scimitar 2.7.3 → 2.9.0

data/spec/apps/dummy/app/models/mock_user.rb

@@ -18,6 +18,7 @@ class MockUser < ActiveRecord::Base
     work_phone_number
     organization
     department
+    manager
     mock_groups
   }
 
@@ -48,6 +49,7 @@ class MockUser < ActiveRecord::Base
       externalId: :scim_uid,
       userName:   :username,
       password:   :password,
+      active:     :is_active,
       name:       {
         givenName:  :first_name,
         familyName: :last_name
@@ -80,8 +82,11 @@ class MockUser < ActiveRecord::Base
           }
         },
       ],
-      groups: [ # NB read-only, so no :find_with key
+      groups: [
         {
+          # Read-only, so no :find_with key. There's no 'class' specified here
+          # either, to help test the "/Schemas" endpoint's reflection code.
+          #
           list:  :mock_groups,
           using: {
             value:   :id,
@@ -89,13 +94,16 @@ class MockUser < ActiveRecord::Base
           }
         }
       ],
-      active: :is_active,
 
       # Custom extension schema - see configuration in
       # "spec/apps/dummy/config/initializers/scimitar.rb".
       #
       organization: :organization,
       department:   :department,
+      primaryEmail: :scim_primary_email,
+
+      manager:      :manager,
+
       userGroups: [
         {
           list:      :mock_groups,
@@ -124,9 +132,16 @@ class MockUser < ActiveRecord::Base
       'groups.value'      => { column: MockGroup.arel_table[:id] },
       'emails'            => { columns: [ :work_email_address, :home_email_address ] },
       'emails.value'      => { columns: [ :work_email_address, :home_email_address ] },
-      'emails.type'       => { ignore: true } # We can't filter on that; it'll just search all e-mails
+      'emails.type'       => { ignore: true }, # We can't filter on that; it'll just search all e-mails
+      'primaryEmail'      => { column: :scim_primary_email },
     }
   end
 
+  # Custom attribute reader
+  #
+  def scim_primary_email
+    work_email_address
+  end
+
   include Scimitar::Resources::Mixin
 end

data/spec/apps/dummy/config/initializers/scimitar.rb

@@ -33,10 +33,13 @@ Rails.application.config.to_prepare do
 
   module ScimSchemaExtensions
     module User
+
+      # This "looks like" part of the standard Enterprise extension.
+      #
       class Enterprise < Scimitar::Schema::Base
         def initialize(options = {})
           super(
-            name:            'ExtendedUser',
+            name:            'EnterpriseExtendedUser',
             description:     'Enterprise extension for a User',
             id:              self.class.id,
             scim_attributes: self.class.scim_attributes
@@ -50,7 +53,32 @@ Rails.application.config.to_prepare do
         def self.scim_attributes
           [
             Scimitar::Schema::Attribute.new(name: 'organization', type: 'string'),
-            Scimitar::Schema::Attribute.new(name: 'department',   type: 'string')
+            Scimitar::Schema::Attribute.new(name: 'department',   type: 'string'),
+            Scimitar::Schema::Attribute.new(name: 'primaryEmail', type: 'string'),
+          ]
+        end
+      end
+
+      # In https://github.com/RIPAGlobal/scimitar/issues/122 we learn that with
+      # more than one extension, things can go wrong - so now we test with two.
+      #
+      class Manager < Scimitar::Schema::Base
+        def initialize(options = {})
+          super(
+            name:            'ManagementExtendedUser',
+            description:     'Management extension for a User',
+            id:              self.class.id,
+            scim_attributes: self.class.scim_attributes
+          )
+        end
+
+        def self.id
+          'urn:ietf:params:scim:schemas:extension:manager:1.0:User'
+        end
+
+        def self.scim_attributes
+          [
+            Scimitar::Schema::Attribute.new(name: 'manager', type: 'string')
           ]
         end
       end
@@ -58,4 +86,5 @@ Rails.application.config.to_prepare do
   end
 
