scimgateway 6.2.0 → 6.2.2

package/lib/plugin-generic.ts

@@ -50,8 +50,17 @@ const scimgateway = new ScimGateway()
 const helper = new HelperRest(scimgateway)
 const config = scimgateway.getConfig()
 scimgateway.authPassThroughAllowed = false
+scimgateway.pluginAndOrFilterEnabled = false
 // end - mandatory plugin initialization
 
+const isAllowlistingUser = config.map?.user
+  ? Object.values(config.map.user).some((item: any) => typeof item?.valueMap === 'object' && Object.keys(item.valueMap).length > 0)
+  : false
+
+const isAllowlistingGroup = config.map?.group
+  ? Object.values(config.map.group).some((item: any) => typeof item.valueMap === 'object' && Object.keys(item.valueMap).length > 0)
+  : false
+
 // =================================================
 // getUsers
 // =================================================
@@ -85,6 +94,11 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all users to be returned - correspond to exploreUsers() in versions < 4.x.x
     path = `/Users${(attrs.length > 0 ? '?attributes=' + attrs.join() : '')}`
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // end mandatory if-else logic
 
   if (!path) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
@@ -114,16 +128,13 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
     totalResults: null,
   }
 
-  const isAllowlisting = config.map?.user
-    ? Object.values(config.map.user).some((item: any) => typeof item?.valueMap === 'object' && Object.keys(item.valueMap).length > 0)
-    : false
-  let currentStartIndex = isAllowlisting ? 1 : targetStartIndex
+  let currentStartIndex = isAllowlistingUser ? 1 : targetStartIndex
   let allValidResources: any[] = []
   let totalSkipped = 0
   let targetTotalResults: number | null = null
   let iteration = 0
   const maxIterations = 5 // Safety limit for look-ahead fetching
-  const resourcesNeeded = isAllowlisting ? targetStartIndex + targetCount - 1 : targetCount
+  const resourcesNeeded = isAllowlistingUser ? targetStartIndex + targetCount - 1 : targetCount
 
   try {
     while (allValidResources.length < resourcesNeeded && iteration < maxIterations) {
@@ -166,8 +177,8 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
 
       if (targetTotalResults === null) {
         // Target endpoint returned full list
-        ret.totalResults = isAllowlisting ? allValidResources.length : targetStartIndex - 1 + allValidResources.length
-        ret.Resources = isAllowlisting ? allValidResources.slice(targetStartIndex - 1, targetStartIndex - 1 + targetCount) : allValidResources.slice(0, targetCount)
+        ret.totalResults = isAllowlistingUser ? allValidResources.length : targetStartIndex - 1 + allValidResources.length
+        ret.Resources = isAllowlistingUser ? allValidResources.slice(targetStartIndex - 1, targetStartIndex - 1 + targetCount) : allValidResources.slice(0, targetCount)
         return ret
       }
 
@@ -185,8 +196,8 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
     }
     if (ctx?.paging && Object.hasOwn(ctx.paging, 'totalResults')) targetTotalResults = ctx.paging.totalResults
 
-    ret.totalResults = (targetTotalResults !== null && targetTotalResults > totalSkipped) ? targetTotalResults - totalSkipped : (isAllowlisting ? allValidResources.length : targetStartIndex - 1 + allValidResources.length)
-    ret.Resources = isAllowlisting ? allValidResources.slice(targetStartIndex - 1, targetStartIndex - 1 + targetCount) : allValidResources.slice(0, targetCount)
+    ret.totalResults = (targetTotalResults !== null && targetTotalResults > totalSkipped) ? targetTotalResults - totalSkipped : (isAllowlistingUser ? allValidResources.length : targetStartIndex - 1 + allValidResources.length)
+    ret.Resources = isAllowlistingUser ? allValidResources.slice(targetStartIndex - 1, targetStartIndex - 1 + targetCount) : allValidResources.slice(0, targetCount)
     if (!ret.startIndex) ret.startIndex = targetStartIndex
 
     return ret
@@ -321,6 +332,11 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all groups to be returned - correspond to exploreGroups() in versions < 4.x.x
     path = `/Groups${(attrs.length > 0 ? '?attributes=' + attrs.join() : '')}`
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!path) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
@@ -345,16 +361,13 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   }
   */
 
