- Reject group operations when users don't exist (security fix)
- Prevents unauthorized user provisioning via group membership
- Aligns with SCIM 2.0 protocol: users must exist before group membership
- Add validation for empty user IDs
- Update tests to verify rejection behavior
This is a breaking change but necessary for security and SCIM compliance.
Users must be created via POST /Users before being added to groups.
- Test user with UUID in user_email (defensive fix scenario)
- Test user with None email (root cause fix scenario)
- Verifies transformation doesn't fail and emails array is empty for invalid emails
* fix: use fastuuid helper across the codebase
First batch of changes, simple drop in replacement.
* second batch of changes
* fixed: script mistake on helper file
* fix: ensure /responses/cancel works for non admins
* test: cancel endpoint
* fix responses API cancel endpoint
* test fix
* TestGoogleAIStudioResponsesAPITest
* SCIM fix new user roles
* test_create_user_defaults_to_viewer
* test_create_user_uses_default_internal_user_params_role
* fix default user for SCIM
* fix linting error
* fix SCIM memberships Patch
* fixes for SCIM updates
* fixes for SCIM
* working provisioning for teams on SCIM
* working user patch / PUT ops SCIM
* fixes SCIM
* test_scim_v2_endpoints.py
* handle_existing_user_by_email
* fixes for provisioning SCIMUser
* fixes SCIM provisioning
* test scim v2
* fixes for linting
* fix _apply_patch_ops
* fixes code QA check for team membership checks