Skip to content

Commit

Permalink
Fix exception raised when patch endpoint receives invalid request
Browse files Browse the repository at this point in the history
fixes #29

The patch endpoint isn't fully scim compliant yet and only allows for
specific operations. When we received a specific format of request that
wasn't valid, it was raising an exception instead of returning the
expected 422 response.

Add extra validation to prevent this situation when receiving an
unexpected body for a patch request.
  • Loading branch information
rreinhardt9 committed Jun 16, 2020
1 parent e05971b commit a6aa2a0
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 3 deletions.
20 changes: 17 additions & 3 deletions app/controllers/scim_rails/scim_users_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -126,9 +126,23 @@ def put_active_param
end

def patch_active_param
active = params.dig("Operations", 0, "value", "active")
raise ScimRails::ExceptionHandler::UnsupportedPatchRequest if active.nil?
active
handle_invalid = lambda do
raise ScimRails::ExceptionHandler::UnsupportedPatchRequest
end

operations = params["Operations"] || {}

valid_operation = operations.find(handle_invalid) do |operation|
valid_patch_operation?(operation)
end

valid_operation.dig("value", "active")
end

def valid_patch_operation?(operation)
operation["op"] == "replace" &&
operation["value"] &&
operation["value"]["active"]
end
end
end
47 changes: 47 additions & 0 deletions spec/controllers/scim_rails/scim_users_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -569,6 +569,53 @@
response_body = JSON.parse(response.body)
expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
end

it "returns 422 when value is " do
patch :patch_update, params: {
id: 1,
Operations: [
{
op: "replace",
path: "displayName",
value: "Francis"
}
]
}

expect(response.status).to eq 422
response_body = JSON.parse(response.body)
expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
end

it "returns 422 when value is missing" do
patch :patch_update, params: {
id: 1,
Operations: [
{
op: "replace"
}
]
}

expect(response.status).to eq 422
response_body = JSON.parse(response.body)
expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
end

it "returns 422 operations key is missing" do
patch :patch_update, params: {
id: 1,
Foobars: [
{
op: "replace"
}
]
}

expect(response.status).to eq 422
response_body = JSON.parse(response.body)
expect(response_body.dig("schemas", 0)).to eq "urn:ietf:params:scim:api:messages:2.0:Error"
end
end
end

Expand Down

0 comments on commit a6aa2a0

Please sign in to comment.