cleaning hard 2
This commit is contained in:
parent
852203d3e7
commit
fe13e5dd76
@ -109,10 +109,6 @@ export const authOptions: NextAuthOptions = {
|
||||
},
|
||||
callbacks: {
|
||||
async jwt({ token, account, profile, user }: any) {
|
||||
console.log("JWT CALLBACK TRIGGERED with token keys:", Object.keys(token));
|
||||
console.log("JWT CALLBACK - Has account?", !!account);
|
||||
console.log("JWT CALLBACK - Has user?", !!user);
|
||||
|
||||
// Initial sign in
|
||||
if (account && account.access_token) {
|
||||
console.log("FULL USER OBJECT:", JSON.stringify(user, null, 2));
|
||||
@ -215,9 +211,6 @@ export const authOptions: NextAuthOptions = {
|
||||
return token;
|
||||
},
|
||||
async session({ session, token }: any) {
|
||||
console.log("SESSION CALLBACK TRIGGERED with token keys:", Object.keys(token));
|
||||
console.log("SESSION CALLBACK - Token role:", token.role);
|
||||
|
||||
// Pass necessary info to the session
|
||||
session.accessToken = token.accessToken;
|
||||
if (session.user) {
|
||||
@ -271,12 +264,9 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
|
||||
// This helps in case Keycloak isn't properly configured
|
||||
let appRoles: string[] = ['user']; // Always include 'user' role
|
||||
|
||||
// Create a lowercase lookup for each of the original roles for easier comparison
|
||||
const lowercaseRoles = keycloakRoles.map(role => role.toLowerCase());
|
||||
|
||||
// The mappings object maps Keycloak role names to application role names
|
||||
const mappings: Record<string, string[]> = {
|
||||
// Map Keycloak roles to your application's role names (all lowercase for comparison)
|
||||
// Map Keycloak roles to your application's role names
|
||||
'admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'owner': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'manager': ['dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
@ -287,52 +277,53 @@ function mapToApplicationRoles(keycloakRoles: string[]): string[] {
|
||||
'mediator': ['mediation'],
|
||||
'entrepreneur': ['entrepreneurship'],
|
||||
|
||||
// Exact matches for capitalized roles from Keycloak token
|
||||
'expression': ['expression'],
|
||||
'mediation': ['mediation'],
|
||||
'coding': ['coding'],
|
||||
'dataintelligence': ['dataintelligence'],
|
||||
// Support for capitalized role names from Keycloak
|
||||
'Expression': ['expression'],
|
||||
'Mediation': ['mediation'],
|
||||
'DataIntelligence': ['dataintelligence'],
|
||||
'Admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
|
||||
// Common prefixed variants
|
||||
'role_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'realm_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
'app_admin': ['admin', 'dataintelligence', 'coding', 'expression', 'mediation', 'entrepreneurship'],
|
||||
|
||||
// Default access roles from Keycloak
|
||||
'default-roles-cercle': ['user'],
|
||||
'uma_authorization': ['user'],
|
||||
'offline_access': ['user'],
|
||||
|
||||
// Direct mapping for flexibility
|
||||
'expression': ['expression'],
|
||||
'mediation': ['mediation'],
|
||||
'coding': ['coding'],
|
||||
'dataintelligence': ['dataintelligence'],
|
||||
'entrepreneurship': ['entrepreneurship'],
|
||||
};
|
||||
|
||||
// Check for known roles in the lowercase list
|
||||
for (const role of lowercaseRoles) {
|
||||
// Process the role to remove common prefixes
|
||||
const normalizedRole = role
|
||||
// Try to match each role with our mappings
|
||||
for (const role of keycloakRoles) {
|
||||
// Try different variations of the role name
|
||||
const normalizedRole = role.toLowerCase()
|
||||
.replace(/^role_/i, '') // Remove ROLE_ prefix
|
||||
.replace(/^realm_/i, '') // Remove REALM_ prefix
|
||||
.replace(/^app_/i, ''); // Remove APP_ prefix
|
||||
|
||||
console.log(`Processing role: ${role} -> normalized: ${normalizedRole}`);
|
||||
|
||||
// Check for direct match with normalized role
|
||||
// Check for direct match
|
||||
if (mappings[normalizedRole]) {
|
||||
appRoles = [...appRoles, ...mappings[normalizedRole]];
|
||||
console.log(`Mapped ${role} to: ${mappings[normalizedRole].join(', ')}`);
|
||||
}
|
||||
|
||||
// Special direct mappings for common Keycloak role patterns
|
||||
if (normalizedRole === 'expression' || role.includes('expression')) {
|
||||
appRoles.push('expression');
|
||||
}
|
||||
if (normalizedRole === 'mediation' || role.includes('mediation')) {
|
||||
appRoles.push('mediation');
|
||||
}
|
||||
if (normalizedRole === 'admin' || role.includes('admin')) {
|
||||
appRoles.push('admin');
|
||||
}
|
||||
if (normalizedRole === 'dataintelligence' || role.includes('dataintelligence')) {
|
||||
appRoles.push('dataintelligence');
|
||||
}
|
||||
if (normalizedRole === 'coding' || role.includes('coding')) {
|
||||
appRoles.push('coding');
|
||||
}
|
||||
if (normalizedRole === 'entrepreneurship' || role.includes('entrepreneurship')) {
|
||||
appRoles.push('entrepreneurship');
|
||||
// Check for partial matches
|
||||
else {
|
||||
for (const [mapKey, mapRoles] of Object.entries(mappings)) {
|
||||
if (normalizedRole.includes(mapKey)) {
|
||||
appRoles = [...appRoles, ...mapRoles];
|
||||
console.log(`Partially matched ${role} with ${mapKey} to: ${mapRoles.join(', ')}`);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user