main
1# frozen_string_literal: true
2
3module SCIM
4 class User
5 include ActiveModel::Model
6 ATTRIBUTES = {
7 'emails.value': :email,
8 'meta.created' => :created_at,
9 'meta.lastModified' => :updated_at,
10 userName: :email,
11 user_name: :email,
12 }.with_indifferent_access
13 attr_accessor :id, :schemas, :userName, :name, :locale, :timezone, :password
14
15 validate :must_be_user_schema
16 validates :id, format: { with: ApplicationRecord::UUID }, allow_blank: true
17 validates :locale, presence: true, inclusion: ::User::VALID_LOCALES
18 validates :timezone, presence: true, inclusion: ::User::VALID_TIMEZONES
19 validates :userName, presence: true, email: true
20
21 def save!
22 validate!
23 if id.present?
24 user = ::User.find(id)
25 ensure_password_update_is_allowed!(user) if password.present?
26 user.update!(to_h)
27 else
28 user = ::User.create!(to_h(password: password || SecureRandom.hex(32)))
29 end
30 user
31 end
32
33 private
34
35 def must_be_user_schema
36 errors.add(:schemas, :invalid) unless user_schema?
37 end
38
39 def user_schema?
40 schemas == [Scim::Kit::V2::Schemas::USER]
41 end
42
43 def ensure_password_update_is_allowed!(user)
44 error = I18n.t('scim.errors.user.password_update_not_permitted')
45 raise StandardError.new(error) unless Current.user == user
46 end
47
48 def to_h(extra = {})
49 x = { email: userName, locale: locale, timezone: timezone }
50 x[:password] = password if password.present?
51 x.merge(extra)
52 end
53 end
54end