scimgateway 5.3.2 → 5.3.4

package/README.md

@@ -1405,6 +1405,36 @@ MIT © [Jarle Elshaug](https://www.elshaug.xyz)
 
 ## Change log  
 
+### v5.3.4
+
+[Fixed]  
+
+- PATCH operations (modifyUser/modifyGroup) that includes `null` values, will now be converted to empty string `""`
+
+		{
+		  "schemas": [
+		    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
+		  ],
+		  "Operations": [{
+		    "op": "replace",
+		    "value": {
+		      "name": {
+		        "formatted": "Smith, John",
+		        "honorificPrefix": null
+		      }
+		    }}
+		  ]
+		}
+
+	In the example above, following will be sent to plugin:  
+	{ "name": { "formatted": "Smith, John", "honorificPrefix": "" } }
+
+### v5.3.3
+
+[Fixed]  
+
+- helper-rest, SamlBearer token-request now includes `new_token=true` to avoid retrieving an existing token that is about to expire
+
 ### v5.3.2
 
 [Improved]  

package/lib/helper-rest.ts

@@ -142,6 +142,7 @@ export class HelperRest {
             grant_type: 'urn:ietf:params:oauth:grant-type:saml2-bearer',
             client_id: clientId,
             company_id: companyId,
+            new_token: true,
             assertion: await samlAssertion.run(context, cert, key, issuer, lifetime, clientId, nameId, userIdentifierFormat, tokenEndpoint, audience, delay),
           }
           break

package/lib/plugin-entra-id.ts

@@ -265,11 +265,8 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   if (parsedAttrObj instanceof Error) throw (parsedAttrObj) // error object
 
   const objManager: Record<string, any> = {}
-  if (parsedAttrObj.manager) { // new manager
-    objManager.manager = JSON.parse(JSON.stringify(parsedAttrObj.manager))
-    delete parsedAttrObj.manager
-  } else if (parsedAttrObj.manager === null) { // delete manager
-    objManager.manager = null
+  if (Object.prototype.hasOwnProperty.call(parsedAttrObj, 'manager')) {
+    objManager.manager = parsedAttrObj.manager
     delete parsedAttrObj.manager
   }
 
@@ -309,6 +306,7 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
   const manager = () => {
     return new Promise((resolve, reject) => {
       (async () => {
+        if (!Object.prototype.hasOwnProperty.call(objManager, 'manager')) return resolve(null)
         let method: string | null = null
         let path: string | null = null
         let body: Record<string, any> | null = null
@@ -317,11 +315,11 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
           method = 'PUT'
           path = `/users/${id}/manager/$ref`
           body = { '@odata.id': `${graphUrl}/users/${objManager.manager}` }
-        } else if (objManager.manager === null) { // delete manager
+        } else { // delete manager (null/undefined/'')
           method = 'DELETE'
           path = `/users/${id}/manager/$ref`
           body = null
-        } else return resolve(null)
+        }
         try {
           await helper.doRequest(baseEntity, method, path, body, ctx)
           resolve(null)

