scimgateway 4.2.11 → 4.2.12

package/README.md

@@ -326,6 +326,7 @@ Definitions in `endpoint` object are customized according to our plugin code. Pl
 - **scim.version** - "1.1" or "2.0". Default is "2.0". For Symantec/Broadcom/CA Identity Manager "1.1" should be used.  
 
 - **scim.customSchema** - filename of JSON file located in `<package-root>\config\schemas` containing custom schema attributes, see configuration notes 
+  **additional information**: Schemas, ServiceProviderConfig and ResourceType can be customized if `lib/scimdef-v2.js (or scimdef-v1.js)` exists. Original scimdef-v2.js/scimdef-v1.js can be copied from node_modules/scimgateway/lib to your plugin/lib and customized.
 
 - **scim.skipTypeConvert** - true or false, default false. Multivalue attributes supporting types e.g. emails, phoneNumbers, ims, photos, addresses, entitlements and x509Certificates (but not roles, groups and members) will be become "type converted objects" when sent to modifyUser and createUser. This for simplicity of checking attributes included and also for the endpointMapper method (used by plugin-ldap and plugin-azure-ad), e.g.: 
 
@@ -1169,6 +1170,12 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
+### v4.2.12  
+
+[Added] 
+
+- Schemas, ServiceProviderConfig and ResourceType can be customized if `lib/scimdef-v2.js (or scimdef-v1.js)` exists. Original scimdef-v2.js/scimdef-v1.js can be copied from node_modules/scimgateway/lib to your plugin/lib and customized.
+
 ### v4.2.11  
 
 [Added] 

package/lib/scimdef-v1.js

@@ -11,23 +11,39 @@ module.exports.ServiceProviderConfigs = {
   "bulk": {
     "supported": false,
     "maxOperations": 10000,
-    "maxPayloadSize": 10000000
+    "maxPayloadSize": 1048576
   },
   "filter": {
     "supported": true,
-    "maxResults": 100
+    "maxResults": 200
   },
   "changePassword": { "supported": true },
   "sort": { "supported": false },
-  "etag": { "supported": true },
-  "authenticationSchemes": [{
-    "type": "httpbasic",
-    "name": "Http Basic",
-    "description": "The HTTP Basic Access Authentication scheme. This scheme is not considered to be a secure method of user authentication (unless used in conjunction with some external secure system such as SSL), as the user name and password are passed over the network as cleartext.",
-    "specUrl": "http://www.ietf.org/rfc/rfc2617.txt",
-    "documentationUrl": "http://en.wikipedia.org/wiki/Basic_access_authentication",
-    "primary": true
-  }],
+  "etag": { "supported": false },
+  "authenticationSchemes": [
+    {
+      "type": "httpbasic",
+      "name": "HTTP Basic",
+      "description": "Authentication scheme using the HTTP Basic Standard",
+      "specURI": "http://www.rfc-editor.org/info/rfc2617",
+      "documentationUri": "https://elshaug.xyz",
+      "primary": true
+    },
+    {
+      "type": "oauthbearertoken",
+      "name": "OAuth Bearer Token",
+      "description": "Authentication scheme using the OAuth Bearer Token Standard",
+      "specUri": "http://www.rfc-editor.org/info/rfc6750",
+      "documentationUri": "https://elshaug.xyz"
+    },
+    {
+      "type": "oauth2",
+      "name": "OAuth v2.0",
+      "description": "Authentication Scheme using the OAuth Standard",
+      "specUri": "http://tools.ietf.org/html/rfc6749",
+      "documentationUri": "https://elshaug.xyz"
+    }
+  ],
   "xmlDataFormat": { "supported": false }
 }
 

