From 852203d3e772ce83f2260c8b075528eefb77da18 Mon Sep 17 00:00:00 2001 From: alma Date: Sat, 3 May 2025 13:26:27 +0200 Subject: [PATCH] cleaning hard 2 --- app/api/auth/[...nextauth]/route.ts | 80 ++++++++++++----------------- 1 file changed, 32 insertions(+), 48 deletions(-) diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index cddc018c..35bf1e17 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -113,16 +113,6 @@ export const authOptions: NextAuthOptions = { console.log("JWT CALLBACK - Has account?", !!account); console.log("JWT CALLBACK - Has user?", !!user); - // TEMPORARY DEBUG HACK - Force roles for specific user - if (token.sub === "203cbc91-61ab-47a2-95d2-b5e1159327d7") { - console.log("DEBUG HACK: Detected specific user, forcing all roles"); - // Only add this if token.role doesn't already have these roles - if (!token.role || token.role.length <= 1) { - token.role = ["user", "admin", "expression", "mediation", "coding", "dataintelligence", "entrepreneurship"]; - console.log("DEBUG HACK: Set roles to", token.role); - } - } - // Initial sign in if (account && account.access_token) { console.log("FULL USER OBJECT:", JSON.stringify(user, null, 2)); @@ -281,9 +271,12 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] { // This helps in case Keycloak isn't properly configured let appRoles: string[] = ['user']; // Always include 'user' role + // Create a lowercase lookup for each of the original roles for easier comparison + const lowercaseRoles = keycloakRoles.map(role => role.toLowerCase()); + // The mappings object maps Keycloak role names to application role names const mappings: Record = { - // Map Keycloak roles to your application's role names + // Map Keycloak roles to your application's role names (all lowercase for comparison) 'admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'], 'owner': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'], 'manager': ['dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'], @@ -295,60 +288,51 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] { 'entrepreneur': ['entrepreneurship'], // Exact matches for capitalized roles from Keycloak token - 'Expression': ['expression'], - 'Mediation': ['mediation'], - 'DataIntelligence': ['dataintelligence'], - 'Admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'], - - // Common prefixed variants - 'role_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'], - 'realm_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'], - 'app_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'], + 'expression': ['expression'], + 'mediation': ['mediation'], + 'coding': ['coding'], + 'dataintelligence': ['dataintelligence'], // Default access roles from Keycloak 'default-roles-cercle': ['user'], 'uma_authorization': ['user'], 'offline_access': ['user'], - - // Direct mapping for flexibility - 'expression': ['expression'], - 'mediation': ['mediation'], - 'coding': ['coding'], - 'dataintelligence': ['dataintelligence'], - 'entrepreneurship': ['entrepreneurship'], }; - // Try to match each role with our mappings - for (const role of keycloakRoles) { - // First, check for an exact case-sensitive match - if (mappings[role]) { - appRoles = [...appRoles, ...mappings[role]]; - console.log(`Exact matched ${role} to: ${mappings[role].join(', ')}`); - continue; // Skip to next role - } - - // If no direct match, normalize and try again - // Try different variations of the role name - const normalizedRole = role.toLowerCase() + // Check for known roles in the lowercase list + for (const role of lowercaseRoles) { + // Process the role to remove common prefixes + const normalizedRole = role .replace(/^role_/i, '') // Remove ROLE_ prefix .replace(/^realm_/i, '') // Remove REALM_ prefix .replace(/^app_/i, ''); // Remove APP_ prefix console.log(`Processing role: ${role} -> normalized: ${normalizedRole}`); - // Check for direct match + // Check for direct match with normalized role if (mappings[normalizedRole]) { appRoles = [...appRoles, ...mappings[normalizedRole]]; console.log(`Mapped ${role} to: ${mappings[normalizedRole].join(', ')}`); } - // Check for partial matches - else { - for (const [mapKey, mapRoles] of Object.entries(mappings)) { - if (normalizedRole.includes(mapKey)) { - appRoles = [...appRoles, ...mapRoles]; - console.log(`Partially matched ${role} with ${mapKey} to: ${mapRoles.join(', ')}`); - } - } + + // Special direct mappings for common Keycloak role patterns + if (normalizedRole === 'expression' || role.includes('expression')) { + appRoles.push('expression'); + } + if (normalizedRole === 'mediation' || role.includes('mediation')) { + appRoles.push('mediation'); + } + if (normalizedRole === 'admin' || role.includes('admin')) { + appRoles.push('admin'); + } + if (normalizedRole === 'dataintelligence' || role.includes('dataintelligence')) { + appRoles.push('dataintelligence'); + } + if (normalizedRole === 'coding' || role.includes('coding')) { + appRoles.push('coding'); + } + if (normalizedRole === 'entrepreneurship' || role.includes('entrepreneurship')) { + appRoles.push('entrepreneurship'); } }