   Scimitar::Resources::User.extend_schema ScimSchemaExtensions::User::Enterprise
+  Scimitar::Resources::User.extend_schema ScimSchemaExtensions::User::Manager
 end

data/spec/apps/dummy/db/migrate/20210304014602_create_mock_users.rb

@@ -19,6 +19,7 @@ class CreateMockUsers < ActiveRecord::Migration[6.1]
       #
       t.text :organization
       t.text :department
+      t.text :manager
     end
   end
 end

data/spec/apps/dummy/db/schema.rb

@@ -41,6 +41,7 @@ ActiveRecord::Schema[7.1].define(version: 2021_03_08_044214) do
     t.text "work_phone_number"
     t.text "organization"
     t.text "department"
+    t.text "manager"
   end
 
   add_foreign_key "mock_groups_users", "mock_groups"

data/spec/controllers/scimitar/schemas_controller_spec.rb

@@ -10,74 +10,362 @@ RSpec.describe Scimitar::SchemasController do
       super
     end
   end
+
   context '#index' do
-    it 'returns a collection of supported schemas' do
-      get :index, params: { format: :scim }
-      expect(response).to be_ok
-      parsed_body = JSON.parse(response.body)
-      expect(parsed_body.length).to eql(3)
-      schema_names = parsed_body.map {|schema| schema['name']}
-      expect(schema_names).to match_array(['User', 'ExtendedUser', 'Group'])
-    end
+    shared_examples 'a Schema list which' do
+      it 'returns a valid ListResponse' do
+        get :index, params: { format: :scim }
+        expect(response).to be_ok
 
-    it 'returns only the User schema when its id is provided' do
-      get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
-      expect(response).to be_ok
-      parsed_body = JSON.parse(response.body)
-      expect(parsed_body['name']).to eql('User')
-    end
+        parsed_body  = JSON.parse(response.body)
+        schema_count = parsed_body['Resources']&.size
 
-    it 'includes the controller customised schema location' do
-      get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
-      expect(response).to be_ok
-      parsed_body = JSON.parse(response.body)
-      expect(parsed_body.dig('meta', 'location')).to eq scim_schemas_url(name: Scimitar::Schema::User.id, test: 1)
-    end
+        expect(parsed_body['schemas'     ]).to match_array(['urn:ietf:params:scim:api:messages:2.0:ListResponse'])
+        expect(parsed_body['totalResults']).to eql(schema_count)
+        expect(parsed_body['itemsPerPage']).to eql(schema_count)
+        expect(parsed_body['startIndex'  ]).to eql(1)
+      end
+
+      it 'returns a collection of supported schemas' do
+        get :index, params: { format: :scim }
+        expect(response).to be_ok
+
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body['Resources']&.size).to eql(4)
+
+        schema_names = parsed_body['Resources'].map {|schema| schema['name']}
+        expect(schema_names).to match_array(['User', 'EnterpriseExtendedUser', 'ManagementExtendedUser', 'Group'])
+      end
+
+      it 'returns only the User schema when its ID is provided' do
+        get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
+        expect(response).to be_ok
 
-    it 'returns only the Group schema when its id is provided' do
-      get :index, params: { name: Scimitar::Schema::Group.id, format: :scim }
-      expect(response).to be_ok
-      parsed_body = JSON.parse(response.body)
-      expect(parsed_body['name']).to eql('Group')
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body.dig('Resources', 0, 'name')).to eql('User')
+      end
+
+      it 'includes the controller customised schema location' do
+        get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
+        expect(response).to be_ok
+
+        parsed_body = JSON.parse(response.body)
+        expect(parsed_body.dig('Resources', 0, 'meta', 'location')).to eq scim_schemas_url(name: Scimitar::Schema::User.id, test: 1)
+      end
+
+      it 'returns only the Group schema when its ID is provided' do
+        get :index, params: { name: Scimitar::Schema::Group.id, format: :scim }
+        expect(response).to be_ok
+
+        parsed_body = JSON.parse(response.body)
+
+        expect(parsed_body['Resources'   ]&.size).to eql(1)
+        expect(parsed_body['totalResults']      ).to eql(1)
+        expect(parsed_body['itemsPerPage']      ).to eql(1)
+        expect(parsed_body['startIndex'  ]      ).to eql(1)
+
+        expect(parsed_body.dig('Resources', 0, 'name')).to eql('Group')
+      end
     end
 
