DEV: Add spec for scoped API key
This commit is contained in:
parent
43f3d34c46
commit
1ef8cb17d9
6 changed files with 65 additions and 2 deletions
|
@ -4,6 +4,7 @@ require "scimitar"
|
||||||
|
|
||||||
module Scim
|
module Scim
|
||||||
class ScimV2::GroupsController < Scimitar::ActiveRecordBackedResourcesController
|
class ScimV2::GroupsController < Scimitar::ActiveRecordBackedResourcesController
|
||||||
|
# TODO: Check why requires_plugin is not available here
|
||||||
# requires_plugin PLUGIN_NAME
|
# requires_plugin PLUGIN_NAME
|
||||||
protect_from_forgery with: :null_session
|
protect_from_forgery with: :null_session
|
||||||
|
|
||||||
|
|
|
@ -4,6 +4,7 @@ require "scimitar"
|
||||||
|
|
||||||
module Scim
|
module Scim
|
||||||
class ScimV2::UsersController < Scimitar::ActiveRecordBackedResourcesController
|
class ScimV2::UsersController < Scimitar::ActiveRecordBackedResourcesController
|
||||||
|
# TODO: Check why requires_plugin is not available here
|
||||||
# requires_plugin PLUGIN_NAME
|
# requires_plugin PLUGIN_NAME
|
||||||
protect_from_forgery with: :null_session
|
protect_from_forgery with: :null_session
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
Rails.application.config.to_prepare do
|
Rails.application.config.to_prepare do
|
||||||
|
Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
|
||||||
|
# TODO: Add configuration about configured services here
|
||||||
|
})
|
||||||
Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
|
Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
|
||||||
token_authenticator: Proc.new do | token, options |
|
token_authenticator: Proc.new do | token, options |
|
||||||
api_key = ApiKey.active.with_key(token).first
|
api_key = ApiKey.active.with_key(token).first
|
||||||
|
|
|
@ -5,7 +5,7 @@ require "scimitar"
|
||||||
Discourse::Application.routes.draw {
|
Discourse::Application.routes.draw {
|
||||||
namespace :scim_v2 do
|
namespace :scim_v2 do
|
||||||
mount Scimitar::Engine, at: '/'
|
mount Scimitar::Engine, at: '/'
|
||||||
|
|
||||||
get 'Users', to: 'users#index'
|
get 'Users', to: 'users#index'
|
||||||
get 'Users/:id', to: 'users#show'
|
get 'Users/:id', to: 'users#show'
|
||||||
post 'Users', to: 'users#create'
|
post 'Users', to: 'users#create'
|
||||||
|
|
|
@ -39,6 +39,7 @@ module ::DiscourseScim
|
||||||
end
|
end
|
||||||
|
|
||||||
after_initialize do
|
after_initialize do
|
||||||
|
# TODO: Check how to avoid monkey patching here
|
||||||
class ::User
|
class ::User
|
||||||
def self.scim_resource_type
|
def self.scim_resource_type
|
||||||
Scimitar::Resources::User
|
Scimitar::Resources::User
|
||||||
|
@ -152,4 +153,4 @@ after_initialize do
|
||||||
|
|
||||||
include Scimitar::Resources::Mixin
|
include Scimitar::Resources::Mixin
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
57
spec/integration/custom_api_key_scopes_spec.rb
Normal file
57
spec/integration/custom_api_key_scopes_spec.rb
Normal file
|
@ -0,0 +1,57 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
describe "API keys scoped to scim#access_scim_endpoints" do
|
||||||
|
before do
|
||||||
|
SiteSetting.chat_enabled = true
|
||||||
|
SiteSetting.chat_allowed_groups = Group::AUTO_GROUPS[:everyone]
|
||||||
|
end
|
||||||
|
|
||||||
|
fab!(:admin)
|
||||||
|
|
||||||
|
let(:scim_api_key) do
|
||||||
|
key = ApiKey.create!
|
||||||
|
ApiKeyScope.create!(resource: "scim", action: "access_scim_endpoints", api_key_id: key.id)
|
||||||
|
key
|
||||||
|
end
|
||||||
|
|
||||||
|
it "cannot hit any other endpoints" do
|
||||||
|
get "/admin/users/list/active.json",
|
||||||
|
headers: {
|
||||||
|
"Api-Key" => scim_api_key.key,
|
||||||
|
"Api-Username" => admin.username,
|
||||||
|
}
|
||||||
|
expect(response.status).to eq(404)
|
||||||
|
|
||||||
|
get "/latest.json", headers: { "Api-Key" => scim_api_key.key, "Api-Username" => admin.username }
|
||||||
|
expect(response.status).to eq(403)
|
||||||
|
end
|
||||||
|
|
||||||
|
it "can create a user" do
|
||||||
|
expect {
|
||||||
|
post "/scim_v2/Users",
|
||||||
|
headers: {
|
||||||
|
"Authorization" => "Bearer " + scim_api_key.key,
|
||||||
|
"Content-Type" => "application/scim+json"
|
||||||
|
},
|
||||||
|
params: {
|
||||||
|
schemas: [
|
||||||
|
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||||
|
],
|
||||||
|
userName: "testUser",
|
||||||
|
name: {
|
||||||
|
familyName: "Test",
|
||||||
|
givenName: "User"
|
||||||
|
},
|
||||||
|
emails: [
|
||||||
|
{
|
||||||
|
value: "testuser@example.com",
|
||||||
|
type: "work"
|
||||||
|
},
|
||||||
|
],
|
||||||
|
active: true
|
||||||
|
},
|
||||||
|
as: :json
|
||||||
|
}.to change { User.count }.by(1)
|
||||||
|
expect(response.status).to eq(201)
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue