build gem to create a skim endpoint

spenceralan commented 5 years ago

Why?

The purpose of this Gem is to isolate code related to our SCIM integration but also to make that code accessible for other projects to use.

What?

This PR puts in place the pieces necessary for the Lessonly core app to interface with Okta through SCIM.

Testing Notes

There is a lot more documentation about what is going on in the README updated in this PR.

Dummy App

In this project is a fully functional rails app preconfigured to work with the Gem.

In the console, navigate to the dummy app at /spec/dummy.

Next run bin/setup to setup the app. This will set up the gems and build the databases. The databases are local to the project.

Last run bundle exec rails server.

CURL Requests

The requests you can send to the server are listed out in the README but the basic request should look like:

$ curl -X GET 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users'

[ ] Successful GET request with no parameters

$ curl -X GET 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users'

[ ] Successful GET request with pagination

$ curl -X GET 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users?count=100&startIndex=50'

[ ] Successful GET request with query

$ curl -X GET 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users?filter=email%20eq%201@example.com'

[ ] Successful GET request with pagination and query

$ curl -X GET 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users?count=10&startIndex=1&filter=email%20eq%201@example.com'

[ ] Successful GET request for an individual record

$ curl -X GET 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users/1'

[ ] Successful POST request (create a user)

$ curl -X POST 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users' -d '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName":"test@example.com","name":{"givenName":"Test","familyName":"User"},"emails":[{"primary":true,"value":"test@example.com","type":"work"}],"displayName":"Test User","active":true}' -H 'Content-Type: application/json'

[ ] Successful PUT request (update a user)

$ curl -X PUT 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users/1' -d '{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User"],"userName":"something_different@example.com","name":{"givenName":"Test","familyName":"User"},"emails":[{"primary":true,"value":"something_different@example.com","type":"work"}],"displayName":"Test User","active":true}' -H 'Content-Type: application/json'

[ ] Successful PATCH request (deprovision a user)

$ curl -X PATCH 'http://test_company:1@localhost:3000/scim_rails/scim/v2/Users/1'

[ ] Appropriate error when sending invalid or missing credentials
[ ] Appropriate error when sending invalid query parameters
[ ] Appropriate error when sending missing or invalid user data (like missing email)
[ ] Appropriate error when trying to create a user that already exists

Note: In production, any error that is not resolved in the Gem should be caught and displayed as a SCIM formatted error, http status 500.

Specs

Specs can be run with rspec at the top level of the Gem (if you run rspec and it shows zero specs try running rspec from a different directory).

All specs should be passing. (The dummy app will need to be setup first.)

spenceralan commented 5 years ago

@wernull I had intentionally left out clubhouse links since this is a public project and clubhouse is an internal tool. That was my thought process anyway and have no strong feelings either way.

wernull commented 5 years ago

@spenceralan good point

spenceralan commented 5 years ago

@wernull what version of Ruby are you running? I am thinking you are running 2.3 or earlier which is why those methods don't exist. I am thinking I will need to add a ruby dependency.

spenceralan commented 5 years ago

@wernull I tested a couple commands (previously I had only pulled them out of postman) and I noticed the server wasn't parsing the body. I added -H 'Content-Type: application/json' to the sample requests so that the server would parse the body.

I will need to: • add a ruby dependency • update the Readme • add a custom MIME because it is supposed to accept Content-Type: application/scim+json and it does not • add specs for the custom MIME

wernull commented 5 years ago

Yep, ruby version was the issue

spenceralan commented 5 years ago

@wernull thanks for the review!

In addition to the previously mentioned changes I will be: • adding comments to the recursive methods to explain what is going on • removing my personal email • stubbing config file changes in the specs

spenceralan commented 5 years ago

@wernull I made a few changes!

The biggest change is going to be the registering a custom MIME type.

Basically what that is doing is saying that the app can accept requests with the Content-Type set to application/scim+json. Previously, when the content type was set to application/scim+json the app could not parse the params.

The new request specs are set so that we can send string parameters that need to be parsed. Strings cannot be sent as parameters in controller specs.

Strangely enough there is not a lot of documentation around custom MIME types so it took longer than expected to get to a good place with it but I generally understand what the changes meant.

Ping me if you have any questions!

lessonly / scim_rails