package/lib/plugin-loki.ts

@@ -380,31 +380,24 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj) => {
         }
       }
     } else {
-      // None multi value attribute
-      if (typeof (attrObj[key]) !== 'object' || attrObj[key] === null) {
-        if (attrObj[key] === '' || attrObj[key] === null) delete userObj[key]
-        else userObj[key] = attrObj[key]
-      } else {
+      // None multi value attribute, blank will be deleted
+      if (typeof (attrObj[key]) === 'object' && attrObj[key] !== null) {
         // name.familyName=Bianchi
         if (!userObj[key]) userObj[key] = {} // e.g name object does not exist
-        for (const sub in attrObj[key]) { // attributes to be cleard located in meta.attributes eg: {"meta":{"attributes":["name.familyName","profileUrl","title"]}
-          if (sub === 'attributes' && Array.isArray(attrObj[key][sub])) {
-            attrObj[key][sub].forEach((element) => {
-              const arrSub = element.split('.')
-              if (arrSub.length === 2) userObj[arrSub[0]][arrSub[1]] = '' // e.g. name.familyName
-              else userObj[element] = ''
-            })
-          } else {
-            if (Object.prototype.hasOwnProperty.call(attrObj[key][sub], 'value')
-              && attrObj[key][sub].value === '') delete userObj[key][sub] // object having blank value attribute e.g. {"manager": {"value": "",...}}
-            else if (attrObj[key][sub] === '') delete userObj[key][sub]
-            else {
-              if (!userObj[key]) userObj[key] = {} // may have been deleted by length check below
-              userObj[key][sub] = attrObj[key][sub]
-            }
-            if (Object.keys(userObj[key]).length < 1) delete userObj[key]
+        for (const sub in attrObj[key]) {
+          if (!userObj[key]) userObj[key] = {}
+          if (Object.prototype.hasOwnProperty.call(attrObj[key][sub], 'value')
+            && attrObj[key][sub].value === '') delete userObj[key][sub] // object having blank value attribute e.g. {"manager": {"value": "",...}}
+          else if (attrObj[key][sub] === '') delete userObj[key][sub]
+          else {
+            if (!userObj[key]) userObj[key] = {} // may have been deleted by length check below
+            userObj[key][sub] = attrObj[key][sub]
           }
+          if (Object.keys(userObj[key]).length < 1) delete userObj[key]
         }
+      } else {
+        if (attrObj[key] === '') delete userObj[key]
+        else userObj[key] = attrObj[key]
       }
     }
   }
@@ -581,7 +574,7 @@ scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
     if (!Array.isArray(attrObj.members)) {
       throw new Error(`${action} error: ${JSON.stringify(attrObj)} - correct syntax is { "members": [...] }`)
     }
-    await attrObj.members.forEach(async (el) => {
+    for (const el of attrObj.members) {
       if (el.operation && el.operation === 'delete') { // delete member from group
         if (!el.value) groupObj.members = [] // members=[{"operation":"delete"}] => no value, delete all members
         else {
@@ -601,7 +594,7 @@ scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
           } else usersNotExist.push(el.value)
         }
       }
-    })
+    }
   }
 
   delete attrObj.members

package/lib/plugin-mongodb.ts

@@ -439,16 +439,12 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
         if (attrObj[key] === '' || attrObj[key] === null) delete userObj[key]
         else userObj[key] = attrObj[key]
       } else {
+      // None multi value attribute, blank will be deleted
+        if (typeof (attrObj[key]) === 'object' && attrObj[key] !== null) {
         // name.familyName=Bianchi
-        if (!userObj[key]) userObj[key] = {} // e.g name object does not exist
-        for (const sub in attrObj[key]) { // attributes to be cleard located in meta.attributes eg: {"meta":{"attributes":["name.familyName","profileUrl","title"]}
-          if (sub === 'attributes' && Array.isArray(attrObj[key][sub])) {
-            attrObj[key][sub].forEach((element) => {
-              const arrSub = element.split('.')
-              if (arrSub.length === 2) userObj[arrSub[0]][arrSub[1]] = '' // e.g. name.familyName
-              else userObj[element] = ''
-            })
-          } else {
+          if (!userObj[key]) userObj[key] = {} // e.g name object does not exist
+          for (const sub in attrObj[key]) {
+            if (!userObj[key]) userObj[key] = {}
             if (Object.prototype.hasOwnProperty.call(attrObj[key][sub], 'value')
               && attrObj[key][sub].value === '') delete userObj[key][sub] // object having blank value attribute e.g. {"manager": {"value": "",...}}
             else if (attrObj[key][sub] === '') delete userObj[key][sub]
@@ -458,6 +454,9 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
             }
             if (Object.keys(userObj[key]).length < 1) delete userObj[key]
           }
+        } else {
+          if (attrObj[key] === '') delete userObj[key]
+          else userObj[key] = attrObj[key]
         }
       }
     }

package/lib/plugin-soap.ts

@@ -436,7 +436,7 @@ scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
   try {
     const serviceClient = await getServiceClient(baseEntity, action, ctx)
 
