From 0acc96937fe0b78f790c7a210934da3fe3bfa01e Mon Sep 17 00:00:00 2001 From: Alma Date: Sat, 12 Apr 2025 09:48:09 +0200 Subject: [PATCH] correction flow --- app/api/auth/[...nextauth]/route.ts | 205 +--------------------------- 1 file changed, 6 insertions(+), 199 deletions(-) diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index 4adfbb40..674c682f 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -60,13 +60,6 @@ export const authOptions: NextAuthOptions = { clientSecret: process.env.KEYCLOAK_CLIENT_SECRET!, issuer: process.env.KEYCLOAK_ISSUER!, profile(profile) { - // Filter out system roles and only keep valid user roles - const validRoles = (profile.groups || []) - .filter((role: string) => - !role.startsWith('default-roles-') && - !['offline_access', 'uma_authorization'].includes(role) - ); - return { id: profile.sub, name: profile.name ?? profile.preferred_username, @@ -74,7 +67,7 @@ export const authOptions: NextAuthOptions = { first_name: profile.given_name ?? '', last_name: profile.family_name ?? '', username: profile.preferred_username ?? profile.email?.split('@')[0] ?? '', - role: validRoles, + role: profile.groups || [], } }, }), @@ -90,195 +83,17 @@ export const authOptions: NextAuthOptions = { token.first_name = profile.given_name || ''; token.last_name = profile.family_name || ''; token.role = profile.groups || []; - - // Get user info from Rocket.Chat using the admin token - const userInfoResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.info?username=${token.username}`, { - headers: { - 'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string, - 'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string, - }, - }); - - if (!userInfoResponse.ok) { - console.error('Failed to get user info:', { - status: userInfoResponse.status, - statusText: userInfoResponse.statusText, - username: token.username - }); - return token; - } - - const userInfo = await userInfoResponse.json(); - console.log('User info response:', userInfo); - - if (!userInfo.user || !userInfo.user._id) { - console.error('Invalid user info response:', userInfo); - return token; - } - - // Set the user's Rocket.Chat ID - token.rocketChatUserId = userInfo.user._id; - console.log('Set Rocket.Chat user ID:', token.rocketChatUserId); - - // Get personal access tokens for the user - const tokensResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.getPersonalAccessTokens`, { - headers: { - 'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string, - 'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string, - }, - }); - - if (!tokensResponse.ok) { - console.error('Failed to get personal access tokens:', { - status: tokensResponse.status, - statusText: tokensResponse.statusText, - username: token.username - }); - return token; - } - - const tokensData = await tokensResponse.json(); - console.log('Personal access tokens response:', tokensData); - - // Find existing token or create a new one - let personalAccessToken = tokensData.tokens?.find((t: any) => t.name === 'NextAuth'); - if (!personalAccessToken) { - console.log('No existing token found, creating new one'); - const createTokenResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.generatePersonalAccessToken`, { - method: 'POST', - headers: { - 'Content-Type': 'application/json', - 'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string, - 'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string, - }, - body: JSON.stringify({ - tokenName: 'NextAuth', - bypassTwoFactor: true, - }), - }); - - if (!createTokenResponse.ok) { - console.error('Failed to create personal access token:', { - status: createTokenResponse.status, - statusText: createTokenResponse.statusText, - username: token.username - }); - return token; - } - - const createTokenData = await createTokenResponse.json(); - console.log('Create token response:', createTokenData); - personalAccessToken = createTokenData.token; - } - - // Set the personal access token - token.rocketChatToken = personalAccessToken.token; - console.log('Set Rocket.Chat token:', token.rocketChatToken); - - return token; + token.accessToken = account.access_token; + token.refreshToken = account.refresh_token; + token.accessTokenExpires = account.expires_at ? account.expires_at * 1000 : Date.now() + 60 * 60 * 1000; } - // If we have a username but no Rocket.Chat credentials, fetch them - if (token.username && (!token.rocketChatToken || !token.rocketChatUserId)) { - console.log('Fetching Rocket.Chat credentials for existing user:', token.username); - - // Get user info from Rocket.Chat using the admin token - const userInfoResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.info?username=${token.username}`, { - headers: { - 'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string, - 'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string, - }, - }); - - if (!userInfoResponse.ok) { - console.error('Failed to get user info:', { - status: userInfoResponse.status, - statusText: userInfoResponse.statusText, - username: token.username - }); - return token; - } - - const userInfo = await userInfoResponse.json(); - console.log('User info response:', userInfo); - - if (!userInfo.user || !userInfo.user._id) { - console.error('Invalid user info response:', userInfo); - return token; - } - - // Set the user's Rocket.Chat ID - token.rocketChatUserId = userInfo.user._id; - console.log('Set Rocket.Chat user ID:', token.rocketChatUserId); - - // Get personal access tokens for the user - const tokensResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.getPersonalAccessTokens`, { - headers: { - 'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string, - 'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string, - }, - }); - - if (!tokensResponse.ok) { - console.error('Failed to get personal access tokens:', { - status: tokensResponse.status, - statusText: tokensResponse.statusText, - username: token.username - }); - return token; - } - - const tokensData = await tokensResponse.json(); - console.log('Personal access tokens response:', tokensData); - - // Find existing token or create a new one - let personalAccessToken = tokensData.tokens?.find((t: any) => t.name === 'NextAuth'); - if (!personalAccessToken) { - console.log('No existing token found, creating new one'); - const createTokenResponse = await fetch(`${process.env.ROCKET_CHAT_URL}/api/v1/users.generatePersonalAccessToken`, { - method: 'POST', - headers: { - 'Content-Type': 'application/json', - 'X-Auth-Token': process.env.ROCKET_CHAT_ADMIN_TOKEN as string, - 'X-User-Id': process.env.ROCKET_CHAT_ADMIN_USER_ID as string, - }, - body: JSON.stringify({ - tokenName: 'NextAuth', - bypassTwoFactor: true, - }), - }); - - if (!createTokenResponse.ok) { - console.error('Failed to create personal access token:', { - status: createTokenResponse.status, - statusText: createTokenResponse.statusText, - username: token.username - }); - return token; - } - - const createTokenData = await createTokenResponse.json(); - console.log('Create token response:', createTokenData); - personalAccessToken = createTokenData.token; - } - - // Set the personal access token - token.rocketChatToken = personalAccessToken.token; - console.log('Set Rocket.Chat token:', token.rocketChatToken); - - return token; - } - - // Return previous token if it has Rocket.Chat credentials - if (token.rocketChatToken && token.rocketChatUserId) { - return token; - } - - // Token refresh case + // Return previous token if it's not expired if (Date.now() < (token.accessTokenExpires as number)) { return token; } + // Token refresh case try { const response = await fetch( `${process.env.KEYCLOAK_BASE_URL}/realms/${process.env.KEYCLOAK_REALM}/protocol/openid-connect/token`, @@ -317,17 +132,9 @@ export const authOptions: NextAuthOptions = { throw new Error("RefreshAccessTokenError"); } - console.log('Session callback token:', { - hasRocketChatToken: !!token.rocketChatToken, - hasRocketChatUserId: !!token.rocketChatUserId, - token: token - }); - return { ...session, accessToken: token.accessToken, - rocketChatToken: token.rocketChatToken || '', - rocketChatUserId: token.rocketChatUserId || '', user: { ...session.user, id: token.sub as string,