Fixes #638

Author: oharsta

CHANGELOG.md

@@ -1,12 +1,18 @@
-
 # Change Log
 
 All notable changes to this project will be documented in this file.
 
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
-## Next (1.0.0)
+## Next (1.0.3)
+
+- Fix: remove trailing slash in `scim_url`
+
+## 1.0.2
+
+- Fix: ensure that when a user is provisioned with eduID as the identifier, invite first calls the eduID
+  provisioning service to obtain an institutional eduID, and then uses that eduID instead of the user’s original eduID
 
 ## 1.0.1
 
@@ -157,10 +163,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Add API endpoints for Openconext-spdashboard integration
 - Add API endpoints for Openconext-myconext integration
 - Fixes https://github.com/OpenConext/OpenConext-Invite/issues/307,
-https://github.com/OpenConext/OpenConext-Invite/issues/312,
-https://github.com/OpenConext/OpenConext-Invite/issues/320,
-https://github.com/OpenConext/OpenConext-Invite/issues/240,
-https://github.com/OpenConext/OpenConext-Invite/issues/310
+  https://github.com/OpenConext/OpenConext-Invite/issues/312,
+  https://github.com/OpenConext/OpenConext-Invite/issues/320,
+  https://github.com/OpenConext/OpenConext-Invite/issues/240,
+  https://github.com/OpenConext/OpenConext-Invite/issues/310
 
 ## 0.0.20 2024-09-13
 
@@ -178,29 +184,29 @@ https://github.com/OpenConext/OpenConext-Invite/issues/310
 - Allow searching for specific role types in users
 - Show correct landingpage for roles in UI and API
 - Fixes issues https://github.com/OpenConext/OpenConext-Invite/issues/231,
-https://github.com/OpenConext/OpenConext-Invite/issues/302,
-https://github.com/OpenConext/OpenConext-Invite/issues/240,
-https://github.com/OpenConext/OpenConext-Invite/issues/298,
-https://github.com/OpenConext/OpenConext-Invite/issues/296,
-https://github.com/OpenConext/OpenConext-Invite/issues/295,
-https://github.com/OpenConext/OpenConext-Invite/issues/297,
-https://github.com/OpenConext/OpenConext-Invite/issues/239,
-https://github.com/OpenConext/OpenConext-Invite/issues/239,
-https://github.com/OpenConext/OpenConext-Invite/issues/241,
-https://github.com/OpenConext/OpenConext-Invite/issues/241,
-https://github.com/OpenConext/OpenConext-Invite/issues/293,
-https://github.com/OpenConext/OpenConext-Invite/issues/235,
-https://github.com/OpenConext/OpenConext-Invite/issues/235,
-https://github.com/OpenConext/OpenConext-Invite/issues/234,
-https://github.com/OpenConext/OpenConext-Invite/issues/232,
-https://github.com/OpenConext/OpenConext-Invite/issues/232,
-https://github.com/OpenConext/OpenConext-Invite/issues/233,
-https://github.com/OpenConext/OpenConext-Invite/issues/233,
-https://github.com/OpenConext/OpenConext-Invite/issues/231,
-https://github.com/OpenConext/OpenConext-Invite/issues/230,
-https://github.com/OpenConext/OpenConext-Invite/issues/227,
-https://github.com/OpenConext/OpenConext-Invite/issues/228,
-https://github.com/OpenConext/OpenConext-Invite/issues/291
+  https://github.com/OpenConext/OpenConext-Invite/issues/302,
+  https://github.com/OpenConext/OpenConext-Invite/issues/240,
+  https://github.com/OpenConext/OpenConext-Invite/issues/298,
+  https://github.com/OpenConext/OpenConext-Invite/issues/296,
+  https://github.com/OpenConext/OpenConext-Invite/issues/295,
+  https://github.com/OpenConext/OpenConext-Invite/issues/297,
+  https://github.com/OpenConext/OpenConext-Invite/issues/239,
+  https://github.com/OpenConext/OpenConext-Invite/issues/239,
+  https://github.com/OpenConext/OpenConext-Invite/issues/241,
+  https://github.com/OpenConext/OpenConext-Invite/issues/241,
+  https://github.com/OpenConext/OpenConext-Invite/issues/293,
+  https://github.com/OpenConext/OpenConext-Invite/issues/235,
+  https://github.com/OpenConext/OpenConext-Invite/issues/235,
+  https://github.com/OpenConext/OpenConext-Invite/issues/234,
+  https://github.com/OpenConext/OpenConext-Invite/issues/232,
+  https://github.com/OpenConext/OpenConext-Invite/issues/232,
+  https://github.com/OpenConext/OpenConext-Invite/issues/233,
+  https://github.com/OpenConext/OpenConext-Invite/issues/233,
+  https://github.com/OpenConext/OpenConext-Invite/issues/231,
+  https://github.com/OpenConext/OpenConext-Invite/issues/230,
+  https://github.com/OpenConext/OpenConext-Invite/issues/227,
+  https://github.com/OpenConext/OpenConext-Invite/issues/228,
+  https://github.com/OpenConext/OpenConext-Invite/issues/291
 
