diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java
index 770b15215a1..546bdf66494 100644
--- a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java
+++ b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpoints.java
@@ -385,8 +385,7 @@ public ScimGroup updateGroup(@RequestBody ScimGroup group, @PathVariable String
}
}
- @RequestMapping(value = { "/Group/{groupId}", "/Groups/{groupId}" },
- method = RequestMethod.PATCH)
+ @RequestMapping(value = { "/Groups/{groupId}" }, method = RequestMethod.PATCH)
@ResponseBody
public ScimGroup patchGroup(@RequestBody ScimGroup patch, @PathVariable
String groupId,
diff --git a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml
index a8d9d7e56ae..945e6063fdb 100644
--- a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml
+++ b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml
@@ -143,6 +143,7 @@
+
diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java
index d2777fae0e3..f5f503ef204 100644
--- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java
+++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java
@@ -75,8 +75,11 @@
import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.patch;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
+import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import static org.springframework.util.StringUtils.hasText;
@@ -122,7 +125,7 @@ public void setUp() throws Exception {
"clients.read clients.write clients.secret clients.admin");
clientId = generator.generate().toLowerCase();
clientSecret = generator.generate().toLowerCase();
- String authorities = "scim.read,scim.write,password.write,oauth.approvals,scim.create";
+ String authorities = "scim.read,scim.write,password.write,oauth.approvals,scim.create,other.scope";
utils().createClient(this.getMockMvc(), adminToken, clientId, clientSecret, Collections.singleton("oauth"), Arrays.asList("foo","bar","scim.read"), Arrays.asList("client_credentials", "password"), authorities);
scimReadToken = testClient.getClientCredentialsOAuthAccessToken(clientId, clientSecret,"scim.read password.write");
scimWriteToken = testClient.getClientCredentialsOAuthAccessToken(clientId, clientSecret,"scim.write password.write");
@@ -1138,6 +1141,35 @@ public void delete_nonexistent_user() throws Exception {
.andExpect(status().isNotFound());
}
+ @Test
+ public void patch_has_one_path() throws Exception {
+ getMockMvc().perform(
+ patch("/Group/groupId/members")
+ .header("Authorization", "Bearer " + scimWriteToken)
+ .header("Content-Type", APPLICATION_JSON_VALUE)
+ )
+ .andDo(print())
+ .andExpect(status().isFound()) //gets caught by the ui filter for unknown URIs
+ .andExpect(redirectedUrl("http://localhost/login"));
+ }
+
+ @Test
+ public void add_member_bad_token() throws Exception {
+ ScimUser user = createUserAndAddToGroups(IdentityZone.getUaa(), Collections.EMPTY_SET);
+ String groupId = getGroupId("scim.read");
+ String anyOldToken = testClient.getClientCredentialsOAuthAccessToken(clientId, clientSecret,"other.scope");
+
+ ScimGroupMember scimGroupMember = new ScimGroupMember(user.getId(), ScimGroupMember.Type.USER, Arrays.asList(ScimGroupMember.Role.MEMBER, ScimGroupMember.Role.READER));
+
+ MockHttpServletRequestBuilder post = post("/Groups/" + groupId + "/members")
+ .header("Authorization", "Bearer " + anyOldToken)
+ .header("Content-Type", APPLICATION_JSON_VALUE)
+ .content(JsonUtils.writeValueAsString(scimGroupMember));
+ getMockMvc().perform(post)
+ .andExpect(status().isForbidden());
+
+ }
+
@Test
public void add_member_to_nonexistent_group() throws Exception {
ScimUser user = createUserAndAddToGroups(IdentityZone.getUaa(), Collections.EMPTY_SET);