From 1940d2a3bb3e16b10a9f940612c5857299d605a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nuno=20G=C3=B3is?= <github@nunogois.com>
Date: Thu, 11 Apr 2024 14:58:14 +0100
Subject: [PATCH] chore: better message in guard

---
 src/lib/routes/admin-api/user-admin.ts        |  4 +++-
 .../e2e/api/admin/user-admin.scim.e2e.test.ts | 19 +++++++------------
 2 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/src/lib/routes/admin-api/user-admin.ts b/src/lib/routes/admin-api/user-admin.ts
index 909e87f8fbc6..68406fa1501d 100644
--- a/src/lib/routes/admin-api/user-admin.ts
+++ b/src/lib/routes/admin-api/user-admin.ts
@@ -741,7 +741,9 @@ export default class UserAdminController extends Controller {
         });
         if (!enabled) return;
 
-        throw new ForbiddenError('Cannot perform this operation on SCIM users');
+        throw new ForbiddenError(
+            'This user is managed by your SCIM provider and cannot be changed manually',
+        );
     }
 
     async isScimUser({
diff --git a/src/test/e2e/api/admin/user-admin.scim.e2e.test.ts b/src/test/e2e/api/admin/user-admin.scim.e2e.test.ts
index cda1c5e31256..3461ab1f6610 100644
--- a/src/test/e2e/api/admin/user-admin.scim.e2e.test.ts
+++ b/src/test/e2e/api/admin/user-admin.scim.e2e.test.ts
@@ -24,6 +24,9 @@ const regularUser = {
     name: 'Regular User',
 };
 
+const scimGuardErrorMessage =
+    'This user is managed by your SCIM provider and cannot be changed manually';
+
 beforeAll(async () => {
     db = await dbInit('user_admin_scim', getLogger);
     stores = db.stores;
@@ -81,9 +84,7 @@ test('should prevent editing a SCIM user', async () => {
         })
         .expect(403);
 
-    expect(body.details[0].message).toBe(
-        'Cannot perform this operation on SCIM users',
-    );
+    expect(body.details[0].message).toBe(scimGuardErrorMessage);
 });
 
 test('should prevent deleting a SCIM user', async () => {
@@ -91,9 +92,7 @@ test('should prevent deleting a SCIM user', async () => {
         .delete(`/api/admin/user-admin/${scimUserId}`)
         .expect(403);
 
-    expect(body.details[0].message).toBe(
-        'Cannot perform this operation on SCIM users',
-    );
+    expect(body.details[0].message).toBe(scimGuardErrorMessage);
 });
 
 test('should prevent changing password for a SCIM user', async () => {
@@ -104,9 +103,7 @@ test('should prevent changing password for a SCIM user', async () => {
         })
         .expect(403);
 
-    expect(body.details[0].message).toBe(
-        'Cannot perform this operation on SCIM users',
-    );
+    expect(body.details[0].message).toBe(scimGuardErrorMessage);
 });
 
 test('should prevent resetting password for a SCIM user', async () => {
@@ -115,7 +112,5 @@ test('should prevent resetting password for a SCIM user', async () => {
         .send({ id: scimUser.email })
         .expect(403);
 
-    expect(body.details[0].message).toBe(
-        'Cannot perform this operation on SCIM users',
-    );
+    expect(body.details[0].message).toBe(scimGuardErrorMessage);
 });