock_user.rb

@@ -10,6 +10,7 @@ class MockUser < ActiveRecord::Base
     primary_key
     scim_uid
     username
+    password
     first_name
     last_name
     work_email_address
@@ -17,6 +18,7 @@ class MockUser < ActiveRecord::Base
     work_phone_number
     organization
     department
+    manager
     mock_groups
   }
 
@@ -46,6 +48,8 @@ class MockUser < ActiveRecord::Base
       id:         :primary_key,
       externalId: :scim_uid,
       userName:   :username,
+      password:   :password,
+      active:     :is_active,
       name:       {
         givenName:  :first_name,
         familyName: :last_name
@@ -78,8 +82,11 @@ class MockUser < ActiveRecord::Base
           }
         },
       ],
-      groups: [ # NB read-only, so no :find_with key
+      groups: [
         {
+          # Read-only, so no :find_with key. There's no 'class' specified here
+          # either, to help test the "/Schemas" endpoint's reflection code.
+          #
           list:  :mock_groups,
           using: {
             value:   :id,
@@ -87,13 +94,16 @@ class MockUser < ActiveRecord::Base
           }
         }
       ],
-      active: :is_active,
 
       # Custom extension schema - see configuration in
       # "spec/apps/dummy/config/initializers/scimitar.rb".
       #
       organization: :organization,
       department:   :department,
+      primaryEmail: :scim_primary_email,
+
+      manager:      :manager,
+
       userGroups: [
         {
           list:      :mock_groups,
@@ -122,9 +132,16 @@ class MockUser < ActiveRecord::Base
       'groups.value'      => { column: MockGroup.arel_table[:id] },
       'emails'            => { columns: [ :work_email_address, :home_email_address ] },
       'emails.value'      => { columns: [ :work_email_address, :home_email_address ] },
-      'emails.type'       => { ignore: true } # We can't filter on that; it'll just search all e-mails
+      'emails.type'       => { ignore: true }, # We can't filter on that; it'll just search all e-mails
+      'primaryEmail'      => { column: :scim_primary_email },
     }
   end
 
+  # Custom attribute reader
+  #
+  def scim_primary_email
+    work_email_address
+  end
+
   include Scimitar::Resources::Mixin
 end

data/spec/apps/dummy/config/application.rb

@@ -13,6 +13,14 @@ require 'scimitar'
 module Dummy
   class Application < Rails::Application
     config.load_defaults 7.0
+
+    # Silence the following under Rails 8.0:
+    #
+    # "DEPRECATION WARNING: `to_time` will always preserve the full timezone
+    # rather than offset of the receiver in Rails 8.1. To opt in to the new
+    # behavior, set `config.active_support.to_time_preserves_timezone = :zone`"
+    #
+    config.active_support.to_time_preserves_timezone = :zone
   end
 end
 

data/spec/apps/dummy/config/initializers/scimitar.rb

@@ -1,6 +1,6 @@
 # Test app configuration.
 #
-# Note that as a result of https://github.com/RIPAGlobal/scimitar/issues/48,
+# Note that as a result of https://github.com/pond/scimitar/issues/48,
 # tests include a custom extension of the core User schema. A shortcoming of
 # some of the code from which Scimitar was originally built is that those
 # extensions are done with class-level ivars, so it is largely impossible (or
@@ -19,16 +19,27 @@ Rails.application.config.to_prepare do
           before_action :test_hook
         end
       end
+
+      def scim_schemas_url(options)
+        super(test: 1, **options)
+      end
+
+      def scim_resource_type_url(options)
+        super(test: 1, **options)
+      end
     end
 
   })
 
   module ScimSchemaExtensions
     module User
+
+      # This "looks like" part of the standard Enterprise extension.
+      #
       class Enterprise < Scimitar::Schema::Base
         def initialize(options = {})
           super(
-            name:            'ExtendedUser',
+            name:            'EnterpriseExtendedUser',
             description:     'Enterprise extension for a User',
             id:              self.class.id,
             scim_attributes: self.class.scim_attributes
@@ -42,7 +53,32 @@ Rails.application.config.to_prepare do
         def self.scim_attributes
           [
             Scimitar::Schema::Attribute.new(name: 'organization', type: 'string'),
-            Scimitar::Schema::Attribute.new(name: 'department',   type: 'string')
+            Scimitar::Schema::Attribute.new(name: 'department',   type: 'string'),
+            Scimitar::Schema::Attribute.new(name: 'primaryEmail', type: 'string'),
+          ]
+        end
+      end
+
+      # In https://github.com/pond/scimitar/issues/122 we learn that with
+      # more than one extension, things can go wrong - so now we test with two.
+      #
+      class Manager < Scimitar::Schema::Base
+        def initialize(options = {})
+          super(
+            name:            'ManagementExtendedUser',
+            description:     'Management extension for a User',
+            id:              self.class.id,
+            scim_attributes: self.class.scim_attributes
+          )
+        end
+
+        def self.id
+          'urn:ietf:params:scim:schemas:extension:manager:1.0:User'
+        end
+
+        def self.scim_attributes
+          [
+            Scimitar::Schema::Attribute.new(name: 'manager', type: 'string')
           ]
         end
       end
@@ -50,4 +86,5 @@ Rails.application.config.to_prepare do
   end
 
   Scimitar::Resources::User.extend_schema ScimSchemaExtensions::User::Enterprise
+  Scimitar::Resources::User.extend_schema ScimSchemaExtensions::User::Manager
 end

data/spec/apps/dummy/config/routes.rb

@@ -17,10 +17,27 @@ Rails.application.routes.draw do
   get    'Groups/:id', to: 'mock_groups#show'
   patch  'Groups/:id', to: 'mock_groups#update'
 
