diff --git a/app/api/auth/[...nextauth]/route.ts b/app/api/auth/[...nextauth]/route.ts index 978ac476..87053f84 100644 --- a/app/api/auth/[...nextauth]/route.ts +++ b/app/api/auth/[...nextauth]/route.ts @@ -81,140 +81,104 @@ export const authOptions: NextAuthOptions = { ], callbacks: { async jwt({ token, account, profile }) { + console.log('JWT callback called with:', { token, account, profile }); + if (account && profile) { - // First set the basic token properties - const newToken = { - ...token, - accessToken: account.access_token || '', - refreshToken: account.refresh_token || '', - accessTokenExpires: account.expires_at! * 1000, - role: (profile as any).groups - ?.filter((role: string) => - !role.startsWith('default-roles-') && - !['offline_access', 'uma_authorization'].includes(role) - ) ?? [], - username: (profile as any).preferred_username ?? profile.email?.split('@')[0] ?? '', - first_name: (profile as any).given_name ?? '', - last_name: (profile as any).family_name ?? '', - rocketChatToken: '', - rocketChatUserId: '', - }; + // Find or create a token for this user + const tokenName = `keycloak-${token.username}`; + let personalToken: string | null = null; + let rocketChatUserId: string | null = null; - try { - console.log('Attempting to get personal access tokens for user:', newToken.username); - - // First, let's verify the admin token is working - const verifyTokenResponse = await fetch('https://parole.slm-lab.net/api/v1/me', { - headers: { - 'X-Auth-Token': process.env.ROCKET_CHAT_TOKEN!, - 'X-User-Id': process.env.ROCKET_CHAT_USER_ID!, - }, - }); + // First, get the user's Rocket.Chat ID + const userInfoResponse = await fetch(`https://parole.slm-lab.net/api/v1/users.info?username=${token.username}`, { + headers: { + 'X-Auth-Token': process.env.ROCKET_CHAT_TOKEN!, + 'X-User-Id': process.env.ROCKET_CHAT_USER_ID!, + }, + }); - if (!verifyTokenResponse.ok) { - console.error('Admin token verification failed'); - return newToken; + if (!userInfoResponse.ok) { + console.error('Failed to get user info from Rocket.Chat'); + return token; + } + + const userInfo = await userInfoResponse.json(); + console.log('User info from Rocket.Chat:', userInfo); + + if (userInfo.user && userInfo.user._id) { + rocketChatUserId = userInfo.user._id; + console.log('Found user ID:', rocketChatUserId); + } else { + console.error('No user ID found in Rocket.Chat response'); + return token; + } + + // Get user's personal access tokens using admin credentials + const tokensResponse = await fetch('https://parole.slm-lab.net/api/v1/users.getPersonalAccessTokens', { + method: 'GET', + headers: { + 'X-Auth-Token': process.env.ROCKET_CHAT_TOKEN!, + 'X-User-Id': process.env.ROCKET_CHAT_USER_ID!, + 'Content-Type': 'application/json', + }, + }); + + if (!tokensResponse.ok) { + console.error('Failed to get personal access tokens'); + return token; + } + + const tokensData = await tokensResponse.json(); + console.log('Parsed tokens data:', tokensData); + + if (tokensData.tokens && tokensData.tokens.length > 0) { + // Use existing token + const existingToken = tokensData.tokens.find((t: any) => t.name === tokenName); + if (existingToken) { + console.log('Found existing token:', existingToken); + personalToken = existingToken.lastTokenPart; } + } - // Get user's personal access tokens using admin credentials - const tokensResponse = await fetch('https://parole.slm-lab.net/api/v1/users.getPersonalAccessTokens', { - method: 'GET', + if (!personalToken) { + console.log('Creating new personal access token'); + // Create new token + const createTokenResponse = await fetch('https://parole.slm-lab.net/api/v1/users.generatePersonalAccessToken', { + method: 'POST', headers: { 'X-Auth-Token': process.env.ROCKET_CHAT_TOKEN!, 'X-User-Id': process.env.ROCKET_CHAT_USER_ID!, 'Content-Type': 'application/json', }, + body: JSON.stringify({ + tokenName, + bypassTwoFactor: true, + }), }); - if (!tokensResponse.ok) { - console.error('Failed to get personal access tokens'); - return newToken; - } - - const tokensData = await tokensResponse.json(); - console.log('Parsed tokens data:', tokensData); - - // Find or create a token for this user - const tokenName = `keycloak-${newToken.username}`; - let personalToken: string | null = null; - let rocketChatUserId: string | null = null; - - // First, get the user's Rocket.Chat ID - const userInfoResponse = await fetch(`https://parole.slm-lab.net/api/v1/users.info?username=${newToken.username}`, { - headers: { - 'X-Auth-Token': process.env.ROCKET_CHAT_TOKEN!, - 'X-User-Id': process.env.ROCKET_CHAT_USER_ID!, - }, - }); - - if (!userInfoResponse.ok) { - console.error('Failed to get user info from Rocket.Chat'); - return newToken; - } - - const userInfo = await userInfoResponse.json(); - console.log('User info from Rocket.Chat:', userInfo); - - if (userInfo.user && userInfo.user._id) { - rocketChatUserId = userInfo.user._id; - console.log('Found user ID:', rocketChatUserId); + if (createTokenResponse.ok) { + const createTokenData = await createTokenResponse.json(); + console.log('Created token data:', createTokenData); + personalToken = createTokenData.token; } else { - console.error('No user ID found in Rocket.Chat response'); - return newToken; + console.error('Failed to create personal access token'); + return token; } - - if (tokensData.tokens && tokensData.tokens.length > 0) { - // Use existing token - const existingToken = tokensData.tokens.find((t: any) => t.name === tokenName); - if (existingToken) { - console.log('Found existing token:', existingToken); - personalToken = existingToken.lastTokenPart; - } - } - - if (!personalToken) { - console.log('Creating new personal access token'); - // Create new token - const createTokenResponse = await fetch('https://parole.slm-lab.net/api/v1/users.generatePersonalAccessToken', { - method: 'POST', - headers: { - 'X-Auth-Token': process.env.ROCKET_CHAT_TOKEN!, - 'X-User-Id': process.env.ROCKET_CHAT_USER_ID!, - 'Content-Type': 'application/json', - }, - body: JSON.stringify({ - tokenName, - bypassTwoFactor: true, - }), - }); - - if (createTokenResponse.ok) { - const createTokenData = await createTokenResponse.json(); - console.log('Created token data:', createTokenData); - personalToken = createTokenData.token; - } else { - console.error('Failed to create personal access token'); - return newToken; - } - } - - if (personalToken && rocketChatUserId) { - console.log('Setting Rocket.Chat credentials in token:', { - token: personalToken, - userId: rocketChatUserId - }); - return { - ...newToken, - rocketChatToken: personalToken, - rocketChatUserId: rocketChatUserId, - }; - } - - return newToken; - } catch (error) { - console.error('Error in Rocket.Chat authentication:', error); - return newToken; } + + if (personalToken && rocketChatUserId) { + console.log('Setting Rocket.Chat credentials in token:', { + token: personalToken, + userId: rocketChatUserId + }); + return { + ...token, + rocketChatToken: personalToken, + rocketChatUserId: rocketChatUserId, + }; + } + + return token; } // Return previous token if not expired diff --git a/types/next-auth.d.ts b/types/next-auth.d.ts index 4afa3482..e1a757bc 100644 --- a/types/next-auth.d.ts +++ b/types/next-auth.d.ts @@ -12,8 +12,8 @@ declare module "next-auth" { } & DefaultSession["user"]; accessToken: string; refreshToken: string; - rocketChatToken: string; - rocketChatUserId: string; + rocketChatToken: string | null; + rocketChatUserId: string | null; error?: string; } @@ -25,8 +25,8 @@ declare module "next-auth" { last_name: string; username: string; role: string[]; - rocketChatToken: string; - rocketChatUserId: string; + rocketChatToken: string | null; + rocketChatUserId: string | null; error?: string; }