diff --git a/libs/wire-api/src/Wire/API/Routes/Public/Spar.hs b/libs/wire-api/src/Wire/API/Routes/Public/Spar.hs
index 787da9d22a2..5e9de5a5111 100644
--- a/libs/wire-api/src/Wire/API/Routes/Public/Spar.hs
+++ b/libs/wire-api/src/Wire/API/Routes/Public/Spar.hs
@@ -114,6 +114,7 @@ type APIIDP =
Named "idp-get" (ZOptUser :> IdpGet)
:<|> Named "idp-get-raw" (ZOptUser :> IdpGetRaw)
:<|> Named "idp-get-all" (ZOptUser :> IdpGetAll)
+ :<|> Named "idp-create@v7" (Until 'V8 :> ZOptUser :> IdpCreate) -- (change is semantic, see handler)
:<|> Named "idp-create" (ZOptUser :> IdpCreate)
:<|> Named "idp-update" (ZOptUser :> IdpUpdate)
:<|> Named "idp-delete" (ZOptUser :> IdpDelete)
@@ -189,21 +190,21 @@ data ScimSite tag route = ScimSite
deriving (Generic)
type APIScimToken =
- Named "auth-tokens-create@v6" (Until 'V7 :> ZOptUser :> APIScimTokenCreateV6)
- :<|> Named "auth-tokens-create" (From 'V7 :> ZOptUser :> APIScimTokenCreate)
- :<|> Named "auth-tokens-put-name" (From 'V7 :> ZUser :> APIScimTokenPutName)
+ Named "auth-tokens-create@v7" (Until 'V8 :> ZOptUser :> APIScimTokenCreateV7)
+ :<|> Named "auth-tokens-create" (From 'V8 :> ZOptUser :> APIScimTokenCreate)
+ :<|> Named "auth-tokens-put-name" (From 'V8 :> ZUser :> APIScimTokenPutName)
:<|> Named "auth-tokens-delete" (ZOptUser :> APIScimTokenDelete)
- :<|> Named "auth-tokens-list@v6" (Until 'V7 :> ZOptUser :> APIScimTokenListV6)
- :<|> Named "auth-tokens-list" (From 'V7 :> ZOptUser :> APIScimTokenList)
+ :<|> Named "auth-tokens-list@v7" (Until 'V8 :> ZOptUser :> APIScimTokenListV7)
+ :<|> Named "auth-tokens-list" (From 'V8 :> ZOptUser :> APIScimTokenList)
type APIScimTokenPutName =
Capture "id" ScimTokenId
:> ReqBody '[JSON] ScimTokenName
:> Put '[JSON] ()
-type APIScimTokenCreateV6 =
- VersionedReqBody 'V6 '[JSON] CreateScimToken
- :> Post '[JSON] CreateScimTokenResponseV6
+type APIScimTokenCreateV7 =
+ VersionedReqBody 'V7 '[JSON] CreateScimToken
+ :> Post '[JSON] CreateScimTokenResponseV7
type APIScimTokenCreate =
ReqBody '[JSON] CreateScimToken
@@ -216,8 +217,8 @@ type APIScimTokenDelete =
type APIScimTokenList =
Get '[JSON] ScimTokenList
-type APIScimTokenListV6 =
- Get '[JSON] ScimTokenListV6
+type APIScimTokenListV7 =
+ Get '[JSON] ScimTokenListV7
data SparAPITag
diff --git a/libs/wire-api/src/Wire/API/User/Scim.hs b/libs/wire-api/src/Wire/API/User/Scim.hs
index 0a0f94e2520..fdb8e1396ff 100644
--- a/libs/wire-api/src/Wire/API/User/Scim.hs
+++ b/libs/wire-api/src/Wire/API/User/Scim.hs
@@ -182,7 +182,7 @@ instance ToSchema ScimTokenInfo where
<*> (.stiName) .= field "name" schema
-- | Metadata that we store about each token.
