From 84076e005ab66665dd289f6a8c97f8dbd6d7b75e Mon Sep 17 00:00:00 2001
From: Mihai Ibanescu <mihai.ibanescu@pendo.io>
Date: Mon, 17 Jul 2023 14:47:33 +0300
Subject: [PATCH] Accept nil values for attribiutes defined as required and
 read-only.

This is particularly relevant for the id attribute, which is typically
defined as required and read-only. It is assigned by the IdP, and
required to be returned. It should not be required to be specified
on POST/PUT/PATCH.
---
 schema/core.go                   |  2 +-
 schema/schema_test.go            | 19 ++++++++++++++++++-
 schema/testdata/schema_test.json | 15 ++++++++++++++-
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/schema/core.go b/schema/core.go
index 18399de..3caff65 100644
--- a/schema/core.go
+++ b/schema/core.go
@@ -305,7 +305,7 @@ func (a *CoreAttribute) getRawAttributes() map[string]interface{} {
 func (a CoreAttribute) validate(attribute interface{}) (interface{}, *errors.ScimError) {
 	// whether or not the attribute is required.
 	if attribute == nil {
-		if !a.required {
+		if !a.required || a.mutability == attributeMutabilityReadOnly {
 			return nil, nil
 		}
 
diff --git a/schema/schema_test.go b/schema/schema_test.go
index 91bd9ed..28f51d0 100644
--- a/schema/schema_test.go
+++ b/schema/schema_test.go
@@ -17,6 +17,11 @@ var testSchema = Schema{
 			Name:     "required",
 			Required: true,
 		})),
+		SimpleCoreAttribute(SimpleStringParams(StringParams{
+			Name:       "requiredReadOnly",
+			Required:   true,
+			Mutability: AttributeMutabilityReadOnly(),
+		})),
 		SimpleCoreAttribute(SimpleBooleanParams(BooleanParams{
 			MultiValued: true,
 			Name:        "booleans",
@@ -110,7 +115,8 @@ func TestResourceInvalid(t *testing.T) {
 func TestValidValidation(t *testing.T) {
 	for _, test := range []map[string]interface{}{
 		{
-			"required": "present",
+			"required":         "present",
+			"requiredReadOnly": "ignoreme",
 			"booleans": []interface{}{
 				true,
 			},
@@ -126,6 +132,17 @@ func TestValidValidation(t *testing.T) {
 			"integerNumber": json.Number("11"),
 			"decimalNumber": json.Number("11.12"),
 		},
+		{
+			"required": "present",
+			"booleans": []interface{}{
+				true,
+			},
+			"complex": []interface{}{
+				map[string]interface{}{
+					"sub": "present",
+				},
+			},
+		},
 	} {
 		if _, scimErr := testSchema.Validate(test); scimErr != nil {
 			t.Errorf("valid resource expected")
diff --git a/schema/testdata/schema_test.json b/schema/testdata/schema_test.json
index bbb68db..e57c6d6 100644
--- a/schema/testdata/schema_test.json
+++ b/schema/testdata/schema_test.json
@@ -11,6 +11,17 @@
       "type": "string",
       "uniqueness": "none"
     },
+    {
+      "caseExact": false,
+      "description": "",
+      "multiValued": false,
+      "mutability": "readOnly",
+      "name": "requiredReadOnly",
+      "required": true,
+      "returned": "default",
+      "type": "string",
+      "uniqueness": "none"
+    },
     {
       "description": "",
       "multiValued": true,
@@ -120,7 +131,9 @@
       "uniqueness": "none"
     }
   ],
-  "schemas": ["urn:ietf:params:scim:schemas:core:2.0:Schema"],
+  "schemas": [
+    "urn:ietf:params:scim:schemas:core:2.0:Schema"
+  ],
   "description": "",
   "id": "empty",
   "name": "test"