scim: Downgrade SCIMClient from a model to an ephemeral dataclass.

SCIMClient is a type-unsafe workaround for django-scim2’s conflation
of SCIM users with Django users.  Given that a SCIMClient is not a
UserProfile, it might as well not be a model at all, since it’s only
used to satisfy django-scim2’s request.user.is_authenticated queries.

This doesn’t solve the type safety issue with assigning a SCIMClient
to request.user, nor the performance issue with running the SCIM
middleware on non-SCIM requests.  But it reduces the risk of potential
consequences worse than crashing, since there’s no longer a
request.user.id for Django to confuse with the ID of an actual
UserProfile.

Signed-off-by: Anders Kaseorg <anders@zulip.com>

zerver/tests/test_scim.py

@@ -8,7 +8,8 @@ from django.conf import settings
 
 from zerver.actions.user_settings import do_change_full_name
 from zerver.lib.test_classes import ZulipTestCase
-from zerver.models import SCIMClient, UserProfile, get_realm
+from zerver.middleware import SCIMClient
+from zerver.models import UserProfile, get_realm
 
 if TYPE_CHECKING:
     from django.test.client import _MonkeyPatchedWSGIResponse as TestHttpResponse
@@ -22,7 +23,7 @@ class SCIMTestCase(ZulipTestCase):
     def setUp(self) -> None:
         super().setUp()
         self.realm = get_realm("zulip")
-        self.scim_client = SCIMClient.objects.create(
+        self.scim_client = SCIMClient(
             realm=self.realm, name=settings.SCIM_CONFIG["zulip"]["scim_client_name"]
         )