-data ScimTokenInfoV6 = ScimTokenInfoV6
+data ScimTokenInfoV7 = ScimTokenInfoV7
{ -- | Which team can be managed with the token
stiTeam :: !TeamId,
-- | Token ID, can be used to eg. delete the token
@@ -196,13 +196,13 @@ data ScimTokenInfoV6 = ScimTokenInfoV6
stiDescr :: !Text
}
deriving (Eq, Show, Generic)
- deriving (Arbitrary) via (GenericUniform ScimTokenInfoV6)
- deriving (A.ToJSON, A.FromJSON, S.ToSchema) via (Schema.Schema ScimTokenInfoV6)
+ deriving (Arbitrary) via (GenericUniform ScimTokenInfoV7)
+ deriving (A.ToJSON, A.FromJSON, S.ToSchema) via (Schema.Schema ScimTokenInfoV7)
-instance ToSchema ScimTokenInfoV6 where
+instance ToSchema ScimTokenInfoV7 where
schema =
- object "ScimTokenInfoV6" $
- ScimTokenInfoV6
+ object "ScimTokenInfoV7" $
+ ScimTokenInfoV7
<$> (.stiTeam) .= field "team" schema
<*> (.stiId) .= field "id" schema
<*> (.stiCreatedAt) .= field "created_at" utcTimeSchema
@@ -433,20 +433,29 @@ data CreateScimToken = CreateScimToken
deriving (A.ToJSON, A.FromJSON, S.ToSchema) via (Schema.Schema CreateScimToken)
createScimTokenSchema :: Maybe Version -> ValueSchema NamedSwaggerDoc CreateScimToken
-createScimTokenSchema v =
- object ("CreateScimToken" <> foldMap (Text.toUpper . versionText) v) $
+createScimTokenSchema mVersion =
+ object ("CreateScimToken" <> foldMap (Text.toUpper . versionText) mVersion) $
CreateScimToken
<$> (.description) .= field "description" schema
<*> password .= optField "password" (maybeWithDefault A.Null schema)
<*> verificationCode .= optField "verification_code" (maybeWithDefault A.Null schema)
- <*> (if isJust v then const Nothing else (.name)) .= maybe_ (optField "name" schema)
- <*> (if isJust v then const Nothing else (fmap SAML.fromIdPId . idp)) .= maybe_ (optField "idp" (SAML.IdPId <$> uuidSchema))
+ <*> nameSchema
+ <*> idpSchema
+ where
+ nameSchema =
+ case mVersion of
+ Just v | v <= V7 -> const Nothing .= pure Nothing
+ _ -> (.name) .= maybe_ (optField "name" schema)
+ idpSchema =
+ case mVersion of
+ Just v | v <= V7 -> const Nothing .= pure Nothing
+ _ -> (fmap SAML.fromIdPId . idp) .= maybe_ (optField "idp" (SAML.IdPId <$> uuidSchema))
instance ToSchema CreateScimToken where
schema = createScimTokenSchema Nothing
-instance ToSchema (Versioned 'V6 CreateScimToken) where
- schema = Versioned <$> unVersioned .= createScimTokenSchema (Just V6)
+instance ToSchema (Versioned 'V7 CreateScimToken) where
+ schema = Versioned <$> unVersioned .= createScimTokenSchema (Just V7)
-- | Type used for the response of 'APIScimTokenCreate'.