-  const isAllowlisting = config.map?.group
-    ? Object.values(config.map.group).some((item: any) => typeof item.valueMap === 'object' && Object.keys(item.valueMap).length > 0)
-    : false
-  let currentStartIndex = isAllowlisting ? 1 : targetStartIndex
+  let currentStartIndex = isAllowlistingGroup ? 1 : targetStartIndex
   let allValidResources: any[] = []
   let totalSkipped = 0
   let targetTotalResults: number | null = null
   let iteration = 0
   const maxIterations = 5 // Safety limit for look-ahead fetching
-  const resourcesNeeded = isAllowlisting ? targetStartIndex + targetCount - 1 : targetCount
+  const resourcesNeeded = isAllowlistingGroup ? targetStartIndex + targetCount - 1 : targetCount
 
   try {
     while (allValidResources.length < resourcesNeeded && iteration < maxIterations) {
@@ -399,8 +412,8 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
 
       if (targetTotalResults === null) {
         // Target endpoint returned full list
-        ret.totalResults = isAllowlisting ? allValidResources.length : targetStartIndex - 1 + allValidResources.length
-        ret.Resources = isAllowlisting ? allValidResources.slice(targetStartIndex - 1, targetStartIndex - 1 + targetCount) : allValidResources.slice(0, targetCount)
+        ret.totalResults = isAllowlistingGroup ? allValidResources.length : targetStartIndex - 1 + allValidResources.length
+        ret.Resources = isAllowlistingGroup ? allValidResources.slice(targetStartIndex - 1, targetStartIndex - 1 + targetCount) : allValidResources.slice(0, targetCount)
         return ret
       }
 
@@ -418,8 +431,8 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
     }
     if (ctx?.paging && Object.hasOwn(ctx.paging, 'totalResults')) targetTotalResults = ctx.paging.totalResults
 
-    ret.totalResults = (targetTotalResults !== null && targetTotalResults > totalSkipped) ? targetTotalResults - totalSkipped : (isAllowlisting ? allValidResources.length : targetStartIndex - 1 + allValidResources.length)
-    ret.Resources = isAllowlisting ? allValidResources.slice(targetStartIndex - 1, targetStartIndex - 1 + targetCount) : allValidResources.slice(0, targetCount)
+    ret.totalResults = (targetTotalResults !== null && targetTotalResults > totalSkipped) ? targetTotalResults - totalSkipped : (isAllowlistingGroup ? allValidResources.length : targetStartIndex - 1 + allValidResources.length)
+    ret.Resources = isAllowlistingGroup ? allValidResources.slice(targetStartIndex - 1, targetStartIndex - 1 + targetCount) : allValidResources.slice(0, targetCount)
     if (!ret.startIndex) ret.startIndex = targetStartIndex
 
     return ret

package/lib/plugin-ldap.ts

@@ -116,6 +116,7 @@ import { ScimGateway } from 'scimgateway'
 const scimgateway = new ScimGateway()
 const config = scimgateway.getConfig()
 scimgateway.authPassThroughAllowed = false
+scimgateway.pluginAndOrFilterEnabled = false
 // end - mandatory plugin initialization
 
 // =================================================
@@ -123,9 +124,10 @@ scimgateway.authPassThroughAllowed = false
 // =================================================
 scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
   //
-  // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
+  // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <>, and/or: <getObj> }
   // rawFilter is always included when filtering
   // attribute, operator and value are included when requesting unique object or simpel filtering
+  // and/or will be included and the value set to corresponding getObj if the mandatory plugin initialization have 'scimgateway.pluginAndOrFilterEnabled = true' and the request query filter includes simple and/or logic 
   // See comments in the "mandatory if-else logic - start"
   //
   // "attributes" is array of attributes to be returned - if empty, all supported attributes should be returned
@@ -207,6 +209,11 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
       attributes: attrs,
     }
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // end mandatory if-else logic
 
   if (!ldapOptions) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
@@ -471,9 +478,10 @@ scimgateway.modifyUser = async (baseEntity, id, attrObj, ctx) => {
 // =================================================
 scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   //
-  // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <> }
+  // "getObj" = { attribute: <>, operator: <>, value: <>, rawFilter: <>, startIndex: <>, count: <>, and/or: <getObj> }
   // rawFilter is always included when filtering
   // attribute, operator and value are included when requesting unique object or simpel filtering
+  // and/or will be included and the value set to corresponding getObj if the mandatory plugin initialization have 'scimgateway.pluginAndOrFilterEnabled = true' and the request query filter includes simple and/or logic 
   // See comments in the "mandatory if-else logic - start"
   //
   // "attributes" is array of attributes to be returned - if empty, all supported attributes should be returned
@@ -562,6 +570,11 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
       attributes: attrs,
     }
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!ldapOptions) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)

