Initial commit

Author: pond

.gitignore

@@ -0,0 +1,17 @@
+*.gem
+tags
+_site
+.sass-cache
+.DS_Store
+.byebug_history
+
+coverage/
+doc/
+
+**/log/*
+**/tmp/*
+!**/log/.keep
+!**/tmp/.keep
+
+/.bundle
+/vendor/bundle

.ruby-version

@@ -0,0 +1 @@
+2.7.2

.tm_properties

@@ -0,0 +1 @@
+excludeDirectories = "{$excludeDirectories,docs/rdoc,coverage,log}"

CHANGELOG.md

@@ -0,0 +1,3 @@
+# 1.0.0 (2020-02-23)
+
+* Initial RIP private release.

Gemfile

@@ -0,0 +1,8 @@
+source "https://rubygems.org"
+
+# Use a fork version of SDoc; can't use ":git" in ".gemspec" files, so do
+# it here instead.
+#
+gem 'sdoc', :git => 'https://github.com/pond/sdoc.git', :branch => 'master'
+
+gemspec

Gemfile.lock

@@ -0,0 +1,195 @@
+GIT
+  remote: https://github.com/pond/sdoc.git
+  revision: e1e35566f9f207bffb3511fea4779629de94d029
+  branch: master
+  specs:
+    sdoc (1.0.1)
+      json
+      rdoc (>= 5.0)
+
+PATH
+  remote: .
+  specs:
+    scimitar (1.0.0)
+      nokogiri (~> 1.11)
+      rails (>= 6.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actioncable (6.1.3)
+      actionpack (= 6.1.3)
+      activesupport (= 6.1.3)
+      nio4r (~> 2.0)
+      websocket-driver (>= 0.6.1)
+    actionmailbox (6.1.3)
+      actionpack (= 6.1.3)
+      activejob (= 6.1.3)
+      activerecord (= 6.1.3)
+      activestorage (= 6.1.3)
+      activesupport (= 6.1.3)
+      mail (>= 2.7.1)
+    actionmailer (6.1.3)
+      actionpack (= 6.1.3)
+      actionview (= 6.1.3)
+      activejob (= 6.1.3)
+      activesupport (= 6.1.3)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 2.0)
+    actionpack (6.1.3)
+      actionview (= 6.1.3)
+      activesupport (= 6.1.3)
+      rack (~> 2.0, >= 2.0.9)
+      rack-test (>= 0.6.3)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.0, >= 1.2.0)
+    actiontext (6.1.3)
+      actionpack (= 6.1.3)
+      activerecord (= 6.1.3)
+      activestorage (= 6.1.3)
+      activesupport (= 6.1.3)
+      nokogiri (>= 1.8.5)
+    actionview (6.1.3)
+      activesupport (= 6.1.3)
+      builder (~> 3.1)
+      erubi (~> 1.4)
+      rails-dom-testing (~> 2.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
+    activejob (6.1.3)
+      activesupport (= 6.1.3)
+      globalid (>= 0.3.6)
+    activemodel (6.1.3)
+      activesupport (= 6.1.3)
+    activerecord (6.1.3)
+      activemodel (= 6.1.3)
+      activesupport (= 6.1.3)
+    activestorage (6.1.3)
+      actionpack (= 6.1.3)
+      activejob (= 6.1.3)
+      activerecord (= 6.1.3)
+      activesupport (= 6.1.3)
+      marcel (~> 0.3.1)
+      mimemagic (~> 0.3.2)
+    activesupport (6.1.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    builder (3.2.4)
