feat: add option to skip tls check for servers using self-signed certs

Tlepel · Tlepel · commit 936f25b2ebef · 2025-10-03T11:05:21.000+02:00
resolves #18
diff --git a/README.md b/README.md
@@ -23,6 +23,7 @@ Options:
 - `-a, --auth-header <auth>` - Authorization header (required)
 - `-c, --config <path>` - Path to YAML configuration file (optional)
 - `-o, --har-file <path>` - Path to write HAR file output (optional)
+- `--skip-tls-verification` - Use when running a server with self-signed certificates (optional)
 - `-h, --help` - Show help message
 
 ## Features
diff --git a/bin/scimverify.js b/bin/scimverify.js
@@ -15,6 +15,7 @@ let configPath = null;
 let baseUrl = null;
 let authHeader = null;
 let harFileName = null;
+let skipTlsVerification = false;
 
 // Simple argument parser
 for (let i = 0; i < args.length; i++) {
@@ -27,6 +28,8 @@ for (let i = 0; i < args.length; i++) {
     authHeader = args[++i];
   } else if (arg === '--har-file' || arg === '-o') {
     harFileName = args[++i];
+  } else if (arg === '--skip-tls-check') {
+    skipTlsVerification = true;
   } else if (arg === '--help' || arg === '-h') {
     printHelp();
     process.exit(0);
@@ -44,6 +47,7 @@ Options:
   -b, --base-url <url>      Base URL of the SCIM server
   -a, --auth-header <auth>  Authorization header (e.g. "Bearer token")
   -o, --har-file <path>     Path to write HAR file output
+  --skip-tls-check          Use when running a server with self-signed certificates
   -h, --help                Show this help message
 
 Example:
@@ -85,6 +89,7 @@ async function main() {
     const result = await runAllTests({
       baseURL: baseUrl,
       authHeader: authHeader,
+      skipTlsVerification,
       ...config,
     });
 
diff --git a/scim.test.js b/scim.test.js
@@ -113,6 +113,7 @@ if (import.meta.url === `file://${process.argv[1]}`) {
         {
             baseURL: process.env.BASE_URL,
             authHeader: process.env.AUTH_HEADER,
+            skipTlsVerification: !!process.env.SKIP_TLS_VERIFICATION,
             ...parse(process.env.CONFIG),
         }
     ).then((result) => {
diff --git a/server.js b/server.js
@@ -54,6 +54,7 @@ async function processQueue() {
         process.env.AUTH_HEADER = req.body.authHeader;
         process.env.CONFIG = JSON.stringify(req.body);
         process.env.HAR_VIA_DIAGNOSTIC = true;
+        process.env.SKIP_TLS_VERIFICATION = false;
 
         const responseStream = new Writable({
             write(chunk, encoding, callback) {
diff --git a/site/docker/index.md b/site/docker/index.md
@@ -15,6 +15,7 @@ Before running the command below, make sure you have a local `config.yaml` file
 | `CONFIG_FILE`           |    No    | Path to YAML configuration file                                         |
 | `CONFIG`                |   No\*   | YAML configuration                                                      |
 | `HAR_FILE_NAME`         |    No    | Path to write HAR file output                                           |
+| `SKIP_TLS_VERIFICATION` |    No    | Set non-empty value when running a server with self-signed certificates |
 
 \* `CONFIG` is required when `CONFIG_FILE` is not set
 
diff --git a/src/helpers.js b/src/helpers.js
@@ -1,4 +1,5 @@
 import axios from 'axios';
+import https from 'https';
 import fs from 'fs';
 
