Add GRIST_ENABLE_SCIM env variable

2025-06-07 14:43:57 +00:00 · 2024-09-06 20:31:13 +02:00 · 2024-09-06 20:31:13 +02:00 · 7c8c2f2057
commit 7c8c2f2057
parent 4ba322d1cb
2 changed files with 588 additions and 558 deletions
--- a/app/server/lib/FlexServer.ts
+++ b/app/server/lib/FlexServer.ts
@ -890,7 +890,12 @@ export class FlexServer implements GristServer {

  public addScimApi() {
    if (this._check('scim', 'api', 'homedb', 'json', 'api-mw')) { return; }
-    this.app.use('/api/scim', buildScimRouter(this._dbManager, this._installAdmin));
+    const scimRouter = isAffirmative(process.env.GRIST_ENABLE_SCIM) ?
+      buildScimRouter(this._dbManager, this._installAdmin) :
+      () => {
+        throw new ApiError('SCIM API is not enabled', 501);
+      };
+    this.app.use('/api/scim', scimRouter);
  }


--- a/test/server/lib/Scim.ts
+++ b/test/server/lib/Scim.ts
@ -30,26 +30,19 @@ const USER_CONFIG_BY_NAME = {
 type UserConfigByName = typeof USER_CONFIG_BY_NAME;

 describe('Scim', () => {
+  testUtils.setTmpLogLevel('error');
+
+  const setupTestServer = (env: NodeJS.ProcessEnv) => {
+    let homeUrl: string;
    let oldEnv: testUtils.EnvironmentSnapshot;
    let server: TestServer;
-  let homeUrl: string;
-  const userIdByName: {[name in keyof UserConfigByName]?: number} = {};
-
-  const scimUrl = (path: string) => (homeUrl + '/api/scim/v2' + path);
-
-  testUtils.setTmpLogLevel('error');

    before(async function () {
      oldEnv = new testUtils.EnvironmentSnapshot();
-    process.env.GRIST_DEFAULT_EMAIL = 'chimpy@getgrist.com';
-    process.env.GRIST_SCIM_EMAIL = 'charon@getgrist.com';
      process.env.TYPEORM_DATABASE = ':memory:';
+      Object.assign(process.env, env);
      server = new TestServer(this);
      homeUrl = await server.start();
-    const userNames = Object.keys(USER_CONFIG_BY_NAME) as Array<keyof UserConfigByName>;
-    for (const user of userNames) {
-      userIdByName[user] = await getOrCreateUserId(user);
-    }
    });

    after(async () => {
@ -57,6 +50,37 @@ describe('Scim', () => {
      await server.stop();
    });

+    return {
+      scimUrl: (path: string) => (homeUrl + '/api/scim/v2' + path),
+      getDbManager: () => server.dbManager,
+    };
+  };
+
+  describe('when disabled', function () {
+    const { scimUrl } = setupTestServer({});
+
+    it('should return 501 for /api/scim/v2/Users', async function () {
+      const res = await axios.get(scimUrl('/Users'), chimpy);
+      assert.equal(res.status, 501);
+      assert.deepEqual(res.data, { error: 'SCIM API is not enabled' });
+    });
+  });
+
+  describe('when enabled using GRIST_ENABLE_SCIM=1', function () {
+    const { scimUrl, getDbManager } = setupTestServer({
+      GRIST_ENABLE_SCIM: '1',
+      GRIST_DEFAULT_EMAIL: 'chimpy@getgrist.com',
+      GRIST_SCIM_EMAIL: 'charon@getgrist.com',
+    });
+    const userIdByName: {[name in keyof UserConfigByName]?: number} = {};
+
+    before(async function () {
+      const userNames = Object.keys(USER_CONFIG_BY_NAME) as Array<keyof UserConfigByName>;
+      for (const user of userNames) {
+        userIdByName[user] = await getOrCreateUserId(user);
+      }
+    });
+
    function personaToSCIMMYUserWithId(user: keyof UserConfigByName) {
      return toSCIMUserWithId(user, userIdByName[user]!);
    }
@ -82,12 +106,12 @@ describe('Scim', () => {
    }

    async function getOrCreateUserId(user: string) {
-    return (await server.dbManager.getUserByLogin(user + '@getgrist.com'))!.id;
+      return (await getDbManager().getUserByLogin(user + '@getgrist.com'))!.id;
    }

    async function cleanupUser(userId: number) {
-    if (await server.dbManager.getUser(userId)) {
-      await server.dbManager.deleteUser({ userId: userId }, userId);
+      if (await getDbManager().getUser(userId)) {
+        await getDbManager().deleteUser({ userId: userId }, userId);
      }
    }

@ -107,7 +131,7 @@ describe('Scim', () => {
        assert.equal(res.status, 401);
      });

-    it('should return 401 for kiwi', async function () {
+      it('should return 403 for kiwi', async function () {
        const res: any = await makeCallWith('kiwi');
        assert.deepEqual(res.data, {
          schemas: [ 'urn:ietf:params:scim:api:messages:2.0:Error' ],
@ -245,7 +269,7 @@ describe('Scim', () => {
        try {
          await cb(userName);
        } finally {
-        const user = await server.dbManager.getExistingUserByLogin(userName + "@getgrist.com");
+          const user = await getDbManager().getExistingUserByLogin(userName + "@getgrist.com");
          if (user) {
            await cleanupUser(user.id);
          }
@ -490,7 +514,7 @@ describe('Scim', () => {

      afterEach(async function () {
        for (const email of usersToCleanupEmails) {
-        const user = await server.dbManager.getExistingUserByLogin(email);
+          const user = await getDbManager().getExistingUserByLogin(email);
          if (user) {
            await cleanupUser(user.id);
          }
@ -668,3 +692,4 @@ describe('Scim', () => {
      assert.property(res.data, 'filter');
    });
  });
+});