+    byebug (11.1.3)
+    concurrent-ruby (1.1.8)
+    crass (1.0.6)
+    diff-lcs (1.4.4)
+    docile (1.3.5)
+    doggo (1.1.0)
+      rspec-core (~> 3.0)
+    erubi (1.10.0)
+    globalid (0.4.2)
+      activesupport (>= 4.2.0)
+    i18n (1.8.9)
+      concurrent-ruby (~> 1.0)
+    json (2.5.1)
+    loofah (2.9.0)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.5.9)
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    marcel (0.3.3)
+      mimemagic (~> 0.3.2)
+    method_source (1.0.0)
+    mimemagic (0.3.5)
+    mini_mime (1.0.2)
+    mini_portile2 (2.5.0)
+    minitest (5.14.3)
+    nio4r (2.5.5)
+    nokogiri (1.11.1)
+      mini_portile2 (~> 2.5.0)
+      racc (~> 1.4)
+    racc (1.5.2)
+    rack (2.2.3)
+    rack-test (1.1.0)
+      rack (>= 1.0, < 3)
+    rails (6.1.3)
+      actioncable (= 6.1.3)
+      actionmailbox (= 6.1.3)
+      actionmailer (= 6.1.3)
+      actionpack (= 6.1.3)
+      actiontext (= 6.1.3)
+      actionview (= 6.1.3)
+      activejob (= 6.1.3)
+      activemodel (= 6.1.3)
+      activerecord (= 6.1.3)
+      activestorage (= 6.1.3)
+      activesupport (= 6.1.3)
+      bundler (>= 1.15.0)
+      railties (= 6.1.3)
+      sprockets-rails (>= 2.0.0)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
+    rails-html-sanitizer (1.3.0)
+      loofah (~> 2.3)
+    railties (6.1.3)
+      actionpack (= 6.1.3)
+      activesupport (= 6.1.3)
+      method_source
+      rake (>= 0.8.7)
+      thor (~> 1.0)
+    rake (13.0.3)
+    rdoc (6.3.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-rails (4.0.2)
+      actionpack (>= 4.2)
+      activesupport (>= 4.2)
+      railties (>= 4.2)
+      rspec-core (~> 3.10)
+      rspec-expectations (~> 3.10)
+      rspec-mocks (~> 3.10)
+      rspec-support (~> 3.10)
+    rspec-support (3.10.2)
+    simplecov (0.21.2)
+      docile (~> 1.1)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov-rcov (0.2.3)
+      simplecov (>= 0.4.1)
+    simplecov_json_formatter (0.1.2)
+    sprockets (4.0.2)
+      concurrent-ruby (~> 1.0)
+      rack (> 1, < 3)
+    sprockets-rails (3.2.2)
+      actionpack (>= 4.0)
+      activesupport (>= 4.0)
+      sprockets (>= 3.0.0)
+    thor (1.1.0)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    websocket-driver (0.7.3)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.5)
+    zeitwerk (2.4.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  byebug (~> 11.1)
+  doggo (~> 1.1)
+  rake (~> 13.0)
+  rdoc (~> 6.3)
+  rspec-rails (~> 4.0)
+  scimitar!
+  sdoc!
+  simplecov-rcov (~> 0.2)
+
+BUNDLED WITH
+   2.1.4

LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2021 RIP Global
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,137 @@
+# Scimitar
+
+[![License](https://img.shields.io/badge/license-mit-blue.svg)](https://opensource.org/licenses/MIT)
+
+Comprehensive SCIM v2 support for Users and Groups in Ruby On Rails.
+
+
+
+## Overview
+
+System for Cross-domain Identity Management (SCIM) is a protocol that helps systems synchronise user data between different business systems. A _service provider_ hosts a SCIM API endpoint implementation and the Scimitar gem is used to help quickly build this implementation. One or more _enterprise subscribers_ use these APIs to let that service know about changes in the enterprise's user (employee) list.
+
+In the context of the names used by the SCIM standard, the service that is provided is some kind of software-as-a-service solution that the enterprise subscriber uses to assist with their day to day business. The enterprise maintains its user (employee) list via whatever means it wants, but includes SCIM support so that any third party services it uses can be kept up to date with adds, removals or changes to employee data.
+
+* [Overview](https://en.wikipedia.org/wiki/System_for_Cross-domain_Identity_Management) at Wikipedia
+* [More detailed introduction](http://www.simplecloud.info) at SimpleCloud
+* SCIM v2 RFC [7642](https://tools.ietf.org/html/rfc7642): Concepts
+* SCIM v2 RFC [7643](https://tools.ietf.org/html/rfc7643): Core schema
+* SCIM v2 RFC [7644](https://tools.ietf.org/html/rfc7644): Protocol
+
+
+
+## Installation
+
+Install using:
+
+```shell
+gem install scimitar
+```
+
+In your Gemfile:
+
+```ruby
+gem 'scimitar', '~> 1.0'
+```
+
+Scimitar uses [semantic versioning](https://semver.org) so you can be confident that patch and minor version updates for features, bug fixes and/or security patches will not break your application.
+
+
+
+## Heritage
+
+Scimitar borrow heavily - to the point of cut-and-paste - from:
+
+* [Scimitar](https://github.com/Cisco-AMP/scimitar) for the Rails controllers and resource-agnostic subclassing approach that makes supporting User and/or Group, along with custom resource types if you need them, quite easy.
+* [ScimRails](https://github.com/lessonly/scim_rails) for the bearer token support, 'index' actions and filter support.
+* [Scim::Kit](https://github.com/xlgmokha/scim-kit) as a handy, formalised way to convert to/from SCIM JSON schema and your own records (be they persisted via ActiveRecord or any other means).
+
+All three are provided under the MIT license. Scimitar is too.
+
+
+
+## Usage
+
+```
+GREAT
+
+BIG
+
+TO
+
+DO
+
+LIST
+
+OF
+
+STUFF
+
+THAT
+
+NEEDS
+
+TO
+
+GO
+
+HERE
+
+:-)
+
+(I'll know it once I've built it)
+```
+
+
+
+## Security
+
+One IMHO under-discussed feature of SCIM is the authorisation and security model. The best resource I've found to describe this in any detail is [section 2 of the protocol RFC, 7644](https://tools.ietf.org/html/rfc7644#section-2). Often, you'll find that bearer tokens are in use by SCIM API consumers.
+
+As an example, suppose a corporation uses Microsoft Azure Active Directory to maintain a master database of employee details. Azure lets administrators [connect to SCIM endpoints]() for services that this corporation might use. In all cases, bearer tokens are used.
+
+* When the third party integration builds an app that it gets hosted in the Azure Marketplace, the token is obtained via full OAuth flow of some kind - the enterprise corporation would sign into your app by some OAuth UI mechanism you provide, which leads to a Bearer token being issued. Thereafter, the Azure system would quote this back to you in API calls via the `Authorization` HTTP header.
+
+* If you are providing SCIM services as part of some wider service offering it might not make sense to go to the trouble of adding all the extra features and requirements for Marketplace inclusion. Fortunately, Microsoft support addition of 'user-defined' enterprise "app" integrations in Azure, so the administrator can set up and 'provision' your SCIM API endpoint. In _this_ case, the bearer token is just some string that you generate which they paste into the Azure AD UI. Clearly, then, this amounts to little more than a glorified password, but you can take steps to make sure that it's long, unguessable and potentially be some encrypted/encoded structure that allows you to make additional security checks on "your side" when you unpack the token as part of API request handling.
+
+* HTTPS is obviously a given here and localhost integration during development is difficult; perhaps search around for things like POSTman collections to assist with development testing. Scimitar has a reasonably comprehensive internal test suite but it's only as good as the accuracy and reliability of the subclass code you write to "bridge the gap" between SCIM schema and actions, and your User/Group equivalent records and the operations you perform upon them.
+
+
+
+
+LINKS FOR
+https://techcommunity.microsoft.com/t5/identity-standards-blog/provisioning-with-scim-design-build-and-test-your-scim-endpoint/ba-p/1204883
+https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works
+https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#integrate-your-scim-endpoint-with-the-aad-scim-client
+
+
+
+## Development
+
+Install dependencies first:
+
+```
+bundle install
+```
+
+
+
+## Tests
+
+The tests use [RSpec](http://rspec.info):
+
+```shell
+bundle exec rspec
+```
+
+
+
+## Internal documentation
+
+Regenerate the internal [`rdoc` documentation](https://ruby-doc.org/stdlib-2.4.1/libdoc/rdoc/rdoc/RDoc/Markup.html#label-Supported+Formats) with:
+
+```shell
+bundle exec rake rerdoc
+```
+
+...yes, that's `rerdoc` - Re-R-Doc.