scimitar 2.5.0 → 2.11.0

data/spec/controllers/scimitar/schemas_controller_spec.rb

@@ -1,6 +1,7 @@
 require 'spec_helper'
 
 RSpec.describe Scimitar::SchemasController do
+  routes { Scimitar::Engine.routes }
 
   before(:each) { allow(controller).to receive(:authenticated?).and_return(true) }
 
@@ -9,67 +10,362 @@ RSpec.describe Scimitar::SchemasController do
       super
     end
   end
+
   context '#index' do
-    it 'returns a collection of supported schemas' do
-      get :index, params: { format: :scim }
-      expect(response).to be_ok
-      parsed_body = JSON.parse(response.body)
-      expect(parsed_body.length).to eql(3)
-      schema_names = parsed_body.map {|schema| schema['name']}
-      expect(schema_names).to match_array(['User', 'ExtendedUser', 'Group'])
-    end
+    shared_examples 'a Schema list which' do
+      it 'returns a valid ListResponse' do
+        get :index, params: { format: :scim }
+        expect(response).to be_ok
 
-    it 'returns only the User schema when its id is provided' do
-      get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
-      expect(response).to be_ok
-      parsed_body = JSON.parse(response.body)
-      expect(parsed_body['name']).to eql('User')
-    end
+        parsed_body  = JSON.parse(response.body)
+        schema_count = parsed_body['Resources']&.size
+
+        expect(parsed_body['schemas'     ]).to match_array(['urn:ietf:params:scim:api:messages:2.0:ListResponse'])
+        expect(parsed_body['totalResults']).to eql(schema_count)
+        expect(parsed_body['itemsPerPage']).to eql(schema_count)
+        expect(parsed_body['startIndex'  ]).to eql(1)
+      end
+
+      it 'returns a collection of supported schemas' do
+        get :index, params: { format: :scim }
+        expect(response).to be_ok
+
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body['Resources']&.size).to eql(4)
+
+        schema_names = parsed_body['Resources'].map {|schema| schema['name']}
+        expect(schema_names).to match_array(['User', 'EnterpriseExtendedUser', 'ManagementExtendedUser', 'Group'])
+      end
+
+      it 'returns only the User schema when its ID is provided' do
+        get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
+        expect(response).to be_ok
 
-    it 'returns only the Group schema when its id is provided' do
-      get :index, params: { name: Scimitar::Schema::Group.id, format: :scim }
-      expect(response).to be_ok
-      parsed_body = JSON.parse(response.body)
-      expect(parsed_body['name']).to eql('Group')
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body.dig('Resources', 0, 'name')).to eql('User')
+      end
+
+      it 'includes the controller customised schema location' do
+        get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
+        expect(response).to be_ok
+
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body.dig('Resources', 0, 'meta', 'location')).to eq scim_schemas_url(name: Scimitar::Schema::User.id, test: 1)
+      end
+
+      it 'returns only the Group schema when its ID is provided' do
+        get :index, params: { name: Scimitar::Schema::Group.id, format: :scim }
+        expect(response).to be_ok
+
+        parsed_body = JSON.parse(response.body)
+
+        expect(parsed_body['Resources'   ]&.size).to eql(1)
+        expect(parsed_body['totalResults']      ).to eql(1)
+        expect(parsed_body['itemsPerPage']      ).to eql(1)
+        expect(parsed_body['startIndex'  ]      ).to eql(1)
+
+        expect(parsed_body.dig('Resources', 0, 'name')).to eql('Group')
+      end
     end
 
