Closed xjunior closed 7 months ago
Attributes never returned are erased – set to nil – in updates, and are lost when creating a resource.
never
This is happening since we started never returning the password attribute via the return = "never" mechanism in https://github.com/RIPAGlobal/scimitar/commit/413280a141f8987c4609b39b0b8503d2cfd6efa5.
return = "never"
At https://github.com/RIPAGlobal/scimitar/blob/v2.7.1/app/models/scimitar/resources/mixin.rb#L420, ci_scim_hash no longer contains the password, but after all operations are applied, an all attributes update is done on https://github.com/RIPAGlobal/scimitar/blob/v2.7.1/app/models/scimitar/resources/mixin.rb#L494 using from_scim, targeting all attributes in the resource, including those never returned, and emptying them.
ci_scim_hash
from_scim
This pull request includes a test case demonstrating the issue: https://github.com/RIPAGlobal/scimitar/pull/103
Fixed in v2.7.2 / v1.8.2.
pond
commented
7 months ago
Attributes
neverreturned are erased – set to nil – in updates, and are lost when creating a resource.This is happening since we started never returning the password attribute via the
return = "never"mechanism in https://github.com/RIPAGlobal/scimitar/commit/413280a141f8987c4609b39b0b8503d2cfd6efa5.At https://github.com/RIPAGlobal/scimitar/blob/v2.7.1/app/models/scimitar/resources/mixin.rb#L420,
ci_scim_hashno longer contains the password, but after all operations are applied, an all attributes update is done on https://github.com/RIPAGlobal/scimitar/blob/v2.7.1/app/models/scimitar/resources/mixin.rb#L494 usingfrom_scim, targeting all attributes in the resource, including thoseneverreturned, and emptying them.This pull request includes a test case demonstrating the issue: https://github.com/RIPAGlobal/scimitar/pull/103