This commit is contained in:
@@ -495,11 +495,10 @@ export class KeycloakAdminClient {
|
||||
|
||||
// Assign appropriate group instead of role
|
||||
const groupName = userData.membershipTier || 'user';
|
||||
const groupPath = `/${groupName}`; // Keycloak groups use paths with leading slash
|
||||
console.log(`[keycloak-admin] Assigning user to group: ${groupName} (path: ${groupPath})`);
|
||||
console.log(`[keycloak-admin] Assigning user to group: ${groupName}`);
|
||||
|
||||
try {
|
||||
const groupId = await this.getGroupByPath(groupPath);
|
||||
const groupId = await this.getGroupByName(groupName);
|
||||
await this.assignUserToGroup(userId, groupId);
|
||||
console.log(`[keycloak-admin] ✅ Successfully assigned user ${userId} to group: ${groupName}`);
|
||||
} catch (error: any) {
|
||||
@@ -675,6 +674,52 @@ export class KeycloakAdminClient {
|
||||
return group.id;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get group by name (for groups without leading slash)
|
||||
*/
|
||||
async getGroupByName(name: string): Promise<string> {
|
||||
const adminToken = await this.getAdminToken();
|
||||
const adminBaseUrl = this.config.issuer.replace('/realms/', '/admin/realms/');
|
||||
|
||||
console.log(`[keycloak-admin] Searching for group by name: ${name}`);
|
||||
|
||||
const response = await fetch(`${adminBaseUrl}/groups?search=${encodeURIComponent(name)}`, {
|
||||
headers: {
|
||||
'Authorization': `Bearer ${adminToken}`,
|
||||
'User-Agent': 'MonacoUSA-Portal/1.0'
|
||||
}
|
||||
});
|
||||
|
||||
if (!response.ok) {
|
||||
const errorText = await response.text().catch(() => 'Unknown error');
|
||||
throw new Error(`Failed to find group: ${response.status} - ${errorText}`);
|
||||
}
|
||||
|
||||
const groups: KeycloakGroupRepresentation[] = await response.json();
|
||||
console.log(`[keycloak-admin] Found ${groups.length} groups matching search "${name}":`, groups.map(g => ({ id: g.id, name: g.name, path: g.path })));
|
||||
|
||||
// Try exact name match first
|
||||
let group = groups.find(g => g.name === name);
|
||||
|
||||
// If no exact name match, try path match with leading slash
|
||||
if (!group) {
|
||||
group = groups.find(g => g.path === `/${name}`);
|
||||
}
|
||||
|
||||
// If still no match, try path match without leading slash
|
||||
if (!group) {
|
||||
group = groups.find(g => g.path === name);
|
||||
}
|
||||
|
||||
if (!group?.id) {
|
||||
console.error(`[keycloak-admin] No group found matching name "${name}". Available groups:`, groups);
|
||||
throw new Error(`Group not found: ${name}. Available groups: ${groups.map(g => g.name || g.path).join(', ')}`);
|
||||
}
|
||||
|
||||
console.log(`[keycloak-admin] Found group: ${group.name} (path: ${group.path}) with ID: ${group.id}`);
|
||||
return group.id;
|
||||
}
|
||||
|
||||
/**
|
||||
* Assign user to group
|
||||
*/
|
||||
@@ -778,9 +823,9 @@ export class KeycloakAdminClient {
|
||||
const alreadyInNewGroup = primaryGroups.some(g => g.name === newGroupName);
|
||||
if (!alreadyInNewGroup) {
|
||||
console.log(`[keycloak-admin] Adding user to new group: ${newGroupName}`);
|
||||
const newGroupPath = `/${newGroupName}`; // Keycloak groups use path format with leading slash
|
||||
console.log(`[keycloak-admin] Looking up group with path: ${newGroupPath}`);
|
||||
const newGroupId = await this.getGroupByPath(newGroupPath);
|
||||
// Try without leading slash first (groups named directly like "board")
|
||||
console.log(`[keycloak-admin] Looking up group with name: ${newGroupName}`);
|
||||
const newGroupId = await this.getGroupByName(newGroupName);
|
||||
await this.assignUserToGroup(userId, newGroupId);
|
||||
} else {
|
||||
console.log(`[keycloak-admin] User already in target group: ${newGroupName}`);
|
||||
|
||||
Reference in New Issue
Block a user