package/lib/plugin-loki.ts

@@ -32,6 +32,7 @@ import { ScimGateway } from 'scimgateway'
 const scimgateway = new ScimGateway()
 const config = scimgateway.getConfig()
 scimgateway.authPassThroughAllowed = false
+scimgateway.pluginAndOrFilterEnabled = false
 // end - mandatory plugin initialization
 
 const configDir = scimgateway.configDir
@@ -193,6 +194,11 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all users to be returned - correspond to exploreUsers() in versions < 4.x.x
     usersArr = users.chain().data()
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!usersArr) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
@@ -363,6 +369,11 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all groups to be returned - correspond to exploreUsers() in versions < 4.x.x
     groupsArr = groups.chain().data()
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!groupsArr) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)

package/lib/plugin-mongodb.ts

@@ -29,6 +29,7 @@ import { ScimGateway } from 'scimgateway'
 const scimgateway = new ScimGateway()
 const config = scimgateway.getConfig()
 scimgateway.authPassThroughAllowed = false
+scimgateway.pluginAndOrFilterEnabled = false
 // end - mandatory plugin initialization
 
 const validFilterOperators = ['eq', 'ne', 'aeq', 'dteq', 'gt', 'gte', 'lt', 'lte', 'between', 'jgt', 'jgte', 'jlt', 'jlte', 'jbetween', 'regex', 'in', 'nin', 'keyin', 'nkeyin', 'definedin', 'undefinedin', 'contains', 'containsAny', 'type', 'finite', 'size', 'len', 'exists']
@@ -224,6 +225,11 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all users to be returned - correspond to exploreUsers() in versions < 4.x.x
     findObj = {}
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!findObj) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
@@ -448,6 +454,11 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all groups to be returned - correspond to exploreUsers() in versions < 4.x.x
     findObj = {}
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!findObj) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)

package/lib/plugin-mssql.ts

@@ -63,6 +63,7 @@ import { ScimGateway } from 'scimgateway'
 const scimgateway = new ScimGateway()
 const config = scimgateway.getConfig()
 scimgateway.authPassThroughAllowed = false
+scimgateway.pluginAndOrFilterEnabled = false
 // end - mandatory plugin initialization
 
 if (config?.connection?.authentication?.options?.password) {
@@ -97,6 +98,11 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all users to be returned - correspond to exploreUsers() in versions < 4.x.x
     sqlQuery = 'select * from [Users]'
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!sqlQuery) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
@@ -269,6 +275,11 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all groups to be returned - correspond to exploreGroups() in versions < 4.x.x
     sqlQuery = 'select * from [Groups]'
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
   if (!sqlQuery) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
 

package/lib/plugin-saphana.ts

@@ -24,6 +24,7 @@ import { ScimGateway } from 'scimgateway'
 const scimgateway = new ScimGateway()
 const config = scimgateway.getConfig()
 scimgateway.authPassThroughAllowed = false
+scimgateway.pluginAndOrFilterEnabled = false
 // end - mandatory plugin initialization
 
 const endpointHost = config.host
@@ -66,6 +67,11 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all users to be returned - correspond to exploreUsers() in versions < 4.x.x
     sqlQuery = 'select USER_NAME, USER_DEACTIVATED from SYS.USERS where IS_SAML_ENABLED like \'TRUE\''
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!sqlQuery) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
@@ -235,6 +241,11 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
   } else {
     // mandatory - no filtering (!getObj.operator && !getObj.rawFilter) - all groups to be returned - correspond to exploreGroups() in versions < 4.x.x
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   return { Resources: [] } // groups not supported - returning empty Resources

package/lib/plugin-soap.ts

@@ -35,6 +35,7 @@ import { ScimGateway } from 'scimgateway'
 const scimgateway = new ScimGateway()
 const config = scimgateway.getConfig()
 scimgateway.authPassThroughAllowed = false
+scimgateway.pluginAndOrFilterEnabled = false
 // end - mandatory plugin initialization
 