data CreateScimTokenResponse = CreateScimTokenResponse
@@ -464,18 +473,18 @@ instance ToSchema CreateScimTokenResponse where
<$> (.token) .= field "token" schema
<*> (.info) .= field "info" schema
-data CreateScimTokenResponseV6 = CreateScimTokenResponseV6
+data CreateScimTokenResponseV7 = CreateScimTokenResponseV7
{ token :: ScimToken,
- info :: ScimTokenInfoV6
+ info :: ScimTokenInfoV7
}
deriving (Eq, Show, Generic)
- deriving (Arbitrary) via (GenericUniform CreateScimTokenResponseV6)
- deriving (A.ToJSON, A.FromJSON, S.ToSchema) via (Schema.Schema CreateScimTokenResponseV6)
+ deriving (Arbitrary) via (GenericUniform CreateScimTokenResponseV7)
+ deriving (A.ToJSON, A.FromJSON, S.ToSchema) via (Schema.Schema CreateScimTokenResponseV7)
-instance ToSchema CreateScimTokenResponseV6 where
+instance ToSchema CreateScimTokenResponseV7 where
schema =
- object "CreateScimTokenResponseV6" $
- CreateScimTokenResponseV6
+ object "CreateScimTokenResponseV7" $
+ CreateScimTokenResponseV7
<$> (.token) .= field "token" schema
<*> (.info) .= field "info" schema
@@ -492,14 +501,14 @@ data ScimTokenList = ScimTokenList
instance ToSchema ScimTokenList where
schema = object "ScimTokenList" $ ScimTokenList <$> (.scimTokenListTokens) .= field "tokens" (array schema)
-data ScimTokenListV6 = ScimTokenListV6
- { scimTokenListTokens :: [ScimTokenInfoV6]
+data ScimTokenListV7 = ScimTokenListV7
+ { scimTokenListTokens :: [ScimTokenInfoV7]
}
deriving (Eq, Show)
- deriving (A.ToJSON, A.FromJSON, S.ToSchema) via (Schema.Schema ScimTokenListV6)
+ deriving (A.ToJSON, A.FromJSON, S.ToSchema) via (Schema.Schema ScimTokenListV7)
-instance ToSchema ScimTokenListV6 where
- schema = object "ScimTokenListV6" $ ScimTokenListV6 <$> (.scimTokenListTokens) .= field "tokens" (array schema)
+instance ToSchema ScimTokenListV7 where
+ schema = object "ScimTokenListV7" $ ScimTokenListV7 <$> (.scimTokenListTokens) .= field "tokens" (array schema)
newtype ScimTokenName = ScimTokenName {fromScimTokenName :: Text}
deriving (Eq, Show)
diff --git a/services/brig/docs/swagger-v7.json b/services/brig/docs/swagger-v7.json
index 785d7bf11a8..3f60be27d75 100644
--- a/services/brig/docs/swagger-v7.json
+++ b/services/brig/docs/swagger-v7.json
@@ -1723,43 +1723,37 @@
],
"type": "object"
},
- "CreateScimToken": {
+ "CreateScimTokenResponseV7": {
"properties": {
- "description": {
- "type": "string"
- },
- "idp": {
- "$ref": "#/components/schemas/UUID"
- },
- "name": {
- "type": "string"
+ "info": {
+ "$ref": "#/components/schemas/ScimTokenInfoV7"
},
- "password": {
- "maxLength": 1024,
- "minLength": 6,
+ "token": {
"type": "string"
- },
- "verification_code": {
- "$ref": "#/components/schemas/ASCII"
}
},
"required": [
- "description"
+ "token",
+ "info"
],
"type": "object"
},
- "CreateScimTokenResponse": {
+ "CreateScimTokenV7": {
"properties": {
- "info": {
- "$ref": "#/components/schemas/ScimTokenInfo"
+ "description": {
+ "type": "string"
},
- "token": {
+ "password": {
+ "maxLength": 1024,
+ "minLength": 6,
"type": "string"
+ },
+ "verification_code": {
+ "$ref": "#/components/schemas/ASCII"
}
},
"required": [
- "token",
- "info"
+ "description"
],
"type": "object"
},
@@ -5107,7 +5101,7 @@
],
"type": "object"
},
- "ScimTokenInfo": {
+ "ScimTokenInfoV7": {
"properties": {
"created_at": {
"$ref": "#/components/schemas/UTCTime"
@@ -5121,9 +5115,6 @@
"idp": {
"$ref": "#/components/schemas/UUID"
},
- "name": {
- "type": "string"
- },
"team": {
"$ref": "#/components/schemas/UUID"
}
@@ -5132,16 +5123,15 @@
"team",
"id",
"created_at",
- "description",
- "name"
+ "description"
],
"type": "object"
},
- "ScimTokenList": {
+ "ScimTokenListV7": {
"properties": {
"tokens": {
"items": {
- "$ref": "#/components/schemas/ScimTokenInfo"
+ "$ref": "#/components/schemas/ScimTokenInfoV7"
},
"type": "array"
}
@@ -5151,17 +5141,6 @@
],
"type": "object"
},
- "ScimTokenName": {
- "properties": {
- "name": {
- "type": "string"
- }
- },
- "required": [
- "name"
- ],
- "type": "object"
- },
"SearchResult": {
"properties": {
"documents": {
@@ -15715,36 +15694,6 @@
"summary": "Verify account deletion with a code."
