lib/uaa/scim.rb in cf-uaa-lib-1.3.4 vs lib/uaa/scim.rb in cf-uaa-lib-1.3.5

@@ -99,10 +99,16 @@
   def initialize(target, auth_header, options = {})
     @target, @auth_header = target, auth_header
     @key_style = options[:symbolize_keys] ? :downsym : :down
   end
 
+  # Convenience method to get the naming attribute, e.g. userName for user,
+  # displayName for group, client_id for client.
+  # @param type (see #add)
+  # @return [String] naming attribute
+  def name_attr(type) type_info(type, :name_attr) end
+
   # Creates a SCIM resource.
   # @param [Symbol] type can be :user, :group, :client, :user_id.
   # @param [Hash] info converted to json and sent to the scim endpoint. For schema of
   #   each type of object see {Scim}.
   # @return [Hash] contents of the object, including its +id+ and meta-data.
@@ -157,17 +163,22 @@
     if attrs = query['attributes']
       attrs = Util.arglist(attrs).map {|a| force_attr(a)}
       query['attributes'] = Util.strlist(attrs, ",")
     end
     qstr = query.empty?? '': "?#{Util.encode_form(query)}"
-    info = json_get(@target, "#{type_info(type, :path)}#{qstr}", @key_style, 'authorization' => @auth_header)
+    info = json_get(@target, "#{type_info(type, :path)}#{qstr}",
+        @key_style,  'authorization' => @auth_header)
     unless info.is_a?(Hash) && info[rk = jkey(:resources)].is_a?(Array)
 
-      # hide client endpoints that are not scim compatible
+      # hide client endpoints that are not yet scim compatible
       if type == :client && info.is_a?(Hash)
-        info.each { |k, v| fake_client_id(v) }
-        return {rk => info.values }
+        info = info.each{ |k, v| fake_client_id(v) }.values
+        if m = /^client_id\s+eq\s+"([^"]+)"$/i.match(query['filter'])
+          idk = jkey(:client_id)
+          info = info.select { |c| c[idk].casecmp(m[1]) == 0 }
+        end
+        return {rk => info}
       end
 
       raise BadResponse, "invalid reply to #{type} query of #{@target}"
     end
     info
@@ -258,10 +269,10 @@
         'authorization' => @auth_header))
   end
 
   # Change client secret.
   # * For a client to change its own secret, the token in @auth_header must contain
-  #   "uaa.admin,client.secret" scope and the correct +old_secret+ must be given.
+  #   "client.secret" scope and the correct +old_secret+ must be given.
   # * For an admin to set a client secret, the token in @auth_header must contain
   #   "uaa.admin" scope.
   # @see https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-APIs.rst#change-client-secret-put-oauthclientsclient_idsecret
   # @see https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-Security.md#client-secret-mangagement
   # @param [String] client_id the {Scim} +id+ attribute of the client