cleaning hard 2
This commit is contained in:
parent
7f63668300
commit
852203d3e7
@ -113,16 +113,6 @@ export const authOptions: NextAuthOptions = {
|
||||
console.log("JWT CALLBACK - Has account?", !!account);
|
||||
console.log("JWT CALLBACK - Has user?", !!user);
|
||||
|
||||
// TEMPORARY DEBUG HACK - Force roles for specific user
|
||||
if (token.sub === "203cbc91-61ab-47a2-95d2-b5e1159327d7") {
|
||||
console.log("DEBUG HACK: Detected specific user, forcing all roles");
|
||||
// Only add this if token.role doesn't already have these roles
|
||||
if (!token.role || token.role.length <= 1) {
|
||||
token.role = ["user", "admin", "expression", "mediation", "coding", "dataintelligence", "entrepreneurship"];
|
||||
console.log("DEBUG HACK: Set roles to", token.role);
|
||||
}
|
||||
}
|
||||
|
||||
// Initial sign in
|
||||
if (account && account.access_token) {
|
||||
console.log("FULL USER OBJECT:", JSON.stringify(user, null, 2));
|
||||
@ -281,9 +271,12 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
|
||||
// This helps in case Keycloak isn't properly configured
|
||||
let appRoles: string[] = ['user']; // Always include 'user' role
|
||||
|
||||
// Create a lowercase lookup for each of the original roles for easier comparison
|
||||
const lowercaseRoles = keycloakRoles.map(role => role.toLowerCase());
|
||||
|
||||
// The mappings object maps Keycloak role names to application role names
|
||||
const mappings: Record<string, string[]> = {
|
||||
// Map Keycloak roles to your application's role names
|
||||
// Map Keycloak roles to your application's role names (all lowercase for comparison)
|
||||
'admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'owner': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'manager': ['dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
@ -295,60 +288,51 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
|
||||
'entrepreneur': ['entrepreneurship'],
|
||||
|
||||
// Exact matches for capitalized roles from Keycloak token
|
||||
'Expression': ['expression'],
|
||||
'Mediation': ['mediation'],
|
||||
'DataIntelligence': ['dataintelligence'],
|
||||
'Admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
|
||||
// Common prefixed variants
|
||||
'role_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'realm_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'app_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'expression': ['expression'],
|
||||
'mediation': ['mediation'],
|
||||
'coding': ['coding'],
|
||||
'dataintelligence': ['dataintelligence'],
|
||||
|
||||
// Default access roles from Keycloak
|
||||
'default-roles-cercle': ['user'],
|
||||
'uma_authorization': ['user'],
|
||||
'offline_access': ['user'],
|
||||
|
||||
// Direct mapping for flexibility
|
||||
'expression': ['expression'],
|
||||
'mediation': ['mediation'],
|
||||
'coding': ['coding'],
|
||||
'dataintelligence': ['dataintelligence'],
|
||||
'entrepreneurship': ['entrepreneurship'],
|
||||
};
|
||||
|
||||
// Try to match each role with our mappings
|
||||
for (const role of keycloakRoles) {
|
||||
// First, check for an exact case-sensitive match
|
||||
if (mappings[role]) {
|
||||
appRoles = [...appRoles, ...mappings[role]];
|
||||
console.log(`Exact matched ${role} to: ${mappings[role].join(', ')}`);
|
||||
continue; // Skip to next role
|
||||
}
|
||||
|
||||
// If no direct match, normalize and try again
|
||||
// Try different variations of the role name
|
||||
const normalizedRole = role.toLowerCase()
|
||||
// Check for known roles in the lowercase list
|
||||
for (const role of lowercaseRoles) {
|
||||
// Process the role to remove common prefixes
|
||||
const normalizedRole = role
|
||||
.replace(/^role_/i, '') // Remove ROLE_ prefix
|
||||
.replace(/^realm_/i, '') // Remove REALM_ prefix
|
||||
.replace(/^app_/i, ''); // Remove APP_ prefix
|
||||
|
||||
console.log(`Processing role: ${role} -> normalized: ${normalizedRole}`);
|
||||
|
||||
// Check for direct match
|
||||
// Check for direct match with normalized role
|
||||
if (mappings[normalizedRole]) {
|
||||
appRoles = [...appRoles, ...mappings[normalizedRole]];
|
||||
console.log(`Mapped ${role} to: ${mappings[normalizedRole].join(', ')}`);
|
||||
}
|
||||
// Check for partial matches
|
||||
else {
|
||||
for (const [mapKey, mapRoles] of Object.entries(mappings)) {
|
||||
if (normalizedRole.includes(mapKey)) {
|
||||
appRoles = [...appRoles, ...mapRoles];
|
||||
console.log(`Partially matched ${role} with ${mapKey} to: ${mapRoles.join(', ')}`);
|
||||
|
||||
// Special direct mappings for common Keycloak role patterns
|
||||
if (normalizedRole === 'expression' || role.includes('expression')) {
|
||||
appRoles.push('expression');
|
||||
}
|
||||
if (normalizedRole === 'mediation' || role.includes('mediation')) {
|
||||
appRoles.push('mediation');
|
||||
}
|
||||
if (normalizedRole === 'admin' || role.includes('admin')) {
|
||||
appRoles.push('admin');
|
||||
}
|
||||
if (normalizedRole === 'dataintelligence' || role.includes('dataintelligence')) {
|
||||
appRoles.push('dataintelligence');
|
||||
}
|
||||
if (normalizedRole === 'coding' || role.includes('coding')) {
|
||||
appRoles.push('coding');
|
||||
}
|
||||
if (normalizedRole === 'entrepreneurship' || role.includes('entrepreneurship')) {
|
||||
appRoles.push('entrepreneurship');
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user