-    context 'with custom resource types' do
-      around :each do | example |
-        example.run()
-      ensure
-        Scimitar::Engine.reset_custom_resources
+    context 'with default engine configuration of schema_list_from_attribute_mappings undefined' do
+      it_behaves_like 'a Schema list which'
+
+      it 'returns all attributes' do
+        get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
+        expect(response).to be_ok
+
+        parsed_body = JSON.parse(response.body)
+        user_attrs  = parsed_body['Resources'].find { | r | r['name'] == 'User' }
+
+        expect(user_attrs['attributes'].find { | a | a['name'] == 'ims'              }).to be_present
+        expect(user_attrs['attributes'].find { | a | a['name'] == 'entitlements'     }).to be_present
+        expect(user_attrs['attributes'].find { | a | a['name'] == 'x509Certificates' }).to be_present
+
+        name_attr = user_attrs['attributes'].find { | a | a['name'] == 'name' }
+
+        expect(name_attr['subAttributes'].find { | s | s['name'] == 'honorificPrefix' }).to be_present
+        expect(name_attr['subAttributes'].find { | s | s['name'] == 'honorificSuffix' }).to be_present
       end
 
-      it 'returns only the License schemas when its id is provided' do
-        license_schema = Class.new(Scimitar::Schema::Base) do
-          def initialize(options = {})
-          super(name: 'License',
-                id: self.class.id,
-                description: 'Represents a License')
-          end
-          def self.id
-            'License'
+      context 'with custom resource types' do
+        around :each do | example |
+          example.run()
+        ensure
+          Scimitar::Engine.reset_custom_resources
+        end
+
+        it 'returns only the License schemas when its ID is provided' do
+          license_schema = Class.new(Scimitar::Schema::Base) do
+            def initialize(options = {})
+              super(name: 'License', id: self.class.id(), description: 'Represents a License')
+            end
+            def self.id; 'urn:ietf:params:scim:schemas:license'; end
+            def self.scim_attributes; []; end
           end
-          def self.scim_attributes
-            []
+
+          license_resource = Class.new(Scimitar::Resources::Base) do
+            set_schema(license_schema)
+            def self.endpoint; '/License'; end
           end
+
+          Scimitar::Engine.add_custom_resource(license_resource)
+
+          get :index, params: { name: license_schema.id, format: :scim }
+          expect(response).to be_ok
+
+          parsed_body = JSON.parse(response.body)
+          expect(parsed_body.dig('Resources', 0, 'name')).to eql('License')
         end
+      end # "context 'with custom resource types' do"
+    end # "context 'with default engine configuration of schema_list_from_attribute_mappings undefined' do"
 
-        license_resource = Class.new(Scimitar::Resources::Base) do
-          set_schema license_schema
-          def self.endopint
-            '/Gaga'
-          end
+    context 'with engine configuration of schema_list_from_attribute_mappings set' do
+      context 'standard resources' do
+        around :each do | example |
+          old_config = Scimitar.engine_configuration.schema_list_from_attribute_mappings
+          Scimitar.engine_configuration.schema_list_from_attribute_mappings = [
+            MockUser,
+            MockGroup
+          ]
+          example.run()
+        ensure
+          Scimitar.engine_configuration.schema_list_from_attribute_mappings = old_config
         end
 
-        Scimitar::Engine.add_custom_resource(license_resource)
+        it_behaves_like 'a Schema list which'
 
