Bugfix for scim bearer token

Author: oharsta

server/src/main/java/access/provision/ProvisioningServiceDefault.java

@@ -451,11 +451,6 @@ private void deleteRequest(Provisioning provisioning,
         } else if (hasScimHook(provisioning) && (isUser || provisioning.isScimUserProvisioningOnly())) {
             URI uri = this.provisioningUri(provisioning, apiType, Optional.ofNullable(remoteIdentifier));
             HttpHeaders headers = this.httpHeaders(provisioning);
-            if (StringUtils.hasText(provisioning.getScimPassword())) {
-                headers.setBasicAuth(provisioning.getScimUser(), this.decryptScimPassword(provisioning));
-            } else if (StringUtils.hasText(provisioning.getScimBearerToken())) {
-                headers.add(HttpHeaders.AUTHORIZATION, String.format("Bearer %s", this.decryptScimBearerToken(provisioning)));
-            }
             requestEntity = new RequestEntity<>(request, headers, HttpMethod.DELETE, uri);
         } else if (hasGraphHook(provisioning) && isUser) {
             this.graphClient.deleteUser((User) provisionable, provisioning, remoteIdentifier);
@@ -530,7 +525,11 @@ private HttpHeaders httpHeaders(Provisioning provisioning) {
         HttpHeaders headers = new HttpHeaders();
         switch (provisioning.getProvisioningType()) {
             case scim -> {
-                headers.setBasicAuth(provisioning.getScimUser(), decryptScimPassword(provisioning));
+                if (StringUtils.hasText(provisioning.getScimPassword())) {
+                    headers.setBasicAuth(provisioning.getScimUser(), this.decryptScimPassword(provisioning));
+                } else if (StringUtils.hasText(provisioning.getScimBearerToken())) {
+                    headers.add(HttpHeaders.AUTHORIZATION, String.format("Bearer %s", this.decryptScimBearerToken(provisioning)));
+                }
                 headers.setContentType(MediaType.APPLICATION_JSON);
                 headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
             }

server/src/main/resources/application.yml

@@ -71,7 +71,7 @@ spring:
     port: 1025
 
 crypto:
-  development-mode: True
+  development-mode: False
   #  private-key-location: classpath:nope
   #  Use the commented lines when you want to test against a remote manage. Do not add the private_key to git
   #  development-mode: False

welcome/src/components/User.js

@@ -12,7 +12,6 @@ export const User = ({user, invitationRoles = []}) => {
             <RoleCard key={index} index={index} application={application}/>
         );
     }
-
     const rolesToExclude = invitationRoles.map(invitationRole => invitationRole.role.id);
     const filteredUserRoles = user.userRoles
         .filter(userRole => userRole.authority === "GUEST" || userRole.guestRoleIncluded)

welcome/src/pages/App.js

@@ -30,7 +30,6 @@ export const App = () => {
             configuration()
                 .then(res => {
                     useAppStore.setState(() => ({config: res}));
-
                     if (!res.authenticated) {
                         if (!res.name) {
                             const direction = window.location.pathname + window.location.search;
@@ -44,17 +43,19 @@ export const App = () => {
                         const pathname = locationStored || window.location.pathname;
                         const isInvitationAcceptFlow = window.location.pathname.startsWith("/invitation/accept")
                             || pathname.startsWith("/invitation/accept");
+                        let route;
                         if (res.name && !pathname.startsWith("/invitation/accept") && !isInvitationAcceptFlow) {
-                            navigate("/deadend");
+                            route = "/deadend";
                         } else if (pathname === "/" || pathname.startsWith("/login") || isInvitationAcceptFlow) {
-                            const route = isInvitationAcceptFlow ? pathname : (window.location.pathname + window.location.search);
-                            setTimeout(() => navigate(route), 15);
-                            navigate(route);
+                            route = isInvitationAcceptFlow ? pathname : (window.location.pathname + window.location.search);
                         } else {
                             //Bookmarked URL's trigger a direct login and skip the landing page
                             login(res);
                         }
-                        setLoading(false);
+                        if (!isEmpty(route)) {
+                            setLoading(false);
+                            setTimeout(() => navigate(route), 50);
+                        }
                     } else {
                         me()
                             .then(res => {

welcome/src/pages/Invitation.js

@@ -22,7 +22,7 @@ const HAS_LOGGED_IN_AGAIN = "hasLoggedInAgain"
 let runOnce = false;
 
 export const Invitation = ({authenticated}) => {
-    
+
     const navigate = useNavigate();
     const {user, config} = useAppStore(state => state);
 
@@ -34,14 +34,13 @@ export const Invitation = ({authenticated}) => {
 
     useEffect(() => {
         const hashParam = getParameterByName("hash", window.location.search);
-        
+
         if (runOnce) {
             return;
         }
         runOnce = true;
         invitationByHash(hashParam)
             .then(res => {
-                    
                     setInvitation(res);
                     useAppStore.setState(() => ({
                         invitation: res
@@ -67,7 +66,7 @@ export const Invitation = ({authenticated}) => {
                                     })
                             })
                             .catch(e => {
-                                    
+
                                     setLoading(false);
                                     if (e.response && e.response.status === 412) {
                                         setConfirmation({