我正在测试SCIM实施的合规性(尤其是与Azure Active Directory的合规性)。 我的73项测试中有2项失败。
根据Microsoft documentation关于用于供应的SCIM实现,以下是通过displayName查询用户时需要做的事情:
GET /Users?filter=userName eq "Test_User_dfeef4c5-5681-4387-b016-bdf221e82081"
然后,期望以下JSON响应:
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults": 1,
"Resources": [{
"schemas": ["urn:ietf:params:scim:schemas:core:2.0:User"],
"id": "2441309d85324e7793ae",
"externalId": "7fce0092-d52e-4f76-b727-3955bd72c939",
"meta": {
"resourceType": "User",
"created": "2018-03-27T19:59:26.000Z",
"lastModified": "2018-03-27T19:59:26.000Z"
},
"userName": "Test_User_dfeef4c5-5681-4387-b016-bdf221e82081",
"name": {
"familyName": "familyName",
"givenName": "givenName"
},
"active": true,
"emails": [{
"value": "Test_User_91b67701-697b-46de-b864-bd0bbe4f99c1@testuser.com",
"type": "work",
"primary": true
}]
}],
"startIndex": 1,
"itemsPerPage": 20
}
我正在像这样用RSpec编写测试:
require 'rails_helper'
RSpec.describe "AzureAdUsers", type: :request do
let(:scim_idp) { create(:identity_provider, :with_ca_and_groups, communaute_accesses_count: 10, provider_groups_count: 10) }
let(:scim_provider) { Scim::ScimProvider.new(scim_idp) }
let(:user) { scim_provider.identity_provider.communaute_accesses.from_scim.first }
describe "GET/POST/PATCH/DELETE on Users", :azure_ad_users_specs do
describe "GET /idp/:uuid/scim/v2/Users/:id --- #show", :show_user do
context "GET User by query", :user_by_query do
it "returns http 200 status code", :get_user_by_query do
@user = user
@user_userName = JSON.parse(@user.to_json)['data']['scim']['last']['userName']
get "/idp/#{scim_idp.identifier}/scim/v2/Users?filter=userName+eq+#{@user_userName}", headers: azure_authorization_header
expect(response.status).to eq(200)
end
it "is good encoded", :query_regexp_success do
lexer_regexp = /((?-mix:[\(\)])|(?-mix:"(?:\\"|[^"])*")|(?-mix:pr|eq|co|sw|gt|ge|lt|le|and|or)|(?-mix:[\w.,!@_-]+))(?-mix:\s?)/
user_config = user.data['scim']['last']
user_userName = user_config['userName']
expect(user_userName).to match(lexer_regexp)
end
it "returns the right json response", :get_user_by_query_json do
expected_response = JSON.parse(get_user_by_query_response)
@user_userName = user.data['scim']['last']['userName']
puts @user_userName
get "/idp/#{scim_idp.identifier}/scim/v2/Users?filter=userName+eq+#{@user_userName}", headers: azure_authorization_header
parsed_response = JSON.parse(response.body)
puts parsed_response
expect(parsed_response).to eq(expected_response)
# TODO:
# the response returns an empty ['Resources']
# this means the userName is not retrieved and the query
# returns no result.
end
end
end
get_user_by_query_json测试是唯一失败的测试。
以下是响应(来自parsed_response):
{"schemas"=>["urn:ietf:params:scim:api:messages:2.0:ListResponse"], "totalResults"=>0, "Resources"=>[], "startIndex"=>1, "itemsPerPage"=>3}
我不明白为什么资源为空。 @user_userName不为空。
另一个失败的测试是相同的,只是针对组。