-        get :index, params: { name: license_schema.id, format: :scim }
-        expect(response).to be_ok
-        parsed_body = JSON.parse(response.body)
-        expect(parsed_body['name']).to eql('License')
+        it 'returns only mapped attributes' do
+          get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
+          expect(response).to be_ok
+
+          parsed_body   = JSON.parse(response.body)
+          user_attrs    = parsed_body['Resources'].find { | r | r['name'] == 'User'     }
+          password_attr = user_attrs['attributes'].find { | a | a['name'] == 'password' }
+
+          expect(password_attr['mutability']).to eql('writeOnly')
+
+          expect(user_attrs['attributes'].find { | a | a['name'] == 'ims'              }).to_not be_present
+          expect(user_attrs['attributes'].find { | a | a['name'] == 'entitlements'     }).to_not be_present
+          expect(user_attrs['attributes'].find { | a | a['name'] == 'x509Certificates' }).to_not be_present
+
+          name_attr = user_attrs['attributes'].find { | a | a['name'] == 'name' }
+
+          expect(name_attr['subAttributes'].find { | s | s['name'] == 'givenName'       }).to     be_present
+          expect(name_attr['subAttributes'].find { | s | s['name'] == 'familyName'      }).to     be_present
+          expect(name_attr['subAttributes'].find { | s | s['name'] == 'honorificPrefix' }).to_not be_present
+          expect(name_attr['subAttributes'].find { | s | s['name'] == 'honorificSuffix' }).to_not be_present
+
+          emails_attr  =  user_attrs['attributes'   ].find { | a | a['name'] == 'emails'  }
+          value_attr   = emails_attr['subAttributes'].find { | a | a['name'] == 'value'   }
+          primary_attr = emails_attr['subAttributes'].find { | a | a['name'] == 'primary' }
+
+          expect(  value_attr['mutability']).to eql('readWrite')
+          expect(primary_attr['mutability']).to eql('readOnly')
+
+          expect(emails_attr['subAttributes'].find { | s | s['name'] == 'type'    }).to_not be_present
+          expect(emails_attr['subAttributes'].find { | s | s['name'] == 'display' }).to_not be_present
+
+          groups_attr  =  user_attrs['attributes'   ].find { | a | a['name'] == 'groups'  }
+          value_attr   = groups_attr['subAttributes'].find { | a | a['name'] == 'value'   }
+          display_attr = groups_attr['subAttributes'].find { | a | a['name'] == 'display' }
+
+          expect(  value_attr['mutability']).to eql('readOnly')
+          expect(display_attr['mutability']).to eql('readOnly')
+        end
       end
-    end
-  end
-end
 
+      context 'with custom resource types' do
+        let(:license_schema) {
+          Class.new(Scimitar::Schema::Base) do
+            def initialize(options = {})
+              super(
+                id:              self.class.id(),
+                name:            'License',
+                description:     'Represents a license',
+                scim_attributes: self.class.scim_attributes
+              )
+            end
+            def self.id; 'urn:ietf:params:scim:schemas:license'; end
+            def self.scim_attributes
+              [
+                Scimitar::Schema::Attribute.new(name: 'licenseNumber',  type: 'string'),
+                Scimitar::Schema::Attribute.new(name: 'licenseExpired', type: 'boolean', mutability: 'readOnly'),
+              ]
+            end
+          end
+        }
+
+        let(:license_resource) {
+          local_var_license_schema = license_schema()
+
+          Class.new(Scimitar::Resources::Base) do
+            set_schema(local_var_license_schema)
+            def self.endpoint; '/License'; end
+          end
+        }
+
+        let(:license_model_base) {
+          local_var_license_resource = license_resource()
+
+          Class.new do
+            singleton_class.class_eval do
+              define_method(:scim_resource_type) { local_var_license_resource }
+            end
+          end
+        }
+
+        around :each do | example |
+          old_config = Scimitar.engine_configuration.schema_list_from_attribute_mappings
+          Scimitar::Engine.add_custom_resource(license_resource())
+          example.run()
+        ensure
+          Scimitar.engine_configuration.schema_list_from_attribute_mappings = old_config
+          Scimitar::Engine.reset_custom_resources
+        end
+
+        context 'with an empty attribute map' do
+          it 'returns no attributes' do
+            license_model = Class.new(license_model_base()) do
+              attr_accessor :license_number
+
+              def self.scim_mutable_attributes; nil; end
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map; {}; end # Empty map
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+
+            expect(parsed_body.dig('Resources', 0, 'name'      )).to eql('License')
+            expect(parsed_body.dig('Resources', 0, 'attributes')).to be_empty
+          end
+        end # "context 'with an empty attribute map' do"
+
+        context 'with a defined attribute map' do
+          it 'returns only the License schemas when its ID is provided' do
+            license_model = Class.new(license_model_base()) do
+              attr_accessor :license_number
+
+              def self.scim_mutable_attributes; nil; end
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map # Simple map
+                { licenseNumber: :license_number }
+              end
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+
+            expect(parsed_body.dig('Resources', 0, 'name'                       )).to eql('License')
+            expect(parsed_body.dig('Resources', 0, 'attributes').size            ).to eql(1)
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'name'      )).to eql('licenseNumber')
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'mutability')).to eql('readWrite')
+          end
+        end # "context 'with a defined attribute map' do"
+
+        context 'with mutability overridden' do
+          it 'returns read-only when expected' do
+            license_model = Class.new(license_model_base()) do
+              attr_accessor :license_number
+
+              def self.scim_mutable_attributes; []; end # Note empty array, NOT "nil" - no mutable attributes
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map
+                { licenseNumber: :license_number }
+              end
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+
+            expect(parsed_body.dig('Resources', 0, 'name'                       )).to eql('License')
+            expect(parsed_body.dig('Resources', 0, 'attributes').size            ).to eql(1)
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'name'      )).to eql('licenseNumber')
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'mutability')).to eql('readOnly')
+          end
+
+          it 'returns write-only when expected' do
+            license_model = Class.new(license_model_base()) do
+              attr_writer :license_number # Writer only, no reader
+
+              def self.scim_mutable_attributes; nil; end
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map
+                { licenseNumber: :license_number }
+              end
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+
+            expect(parsed_body.dig('Resources', 0, 'name'                       )).to eql('License')
+            expect(parsed_body.dig('Resources', 0, 'attributes').size            ).to eql(1)
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'name'      )).to eql('licenseNumber')
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'mutability')).to eql('writeOnly')
+          end
+
+          it 'handles conflicts via reality-wins' do
+            license_model = Class.new(license_model_base()) do
+              def self.scim_mutable_attributes; [:licence_expired]; end
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map
+                { licenseNumber: :license_number, licenseExpired: :licence_expired }
+              end
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+            attributes  = parsed_body.dig('Resources', 0, 'attributes')
+
+            expect(parsed_body.dig('Resources', 0, 'name')).to eql('License')
+            expect(attributes.size).to eql(2)
+
+            number_attr = attributes.find { | a | a['name'] == 'licenseNumber'  }
+            expiry_attr = attributes.find { | a | a['name'] == 'licenseExpired' }
+
+            # Number attribute - no reader or writer, so code has to shrug and
+            # say "it's broken, so I'll quote the schema verbatim'.
+            #
+            # Expiry attribute - is read-only in schema, but we declare it as a
+            # writable attribute and provide no reader. This clashes badly; the
+            # schema read-only declaration is ignored in favour of reality.
+            #
+            expect(number_attr['mutability']).to eql('readWrite')
+            expect(expiry_attr['mutability']).to eql('writeOnly')
+          end
+        end # "context 'with mutability overridden' do"
+      end # "context 'with custom resource types' do"
+    end # "context 'with engine configuration of schema_list_from_attribute_mappings: true' do"
+  end # "context '#index' do
+end