 ## 0.0.19 2024-09-10
 
@@ -254,7 +260,8 @@ https://github.com/OpenConext/OpenConext-Invite/issues/291
 - Fix styling of welcome deadend on medium screens
 - Make clear on welcome/profile which are your actual guest roles and for which you have a different authority
 - Fix wrong explanation with override invite settings option
-- Voot and invite-AA endpoints will only return roles the user is actually a guest in, not a different authority, just like provisioning already works
+- Voot and invite-AA endpoints will only return roles the user is actually a guest in, not a different authority, just
+  like provisioning already works
 - Unbreak 'also invite as guest' when a user upgrades their own role
 - Support updating changed attributes in SCIM
 - Provisionings now show created date

server/src/main/java/invite/manage/Manage.java

@@ -3,8 +3,15 @@
 import invite.model.GroupedProviders;
 import invite.model.Role;
 import org.springframework.util.CollectionUtils;
-
-import java.util.*;
+import org.springframework.util.StringUtils;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.UUID;
 import java.util.stream.Collectors;
 
 import static invite.security.InstitutionAdmin.*;
@@ -82,6 +89,10 @@ default Map<String, Object> transformProvider(Map<String, Object> provider) {
                     "user_wait_time"
             ).forEach(attribute -> application.put(attribute, metaDataFields.get(attribute)));
         }
+        String scimUrl = (String) application.get("scim_url");
+        if (StringUtils.hasText(scimUrl) && scimUrl.endsWith("/")) {
+            application.put("scim_url", scimUrl.substring(0, scimUrl.length() - 1));
+        }
         application.put("type", provider.get("type"));
         application.put("applications", data.get("applications"));
         application.put("allowedEntities", data.get("allowedEntities"));

server/src/main/java/invite/provision/Provisioning.java

@@ -17,7 +17,7 @@ public class Provisioning {
     private final String id;
     private final String entityId;
     private final ProvisioningType provisioningType;
-    private final String scimUrl;
+    private String scimUrl;
     private final String scimUser;
     private final String scimPassword;
     private final String scimBearerToken;
@@ -41,6 +41,9 @@ public Provisioning(Map<String, Object> provider) {
 
         this.provisioningType = ProvisioningType.valueOf((String) provider.get("provisioning_type"));
         this.scimUrl = (String) provider.get("scim_url");
+        if (StringUtils.hasText(this.scimUrl) && this.scimUrl.endsWith("/")) {
+            this.scimUrl = this.scimUrl.substring(0, this.scimUrl.length() - 1);
+        }
         this.scimUser = (String) provider.get("scim_user");
         this.scimPassword = (String) provider.get("scim_password");
         this.scimBearerToken = (String) provider.get("scim_bearer_token");
@@ -73,8 +76,8 @@ private void invariant() {
             case scim -> {
                 assert scimUrl != null : "scimUrl is null";
                 if (scimBearerToken == null) {
-                    assert scimUser != null: "scimUser is null";
-                    assert scimPassword != null: "scimPassword or scimBearerToken is null";
+                    assert scimUser != null : "scimUser is null";
+                    assert scimPassword != null : "scimPassword or scimBearerToken is null";
                 }
             }
             case graph -> {

server/src/test/java/invite/manage/LocalManageTest.java

@@ -2,9 +2,11 @@
 
 import invite.AbstractTest;
 import invite.model.Role;
+import invite.provision.ProvisioningType;
 import org.junit.jupiter.api.Test;
 
 import java.util.List;
+import java.util.Map;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -18,4 +20,22 @@ void deriveRemoteApplications() {
         localManage.addManageMetaData(roles);
         roles.forEach(role -> role.getApplicationMaps().forEach(map -> assertNotNull(map.get("id"))));
     }
+
+    @Test
+    void provisioningScimTrailingSlash() {
+        Map<String, Object> provider = Map.of(
+                "type", EntityType.PROVISIONING.collectionName(),
+                "_id", "12345678",
+                "data", Map.of("metaDataFields", Map.of(
+                        "provisioning_type", ProvisioningType.scim.name(),
+                        "scim_url", "https://scum.url/",
+                        "scim_user", "user",
+                        "scim_password", "secret"
+                ))
+        );
+        Map<String, Object> application = localManage.transformProvider(provider);
+
+        assertEquals("12345678", application.get("id"));
+        assertEquals("https://scum.url", application.get("scim_url"));
+    }
 }

server/src/test/java/invite/provision/ProvisioningTest.java

@@ -35,6 +35,18 @@ void provisioningGraph() {
         this.provisioningMap(ProvisioningType.graph, "graph_client_id", "graph_secret");
     }
 
+    @Test
+    void provisioningScimTrailingSlash() {
+        Map<String, Object> data = Map.of(
+                "provisioning_type", ProvisioningType.scim.name(),
+                "scim_url", "https://scum.url/",
+                "scim_user","user",
+                "scim_password", "secret"
+        );
+        Provisioning provisioning = new Provisioning(data);
+        assertEquals("https://scum.url", provisioning.getScimUrl());
+    }
+
     private void assertInvariant(Map<String, Object> provider) {
         assertThrows(AssertionError.class, () -> new Provisioning(provider));
     }