-    context 'with custom resource types' do
-      around :each do | example |
-        example.run()
-      ensure
-        Scimitar::Engine.reset_custom_resources
+    context 'with default engine configuration of schema_list_from_attribute_mappings undefined' do
+      it_behaves_like 'a Schema list which'
+
+      it 'returns all attributes' do
+        get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
+        expect(response).to be_ok
+
+        parsed_body = JSON.parse(response.body)
+        user_attrs  = parsed_body['Resources'].find { | r | r['name'] == 'User' }
+
+        expect(user_attrs['attributes'].find { | a | a['name'] == 'ims'              }).to be_present
+        expect(user_attrs['attributes'].find { | a | a['name'] == 'entitlements'     }).to be_present
+        expect(user_attrs['attributes'].find { | a | a['name'] == 'x509Certificates' }).to be_present
+
+        name_attr = user_attrs['attributes'].find { | a | a['name'] == 'name' }
+
+        expect(name_attr['subAttributes'].find { | s | s['name'] == 'honorificPrefix' }).to be_present
+        expect(name_attr['subAttributes'].find { | s | s['name'] == 'honorificSuffix' }).to be_present
       end
 
-      it 'returns only the License schemas when its id is provided' do
-        license_schema = Class.new(Scimitar::Schema::Base) do
-          def initialize(options = {})
-          super(name: 'License',
-                id: self.class.id,
-                description: 'Represents a License')
-          end
-          def self.id
-            'License'
+      context 'with custom resource types' do
+        around :each do | example |
+          example.run()
+        ensure
+          Scimitar::Engine.reset_custom_resources
+        end
+
+        it 'returns only the License schemas when its ID is provided' do
+          license_schema = Class.new(Scimitar::Schema::Base) do
+            def initialize(options = {})
+              super(name: 'License', id: self.class.id(), description: 'Represents a License')
+            end
+            def self.id; 'urn:ietf:params:scim:schemas:license'; end
+            def self.scim_attributes; []; end
           end
-          def self.scim_attributes
-            []
+
+          license_resource = Class.new(Scimitar::Resources::Base) do
+            set_schema(license_schema)
+            def self.endpoint; '/License'; end
           end
+
+          Scimitar::Engine.add_custom_resource(license_resource)
+
+          get :index, params: { name: license_schema.id, format: :scim }
+          expect(response).to be_ok
+
+          parsed_body = JSON.parse(response.body)
+          expect(parsed_body.dig('Resources', 0, 'name')).to eql('License')
         end
+      end # "context 'with custom resource types' do"
+    end # "context 'with default engine configuration of schema_list_from_attribute_mappings undefined' do"
 
-        license_resource = Class.new(Scimitar::Resources::Base) do
-          set_schema license_schema
-          def self.endopint
-            '/Gaga'
-          end
+    context 'with engine configuration of schema_list_from_attribute_mappings set' do
+      context 'standard resources' do
+        around :each do | example |
+          old_config = Scimitar.engine_configuration.schema_list_from_attribute_mappings
+          Scimitar.engine_configuration.schema_list_from_attribute_mappings = [
+            MockUser,
+            MockGroup
+          ]
+          example.run()
+        ensure
+          Scimitar.engine_configuration.schema_list_from_attribute_mappings = old_config
         end
 
-        Scimitar::Engine.add_custom_resource(license_resource)
+        it_behaves_like 'a Schema list which'
 
