Commit 8404f91
Changed files (6)
app
controllers
scim
views
spec
requests
scim
app/controllers/scim/v2/schemas_controller.rb
@@ -2,7 +2,22 @@
module Scim
module V2
- class SchemasController < ApplicationController
+ class SchemasController < ::Scim::Controller
+ def index
+ @schemas = [:user, :group]
+ render status: :ok
+ end
+
+ def show
+ render partial: 'schema', formats: :scim, status: :ok, locals: { schema: current_schema }
+ end
+
+ private
+
+ def current_schema(url = request.original_url)
+ return :group if url.include?(SCIM::Schema::GROUP)
+ return :user if url.include?(SCIM::Schema::USER)
+ end
end
end
end
app/views/scim/v2/schemas/_group.scim.jbuilder
@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+json.id SCIM::Schema::GROUP
+json.meta do
+ json.resourceType "Schema"
+ json.location scim_v2_schema_url(id: SCIM::Schema::GROUP)
+end
+json.name "Group"
+json.description "Group"
+json.attributes [
+ {
+ "name": "displayName",
+ "type": "string",
+ "multiValued": false,
+ "description": "A human-readable name for the Group. REQUIRED.",
+ "required": false,
+ "caseExact": false,
+ "mutability": "readWrite",
+ "returned": "default",
+ "uniqueness": "none"
+ },
+ {
+ "name": "members",
+ "type": "complex",
+ "multiValued": true,
+ "description": "A list of members of the Group.",
+ "required": false,
+ "subAttributes": [
+ {
+ "name": "value",
+ "type": "string",
+ "multiValued": false,
+ "description": "Identifier of the member of this Group.",
+ "required": false,
+ "caseExact": false,
+ "mutability": "immutable",
+ "returned": "default",
+ "uniqueness": "none"
+ },
+ {
+ "name": "$ref",
+ "type": "reference",
+ "referenceTypes": %w[
+ User
+ Group
+ ],
+ "multiValued": false,
+ "description": "The URI corresponding to a SCIM resource that is a member of this Group.",
+ "required": false,
+ "caseExact": false,
+ "mutability": "immutable",
+ "returned": "default",
+ "uniqueness": "none"
+ },
+ {
+ "name": "type",
+ "type": "string",
+ "multiValued": false,
+ "description": "A label indicating the type of resource, e.g., 'User' or 'Group'.",
+ "required": false,
+ "caseExact": false,
+ "canonicalValues": %w[
+ User
+ Group
+ ],
+ "mutability": "immutable",
+ "returned": "default",
+ "uniqueness": "none"
+ }
+ ],
+ "mutability": "readWrite",
+ "returned": "default"
+ }
+]
app/views/scim/v2/schemas/_schema.scim.jbuilder
@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+case schema
+when :group
+ json.partial! 'group'
+when :user
+ json.partial! 'user'
+end
app/views/scim/v2/schemas/_user.scim.jbuilder
@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+
+json.id SCIM::Schema::USER
+json.meta do
+ json.resourceType "Schema"
+ json.location scim_v2_schema_url(id: SCIM::Schema::USER)
+end
+json.name "User"
+json.description "User Account"
+json.attributes [
+ {
+ "name": "userName",
+ "type": "string",
+ "multiValued": false,
+ "description": "Unique identifier for the User, typically used by the user to directly authenticate to the service provider. Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. REQUIRED.",
+ "required": true,
+ "caseExact": false,
+ "mutability": "readWrite",
+ "returned": "default",
+ "uniqueness": "server"
+ },
+ {
+ "name": "password",
+ "type": "string",
+ "multiValued": false,
+ "description": "The User's cleartext password. This attribute is intended to be used as a means to specify an initial password when creating a new User or to reset an existing User's password.",
+ "required": false,
+ "caseExact": false,
+ "mutability": "writeOnly",
+ "returned": "never",
+ "uniqueness": "none"
+ },
+ {
+ "name": "emails",
+ "type": "complex",
+ "multiValued": true,
+ "description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
+ "required": false,
+ "subAttributes": [
+ {
+ "name": "value",
+ "type": "string",
+ "multiValued": false,
