pond · pond · Aug 15, 2025 · Aug 15, 2025 · Aug 15, 2025
diff --git a/app/controllers/scimitar/application_controller.rb b/app/controllers/scimitar/application_controller.rb
@@ -130,20 +130,22 @@ def add_mandatory_response_headers
       end
 
       def authenticate
-        handle_scim_error(Scimitar::AuthenticationError.new) unless authenticated?
+        unless authenticated?
+          handle_scim_error(Scimitar::AuthenticationError.new) unless self.performed?
+        end
       end
 
       def authenticated?
         result = if Scimitar.engine_configuration.basic_authenticator.present?
           authenticate_with_http_basic do |username, password|
             instance_exec(username, password, &Scimitar.engine_configuration.basic_authenticator)
           end
-        end
-
-        result ||= if Scimitar.engine_configuration.token_authenticator.present?
+        elsif Scimitar.engine_configuration.token_authenticator.present?
           authenticate_with_http_token do |token, options|
             instance_exec(token, options, &Scimitar.engine_configuration.token_authenticator)
           end
+        elsif Scimitar.engine_configuration.custom_authenticator.present?
+          instance_exec(&Scimitar.engine_configuration.custom_authenticator)
         end
 
         return result

diff --git a/app/models/scimitar/engine_configuration.rb b/app/models/scimitar/engine_configuration.rb
@@ -11,6 +11,7 @@ class EngineConfiguration
       :uses_defaults,
       :basic_authenticator,
       :token_authenticator,
+      :custom_authenticator,
       :application_controller_mixin,
       :exception_reporter,
       :optional_value_fields_required,

diff --git a/scimitar.gemspec b/scimitar.gemspec
@@ -33,11 +33,13 @@ Gem::Specification.new do |s|
     s.add_dependency 'rails', '>= 7.0' # Major version 7 or later
   end
 
-  s.add_development_dependency 'debug',          '~>  1.10'
-  s.add_development_dependency 'rake',           '~> 13.2'
-  s.add_development_dependency 'pg',             '~>  1.5'
-  s.add_development_dependency 'simplecov-rcov', '~>  0.3'
-  s.add_development_dependency 'rdoc',           '~>  6.12'
-  s.add_development_dependency 'rspec-rails',    '~>  7.1'
-  s.add_development_dependency 'doggo',          '~>  1.4'
+  s.add_development_dependency 'debug',              '~>  1.11'
+  s.add_development_dependency 'rake',               '~> 13.2'
+  s.add_development_dependency 'pg',                 '~>  1.6'
+  s.add_development_dependency 'simplecov-rcov',     '~>  0.3'
+  s.add_development_dependency 'rdoc',               '~>  6.14'
+  s.add_development_dependency 'warden',             '~>  1.2'
+  s.add_development_dependency 'rspec-rails',        '~>  7.1'
+  s.add_development_dependency 'warden-rspec-rails', '~>  0.3'
+  s.add_development_dependency 'doggo',              '~>  1.4'
 end
diff --git a/spec/apps/dummy/config/initializers/warden.rb b/spec/apps/dummy/config/initializers/warden.rb
@@ -0,0 +1,3 @@
+require 'warden'
+
+Rails.application.config.middleware.use Warden::Manager
diff --git a/spec/controllers/scimitar/application_controller_spec.rb b/spec/controllers/scimitar/application_controller_spec.rb
@@ -107,6 +107,84 @@ def index
     end
   end
 
+  context 'custom authentication, using Warden as an example' do
+    include Warden::Test::Helpers
+
+    controller do
+      def index
+        render json: { 'message' => 'cool, cool!' }, format: :scim
+      end
+    end
+
+    context 'with standard 401 handling' do
+      before do
+        Scimitar.engine_configuration = Scimitar::EngineConfiguration.new(
+          custom_authenticator: Proc.new do
+            catch(:warden) do
+              response.headers['WWW-Authenticate'] = 'SomeOtherValidScheme'
+
+              warden = request.env['warden']
+              warden.authenticate!(scope: :scim_v2)
+              true
+            end or false
+          end
+        )
+      end
+
+      context 'when authentication suceeds' do
+        it 'renders "success"' do
+          expect(warden).to receive(:authenticate!).and_return("A User instance or similar") # ('warden' is the proxy provided by the warden-rspec-rails gem)
+
+          get :index, params: { format: :scim }
+
+          expect(response).to be_ok
+          expect(JSON.parse(response.body)).to eql({ 'message' => 'cool, cool!' })
+          expect(response.headers['WWW-Authenticate']).to eql('SomeOtherValidScheme') # Proves the custom block ran
+        end
+      end
+
+      context 'when authentication fails' do # We're kinda just verifying the README.md example code here!
+        it 'renders 401' do
+          expect(warden).to receive(:authenticate!) { throw(:warden) } # ('warden' is the proxy provided by the warden-rspec-rails gem)
+
+          get :index, params: { format: :scim }
+
+          expect(response).to have_http_status(:unauthorized)
+          expect(response.headers['WWW-Authenticate']).to eql('SomeOtherValidScheme') # Proves the custom block ran
+
+          parsed_body = JSON.parse(response.body)
+
+          expect(parsed_body).to include('schemas' => ['urn:ietf:params:scim:api:messages:2.0:Error'])
+          expect(parsed_body).to include('detail' => 'Requires authentication')
+          expect(parsed_body).to include('status' => '401')
+        end
+      end
+    end
+
+    context 'with custom error handling' do
+      before do
+        Scimitar.engine_configuration = Scimitar::EngineConfiguration.new(
+          custom_authenticator: Proc.new do
+            render status: 499, json: { testing: true }
+            false
+          end
+        )
+      end
+
+      context 'when authentication fails' do
+        it 'renders the custom response' do
+          get :index, params: { format: :scim }
+
+          expect(response).to have_http_status(499)
+
+          parsed_body = JSON.parse(response.body)
+
+          expect(parsed_body).to eql('testing' => true)
+        end
+      end
+    end
+  end
+
   context 'authenticator evaluated within controller context' do
 
     # Define a controller with a custom instance method 'valid_token'.

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -20,6 +20,8 @@
 
 require 'rspec/rails'
 require 'debug'
+require 'warden'
+require 'warden-rspec-rails'
 require 'scimitar'
 
 # ============================================================================
@@ -32,6 +34,8 @@
   config.filter_rails_from_backtrace!
   config.raise_errors_for_deprecations!
 
+  config.include(Warden::Test::ControllerHelpers, type: :controller) # (from the warden-rspec-rails gem)
+
   config.color                      = true
   config.tty                        = true
   config.order                      = :random
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		require 'warden'

		Rails.application.config.middleware.use Warden::Manager