scimitar 2.9.0 → 2.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '083949bb1e8b8d0afb8e62a87245a0f05189b05669e49eb8b5e3f8fa3af277e6'
-  data.tar.gz: 46a3f0af432f0980280ed8cc8f5c0309bc36f30c15673f9da650f8225f0f406d
+  metadata.gz: 8cb5109af12b712e491949d6627588dff6a4d70877253be26c4ee0af3b56c61e
+  data.tar.gz: 4271bb70e89fd17b97103073bc063de748e261b62b243fa0681b3e2934085f77
 SHA512:
-  metadata.gz: 6d10c2377f023f1b3201148bd57813296b1746d64e738838410045a128a10c980ac675c3a7474b56848d2cfe97ab2421d07bfa1ada5512890bfa08bfa2556f82
-  data.tar.gz: 5ff25a1f64a5bccf0ee2289223d31f8bc6b8636586bf09f1903e0b5824aed483d0dba60d9f7736bdc20c5c71ef6858ab38529eee6ff2e00aae20d0b18cb5d647
+  metadata.gz: aed187b7c9cc56fb1b0c3bae86b3274c6753078a71fb4fa6162776c056033edf19c085b830cfc3867acf7ab4e12732a6fe8100d758bd107840edd2e26c068aa0
+  data.tar.gz: f753d11931026a98c27d27525e88e512ee5a40d1920533243b352f6345ddb285de8efb38d6101afd360156b618365805c4a9bc440941701d7e9cd9cee5488810

data/LICENSE.txt

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2021 RIPA Global
+Copyright (c) 2024 RIPA Global
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -60,7 +60,7 @@ Scimitar is best used with Rails and ActiveRecord, but it can be used with other
 
 ### Authentication
 
-Noting the _Security_ section later - to set up an authentication method, create a `config/initializers/scimitar.rb` in your Rails application and define a token-based authenticator and/or a username-password authenticator in the [engine configuration section documented in the sample file](https://github.com/RIPAGlobal/scimitar/blob/main/config/initializers/scimitar.rb). For example:
+Noting the _Security_ section later - to set up an authentication method, create a `config/initializers/scimitar.rb` in your Rails application and define a token-based authenticator and/or a username-password authenticator in the [engine configuration section documented in the sample file](https://github.com/pond/scimitar/blob/main/config/initializers/scimitar.rb). For example:
 
 ```ruby
 Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
@@ -112,15 +112,19 @@ All routes then will be available at `https://.../scim_v2/...` via controllers y
 
 #### URL helpers
 
-Internally Scimitar always invokes URL helpers in the controller layer. I.e. any variable path parameters will be resolved by Rails automatically. If you need more control over the way URLs are generated you can override any URL helper by redefining it in the application controller mixin. See the [`application_controller_mixin` engine configuration option](https://github.com/RIPAGlobal/scimitar/blob/main/config/initializers/scimitar.rb).
+Internally Scimitar always invokes URL helpers in the controller layer. I.e. any variable path parameters will be resolved by Rails automatically. If you need more control over the way URLs are generated you can override any URL helper by redefining it in the application controller mixin. See the [`application_controller_mixin` engine configuration option](https://github.com/pond/scimitar/blob/main/config/initializers/scimitar.rb).
+
+#### Okta note
+
+Note that Okta has some [curious documentation on its use of `POST` vs `PATCH` for Groups](https://developer.okta.com/docs/api/openapi/okta-scim/guides/scim-20/#update-a-specific-group-name), which per [this Scimitar issue](https://github.com/pond/scimitar/issues/153#issuecomment-2468897194) has caused at least one person some trouble. Defining the routes for both verbs as shown above (though in that issue's case, it was for the Group resource) _does_ still seem to work, but take care if integrating with Okta to try and at least manually test, if not auto-test, `PATCH`/`PUT` operations initiated from Okta's side, just to make sure.
 
 ### Data models
 
 Scimitar assumes that each SCIM resource maps to a single corresponding class in your system. This might be an abstraction over more complex underpinings, but either way, a 1:1 relationship is expected. For example, a SCIM User might map to a User ActiveRecord model in your Rails application, while a SCIM Group might map to some custom class called Team which operates on a more complex set of data "under the hood".
 
-Before writing any controllers, it's a good idea to examine the SCIM specification and figure out how you intend to map SCIM attributes in any resources of interest, to your local data. A [mixin is provided](https://github.com/RIPAGlobal/scimitar/blob/main/app/models/scimitar/resources/mixin.rb) which you can include in any plain old Ruby class (including, but not limited to ActiveRecord model classes) - a more readable form of the comments in this file [is in the RDoc output](https://www.rubydoc.info/gems/scimitar/Scimitar/Resources/Mixin).
+Before writing any controllers, it's a good idea to examine the SCIM specification and figure out how you intend to map SCIM attributes in any resources of interest, to your local data. A [mixin is provided](https://github.com/pond/scimitar/blob/main/app/models/scimitar/resources/mixin.rb) which you can include in any plain old Ruby class (including, but not limited to ActiveRecord model classes) - a more readable form of the comments in this file [is in the RDoc output](https://www.rubydoc.info/gems/scimitar/Scimitar/Resources/Mixin).
 
-The functionality exposed by the mixin is relatively complicated because the range of operations that the SCIM API supports is quite extensive. Rather than duplicate all the information here, please see the extensive comments in the mixin linked above for more information. There are examples in the [test suite's Rails models](https://github.com/RIPAGlobal/scimitar/tree/main/spec/apps/dummy/app/models), or for another example:
+The functionality exposed by the mixin is relatively complicated because the range of operations that the SCIM API supports is quite extensive. Rather than duplicate all the information here, please see the extensive comments in the mixin linked above for more information. There are examples in the [test suite's Rails models](https://github.com/pond/scimitar/tree/main/spec/apps/dummy/app/models), or for another example:
 
