fix: relax parsing of SCIM user 'active' flag to improve compatibility (#9296)

# Which Problems Are Solved
- Microsoft Entra invokes the user patch endpoint with `"active":
"True"` / `"active": "False"` when patching a user. This is a well-known
bug in MS Entra (see
[here](https://learn.microsoft.com/en-us/entra/identity/app-provisioning/application-provisioning-config-problem-scim-compatibility)),
but the bug fix has not landed yet and/or the feature flag does not
work.

# How the Problems Are Solved
- To ensure compatibility with MS Entra, the parsing of the the boolean
active flag of the scim user is relaxed and accepts strings in any
casing that resolve to `true` or `false` as well as raw boolean values.

# Additional Context
Part of https://github.com/zitadel/zitadel/issues/8140

(cherry picked from commit 361f7a2edc)

internal/api/scim/integration_test/bulk_test.go

@@ -14,7 +14,6 @@ import (
 	"time"
 
 	"github.com/brianvoe/gofakeit/v6"
-	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/text/language"
@@ -289,7 +288,7 @@ func TestBulk(t *testing.T) {
 					},
 					DisplayName:       "scim-bulk-created-user-0-given-name scim-bulk-created-user-0-family-name",
 					PreferredLanguage: test.Must(language.Parse("en")),
-					Active:            gu.Ptr(true),
+					Active:            schemas.NewRelaxedBool(true),
 					Emails: []*resources.ScimEmail{
 						{
 							Value:   "scim-bulk-created-user-0@example.com",
@@ -308,7 +307,7 @@ func TestBulk(t *testing.T) {
 					DisplayName:       "scim-bulk-created-user-1-given-name scim-bulk-created-user-1-family-name",
 					NickName:          "scim-bulk-created-user-1-nickname-patched",
 					PreferredLanguage: test.Must(language.Parse("en")),
-					Active:            gu.Ptr(true),
+					Active:            schemas.NewRelaxedBool(true),
 					Emails: []*resources.ScimEmail{
 						{
 							Value:   "scim-bulk-created-user-1@example.com",
@@ -333,7 +332,7 @@ func TestBulk(t *testing.T) {
 					DisplayName:       "scim-bulk-created-user-2-given-name scim-bulk-created-user-2-family-name",
 					NickName:          "scim-bulk-created-user-2-nickname-patched",
 					PreferredLanguage: test.Must(language.Parse("en")),
-					Active:            gu.Ptr(true),
+					Active:            schemas.NewRelaxedBool(true),
 					Emails: []*resources.ScimEmail{
 						{
 							Value:   "scim-bulk-created-user-2@example.com",

internal/api/scim/integration_test/testdata/users_update_test_full.json

@@ -134,6 +134,14 @@
       "op": "replace",
       "path": "password",
       "value": "Password2!"
+    },
+    // replace active state
+    {
+      "op": "replace",
+      "path": "active",
+      // quoted uppercase bool
+      // (ensure compatibility with Microsoft Entra)
+      "value": "True"
     }
   ]
 }

internal/api/scim/integration_test/users_create_test.go

@@ -10,7 +10,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/text/language"
@@ -154,7 +153,7 @@ var (
 		PreferredLanguage: language.MustParse("en-US"),
 		Locale:            "en-US",
 		Timezone:          "America/Los_Angeles",
-		Active:            gu.Ptr(true),
+		Active:            schemas.NewRelaxedBool(true),
 	}
 )
 
@@ -191,7 +190,7 @@ func TestCreateUser(t *testing.T) {
 			name: "minimal inactive user",
 			body: minimalInactiveUserJson,
 			want: &resources.ScimUser{
-				Active: gu.Ptr(false),
+				Active: schemas.NewRelaxedBool(false),
 			},
 		},
 		{

internal/api/scim/integration_test/users_get_test.go

@@ -9,7 +9,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/text/language"
@@ -112,7 +111,7 @@ func TestGetUser(t *testing.T) {
 				PreferredLanguage: language.Make("en-US"),
 				Locale:            "en-US",
 				Timezone:          "America/Los_Angeles",
-				Active:            gu.Ptr(true),
+				Active:            schemas.NewRelaxedBool(true),
 				Emails: []*resources.ScimEmail{
 					{
 						Value:   "bjensen@example.com",

internal/api/scim/integration_test/users_list_test.go

@@ -239,7 +239,7 @@ func TestListUser(t *testing.T) {
 				assert.Equal(t, 1, resp.StartIndex)
 				assert.Len(t, resp.Resources, 1)
 				assert.True(t, strings.HasPrefix(resp.Resources[0].UserName, "scim-username-0"))
-				assert.False(t, *resp.Resources[0].Active)
+				assert.False(t, resp.Resources[0].Active.Bool())
 			},
 		},
 		{

internal/api/scim/integration_test/users_replace_test.go

@@ -10,7 +10,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/text/language"
@@ -167,7 +166,7 @@ func TestReplaceUser(t *testing.T) {
 				PreferredLanguage: language.MustParse("en-CH"),
 				Locale:            "en-CH",
 				Timezone:          "Europe/Zurich",
-				Active:            gu.Ptr(false),
+				Active:            schemas.NewRelaxedBool(false),
 			},
 		},
 		{

internal/api/scim/integration_test/users_update_test.go

@@ -10,7 +10,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/text/language"
@@ -208,7 +207,7 @@ func TestUpdateUser(t *testing.T) {
 				PreferredLanguage: language.MustParse("en-US"),
 				Locale:            "en-US",
 				Timezone:          "America/Los_Angeles",
-				Active:            gu.Ptr(true),
+				Active:            schemas.NewRelaxedBool(true),
 			},
 		},
 	}