 let harEntries = [];
@@ -16,7 +17,7 @@ function createHarEntry(t, request, response) {
             cookies: [],
             headers: Object.entries(request.headers)
                 .filter(([_, value]) => value !== undefined && value !== null && value !== '')
-                .map(([name, value]) => ({name, value})),
+                .map(([name, value]) => ({ name, value })),
             queryString: [],
             postData: request.data ? {
                 mimeType: request.headers['Content-Type'] || 'application/json',
@@ -32,7 +33,7 @@ function createHarEntry(t, request, response) {
             cookies: [],
             headers: Object.entries(response.headers)
                 .filter(([_, value]) => value !== undefined && value !== null && value !== '')
-                .map(([name, value]) => ({name, value})),
+                .map(([name, value]) => ({ name, value })),
             content: {
                 size: -1,
                 mimeType: response.headers['content-type'] || 'application/json',
@@ -52,7 +53,7 @@ function createHarEntry(t, request, response) {
 }
 
 export function writeHarFile(testName) {
-    
+
     const har = {
         log: {
             version: '1.2',
@@ -64,7 +65,7 @@ export function writeHarFile(testName) {
             entries: harEntries
         }
     };
-    
+
     const harPath = testName;
     fs.writeFileSync(harPath, JSON.stringify(har, null, 2));
     harEntries = []; // Clear entries after writing
@@ -90,7 +91,8 @@ export function getAxiosInstance(config, testContext = null) {
         validateStatus: function (status) {
             // Return true for any status code (don't throw errors)
             return true;
-        }
+        },
+        ...(config.skipTlsVerification && { httpsAgent: new https.Agent({ rejectUnauthorized: false }) })
     });
 
     const t = testContext;
@@ -103,8 +105,8 @@ export function getAxiosInstance(config, testContext = null) {
     // Add response interceptor to log the raw HTTP response
     instance.interceptors.response.use(response => {
         const harEntry = createHarEntry(t, response.config, response);
-        
-        if(process.env.HAR_VIA_DIAGNOSTIC) {
+
+        if (process.env.HAR_VIA_DIAGNOSTIC) {
             t?.diagnostic(harEntry);
         }
 
@@ -114,8 +116,8 @@ export function getAxiosInstance(config, testContext = null) {
     }, error => {
         if (error.response) {
             const harEntry = createHarEntry(error.response.config, error.response);
-            
-            if(process.env.HAR_VIA_DIAGNOSTIC) {
+
+            if (process.env.HAR_VIA_DIAGNOSTIC) {
                 t?.diagnostic(harEntry);
             }
 
@@ -126,7 +128,7 @@ export function getAxiosInstance(config, testContext = null) {
     return instance;
 }
 
-export function canonicalize(resource, schema){
+export function canonicalize(resource, schema) {
     // Create a deep copy of the user object
     const canonicalizedResource = JSON.parse(JSON.stringify(resource));
     const schemas = canonicalizedResource.schemas || [];
@@ -140,14 +142,14 @@ export function canonicalize(resource, schema){
         if (!canonicalizedResource[coreSchema]) {
             canonicalizedResource[coreSchema] = {};
         }
-        
+
         // Move attributes that are not schemas, meta, id, or extension schemas to the core schema
         Object.keys(canonicalizedResource).forEach(key => {
             // Skip schemas, meta, id, and extension schemas (which start with urn: but aren't the core schema)
             if (key === 'schemas' || key === 'meta' || key === 'id' || key == 'externalId' || schemas.includes(key)) {
                 return;
             }
-            
+
             // Move the attribute to the core schema and delete from root
             canonicalizedResource[coreSchema][key] = canonicalizedResource[key];
             delete canonicalizedResource[key];

Original file line number	Diff line number	Diff line change
@@ -113,6 +113,7 @@ if (import.meta.url === `file://${process.argv[1]}`) {
`113`	`113`	`{`
`114`	`114`	`baseURL: process.env.BASE_URL,`
`115`	`115`	`authHeader: process.env.AUTH_HEADER,`
	`116`	`+ skipTlsVerification: !!process.env.SKIP_TLS_VERIFICATION,`
`116`	`117`	`...parse(process.env.CONFIG),`
`117`	`118`	`}`
`118`	`119`	`).then((result) => {`