 const wsdlDir = path.join(`${scimgateway.configDir}`, 'wsdls')
@@ -74,6 +75,11 @@ scimgateway.getUsers = async (baseEntity, getObj, attributes, ctx) => {
     soapRequest = { sql: 'SELECT * FROM Users' }
     soapAction = 'exploreUsers'
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!soapRequest) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)
@@ -327,6 +333,11 @@ scimgateway.getGroups = async (baseEntity, getObj, attributes, ctx) => {
     soapRequest = { sql: 'SELECT * FROM Groups' }
     soapAction = 'exploreGroups'
   }
+  if (getObj.and || getObj.or) {
+    // plugin have enabled 'scimgateway.pluginAndOrFilterEnabled' and the query includes an additonal and/or getObj that must to be handled and combined with the initial getObj
+    // we could have this logic above, if not it must be defined here
+    throw new Error(`${action} error: logic for handling and/or filter is not implemented by plugin, not supporting: ${getObj.rawFilter}`)
+  }
   // mandatory if-else logic - end
 
   if (!soapRequest) throw new Error(`${action} error: mandatory if-else logic not fully implemented`)

package/lib/scimgateway.ts

@@ -56,6 +56,12 @@ export class ScimGateway {
   * header in the communication with endpoint
   */
   authPassThroughAllowed: boolean
+  /** 
+  * pluginAndOrFilterEnabled can be set to 'true' by the plugin for letting the plugin handle query filtering that includes simple `and`/`or` logic instead of default handled by scimgateway
+  *  
+  */
+  pluginAndOrFilterEnabled: boolean
+
   //
   // plugin methods
   //
@@ -364,6 +370,7 @@ export class ScimGateway {
     this.configDir = configDir
     this.configFile = configFile
     this.authPassThroughAllowed = false // set to true by plugin if using Auth PassThrough
+    this.pluginAndOrFilterEnabled = false // set to true by plugin if plugin handle simple and/or query filter
 
     let found: Record<string, any> = {}
     let configErr: any
@@ -1538,8 +1545,10 @@ export class ScimGateway {
       let isOrFilter = false
       if (getObj.rawFilter) {
         getObj.rawFilter = decodeURIComponent(getObj.rawFilter.trim())
-        if (getObj.rawFilter.includes(' and ')) isAndFilter = true
-        if (getObj.rawFilter.includes(' or ')) isOrFilter = true
+        // Strip quoted literals (handling escaped quotes) to check for operators outside of values
+        const filterWithoutQuotes = getObj.rawFilter.replace(/"(?:\\"|[^"])*"/g, '""')
+        if (filterWithoutQuotes.includes(' and ')) isAndFilter = true
+        if (filterWithoutQuotes.includes(' or ')) isOrFilter = true
       }
       if (ctx.query.filter) ctx.query.filter = decodeURIComponent(ctx.query.filter.trim())
       else ctx.query.filter = ''
@@ -1553,7 +1562,7 @@ export class ScimGateway {
             const value = arrFilter.slice(2).join(' ').replace(/"/g, '')
             getObj.value = value
           } else if (arrFilter[arrFilter.length - 1].endsWith(']')) { // emails[type eq "work"]
-            const rePattern = /^(.*)\[(.*) (.*) (.*)\]$/
+            const rePattern = /^(.*)\[(.*) (.*) (".*")\]$/
             const arrMatches = ctx.query.filter.match(rePattern)
             if (Array.isArray(arrMatches) && arrMatches.length === 5) {
               getObj.attribute = `${arrMatches[1]}.${arrMatches[2]}` // emails.type
@@ -1703,7 +1712,7 @@ export class ScimGateway {
           const splitBy = isAndFilter ? ' and ' : ' or '
           const arr = obj.rawFilter.split(splitBy)
           const originalGetObjArrLength = arr.length
-          let getObjArr: object[] = []
+          let getObjArr: Record<string, any>[] = []
           let complexAttr = ''
           for (let i = 0; i < arr.length; i++) {
             arr[i] = arr[i].replace(/\(/g, '').replace(/\)/g, '').trim()
@@ -1752,43 +1761,52 @@ export class ScimGateway {
           }
 