 ```ruby
 class User < ActiveRecord::Base
@@ -260,7 +264,7 @@ module Scim
 end
 ```
 
-All data-layer actions are taken via `#find` or `#save!`, with exceptions such as `ActiveRecord::RecordNotFound`, `ActiveRecord::RecordInvalid` or generalised SCIM exceptions handled by various superclasses. For a real Rails example of this, see the [test suite's controllers](https://github.com/RIPAGlobal/scimitar/tree/main/spec/apps/dummy/app/controllers) which are invoked via its [routing declarations](https://github.com/RIPAGlobal/scimitar/blob/main/spec/apps/dummy/config/routes.rb).
+All data-layer actions are taken via `#find` or `#save!`, with exceptions such as `ActiveRecord::RecordNotFound`, `ActiveRecord::RecordInvalid` or generalised SCIM exceptions handled by various superclasses. For a real Rails example of this, see the [test suite's controllers](https://github.com/pond/scimitar/tree/main/spec/apps/dummy/app/controllers) which are invoked via its [routing declarations](https://github.com/pond/scimitar/blob/main/spec/apps/dummy/config/routes.rb).
 
 ##### Overriding controller methods
 
@@ -321,7 +325,7 @@ end
 
 #### Other source types
 
-If you do _not_ use ActiveRecord to store data, or if you have very esoteric read-write requirements, you can subclass [`Scimigar::ResourcesController`](https://www.rubydoc.info/gems/scimitar/Scimitar/ResourcesController) in a manner similar to this:
+If you do _not_ use ActiveRecord to store data, or if you have very esoteric read-write requirements, you can subclass [`Scimitar::ResourcesController`](https://www.rubydoc.info/gems/scimitar/Scimitar/ResourcesController) in a manner similar to this:
 
 ```ruby
 class UsersController < Scimitar::ResourcesController
@@ -447,7 +451,7 @@ end
 
 ```
 
-Note that the [`Scimitar::ApplicationController` parent class](https://www.rubydoc.info/gems/scimitar/Scimitar/ApplicationController) of `Scimitar::ResourcesController` has a few methods to help with handling exceptions and rendering them as SCIM responses; for example, if a resource were not found by ID, you might wish to use [`Scimitar::ApplicationController#handle_resource_not_found`](https://github.com/RIPAGlobal/scimitar/blob/v1.0.3/app/controllers/scimitar/application_controller.rb#L22).
+Note that the [`Scimitar::ApplicationController` parent class](https://www.rubydoc.info/gems/scimitar/Scimitar/ApplicationController) of `Scimitar::ResourcesController` has a few methods to help with handling exceptions and rendering them as SCIM responses; for example, if a resource were not found by ID, you might wish to use [`Scimitar::ApplicationController#handle_resource_not_found`](https://github.com/pond/scimitar/blob/v1.0.3/app/controllers/scimitar/application_controller.rb#L22).
 
 ### Extension schema
 
@@ -544,7 +548,7 @@ Whatever you provide in the `::id` method in your extension class will be used a
 }
 ```
 
-**IMPORTANT: Attribute names must be unique** across your entire combined schema, regardless of URNs used. This is because of a limitation in Scimitar's implementation. [This GitHub issue](https://github.com/RIPAGlobal/scimitar/issues/130) explains more. If this is a problem for you, please comment on the GitHub issue to help the maintainers understand the level of demand for remediation.
+**IMPORTANT: Attribute names must be unique** across your entire combined schema, regardless of URNs used. This is because of a limitation in Scimitar's implementation. [This GitHub issue](https://github.com/pond/scimitar/issues/130) explains more. If this is a problem for you, please comment on the GitHub issue to help the maintainers understand the level of demand for remediation.
 
 Resource extensions can provide any fields you choose, under any ID/URN you choose, to either RFC-described resources or entirely custom SCIM resources. There are no hard-coded assumptions or other "magic" that might require you to only extend RFC-described resources with RFC-described extensions. Of course, if you use custom resources or custom extensions that are not described by the SCIM RFCs, then the SCIM API you provide may only work with custom-written API callers that are aware of your bespoke resources and/or extensions.
 
