Skip to content

Latest commit

 

History

History
185 lines (106 loc) · 11 KB

CHANGELOG.md

File metadata and controls

185 lines (106 loc) · 11 KB
Raw

2.7.2 (2024-03-27)

Fixes:

  • The implementation of non-returned SCIM fields turned out to inadvertently prevent their subsequent update (so SCIM updates to e.g. passwords would fail); fixed 105 and (in passing) 6, via 109 - thanks to @xjunior
  • The case-insensitive, String or Symbol access Hash class documented itself as preserving case but did not, reported in 98, also via 109 - thanks to @s-andringa

2.7.1 (2024-01-16)

Fixes:

  • Some dependency chain gems have stopped supporting Ruby 2.7, so a Gemfile.lock for local development generated under Ruby 3 does not work under Ruby 2.7. Solved by removing Gemfile.lock entirely, so that an errant Nokogiri lock in scimitar.gemspec used previously as a workaround could also be removed.

2.7.0 (2024-01-15)

Warning:

  • The default type value of work in the address complex type has been removed, in line with all other comparable complex types, via 87 / 92 - thanks to @s-andringa.
  • This is unlikely to break client code but there is a small chance of issues if you relied upon the default. Please check your implementation if at all concerned. It doesn't seem risky enough to force a major version bump to comply with semantic versioning.

Features:

  • Allow a block to be passed to Scimitar::ActiveRecordBackedResourcesController#create, #update and #replace. This behaves in a manner analogous to passing a block to Scimitar::ActiveRecordBackedResourcesController#destroy, wherein the block implementation becomes responsible for destroying the record the block is given; in the case of #create, #update and #replace, the block is passed the new or updated record and is responsible for persisting it.

Fixes:

  • Fix for Microsoft SCIM Validator; pathless replace operations can use dot-path notation in the value section, via 69 - thanks to @wooly
  • Basic and token authentication blocks now operate in the context of the application's controller, via 88 - thanks to @tejanium
  • Exception handling for records during saving is improved and extensible, via 91

Maintenance:

  • Bump local development Ruby to v3.3.0, including it in the test matrix and in effect creating "official" support for that Ruby version.

2.6.1 (2023-11-15)

  • Always returns a Content-Type header with value application/scim+json; charset=utf-8 in any response, since that's the only format the gem can write. Fixes #59.
  • Uses the more common header name form of WWW-Authenticate rather than the Rack-like WWW_AUTHENTICATE in responses.

2.6.0 (2023-11-14)

Features:

  • Schema location URLs are generated by the controller, making overrides simpler, via #71 - thanks to @s-andringa
  • A block can be passed to ActiveRecordBackedResourcesController#save!, making it easier to override with custom behaviour since you won't have to worry about things like uniqueness constraint exceptions, via #73 - thanks to @s-andringa
  • Those who want an invariant local testing setup can now consider using Docker via #77 - thanks to @osingaatje

Fixes:

  • Multi-valued simple types are now correctly rendered via 74 - thanks to @s-andringa
  • Sensitive fields are no longer rendered (fixes #56 via #80 - thanks to @kuldeepaggarwal.

2.5.0 (2023-09-25)

Many thanks to @xjunior, who contributed a series of improvements and fixes present in this version. New features:

  • Allow writable complex types in custom extensions via #61
  • Allow complex queries via table joins via #62

Fixes:

  • Much better error message raised if PatchOp misses operations in #65
  • Combined logical groups generate working queries with #66

2.4.3 (2023-09-16)

  • Maintenance release which merges a warning removal patch in #54 (thanks to @sobrinho for the contribution) via #63 and it is the changes in the latter which are brought into Scimitar V2 to keep a minimal overall diff between the V1 and V2.

2.4.2 (2023-03-21)

  • Fix shortcoming in Content-Type header handling via #51. Thanks to @Flixt for the contribution.

2.4.1 (2023-03-02)

  • Address #48 by adapting #49, so that extension schemas work properly. Missing documentation in README.md addressed. Thanks to @bettysteger and @MorrisFreeman for the contribution.

2.4.0 (2023-01-27)

  • Address #43 - allows Microsoft-style payloads for removing Users from Groups, with a special case exception for hypothetical inbound SCIM calls originating from Salesforce software. For more details of the fix, please see #45.

