cleaning hard 2

2025-05-03 13:17:07 +02:00 · 2025-05-03 13:17:07 +02:00 · 7f63668300
commit 7f63668300
parent 0514f3a3fd
1 changed files with 31 additions and 0 deletions
--- a/app/api/auth/[...nextauth]/route.ts
+++ b/app/api/auth/[...nextauth]/route.ts
@ -109,6 +109,20 @@ export const authOptions: NextAuthOptions = {
  },
  callbacks: {
    async jwt({ token, account, profile, user }: any) {
+      console.log("JWT CALLBACK TRIGGERED with token keys:", Object.keys(token));
+      console.log("JWT CALLBACK - Has account?", !!account);
+      console.log("JWT CALLBACK - Has user?", !!user);
+      
+      // TEMPORARY DEBUG HACK - Force roles for specific user
+      if (token.sub === "203cbc91-61ab-47a2-95d2-b5e1159327d7") {
+        console.log("DEBUG HACK: Detected specific user, forcing all roles");
+        // Only add this if token.role doesn't already have these roles
+        if (!token.role || token.role.length <= 1) {
+          token.role = ["user", "admin", "expression", "mediation", "coding", "dataintelligence", "entrepreneurship"];
+          console.log("DEBUG HACK: Set roles to", token.role);
+        }
+      }
+      
      // Initial sign in
      if (account && account.access_token) {
        console.log("FULL USER OBJECT:", JSON.stringify(user, null, 2));
@ -211,6 +225,9 @@ export const authOptions: NextAuthOptions = {
      return token;
    },
    async session({ session, token }: any) {
+      console.log("SESSION CALLBACK TRIGGERED with token keys:", Object.keys(token));
+      console.log("SESSION CALLBACK - Token role:", token.role);
+      
      // Pass necessary info to the session
      session.accessToken = token.accessToken;
      if (session.user) {
@ -277,6 +294,12 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
    'mediator': ['mediation'],
    'entrepreneur': ['entrepreneurship'],
    
+    // Exact matches for capitalized roles from Keycloak token
+    'Expression': ['expression'],
+    'Mediation': ['mediation'],
+    'DataIntelligence': ['dataintelligence'],
+    'Admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
+    
    // Common prefixed variants
    'role_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
    'realm_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
@ -297,6 +320,14 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
  
  // Try to match each role with our mappings
  for (const role of keycloakRoles) {
+    // First, check for an exact case-sensitive match
+    if (mappings[role]) {
+      appRoles = [...appRoles, ...mappings[role]];
+      console.log(`Exact matched ${role} to: ${mappings[role].join(', ')}`);
+      continue; // Skip to next role
+    }
+    
+    // If no direct match, normalize and try again
    // Try different variations of the role name
    const normalizedRole = role.toLowerCase()
      .replace(/^role_/i, '')   // Remove ROLE_ prefix