}
},
- "/events": {
- "get": {
- "description": " [internal route ID: \"consume-events\"]\n\nThis is the rabbitMQ-based variant of \"await-notifications\"",
- "externalDocs": {
- "description": "RFC 6455",
- "url": "https://datatracker.ietf.org/doc/html/rfc6455"
- },
- "operationId": "consume-events",
- "parameters": [
- {
- "description": "Client ID",
- "in": "query",
- "name": "client",
- "required": true,
- "schema": {
- "type": "string"
- }
- }
- ],
- "responses": {
- "101": {
- "description": "Connection upgraded."
- },
- "426": {
- "description": "Upgrade required."
- }
- },
- "summary": "Consume events over a websocket connection"
- }
- },
"/feature-configs": {
"get": {
"description": " [internal route ID: \"get-all-feature-configs-for-user\"]\n\nGets feature configs for a user. If the user is a member of a team and has the required permissions, this will return the team's feature configs.If the user is not a member of a team, this will return the personal feature configs (the server defaults).\nOAuth scope: `read:feature_configs`",
@@ -22147,14 +22096,14 @@
}
},
"get": {
- "description": " [internal route ID: \"auth-tokens-list\"]\n\n",
- "operationId": "auth-tokens-list",
+ "description": " [internal route ID: \"auth-tokens-list@v7\"]\n\n",
+ "operationId": "auth-tokens-list@v7",
"responses": {
"200": {
"content": {
"application/json;charset=utf-8": {
"schema": {
- "$ref": "#/components/schemas/ScimTokenList"
+ "$ref": "#/components/schemas/ScimTokenListV7"
}
}
},
@@ -22201,90 +22150,13 @@
}
},
"post": {
- "description": " [internal route ID: \"auth-tokens-create\"]\n\n",
- "operationId": "auth-tokens-create",
- "requestBody": {
- "content": {
- "application/json;charset=utf-8": {
- "schema": {
- "$ref": "#/components/schemas/CreateScimToken"
- }
- }
- },
- "required": true
- },
- "responses": {
- "200": {
- "content": {
- "application/json;charset=utf-8": {
- "schema": {
- "$ref": "#/components/schemas/CreateScimTokenResponse"
- }
- }
- },
- "description": ""
- },
- "403": {
- "content": {
- "application/json;charset=utf-8": {
- "schema": {
- "example": {
- "code": 403,
- "label": "code-authentication-required",
- "message": "Code authentication is required"
- },
- "properties": {
- "code": {
- "enum": [
- 403
- ],
- "type": "integer"
- },
- "label": {
- "enum": [
- "code-authentication-required",
- "code-authentication-failed"
- ],
- "type": "string"
- },
- "message": {
- "type": "string"
- }
- },
- "required": [
- "code",
- "label",
