Fix bugs in scim sync handling (#260)

rhysyngsun · web-flow · commit 8a4b3ca6ae9e · 2025-05-30T09:16:20.000-04:00
* Fix bugs in scim sync handling

* Actual fix
diff --git a/src/scim/mitol/scim/api.py b/src/scim/mitol/scim/api.py
@@ -95,7 +95,7 @@ def _user_search_by_email(
     session: OAuth2Session, users: list["User"]
 ) -> StateOrOperationGenerator:
     """Perform a search for a set of users by email"""
-    users_by_email = {user.email: user for user in users}
+    users_by_email = {user.email.lower(): user for user in users}
 
     payload = {
         "schemas": [SchemaURI.SERACH_REQUEST],  # typo in upstream lib
@@ -127,12 +127,18 @@ def _user_search_by_email(
         for resource in resources:
             email = first(
                 [
-                    email["value"]
+                    email["value"].lower()
                     for email in resource.get("emails", [])
                     if email.get("primary", False)
                 ]
             )
-            if email is not None:
+            if email is None:
+                log.error("Unexpected user result with no email")
+            elif email not in users_by_email:
+                log.error(
+                    "Received an email in search results that does not match: %s", email
+                )
+            else:
                 yield UserState(users_by_email[email], resource["id"])
 
         if not resources:
@@ -232,7 +238,7 @@ def _perform_sync_operations(
             bulk_id = operation["bulkId"]
             user = users_by_bulk_id[bulk_id]
 
-            if operation["status"] != str(http.HTTPStatus.CREATED):
+            if int(operation["status"]) != http.HTTPStatus.CREATED:
                 log.error(
                     "Unable to perform operation for user: %s, response: %s",
                     str(user),
diff --git a/tests/scim/test_api.py b/tests/scim/test_api.py
@@ -105,7 +105,7 @@ def _callback(request):
                             "id": users.external_ids_by_user_id[user.id],
                             "emails": [
                                 {
-                                    "value": user.email,
+                                    "value": user.email.lower(),
                                     "primary": True,
                                 }
                             ],
@@ -130,7 +130,10 @@ def _callback(request):
                 params={
                     "schemas": [SchemaURI.SERACH_REQUEST],
                     "filter": " OR ".join(
-                        [f'emails.value EQ "{user.email}"' for user in users.users]
+                        [
+                            f'emails.value EQ "{user.email.lower()}"'
+                            for user in users.users
+                        ]
                     ),
                 },
                 strict_match=False,
@@ -190,7 +193,7 @@ def _callback(request):
                                 "location": f"https://keycloak:8080/realms/ol-local/scim/v2/Users/{users.external_ids_by_user_id[user.id]}",
                                 "bulkId": str(user.id),
                                 "method": "POST",
-                                "status": str(HTTPStatus.CREATED),
+                                "status": HTTPStatus.CREATED,
                             }
                         )
                         for user in req_users