@@ -594,7 +598,7 @@ By default, Scimitar advertises (via things like [the `/Schemas` endpoint](https
 
 ```ruby
 Rails.application.config.to_prepare do
-  Scimitar::Engine::set_default_resources([Scimitar::Resources::User])
+  Scimitar::Engine.set_default_resources([Scimitar::Resources::User])
   # ...other Scimitar configuration / initialisation code...
 end
 ```
@@ -621,7 +625,7 @@ Often, you'll find that bearer tokens are in use by SCIM API consumers, but the
 
 * Several complex types for User contain the same set of `value`, `display`, `type` and `primary` fields, all used in synonymous ways.
 
-  - The `value` field - which is e.g. an e-mail address or phone number - is described as optional by [the RFC 7643 core schema](https://tools.ietf.org/html/rfc7643#section-8.7.1), also using "SHOULD" rather than "MUST" in field descriptions elsewhere. Scimitar marks this as required by default, since there's not much point being sent (say) an e-mail section which has entries that don't provide the e-mail address. Some services might send `null` values here regardless so, if you need to be able to accept such data, you can set [engine configuration option `optional_value_fields_required`](https://github.com/RIPAGlobal/scimitar/blob/main/config/initializers/scimitar.rb) to `false`.
+  - The `value` field - which is e.g. an e-mail address or phone number - is described as optional by [the RFC 7643 core schema](https://tools.ietf.org/html/rfc7643#section-8.7.1), also using "SHOULD" rather than "MUST" in field descriptions elsewhere. Scimitar marks this as required by default, since there's not much point being sent (say) an e-mail section which has entries that don't provide the e-mail address. Some services might send `null` values here regardless so, if you need to be able to accept such data, you can set [engine configuration option `optional_value_fields_required`](https://github.com/pond/scimitar/blob/main/config/initializers/scimitar.rb) to `false`.
 
   - The schema _descriptions_ for `display` declare that the field is something optionally sent by the service provider and state clearly that it is read-only - yet the formal schema declares it `readWrite`. Scimitar marks it as read-only.
 
@@ -629,7 +633,7 @@ Often, you'll find that bearer tokens are in use by SCIM API consumers, but the
 
 * In the `members` section of a [`Group` in the RFC 7643 core schema](https://tools.ietf.org/html/rfc7643#page-69), any member's `value` is noted as _not_ required but [the RFC also says](https://tools.ietf.org/html/rfc7643#section-4.2) "Service providers MAY require clients to provide a non-empty value by setting the "required" attribute characteristic of a sub-attribute of the "members" attribute in the "Group" resource schema". Scimitar does this. The `value` field would contain the `id` of a SCIM resource, which is the primary key on "our side" as a service provider. Just as we must store `externalId` values to maintain a mapping on "our side", we in turn _do_ require clients to provide our ID in group member lists via the `value` field.
 
-* While the gem attempts to support difficult/complex filter strings via incorporating code and ideas in [SCIM Query Filter Parser](https://github.com/ingydotnet/scim-query-filter-parser-rb), it is possible that ActiveRecord / Rails precedence on some query operations in complex cases might not exactly match the SCIM specification. Please do submit a bug report if you encounter this. You may also wish to view [`query_parser_spec.rb`](https://github.com/RIPAGlobal/scimitar/blob/main/spec/models/scimitar/lists/query_parser_spec.rb) to get an idea of the tested examples - more interesting test cases are in the "`context 'with complex cases' do`" section.
+* While the gem attempts to support difficult/complex filter strings via incorporating code and ideas in [SCIM Query Filter Parser](https://github.com/ingydotnet/scim-query-filter-parser-rb), it is possible that ActiveRecord / Rails precedence on some query operations in complex cases might not exactly match the SCIM specification. Please do submit a bug report if you encounter this. You may also wish to view [`query_parser_spec.rb`](https://github.com/pond/scimitar/blob/main/spec/models/scimitar/lists/query_parser_spec.rb) to get an idea of the tested examples - more interesting test cases are in the "`context 'with complex cases' do`" section.
 
 * Group resource examples show the `members` array including field `display`, but this is not in the [formal schema](https://tools.ietf.org/html/rfc7643#page-69); Scimitar includes it in the Group definition.
 
@@ -639,7 +643,7 @@ Often, you'll find that bearer tokens are in use by SCIM API consumers, but the
 
 * As noted earlier, extension schema attribute names must be unique across your entire combined schema, regardless of schema IDs (URNs) used.
 
-If you believe choices made in this section may be incorrect, please [create a GitHub issue](https://github.com/RIPAGlobal/scimitar/issues/new) describing the problem.
+If you believe choices made in this section may be incorrect, please [create a GitHub issue](https://github.com/pond/scimitar/issues/new) describing the problem.
 
 ### Omissions
 
@@ -653,11 +657,11 @@ If you believe choices made in this section may be incorrect, please [create a G
 
 * Currently filtering for lists is always matched case-insensitive regardless of schema declarations that might indicate otherwise, for `eq`, `ne`, `co`, `sw` and `ew` operators; for greater/less-thank style filters, case is maintained with simple `>`, `<` etc. database operations in use. The standard Group and User schema have `caseExact` set to `false` for just about anything readily queryable, so this hopefully would only ever potentially be an issue for custom schema.
 
