scim-server 0.4.0

A comprehensive SCIM 2.0 server library for Rust with multi-tenant support and type-safe operations
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224

//! Schema registry for loading, managing, and accessing SCIM schemas.
//!
//! This module provides the SchemaRegistry which handles schema loading from files,
//! schema management, and provides access to registered schemas for validation.

use super::{
    embedded,
    types::{AttributeDefinition, AttributeType, Schema},
};

use chrono::{DateTime, FixedOffset};
use serde_json::Value;
use std::collections::HashMap;
use std::fs;
use std::path::Path;

/// Registry for SCIM schemas with validation capabilities.
///
/// The schema registry manages all available schemas and provides validation
/// services for resources. For the MVP, it contains only the hardcoded core User schema.
#[derive(Debug, Clone)]
pub struct SchemaRegistry {
    core_user_schema: Schema,
    core_group_schema: Schema,
    schemas: HashMap<String, Schema>,
}

impl SchemaRegistry {
    /// Create a new schema registry with embedded core schemas.
    ///
    /// This method uses the schemas embedded in the library and doesn't require
    /// external schema files. For loading schemas from files, use `from_schema_dir()`.
    pub fn new() -> Result<Self, Box<dyn std::error::Error>> {
        Self::with_embedded_schemas()
    }

    /// Create a new schema registry with embedded core schemas.
    ///
    /// This method uses the schemas embedded in the library and doesn't require
    /// external schema files. This is the recommended method for schema discovery
    /// functionality as it works without any file dependencies.
    pub fn with_embedded_schemas() -> Result<Self, Box<dyn std::error::Error>> {
        let core_user_schema = Self::load_schema_from_str(embedded::core_user_schema())?;
        let core_group_schema = Self::load_schema_from_str(embedded::core_group_schema())?;

        let mut schemas = HashMap::new();
        schemas.insert(core_user_schema.id.clone(), core_user_schema.clone());
        schemas.insert(core_group_schema.id.clone(), core_group_schema.clone());

        Ok(Self {
            core_user_schema,
            core_group_schema,
            schemas,
        })
    }

    /// Create a schema registry by loading schemas from a directory.
    pub fn from_schema_dir<P: AsRef<Path>>(
        schema_dir: P,
    ) -> Result<Self, Box<dyn std::error::Error>> {
        let user_schema_path = schema_dir.as_ref().join("User.json");
        let core_user_schema = Self::load_schema_from_file(&user_schema_path)?;

        let group_schema_path = schema_dir.as_ref().join("Group.json");
        let core_group_schema = Self::load_schema_from_file(&group_schema_path)?;

        let mut schemas = HashMap::new();
        schemas.insert(core_user_schema.id.clone(), core_user_schema.clone());
        schemas.insert(core_group_schema.id.clone(), core_group_schema.clone());

        Ok(Self {
            core_user_schema,
            core_group_schema,
            schemas,
        })
    }

    /// Load a schema from a JSON file.
    fn load_schema_from_file<P: AsRef<Path>>(
        path: P,
    ) -> Result<Schema, Box<dyn std::error::Error>> {
        let content = fs::read_to_string(&path)?;
        Self::load_schema_from_str(&content)
    }

    /// Load a schema from a JSON string.
    fn load_schema_from_str(content: &str) -> Result<Schema, Box<dyn std::error::Error>> {
        let mut schema: Schema = serde_json::from_str(content)?;

        // Convert JSON schema format to internal format
        Self::convert_json_schema(&mut schema);

        Ok(schema)
    }

    /// Convert JSON schema format to internal AttributeDefinition format.
    fn convert_json_schema(schema: &mut Schema) {
        for attr in &mut schema.attributes {
            Self::convert_attribute_definition(attr);
        }
    }

    /// Convert a single attribute definition from JSON format.
    fn convert_attribute_definition(attr: &mut AttributeDefinition) {
        // Convert data type from string to enum
        // This is handled by serde deserialization

