Skip to content

Commit

Permalink
Fixes #1457
Browse files Browse the repository at this point in the history
  • Loading branch information
@oharsta
oharsta committed Jun 4, 2024
1 parent 74583ee commit 2a933a0
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 7 deletions.
2 changes: 2 additions & 0 deletions server/api/scim.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ def service_users():
@swag_from("../swagger/public/paths/get_user_by_external_id.yml")
@json_endpoint
def service_user_by_external_id(user_external_id: str):
validate_service_token("scim_client_enabled", SERVICE_TOKEN_SCIM)
stripped_external_id = user_external_id.replace(EXTERNAL_ID_POST_FIX, "")
user = User.query.filter(User.external_id == stripped_external_id).one()
return find_user_by_id_template(user), _add_etag_header(user)
Expand All @@ -131,6 +132,7 @@ def service_groups():
@swag_from("../swagger/public/paths/get_group_by_external_id.yml")
@json_endpoint
def service_group_by_identifier(group_external_id: str):
validate_service_token("scim_client_enabled", SERVICE_TOKEN_SCIM)
stripped_group_identifier = group_external_id.replace(EXTERNAL_ID_POST_FIX, "")
group = Collaboration.query.filter(Collaboration.identifier == stripped_group_identifier).first()
if not group:
Expand Down
25 changes: 18 additions & 7 deletions server/test/api/test_scim.py
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
import json
import urllib.parse

import mock
import requests
import responses
import mock

from server.db.domain import User, Collaboration, Group, Service
from server.scim import EXTERNAL_ID_POST_FIX
Expand All @@ -19,39 +19,45 @@
class TestScim(AbstractTest):

def test_users(self):
res = self.get("/api/scim/v2/Users", headers={"Authorization": f"bearer {service_network_token}"})
res = self.get("/api/scim/v2/Users", headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False)
self.assertEqual(5, len(res["Resources"]))

def test_users_no_scim_enabled(self):
wiki = self.find_entity_by_name(Service, service_wiki_name)
self.assertFalse(wiki.scim_enabled)

res = self.get("/api/scim/v2/Users", headers={"Authorization": f"bearer {service_wiki_token}"})
res = self.get("/api/scim/v2/Users", headers={"Authorization": f"bearer {service_wiki_token}"},
with_basic_auth=False)
self.assertEqual(10, len(res["Resources"]))

def test_user_by_external_id(self):
jane = self.find_entity_by_name(User, user_jane_name)
jane_external_id = jane.external_id
res = self.get(f"/api/scim/v2/Users/{jane_external_id}{EXTERNAL_ID_POST_FIX}",
headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False,
expected_headers={"Etag": version_value(jane)})
self.assertEqual(f"{jane_external_id}{EXTERNAL_ID_POST_FIX}", res["externalId"])
self.assertEqual("User", res["meta"]["resourceType"])

def test_user_by_external_id_404(self):
self.get("/api/scim/v2/Users/nope",
headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False,
response_status_code=404)

def test_groups(self):
res = self.get("/api/scim/v2/Groups", headers={"Authorization": f"bearer {service_network_token}"})
res = self.get("/api/scim/v2/Groups", headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False)
self.assertEqual(3, len(res["Resources"]))

def test_collaboration_by_identifier(self):
collaboration = self.find_entity_by_name(Collaboration, co_ai_computing_name)
collaboration_identifier = collaboration.identifier
res = self.get(f"/api/scim/v2/Groups/{collaboration_identifier}{EXTERNAL_ID_POST_FIX}",
headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False,
expected_headers={"Etag": version_value(collaboration)})
self.assertEqual(f"{collaboration_identifier}{EXTERNAL_ID_POST_FIX}", res["externalId"])
self.assertEqual(f"{collaboration_identifier}{EXTERNAL_ID_POST_FIX}", res["id"])
Expand All @@ -61,14 +67,16 @@ def test_group_by_identifier(self):
group_identifier = group.identifier
# We mock that all members are already known in the remote SCIM DB
res = self.get(f"/api/scim/v2/Groups/{group_identifier}{EXTERNAL_ID_POST_FIX}",
headers={"Authorization": f"bearer {service_network_token}"})
headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False)
self.assertEqual(f"{group_identifier}{EXTERNAL_ID_POST_FIX}", res["externalId"])
self.assertEqual(f"{group_identifier}{EXTERNAL_ID_POST_FIX}", res["id"])
self.assertEqual("Group", res["meta"]["resourceType"])

def test_collaboration_by_identifier_404(self):
self.get("/api/scim/v2/Groups/nope",
headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False,
response_status_code=404)

def test_schemas(self):
Expand All @@ -89,21 +97,24 @@ def test_users_filter(self):
query = urllib.parse.quote(f"{SCIM_SCHEMA_SRAM_USER}.eduPersonUniqueId eq \"urn:john\"")
res = self.get("/api/scim/v2/Users",
query_data={"filter": query},
headers={"Authorization": f"bearer {service_network_token}"})
headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False)
self.assertEqual(1, len(res["Resources"]))

def test_users_filter_single_quote(self):
query = urllib.parse.quote(f"{SCIM_SCHEMA_SRAM_USER}.eduPersonUniqueId eq 'urn:john'")
res = self.get("/api/scim/v2/Users",
query_data={"filter": query},
headers={"Authorization": f"bearer {service_network_token}"})
headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False)
self.assertEqual(1, len(res["Resources"]))

def test_users_filter_not_implemented(self):
query = urllib.parse.quote(f"{SCIM_SCHEMA_SRAM_USER}.voPersonExternalId eq 'urn:john'")
self.get("/api/scim/v2/Users",
query_data={"filter": query},
headers={"Authorization": f"bearer {service_network_token}"},
with_basic_auth=False,
response_status_code=500)

@responses.activate
Expand Down

0 comments on commit 2a933a0

Please sign in to comment.