package/lib/scimdef-v2.js

@@ -27,15 +27,29 @@ module.exports.ServiceProviderConfigs = {
   "etag": {
     "supported": false
   },
-  "documentationUri": "http://example.com/help/scim.html",
+  "documentationUri": "https://elshaug.xyz",
   "authenticationSchemes": [
     {
+      "type": "httpbasic",
       "name": "HTTP Basic",
       "description": "Authentication scheme using the HTTP Basic Standard",
       "specURI": "http://www.rfc-editor.org/info/rfc2617",
-      "documentationUri": "http://en.wikipedia.org/wiki/Basic_access_authentication",
-      "type": "httpbasic",
+      "documentationUri": "https://elshaug.xyz",
       "primary": true
+    },
+    {
+      "type": "oauthbearertoken",
+      "name": "OAuth Bearer Token",
+      "description": "Authentication scheme using the OAuth Bearer Token Standard",
+      "specUri": "http://www.rfc-editor.org/info/rfc6750",
+      "documentationUri": "https://elshaug.xyz"
+    },
+    {
+      "type": "oauth2",
+      "name": "OAuth v2.0",
+      "description": "Authentication Scheme using the OAuth Standard",
+      "specUri": "http://tools.ietf.org/html/rfc6749",
+      "documentationUri": "https://elshaug.xyz"
     }
   ],
   "xmlDataFormat": { "supported": false }

package/lib/scimgateway.js

@@ -37,7 +37,8 @@ const ScimGateway = function () {
   const stack = callsite()
   const requester = stack[1].getFileName()
   const pluginName = path.basename(requester, '.js')
-  const configDir = path.join(path.dirname(requester), '..', 'config')
+  const pluginDir = path.dirname(requester)
+  const configDir = path.join(pluginDir, '..', 'config')
   const configFile = path.join(`${configDir}`, `${pluginName}.json`) // config name prefix same as pluging name prefix
   let config = require(configFile).scimgateway
   let extConfigErr
@@ -46,7 +47,7 @@ const ScimGateway = function () {
   } catch (err) { extConfigErr = err }
 
   const gwName = path.basename(__filename, '.js') // prefix of current file
-  const logDir = path.join(path.dirname(requester), '..', 'logs')
+  const logDir = path.join(pluginDir, '..', 'logs')
   const Log = require('../lib/logger').Log
   const log = new Log(utils.extendObj(utils.copyObj(config.log), { category: pluginName, colorize: process.stdout.isTTY || false, loglevel: { file: (!config.log.loglevel.file || config.log.loglevel.file === 'off') ? null : 'debug', console: 'debug' } }), path.join(`${logDir}`, `${pluginName}.log`))
   const logger = log.logger()
@@ -246,10 +247,14 @@ const ScimGateway = function () {
   let isScimv2 = false
   if (config.scim.version === '2.0' || config.scim.version === 2) {
     isScimv2 = true
-    scimDef = require('../lib/scimdef-v2')
-  } else scimDef = require('../lib/scimdef-v1')
+    if (fs.existsSync(pluginDir + '/scimdef-v2.js')) scimDef = require(pluginDir + '/scimdef-v2') // using custom
+    else scimDef = require('../lib/scimdef-v2')
+  } else {
+    if (fs.existsSync(pluginDir + '/scimdef-v1.js')) scimDef = require(pluginDir + '/scimdef-v1') // using custom
+    else scimDef = require('../lib/scimdef-v1')
+  }
 
-  if (config.scim.customSchema) { // merge plugin custom schema extension into core schemas
+  if (config.scim.customSchema) { // merge plugin custom schema extension into core schemas (better using above custom scimdef-v2.js in plugin lib folder)
     let custom
     try {
       custom = JSON.parse(fs.readFileSync(`${configDir}/schemas/${config.scim.customSchema}`, 'utf8'))
@@ -285,8 +290,15 @@ const ScimGateway = function () {
     }
   }
 
-  this.testmodeusers = scimDef.TestmodeUsers.Resources // exposed and used by plugin-loki
-  this.testmodegroups = scimDef.TestmodeGroups.Resources // exposed and used by plugin-loki
+  // exposed and used by plugin-loki
+  this.testmodeusers = []
+  this.testmodegroups = []
+  if (scimDef.TestmodeUsers && scimDef.TestmodeUsers.Resources) {
+    this.testmodeusers = scimDef.TestmodeUsers.Resources
+  }
+  if (scimDef.TestmodeGroups && scimDef.TestmodeGroups.Resources) {
+    this.testmodegroups = scimDef.TestmodeGroups.Resources
+  }
 
   // multiValueTypes array contains attributes that will be used by "type converted objects" logic
   // groups, roles, and members are excluded

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scimgateway",
-  "version": "4.2.11",
+  "version": "4.2.12",
   "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
   "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",
   "homepage": "https://elshaug.xyz",