fix updates because of change to Keycloak 25

guFalcon · guFalcon · commit 237a7ed4c478 · 2024-07-15T15:51:24.000+02:00
diff --git a/README.md b/README.md
@@ -323,12 +323,16 @@ Then you can run the REST-examples in the `http` directory.
 ## Keycloak Setup
 In order for this setup to work correctly, you'll have to have a Keycloak-client (private with secret) and standard-authorization-flow enabled (should be enabled anyway).
 You need the following user-attributes of type `string` with mapper to the token.
-
-| ATTRIBUTE-NAME                                                                                                     | TYPE   | DESCRIPTION                                                                                           |
-| ------------------------------------------------------------------------------------------------------------------ | ------ | ----------------------------------------------------------------------------------------------------- |
-| Client -> Client Scopes -> ...-dedicated -> Add Mapper (User Attribute)<br>`config`                                | string | Holds several preference-values like dark-mode or not or the preferred font, fontsize or line-height. |
-| Client -> Client Scopes -> ...-dedicated -> Add Mapper (User Attribute)<br>`lastVisitedUrl`                        | string | Holds the last-visited page of the current user.                                                      |
-| Client -> Client Scopes -> ...-dedicated -> Add Mapper (User Attribute)<br>map the field `LDAP_ENTRY_DN` to `ldap` | string | Holds the users LDAP information (class, teacher, etc.).                                              |
+You also need to add the user-attributes to the user-profile first (`Realm settings` -> `User profile (Attribute group = none, not user-metadata)`) in order to allow for the addition of data to your users. Be sure to set those to `allow edit and view for User and Admin` so that the application is able to change the values.
+The application uses the following endpoints of the Keycloak-API to do that:
+- `GET {{keycloakUrl}}/realms/{{realm}}/account`
+- `POST {{keycloakUrl}}/realms/{{realm}}/account`
+The user-metadata field `LDAP_ENTRY_DN` will be automatically present because of the LDAP mapper in your Keycloak instance. It will be readable from the `access-token`. So there are no additional setup-steps requried.
+
+| ATTRIBUTE-NAME                                                                              | TYPE   | DESCRIPTION                                                                                           |
+| ------------------------------------------------------------------------------------------- | ------ | ----------------------------------------------------------------------------------------------------- |
+| Client -> Client Scopes -> ...-dedicated -> Add Mapper (User Attribute)<br>`config`         | string | Holds several preference-values like dark-mode or not or the preferred font, fontsize or line-height. |
+| Client -> Client Scopes -> ...-dedicated -> Add Mapper (User Attribute)<br>`lastVisitedUrl` | string | Holds the last-visited page of the current user.                                                      |
 ## MD-File Conversion
 This is done using [marked](https://www.npmjs.com/package/marked) which is installed on the web-server (via `package.json`).
 With the help of this you can link to any MD-file and show it in the context of your site.
diff --git a/middlewares/keycloak-middleware.js b/middlewares/keycloak-middleware.js
@@ -156,6 +156,7 @@ export function getLdapGroups(req) {
     return r;
   }
   const ldap = req.user.ldap;
+  // console.log("LDAP-String", ldap)
   
   // Regular expression to match "OU=..."
   const regex = /OU=[^,]*/gi;
@@ -170,7 +171,7 @@ export function getLdapGroups(req) {
       r[value] = true;
     });
   }
-  
+  // console.log("LDAP-Groups", r);
   return r;
 }
 
@@ -194,13 +195,14 @@ export async function getUserAttributes(req, getAll = false) {
       return response.json();
     })
     .then((data) => {
-      for(let key in data) {
-        data[key] = data[key][0];
+      // console.log("data of user attributes", data);
+      for(let key in data.attributes) {
+        data.attributes[key] = data.attributes[key][0];
       }
       if(getAll) {
-      // Remove fields from the object that are not needed.
-      let { userProfileMetadata, id, username, emailVerified, ...d} = data;
-      return d;
+        // Remove fields from the object that are not needed.
+        let { userProfileMetadata, id, username, emailVerified, ...d} = data;
+        return d;
       }
       return data;
     })
@@ -222,12 +224,12 @@ export async function setUserAttribute(req, attributeName, attributeValue) {
 
   // Fetch current user attributes
   const currentAttributes = await getUserAttributes(req, true);
+  // console.log("current attributes", currentAttributes);
 
-  // Merge current and new attributes at the root level
-  let mergedAttributes = { ...currentAttributes, [attributeName]: attributeValue };
-  mergedAttributes = {
-    attributes: mergedAttributes
-  }
+  // Merge current and new attributes
+  const mas = { ...currentAttributes.attributes, [attributeName]: attributeValue };
+  const mergedAttributes = { ...currentAttributes, attributes: mas };  
+  // console.log("merged attributes before saving", mergedAttributes);
 
   const result = fetch(url, {
     method: "POST",
diff --git a/utils.js b/utils.js
@@ -96,13 +96,17 @@ async function hasRoles(req, clientRoles, all, override) {
     let clientAccess = null;
     const attributes = await getUserAttributes(req);
     const ccr = await getClientRoles(req, clientRoles);
+    // console.log("Client roles", ccr);
+    // console.log("Request user rolesCalculated", req.user.rolesCalculated);
     if (
       req.user.rolesCalculated !== undefined &&
       req.user.rolesCalculated !== null
     ) {
-      if (attributes && attributes.config) {
-        const a = JSON.parse(attributes.config);
+      // console.log("attributes", attributes);
+      if (attributes && attributes.attributes && attributes.attributes.config) {
+        const a = JSON.parse(attributes.attributes.config);
         const r = JSON.parse(req.user.rolesCalculated);
+        // console.log("Roles Calculated", r);
         const cr = await getClientRoles(req, clientRoles);
         if (cr) {
           for (const role of cr) {
