Merge pull request tractionguest#22 from tractionguest/feature/idaptive-integration

[SST-15979] Support for Idaptive integration

Author: myang0

app/controllers/concerns/scim_rails/response.rb

@@ -20,6 +20,12 @@ def json_scim_response(object:, status: :ok, counts: nil)
       when "delete"
         head status
         return
+      when "configuration"
+        response = ScimRails.config.config_schema
+      when "resource_user"
+        response = ScimRails.config.resource_user_schema
+      when "resource_group"
+        response = ScimRails.config.resource_group_schema
       end
 
       render \
@@ -28,6 +34,13 @@ def json_scim_response(object:, status: :ok, counts: nil)
         content_type: CONTENT_TYPE
     end
 
+    def json_schema_response(object)
+      render \
+        json: object,
+        status: :ok,
+        content_type: CONTENT_TYPE
+    end
+
     def json_scim_group_response(object:, status: :ok, counts: nil)
       response = nil
       case params[:action]

app/controllers/scim_rails/scim_resource_controller.rb

@@ -0,0 +1,19 @@
+module ScimRails
+  class ScimResourceController < ScimRails::ApplicationController
+    def resource_user
+      ScimRails.config.before_scim_response.call(request.params) if ScimRails.config.before_scim_response.respond_to?(:call)
+
+      ScimRails.config.after_scim_response.call(ScimRails.config.resource_user_schema, "RETRIEVED") if ScimRails.config.after_scim_response.respond_to?(:call)
+
+      json_scim_response(object: nil)
+    end
+
+    def resource_group
+      ScimRails.config.before_scim_response.call(request.params) if ScimRails.config.before_scim_response.respond_to?(:call)
+
+      ScimRails.config.after_scim_response.call(ScimRails.config.resource_group_schema, "RETRIEVED") if ScimRails.config.after_scim_response.respond_to?(:call)
+
+      json_scim_response(object: nil)
+    end
+  end
+end

app/controllers/scim_rails/scim_schema_controller.rb

@@ -0,0 +1,21 @@
+module ScimRails
+  class ScimSchemaController < ApplicationController
+    def get_schema
+      ScimRails.config.before_scim_response.call(request.params) if ScimRails.config.before_scim_response.respond_to?(:call)
+
+      id = request.params.key?("format") ? "#{request.params[:id]}.#{request.params[:format]}" : request.params[:id]
+
+      if id == "urn:ietf:params:scim:schemas:core:2.0:User"
+        object = ScimRails.config.retrievable_user_schema
+      elsif id == "urn:ietf:params:scim:schemas:core:2.0:Group"
+        object = ScimRails.config.retrievable_group_schema
+      else
+        object = {}
+      end
+
+      ScimRails.config.after_scim_response.call(object, "RETRIEVED") if ScimRails.config.after_scim_response.respond_to?(:call)
+      
+      json_schema_response(object)
+    end
+  end
+end

app/controllers/scim_rails/scim_service_controller.rb

@@ -0,0 +1,11 @@
+module ScimRails
+  class ScimServiceController < ScimRails::ApplicationController
+    def configuration
+      ScimRails.config.before_scim_response.call(request.params) unless ScimRails.config.before_scim_response.nil?
+
+      ScimRails.config.after_scim_response.call(ScimRails.config.config_schema, "RETRIEVED") unless ScimRails.config.after_scim_response.nil?
+
+      json_scim_response(object: nil)
+    end
+  end
+end

config/routes.rb

@@ -1,15 +1,23 @@
 ScimRails::Engine.routes.draw do
-  get     'scim/v2/Users',      action: :index,         controller: 'scim_users'
-  post    'scim/v2/Users',      action: :create,        controller: 'scim_users'
-  get     'scim/v2/Users/:id',  action: :show,          controller: 'scim_users'
-  put     'scim/v2/Users/:id',  action: :put_update,    controller: 'scim_users'
-  patch   'scim/v2/Users/:id',  action: :patch_update,  controller: 'scim_users'
-  delete  'scim/v2/Users/:id',  action: :delete,        controller: 'scim_users'
+  get     'scim/v2/Users',                  action: :index,         controller: 'scim_users'
+  post    'scim/v2/Users',                  action: :create,        controller: 'scim_users'
+  get     'scim/v2/Users/:id',              action: :show,          controller: 'scim_users'
+  put     'scim/v2/Users/:id',              action: :put_update,    controller: 'scim_users'
+  patch   'scim/v2/Users/:id',              action: :patch_update,  controller: 'scim_users'
+  delete  'scim/v2/Users/:id',              action: :delete,        controller: 'scim_users'
 