-* As an exception to the above, attributes `id`, `externalId` and `meta.*` are matched case-sensitive. Filters that use `eq` on such attributes will end up a comparison using `=` rather than e.g. `ILIKE` (arising from https://github.com/RIPAGlobal/scimitar/issues/36).
+* As an exception to the above, attributes `id`, `externalId` and `meta.*` are matched case-sensitive. Filters that use `eq` on such attributes will end up a comparison using `=` rather than e.g. `ILIKE` (arising from https://github.com/pond/scimitar/issues/36).
 
 * The `PATCH` mechanism is supported, but where filters are included, only a single "attribute eq value" is permitted - no other operators or combinations. For example, a work e-mail address's value could be replaced by a PATCH patch of `emails[type eq "work"].value`. For in-path filters such as this, other operators such as `ne` are not supported; combinations with "and"/"or" are not supported; negation with "not" is not supported.
 
-If you would like to see something listed in the session implemented, please [create a GitHub issue](https://github.com/RIPAGlobal/scimitar/issues/new) asking for it to be implemented, or if possible, implement the feature and send a Pull Request.
+If you would like to see something listed in the session implemented, please [create a GitHub issue](https://github.com/pond/scimitar/issues/new) asking for it to be implemented, or if possible, implement the feature and send a Pull Request.
 
 
 

data/app/controllers/scimitar/application_controller.rb

@@ -9,10 +9,6 @@ module Scimitar
     before_action :add_mandatory_response_headers
     before_action :authenticate
 
-    if Scimitar.engine_configuration.application_controller_mixin
-      include Scimitar.engine_configuration.application_controller_mixin
-    end
-
     # =========================================================================
     # PROTECTED INSTANCE METHODS
     # =========================================================================
@@ -47,7 +43,7 @@ module Scimitar
       #
       # *exception+:: If a Ruby exception was the reason this method is being
       #               called, pass it here. Any configured exception reporting
-      #               mechanism will be invokved with the given parameter.
+      #               mechanism will be invoked with the given parameter.
       #               Otherwise, the +error_response+ value is reported.
       #
       def handle_scim_error(error_response, exception = error_response)
@@ -153,5 +149,8 @@ module Scimitar
         return result
       end
 
+    if Scimitar.engine_configuration.application_controller_mixin
+      include Scimitar.engine_configuration.application_controller_mixin
+    end
   end
 end

data/app/controllers/scimitar/resource_types_controller.rb

@@ -5,7 +5,13 @@ module Scimitar
         resource.resource_type(scim_resource_type_url(name: resource.resource_type_id))
       end
 
-      render json: resource_types
+      render json: {
+        schemas: [
+            'urn:ietf:params:scim:api:messages:2.0:ListResponse'
+        ],
+        totalResults: resource_types.size,
+        Resources:    resource_types
+      }
     end
 
     def show

data/app/controllers/scimitar/schemas_controller.rb

@@ -201,7 +201,7 @@ module Scimitar
             if mapped_multivalue_attribute.is_a?(Array)
 
               # A single-entry array with "list using" semantics, for a
-              # collection of an artbirary number of same-class items - e.g.
+              # collection of an arbitrary number of same-class items - e.g.
               # Groups to which a User belongs.
               #
               # If this is an up-to-date mapping, there's a "class" entry that

data/app/controllers/scimitar/service_provider_configurations_controller.rb

@@ -1,7 +1,9 @@
 module Scimitar
   class ServiceProviderConfigurationsController < ApplicationController
     def show
-      render json: Scimitar.service_provider_configuration(location: request.url)
+      service_provider_configuration = Scimitar.service_provider_configuration(location: request.url).as_json
+      service_provider_configuration.delete("uses_defaults")
+      render json: service_provider_configuration
     end
   end
 end

data/app/models/scimitar/complex_types/base.rb

@@ -75,8 +75,8 @@ module Scimitar
       #             attributes of this complex type object.
       #
       def as_json(options={})
-        options[:except] ||= ['errors']
-        super.except(options)
+        exclusions = options[:except] || ['errors']
+        super(options.merge(except: exclusions))
       end
     end
   end

data/app/models/scimitar/lists/query_parser.rb

@@ -296,7 +296,7 @@ module Scimitar
         # the part before the "[" as a prefix - "emails[type" to "emails.type",
         # with similar substitutions therein.
         #
-        # Further, via https://github.com/RIPAGlobal/scimitar/issues/115 we see
+        # Further, via https://github.com/pond/scimitar/issues/115 we see
         # a requirement to support a broken form emitted by Microsoft; that is
         # supported herein.
         #
@@ -342,14 +342,14 @@ module Scimitar
           skip_next_component       = false
 
           components.each.with_index do | component, index |
-            if skip_next_component == true
+            if skip_next_component
               skip_next_component = false
               next
             end
 
             downcased = component.downcase.strip
 
-            if (expecting_attribute)
+            if expecting_attribute
               if downcased.match?(/[^\\]\[/) # Not backslash then literal '['
                 attribute_prefix       = component.match(/(.*?[^\\])\[/   )[1] # Everything before no-backslash-then-literal (unescaped) '['
                 first_attribute_inside = component.match(    /[^\\]\[(.*)/)[1] # Everything  after no-backslash-then-literal (unescaped) '['
@@ -362,7 +362,7 @@ module Scimitar
               expecting_attribute = false
               expecting_operator  = true
 
