Merge branch '11540-support-emails-as-id-in-scim' into 'master'

Resolve "Support emails as ID in SCIM" Closes #11540 See merge request gitlab-org/gitlab-ee!14625

Merge branch '11540-support-emails-as-id-in-scim' into 'master'
Resolve "Support emails as ID in SCIM" Closes #11540 See merge request gitlab-org/gitlab-ee!14625
fd9ceec5 · James Lopez · 43cfc786 · a81db23b · fd9ceec5 · fd9ceec5
Commit fd9ceec5 authored Jul 10, 2019 by James Lopez
3 changed files
--- a/ee/changelogs/unreleased/11540-support-emails-as-id-in-scim.yml
+++ b/ee/changelogs/unreleased/11540-support-emails-as-id-in-scim.yml
+---
+title: Support emails as ID in SCIM
+merge_request: 14625
+author:
+type: fixed
--- a/ee/lib/api/scim.rb
+++ b/ee/lib/api/scim.rb
@@ -5,6 +5,7 @@ module API
    prefix 'api/scim'
    version 'v2'
    content_type :json, 'application/scim+json'
+    USER_ID_REQUIREMENTS = { id: /.+/ }.freeze
    namespace 'groups/:group' do
      params do
@@ -107,7 +108,7 @@ module API
        desc 'Get a SAML user' do
          detail 'This feature was introduced in GitLab 11.10.'
        end
-        get ':id' do
+        get ':id', requirements: USER_ID_REQUIREMENTS do
          group = find_and_authenticate_group!(params[:group])
          identity = GroupSamlIdentityFinder.find_by_group_and_uid(group: group, uid: params[:id])
@@ -142,7 +143,7 @@ module API
        desc 'Updates a SAML user' do
          detail 'This feature was introduced in GitLab 11.10.'
        end
-        patch ':id' do
+        patch ':id', requirements: USER_ID_REQUIREMENTS do
          scim_error!(message: 'Missing ID') unless params[:id]
          group = find_and_authenticate_group!(params[:group])
@@ -164,7 +165,7 @@ module API
        desc 'Removes a SAML user' do
          detail 'This feature was introduced in GitLab 11.10.'
        end
-        delete ":id" do
+        delete ':id', requirements: USER_ID_REQUIREMENTS do
          scim_error!(message: 'Missing ID') unless params[:id]
          group = find_and_authenticate_group!(params[:group])

--- a/ee/spec/requests/api/scim_spec.rb
+++ b/ee/spec/requests/api/scim_spec.rb
@@ -4,7 +4,6 @@ require 'spec_helper'
 describe API::Scim do
  let(:user) { create(:user) }
-  let(:identity) { create(:group_saml_identity, user: user) }
  let(:group) { identity.saml_provider.group }
  let(:scim_token) { create(:scim_oauth_access_token, group: group) }
@@ -14,6 +13,7 @@ describe API::Scim do
    group.add_owner(user)
  end
+  shared_examples 'SCIM API Endpoints' do
    describe 'GET api/scim/v2/groups/:group/Users' do
      context 'without token auth' do
        it 'responds with 401' do
@@ -266,4 +266,17 @@ describe API::Scim do
    def scim_api(url, token: true)
      api(url, user, version: '', oauth_access_token: token ? scim_token : nil)
    end
+  end
+  context 'user with an alphanumeric extern_uid' do
+    let(:identity) { create(:group_saml_identity, user: user, extern_uid: generate(:username)) }
+    it_behaves_like 'SCIM API Endpoints'
+  end
+  context 'user with an email extern_uid' do
+    let(:identity) { create(:group_saml_identity, user: user, extern_uid: user.email) }
+    it_behaves_like 'SCIM API Endpoints'
+  end
 end