-  get    'scim/v2/Groups',      action: :index,         controller: 'scim_groups'
-  post   'scim/v2/Groups',      action: :create,        controller: 'scim_groups'
-  get    'scim/v2/Groups/:id',  action: :show,          controller: 'scim_groups'
-  put    'scim/v2/Groups/:id',  action: :put_update,    controller: 'scim_groups'
-  patch  'scim/v2/Groups/:id',  action: :patch_update,  controller: 'scim_groups'
-  delete 'scim/v2/Groups/:id',  action: :delete,        controller: 'scim_groups'
+  get    'scim/v2/Groups',                 action: :index,          controller: 'scim_groups'
+  post   'scim/v2/Groups',                 action: :create,         controller: 'scim_groups'
+  get    'scim/v2/Groups/:id',             action: :show,           controller: 'scim_groups'
+  put    'scim/v2/Groups/:id',             action: :put_update,     controller: 'scim_groups'
+  patch  'scim/v2/Groups/:id',             action: :patch_update,   controller: 'scim_groups'
+  delete 'scim/v2/Groups/:id',             action: :delete,         controller: 'scim_groups'
+
+  get    'scim/v2/ServiceProviderConfig',  action: :configuration,  controller: 'scim_service'
+  get    'scim/v2/ServiceProviderConfigs', action: :configuration,  controller: 'scim_service'
+
+  get    'scim/v2/ResourceTypes/User',     action: :resource_user,  controller: 'scim_resource'
+  get    'scim/v2/ResourceTypes/Group',    action: :resource_group, controller: 'scim_resource'
+                             
+  get    'scim/v2/Schemas/:id',            action: :get_schema,     controller: 'scim_schema'
 end

lib/generators/scim_rails/templates/initializer.rb

@@ -150,4 +150,40 @@
   config.after_scim_response = lambda do |object, status|
     print "#{object} #{status}"
   end
+
+  config.config_schema = {
+    schemas: ["urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig"],
+    patch: {
+      supported: true
+    },
+    bulk: {
+      supported: false,
+      maxOperations: 0,
+      maxPayloadSize: 0
+    },
+    filter: {
+      supported: true,
+    },
+    changePassword: {
+      supported: false
+    },
+    sort: {
+      supported: true
+    },
+    etag: {
+      supported: false
+    },
+    authenticationSchemes: [
+      {
+        type: "oauthbearertoken",
+        name: "Oauth Bearer Token",
+        description: "Authentication scheme using the OAuth Bearer Token Standard"
+      },
+      {
+        type: "httpbasic",
+        name: "HTTP Basic",
+        description: "Authentication scheme using the HTTP Basic Standard"
+      }
+    ]
+  }
 end

lib/scim_rails/config.rb

@@ -47,6 +47,11 @@ class Config
       :before_scim_response,
       :after_scim_response,
       :scim_attribute_type_mappings,
+      :config_schema,
+      :resource_user_schema,
+      :resource_group_schema,
+      :retrievable_user_schema,
+      :retrievable_group_schema
 
     def initialize
       @basic_auth_model = "Company"