-            elsif (expecting_operator)
+            elsif expecting_operator
               rewritten << component
               if BINARY_OPERATORS.include?(downcased)
                 expecting_operator = false
@@ -374,13 +374,13 @@ module Scimitar
                 raise 'Expected operator'
               end
 
-            elsif (expecting_value)
+            elsif expecting_value
               matches = downcased.match(/([^\\])\](.*)/) # Contains no-backslash-then-literal (unescaped) ']'; also capture anything after
               unless matches.nil? # Contains no-backslash-then-literal (unescaped) ']'
                 character_before_closing_bracket = matches[1]
                 characters_after_closing_bracket = matches[2]
 
-                # https://github.com/RIPAGlobal/scimitar/issues/115 - detect
+                # https://github.com/pond/scimitar/issues/115 - detect
                 # bad Microsoft filters. After the closing bracket, we expect a
                 # dot then valid attribute characters and at least one white
                 # space character and filter operator, but we split on spaces,
@@ -395,7 +395,7 @@ module Scimitar
                 # So - NOTE RECURSION AND EARLY EXIT POSSIBILITY HEREIN.
                 #
                 if (
-                  ! attribute_prefix.nil? &&
+                  !attribute_prefix.nil? &&
                   OPERATORS.key?(components[index + 1]&.downcase) &&
                   characters_after_closing_bracket.match?(/^\.#{ATTRNAME}$/)
                 )
@@ -437,7 +437,7 @@ module Scimitar
               if downcased.start_with?('"')
                 expecting_closing_quote = true
                 downcased = downcased[1..-1] # Strip off opening '"' to avoid false-positive on 'contains closing quote' check below
-              elsif expecting_closing_quote == false # If not expecting a closing quote, then the component must be the entire no-spaces value
+              elsif !expecting_closing_quote # If not expecting a closing quote, then the component must be the entire no-spaces value
                 expecting_value      = false
                 expecting_logic_word = true
               end
@@ -450,7 +450,7 @@ module Scimitar
                 end
               end
 
-            elsif (expecting_logic_word)
+            elsif expecting_logic_word
               if downcased == 'and' || downcased == 'or'
                 rewritten << component
                 next_downcased_component = components[index + 1].downcase.strip
@@ -470,7 +470,7 @@ module Scimitar
           #
           # Scimitar currently has a limitation where it strips schema IDs in
           # things like PATCH operation path traversal; see
-          # https://github.com/RIPAGlobal/scimitar/issues/130. At least that
+          # https://github.com/pond/scimitar/issues/130. At least that
           # makes things easy here; use the same approach and strip them out!
           #
           # We don't know which resource is being queried at this layer of the
@@ -586,11 +586,11 @@ module Scimitar
 
         # Recursively process an expression tree. Calls itself with nested tree
         # fragments. Each inner expression fragment calculates on the given
-        # base scope, with aggregration at each level into a wider query using
+        # base scope, with aggregation at each level into a wider query using
         # AND or OR depending on the expression tree contents.
         #
         # +base_scope+::      Base scope (ActiveRecord::Relation, e.g. User.all
-        #                     - neverchanges during recursion).
+        #                     - never changes during recursion).
         #
         # +expression_tree+:: Top-level expression tree or fragments inside if
         #                     self-calling recursively.
@@ -748,7 +748,7 @@ module Scimitar
 
         # Returns the mapped-to-your-domain column name(s) that a filter string
         # is operating upon, in an Array. If empty, the attribute is to be
-        # ignored. Raises an exception if entirey unmapped (thus unsupported).
+        # ignored. Raises an exception if entirely unmapped (thus unsupported).
         #
         # Note plural - the return value is always an array any of which should
         # be used (implicit 'OR').

data/app/models/scimitar/resource_type.rb

@@ -17,12 +17,10 @@ module Scimitar
 
     def as_json(options = {})
       without_extensions = super(except: 'schemaExtensions')
-      if schemaExtensions.present?
-        extensions = schemaExtensions.map{|extension| {"schema" => extension, "required" => false}}
-        without_extensions.merge('schemaExtensions' => extensions)
-      else
-        without_extensions
-      end
+      return without_extensions unless schemaExtensions.present? # NOTE EARLY EXIT
+
+      extensions = schemaExtensions.map{|extension| {"schema" => extension, "required" => false}}
+      without_extensions.merge('schemaExtensions' => extensions)
     end
 
   end

data/app/models/scimitar/resources/base.rb

@@ -158,7 +158,7 @@ module Scimitar
         hash.with_indifferent_access.each_pair do |attr_name, attr_value|
           scim_attribute = self.class.complex_scim_attributes[attr_name].try(:first)
 