data/spec/controllers/scimitar/service_provider_configurations_controller_spec.rb

@@ -15,6 +15,7 @@ RSpec.describe Scimitar::ServiceProviderConfigurationsController do
 
       expect(response).to be_ok
       expect(JSON.parse(response.body)).to include('patch' => {'supported' => true})
+      expect(JSON.parse(response.body)).to_not include('uses_defaults' => true)
       expect(JSON.parse(response.body)).to include('filter' => {'maxResults' => Scimitar::Filter::MAX_RESULTS_DEFAULT, 'supported' => true})
     end
   end

data/spec/models/scimitar/complex_types/address_spec.rb

@@ -2,8 +2,8 @@ require 'spec_helper'
 
 RSpec.describe Scimitar::ComplexTypes::Address do
   context '#as_json' do
-    it 'assumes a type of "work" as a default' do
-      expect(described_class.new.as_json).to eq('type' => 'work')
+    it 'assumes no defaults' do
+      expect(described_class.new.as_json).to eq({})
     end
 
     it 'allows a custom address type' do
@@ -11,9 +11,8 @@ RSpec.describe Scimitar::ComplexTypes::Address do
     end
 
     it 'shows the set address' do
-      expect(described_class.new(country: 'NZ').as_json).to eq('type' => 'work', 'country' => 'NZ')
+      expect(described_class.new(country: 'NZ').as_json).to eq('country' => 'NZ')
     end
   end
 
 end
-

data/spec/models/scimitar/lists/query_parser_spec.rb

@@ -60,6 +60,15 @@ RSpec.describe Scimitar::Lists::QueryParser do
       expect(%Q("O'Malley")).to eql(tree[2])
     end
 
