scimgateway 4.2.13 → 4.2.15

package/README.md

@@ -1170,6 +1170,20 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
+### v4.2.15
+  
+[Added] 
+
+- Plugin can set error statusCode returned by scimgateway through error object key `err.name`. This can be done by adding suffix `#code` to err.name where code is HTTP status code e.g., `err.name += '#401'`. This can be useful for auth.PassThrough and other scenarios like createUser where user already exist (409) and modifyUser where user does not exist (404)
+
+	This change replace statusCode logic introduced in v4.2.11  
+
+### v4.2.14
+  
+[Fixed] 
+
+- PUT now returning 404 instead of 500 when trying to update a user/group that does not exist
+
 ### v4.2.13
   
 [Fixed] 
@@ -1186,6 +1200,8 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 [Added] 
 
+Note, obsolete - see v4.2.15 comments
+
 - Plugin can set error statusCode returned by scimgateway through error message. Error message must then contain string `"statusCode":xxx` where xxx is HTTP status code e.g., 401. Plugin using REST will have statusCode automatically included in error message thrown by plugin. This could be useful for auth.PassThrough.
 
 ### v4.2.10  

package/lib/plugin-azure-ad.js

@@ -267,7 +267,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
     } else return (null)
   } catch (err) {
     const newErr = new Error(`${action} error: ${err.message}`)
-    if (err.message.includes('userPrincipalName already exists')) newErr.name = 'uniqueness' // maps to scimType error handling
+    if (err.message.includes('userPrincipalName already exists')) newErr.name += '#409' // customErrCode
     throw newErr
   }
 }
@@ -685,7 +685,7 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
     return null
   } catch (err) {
     const newErr = new Error(`${action} error: ${err.message}`)
-    if (err.message.includes('already exist')) newErr.name = 'uniqueness'
+    if (err.message.includes('already exist')) newErr.name += '#409' // customErrCode
     throw newErr
   }
 }

package/lib/plugin-ldap.js

@@ -322,7 +322,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
     return null
   } catch (err) {
     const newErr = new Error(`${action} error: ${err.message}`)
-    if (newErr.message.includes('ENTRY_EXISTS')) newErr.name = 'uniqueness' // maps to scimType error handling
+    if (newErr.message.includes('ENTRY_EXISTS')) newErr.name += '#409' // customErrCode
     throw newErr
   }
 }
@@ -654,7 +654,7 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
     return null
   } catch (err) {
     const newErr = new Error(`${action} error: ${err.message}`)
-    if (newErr.message.includes('ENTRY_EXISTS')) newErr.name = 'uniqueness' // maps to scimType error handling
+    if (newErr.message.includes('ENTRY_EXISTS')) newErr.name += '#409' // customErrCode
     throw newErr
   }
 }

package/lib/plugin-loki.js

@@ -228,7 +228,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   } catch (err) {
     const newErr = new Error(`${action} error: ${err.message}`)
     if (err.message && err.message.startsWith('Duplicate key')) {
-      newErr.name = 'uniqueness' // maps to scimType error handling
+      newErr.name += '#409' // customErrorCode
     }
     throw newErr
   }
@@ -472,7 +472,7 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   } catch (err) {
     const newErr = new Error(`${action} error: ${err.message}`)
     if (err.message && err.message.startsWith('Duplicate key')) {
-      newErr.name = 'uniqueness' // maps to scimType error handling
+      newErr.name += '#409' // customErrorCode
     }
     throw newErr
   }

package/lib/plugin-mongodb.js

@@ -319,7 +319,7 @@ scimgateway.createUser = async (baseEntity, userObj, ctx) => {
   } catch (err) {
     const newErr = new Error(`${action} error: ${err.message}`)
     if (err.message && err.message.includes('duplicate key')) {
-      newErr.name = 'uniqueness' // maps to scimType error handling
+      newErr.name += '#409' // customErrorCode
     }
     throw newErr
   }
@@ -627,7 +627,7 @@ scimgateway.createGroup = async (baseEntity, groupObj, ctx) => {
   } catch (err) {
     const newErr = new Error(`${action} error: ${err.message}`)
     if (err.message && err.message.includes('duplicate key')) {
-      newErr.name = 'uniqueness' // maps to scimType error handling
+      newErr.name += '#409' // customErrorCode
     }
     throw newErr
   }