- "message"
- ],
- "type": "object"
- }
- }
- },
- "description": "Code authentication is required (label: `code-authentication-required`)\n\nCode authentication failed (label: `code-authentication-failed`)"
- }
- }
- }
- },
- "/scim/auth-tokens/{id}": {
- "put": {
- "description": " [internal route ID: \"auth-tokens-put-name\"]\n\n",
- "operationId": "auth-tokens-put-name",
- "parameters": [
- {
- "in": "path",
- "name": "id",
- "required": true,
- "schema": {
- "format": "uuid",
- "type": "string"
- }
- }
- ],
+ "description": " [internal route ID: \"auth-tokens-create@v7\"]\n\n",
+ "operationId": "auth-tokens-create@v7",
"requestBody": {
"content": {
"application/json;charset=utf-8": {
"schema": {
- "$ref": "#/components/schemas/ScimTokenName"
+ "$ref": "#/components/schemas/CreateScimTokenV7"
}
}
},
@@ -22295,10 +22167,7 @@
"content": {
"application/json;charset=utf-8": {
"schema": {
- "example": [],
- "items": {},
- "maxItems": 0,
- "type": "array"
+ "$ref": "#/components/schemas/CreateScimTokenResponseV7"
}
}
},
diff --git a/services/spar/src/Spar/API.hs b/services/spar/src/Spar/API.hs
index 2a59a3cc6c3..ff2f3226b23 100644
--- a/services/spar/src/Spar/API.hs
+++ b/services/spar/src/Spar/API.hs
@@ -208,6 +208,7 @@ apiIDP =
Named @"idp-get" idpGet -- get, json, captures idp id
:<|> Named @"idp-get-raw" idpGetRaw -- get, raw xml, capture idp id
:<|> Named @"idp-get-all" idpGetAll -- get, json
+ :<|> Named @"idp-create@v7" idpCreateV7
:<|> Named @"idp-create" idpCreate -- post, created
:<|> Named @"idp-update" idpUpdate -- put, okay
:<|> Named @"idp-delete" idpDelete -- delete, no content
@@ -469,26 +470,6 @@ idpDelete mbzusr idpid (fromMaybe False -> purge) = withDebugLog "idpDelete" (co
mUserIssuer <- (>>= userIssuer) <$> getAccount NoPendingInvitations uid
pure $ mUserIssuer == Just idpIssuer
--- | This handler only does the json parsing, and leaves all authorization checks and
--- application logic to 'idpCreateXML'.
-idpCreate ::
- ( Member Random r,
- Member (Logger String) r,
- Member GalleyAccess r,
- Member BrigAccess r,
- Member ScimTokenStore r,
- Member IdPRawMetadataStore r,
- Member IdPConfigStore r,
- Member (Error SparError) r
- ) =>
- Maybe UserId ->
- IdPMetadataInfo ->
- Maybe SAML.IdPId ->
- Maybe WireIdPAPIVersion ->
- Maybe (Range 1 32 Text) ->
- Sem r IdP
-idpCreate zusr (IdPMetadataValue raw xml) = idpCreateXML zusr raw xml
-
-- | We generate a new UUID for each IdP used as IdPConfig's path, thereby ensuring uniqueness.