2.3.0 (2023-01-17)

  • Address #35. Declaring primary key in the ActiveRecord model would solve most of the problems described, but v2.2.0 did introduce a default order clause that would trip up a model with a different primary key name; this is now fixed. In any case, it may be possible to avoid declaring the primary key override in the model entirely if using Scimitar v2.3.0, should that be your wish. This is in effect an edge case new feature, which is why the gem's minor version has been bumped up.

2.2.0 (2023-01-13)

  • Bump local development Ruby to v3.2.0, including it in the test matrix and in effect creating "official" support for that Ruby version.

2.1.3 (2023-01-09)

  • Fix #36 - filters are case-sensitive for special cases of id, externalId and meta.* attributes. A model must still declare if and how these are searchable via its ::scim_queryable_attributes implementation, just as with any other attribute.

2.1.2 (2023-01-09)

  • Fix #37 - filters now correctly support case insensitive attribute names.

2.1.1 (2022-11-04)

  • Merged #29, fixing an issue caused by an unhandled form of payload sent by Okta. Thanks to @jasonopslevel for the contribution.

2.1.0 (2022-07-14)

  • Merged #17 (more detailed errors), #18 (primary attribute added to Address schema) and #19 (configurable required-or-optional value attributes in VDTP-derived types). Thanks for the contributions, @pelted!
  • Noted closed PR #25 and implemented a configurable exception reporting hook for people who might want that kind of feature. See engine configuration option exception_reporter for details.

2.0.2 (2022-06-15)

  • Address #20 by better handling content type in requests:

    • Since MicrosoftDocs/azure-docs#94189 (comment) indicates that no header is sent for GET methods while a correct header is sent for others; that is inline with the RFC and we should handle a lack of content type in the GET case. This was not the case in Scimitar v2.0.1 and earlier.
    • Ultimately we must expect attackers to send junk data in attempts to find vulnerabilities in JSON parsing, so the header presence can't really be trusted and the JSON parser must simply be robust. As a result, this patch version of the gem will assume an application/scim+json content type for any inbound request that specifies no other type, regardless of HTTP method used. Requests are only rejected if a Content-Type header explicitly states that the content is of some unsupported type.

2.0.1 (2022-04-20)

  • Merges #15 from AbeerKhakwani, fixing an issue with AD and the Meta object.

2.0.0 (2022-03-04)

  • Requires Rails 7. Supports Ruby 3, but still works on 2.7.

Upgrading from Scimitar 1.x.y

  • Your config/initializers/scimitar.rb might need to be enclosed within a Rails.application.config.to_prepare do... block to avoid NameError: uninitialized constant... exceptions arising due to autoloader problems:

    Rails.application.config.to_prepare do
  Scimitar.engine_configuration = Scimitar::EngineConfiguration.new({
    # ...
  end
end

  • If you use Scimitar::Errors#add_errors_from_hash, note that the previously-unnamed first parameter is now explicitly named errors_hash. This avoids potential ambiguity and confusion/errors with Ruby 3's more strict rules for named parameter and hash mixtures in both method definitions and method calls. For example:

    # Old code...
user.add_errors_from_hash(key: 'some key')
# ...becomes:
user.add_errors_from_hash(errors_hash: {key: 'some key'})

# Old code...
user.add_errors_from_hash({key: 'some key'}, prefix: 'some prefix')
# ...becomes:
user.add_errors_from_hash(errors_hash: {key: 'some key'}, prefix: 'some prefix')

1.3.1 (2022-11-04)

  • Back-ports features from v2.1.1 for Rails 6 users.

1.3.0 (2022-07-14)

  • Back-ports features from v2.1.0 for Rails 6 users.

1.2.1 (2022-06-15)

  • Back-ports fixes from v2.0.1 and v2.0.2 for Rails 6 users.

1.2.0 (2021-09-27)

  • Updated for RIPA branding.
  • Ruby and gem version maintenance updates.

1.1.0 (2021-09-15)

  • Implement case insensitivity for attributes (fixes issue #7).

1.0.3 (2020-03-24)

  • More robust path filter parsing for PATCH operations; previously, a path filter such as value eq "Something With Spaces" would have been rejected.

1.0.2 (2020-03-24)

  • Add Travis support for CI.
  • Adjust scimitar.gemspec a bit more for CI and now that we're public in RubyGems, with a Gemfile.lock bump on Scimitar itself (overlooked in 1.0.1).

1.0.1 (2020-03-24)

  • Added source code link to scimitar.gemspec metadata for RubyGems.

1.0.0 (2020-03-24)

  • Initial public release.