Sqservices 1157 2 mf for generating SCIM token errors and renaming (#…

…2135) * failure responses added * renamed code to verification_code * added roundtrip and golden tests
wireapp · Feb 16, 2022 · d029f9f · d029f9f
1 parent 0a7f61c
commit d029f9f
Show file tree

Hide file tree

Showing 12 changed files with 99 additions and 9 deletions.
diff --git a/libs/wire-api/src/Wire/API/ErrorDescription.hs b/libs/wire-api/src/Wire/API/ErrorDescription.hs
@@ -372,3 +372,7 @@ type BroadcastLimitExceeded =
     "Too many users to fan out the broadcast event to."
 
 type InvalidAction = ErrorDescription 403 "invalid-actions" "The specified actions are invalid."
+
+type PasswordAuthenticationFailed = ErrorDescription 403 "password-authentication-failed" "Password authentication failed."
+
+type CodeAuthenticationFailed = ErrorDescription 403 "code-authentication-failed" "Code authentication failed."
diff --git a/libs/wire-api/src/Wire/API/Routes/Public/Spar.hs b/libs/wire-api/src/Wire/API/Routes/Public/Spar.hs
@@ -33,6 +33,7 @@ import Web.Scim.Capabilities.MetaSchema as Scim.Meta
 import Web.Scim.Class.Auth as Scim.Auth
 import Web.Scim.Class.User as Scim.User
 import Wire.API.Cookie
+import Wire.API.ErrorDescription (CanThrow, CodeAuthenticationFailed, PasswordAuthenticationFailed)
 import Wire.API.Routes.Public
 import Wire.API.User.IdentityProvider
 import Wire.API.User.Saml
@@ -203,7 +204,10 @@ sparResponseURI (Just tid) =
 
 type APIScim =
   OmitDocs :> "v2" :> ScimSiteAPI SparTag
-    :<|> "auth-tokens" :> APIScimToken
+    :<|> "auth-tokens"
+      :> CanThrow PasswordAuthenticationFailed
+      :> CanThrow CodeAuthenticationFailed
+      :> APIScimToken
 
 type ScimSiteAPI tag = ToServantApi (ScimSite tag)
 

diff --git a/libs/wire-api/src/Wire/API/User/Scim.hs b/libs/wire-api/src/Wire/API/User/Scim.hs
@@ -83,6 +83,7 @@ import Web.Scim.Schema.Schema (Schema (CustomSchema))
 import qualified Web.Scim.Schema.Schema as Scim
 import qualified Web.Scim.Schema.User as Scim
 import qualified Web.Scim.Schema.User as Scim.User
+import Wire.API.Arbitrary (Arbitrary, GenericUniform (..))
 import Wire.API.User.Activation
 import Wire.API.User.Identity (Email)
 import Wire.API.User.Profile as BT
@@ -370,13 +371,14 @@ data CreateScimToken = CreateScimToken
     -- | User code (sent by email), for 2nd factor to 'createScimTokenPassword'
     createScimTokenCode :: !(Maybe ActivationCode)
   }
-  deriving (Eq, Show)
+  deriving (Eq, Show, Generic)
+  deriving (Arbitrary) via (GenericUniform CreateScimToken)
 
 instance A.FromJSON CreateScimToken where
   parseJSON = A.withObject "CreateScimToken" $ \o -> do
     createScimTokenDescr <- o A..: "description"
     createScimTokenPassword <- o A..:? "password"
-    createScimTokenCode <- o A..:? "code"
+    createScimTokenCode <- o A..:? "verification_code"
     pure CreateScimToken {..}
 
 -- Used for integration tests
@@ -385,7 +387,7 @@ instance A.ToJSON CreateScimToken where
     A.object
       [ "description" A..= createScimTokenDescr,
         "password" A..= createScimTokenPassword,
-        "code" A..= createScimTokenCode
+        "verification_code" A..= createScimTokenCode
       ]
 
 -- | Type used for the response of 'APIScimTokenCreate'.
@@ -469,7 +471,7 @@ instance ToSchema CreateScimToken where
           & properties
             .~ [ ("description", textSchema),
                  ("password", textSchema),
-                 ("code", textSchema)
+                 ("verification_code", textSchema)
                ]
           & required .~ ["description"]
 