spec/controllers/scim_rails/scim_resource_controller_spec.rb

@@ -0,0 +1,178 @@
+require "spec_helper"
+
+RSpec.describe ScimRails::ScimResourceController, type: :controller do
+  include AuthHelper
+  include CallbackHelper
+
+  let!(:counter) { CallbackHelper::CallbackCounter.new }
+
+  routes { ScimRails::Engine.routes }
+
+  describe "resource_user" do
+    let(:company) { create(:company) }
+
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        get :resource_user
+
+        expect(response.content_type).to eq("application/scim+json")
+      end
+
+      it "fails with no credentials" do
+        get :resource_user
+
+        expect(response.status).to eq(401)
+      end
+
+      it "fails with invalid credentials" do
+        request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials("unauthorized","123456")
+
+        get :resource_user
+
+        expect(response.status).to eq(401)
+      end
+    end
+
+    context "when authorized" do
+      let(:body) { JSON.parse(response.body) }
+
+      before :each do
+        http_login(company)
+      end
+
+      it "returns scim+json content type" do
+        get :resource_user
+
+        expect(response.content_type).to eq("application/scim+json")
+      end
+
+      it "is successful with valid credentials" do
+        get :resource_user
+
+        expect(response.status).to eq(200)
+      end
+
+      it "successfully returns the resource schema of users" do
+        get :resource_user
+
+        expect(body.deep_symbolize_keys).to eq(ScimRails.config.resource_user_schema)
+      end
+
+      context "when before_scim_response is defined" do
+        before do
+          ScimRails.config.before_scim_response = lambda do |body|
+            counter.before.call
+          end
+        end
+
+        after do
+          ScimRails.config.before_scim_response = nil
+        end
+
+        it "successfully calls before_scim_response" do
+          expect{ get :resource_user }.to change{ counter.before_called }.from(0).to(1)  
+        end
+      end
+
+      context "when after_scim_response is defined" do
+        before do
+          ScimRails.config.after_scim_response = lambda do |object, status|
+            counter.after.call
+          end
+        end
+
+        after do
+          ScimRails.config.after_scim_response = nil
+        end
+
+        it "successfully calls after_scim_response" do
+          expect{ get :resource_user }.to change{ counter.after_called }.from(0).to(1) 
+        end
+      end
+    end
+  end
+
+  describe "resource_group" do
+    let(:company) { create(:company) }
+
+    context "when unauthorized" do
+      it "returns scim+json content type" do
+        get :resource_group
+
+        expect(response.content_type).to eq("application/scim+json")
+      end
+
+      it "fails with no credentials" do
+        get :resource_group
+
+        expect(response.status).to eq(401)
+      end
+
+      it "fails with invalid credentials" do
+        request.env['HTTP_AUTHORIZATION'] = ActionController::HttpAuthentication::Basic.encode_credentials("unauthorized","123456")
+
+        get :resource_group
+
+        expect(response.status).to eq(401)
+      end
+    end
+
+    context "when authorized" do
+      let(:body) { JSON.parse(response.body) }
+
+      before :each do
+        http_login(company)
+      end
+
+      it "returns scim+json content type" do
+        get :resource_group
+
+        expect(response.content_type).to eq("application/scim+json")
+      end
+
+      it "is successful with valid credentials" do
+        get :resource_group
+
+        expect(response.status).to eq(200)
+      end
+
+      it "successfully returns the resource schema of groups" do
+        get :resource_group
+
+        expect(body.deep_symbolize_keys).to eq(ScimRails.config.resource_group_schema)
+      end
+
+      context "when before_scim_response is defined" do
+        before do
+          ScimRails.config.before_scim_response = lambda do |body|
+            counter.before.call
+          end
+        end
+
+        after do
+          ScimRails.config.before_scim_response = nil
+        end
+
+        it "successfully calls before_scim_response" do
+          expect{ get :resource_group }.to change{ counter.before_called }.from(0).to(1)
+        end
+      end
+
+      context "when after_scim_response is defined" do
+        before do
+          ScimRails.config.after_scim_response = lambda do |object, status|
+            counter.after.call
+          end
+        end
+
+        after do
+          ScimRails.config.after_scim_response = nil
+        end
+
+        it "successfully calls before_scim_response" do
+          expect{ get :resource_group }.to change{ counter.after_called }.from(0).to(1)
+        end
+      end
+    end
+  end
+end