Update how we save and log org claims on whoami calls

CDCgov · Oct 31, 2024 · d24b232 · d24b232
1 parent 26b324f
commit d24b232
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 10 deletions.
diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java b/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java
@@ -576,12 +576,21 @@ private ApiUser getCurrentApiUserNoCache() {
     return nonOktaUser.orElseGet(() -> getCurrentApiUserFromIdentity(userIdentity));
   }
 
+  /*
+   `getCurrentUserInfoForWhoAmI()` can be removed and replaced with `getCurrentUserInfo()` as part of #7602 or whenever we stop migrating users over from Okta
+  */
   public UserInfo getCurrentUserInfoForWhoAmI() {
     ApiUser currentUser = getCurrentApiUser();
+
     Optional<OrganizationRoles> currentOrgRoles = _orgService.getCurrentOrganizationRoles();
     boolean isAdmin = _authService.isSiteAdmin();
-    if (!_featureFlagsConfig.isOktaMigrationEnabled() && !isAdmin) {
-      setRolesAndFacilities(currentOrgRoles, currentUser);
+    if (!isAdmin) {
+      if (currentOrgRoles.isPresent()) {
+        PartialOktaUser oktaUser = _oktaRepo.findUser(currentUser.getLoginEmail());
+        return consolidateUser(currentUser, oktaUser);
+      } else {
+        log.info("No org roles for User ID: {}", currentUser.getInternalId());
+      }
     }
     return new UserInfo(currentUser, currentOrgRoles, isAdmin);
   }

diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/service/LoggedInAuthorizationService.java b/backend/src/main/java/gov/cdc/usds/simplereport/service/LoggedInAuthorizationService.java
@@ -56,15 +56,9 @@ public List<OrganizationRoleClaims> findAllOrganizationRoles() {
     List<OrganizationRoleClaims> oktaOrgRoleClaims =
         _extractor.convert(currentAuth.getAuthorities());
 
-    if (!isSiteAdmin()) {
+    if (!isSiteAdmin() && _featureFlagsConfig.isOktaMigrationEnabled()) {
       String username = currentAuth.getName();
-      List<OrganizationRoleClaims> dbOrgRoleClaims =
-          _dbOrgRoleClaimsService.getOrganizationRoleClaims(username);
-      _dbOrgRoleClaimsService.checkOrgRoleClaimsEquality(
-          oktaOrgRoleClaims, dbOrgRoleClaims, username);
-      if (_featureFlagsConfig.isOktaMigrationEnabled()) {
-        return dbOrgRoleClaims;
-      }
+      return _dbOrgRoleClaimsService.getOrganizationRoleClaims(username);
     }
     return oktaOrgRoleClaims;
   }