-          if scim_attribute && scim_attribute.complexType
+          if scim_attribute&.complexType
             if scim_attribute.multiValued
               self.send("#{attr_name}=", attr_value&.map {|attr_for_each_item| complex_type_from_hash(scim_attribute, attr_for_each_item)})
             else

data/app/models/scimitar/resources/mixin.rb

@@ -473,7 +473,7 @@ module Scimitar
             path_str = operation['path' ]
             value    = operation['value']
 
-            unless ['add', 'remove', 'replace'].include?(nature)
+            unless %w[add remove replace].include?(nature)
               raise Scimitar::InvalidSyntaxError.new("Unrecognised PATCH \"op\" value of \"#{nature}\"")
             end
 
@@ -613,7 +613,7 @@ module Scimitar
                 built_dynamic_list = false
                 mapped_array = attrs_map_or_leaf_value.map do |value|
                   if ! value.is_a?(Hash)
-                    raise 'Bad attribute map: Array contains someting other than mapping Hash(es)'
+                    raise 'Bad attribute map: Array contains something other than mapping Hash(es)'
 
                   elsif value.key?(:match) # Static map
                     static_hash = { value[:match] => value[:with] }
@@ -741,7 +741,7 @@ module Scimitar
           # +path+::                    Array of SCIM attribute names giving a
           #                             path into the SCIM schema where
           #                             iteration has reached. Used to find the
-          #                             schema attribute definiton and check
+          #                             schema attribute definition and check
           #                             mutability before writing.
           #
           def from_scim_backend!(
@@ -769,8 +769,8 @@ module Scimitar
                   # Handle extension schema. Contributed by @bettysteger and
                   # @MorrisFreeman via:
                   #
-                  #   https://github.com/RIPAGlobal/scimitar/issues/48
-                  #   https://github.com/RIPAGlobal/scimitar/pull/49
+                  #   https://github.com/pond/scimitar/issues/48
+                  #   https://github.com/pond/scimitar/pull/49
                   #
                   # Note the shortcoming that attribute names within extensions
                   # must be unique, as this mechanism basically just pulls out
@@ -1088,7 +1088,7 @@ module Scimitar
                     # associated collection or clearing a local model attribute
                     # directly to "nil").
                     #
-                    if handled == false
+                    unless handled
                       current_data_at_path[matched_index] = nil
                       compact_after = true
                     end
@@ -1139,7 +1139,7 @@ module Scimitar
                       # Handle the Azure (Entra) case where keys might use
                       # dotted paths - see:
                       #
-                      #   https://github.com/RIPAGlobal/scimitar/issues/123
+                      #   https://github.com/pond/scimitar/issues/123
                       #
                       # ...along with keys containing schema IDs - see:
                       #
@@ -1290,7 +1290,7 @@ module Scimitar
                       end
                     end
 
-                    if handled == false
+                    unless handled
                       altering_hash[path_component] = []
                     end
 
@@ -1445,7 +1445,7 @@ module Scimitar
           #     { value: :work_email }
           #
           # If there was a SCIM entry with a type of something unrecognised,
-          # such as 'holday', then +nil+ would be returned since there is no
+          # such as 'holiday', then +nil+ would be returned since there is no
           # matching attribute map entry.
           #
           # Note that the <tt>:with_attr_map</tt> array can contain dynamic

data/app/models/scimitar/schema/attribute.rb

@@ -122,9 +122,10 @@ module Scimitar
       end
 
       def as_json(options = {})
-        options[:except] ||= ['complexType']
-        options[:except] << 'canonicalValues' if canonicalValues.empty?
-        super.except(options)
+        exclusions = options[:except] || ['complexType']
+        exclusions << 'canonicalValues' if canonicalValues.empty?
+
+        super(options.merge(except: exclusions))
       end
 
     end

data/app/models/scimitar/schema/base.rb

@@ -36,7 +36,7 @@ module Scimitar
         scim_attributes.map { |scim_attribute| scim_attribute.clone }
       end
 
-      # Find a given attribute this schema, travelling down a path to any
+      # Find a given attribute of this schema, travelling down a path to any
       # sub-attributes within. Given that callers might be dealing with paths
       # into actual SCIM data, array indices for multi-value attributes are
       # allowed (as integers) and simply skipped - only the names are of

data/lib/scimitar/engine.rb

@@ -88,9 +88,9 @@ module Scimitar
       unrecognised_resources = resource_array - @standard_default_resources
 
       if unrecognised_resources.any?
-        raise "Scimitar::Engine::set_default_resources: Only #{@standard_default_resources.map(&:name).join(', ')} are supported"
+        raise "Scimitar::Engine.set_default_resources: Only #{@standard_default_resources.map(&:name).join(', ')} are supported"
       elsif resource_array.empty?
-        raise 'Scimitar::Engine::set_default_resources: At least one resource must be given'
+        raise 'Scimitar::Engine.set_default_resources: At least one resource must be given'
       end
 