+ "description": "Email addresses for the user. The value SHOULD be canonicalized by the service provider, e.g., 'bjensen@example.com' instead of 'bjensen@EXAMPLE.COM'. Canonical type values of 'work', 'home', and 'other'.",
+ "required": false,
+ "caseExact": false,
+ "mutability": "readWrite",
+ "returned": "default",
+ "uniqueness": "none"
+ },
+ {
+ "name": "primary",
+ "type": "boolean",
+ "multiValued": false,
+ "description": "A Boolean value indicating the 'primary' or preferred attribute value for this attribute, e.g., the preferred mailing address or primary email address. The primary attribute value 'true' MUST appear no more than once.",
+ "required": false,
+ "mutability": "readWrite",
+ "returned": "default"
+ }
+ ],
+ "mutability": "readWrite",
+ "returned": "default",
+ "uniqueness": "none"
+ },
+ {
+ "name": "groups",
+ "type": "complex",
+ "multiValued": true,
+ "description": "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated.",
+ "required": false,
+ "subAttributes": [
+ {
+ "name": "value",
+ "type": "string",
+ "multiValued": false,
+ "description": "The identifier of the User's group.",
+ "required": false,
+ "caseExact": false,
+ "mutability": "readOnly",
+ "returned": "default",
+ "uniqueness": "none"
+ },
+ {
+ "name": "$ref",
+ "type": "reference",
+ "referenceTypes": %w[
+ User
+ Group
+ ],
+ "multiValued": false,
+ "description": "The URI of the corresponding 'Group' resource to which the user belongs.",
+ "required": false,
+ "caseExact": false,
+ "mutability": "readOnly",
+ "returned": "default",
+ "uniqueness": "none"
+ },
+ {
+ "name": "display",
+ "type": "string",
+ "multiValued": false,
+ "description": "A human-readable name, primarily used for display purposes. READ-ONLY.",
+ "required": false,
+ "caseExact": false,
+ "mutability": "readOnly",
+ "returned": "default",
+ "uniqueness": "none"
+ }
+ ],
+ "mutability": "readOnly",
+ "returned": "default"
+ }
+]
app/views/scim/v2/schemas/index.scim.jbuilder
@@ -0,0 +1,3 @@
+# frozen_string_literal: true
+
+json.array! @schemas, partial: 'schema', as: :schema
spec/requests/scim/v2/schemas_spec.rb
@@ -0,0 +1,47 @@
+require 'rails_helper'
+
+RSpec.describe "/scim/v2/Schemas" do
+ let(:user) { create(:user) }
+ let(:token) { user.access_token('audience') }
+ let(:headers) do
+ {
+ 'Accept' => 'application/scim+json',
+ 'Content-Type' => 'application/scim+json',
+ 'Authorization' => "Bearer #{token}"
+ }
+ end
+
+ describe "GET scim/v2/Schemas" do
+ before :each do
+ get "/scim/v2/schemas", headers: headers
+ @json = JSON.parse(response.body, symbolize_names: true)
+ end
+
+ specify { expect(response).to have_http_status(:ok) }
+ specify { expect(@json.count).to eql(2) }
+ specify { expect(@json[0][:id]).to eql('urn:ietf:params:scim:schemas:core:2.0:User') }
+ specify { expect(@json[1][:id]).to eql('urn:ietf:params:scim:schemas:core:2.0:Group') }
+ end
+
+ describe "GET /Schemas/urn:ietf:params:scim:schemas:core:2.0:User" do
+ before :each do
+ get "/scim/v2/schemas/urn:ietf:params:scim:schemas:core:2.0:User", headers: headers
+ end
+ let(:json) { JSON.parse(response.body, symbolize_names: true) }
+
+ specify { expect(response).to have_http_status(:ok) }
+ specify { expect(json[:id]).to eql('urn:ietf:params:scim:schemas:core:2.0:User') }
+ specify { expect(json[:meta][:location]).to eql(scim_v2_schema_url(id: 'urn:ietf:params:scim:schemas:core:2.0:User')) }
+ end
+
+ describe "GET /Schemas/urn:ietf:params:scim:schemas:core:2.0:Group" do
+ before :each do
+ get "/scim/v2/schemas/urn:ietf:params:scim:schemas:core:2.0:Group", headers: headers
+ end
+ let(:json) { JSON.parse(response.body, symbolize_names: true) }
+
+ specify { expect(response).to have_http_status(:ok) }
+ specify { expect(json[:id]).to eql('urn:ietf:params:scim:schemas:core:2.0:Group') }
+ specify { expect(json[:meta][:location]).to eql(scim_v2_schema_url(id: 'urn:ietf:params:scim:schemas:core:2.0:Group')) }
+ end
+end