-    attrObj.members.forEach(async function (el) {
+    for (const el of attrObj.members) {
       if (el.operation && el.operation === 'delete') { // delete member from group
         const soapRequest = {
           groupID: id,
@@ -451,7 +451,6 @@ scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
         if (!result.return) {
           throw new Error(`${config[action].service}-removeUserFromGroup : Got empty response on soap request: ${soapRequest}`)
         }
-        return null
       } else { // add member to group
         const soapRequest = {
           groupID: id,
@@ -466,9 +465,9 @@ scimgateway.modifyGroup = async (baseEntity, id, attrObj, ctx) => {
         if (!result.return) {
           throw new Error(`assignUserToGroup : Got empty response on soap request: ${soapRequest}`)
         }
-        return null
       }
-    })
+    }
+    return null
   } catch (err: any) {
     throw new Error(`${action} error: ${err.message}`)
   }

package/lib/utils-scim.ts

@@ -87,37 +87,55 @@ export function convertedScim(obj: any, multiValueTypes: string[]): any {
         })
         delete scimdata[key]
       }
-    }
-  }
-  if (scimdata.active && typeof scimdata.active === 'string') {
-    const lcase = scimdata.active.toLowerCase()
-    if (lcase === 'true') scimdata.active = true
-    else if (lcase === 'false') scimdata.active = false
-  }
-  if (scimdata.meta) { // cleared attributes e.g { meta: { attributes: [ 'name.givenName', 'title' ] } }
-    if (Array.isArray(scimdata.meta.attributes)) {
-      scimdata.meta.attributes.forEach((el: string) => {
-        let rootKey = ''
-        let subKey = ''
-        if (el.startsWith('urn:')) { // can't use dot.str on key having dot e.g. urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department
-          const i = el.lastIndexOf(':')
-          subKey = el.substring(i + 1)
-          if (subKey === 'User' || subKey === 'Group') rootKey = el
-          else rootKey = el.substring(0, i)
-        }
-        if (rootKey) {
-          if (!scimdata[rootKey]) scimdata[rootKey] = {}
-          dot.str(subKey, '', scimdata[rootKey])
-        } else {
-          dot.str(el, '', scimdata)
+    } else if (key === 'active' && typeof scimdata[key] === 'string') {
+      const lcase = scimdata.active.toLowerCase()
+      if (lcase === 'true') scimdata.active = true
+      else if (lcase === 'false') scimdata.active = false
+    } else if (key === 'meta') { // cleared attributes e.g { meta: { attributes: [ 'name.givenName', 'title' ] } }
+      if (Array.isArray(scimdata.meta.attributes)) {
+        scimdata.meta.attributes.forEach((el: string) => {
+          let rootKey = ''
+          let subKey = ''
+          if (el.startsWith('urn:')) { // can't use dot.str on key having dot e.g. urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department
+            const i = el.lastIndexOf(':')
+            subKey = el.substring(i + 1)
+            if (subKey === 'User' || subKey === 'Group') rootKey = el
+            else rootKey = el.substring(0, i)
+          }
+          if (rootKey) {
+            if (!scimdata[rootKey]) scimdata[rootKey] = {}
+            dot.str(subKey, '', scimdata[rootKey])
+          } else {
+            dot.str(el, '', scimdata)
+          }
+        })
+      }
+      delete scimdata.meta
+    } else { // replace any undefined/null with empty string
+      if (typeof scimdata[key] === 'object' && scimdata[key] !== null) {
+        for (const k in scimdata[key]) {
+          if (typeof scimdata[key][k] === 'object' && scimdata[key][k] !== null) {
+            for (const _k in scimdata[key][k]) {
+              if (scimdata[key][k][_k] === undefined || scimdata[key][k][_k] === null) {
+                scimdata[key][k][_k] = ''
+              }
+            }
+          } else {
+            if (scimdata[key][k] === undefined || scimdata[key][k] === null) {
+              scimdata[key][k] = ''
+            }
+          }
         }
-      })
+      } else if (scimdata[key] === undefined || scimdata[key] === null) {
+        scimdata[key] = ''
+      }
     }
-    delete scimdata.meta
   }
+
   for (const key in newMulti) {
     dot.copy(key, key, newMulti, scimdata)
   }
+
   return [scimdata, err]
 }
 