+    it "extended attribute equals" do
+      @instance.parse(%Q(primaryEmail eq "foo@bar.com"))
+
+      rpn = @instance.rpn
+      expect('primaryEmail').to eql(rpn[0])
+      expect(%Q("foo@bar.com")).to eql(rpn[1])
+      expect('eq').to eql(rpn[2])
+    end
+
     it "user name starts with" do
       @instance.parse(%Q(userName sw "J"))
 
@@ -337,6 +346,67 @@ RSpec.describe Scimitar::Lists::QueryParser do
         result = @instance.send(:flatten_filter, 'emails[type eq "work" and value co "@example.com"    ] or userType eq "Admin" or ims[type eq "xmpp" and value co "@foo.com"]')
         expect(result).to eql('emails.type eq "work" and emails.value co "@example.com" or userType eq "Admin" or ims.type eq "xmpp" and ims.value co "@foo.com"')
       end
+
+      it 'handles an example previously described as unsupported in README.md' do
+        result = @instance.send(:flatten_filter, 'filter=userType eq "Employee" and emails[type eq "work" and value co "@example.com"]')
+        expect(result).to eql('filter=userType eq "Employee" and emails.type eq "work" and emails.value co "@example.com"')
+      end
+
+      # https://github.com/pond/scimitar/issues/116
+      #
+      context 'with schema IDs (GitHub issue #116)' do
+        it 'handles simple attributes' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeId eq "gsar"')
+          expect(result).to eql('employeeId eq "gsar"')
+        end
+
+        it 'handles dotted attribute paths' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:imaginary.path eq "gsar"')
+          expect(result).to eql('imaginary.path eq "gsar"')
+        end
+
+        it 'replaces all examples' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeId eq "gsar" or urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:imaginary.path eq "gsar"')
+          expect(result).to eql('employeeId eq "gsar" or imaginary.path eq "gsar"')
+        end
+
+        it 'handles the square bracket form with schema ID at the root' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User[employeeId eq "gsar"')
+          expect(result).to eql('employeeId eq "gsar"')
+        end
+
+        it 'handles the square bracket form with schema ID and attribute at the root' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:imaginary[path eq "gsar"')
+          expect(result).to eql('imaginary.path eq "gsar"')
+        end
+      end
+
+      # https://github.com/pond/scimitar/issues/115
+      #
+      context 'broken filters from Microsoft (GitHub issue #115)' do
+        it 'work with "eq"' do
+          result = @instance.send(:flatten_filter, 'emails[type eq "work"].value eq "foo@bar.com"')
+          expect(result).to eql('emails.type eq "work" and emails.value eq "foo@bar.com"')
+        end
+
+        it 'work with "ne"' do # (just check a couple of operators, not all!)
+          result = @instance.send(:flatten_filter, 'emails[type eq "work"].value ne "foo@bar.com"')
+          expect(result).to eql('emails.type eq "work" and emails.value ne "foo@bar.com"')
+        end
+
+        it 'preserve input case' do
+          result = @instance.send(:flatten_filter, 'emaiLs[TYPE eq "work"].valUE eq "FOO@bar.com"')
+          expect(result).to eql('emaiLs.TYPE eq "work" and emaiLs.valUE eq "FOO@bar.com"')
+        end
+
+        # At the time of writing, this was used in a "belt and braces" request
+        # spec in 'active_record_backed_resources_controller_spec.rb'.
+        #
+        it 'handles more complex, hypothetical cases' do
+          result = @instance.send(:flatten_filter, 'name[givenName eq "FOO"].familyName pr and emails ne "home_1@test.com"')
+          expect(result).to eql('name.givenName eq "FOO" and name.familyName pr and emails ne "home_1@test.com"')
+        end
+      end # "context 'broken filters from Microsoft' do"
     end # "context 'when flattening is needed' do"
 
     context 'with bad filters' do