--
-- The human-readable name argument `mHandle` is guaranteed to be unique for historical
@@ -499,7 +480,7 @@ idpCreate zusr (IdPMetadataValue raw xml) = idpCreateXML zusr raw xml
-- Related docs:
-- (on associating scim peers with idps) https://docs.wire.com/understand/single-sign-on/understand/main.html#associating-scim-tokens-with-saml-idps-for-authentication
-- (internal) https://wearezeta.atlassian.net/wiki/spaces/PAD/pages/1107001440/2024-03-27+scim+user+provisioning+and+saml2+sso+associating+scim+peers+and+saml2+idps
-idpCreateXML ::
+idpCreate ::
( Member Random r,
Member (Logger String) r,
Member GalleyAccess r,
@@ -510,13 +491,12 @@ idpCreateXML ::
Member (Error SparError) r
) =>
Maybe UserId ->
- Text ->
- SAML.IdPMetadata ->
+ IdPMetadataInfo ->
Maybe SAML.IdPId ->
Maybe WireIdPAPIVersion ->
Maybe (Range 1 32 Text) ->
Sem r IdP
-idpCreateXML zusr rawIdpMetadata idpmeta mReplaces (fromMaybe defWireIdPAPIVersion -> apiversion) mHandle = withDebugLog "idpCreateXML" (Just . show . (^. SAML.idpId)) $ do
+idpCreate zusr (IdPMetadataValue rawIdpMetadata idpmeta) mReplaces (fromMaybe defWireIdPAPIVersion -> apiversion) mHandle = withDebugLog "idpCreateXML" (Just . show . (^. SAML.idpId)) $ do
teamid <- Brig.getZUsrCheckPerm zusr CreateUpdateDeleteIdp
GalleyAccess.assertSSOEnabled teamid
idp <-
@@ -528,6 +508,44 @@ idpCreateXML zusr rawIdpMetadata idpmeta mReplaces (fromMaybe defWireIdPAPIVersi
IdPConfigStore.setReplacedBy (Replaced replaces) (Replacing (idp ^. SAML.idpId))
pure idp
+idpCreateV7 ::
+ ( Member Random r,
+ Member (Logger String) r,
+ Member GalleyAccess r,
+ Member BrigAccess r,
+ Member ScimTokenStore r,
+ Member IdPConfigStore r,
+ Member IdPRawMetadataStore r,
+ Member (Error SparError) r
+ ) =>
+ Maybe UserId ->
+ IdPMetadataInfo ->
+ Maybe SAML.IdPId ->
+ Maybe WireIdPAPIVersion ->
+ Maybe (Range 1 32 Text) ->
+ Sem r IdP
+idpCreateV7 zusr idpmeta mReplaces mApiversion mHandle = do
+ teamid <- Brig.getZUsrCheckPerm zusr CreateUpdateDeleteIdp
+ assertNoScimOrNoIdP teamid
+ idpCreate zusr idpmeta mReplaces mApiversion mHandle
+ where
+ -- In teams with a scim access token, only one IdP is allowed. The reason is that scim user
+ -- data contains no information about the idp issuer, only the user name, so no valid saml
+ -- credentials can be created. Only relevant for api versions 0..6.
+ assertNoScimOrNoIdP ::
+ ( Member ScimTokenStore r,
+ Member (Error SparError) r,
+ Member IdPConfigStore r
+ ) =>
+ TeamId ->
+ Sem r ()
+ assertNoScimOrNoIdP teamid = do
+ numTokens <- length <$> ScimTokenStore.lookupByTeam teamid
+ numIdps <- length <$> IdPConfigStore.getConfigsByTeam teamid
+ when (numTokens > 0 && numIdps > 0) $
+ throwSparSem $
+ SparProvisioningMoreThanOneIdP ScimTokenAndSecondIdpForbidden
+
-- | Check that issuer is not used anywhere in the system ('WireIdPAPIV1', here it is a
-- database key for finding IdPs), or anywhere in this team ('WireIdPAPIV2'), that request
-- URI is https, that the replacement IdPId, if present, points to our team, and possibly
diff --git a/services/spar/src/Spar/Scim/Auth.hs b/services/spar/src/Spar/Scim/Auth.hs
index 944c2afc3ff..f8b10293115 100644
--- a/services/spar/src/Spar/Scim/Auth.hs
+++ b/services/spar/src/Spar/Scim/Auth.hs
@@ -100,11 +100,11 @@ apiScimToken ::
) =>
ServerT APIScimToken (Sem r)
apiScimToken =
- Named @"auth-tokens-create@v6" createScimTokenV6
+ Named @"auth-tokens-create@v7" createScimTokenV7
:<|> Named @"auth-tokens-create" createScimToken
:<|> Named @"auth-tokens-put-name" updateScimTokenName
:<|> Named @"auth-tokens-delete" deleteScimToken
- :<|> Named @"auth-tokens-list@v6" listScimTokensV6
+ :<|> Named @"auth-tokens-list@v7" listScimTokensV7
:<|> Named @"auth-tokens-list" listScimTokens
updateScimTokenName ::
@@ -124,7 +124,7 @@ updateScimTokenName lusr tokenId name = do
-- | > docs/reference/provisioning/scim-token.md {#RefScimTokenCreate}
--
-- Create a token for user's team.