        // Process sub-attributes recursively
        for sub_attr in &mut attr.sub_attributes {
            Self::convert_attribute_definition(sub_attr);
        }
    }

    /// Get all available schemas.
    pub fn get_schemas(&self) -> Vec<&Schema> {
        self.schemas.values().collect()
    }

    /// Get a specific schema by ID.
    pub fn get_schema(&self, id: &str) -> Option<&Schema> {
        self.schemas.get(id)
    }

    /// Get the core User schema.
    pub fn get_user_schema(&self) -> &Schema {
        &self.core_user_schema
    }

    /// Get the core Group schema.
    pub fn get_group_schema(&self) -> &Schema {
        &self.core_group_schema
    }

    /// Add a schema to the registry.
    pub fn add_schema(&mut self, schema: Schema) -> Result<(), Box<dyn std::error::Error>> {
        self.schemas.insert(schema.id.clone(), schema);
        Ok(())
    }

    /// Get a schema by ID.
    pub fn get_schema_by_id(&self, schema_id: &str) -> Option<&Schema> {
        self.schemas.get(schema_id)
    }

    /// Validate datetime format using chrono for full RFC3339 compliance
    ///
    /// This leverages chrono's well-tested RFC3339 parser, which provides:
    /// - Full semantic validation (no invalid dates like Feb 30th)
    /// - Proper timezone handling (+/-HH:MM, Z)
    /// - Millisecond precision support
    /// - Leap second awareness
    ///
    /// By using chrono, we avoid reimplementing complex datetime validation
    /// and get specification-compliant parsing for free.
    pub(super) fn is_valid_datetime_format(&self, value: &str) -> bool {
        if value.is_empty() {
            return false;
        }

        // Delegate to chrono's RFC3339 parser - it's well-tested and handles all edge cases
        DateTime::<FixedOffset>::parse_from_rfc3339(value).is_ok()
    }

    /// Validate base64 encoding (basic character set validation)
    ///
    /// This performs basic character set validation for base64 data.
    /// For production use, consider using a dedicated base64 crate like `base64`
    /// for proper padding validation and decode verification.
    pub(super) fn is_valid_base64(&self, value: &str) -> bool {
        if value.is_empty() {
            return false;
        }

        // Basic character set validation - sufficient for type checking
        // Note: Doesn't validate padding rules or decode correctness
        let base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
        value.chars().all(|c| base64_chars.contains(c))
    }

    /// Validate URI format (basic scheme validation)
    ///
    /// This performs basic URI scheme validation sufficient for SCIM reference checking.
    /// For comprehensive URI validation, consider using the `url` crate.
    pub(super) fn is_valid_uri_format(&self, value: &str) -> bool {
        if value.is_empty() {
            return false;
        }

        // Basic scheme validation - sufficient for SCIM reference URIs
        // Accepts HTTP(S) URLs and URN schemes commonly used in SCIM
        value.contains("://") || value.starts_with("urn:")
    }

    /// Get the type name of a JSON value for error messages.
    pub(super) fn get_value_type(value: &Value) -> &'static str {
        match value {
            Value::Null => "null",
            Value::Bool(_) => "boolean",
            Value::Number(n) if n.is_i64() => "integer",
            Value::Number(_) => "decimal",
            Value::String(_) => "string",
            Value::Array(_) => "array",
            Value::Object(_) => "object",
        }
    }

    /// Get attribute definition for a complex attribute
    pub(super) fn get_complex_attribute_definition(
        &self,
        attr_name: &str,
    ) -> Option<&AttributeDefinition> {
        // Look in core user schema for the attribute
        self.core_user_schema
            .attributes
            .iter()
            .find(|attr| attr.name == attr_name && matches!(attr.data_type, AttributeType::Complex))
    }
}

impl Default for SchemaRegistry {
    fn default() -> Self {
        Self::new().expect("Failed to load default schemas")
    }
}