Merged in feat/LOY-230-Microsoft-Entra-ID-Auth (pull request #2113)

Feat(LOY-230): DTMC Routes with Entra ID Auth & Error Page Handling * feat(LOY-230): Link Scandic Friends and Azure accounts * fix(LOY-230): remove employee id param setting * fix(LOY-230): return token in jwt callback for auth.dtmc.ts Approved-by: Michael Zetterberg Approved-by: Christian Andolf
2025-06-18 10:22:04 +00:00
parent 9df19fda7c
commit 2101b79db1
23 changed files with 568 additions and 165 deletions
--- a/apps/scandic-web/app/api/web/auth/[...nextauth]/route.ts
+++ b/apps/scandic-web/app/api/web/auth/[...nextauth]/route.ts
@@ -1 +1,20 @@
-export { GET, POST } from "@/auth"
+import { GET as DEFAULT_GET, POST as DEFAULT_POST } from "@/auth"
+import { GET as DTMC_GET, POST as DTMC_POST } from "@/auth.dtmc"
+
+import type { NextRequest } from "next/server"
+
+export function GET(req: NextRequest) {
+  if (req.nextUrl.pathname.includes("microsoft-entra-id")) {
+    return DTMC_GET(req)
+  }
+
+  return DEFAULT_GET(req)
+}
+
+export function POST(req: NextRequest) {
+  if (req.nextUrl.pathname.includes("microsoft-entra-id")) {
+    return DTMC_POST(req)
+  }
+
+  return DEFAULT_POST(req)
+}
--- a/apps/scandic-web/app/api/web/auth/dtmc/route.ts
+++ b/apps/scandic-web/app/api/web/auth/dtmc/route.ts
@@ -0,0 +1,106 @@
+import { type NextRequest, NextResponse } from "next/server"
+
+import { DTMC_SUCCESS_BANNER_KEY } from "@/constants/dtmc"
+import { linkEmploymentError } from "@/constants/routes/dtmc"
+import { overview } from "@/constants/routes/myPages"
+import { internalServerError } from "@/server/errors/next"
+import { getPublicURL } from "@/server/utils"
+
+import { auth } from "@/auth"
+import { auth as dtmcAuth } from "@/auth.dtmc"
+import { getLang } from "@/i18n/serverContext"
+import { isValidSession } from "@/utils/session"
+
+async function linkEmployeeToUser(employeeId: string) {
+  try {
+    console.log(`[dtmc] Linking employee ID ${employeeId}`)
+    // TODO: Use the actual API once available. For now, return a mock success response.
+    return { success: true }
+  } catch (error) {
+    console.error("[dtmc] Error linking employee to user:", error)
+    throw error
+  }
+}
+
+/**
+ * This is the route that the NextAuth callback for Microsoft Entra ID provider
+ * will redirect too once it has created the session. Since it is its own cookie,
+ * here we can check both sessions, the Scandic Friends one and the Azure one.
+ */
+export async function GET(request: NextRequest) {
+  try {
+    const lang = await getLang()
+    const dtmcSession = await dtmcAuth()
+    const session = await auth()
+    const baseUrl = getPublicURL(request)
+    console.log("[dtmc] DTMC Callback handler - using baseUrl:", baseUrl)
+
+    if (!isValidSession(session)) {
+      console.error(
+        "[dtmc] DTMC Callback handler - No valid user session found"
+      )
+      const errorUrl = new URL(linkEmploymentError[lang], baseUrl)
+      errorUrl.searchParams.set("error", "no_session")
+      return NextResponse.redirect(errorUrl)
+    }
+
+    if (!isValidSession(dtmcSession)) {
+      console.error(
+        "[dtmc] DTMC Callback handler - No valid entra id session found"
+      )
+      const errorUrl = new URL(linkEmploymentError[lang], baseUrl)
+      errorUrl.searchParams.set("error", "no_entra_id_session")
+      return NextResponse.redirect(errorUrl)
+    }
+
+    const employeeId = dtmcSession.employeeId
+
+    console.log(
+      "[dtmc] DTMC Callback handler - Extracted employeeId:",
+      employeeId
+    )
+
+    if (!employeeId) {
+      console.error("[dtmc] DTMC Callback handler - No employeeId in session")
+      const errorUrl = new URL(linkEmploymentError[lang], baseUrl)
+      errorUrl.searchParams.set("error", "missing_employee_id")
+      return NextResponse.redirect(errorUrl)
+    }
+
+    console.log(
+      "[dtmc] DTMC Callback handler - Calling linkEmployeeToUser with ID:",
+      employeeId
+    )
+    const result = await linkEmployeeToUser(employeeId)
+    console.log(
+      "[dtmc] DTMC Callback handler - linkEmployeeToUser result:",
+      result
+    )
+
+    if (!result.success) {
+      console.error(
+        "[dtmc] DTMC Callback handler - Failed to verify employment"
+      )
+      const errorUrl = new URL(linkEmploymentError[lang], baseUrl)
+      errorUrl.searchParams.set("error", "unable_to_verify_employee_id")
+      return NextResponse.redirect(errorUrl)
+    }
+
+    console.log(
+      "[dtmc] DTMC Callback handler - Success! Employee linked with ID:",
+      employeeId
+    )
+
+    console.log("[dtmc] overview[lang]:", overview[lang])
+    const successUrl = new URL(overview[lang], baseUrl)
+    successUrl.searchParams.set(DTMC_SUCCESS_BANNER_KEY, "true")
+    console.log(
+      "[dtmc] DTMC Callback handler - Redirecting to success URL:",
+      successUrl.toString()
+    )
+    return NextResponse.redirect(successUrl)
+  } catch (error) {
+    console.error("[dtmc] DTMC Callback handler - Error in handler:", error)
+    return internalServerError()
+  }
+}