-createScimTokenV6 ::
+createScimTokenV7 ::
forall r.
( Member Random r,
Member (Input Opts) r,
@@ -139,26 +139,25 @@ createScimTokenV6 ::
Maybe UserId ->
-- | Request body
CreateScimToken ->
- Sem r CreateScimTokenResponseV6
-createScimTokenV6 zusr createTok = do
+ Sem r CreateScimTokenResponseV7
+createScimTokenV7 zusr createTok = do
teamid <- guardScimTokenCreation zusr createTok.password createTok.verificationCode
idps <- IdPConfigStore.getConfigsByTeam teamid
mIdpId <- case idps of
[config] -> pure . Just $ config ^. SAML.idpId
[] -> pure Nothing
-- NB: if we ever were to allow several idps for one scim peer (which we won't),
- -- 'validateScimUser' would need to be changed. currently, it relies on the fact that
- -- there is never more than one IdP.
- -- https://wearezeta.atlassian.net/browse/SQSERVICES-165
+ -- 'validateScimUser' would need to be changed. currently, it relies on the association
+ -- map from scim to saml being n:1.
(_ : _ : _) -> throwSparSem $ E.SparProvisioningMoreThanOneIdP E.TwoIdpsAndScimTokenForbidden
- responseToV6 <$> createScimTokenUnchecked teamid Nothing createTok.description mIdpId
+ responseToV7 <$> createScimTokenUnchecked teamid Nothing createTok.description mIdpId
where
- responseToV6 :: CreateScimTokenResponse -> CreateScimTokenResponseV6
- responseToV6 (CreateScimTokenResponse token info) = CreateScimTokenResponseV6 token (infoToV6 info)
+ responseToV7 :: CreateScimTokenResponse -> CreateScimTokenResponseV7
+ responseToV7 (CreateScimTokenResponse token info) = CreateScimTokenResponseV7 token (infoToV7 info)
- infoToV6 :: ScimTokenInfo -> ScimTokenInfoV6
- infoToV6 ScimTokenInfo {..} = ScimTokenInfoV6 {..}
+ infoToV7 :: ScimTokenInfo -> ScimTokenInfoV7
+ infoToV7 ScimTokenInfo {..} = ScimTokenInfoV7 {..}
-- | Create a token for the user's team.
--
@@ -255,7 +254,7 @@ deleteScimToken zusr tokenid = do
ScimTokenStore.delete teamid tokenid
pure NoContent
-listScimTokensV6 ::
+listScimTokensV7 ::
( Member GalleyAccess r,
Member BrigAccess r,
Member ScimTokenStore r,
@@ -263,14 +262,14 @@ listScimTokensV6 ::
) =>
-- | Who is trying to list tokens
Maybe UserId ->
- Sem r ScimTokenListV6
-listScimTokensV6 zusr = toV6 <$> listScimTokens zusr
+ Sem r ScimTokenListV7
+listScimTokensV7 zusr = toV7 <$> listScimTokens zusr
where
- toV6 :: ScimTokenList -> ScimTokenListV6
- toV6 (ScimTokenList tokens) = ScimTokenListV6 $ map infoToV6 tokens
+ toV7 :: ScimTokenList -> ScimTokenListV7
+ toV7 (ScimTokenList tokens) = ScimTokenListV7 $ map infoToV7 tokens
- infoToV6 :: ScimTokenInfo -> ScimTokenInfoV6
- infoToV6 ScimTokenInfo {..} = ScimTokenInfoV6 {..}
+ infoToV7 :: ScimTokenInfo -> ScimTokenInfoV7
+ infoToV7 ScimTokenInfo {..} = ScimTokenInfoV7 {..}
-- | > docs/reference/provisioning/scim-token.md {#RefScimTokenList}
--