       @default_resources = resource_array

data/lib/scimitar/support/utilities.rb

@@ -50,8 +50,8 @@ module Scimitar
       # Schema ID-aware splitter handling ":" or "." separators. Adapted from
       # contribution by @bettysteger and @MorrisFreeman in:
       #
-      #   https://github.com/RIPAGlobal/scimitar/issues/48
-      #   https://github.com/RIPAGlobal/scimitar/pull/49
+      #   https://github.com/pond/scimitar/issues/48
+      #   https://github.com/pond/scimitar/pull/49
       #
       # +schemas::   Array of extension schemas, e.g. a SCIM resource class'
       #              <tt>scim_resource_type.extended_schemas</tt> value. The

data/lib/scimitar/version.rb

@@ -3,11 +3,11 @@ module Scimitar
   # Gem version. If this changes, be sure to re-run "bundle install" or
   # "bundle update".
   #
-  VERSION = '2.9.0'
+  VERSION = '2.11.0'
 
   # Date for VERSION. If this changes, be sure to re-run "bundle install"
   # or "bundle update".
   #
-  DATE = '2024-06-27'
+  DATE = '2025-03-05'
 
 end

data/spec/apps/dummy/config/application.rb

@@ -13,6 +13,14 @@ require 'scimitar'
 module Dummy
   class Application < Rails::Application
     config.load_defaults 7.0
+
+    # Silence the following under Rails 8.0:
+    #
+    # "DEPRECATION WARNING: `to_time` will always preserve the full timezone
+    # rather than offset of the receiver in Rails 8.1. To opt in to the new
+    # behavior, set `config.active_support.to_time_preserves_timezone = :zone`"
+    #
+    config.active_support.to_time_preserves_timezone = :zone
   end
 end
 

data/spec/apps/dummy/config/initializers/scimitar.rb

@@ -1,6 +1,6 @@
 # Test app configuration.
 #
-# Note that as a result of https://github.com/RIPAGlobal/scimitar/issues/48,
+# Note that as a result of https://github.com/pond/scimitar/issues/48,
 # tests include a custom extension of the core User schema. A shortcoming of
 # some of the code from which Scimitar was originally built is that those
 # extensions are done with class-level ivars, so it is largely impossible (or
@@ -59,7 +59,7 @@ Rails.application.config.to_prepare do
         end
       end
 
-      # In https://github.com/RIPAGlobal/scimitar/issues/122 we learn that with
+      # In https://github.com/pond/scimitar/issues/122 we learn that with
       # more than one extension, things can go wrong - so now we test with two.
       #
       class Manager < Scimitar::Schema::Base

data/spec/controllers/scimitar/resource_types_controller_spec.rb

@@ -9,11 +9,15 @@ RSpec.describe Scimitar::ResourceTypesController do
     it 'renders the resource type for user' do
       get :index, format: :scim
       response_hash = JSON.parse(response.body)
-      expected_response = [ Scimitar::Resources::User.resource_type(scim_resource_type_url(name: 'User', test: 1)),
-                            Scimitar::Resources::Group.resource_type(scim_resource_type_url(name: 'Group', test: 1))
-      ].to_json
+      expected_response = {
+        schemas: ['urn:ietf:params:scim:api:messages:2.0:ListResponse'],
+        totalResults: 2,
+        Resources: [
+          Scimitar::Resources::User.resource_type(scim_resource_type_url(name: 'User', test: 1)),
+          Scimitar::Resources::Group.resource_type(scim_resource_type_url(name: 'Group', test: 1))
+        ]
+      }.to_json
 
-      response_hash = JSON.parse(response.body)
       expect(response_hash).to eql(JSON.parse(expected_response))
     end
 

data/spec/controllers/scimitar/service_provider_configurations_controller_spec.rb

@@ -15,6 +15,7 @@ RSpec.describe Scimitar::ServiceProviderConfigurationsController do
 
       expect(response).to be_ok
       expect(JSON.parse(response.body)).to include('patch' => {'supported' => true})
+      expect(JSON.parse(response.body)).to_not include('uses_defaults' => true)
       expect(JSON.parse(response.body)).to include('filter' => {'maxResults' => Scimitar::Filter::MAX_RESULTS_DEFAULT, 'supported' => true})
     end
   end

data/spec/models/scimitar/lists/query_parser_spec.rb

@@ -352,7 +352,7 @@ RSpec.describe Scimitar::Lists::QueryParser do
         expect(result).to eql('filter=userType eq "Employee" and emails.type eq "work" and emails.value co "@example.com"')
       end
 
-      # https://github.com/RIPAGlobal/scimitar/issues/116
+      # https://github.com/pond/scimitar/issues/116
       #
       context 'with schema IDs (GitHub issue #116)' do
         it 'handles simple attributes' do
@@ -381,7 +381,7 @@ RSpec.describe Scimitar::Lists::QueryParser do
         end
       end
 
