feat: Enable UGA SSO with Microsoft Entra

2026-01-13 13:47:33 -05:00
parent 0b2c698ea5
commit f625a3e9e1
6 changed files with 295 additions and 3 deletions
--- a/management-dashboard-web-app/src/App.tsx
+++ b/management-dashboard-web-app/src/App.tsx
@@ -1,5 +1,5 @@
 import { useState, useEffect } from 'react'
-import { supabase } from './lib/supabase'
+import { supabase, userManagement } from './lib/supabase'
 import { Login } from './components/Login'
 import { Dashboard } from './components/Dashboard'
 import { CameraRoute } from './components/CameraRoute'
@@ -19,6 +19,13 @@ function App() {
      setIsAuthenticated(!!session)
      setLoading(false)

+      // Sync OAuth user on successful sign in (creates user profile if needed)
+      if ((event === 'SIGNED_IN' || event === 'INITIAL_SESSION') && session) {
+        userManagement.syncOAuthUser().catch((err) => {
+          console.error('Failed to sync OAuth user:', err)
+        })
+      }
+
      // Handle signout route
      if (event === 'SIGNED_OUT') {
        setCurrentRoute('/')
--- a/management-dashboard-web-app/src/lib/supabase.ts
+++ b/management-dashboard-web-app/src/lib/supabase.ts
@@ -557,6 +557,60 @@ export const userManagement = {

    if (error) throw error
    return data
+  },
+
+  // Sync OAuth user - ensures user profile exists for OAuth-authenticated users
+  async syncOAuthUser(): Promise<void> {
+    try {
+      const { data: { user: authUser }, error: authError } = await supabase.auth.getUser()
+      
+      if (authError || !authUser) {
+        console.warn('No authenticated user found for OAuth sync')
+        return
+      }
+
+      // Check if user profile already exists
+      const { data: existingProfile, error: checkError } = await supabase
+        .from('user_profiles')
+        .select('id')
+        .eq('id', authUser.id)
+        .single()
+
+      // If profile already exists, no need to create it
+      if (existingProfile && !checkError) {
+        console.log('User profile already exists for user:', authUser.id)
+        return
+      }
+
+      // If error is not "no rows returned", it's a real error
+      if (checkError && checkError.code !== 'PGRST116') {
+        console.error('Error checking for existing profile:', checkError)
+        return
+      }
+
+      // Create user profile for new OAuth user
+      const { error: insertError } = await supabase
+        .from('user_profiles')
+        .insert({
+          id: authUser.id,
+          email: authUser.email || '',
+          status: 'active'
+        })
+
+      if (insertError) {
+        // Ignore "duplicate key value" errors in case of race condition
+        if (insertError.code === '23505') {
+          console.log('User profile was already created (race condition handled)')
+          return
+        }
+        console.error('Error creating user profile for OAuth user:', insertError)
+        return
+      }
+
+      console.log('Successfully created user profile for OAuth user:', authUser.id)
+    } catch (error) {
+      console.error('Unexpected error in syncOAuthUser:', error)
+    }
  }
 }