Resolve "Support emails as ID in SCIM"

a81db23b · Manoj MJ · James Lopez · 43cfc786 · a81db23b · a81db23b
Commit a81db23b authored Jul 10, 2019 by Manoj MJ Committed by James Lopez Jul 10, 2019
3 changed files
--- a/ee/changelogs/unreleased/11540-support-emails-as-id-in-scim.yml
+++ b/ee/changelogs/unreleased/11540-support-emails-as-id-in-scim.yml
+---
+title: Support emails as ID in SCIM
+merge_request: 14625
+author:
+type: fixed
--- a/ee/lib/api/scim.rb
+++ b/ee/lib/api/scim.rb
@@ -5,6 +5,7 @@ module API
    prefix 'api/scim'
    version 'v2'
    content_type :json, 'application/scim+json'
+    USER_ID_REQUIREMENTS = { id: /.+/ }.freeze

    namespace 'groups/:group' do
      params do
@@ -107,7 +108,7 @@ module API
        desc 'Get a SAML user' do
          detail 'This feature was introduced in GitLab 11.10.'
        end
-        get ':id' do
+        get ':id', requirements: USER_ID_REQUIREMENTS do
          group = find_and_authenticate_group!(params[:group])

          identity = GroupSamlIdentityFinder.find_by_group_and_uid(group: group, uid: params[:id])
@@ -142,7 +143,7 @@ module API
        desc 'Updates a SAML user' do
          detail 'This feature was introduced in GitLab 11.10.'
        end
-        patch ':id' do
+        patch ':id', requirements: USER_ID_REQUIREMENTS do
          scim_error!(message: 'Missing ID') unless params[:id]

          group = find_and_authenticate_group!(params[:group])
@@ -164,7 +165,7 @@ module API
        desc 'Removes a SAML user' do
          detail 'This feature was introduced in GitLab 11.10.'
        end
-        delete ":id" do
+        delete ':id', requirements: USER_ID_REQUIREMENTS do
          scim_error!(message: 'Missing ID') unless params[:id]

          group = find_and_authenticate_group!(params[:group])

--- a/ee/spec/requests/api/scim_spec.rb
+++ b/ee/spec/requests/api/scim_spec.rb
@@ -4,7 +4,6 @@ require 'spec_helper'

 describe API::Scim do
  let(:user) { create(:user) }
-  let(:identity) { create(:group_saml_identity, user: user) }
  let(:group) { identity.saml_provider.group }
  let(:scim_token) { create(:scim_oauth_access_token, group: group) }

@@ -14,6 +13,7 @@ describe API::Scim do
    group.add_owner(user)
  end

+  shared_examples 'SCIM API Endpoints' do
    describe 'GET api/scim/v2/groups/:group/Users' do
      context 'without token auth' do
        it 'responds with 401' do
@@ -266,4 +266,17 @@ describe API::Scim do
    def scim_api(url, token: true)
      api(url, user, version: '', oauth_access_token: token ? scim_token : nil)
    end
+  end
+
+  context 'user with an alphanumeric extern_uid' do
+    let(:identity) { create(:group_saml_identity, user: user, extern_uid: generate(:username)) }
+
+    it_behaves_like 'SCIM API Endpoints'
+  end
+
+  context 'user with an email extern_uid' do
+    let(:identity) { create(:group_saml_identity, user: user, extern_uid: user.email) }
+
+    it_behaves_like 'SCIM API Endpoints'
+  end
 end