Create wrapper method to assign keycloak user role

We only have the one keycloak user role, so extracted into it's own method and constant, so we have less magic strings.
IABTechLab · Sep 2, 2024 · 5b776c4 · 5b776c4
1 parent f479ea9
commit 5b776c4
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 11 deletions.
diff --git a/src/api/configureApi.ts b/src/api/configureApi.ts
@@ -36,6 +36,7 @@ import makeMetricsApiMiddleware from './middleware/metrics';
 import { createParticipantsRouter } from './routers/participants/participantsRouter';
 import { createSitesRouter } from './routers/sitesRouter';
 import { createUsersRouter } from './routers/usersRouter';
+import { API_PARTICIPANT_MEMBER } from './services/kcUsersService';
 import { LoggerService } from './services/loggerService';
 import { UserService } from './services/userService';
 
@@ -134,7 +135,7 @@ export function configureAndStartApi(useMetrics: boolean = true, portNumber: num
  bypassHandlerForPaths(
  claimCheck((claim: Claim) => {
  const roles = claim.resource_access?.self_serve_portal_apis?.roles || [];
- return roles.includes('api-participant-member');
+ return roles.includes(API_PARTICIPANT_MEMBER);
  }),
  ...BYPASS_CLAIM_PATHS,
  ...BYPASS_AUTH_PATHS

diff --git a/src/api/controllers/userController.ts b/src/api/controllers/userController.ts
@@ -8,17 +8,16 @@ import {
  httpPost,
  httpPut,
  request,
- response,
+ response
 } from 'inversify-express-utils';
 
 import { TYPES } from '../constant/types';
 import { ParticipantStatus } from '../entities/Participant';
 import { getTraceId } from '../helpers/loggingHelpers';
 import { getKcAdminClient } from '../keycloakAdminClient';
 import {
- assignClientRoleToUser,
- queryUsersByEmail,
- sendInviteEmailToNewUser,
+ assignApiParticipantMemberRole, queryUsersByEmail,
+ sendInviteEmailToNewUser
 } from '../services/kcUsersService';
 import { LoggerService } from '../services/loggerService';
 import { SelfResendInvitationParser, UserService } from '../services/userService';
@@ -66,7 +65,7 @@ export class UserController {
  const kcAdminClient = await getKcAdminClient();
  const promises = [
  req.user!.$query().patch({ acceptedTerms: true }),
- assignClientRoleToUser(kcAdminClient, req.user?.email!, 'api-participant-member'),
+ assignApiParticipantMemberRole(kcAdminClient, req.user?.email!),
  ];
  await Promise.all(promises);
  res.sendStatus(200);

diff --git a/src/api/routers/participants/participantsCreation.ts b/src/api/routers/participants/participantsCreation.ts
@@ -23,7 +23,7 @@ import {
  performAsyncOperationWithAuditTrail,
 } from '../../services/auditTrailService';
 import {
- assignClientRoleToUser,
+ assignApiParticipantMemberRole,
  createNewUser,
  sendInviteEmailToNewUser,
 } from '../../services/kcUsersService';
@@ -163,7 +163,7 @@ async function createParticipant(
  );
 
  // assign proper api access
- assignClientRoleToUser(kcAdminClient, user.email, 'api-participant-member');
+ await assignApiParticipantMemberRole(kcAdminClient, user.email);
 
  // send email
  await sendInviteEmailToNewUser(kcAdminClient, newKcUser);

diff --git a/src/api/routers/participants/participantsRouter.ts b/src/api/routers/participants/participantsRouter.ts
@@ -42,7 +42,9 @@ import {
  constructAuditTrailObject,
  performAsyncOperationWithAuditTrail
 } from '../../services/auditTrailService';
-import { assignClientRoleToUser } from '../../services/kcUsersService';
+import {
+ assignApiParticipantMemberRole
+} from '../../services/kcUsersService';
 import {
  addSharingParticipants,
  deleteSharingParticipants,
@@ -167,7 +169,7 @@ export function createParticipantsRouter() {
  await setSiteClientTypes(data);
  await Promise.all(
  usersFromParticipant.map((currentUser) =>
- assignClientRoleToUser(kcAdminClient, currentUser.email, 'api-participant-member')
+ assignApiParticipantMemberRole(kcAdminClient, currentUser.email)
  )
  );
 

diff --git a/src/api/services/kcUsersService.ts b/src/api/services/kcUsersService.ts
@@ -11,6 +11,14 @@ export const queryUsersByEmail = async (kcAdminClient: KeycloakAdminClient, emai
  });
 };
 
+export const doesUserExistInKeycloak = async (
+ kcAdminClient: KeycloakAdminClient,
+ email: string
+) => {
+ const existingKcUser = await queryUsersByEmail(kcAdminClient, email);
+ return existingKcUser.length > 0;
+};
+
 export const createNewUser = async (
  kcAdminClient: KeycloakAdminClient,
  firstName: string,
@@ -76,7 +84,7 @@ export const deleteUserByEmail = async (kcAdminClient: KeycloakAdminClient, user
  });
 };
 
-export const assignClientRoleToUser = async (
+const assignClientRoleToUser = async (
  kcAdminClient: KeycloakAdminClient,
  userEmail: string,
  roleName: string
@@ -101,3 +109,12 @@ export const assignClientRoleToUser = async (
  ],
  });
 };
+
+export const API_PARTICIPANT_MEMBER = 'api-participant-member';
+
+export const assignApiParticipantMemberRole = async (
+ kcAdminClient: KeycloakAdminClient,
+ userEmail: string
+) => {
+ await assignClientRoleToUser(kcAdminClient, userEmail, API_PARTICIPANT_MEMBER);
+};