package/lib/scimgateway.js

@@ -330,35 +330,11 @@ const ScimGateway = function () {
     if (authType === 'Basic') [userName] = (Buffer.from(authToken, 'base64').toString() || '').split(':')
     if (!userName && authType === 'Bearer') userName = 'token'
     if (ctx.response.status < 200 || ctx.response.status > 299) {
-      // statusCode check in logResult method...
-      // "statusCode":xxx in error messages let plugin set error statusCode returned by scimgateway
-      let pluginStatusCode = 0
-      const reJson = '^.*"(statusCode)" *: *([0-9][0-9][0-9]).*'
-      const rePattern = new RegExp(reJson, 'i')
-      if (res.body.detail) {
-        const arrMatches = res.body.detail.match(rePattern)
-        if (Array.isArray(arrMatches) && arrMatches.length === 3) {
-          pluginStatusCode = parseInt(arrMatches[2])
-        }
-      } else if (res.body.Errors) {
-        if (Array.isArray(res.body.Errors) && res.body.Errors[0].description && res.body.Errors[0].description) {
-          const arrMatches = res.body.Errors[0].description.match(rePattern)
-          if (Array.isArray(arrMatches) && arrMatches.length === 3) {
-            pluginStatusCode = parseInt(arrMatches[2])
-          }
-        }
+      if (ctx.response.status === 401 || ctx.response.status === 403) { // don't reveal original SCIM error message details related to access denied (e.g. using Auth PassThrough and customErrCode)
+        ctx.response.set('Content-Type', 'application/json; charset=utf-8')
+        ctx.response.body = { error: 'Access denied' }
+        res.body = ctx.response.body
       }
-      if (pluginStatusCode > 0) {
-        ctx.response.status = pluginStatusCode // auto change ctx.response.message
-        res.statusCode = ctx.response.status
-        res.statusMessage = ctx.response.message
-        if (pluginStatusCode === 401 || pluginStatusCode === 403) { // don't reveal original SCIM error message details related to access denied (e.g. using Auth PassThrough)
-          ctx.response.set('Content-Type', 'application/json; charset=utf-8')
-          ctx.response.body = { error: 'Access denied' }
-          res.body = ctx.response.body
-        }
-      }
-      // back to logResult...
       logger.error(`${gwName}[${pluginName}] ${ellapsed} ${ctx.request.ipcli} ${userName} ${ctx.request.method} ${ctx.request.href} Inbound = ${JSON.stringify(ctx.request.body)} Outbound = ${JSON.stringify(res)}${(config.log.loglevel.file === 'debug' && ctx.request.url !== '/ping') ? '\n' : ''}`)
     } else logger.info(`${gwName}[${pluginName}] ${ellapsed} ${ctx.request.ipcli} ${userName} ${ctx.request.method} ${ctx.request.href} Inbound = ${JSON.stringify(ctx.request.body)} Outbound = ${JSON.stringify(res)}${(config.log.loglevel.file === 'debug' && ctx.request.url !== '/ping') ? '\n' : ''}`)
     requestCounter += 1 // logged on exit (not win process termination)
@@ -634,7 +610,7 @@ const ScimGateway = function () {
       if (ipAllowListChecker(ctx.request.ipcli)) return resolve(next())
       logger.debug(`${gwName}[${pluginName}] client ip ${ctx.request.ipcli} not in ipAllowList`)
       ctx.status = 401
-      ctx.body = 'Access denied'
+      ctx.body = { error: 'Access denied' }
       resolve(ctx)
     })
   }
@@ -806,9 +782,10 @@ const ScimGateway = function () {
     const tx = scimDef.Schemas.Resources.find(el => el.name === schemaName)
     if (!tx) {
       ctx.status = 404
-      let err = new Error(`Schema '${schemaName}' not found`)
-      err = jsonErr(config.scim.version, pluginName, ctx.status, err)
-      ctx.body = err
+      const err = new Error(`Schema '${schemaName}' not found`)
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
+      ctx.body = e
     } else {
       ctx.body = tx
     }
@@ -855,9 +832,10 @@ const ScimGateway = function () {
 
       if (scimdata.Resources.length !== 1) {
         ctx.status = 404
-        let err = new Error(`${handle.description} ${getObj.value} not found`)
-        err = jsonErr(config.scim.version, pluginName, ctx.status, err)
-        ctx.body = err
+        const err = new Error(`${handle.description} ${getObj.value} not found`)
+        const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+        if (customErrorCode) ctx.status = customErrorCode
+        ctx.body = e
         return
       }
 
