From 40dbba88e50d7272a2a289192b680986e28d0551 Mon Sep 17 00:00:00 2001
From: jasquat <jasquat@users.noreply.github.com>
Date: Fri, 24 Feb 2023 10:41:57 -0500
Subject: [PATCH] look users up by service and username instead of service_id
 since usernames have to be unique anyway w/ burnettk

---
 .../keycloak/bin/add_test_users_to_keycloak          |  8 ++++++--
 .../services/authorization_service.py                | 12 +++++++-----
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/spiffworkflow-backend/keycloak/bin/add_test_users_to_keycloak b/spiffworkflow-backend/keycloak/bin/add_test_users_to_keycloak
index 905823c3..08dd5177 100755
--- a/spiffworkflow-backend/keycloak/bin/add_test_users_to_keycloak
+++ b/spiffworkflow-backend/keycloak/bin/add_test_users_to_keycloak
@@ -23,10 +23,14 @@ fi
 if [[ -z "${KEYCLOAK_BASE_URL:-}" ]]; then
   KEYCLOAK_BASE_URL=http://localhost:7002
 fi
+if [[ -z "${ADMIN_USERNAME:-}" ]]; then
+  ADMIN_USERNAME="admin"
+fi
+if [[ -z "${ADMIN_PASSWORD:-}" ]]; then
+  ADMIN_PASSWORD="admin"
+fi
 
 REALM_NAME="$keycloak_realm"
-ADMIN_USERNAME="admin"
-ADMIN_PASSWORD="admin"
 SECURE=false
 
 KEYCLOAK_URL=$KEYCLOAK_BASE_URL/realms/$REALM_NAME/protocol/openid-connect/token
diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
index 9d2f80cb..1e7c3ee9 100644
--- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
+++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
@@ -482,11 +482,6 @@ class AuthorizationService:
         """Profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at. """
         """Email."""
         is_new_user = False
-        user_model = (
-            UserModel.query.filter(UserModel.service == user_info["iss"])
-            .filter(UserModel.service_id == user_info["sub"])
-            .first()
-        )
         user_attributes = {}
 
         if "email" in user_info:
@@ -515,6 +510,13 @@ class AuthorizationService:
                     tenant_specific_field
                 ]
 
+        # example value for service: http://localhost:7002/realms/spiffworkflow (keycloak url)
+        user_model = (
+            UserModel.query.filter(UserModel.service == user_attributes["service"])
+            .filter(UserModel.username == user_attributes["username"])
+            .first()
+        )
+
         if user_model is None:
             current_app.logger.debug("create_user in login_return")
             is_new_user = True