           if (getObjArr.length > 0) {
-            const getObj = async (o: Record<string, any>) => {
-              return await (this as any)[handle.getMethod](baseEntity, o, attributes, ctx.passThrough)
-            }
-            const chunk = 5
-            const chunkRes: Record<string, any>[] = []
-            logger.debug(`${gwName} calling ${handle.getMethod} in chunks of ${chunk}`, { baseEntity: ctx?.routeObj?.baseEntity })
-            do {
-              const arrChunk = getObjArr.splice(0, chunk)
-              const results = await Promise.allSettled(arrChunk.map(o => getObj(o))) as { status: 'fulfilled' | 'rejected', reason: any, value: any }[] // processing max chunk async              
-              const errors = results.filter(result => result.status === 'rejected').map(result => result.reason.message)
-              if (errors.length > 0) {
-                const errMsg = `${handle.getMethod} chunks error: ${errors.join(', ')}`
-                throw new Error(errMsg)
-              }
-              const arrArr = results.map(result => result?.value?.Resources)
-              for (let i = 0; i < arrArr.length; i++) {
-                Array.prototype.push.apply(chunkRes, arrArr[i])
+            if (this.pluginAndOrFilterEnabled && getObjArr.length === 2) { // simple and/or logic handled by plugin
+              const o = getObjArr[0]
+              o.rawFilter = obj.rawFilter
+              if (isAndFilter) o.and = getObjArr[1]
+              else if (isOrFilter) o.or = getObjArr[1]
+              logger.debug(`${gwName} calling ${handle.getMethod}`, { baseEntity: ctx?.routeObj?.baseEntity })
+              res = await (this as any)[handle.getMethod](baseEntity, o, attributes, ctx.passThrough)
+            } else { // and/or logic handled by scimgateway
+              const getObj = async (o: Record<string, any>) => {
+                return await (this as any)[handle.getMethod](baseEntity, o, attributes, ctx.passThrough)
               }
-            } while (getObjArr.length > 0)
+              const chunk = 5
+              const chunkRes: Record<string, any>[] = []
+              logger.debug(`${gwName} calling ${handle.getMethod} in chunks of ${chunk}`, { baseEntity: ctx?.routeObj?.baseEntity })
+              do {
+                const arrChunk = getObjArr.splice(0, chunk)
+                const results = await Promise.allSettled(arrChunk.map(o => getObj(o))) as { status: 'fulfilled' | 'rejected', reason: any, value: any }[] // processing max chunk async              
+                const errors = results.filter(result => result.status === 'rejected').map(result => result.reason.message)
+                if (errors.length > 0) {
+                  const errMsg = `${handle.getMethod} chunks error: ${errors.join(', ')}`
+                  throw new Error(errMsg)
+                }
+                const arrArr = results.map(result => result?.value?.Resources)
+                for (let i = 0; i < arrArr.length; i++) {
+                  Array.prototype.push.apply(chunkRes, arrArr[i])
+                }
+              } while (getObjArr.length > 0)
 
-            if (isAndFilter) {
-              const idCounts = new Map<string, number>()
-              for (const item of chunkRes) {
-                if (item.id) {
-                  idCounts.set(item.id, (idCounts.get(item.id) || 0) + 1)
+              if (isAndFilter) {
+                const idCounts = new Map<string, number>()
+                for (const item of chunkRes) {
+                  if (item.id) {
+                    idCounts.set(item.id, (idCounts.get(item.id) || 0) + 1)
+                  }
                 }
+                const intersectionIds = new Set<string>()
+                for (const [id, count] of idCounts.entries()) {
+                  if (count === originalGetObjArrLength) intersectionIds.add(id)
+                }
+                res = { Resources: Array.from(new Map(chunkRes.filter(item => intersectionIds.has(item.id)).map(item => [item.id, item])).values()) }
+              } else if (isOrFilter) {
+                const uniqueResources = Array.from(new Map(chunkRes.map(item =>
+                  [item.id, item])).values(),
+                )
+                res = { Resources: uniqueResources }
               }
-              const intersectionIds = new Set<string>()
-              for (const [id, count] of idCounts.entries()) {
-                if (count === originalGetObjArrLength) intersectionIds.add(id)
-              }
-              res = { Resources: Array.from(new Map(chunkRes.filter(item => intersectionIds.has(item.id)).map(item => [item.id, item])).values()) }
-            } else if (isOrFilter) {
-              const uniqueResources = Array.from(new Map(chunkRes.map(item =>
-                [item.id, item])).values(),
-              )
-              res = { Resources: uniqueResources }
             }
           }
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "scimgateway",
-  "version": "6.2.0",
+  "version": "6.2.2",
   "type": "module",
   "description": "Using SCIM protocol as a gateway for user provisioning to other endpoints",
   "author": "Jarle Elshaug <jarle.elshaug@gmail.com> (https://elshaug.xyz)",