cleaning hard 2
This commit is contained in:
parent
7f63668300
commit
852203d3e7
@ -113,16 +113,6 @@ export const authOptions: NextAuthOptions = {
|
|||||||
console.log("JWT CALLBACK - Has account?", !!account);
|
console.log("JWT CALLBACK - Has account?", !!account);
|
||||||
console.log("JWT CALLBACK - Has user?", !!user);
|
console.log("JWT CALLBACK - Has user?", !!user);
|
||||||
|
|
||||||
// TEMPORARY DEBUG HACK - Force roles for specific user
|
|
||||||
if (token.sub === "203cbc91-61ab-47a2-95d2-b5e1159327d7") {
|
|
||||||
console.log("DEBUG HACK: Detected specific user, forcing all roles");
|
|
||||||
// Only add this if token.role doesn't already have these roles
|
|
||||||
if (!token.role || token.role.length <= 1) {
|
|
||||||
token.role = ["user", "admin", "expression", "mediation", "coding", "dataintelligence", "entrepreneurship"];
|
|
||||||
console.log("DEBUG HACK: Set roles to", token.role);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Initial sign in
|
// Initial sign in
|
||||||
if (account && account.access_token) {
|
if (account && account.access_token) {
|
||||||
console.log("FULL USER OBJECT:", JSON.stringify(user, null, 2));
|
console.log("FULL USER OBJECT:", JSON.stringify(user, null, 2));
|
||||||
@ -281,9 +271,12 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
|
|||||||
// This helps in case Keycloak isn't properly configured
|
// This helps in case Keycloak isn't properly configured
|
||||||
let appRoles: string[] = ['user']; // Always include 'user' role
|
let appRoles: string[] = ['user']; // Always include 'user' role
|
||||||
|
|
||||||
|
// Create a lowercase lookup for each of the original roles for easier comparison
|
||||||
|
const lowercaseRoles = keycloakRoles.map(role => role.toLowerCase());
|
||||||
|
|
||||||
// The mappings object maps Keycloak role names to application role names
|
// The mappings object maps Keycloak role names to application role names
|
||||||
const mappings: Record<string, string[]> = {
|
const mappings: Record<string, string[]> = {
|
||||||
// Map Keycloak roles to your application's role names
|
// Map Keycloak roles to your application's role names (all lowercase for comparison)
|
||||||
'admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
'admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||||
'owner': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
'owner': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||||
'manager': ['dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
'manager': ['dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||||
@ -295,60 +288,51 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
|
|||||||
'entrepreneur': ['entrepreneurship'],
|
'entrepreneur': ['entrepreneurship'],
|
||||||
|
|
||||||
// Exact matches for capitalized roles from Keycloak token
|
// Exact matches for capitalized roles from Keycloak token
|
||||||
'Expression': ['expression'],
|
'expression': ['expression'],
|
||||||
'Mediation': ['mediation'],
|
'mediation': ['mediation'],
|
||||||
'DataIntelligence': ['dataintelligence'],
|
'coding': ['coding'],
|
||||||
'Admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
'dataintelligence': ['dataintelligence'],
|
||||||
|
|
||||||
// Common prefixed variants
|
|
||||||
'role_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
|
||||||
'realm_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
|
||||||
'app_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
|
||||||
|
|
||||||
// Default access roles from Keycloak
|
// Default access roles from Keycloak
|
||||||
'default-roles-cercle': ['user'],
|
'default-roles-cercle': ['user'],
|
||||||
'uma_authorization': ['user'],
|
'uma_authorization': ['user'],
|
||||||
'offline_access': ['user'],
|
'offline_access': ['user'],
|
||||||
|
|
||||||
// Direct mapping for flexibility
|
|
||||||
'expression': ['expression'],
|
|
||||||
'mediation': ['mediation'],
|
|
||||||
'coding': ['coding'],
|
|
||||||
'dataintelligence': ['dataintelligence'],
|
|
||||||
'entrepreneurship': ['entrepreneurship'],
|
|
||||||
};
|
};
|
||||||
|
|
||||||
// Try to match each role with our mappings
|
// Check for known roles in the lowercase list
|
||||||
for (const role of keycloakRoles) {
|
for (const role of lowercaseRoles) {
|
||||||
// First, check for an exact case-sensitive match
|
// Process the role to remove common prefixes
|
||||||
if (mappings[role]) {
|
const normalizedRole = role
|
||||||
appRoles = [...appRoles, ...mappings[role]];
|
|
||||||
console.log(`Exact matched ${role} to: ${mappings[role].join(', ')}`);
|
|
||||||
continue; // Skip to next role
|
|
||||||
}
|
|
||||||
|
|
||||||
// If no direct match, normalize and try again
|
|
||||||
// Try different variations of the role name
|
|
||||||
const normalizedRole = role.toLowerCase()
|
|
||||||
.replace(/^role_/i, '') // Remove ROLE_ prefix
|
.replace(/^role_/i, '') // Remove ROLE_ prefix
|
||||||
.replace(/^realm_/i, '') // Remove REALM_ prefix
|
.replace(/^realm_/i, '') // Remove REALM_ prefix
|
||||||
.replace(/^app_/i, ''); // Remove APP_ prefix
|
.replace(/^app_/i, ''); // Remove APP_ prefix
|
||||||
|
|
||||||
console.log(`Processing role: ${role} -> normalized: ${normalizedRole}`);
|
console.log(`Processing role: ${role} -> normalized: ${normalizedRole}`);
|
||||||
|
|
||||||
// Check for direct match
|
// Check for direct match with normalized role
|
||||||
if (mappings[normalizedRole]) {
|
if (mappings[normalizedRole]) {
|
||||||
appRoles = [...appRoles, ...mappings[normalizedRole]];
|
appRoles = [...appRoles, ...mappings[normalizedRole]];
|
||||||
console.log(`Mapped ${role} to: ${mappings[normalizedRole].join(', ')}`);
|
console.log(`Mapped ${role} to: ${mappings[normalizedRole].join(', ')}`);
|
||||||
}
|
}
|
||||||
// Check for partial matches
|
|
||||||
else {
|
// Special direct mappings for common Keycloak role patterns
|
||||||
for (const [mapKey, mapRoles] of Object.entries(mappings)) {
|
if (normalizedRole === 'expression' || role.includes('expression')) {
|
||||||
if (normalizedRole.includes(mapKey)) {
|
appRoles.push('expression');
|
||||||
appRoles = [...appRoles, ...mapRoles];
|
}
|
||||||
console.log(`Partially matched ${role} with ${mapKey} to: ${mapRoles.join(', ')}`);
|
if (normalizedRole === 'mediation' || role.includes('mediation')) {
|
||||||
}
|
appRoles.push('mediation');
|
||||||
}
|
}
|
||||||
|
if (normalizedRole === 'admin' || role.includes('admin')) {
|
||||||
|
appRoles.push('admin');
|
||||||
|
}
|
||||||
|
if (normalizedRole === 'dataintelligence' || role.includes('dataintelligence')) {
|
||||||
|
appRoles.push('dataintelligence');
|
||||||
|
}
|
||||||
|
if (normalizedRole === 'coding' || role.includes('coding')) {
|
||||||
|
appRoles.push('coding');
|
||||||
|
}
|
||||||
|
if (normalizedRole === 'entrepreneurship' || role.includes('entrepreneurship')) {
|
||||||
|
appRoles.push('entrepreneurship');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user