look users up by service and username instead of service_id since usernames have to be unique anyway w/ burnettk

2023-02-24 10:41:57 -05:00 · 2023-02-24 10:41:57 -05:00 · 2677736c20
parent 22d1f8bbb0
commit 2677736c20
2 changed files with 13 additions and 7 deletions
--- a/keycloak/bin/add_test_users_to_keycloak
+++ b/keycloak/bin/add_test_users_to_keycloak
@ -23,10 +23,14 @@ fi
 if [[ -z "${KEYCLOAK_BASE_URL:-}" ]]; then
  KEYCLOAK_BASE_URL=http://localhost:7002
 fi
+if [[ -z "${ADMIN_USERNAME:-}" ]]; then
+  ADMIN_USERNAME="admin"
+fi
+if [[ -z "${ADMIN_PASSWORD:-}" ]]; then
+  ADMIN_PASSWORD="admin"
+fi

 REALM_NAME="$keycloak_realm"
-ADMIN_USERNAME="admin"
-ADMIN_PASSWORD="admin"
 SECURE=false

 KEYCLOAK_URL=$KEYCLOAK_BASE_URL/realms/$REALM_NAME/protocol/openid-connect/token
--- a/src/spiffworkflow_backend/services/authorization_service.py
+++ b/src/spiffworkflow_backend/services/authorization_service.py
@ -482,11 +482,6 @@ class AuthorizationService:
        """Profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at. """
        """Email."""
        is_new_user = False
-        user_model = (
-            UserModel.query.filter(UserModel.service == user_info["iss"])
-            .filter(UserModel.service_id == user_info["sub"])
-            .first()
-        )
        user_attributes = {}

        if "email" in user_info:
@ -515,6 +510,13 @@ class AuthorizationService:
                    tenant_specific_field
                ]

+        # example value for service: http://localhost:7002/realms/spiffworkflow (keycloak url)
+        user_model = (
+            UserModel.query.filter(UserModel.service == user_attributes["service"])
+            .filter(UserModel.username == user_attributes["username"])
+            .first()
+        )
+
        if user_model is None:
            current_app.logger.debug("create_user in login_return")
            is_new_user = True