@@ -134,8 +152,8 @@ export function convertedScim(obj: any, multiValueTypes: string[]): any {
 * {"name":{"givenName":"Rocky",formatted:""},"emails":{"work":{"value":"user@company.com","type":"work"}}}
 */
 export function convertedScim20(obj: any, multiValueTypes: string[]): any {
-  let scimdata: { [key: string]: any } = {}
-  if (!obj.Operations || !Array.isArray(obj.Operations)) return scimdata
+  if (!obj.Operations || !Array.isArray(obj.Operations)) return {}
+  let scimdata: { [key: string]: any } = { meta: { attributes: [] } } // meta is used for deleted attributes
   const o: any = utils.copyObj(obj)
   const arrPrimaryDone: any = []
   const primaryOrgType: any = {}
@@ -289,10 +307,9 @@ export function convertedScim20(obj: any, multiValueTypes: string[]): any {
           })
         } else {
           let value = element.value[key]
-          if (element.op && element.op === 'remove') {
-            if (!scimdata.meta) scimdata.meta = {}
-            if (!scimdata.meta.attributes) scimdata.meta.attributes = []
+          if (element?.op === 'remove' || value === undefined || value === null) {
             scimdata.meta.attributes.push(key)
+            continue
           }
           if (key.startsWith('urn:')) { // can't use dot.str on key having dot e.g. urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department
             const i = key.lastIndexOf(':')
@@ -301,6 +318,17 @@ export function convertedScim20(obj: any, multiValueTypes: string[]): any {
             if (k === 'User' || k === 'Group') rootKey = key
             else rootKey = key.substring(0, i) // urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
             if (k === 'User' || k === 'Group') { // value is object
+              for (const _k in value) {
+                if (value[_k] === undefined || value[_k] === null) {
+                  scimdata.meta.attributes.push(`${key}:${_k}`)
+                  delete value[_k]
+                } else if (typeof value[_k] === 'object') { // manager.value
+                  if (Object.prototype.hasOwnProperty.call(value[_k], 'value') && (value[_k].value === undefined || value[_k].value === null)) {
+                    scimdata.meta.attributes.push(`${key}:${_k}.value`)
+                    delete value[_k].value
+                  }
+                }
+              }
               const o: Record<string, any> = {}
               o[rootKey] = value
               scimdata = utils.extendObj(scimdata, o)
@@ -316,14 +344,10 @@ export function convertedScim20(obj: any, multiValueTypes: string[]): any {
           } else {
             if (typeof value === 'object') {
               for (const k in element.value[key]) {
-                if (element.op && element.op === 'remove') {
-                  if (!scimdata.meta) scimdata.meta = {}
-                  if (!scimdata.meta.attributes) scimdata.meta.attributes = []
+                value = element.value[key][k]
+                if ((element.op && element.op === 'remove') || value === null || value === undefined) {
                   scimdata.meta.attributes.push(`${key}.${k}`)
-                } else {
-                  value = element.value[key][k]
-                  dot.str(`${key}.${k}`, value, scimdata)
-                }
+                } else dot.str(`${key}.${k}`, value, scimdata)
               }
             } else dot.str(key, value, scimdata)
           }

package/lib/utils.ts

@@ -201,7 +201,8 @@ export const copyObj = (o: any): any => { // deep copy/clone faster than JSON.pa
 
 const _extendObj = (obj: Record<any, any>, src: Record<any, any>) => {
   Object.keys(src).forEach((key) => {
-    if (typeof src[key] === 'object' && src[key] != null) {
+    if (typeof src[key] === 'object' && src[key] !== null) {
+      if (Object.keys(src[key]).length === 0) return
       if (typeof obj[key] === 'undefined') obj[key] = src[key]
       else if (Array.isArray(src[key])) {
         if (!Array.isArray(obj[key])) obj[key] = src[key]

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scimgateway",
-  "version": "5.3.2",
+  "version": "5.3.4",
   "type": "module",
   "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
   "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",

package/tsconfig.json

@@ -3,7 +3,7 @@
     // Enable latest features
     "lib": ["ESNext", "DOM"],
     "target": "ESNext",
-    "module": "ESNext",
+    "module": "Preserve",
     "moduleDetection": "force",
     "jsx": "react-jsx",
     "allowJs": true,