diff --git a/services/spar/test-integration/Test/Spar/Scim/AuthSpec.hs b/services/spar/test-integration/Test/Spar/Scim/AuthSpec.hs
index a2402ee087f..4e5f5b68aba 100644
--- a/services/spar/test-integration/Test/Spar/Scim/AuthSpec.hs
+++ b/services/spar/test-integration/Test/Spar/Scim/AuthSpec.hs
@@ -93,7 +93,7 @@ testCreateToken = do
-- Create a token
(owner, _tid) <- call $ createUserWithTeam (env ^. teBrig) (env ^. teGalley)
_ <- registerTestIdP owner
- CreateScimTokenResponseV6 token _ <-
+ CreateScimTokenResponseV7 token _ <-
createToken
owner
CreateScimToken
@@ -133,7 +133,7 @@ testCreateTokenWithVerificationCode = do
void $ retryNUntil 6 ((==) 200 . statusCode) $ requestVerificationCode (env ^. teBrig) email Public.CreateScimToken
code <- getVerificationCode (env ^. teBrig) owner Public.CreateScimToken
let reqWithCode = CreateScimToken "testCreateToken" (Just defPassword) (Just code) Nothing Nothing
- CreateScimTokenResponseV6 token _ <- createToken owner reqWithCode
+ CreateScimTokenResponseV7 token _ <- createToken owner reqWithCode
-- Try to do @GET /Users@ and check that it succeeds
let fltr = filterBy "externalId" "67c196a0-cd0e-11ea-93c7-ef550ee48502"
@@ -422,7 +422,7 @@ testDeletedTokensAreUnusable = do
-- Create a token
(owner, _teamId) <- call $ createUserWithTeam (env ^. teBrig) (env ^. teGalley)
_ <- registerTestIdP owner
- CreateScimTokenResponseV6 token tokenInfo <-
+ CreateScimTokenResponseV7 token tokenInfo <-
createToken
owner
CreateScimToken
@@ -449,7 +449,7 @@ testDeletedTokensAreUnlistable = do
env <- ask
(owner, _teamId) <- call $ createUserWithTeam (env ^. teBrig) (env ^. teGalley)
_ <- registerTestIdP owner
- CreateScimTokenResponseV6 _ tokenInfo <-
+ CreateScimTokenResponseV7 _ tokenInfo <-
createToken
owner
CreateScimToken
diff --git a/services/spar/test-integration/Util/Scim.hs b/services/spar/test-integration/Util/Scim.hs
index b99ddec4ca3..acfad1fe0a2 100644
--- a/services/spar/test-integration/Util/Scim.hs
+++ b/services/spar/test-integration/Util/Scim.hs
@@ -338,7 +338,7 @@ createToken ::
(HasCallStack) =>
UserId ->
CreateScimToken ->
- TestSpar CreateScimTokenResponseV6
+ TestSpar CreateScimTokenResponseV7
createToken zusr payload = do
env <- ask
r <-
diff --git a/services/spar/test/Arbitrary.hs b/services/spar/test/Arbitrary.hs
index b9d3f0de56a..812ef45da1b 100644
--- a/services/spar/test/Arbitrary.hs
+++ b/services/spar/test/Arbitrary.hs
@@ -50,8 +50,8 @@ instance Arbitrary ScimTokenHash where
instance Arbitrary ScimTokenList where
arbitrary = ScimTokenList <$> arbitrary
-instance Arbitrary ScimTokenListV6 where
- arbitrary = ScimTokenListV6 <$> arbitrary
+instance Arbitrary ScimTokenListV7 where
+ arbitrary = ScimTokenListV7 <$> arbitrary
instance Arbitrary ScimTokenName where
arbitrary = ScimTokenName <$> arbitrary