Skip to content
Snippets Groups Projects
Commit e09a816c authored by Jio Castillo's avatar Jio Castillo Committed by Steve Abrams
Browse files

Add API endpoint to get single SAML/SCIM identity

Changelog: added
EE: true
parent 3847448a
No related branches found
No related tags found
2 merge requests!123591Add API endpoint to get single SAML/SCIM identity,!119439Draft: Prevent file variable content expansion in downstream pipeline
......@@ -22,7 +22,7 @@ Supported attributes:
| Attribute | Type | Required | Description |
|:------------------|:--------|:---------|:----------------------|
| `id` | integer | Yes | Group ID for the group to return SAML identities. |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
If successful, returns [`200`](rest/index.md#status-codes) and the following
response attributes:
......@@ -49,6 +49,36 @@ Example response:
]
```
## Get a single SAML identity
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123591) in GitLab 16.1.
```plaintext
GET /groups/:id/saml/:uid
```
Supported attributes:
| Attribute | Type | Required | Description |
| --------- | -------------- | -------- | ------------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
| `uid` | string | yes | External UID of the user. |
Example request:
```shell
curl --location --request GET "https://gitlab.example.com/api/v4/groups/33/saml/sydney_jones" --header "<PRIVATE TOKEN>"
```
Example response:
```json
{
"extern_uid": "4",
"user_id": 48
}
```
## Update `extern_uid` field for a SAML identity
Update `extern_uid` field for a SAML identity:
......@@ -58,13 +88,14 @@ Update `extern_uid` field for a SAML identity:
| `id/externalId` | `extern_uid` |
```plaintext
PATCH groups/:groups_id/saml/:uid
PATCH /groups/:id/saml/:uid
```
Parameters:
Supported attributes:
| Attribute | Type | Required | Description |
| --------- | ------ | -------- | ------------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
| `uid` | string | yes | External UID of the user. |
Example request:
......
......@@ -28,7 +28,7 @@ Supported attributes:
| Attribute | Type | Required | Description |
|:------------------|:--------|:---------|:----------------------|
| `id` | integer | Yes | Return SCIM identities for the given group ID. |
| `id` | integer/string | Yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
If successful, returns [`200`](rest/index.md#status-codes) and the following
response attributes:
......@@ -58,6 +58,37 @@ curl --location --request GET "https://gitlab.example.com/api/v4/groups/33/scim/
--header "PRIVATE-TOKEN: <PRIVATE-TOKEN>"
```
## Get a single SCIM identity
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/123591) in GitLab 16.1.
```plaintext
GET /groups/:id/scim/:uid
```
Supported attributes:
| Attribute | Type | Required | Description |
| --------- | ------- | -------- | ------------------------- |
| `id` | integer | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
| `uid` | string | yes | External UID of the user. |
Example request:
```shell
curl --location --request GET "https://gitlab.example.com/api/v4/groups/33/scim/sydney_jones" --header "<PRIVATE TOKEN>"
```
Example response:
```json
{
"extern_uid": "4",
"user_id": 48,
"active": true
}
```
## Update `extern_uid` field for a SCIM identity
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/227841) in GitLab 15.5.
......@@ -76,6 +107,7 @@ Parameters:
| Attribute | Type | Required | Description |
| --------- | ------ | -------- | ------------------------- |
| `id` | integer/string | yes | The ID or [URL-encoded path of the group](rest/index.md#namespaced-path-encoding) |
| `uid` | string | yes | External UID of the user. |
Example request:
......
......@@ -31,6 +31,21 @@ class ProviderIdentity < ::API::Base
end
end
desc 'Get a single identity for a user' do
success EE::API::Entities::IdentityDetail
end
params do
requires :uid, type: String, desc: 'External UID of the user'
end
get ':uid', format: false, requirements: { uid: API::NO_SLASH_URL_PART_REGEX } do
group = find_group(params[:id])
identity = find_provider_identity(provider_type, params[:uid], group)
not_found!('Identity') unless identity
present identity, with: EE::API::Entities::IdentityDetail
end
desc 'Update extern_uid for the user' do
success EE::API::Entities::IdentityDetail
end
......
......@@ -6,6 +6,7 @@
include ApiHelpers
let_it_be(:owner) { create(:user) }
let_it_be(:maintainer) { create(:user) }
let_it_be(:guest_user_1) { create(:user) }
let_it_be(:guest_user_2) { create(:user) }
let(:current_user) { nil }
......@@ -14,6 +15,7 @@
group = create(:group)
group.add_guest(guest_user_1)
group.add_guest(guest_user_2)
group.add_maintainer(maintainer)
group.add_owner(owner)
group
end
......@@ -61,7 +63,7 @@
subject(:get_identities) { get api("/groups/#{group.id}/#{provider_type}/identities", current_user) }
context "when user is not a group owner" do
let(:current_user) { guest_user_1 }
let(:current_user) { maintainer }
it "throws unauthorized error" do
get_identities
......@@ -101,6 +103,40 @@
end
end
context "when GET identity" do
subject(:get_identity) do
get api("/groups/#{group.id}/#{provider_type}/#{provider_extern_uid_1}", current_user)
end
context "when user is not a group owner" do
let(:current_user) { maintainer }
it "throws unauthorized error" do
get_identity
expect(response).to have_gitlab_http_status(:forbidden)
end
end
context "when user is group owner" do
let(:current_user) { owner }
it "returns the identity" do
get_identity
if identity_type == ScimIdentity
expect(json_response).to match(
a_hash_including("extern_uid" => provider_extern_uid_1, "user_id" => guest_user_1.id, "active" => true)
)
else
expect(json_response).to match(
a_hash_including("extern_uid" => provider_extern_uid_1, "user_id" => guest_user_1.id)
)
end
end
end
end
context "when PATCH uid" do
subject(:patch_identities) do
patch api("/groups/#{group.id}/#{provider_type}/#{uid}", current_user),
......@@ -109,7 +145,7 @@
context "when user is not a group owner" do
let(:uid) { provider_extern_uid_1 }
let(:current_user) { guest_user_1 }
let(:current_user) { maintainer }
let(:extern_uid) { 'updated_uid' }
it "throws forbidden error" do
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment