Merge pull request tractionguest#28 from tractionguest/bugfix-scim-azure

handle SCIM schema extensions on patch_update

Author: Scotty Hagan

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    scim_rails (0.3.1)
+    scim_rails (0.3.2)
       jwt (>= 1.5, < 3.0)
       rails (~> 5.0)
 

app/controllers/scim_rails/application_controller.rb

@@ -59,7 +59,13 @@ def extract_from_inside_quotations(string)
     end
 
     def extract_path_params(operation)
-      operation.key?("path") ? process_path(operation) : nil
+      return nil unless operation.key?("path")
+      
+      if operation["path"].include?("urn:ietf:params:scim:schemas:extension:enterprise:2.0:User")
+        return process_extension_schema_path(operation) 
+      end
+      
+      process_path(operation)
     end
 
     def extract_active_param(operation, path_params)
@@ -102,6 +108,12 @@ def process_path(operation)
       end
     end
 
+    def process_extension_schema_path(operation)
+      key = operation["path"].split(":").last
+
+      {"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "#{key}": operation["value"] }}
+    end
+
     # `process_filter_path` is a method that, like the `process_path`
     # method above, parses the string in the "path" key of a PATCH
     # operation.  It converts the operation into a Hash that resembles
@@ -238,34 +250,18 @@ def update_status(object)
         deprovision_method = ScimRails.config.group_deprovision_method
       end
 
-      object.public_send(reprovision_method) if active?
-      object.public_send(deprovision_method) unless active?
-    end
-
-    def active?
-      active = params[:active]
-
-      case active
-      when true, "true", 1
-        true
-      when false, "false", 0
-        false
-      else
-        raise ActiveRecord::RecordInvalid
+      if patch_status(params[:active])
+        object.public_send(reprovision_method) 
+      else 
+        object.public_send(deprovision_method)
       end
     end
 
     def patch_status(active_param)
-      case active_param
-      when true, "true", 1
-        true
-      when false, "false", 0
-        false
-      when nil
-        nil
-      else
-        raise ScimRails::ExceptionHandler::InvalidActiveParam
-      end
+      # Must use .to_s.downcase to handle strings "True" and "False"
+      # Which is sent by Azure AD
+      # Other possible inputs (true, "true", false, "false", 0, 1, nil)
+      ActiveModel::Type::Boolean.new.cast(active_param.to_s.downcase)
     end
   end
 end

app/controllers/scim_rails/scim_users_controller.rb

@@ -93,7 +93,7 @@ def patch_update
         path_params = extract_path_params(operation)
         changed_attributes = permitted_params(path_params || operation["value"], "User").merge(get_multi_value_attrs(operation))
 
-        user.update!(changed_attributes.compact)
+        user.assign_attributes(changed_attributes.compact)
 
         active_param = extract_active_param(operation, path_params)
         status = patch_status(active_param)
@@ -104,6 +104,8 @@ def patch_update
         user.public_send(provision_method)
       end
 
+      user.save!
+
       ScimRails.config.after_scim_response.call(user, "UPDATED") unless ScimRails.config.after_scim_response.nil?
 
       json_scim_response(object: user)

lib/scim_rails/version.rb

@@ -1,3 +1,3 @@
 module ScimRails
-  VERSION = '0.3.1'
+  VERSION = '0.3.2'
 end

spec/controllers/scim_rails/scim_users_controller_spec.rb

@@ -800,6 +800,15 @@
               end
             end
           end
+
+          context "with urn:ietf:params:scim:schemas:extension:enterprise:2.0:User path" do
+            let(:patch_path) { "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:department" }
+            let(:patch_value) { Faker::Commerce.department }
+
+            it "updates :department attribute" do
+              expect(company_user.department).to eq(patch_value)
+            end
+          end
         end
 
         context "when add operation" do

spec/dummy/db/migrate/20210819053930_add_depaartment_to_user.rb

@@ -0,0 +1,5 @@
+class AddDepaartmentToUser < ActiveRecord::Migration[5.2]
+  def change
+    add_column :users, :department, :string
+  end
+end

spec/dummy/db/schema.rb

@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2021_03_31_202326) do
+ActiveRecord::Schema.define(version: 2021_08_19_053930) do
 
   create_table "companies", force: :cascade do |t|
     t.string "name", null: false
@@ -51,6 +51,7 @@
     t.datetime "created_at", null: false
     t.datetime "updated_at", null: false
     t.boolean "scoped_attribute", default: true
+    t.string "department"
   end
 
 end

spec/support/scim_rails_config.rb

@@ -30,6 +30,7 @@
     :last_name,
     :email,
     :test_attribute,
+    :department
   ]
 
   config.mutable_group_attributes = [
@@ -63,6 +64,9 @@
       }
     ],
     testAttribute: :test_attribute,
+    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
+      department: :department,
+    },
   }
 
   config.mutable_group_attributes_schema = {