@@ -898,7 +876,8 @@ const ScimGateway = function () {
       ctx.body = scimdata
     } catch (err) {
       ctx.status = 404
-      const e = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
       ctx.body = e
     }
   })
@@ -961,12 +940,10 @@ const ScimGateway = function () {
       // err.name = 'invalidFilter'
     }
     if (err) {
-      let scimType
-      if (err.name && isScimv2) {
-        scimType = err.name
-        ctx.status = 400
-      } else ctx.status = 500
-      const e = jsonErr(config.scim.version, pluginName, ctx.status, err, scimType)
+      if (isScimv2) ctx.status = 400
+      else ctx.status = 500
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
       ctx.body = e
       return
     }
@@ -1104,12 +1081,10 @@ const ScimGateway = function () {
 
       ctx.body = scimdata
     } catch (err) {
-      let scimType
-      if (err.name && isScimv2) {
-        scimType = err.name // e.g. invalidFilter
-        ctx.status = 400
-      } else ctx.status = 500
-      const e = jsonErr(config.scim.version, pluginName, ctx.status, err, scimType)
+      if (isScimv2) ctx.status = 400
+      else ctx.status = 500
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
       ctx.body = e
     }
   })
@@ -1139,21 +1114,24 @@ const ScimGateway = function () {
     const strBody = JSON.stringify(jsonBody)
     if (strBody === '{}') {
       ctx.status = 500
-      let err = new Error('Not accepting empty or none JSON formatted POST requests')
-      err = jsonErr(config.scim.version, pluginName, ctx.status, err)
-      ctx.body = err
+      const err = new Error('Not accepting empty or none JSON formatted POST requests')
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
+      ctx.body = e
       return
     } else if (handle.createMethod === 'createUser' && !jsonBody.userName && !jsonBody.externalId) {
       ctx.status = 500
-      let err = new Error('userName or externalId is mandatory')
-      err = jsonErr(config.scim.version, pluginName, ctx.status, err)
-      ctx.body = err
+      const err = new Error('userName or externalId is mandatory')
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
+      ctx.body = e
       return
     } else if (handle.createMethod === 'createGroup' && !jsonBody.displayName && !jsonBody.externalId) {
       ctx.status = 500
-      let err = new Error('displayName or externalId is mandatory')
-      err = jsonErr(config.scim.version, pluginName, ctx.status, err)
-      ctx.body = err
+      const err = new Error('displayName or externalId is mandatory')
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
+      ctx.body = e
       return
     }
 
@@ -1163,7 +1141,8 @@ const ScimGateway = function () {
     logger.debug(`${gwName}[${pluginName}] convertedBody=${JSON.stringify(scimdata)}`)
     if (err) {
       ctx.status = 500
-      const e = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
       ctx.body = e
       return
     }
@@ -1208,16 +1187,10 @@ const ScimGateway = function () {
       ctx.status = 201
       ctx.body = jsonBody
     } catch (err) {
-      let scimType
-      if (err.name) {
-        scimType = err.name
-        if (err.name === 'uniqueness') ctx.status = 409 // DuplicateKey
-        else {
-          if (isScimv2) ctx.status = 400
-          else ctx.status = 500
-        }
-      } else ctx.status = 500
-      const e = jsonErr(config.scim.version, pluginName, ctx.status, err, scimType)
+      if (isScimv2) ctx.status = 400
+      else ctx.status = 500
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
       ctx.body = e
     }
   }) // post
@@ -1248,7 +1221,8 @@ const ScimGateway = function () {
       ctx.status = 204
     } catch (err) {
       ctx.status = 500
-      const e = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
       ctx.body = e
     }
   }) // delete
@@ -1289,9 +1263,10 @@ const ScimGateway = function () {
     const strBody = JSON.stringify(jsonBody)
     if (strBody === '{}') {
       ctx.status = 500
-      let err = new Error('Not accepting empty or none JSON formatted PATCH request')
-      err = jsonErr(config.scim.version, pluginName, ctx.status, err)
-      ctx.body = err
+      const err = new Error('Not accepting empty or none JSON formatted PATCH request')
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
+      ctx.body = e
     } else {
       logger.debug(`${gwName}[${pluginName}] [Modify ${handle.description}] id=${id}`)
       let scimdata, err
@@ -1300,7 +1275,8 @@ const ScimGateway = function () {
       logger.debug(`${gwName}[${pluginName}] convertedBody=${JSON.stringify(scimdata)}`)
       if (err) {
         ctx.status = 500
-        const e = jsonErr(config.scim.version, pluginName, ctx.status, err)
+        const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+        if (customErrorCode) ctx.status = customErrorCode
         ctx.body = e
         return
       }
@@ -1340,7 +1316,8 @@ const ScimGateway = function () {
         ctx.body = scimdata
       } catch (err) {
         ctx.status = 500
-        const e = jsonErr(config.scim.version, pluginName, ctx.status, err)
+        const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+        if (customErrorCode) ctx.status = customErrorCode
         ctx.body = e
       }
     }
@@ -1360,9 +1337,10 @@ const ScimGateway = function () {
     const strBody = JSON.stringify(jsonBody)
     if (strBody === '{}') {
       ctx.status = 500
-      let err = new Error('Not accepting empty or none JSON formatted PUT requests')
-      err = jsonErr(config.scim.version, pluginName, ctx.status, err)
-      ctx.body = err
+      const err = new Error('Not accepting empty or none JSON formatted PUT requests')
+      const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+      if (customErrorCode) ctx.status = customErrorCode
+      ctx.body = e
     } else {
       logger.debug(`${gwName}[${pluginName}] PUT ${ctx.originalUrl} body=${strBody}`)
       try {
@@ -1370,11 +1348,22 @@ const ScimGateway = function () {
         logger.debug(`${gwName}[${pluginName}] calling "${handle.getMethod}" and awaiting result`)
         let res = await this[handle.getMethod](ctx.params.baseEntity, { attribute: 'id', operator: 'eq', value: id }, [], ctx.ctxCopy)
 
