DEV: Add spec for scoped API key

2024-10-10 09:28:13 +01:00 · 2024-10-10 09:28:13 +01:00 · 1ef8cb17d9
commit 1ef8cb17d9
parent 43f3d34c46
6 changed files with 65 additions and 2 deletions
--- a/app/controllers/scim_v2/groups_controller.rb
+++ b/app/controllers/scim_v2/groups_controller.rb
@ -4,6 +4,7 @@ require "scimitar"
 module Scim
  class ScimV2::GroupsController < Scimitar::ActiveRecordBackedResourcesController
    # TODO: Check why requires_plugin is not available here
    # requires_plugin PLUGIN_NAME
    protect_from_forgery with: :null_session
--- a/app/controllers/scim_v2/users_controller.rb
+++ b/app/controllers/scim_v2/users_controller.rb
@ -4,6 +4,7 @@ require "scimitar"
 module Scim
  class ScimV2::UsersController < Scimitar::ActiveRecordBackedResourcesController
    # TODO: Check why requires_plugin is not available here
    # requires_plugin PLUGIN_NAME
    protect_from_forgery with: :null_session
--- a/config/initializers/scimitar.rb
+++ b/config/initializers/scimitar.rb
@ -1,6 +1,9 @@
 # frozen_string_literal: true
 Rails.application.config.to_prepare do
  Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
    # TODO: Add configuration about configured services here
  })
  Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
    token_authenticator: Proc.new do | token, options |
      api_key = ApiKey.active.with_key(token).first
--- a/config/routes.rb
+++ b/config/routes.rb
@ -5,7 +5,7 @@ require "scimitar"
 Discourse::Application.routes.draw { 
  namespace :scim_v2 do
    mount Scimitar::Engine, at: '/'
-      
+
    get    'Users',     to: 'users#index'
    get    'Users/:id', to: 'users#show'
    post   'Users',     to: 'users#create'
--- a/plugin.rb
+++ b/plugin.rb
@ -39,6 +39,7 @@ module ::DiscourseScim
 end
 after_initialize do
  # TODO: Check how to avoid monkey patching here
  class ::User
    def self.scim_resource_type
      Scimitar::Resources::User
@ -152,4 +153,4 @@ after_initialize do
    include Scimitar::Resources::Mixin
  end
-end
+end
--- a/spec/integration/custom_api_key_scopes_spec.rb
+++ b/spec/integration/custom_api_key_scopes_spec.rb
@ -0,0 +1,57 @@
 # frozen_string_literal: true
 describe "API keys scoped to scim#access_scim_endpoints" do
  before do
    SiteSetting.chat_enabled = true
    SiteSetting.chat_allowed_groups = Group::AUTO_GROUPS[:everyone]
  end
  fab!(:admin)
  let(:scim_api_key) do
    key = ApiKey.create!
    ApiKeyScope.create!(resource: "scim", action: "access_scim_endpoints", api_key_id: key.id)
    key
  end
  it "cannot hit any other endpoints" do
    get "/admin/users/list/active.json",
        headers: {
          "Api-Key" => scim_api_key.key,
          "Api-Username" => admin.username,
        }
    expect(response.status).to eq(404)
    get "/latest.json", headers: { "Api-Key" => scim_api_key.key, "Api-Username" => admin.username }
    expect(response.status).to eq(403)
  end
  it "can create a user" do
    expect {
      post "/scim_v2/Users",
        headers: {
          "Authorization" => "Bearer " + scim_api_key.key,
          "Content-Type"  => "application/scim+json"
        },
        params: {
          schemas: [
            "urn:ietf:params:scim:schemas:core:2.0:User"
          ],
          userName: "testUser",
          name: {
            familyName: "Test",
            givenName: "User"
          },
          emails: [
            {
              value: "testuser@example.com",
              type: "work"
            },
          ],
          active: true
        },
        as: :json
    }.to change { User.count }.by(1)
    expect(response.status).to eq(201)
  end
 end