Log error for invalid token

https://www.pivotaltracker.com/story/show/187956690

server/src/main/java/access/security/UserHandlerMethodArgumentResolver.java

@@ -65,7 +65,7 @@ public User resolveArgument(MethodParameter methodParameter,
         } else if (userPrincipal instanceof OAuth2AuthenticationToken authenticationToken) {
             //The user has logged in with OpenIDConnect. Invite is acting as a backend server
             attributes = authenticationToken.getPrincipal().getAttributes();
-        } else if (StringUtils.hasText(apiTokenHeader) && apiTokenHeader.length() == 36) {
+        } else if (StringUtils.hasText(apiTokenHeader)) {
             //The user has obtained an API token (from her institution admin) and there is no state
             String hashedToken = HashGenerator.hashToken(apiTokenHeader);
             APIToken apiToken = apiTokenRepository.findByHashedValue(hashedToken)

server/src/test/java/access/api/UserRoleControllerTest.java

@@ -9,6 +9,7 @@
 import io.restassured.common.mapper.TypeRef;
 import io.restassured.http.ContentType;
 import org.junit.jupiter.api.Test;
+import org.springframework.http.HttpStatus;
 
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
@@ -239,6 +240,36 @@ void consequencesForDeletion() throws Exception {
         System.out.println(userRoles);
     }
 
+    @Test
+    void invalidAPIToken() {
+        List<Long> roleIdentifiers = List.of(
+                roleRepository.findByName("Network").get(0).getId(),
+                roleRepository.findByName("Wiki").get(0).getId()
+        );
+        UserRoleProvisioning userRoleProvisioning = new UserRoleProvisioning(
+                roleIdentifiers,
+                Authority.GUEST,
+                null,
+                "[email protected]",
+                null,
+                null,
+                null,
+                "Charly Green",
+                null,
+                true
+        );
+        given()
+                .when()
+                .header(API_TOKEN_HEADER, "bogus")
+                .accept(ContentType.JSON)
+                .contentType(ContentType.JSON)
+                .body(userRoleProvisioning)
+                .post("/api/external/v1/user_roles/user_role_provisioning")
+                .then()
+                .statusCode(HttpStatus.FORBIDDEN.value());
+
+    }
+
     private void doUserRoleProvisioning(UserRoleProvisioning userRoleProvisioning, String expectedSub, int expectedUserRoleCount) throws JsonProcessingException {
         super.stubForManagerProvidersByIdIn(EntityType.SAML20_SP, List.of("1", "2"));
         super.stubForManageProvidersAllowedByIdP(ORGANISATION_GUID);