-        get :index, params: { name: license_schema.id, format: :scim }
-        expect(response).to be_ok
-        parsed_body = JSON.parse(response.body)
-        expect(parsed_body['name']).to eql('License')
+        it 'returns only mapped attributes' do
+          get :index, params: { name: Scimitar::Schema::User.id, format: :scim }
+          expect(response).to be_ok
+
+          parsed_body   = JSON.parse(response.body)
+          user_attrs    = parsed_body['Resources'].find { | r | r['name'] == 'User'     }
+          password_attr = user_attrs['attributes'].find { | a | a['name'] == 'password' }
+
+          expect(password_attr['mutability']).to eql('writeOnly')
+
+          expect(user_attrs['attributes'].find { | a | a['name'] == 'ims'              }).to_not be_present
+          expect(user_attrs['attributes'].find { | a | a['name'] == 'entitlements'     }).to_not be_present
+          expect(user_attrs['attributes'].find { | a | a['name'] == 'x509Certificates' }).to_not be_present
+
+          name_attr = user_attrs['attributes'].find { | a | a['name'] == 'name' }
+
+          expect(name_attr['subAttributes'].find { | s | s['name'] == 'givenName'       }).to     be_present
+          expect(name_attr['subAttributes'].find { | s | s['name'] == 'familyName'      }).to     be_present
+          expect(name_attr['subAttributes'].find { | s | s['name'] == 'honorificPrefix' }).to_not be_present
+          expect(name_attr['subAttributes'].find { | s | s['name'] == 'honorificSuffix' }).to_not be_present
+
+          emails_attr  =  user_attrs['attributes'   ].find { | a | a['name'] == 'emails'  }
+          value_attr   = emails_attr['subAttributes'].find { | a | a['name'] == 'value'   }
+          primary_attr = emails_attr['subAttributes'].find { | a | a['name'] == 'primary' }
+
+          expect(  value_attr['mutability']).to eql('readWrite')
+          expect(primary_attr['mutability']).to eql('readOnly')
+
+          expect(emails_attr['subAttributes'].find { | s | s['name'] == 'type'    }).to_not be_present
+          expect(emails_attr['subAttributes'].find { | s | s['name'] == 'display' }).to_not be_present
+
+          groups_attr  =  user_attrs['attributes'   ].find { | a | a['name'] == 'groups'  }
+          value_attr   = groups_attr['subAttributes'].find { | a | a['name'] == 'value'   }
+          display_attr = groups_attr['subAttributes'].find { | a | a['name'] == 'display' }
+
+          expect(  value_attr['mutability']).to eql('readOnly')
+          expect(display_attr['mutability']).to eql('readOnly')
+        end
       end
-    end
-  end
-end
 