-  # For testing blocks passed to ActiveRecordBackedResourcesController#destroy
+  # For testing blocks passed to ActiveRecordBackedResourcesController#create,
+  # #update, #replace and #destroy.
   #
+  post   'CustomCreateUsers',      to: 'custom_create_mock_users#create'
+  patch  'CustomUpdateUsers/:id',  to: 'custom_update_mock_users#update'
+  put    'CustomReplaceUsers/:id', to: 'custom_replace_mock_users#replace'
   delete 'CustomDestroyUsers/:id', to: 'custom_destroy_mock_users#destroy'
 
+  # Needed because the auto-render of most of the above includes a 'url_for'
+  # call for a 'show' action, so we must include routes (implemented in the
+  # base class) for the "show" endpoint.
+  #
+  get  'CustomCreateUsers/:id',  to: 'custom_create_mock_users#show'
+  get  'CustomUpdateUsers/:id',  to: 'custom_update_mock_users#show'
+  get  'CustomReplaceUsers/:id', to: 'custom_replace_mock_users#show'
+
+  # For testing blocks passed to ActiveRecordBackedResourcesController#save!
+  #
+  post 'CustomSaveUsers',     to: 'custom_save_mock_users#create'
+  get  'CustomSaveUsers/:id', to: 'custom_save_mock_users#show'
+
   # For testing environment inside Scimitar::ApplicationController subclasses.
   #
   get  'CustomRequestVerifiers', to: 'custom_request_verifiers#index'

data/spec/apps/dummy/db/migrate/20210304014602_create_mock_users.rb

@@ -7,6 +7,7 @@ class CreateMockUsers < ActiveRecord::Migration[6.1]
       #
       t.text :scim_uid
       t.text :username
+      t.text :password
       t.text :first_name
       t.text :last_name
       t.text :work_email_address
@@ -18,6 +19,7 @@ class CreateMockUsers < ActiveRecord::Migration[6.1]
       #
       t.text :organization
       t.text :department
+      t.text :manager
     end
   end
 end

data/spec/apps/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema[7.0].define(version: 2021_03_08_044214) do
+ActiveRecord::Schema[7.1].define(version: 2021_03_08_044214) do
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
@@ -33,6 +33,7 @@ ActiveRecord::Schema[7.0].define(version: 2021_03_08_044214) do
     t.datetime "updated_at", null: false
     t.text "scim_uid"
     t.text "username"
+    t.text "password"
     t.text "first_name"
     t.text "last_name"
     t.text "work_email_address"
@@ -40,6 +41,7 @@ ActiveRecord::Schema[7.0].define(version: 2021_03_08_044214) do
     t.text "work_phone_number"
     t.text "organization"
     t.text "department"
+    t.text "manager"
   end
 
   add_foreign_key "mock_groups_users", "mock_groups"

data/spec/controllers/scimitar/application_controller_spec.rb

@@ -24,7 +24,7 @@ RSpec.describe Scimitar::ApplicationController do
       get :index, params: { format: :scim }
       expect(response).to be_ok
       expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
-      expect(response.headers['WWW_AUTHENTICATE']).to eql('Basic')
+      expect(response.headers['WWW-Authenticate']).to eql('Basic')
     end
 
     it 'renders failure with bad password' do
@@ -84,7 +84,61 @@ RSpec.describe Scimitar::ApplicationController do
       get :index, params: { format: :scim }
       expect(response).to be_ok
       expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
-      expect(response.headers['WWW_AUTHENTICATE']).to eql('Bearer')
+      expect(response.headers['WWW-Authenticate']).to eql('Bearer')
+    end
+
+    it 'renders failure with bad token' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer Invalid'
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with blank token' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer'
+
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+
+    it 'renders failure with missing header' do
+      get :index, params: { format: :scim }
+      expect(response).not_to be_ok
+    end
+  end
+
+  context 'authenticator evaluated within controller context' do
+
+    # Define a controller with a custom instance method 'valid_token'.
+    #
+    controller do
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+
+      def valid_token
+        'B'
+      end
+    end
+
+    # Call the above controller method from the token authenticator Proc,
+    # proving that it was executed in the controller's context.
+    #
+    before do
+      Scimitar.engine_configuration = Scimitar::EngineConfiguration.new(
+        token_authenticator: Proc.new do | token, options |
+          token == self.valid_token()
+        end
+      )
+    end
+
+    it 'renders success when valid creds are given' do
+      request.env['HTTP_AUTHORIZATION'] = 'Bearer B'
+
+      get :index, params: { format: :scim }
+      expect(response).to be_ok
+      expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+      expect(response.headers['WWW-Authenticate']).to eql('Bearer')
     end
 
     it 'renders failure with bad token' do

data/spec/controllers/scimitar/resource_types_controller_spec.rb

@@ -9,11 +9,15 @@ RSpec.describe Scimitar::ResourceTypesController do
     it 'renders the resource type for user' do
       get :index, format: :scim
       response_hash = JSON.parse(response.body)
-      expected_response = [ Scimitar::Resources::User.resource_type(scim_resource_type_url(name: 'User')),
-                            Scimitar::Resources::Group.resource_type(scim_resource_type_url(name: 'Group'))
-      ].to_json
+      expected_response = {
+        schemas: ['urn:ietf:params:scim:api:messages:2.0:ListResponse'],
+        totalResults: 2,
+        Resources: [
+          Scimitar::Resources::User.resource_type(scim_resource_type_url(name: 'User', test: 1)),
+          Scimitar::Resources::Group.resource_type(scim_resource_type_url(name: 'Group', test: 1))
+        ]
+      }.to_json
 
-      response_hash = JSON.parse(response.body)
       expect(response_hash).to eql(JSON.parse(expected_response))
     end