diff --git a/libs/wire-api/test/golden/Test/Wire/API/Golden/Manual.hs b/libs/wire-api/test/golden/Test/Wire/API/Golden/Manual.hs
@@ -25,6 +25,7 @@ import Test.Wire.API.Golden.Manual.ConvIdsPage
 import Test.Wire.API.Golden.Manual.ConversationCoverView
 import Test.Wire.API.Golden.Manual.ConversationPagingState
 import Test.Wire.API.Golden.Manual.ConversationsResponse
+import Test.Wire.API.Golden.Manual.CreateScimToken
 import Test.Wire.API.Golden.Manual.FeatureConfigEvent
 import Test.Wire.API.Golden.Manual.GetPaginatedConversationIds
 import Test.Wire.API.Golden.Manual.ListConversations
@@ -100,5 +101,12 @@ tests =
         testObjects
           [(testObject_ListConversations_1, "testObject_ListConversations_1.json")],
       testGroup "ConversationsResponse" $
-        testObjects [(testObject_ConversationsResponse_1, "testObject_ConversationsResponse_1.json")]
+        testObjects [(testObject_ConversationsResponse_1, "testObject_ConversationsResponse_1.json")],
+      testGroup "CreateScimToken" $
+        testObjects
+          [ (testObject_CreateScimToken_1, "testObject_CreateScimToken_1.json"),
+            (testObject_CreateScimToken_2, "testObject_CreateScimToken_2.json"),
+            (testObject_CreateScimToken_3, "testObject_CreateScimToken_3.json"),
+            (testObject_CreateScimToken_4, "testObject_CreateScimToken_4.json")
+          ]
     ]
diff --git a/libs/wire-api/test/golden/Test/Wire/API/Golden/Manual/CreateScimToken.hs b/libs/wire-api/test/golden/Test/Wire/API/Golden/Manual/CreateScimToken.hs
@@ -0,0 +1,52 @@
+-- This file is part of the Wire Server implementation.
+--
+-- Copyright (C) 2022 Wire Swiss GmbH <[email protected]>
+--
+-- This program is free software: you can redistribute it and/or modify it under
+-- the terms of the GNU Affero General Public License as published by the Free
+-- Software Foundation, either version 3 of the License, or (at your option) any
+-- later version.
+--
+-- This program is distributed in the hope that it will be useful, but WITHOUT
+-- ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+-- FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+-- details.
+--
+-- You should have received a copy of the GNU Affero General Public License along
+-- with this program. If not, see <https://www.gnu.org/licenses/>.
+
+module Test.Wire.API.Golden.Manual.CreateScimToken where
+
+import Data.Misc (PlainTextPassword (PlainTextPassword))
+import Data.Text.Ascii (AsciiChars (validate))
+import Imports
+import Wire.API.User.Activation (ActivationCode (ActivationCode, fromActivationCode))
+import Wire.API.User.Scim (CreateScimToken (..))
+
+testObject_CreateScimToken_1 :: CreateScimToken
+testObject_CreateScimToken_1 =
+  CreateScimToken
+    "description"
+    (Just (PlainTextPassword "very-geheim"))
+    (Just ((ActivationCode {fromActivationCode = fromRight undefined (validate "123456")})))
+
+testObject_CreateScimToken_2 :: CreateScimToken
+testObject_CreateScimToken_2 =
+  CreateScimToken
+    "description2"
+    (Just (PlainTextPassword "secret"))
+    Nothing
+
+testObject_CreateScimToken_3 :: CreateScimToken
+testObject_CreateScimToken_3 =
+  CreateScimToken
+    "description3"
+    Nothing
+    (Just ((ActivationCode {fromActivationCode = fromRight undefined (validate "654321")})))
+
+testObject_CreateScimToken_4 :: CreateScimToken
+testObject_CreateScimToken_4 =
+  CreateScimToken
+    "description4"
+    Nothing
+    Nothing
diff --git a/libs/wire-api/test/golden/testObject_CreateScimToken_1.json b/libs/wire-api/test/golden/testObject_CreateScimToken_1.json
@@ -0,0 +1,5 @@
+{
+    "description": "description",
+    "password": "very-geheim",
+    "verification_code": "123456"
+}
diff --git a/libs/wire-api/test/golden/testObject_CreateScimToken_2.json b/libs/wire-api/test/golden/testObject_CreateScimToken_2.json
@@ -0,0 +1,5 @@
+{
+    "description": "description2",
+    "password": "secret",
+    "verification_code": null
+}
diff --git a/libs/wire-api/test/golden/testObject_CreateScimToken_3.json b/libs/wire-api/test/golden/testObject_CreateScimToken_3.json
@@ -0,0 +1,5 @@
+{
+    "description": "description3",
+    "password": null,
+    "verification_code": "654321"
+}
diff --git a/libs/wire-api/test/golden/testObject_CreateScimToken_4.json b/libs/wire-api/test/golden/testObject_CreateScimToken_4.json
@@ -0,0 +1,5 @@
+{
+    "description": "description4",
+    "password": null,
+    "verification_code": null
+}
diff --git a/libs/wire-api/test/unit/Test/Wire/API/Roundtrip/Aeson.hs b/libs/wire-api/test/unit/Test/Wire/API/Roundtrip/Aeson.hs
@@ -66,6 +66,7 @@ import qualified Wire.API.User.Identity as User.Identity
 import qualified Wire.API.User.Password as User.Password
 import qualified Wire.API.User.Profile as User.Profile
 import qualified Wire.API.User.RichInfo as User.RichInfo
+import qualified Wire.API.User.Scim as Scim
 import qualified Wire.API.User.Search as User.Search
 import qualified Wire.API.Wrapped as Wrapped
 
@@ -181,6 +182,7 @@ tests =
       testRoundTrip @Push.Token.AppName,
       testRoundTrip @Push.Token.PushToken,
       testRoundTrip @Push.Token.PushTokenList,
+      testRoundTrip @Scim.CreateScimToken,
       testRoundTrip @Team.BindingNewTeam,
       testRoundTrip @Team.TeamBinding,
       testRoundTrip @Team.Team,

diff --git a/libs/wire-api/wire-api.cabal b/libs/wire-api/wire-api.cabal
@@ -467,6 +467,7 @@ test-suite wire-api-golden-tests
       Test.Wire.API.Golden.Manual.QualifiedUserClientPrekeyMap
       Test.Wire.API.Golden.Manual.UserClientPrekeyMap
       Test.Wire.API.Golden.Manual.UserIdList
+      Test.Wire.API.Golden.Manual.CreateScimToken
       Test.Wire.API.Golden.Protobuf
       Test.Wire.API.Golden.Runner
       Paths_wire_api

diff --git a/services/spar/test/Arbitrary.hs b/services/spar/test/Arbitrary.hs
@@ -60,9 +60,6 @@ instance Arbitrary ScimTokenInfo where
       <*> arbitrary
       <*> arbitrary
 
-instance Arbitrary CreateScimToken where
-  arbitrary = CreateScimToken <$> arbitrary <*> arbitrary <*> arbitrary
-
 instance Arbitrary CreateScimTokenResponse where
   arbitrary = CreateScimTokenResponse <$> arbitrary <*> arbitrary