+      context 'with custom resource types' do
+        let(:license_schema) {
+          Class.new(Scimitar::Schema::Base) do
+            def initialize(options = {})
+              super(
+                id:              self.class.id(),
+                name:            'License',
+                description:     'Represents a license',
+                scim_attributes: self.class.scim_attributes
+              )
+            end
+            def self.id; 'urn:ietf:params:scim:schemas:license'; end
+            def self.scim_attributes
+              [
+                Scimitar::Schema::Attribute.new(name: 'licenseNumber',  type: 'string'),
+                Scimitar::Schema::Attribute.new(name: 'licenseExpired', type: 'boolean', mutability: 'readOnly'),
+              ]
+            end
+          end
+        }
+
+        let(:license_resource) {
+          local_var_license_schema = license_schema()
+
+          Class.new(Scimitar::Resources::Base) do
+            set_schema(local_var_license_schema)
+            def self.endpoint; '/License'; end
+          end
+        }
+
+        let(:license_model_base) {
+          local_var_license_resource = license_resource()
+
+          Class.new do
+            singleton_class.class_eval do
+              define_method(:scim_resource_type) { local_var_license_resource }
+            end
+          end
+        }
+
+        around :each do | example |
+          old_config = Scimitar.engine_configuration.schema_list_from_attribute_mappings
+          Scimitar::Engine.add_custom_resource(license_resource())
+          example.run()
+        ensure
+          Scimitar.engine_configuration.schema_list_from_attribute_mappings = old_config
+          Scimitar::Engine.reset_custom_resources
+        end
+
+        context 'with an empty attribute map' do
+          it 'returns no attributes' do
+            license_model = Class.new(license_model_base()) do
+              attr_accessor :license_number
+
+              def self.scim_mutable_attributes; nil; end
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map; {}; end # Empty map
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+
+            expect(parsed_body.dig('Resources', 0, 'name'      )).to eql('License')
+            expect(parsed_body.dig('Resources', 0, 'attributes')).to be_empty
+          end
+        end # "context 'with an empty attribute map' do"
+
+        context 'with a defined attribute map' do
+          it 'returns only the License schemas when its ID is provided' do
+            license_model = Class.new(license_model_base()) do
+              attr_accessor :license_number
+
+              def self.scim_mutable_attributes; nil; end
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map # Simple map
+                { licenseNumber: :license_number }
+              end
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+
+            expect(parsed_body.dig('Resources', 0, 'name'                       )).to eql('License')
+            expect(parsed_body.dig('Resources', 0, 'attributes').size            ).to eql(1)
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'name'      )).to eql('licenseNumber')
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'mutability')).to eql('readWrite')
+          end
+        end # "context 'with a defined attribute map' do"
+
+        context 'with mutability overridden' do
+          it 'returns read-only when expected' do
+            license_model = Class.new(license_model_base()) do
+              attr_accessor :license_number
+
+              def self.scim_mutable_attributes; []; end # Note empty array, NOT "nil" - no mutable attributes
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map
+                { licenseNumber: :license_number }
+              end
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+
+            expect(parsed_body.dig('Resources', 0, 'name'                       )).to eql('License')
+            expect(parsed_body.dig('Resources', 0, 'attributes').size            ).to eql(1)
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'name'      )).to eql('licenseNumber')
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'mutability')).to eql('readOnly')
+          end
+
+          it 'returns write-only when expected' do
+            license_model = Class.new(license_model_base()) do
+              attr_writer :license_number # Writer only, no reader
+
+              def self.scim_mutable_attributes; nil; end
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map
+                { licenseNumber: :license_number }
+              end
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+
+            expect(parsed_body.dig('Resources', 0, 'name'                       )).to eql('License')
+            expect(parsed_body.dig('Resources', 0, 'attributes').size            ).to eql(1)
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'name'      )).to eql('licenseNumber')
+            expect(parsed_body.dig('Resources', 0, 'attributes', 0, 'mutability')).to eql('writeOnly')
+          end
+
+          it 'handles conflicts via reality-wins' do
+            license_model = Class.new(license_model_base()) do
+              def self.scim_mutable_attributes; [:licence_expired]; end
+              def self.scim_queryable_attributes; nil; end
+              def self.scim_attributes_map
+                { licenseNumber: :license_number, licenseExpired: :licence_expired }
+              end
+
+              include Scimitar::Resources::Mixin
+            end
+
+            Scimitar.engine_configuration.schema_list_from_attribute_mappings = [license_model]
+
+            get :index, params: { format: :scim }
+            expect(response).to be_ok
+
+            parsed_body = JSON.parse(response.body)
+            attributes  = parsed_body.dig('Resources', 0, 'attributes')
+
+            expect(parsed_body.dig('Resources', 0, 'name')).to eql('License')
+            expect(attributes.size).to eql(2)
+
+            number_attr = attributes.find { | a | a['name'] == 'licenseNumber'  }
+            expiry_attr = attributes.find { | a | a['name'] == 'licenseExpired' }
+
+            # Number attribute - no reader or writer, so code has to shrug and
+            # say "it's broken, so I'll quote the schema verbatim'.
+            #
+            # Expiry attribute - is read-only in schema, but we declare it as a
+            # writable attribute and provide no reader. This clashes badly; the
+            # schema read-only declaration is ignored in favour of reality.
+            #
+            expect(number_attr['mutability']).to eql('readWrite')
+            expect(expiry_attr['mutability']).to eql('writeOnly')
+          end
+        end # "context 'with mutability overridden' do"
+      end # "context 'with custom resource types' do"
+    end # "context 'with engine configuration of schema_list_from_attribute_mappings: true' do"
+  end # "context '#index' do
+end

data/spec/models/scimitar/lists/query_parser_spec.rb

@@ -60,6 +60,15 @@ RSpec.describe Scimitar::Lists::QueryParser do
       expect(%Q("O'Malley")).to eql(tree[2])
     end
 
