TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 01:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: create user scim v2 endpoint (#9132)

Browse Source 
# Which Problems Are Solved
- Adds infrastructure code (basic implementation, error handling,
middlewares, ...) to implement the SCIM v2 interface
- Adds support for the user create SCIM v2 endpoint

# How the Problems Are Solved
- Adds support for the user create SCIM v2 endpoint under `POST
/scim/v2/{orgID}/Users`

# Additional Context

Part of #8140
This commit is contained in:
Lars
2025-01-09 12:46:36 +01:00
committed by GitHub
parent 829f4543da
commit e621224ab2
44 changed files with 2412 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
internal/api/scim/schemas/schemas.go Normal file
View File

@@ -0,0 +1,20 @@
package schemas
type ScimSchemaType string
type ScimResourceTypeSingular string
type ScimResourceTypePlural string
const (
idPrefixMessages = "urn:ietf:params:scim:api:messages:2.0:"
idPrefixCore = "urn:ietf:params:scim:schemas:core:2.0:"
idPrefixZitadelMessages = "urn:ietf:params:scim:api:zitadel:messages:2.0:"
IdUser ScimSchemaType = idPrefixCore + "User"
IdError ScimSchemaType = idPrefixMessages + "Error"
IdZitadelErrorDetail ScimSchemaType = idPrefixZitadelMessages + "ErrorDetail"
UserResourceType ScimResourceTypeSingular = "User"
UsersResourceType ScimResourceTypePlural = "Users"
HandlerPrefix = "/scim/v2"
)

28
internal/api/scim/schemas/string.go Normal file
View File

@@ -0,0 +1,28 @@
package schemas
import "encoding/json"
// WriteOnlyString a write only string is not serializable to json.
// in the SCIM RFC it has a mutability of writeOnly.
// This increases security to really ensure this is never sent to a client.
type WriteOnlyString string
func NewWriteOnlyString(s string) *WriteOnlyString {
wos := WriteOnlyString(s)
return &wos
}
func (s *WriteOnlyString) MarshalJSON() ([]byte, error) {
return []byte("null"), nil
}
func (s *WriteOnlyString) UnmarshalJSON(bytes []byte) error {
var str string
err := json.Unmarshal(bytes, &str)
*s = WriteOnlyString(str)
return err
}
func (s *WriteOnlyString) String() string {
return string(*s)
}

70
internal/api/scim/schemas/string_test.go Normal file
View File

@@ -0,0 +1,70 @@
package schemas
import (
"encoding/json"
"testing"
"github.com/stretchr/testify/assert"
)
func TestWriteOnlyString_MarshalJSON(t *testing.T) {
tests := []struct {
name string
s WriteOnlyString
}{
{
name: "always returns null",
s: "foo bar",
},
{
name: "empty string returns null",
s: "",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := json.Marshal(&tt.s)
assert.NoError(t, err)
assert.Equal(t, "null", string(got))
})
}
}
func TestWriteOnlyString_UnmarshalJSON(t *testing.T) {
tests := []struct {
name string
input []byte
want WriteOnlyString
wantErr bool
}{
{
name: "string",
input: []byte(`"fooBar"`),
want: "fooBar",
wantErr: false,
},
{
name: "empty string",
input: []byte(`""`),
want: "",
wantErr: false,
},
{
name: "bad format",
input: []byte(`"bad "format"`),
want: "",
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
var got WriteOnlyString
err := json.Unmarshal(tt.input, &got)
if (err != nil) != tt.wantErr {
t.Errorf("UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
}
assert.Equal(t, tt.want, got)
})
}
}

