DEV: Add spec for scoped API key

This commit is contained in:
Peter Bouda 2024-10-10 09:28:13 +01:00
parent 43f3d34c46
commit 1ef8cb17d9
6 changed files with 65 additions and 2 deletions

View file

@ -4,6 +4,7 @@ require "scimitar"
module Scim
class ScimV2::GroupsController < Scimitar::ActiveRecordBackedResourcesController
# TODO: Check why requires_plugin is not available here
# requires_plugin PLUGIN_NAME
protect_from_forgery with: :null_session

View file

@ -4,6 +4,7 @@ require "scimitar"
module Scim
class ScimV2::UsersController < Scimitar::ActiveRecordBackedResourcesController
# TODO: Check why requires_plugin is not available here
# requires_plugin PLUGIN_NAME
protect_from_forgery with: :null_session

View file

@ -1,6 +1,9 @@
# frozen_string_literal: true
Rails.application.config.to_prepare do
Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
# TODO: Add configuration about configured services here
})
Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
token_authenticator: Proc.new do | token, options |
api_key = ApiKey.active.with_key(token).first

View file

@ -5,7 +5,7 @@ require "scimitar"
Discourse::Application.routes.draw {
namespace :scim_v2 do
mount Scimitar::Engine, at: '/'
get 'Users', to: 'users#index'
get 'Users/:id', to: 'users#show'
post 'Users', to: 'users#create'

View file

@ -39,6 +39,7 @@ module ::DiscourseScim
end
after_initialize do
# TODO: Check how to avoid monkey patching here
class ::User
def self.scim_resource_type
Scimitar::Resources::User
@ -152,4 +153,4 @@ after_initialize do
include Scimitar::Resources::Mixin
end
end
end

View file

@ -0,0 +1,57 @@
# frozen_string_literal: true
describe "API keys scoped to scim#access_scim_endpoints" do
before do
SiteSetting.chat_enabled = true
SiteSetting.chat_allowed_groups = Group::AUTO_GROUPS[:everyone]
end
fab!(:admin)
let(:scim_api_key) do
key = ApiKey.create!
ApiKeyScope.create!(resource: "scim", action: "access_scim_endpoints", api_key_id: key.id)
key
end
it "cannot hit any other endpoints" do
get "/admin/users/list/active.json",
headers: {
"Api-Key" => scim_api_key.key,
"Api-Username" => admin.username,
}
expect(response.status).to eq(404)
get "/latest.json", headers: { "Api-Key" => scim_api_key.key, "Api-Username" => admin.username }
expect(response.status).to eq(403)
end
it "can create a user" do
expect {
post "/scim_v2/Users",
headers: {
"Authorization" => "Bearer " + scim_api_key.key,
"Content-Type" => "application/scim+json"
},
params: {
schemas: [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
userName: "testUser",
name: {
familyName: "Test",
givenName: "User"
},
emails: [
{
value: "testuser@example.com",
type: "work"
},
],
active: true
},
as: :json
}.to change { User.count }.by(1)
expect(response.status).to eq(201)
end
end