From 84537c52f9ff5e4fbf893e4adc0c918735788c7c Mon Sep 17 00:00:00 2001
From: iglocska <andras.iklody@gmail.com>
Date: Tue, 25 Oct 2022 10:57:18 +0200
Subject: [PATCH] new: [user enrollment] send keycloak welcome email to users
 when enrolled

---
 src/Model/Behavior/AuthKeycloakBehavior.php | 22 ++++++++++++++++++---
 src/Model/Table/UsersTable.php              |  2 +-
 2 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/Model/Behavior/AuthKeycloakBehavior.php b/src/Model/Behavior/AuthKeycloakBehavior.php
index 4d17b61..0519656 100644
--- a/src/Model/Behavior/AuthKeycloakBehavior.php
+++ b/src/Model/Behavior/AuthKeycloakBehavior.php
@@ -115,7 +115,8 @@ class AuthKeycloakBehavior extends Behavior
         foreach ($roles as $role) {
             $rolesParsed[$role['name']] = $role['id'];
         }
-        if (!$this->createUser($user, $clientId, $rolesParsed)) {
+        $newUserId = $this->createUser($user, $clientId, $rolesParsed);
+        if (!$newUserId) {
             $logChange = [
                 'username' => $user['username'],
                 'individual_id' => $user['individual']['id'],
@@ -141,6 +142,21 @@ class AuthKeycloakBehavior extends Behavior
                 'model_title' => __('Successful Keycloak enrollment for user {0}', $user['username']),
                 'changed' => $logChange
             ]);
+            $response = $this->restApiRequest(
+                '%s/admin/realms/%s/users/' . urlencode($newUserId) . '/execute-actions-email',
+                ['UPDATE_PASSWORD'],
+                'put'
+            );
+            if (!$response->isOk()) {
+                $responseBody = json_decode($response->getStringBody(), true);
+                $this->_table->auditLogs()->insert([
+                    'request_action' => 'keycloakWelcomeEmail',
+                    'model' => 'User',
+                    'model_id' => 0,
+                    'model_title' => __('Failed to send welcome mail to user ({0}) in keycloak', $user['username']),
+                    'changed' => ['error' => empty($responseBody['errorMessage']) ? 'Unknown error.' : $responseBody['errorMessage']]
+                ]);
+            }
         }
         return true;
     }
@@ -373,7 +389,7 @@ class AuthKeycloakBehavior extends Behavior
         return false;
     }
 
-    private function createUser(array $user, string $clientId, array $rolesParsed): bool
+    private function createUser(array $user, string $clientId, array $rolesParsed): string|bool
     {
         $newUser = [
             'username' => $user['username'],
@@ -409,7 +425,7 @@ class AuthKeycloakBehavior extends Behavior
         }
         $user['id'] = $users[0]['id'];
         $this->assignRolesToUser($user, $rolesParsed, $clientId);
-        return true;
+        return $user['id'];
     }
 
     private function assignRolesToUser(array $user, array $rolesParsed, string $clientId): bool
diff --git a/src/Model/Table/UsersTable.php b/src/Model/Table/UsersTable.php
index 789c9aa..254a743 100644
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@@ -221,7 +221,7 @@ class UsersTable extends AppTable
     {
         if (!empty(Configure::read('keycloak'))) {
             $success = $this->handleUserUpdate($user);
-            return $success;
+            //return $success !== false;
         }
         return true;
     }