Skip to content

Fix active state not used at creation #711

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gearnode wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix active state not used at creation #711

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 17 additions & 10 deletions pkg/iam/scim/service.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ func (s *Service) CreateUser(
config *coredata.SCIMConfiguration,
attributes scim.ResourceAttributes,
) (scim.Resource, error) {
email, fullName := ParseUserFromAttributes(attributes)
email, fullName, active := ParseUserFromAttributes(attributes)
if email == "" {
return scim.Resource{}, scimerrors.ScimErrorBadRequest("userName or email is required")
}
Expand All @@ -138,6 +138,11 @@ func (s *Service) CreateUser(
}
now := time.Now()

membershipState := coredata.MembershipStateActive
if !active {
membershipState = coredata.MembershipStateInactive
}

var membership *coredata.Membership

scope := coredata.NewScopeFromObjectID(config.OrganizationID)
Expand Down Expand Up @@ -179,7 +184,7 @@ func (s *Service) CreateUser(
OrganizationID: config.OrganizationID,
Role: coredata.MembershipRoleEmployee,
Source: coredata.MembershipSourceSCIM,
State: coredata.MembershipStateActive,
State: membershipState,
CreatedAt: now,
UpdatedAt: now,
}
Expand Down Expand Up @@ -221,13 +226,9 @@ func (s *Service) CreateUser(
} else if err != nil {
return fmt.Errorf("cannot load membership: %w", err)
} else {
// Update existing membership - reactivate if inactive, update source to SCIM
wasInactive := membership.State == coredata.MembershipStateInactive
// Update existing membership - follow what SCIM tells us
membership.Source = coredata.MembershipSourceSCIM
membership.State = coredata.MembershipStateActive
if wasInactive {
membership.Role = coredata.MembershipRoleEmployee
}
membership.State = membershipState
membership.UpdatedAt = now

err = membership.Update(ctx, tx, scope)
Expand Down Expand Up @@ -594,10 +595,16 @@ func (s *Service) createEvent(
return event
}

func ParseUserFromAttributes(attributes scim.ResourceAttributes) (email string, fullName string) {
func ParseUserFromAttributes(attributes scim.ResourceAttributes) (email string, fullName string, active bool) {
userName, _ := attributes["userName"].(string)
displayName, _ := attributes["displayName"].(string)

// Default to active if the attribute is not present.
active = true
if a, ok := attributes["active"].(bool); ok {
active = a
}

var givenName, familyName string
if name, ok := attributes["name"].(map[string]any); ok {
givenName, _ = name["givenName"].(string)
Expand Down Expand Up @@ -636,7 +643,7 @@ func ParseUserFromAttributes(attributes scim.ResourceAttributes) (email string,
fullName = userName
}

return email, fullName
return email, fullName, active
}

func ParseUserFromReplaceAttributes(attributes scim.ResourceAttributes) (fullName string, active *bool) {
Expand Down
Loading