-        let currentObj = {}
-        if (res && res.Resources && Array.isArray(res.Resources) && res.Resources.length === 1) currentObj = res.Resources[0]
-        else if (Array.isArray(res) && res.length === 1) currentObj = res[0]
+        let currentObj
+        if (res && res.Resources && Array.isArray(res.Resources)) {
+          if (res.Resources.length === 1) currentObj = res.Resources[0]
+          else currentObj = {}
+        } else if (Array.isArray(res) && res.length === 1) currentObj = res[0]
         else if (res && typeof (res) === 'object' && Object.keys(res).length > 0) currentObj = res
-        else throw Error(`put using method ${handle.getMethod} got unexpected response: ${JSON.stringify(res)}`)
+        else currentObj = {}
+
+        if (typeof (currentObj) !== 'object' || Object.keys(currentObj).length === 0) {
+          ctx.status = 404
+          const err = new Error(`put using method ${handle.getMethod} error: ${handle.description.toLowerCase()} id=${id} does not exist`)
+          const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+          if (customErrorCode) ctx.status = customErrorCode
+          ctx.body = e
+          return
+        }
 
         const clearedObj = clearObjectValues(currentObj)
         delete clearedObj.active
@@ -1565,7 +1554,8 @@ const ScimGateway = function () {
         ctx.body = scimdata
       } catch (err) {
         ctx.status = 500
-        const e = jsonErr(config.scim.version, pluginName, ctx.status, err)
+        const [e, customErrorCode] = jsonErr(config.scim.version, pluginName, ctx.status, err)
+        if (customErrorCode) ctx.status = customErrorCode
         ctx.body = e
       }
     }
@@ -2966,10 +2956,29 @@ const clearObjectValues = (o, parent) => {
 //
 // SCIM error formatting
 //
-const jsonErr = (scimVersion, pluginName, htmlErrCode, err, scimType) => {
+const jsonErr = (scimVersion, pluginName, htmlErrCode, err) => {
   let errJson = {}
+  let customErrCode = null
+  let scimType = 'invalidSyntax'
   let msg = `scimgateway[${pluginName}] `
-  err.constructor === Error ? msg += err.message : msg += err
+  if (err.constructor === Error) {
+    if (err.name) { // customErrCode can be set by including suffix "#<number>" e.g., "<scimType>#404"
+      const arr = err.name.split('#')
+      if (arr.length > 1 && !isNaN(arr[arr.length - 1])) {
+        customErrCode = arr[arr.length - 1]
+        const code = parseInt(customErrCode)
+        if (code < 300 && code > 199) customErrCode = null
+        arr.splice(-1)
+        err.name = arr.join('#') // back to original having customErrCode removed
+      } else if (err.name === 'uniqueness') customErrCode = '409' // legacy support
+      scimType = err.name
+      if (scimType === 'Error') scimType = 'invalidSyntax' // default err.name used
+      if (customErrCode === 409) scimType = 'uniqueness'
+    }
+    msg += err.message
+  } else {
+    msg += err
+  }
 
   if (scimVersion !== '2.0' && scimVersion !== 2) { // v1.1
     errJson =
@@ -2977,7 +2986,7 @@ const jsonErr = (scimVersion, pluginName, htmlErrCode, err, scimType) => {
       Errors: [
         {
           description: msg,
-          code: htmlErrCode
+          code: customErrCode || htmlErrCode
         }
       ]
     }
@@ -2987,10 +2996,12 @@ const jsonErr = (scimVersion, pluginName, htmlErrCode, err, scimType) => {
       schemas: ['urn:ietf:params:scim:api:messages:2.0:Error'],
       scimType: scimType,
       detail: msg,
-      status: htmlErrCode
+      status: customErrCode || htmlErrCode
     }
   }
-  return errJson
+
+  if (customErrCode) customErrCode = parseInt(customErrCode)
+  return [errJson, customErrCode]
 }
 
 //

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scimgateway",
-  "version": "4.2.13",
+  "version": "4.2.15",
   "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
   "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",
   "homepage": "https://elshaug.xyz",