-      # https://github.com/RIPAGlobal/scimitar/issues/115
+      # https://github.com/pond/scimitar/issues/115
       #
       context 'broken filters from Microsoft (GitHub issue #115)' do
         it 'work with "eq"' do

data/spec/models/scimitar/resources/mixin_spec.rb

@@ -555,7 +555,7 @@ RSpec.describe Scimitar::Resources::Mixin do
 
           expect do
             scim = instance.to_scim(location: 'https://test.com/static_map_test')
-          end.to raise_error(RuntimeError) { |e| expect(e.message).to include('Array contains someting other than mapping Hash(es)') }
+          end.to raise_error(RuntimeError) { |e| expect(e.message).to include('Array contains something other than mapping Hash(es)') }
         end
 
         it 'complains about bad Hash entries in mapping Arrays' do

data/spec/requests/active_record_backed_resources_controller_spec.rb

@@ -136,7 +136,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(result.dig('Resources', 0, 'name', 'familyName')).to eql 'Ark'
       end
 
-      # https://github.com/RIPAGlobal/scimitar/issues/37
+      # https://github.com/pond/scimitar/issues/37
       #
       it 'applies a filter, with case-insensitive attribute matching (GitHub issue #37)' do
         get '/Users', params: {
@@ -159,7 +159,7 @@ RSpec.describe Scimitar::ActiveRecordBackedResourcesController do
         expect(usernames).to match_array(['2'])
       end
 
-      # https://github.com/RIPAGlobal/scimitar/issues/115
+      # https://github.com/pond/scimitar/issues/115
       #
       it 'handles broken Microsoft filters (GitHub issue #115)' do
         get '/Users', params: {

data/spec/requests/engine_spec.rb

@@ -78,26 +78,26 @@ RSpec.describe Scimitar::Engine do
       end
 
       it 'notes changes to defaults' do
-        Scimitar::Engine::set_default_resources([Scimitar::Resources::User])
+        Scimitar::Engine.set_default_resources([Scimitar::Resources::User])
         expect(Scimitar::Engine.resources()).to match_array([Scimitar::Resources::User])
       end
 
       it 'notes changes to defaults with custom resources added' do
-        Scimitar::Engine::set_default_resources([Scimitar::Resources::User])
+        Scimitar::Engine.set_default_resources([Scimitar::Resources::User])
         Scimitar::Engine.add_custom_resource(@license_resource)
         expect(Scimitar::Engine.resources()).to match_array([Scimitar::Resources::User, @license_resource])
       end
 
       it 'rejects bad defaults' do
         expect {
-          Scimitar::Engine::set_default_resources([@license_resource])
-        }.to raise_error('Scimitar::Engine::set_default_resources: Only Scimitar::Resources::User, Scimitar::Resources::Group are supported')
+          Scimitar::Engine.set_default_resources([@license_resource])
+        }.to raise_error('Scimitar::Engine.set_default_resources: Only Scimitar::Resources::User, Scimitar::Resources::Group are supported')
       end
 
       it 'rejects empty defaults' do
         expect {
-          Scimitar::Engine::set_default_resources([])
-        }.to raise_error('Scimitar::Engine::set_default_resources: At least one resource must be given')
+          Scimitar::Engine.set_default_resources([])
+        }.to raise_error('Scimitar::Engine.set_default_resources: At least one resource must be given')
       end
     end # "context '::resources, :add_custom_resource, ::set_default_resources' do"
 

metadata

@@ -1,28 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: scimitar
 version: !ruby/object:Gem::Version
-  version: 2.9.0
+  version: 2.11.0
 platform: ruby
 authors:
 - RIPA Global
 - Andrew David Hodgkinson
-autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-06-27 00:00:00.000000000 Z
+date: 2025-03-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '7.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '7.0'
 - !ruby/object:Gem::Dependency
@@ -31,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.9'
+        version: '1.10'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -87,45 +86,45 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.7'
+        version: '6.12'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.7'
+        version: '6.12'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '7.1'
 - !ruby/object:Gem::Dependency
   name: doggo
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: '1.4'
 description: SCIM v2 support for Users and Groups in Ruby On Rails
 email:
-- dev@ripaglobal.com
+- ahodgkin@rowing.org.uk
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -244,15 +243,14 @@ files:
 - spec/spec_helper.rb
 - spec/spec_helper_spec.rb
 - spec/support/hash_with_indifferent_case_insensitive_access_spec.rb
-homepage: https://www.ripaglobal.com/
+homepage: https://github.com/pond/scimitar/
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://www.ripaglobal.com/
-  source_code_uri: https://github.com/RIPAGlobal/scimitar/
-  bug_tracker_uri: https://github.com/RIPAGlobal/scimitar/issues/
-  changelog_uri: https://github.com/RIPAGlobal/scimitar/blob/main/CHANGELOG.md
-post_install_message:
+  homepage_uri: https://github.com/pond/scimitar/
+  source_code_uri: https://github.com/pond/scimitar/
+  bug_tracker_uri: https://github.com/pond/scimitar/issues/
+  changelog_uri: https://github.com/pond/scimitar/blob/main/CHANGELOG.md
 rdoc_options: []
 require_paths:
 - lib
@@ -267,8 +265,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.4
-signing_key:
+rubygems_version: 3.6.2
 specification_version: 4
 summary: SCIM v2 for Rails
 test_files: