DEV: Add spec for scoped API key
This commit is contained in:
parent
43f3d34c46
commit
1ef8cb17d9
6 changed files with 65 additions and 2 deletions
|
@ -4,6 +4,7 @@ require "scimitar"
|
|||
|
||||
module Scim
|
||||
class ScimV2::GroupsController < Scimitar::ActiveRecordBackedResourcesController
|
||||
# TODO: Check why requires_plugin is not available here
|
||||
# requires_plugin PLUGIN_NAME
|
||||
protect_from_forgery with: :null_session
|
||||
|
||||
|
|
|
@ -4,6 +4,7 @@ require "scimitar"
|
|||
|
||||
module Scim
|
||||
class ScimV2::UsersController < Scimitar::ActiveRecordBackedResourcesController
|
||||
# TODO: Check why requires_plugin is not available here
|
||||
# requires_plugin PLUGIN_NAME
|
||||
protect_from_forgery with: :null_session
|
||||
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
Rails.application.config.to_prepare do
|
||||
Scimitar.service_provider_configuration = Scimitar::ServiceProviderConfiguration.new({
|
||||
# TODO: Add configuration about configured services here
|
||||
})
|
||||
Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
|
||||
token_authenticator: Proc.new do | token, options |
|
||||
api_key = ApiKey.active.with_key(token).first
|
||||
|
|
|
@ -39,6 +39,7 @@ module ::DiscourseScim
|
|||
end
|
||||
|
||||
after_initialize do
|
||||
# TODO: Check how to avoid monkey patching here
|
||||
class ::User
|
||||
def self.scim_resource_type
|
||||
Scimitar::Resources::User
|
||||
|
|
57
spec/integration/custom_api_key_scopes_spec.rb
Normal file
57
spec/integration/custom_api_key_scopes_spec.rb
Normal file
|
@ -0,0 +1,57 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
describe "API keys scoped to scim#access_scim_endpoints" do
|
||||
before do
|
||||
SiteSetting.chat_enabled = true
|
||||
SiteSetting.chat_allowed_groups = Group::AUTO_GROUPS[:everyone]
|
||||
end
|
||||
|
||||
fab!(:admin)
|
||||
|
||||
let(:scim_api_key) do
|
||||
key = ApiKey.create!
|
||||
ApiKeyScope.create!(resource: "scim", action: "access_scim_endpoints", api_key_id: key.id)
|
||||
key
|
||||
end
|
||||
|
||||
it "cannot hit any other endpoints" do
|
||||
get "/admin/users/list/active.json",
|
||||
headers: {
|
||||
"Api-Key" => scim_api_key.key,
|
||||
"Api-Username" => admin.username,
|
||||
}
|
||||
expect(response.status).to eq(404)
|
||||
|
||||
get "/latest.json", headers: { "Api-Key" => scim_api_key.key, "Api-Username" => admin.username }
|
||||
expect(response.status).to eq(403)
|
||||
end
|
||||
|
||||
it "can create a user" do
|
||||
expect {
|
||||
post "/scim_v2/Users",
|
||||
headers: {
|
||||
"Authorization" => "Bearer " + scim_api_key.key,
|
||||
"Content-Type" => "application/scim+json"
|
||||
},
|
||||
params: {
|
||||
schemas: [
|
||||
"urn:ietf:params:scim:schemas:core:2.0:User"
|
||||
],
|
||||
userName: "testUser",
|
||||
name: {
|
||||
familyName: "Test",
|
||||
givenName: "User"
|
||||
},
|
||||
emails: [
|
||||
{
|
||||
value: "testuser@example.com",
|
||||
type: "work"
|
||||
},
|
||||
],
|
||||
active: true
|
||||
},
|
||||
as: :json
|
||||
}.to change { User.count }.by(1)
|
||||
expect(response.status).to eq(201)
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue