From 69313ef9c9eee9f65bbae014b5c58a7c149dd713 Mon Sep 17 00:00:00 2001
From: Markus Kreth <markus.kreth@web.de>
Date: Thu, 2 Jun 2022 20:08:08 +0200
Subject: [PATCH] User is updated from AccessToken if Givenname, Familyname or
 Email are changed.

---
 .../kreth/invoice/security/UserManager.java   | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/main/java/de/kreth/invoice/security/UserManager.java b/src/main/java/de/kreth/invoice/security/UserManager.java
index abb8b46..1690082 100644
--- a/src/main/java/de/kreth/invoice/security/UserManager.java
+++ b/src/main/java/de/kreth/invoice/security/UserManager.java
@@ -26,20 +26,44 @@ public class UserManager {
     private AccessToken getAccessToken() {
 	Authentication authentication = getAuthentication();
 	KeycloakPrincipal<?> principal = (KeycloakPrincipal<?>) authentication.getPrincipal();
+
 	KeycloakSecurityContext context = principal.getKeycloakSecurityContext();
 	return context.getToken();
     }
 
     public User getLoggedInUser() {
+
 	AccessToken accessToken = getAccessToken();
 	if (accessToken != null) {
 	    User user = userRepository.findByPrincipalId(accessToken.getSubject());
-
+	    if (hasChanges(user, accessToken)) {
+		save(user);
+	    }
 	    return user;
 	}
 	return null;
     }
 
+    /**
+     * Updated user with values from accessToken and returns true if something
+     * changed.
+     *
+     * @param user
+     * @param accessToken
+     * @return
+     */
+    private boolean hasChanges(User user, AccessToken accessToken) {
+	boolean result = false;
+
+	if (!accessToken.getGivenName().contentEquals(user.getGivenName())
+		|| !accessToken.getFamilyName().contentEquals(user.getFamilyName())
+		|| !accessToken.getEmail().contentEquals(user.getEmail())) {
+	    result = true;
+	    user.setPrincipal(accessToken);
+	}
+	return result;
+    }
+
     public User save(User entity) {
 	return userRepository.save(entity);
     }