diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go index 79453d617e..2549a008e5 100644 --- a/enterprise/coderd/coderd.go +++ b/enterprise/coderd/coderd.go @@ -455,7 +455,7 @@ func New(ctx context.Context, options *Options) (_ *API, err error) { if len(options.SCIMAPIKey) != 0 { api.AGPL.RootHandler.Route("/scim/v2", func(r chi.Router) { r.Use( - api.scimEnabledMW, + api.RequireFeatureMW(codersdk.FeatureSCIM), ) r.Post("/Users", api.scimPostUser) r.Route("/Users", func(r chi.Router) { @@ -464,6 +464,13 @@ func New(ctx context.Context, options *Options) (_ *API, err error) { r.Get("/{id}", api.scimGetUser) r.Patch("/{id}", api.scimPatchUser) }) + r.NotFound(func(w http.ResponseWriter, r *http.Request) { + u := r.URL.String() + httpapi.Write(r.Context(), w, http.StatusNotFound, codersdk.Response{ + Message: fmt.Sprintf("SCIM endpoint %s not found", u), + Detail: "This endpoint is not implemented. If it is correct and required, please contact support.", + }) + }) }) } else { // Show a helpful 404 error. Because this is not under the /api/v2 routes, diff --git a/enterprise/coderd/scim.go b/enterprise/coderd/scim.go index 5db1ed52bb..28a40dd842 100644 --- a/enterprise/coderd/scim.go +++ b/enterprise/coderd/scim.go @@ -23,17 +23,6 @@ import ( "github.com/coder/coder/v2/codersdk" ) -func (api *API) scimEnabledMW(next http.Handler) http.Handler { - return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - if !api.Entitlements.Enabled(codersdk.FeatureSCIM) { - httpapi.RouteNotFound(rw) - return - } - - next.ServeHTTP(rw, r) - }) -} - func (api *API) scimVerifyAuthHeader(r *http.Request) bool { bearer := []byte("Bearer ") hdr := []byte(r.Header.Get("Authorization")) diff --git a/enterprise/coderd/scim_test.go b/enterprise/coderd/scim_test.go index c45ded27d6..016c75d095 100644 --- a/enterprise/coderd/scim_test.go +++ b/enterprise/coderd/scim_test.go @@ -88,7 +88,7 @@ func TestScim(t *testing.T) { res, err := client.Request(ctx, "POST", "/scim/v2/Users", struct{}{}) require.NoError(t, err) defer res.Body.Close() - assert.Equal(t, http.StatusNotFound, res.StatusCode) + assert.Equal(t, http.StatusForbidden, res.StatusCode) }) t.Run("noAuth", func(t *testing.T) { @@ -424,7 +424,7 @@ func TestScim(t *testing.T) { require.NoError(t, err) _, _ = io.Copy(io.Discard, res.Body) _ = res.Body.Close() - assert.Equal(t, http.StatusNotFound, res.StatusCode) + assert.Equal(t, http.StatusForbidden, res.StatusCode) }) t.Run("noAuth", func(t *testing.T) {