50
internal/api/scim/schemas/url.go Normal file
View File

@@ -0,0 +1,50 @@
package schemas
import (
"encoding/json"
"net/url"
"github.com/zitadel/zitadel/internal/zerrors"
)
type HttpURL url.URL
func ParseHTTPURL(rawURL string) (*HttpURL, error) {
parsedURL, err := url.Parse(rawURL)
if err != nil {
return nil, err
}
if parsedURL.Scheme != "http" && parsedURL.Scheme != "https" {
return nil, zerrors.ThrowInvalidArgumentf(nil, "SCIM-htturl1", "HTTP URL expected, got %v", parsedURL.Scheme)
}
return (*HttpURL)(parsedURL), nil
}
func (u *HttpURL) UnmarshalJSON(data []byte) error {
var urlStr string
if err := json.Unmarshal(data, &urlStr); err != nil {
return err
}
parsedURL, err := ParseHTTPURL(urlStr)
if err != nil {
return err
}
*u = *parsedURL
return nil
}
func (u *HttpURL) MarshalJSON() ([]byte, error) {
return json.Marshal(u.String())
}
func (u *HttpURL) String() string {
if u == nil {
return ""
}
return (*url.URL)(u).String()
}

182
internal/api/scim/schemas/url_test.go Normal file
View File

@@ -0,0 +1,182 @@
package schemas
import (
"reflect"
"testing"
"github.com/goccy/go-json"
"github.com/stretchr/testify/assert"
"github.com/zitadel/logging"
)
func TestHttpURL_MarshalJSON(t *testing.T) {
tests := []struct {
name string
u *HttpURL
want []byte
wantErr bool
}{
{
name: "http url",
u: mustParseURL("http://example.com"),
want: []byte(`"http://example.com"`),
wantErr: false,
},
{
name: "https url",
u: mustParseURL("https://example.com"),
want: []byte(`"https://example.com"`),
wantErr: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := json.Marshal(tt.u)
if (err != nil) != tt.wantErr {
t.Errorf("MarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
return
}
assert.Equal(t, string(got), string(tt.want))
})
}
}
func TestHttpURL_UnmarshalJSON(t *testing.T) {
tests := []struct {
name string
data []byte
want *HttpURL
wantErr bool
}{
{
name: "http url",
data: []byte(`"http://example.com"`),
want: mustParseURL("http://example.com"),
wantErr: false,
},
{
name: "https url",
data: []byte(`"https://example.com"`),
want: mustParseURL("https://example.com"),
wantErr: false,
},
{
name: "ftp url should fail",
data: []byte(`"ftp://example.com"`),
want: nil,
wantErr: true,
},
{
name: "no url should fail",
data: []byte(`"test"`),
want: nil,
wantErr: true,
},
{
name: "number should fail",
data: []byte(`120`),
want: nil,
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
url := new(HttpURL)
err := json.Unmarshal(tt.data, url)
if (err != nil) != tt.wantErr {
t.Errorf("UnmarshalJSON() error = %v, wantErr %v", err, tt.wantErr)
}
if tt.wantErr {
return
}
assert.Equal(t, tt.want.String(), url.String())
})
}
}
func TestHttpURL_String(t *testing.T) {
tests := []struct {
name string
u *HttpURL
want string
}{
{
name: "http url",
u: mustParseURL("http://example.com"),
want: "http://example.com",
},
{
name: "https url",
u: mustParseURL("https://example.com"),
want: "https://example.com",
},
{
name: "nil",
u: nil,
want: "",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := tt.u.String(); got != tt.want {
t.Errorf("String() = %v, want %v", got, tt.want)
}
})
}
}
func TestParseHTTPURL(t *testing.T) {
tests := []struct {
name string
rawURL string
want *HttpURL
wantErr bool
}{
{
name: "http url",
rawURL: "http://example.com",
want: mustParseURL("http://example.com"),
wantErr: false,
},
{
name: "https url",
rawURL: "https://example.com",
want: mustParseURL("https://example.com"),
wantErr: false,
},
{
name: "ftp url should fail",
rawURL: "ftp://example.com",
want: nil,
wantErr: true,
},
{
name: "no url should fail",
rawURL: "test",
want: nil,
wantErr: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := ParseHTTPURL(tt.rawURL)
if (err != nil) != tt.wantErr {
t.Errorf("ParseHTTPURL() error = %v, wantErr %v", err, tt.wantErr)
return
}
if !reflect.DeepEqual(got, tt.want) {
t.Errorf("ParseHTTPURL() got = %v, want %v", got, tt.want)
}
})
}
}
func mustParseURL(rawURL string) *HttpURL {
url, err := ParseHTTPURL(rawURL)
logging.OnError(err).Fatal("failed to parse URL")
return url
}