+    it "extended attribute equals" do
+      @instance.parse(%Q(primaryEmail eq "foo@bar.com"))
+
+      rpn = @instance.rpn
+      expect('primaryEmail').to eql(rpn[0])
+      expect(%Q("foo@bar.com")).to eql(rpn[1])
+      expect('eq').to eql(rpn[2])
+    end
+
     it "user name starts with" do
       @instance.parse(%Q(userName sw "J"))
 
@@ -337,6 +346,67 @@ RSpec.describe Scimitar::Lists::QueryParser do
         result = @instance.send(:flatten_filter, 'emails[type eq "work" and value co "@example.com"    ] or userType eq "Admin" or ims[type eq "xmpp" and value co "@foo.com"]')
         expect(result).to eql('emails.type eq "work" and emails.value co "@example.com" or userType eq "Admin" or ims.type eq "xmpp" and ims.value co "@foo.com"')
       end
+
+      it 'handles an example previously described as unsupported in README.md' do
+        result = @instance.send(:flatten_filter, 'filter=userType eq "Employee" and emails[type eq "work" and value co "@example.com"]')
+        expect(result).to eql('filter=userType eq "Employee" and emails.type eq "work" and emails.value co "@example.com"')
+      end
+
+      # https://github.com/RIPAGlobal/scimitar/issues/116
+      #
+      context 'with schema IDs (GitHub issue #116)' do
+        it 'handles simple attributes' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeId eq "gsar"')
+          expect(result).to eql('employeeId eq "gsar"')
+        end
+
+        it 'handles dotted attribute paths' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:imaginary.path eq "gsar"')
+          expect(result).to eql('imaginary.path eq "gsar"')
+        end
+
+        it 'replaces all examples' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:employeeId eq "gsar" or urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:imaginary.path eq "gsar"')
+          expect(result).to eql('employeeId eq "gsar" or imaginary.path eq "gsar"')
+        end
+
+        it 'handles the square bracket form with schema ID at the root' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User[employeeId eq "gsar"')
+          expect(result).to eql('employeeId eq "gsar"')
+        end
+
+        it 'handles the square bracket form with schema ID and attribute at the root' do
+          result = @instance.send(:flatten_filter, 'urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:imaginary[path eq "gsar"')
+          expect(result).to eql('imaginary.path eq "gsar"')
+        end
+      end
+
+      # https://github.com/RIPAGlobal/scimitar/issues/115
+      #
+      context 'broken filters from Microsoft (GitHub issue #115)' do
+        it 'work with "eq"' do
+          result = @instance.send(:flatten_filter, 'emails[type eq "work"].value eq "foo@bar.com"')
+          expect(result).to eql('emails.type eq "work" and emails.value eq "foo@bar.com"')
+        end
+
+        it 'work with "ne"' do # (just check a couple of operators, not all!)
+          result = @instance.send(:flatten_filter, 'emails[type eq "work"].value ne "foo@bar.com"')
+          expect(result).to eql('emails.type eq "work" and emails.value ne "foo@bar.com"')
+        end
+
+        it 'preserve input case' do
+          result = @instance.send(:flatten_filter, 'emaiLs[TYPE eq "work"].valUE eq "FOO@bar.com"')
+          expect(result).to eql('emaiLs.TYPE eq "work" and emaiLs.valUE eq "FOO@bar.com"')
+        end
+
+        # At the time of writing, this was used in a "belt and braces" request
+        # spec in 'active_record_backed_resources_controller_spec.rb'.
+        #
+        it 'handles more complex, hypothetical cases' do
+          result = @instance.send(:flatten_filter, 'name[givenName eq "FOO"].familyName pr and emails ne "home_1@test.com"')
+          expect(result).to eql('name.givenName eq "FOO" and name.familyName pr and emails ne "home_1@test.com"')
+        end
+      end # "context 'broken filters from Microsoft' do"
     end # "context 'when flattening is needed' do"
 
     context 'with bad filters' do