Admin settings fixed

backend/src/features/admin/api/admin.controller.ts

@@ -35,11 +35,15 @@ export class AdminController {
       const userId = request.userContext?.userId;
       const userEmail = this.resolveUserEmail(request);
 
+      console.log('[DEBUG] Admin verify - userId:', userId);
+      console.log('[DEBUG] Admin verify - userEmail:', userEmail);
+
       if (userEmail && request.userContext) {
         request.userContext.email = userEmail.toLowerCase();
       }
 
       if (!userId && !userEmail) {
+        console.log('[DEBUG] Admin verify - No userId or userEmail, returning 401');
         return reply.code(401).send({
           error: 'Unauthorized',
           message: 'User context missing'
@@ -50,15 +54,26 @@ export class AdminController {
         ? await this.adminService.getAdminByAuth0Sub(userId)
         : null;
 
+      console.log('[DEBUG] Admin verify - adminRecord by auth0Sub:', adminRecord ? 'FOUND' : 'NOT FOUND');
+
       // Fallback: attempt to resolve admin by email for legacy records
       if (!adminRecord && userEmail) {
         const emailMatch = await this.adminService.getAdminByEmail(userEmail.toLowerCase());
 
+        console.log('[DEBUG] Admin verify - emailMatch:', emailMatch ? 'FOUND' : 'NOT FOUND');
+        if (emailMatch) {
+          console.log('[DEBUG] Admin verify - emailMatch.auth0Sub:', emailMatch.auth0Sub);
+          console.log('[DEBUG] Admin verify - emailMatch.revokedAt:', emailMatch.revokedAt);
+        }
+
         if (emailMatch && !emailMatch.revokedAt) {
           // If the stored auth0Sub differs, link it to the authenticated user
           if (userId && emailMatch.auth0Sub !== userId) {
+            console.log('[DEBUG] Admin verify - Calling linkAdminAuth0Sub to update auth0Sub');
             adminRecord = await this.adminService.linkAdminAuth0Sub(userEmail, userId);
+            console.log('[DEBUG] Admin verify - adminRecord after link:', adminRecord ? 'SUCCESS' : 'FAILED');
           } else {
+            console.log('[DEBUG] Admin verify - Using emailMatch as adminRecord');
             adminRecord = emailMatch;
           }
         }
@@ -70,6 +85,7 @@ export class AdminController {
           request.userContext.adminRecord = adminRecord;
         }
 
+        console.log('[DEBUG] Admin verify - Returning isAdmin: true');
         // User is an active admin
         return reply.code(200).send({
           isAdmin: true,
@@ -86,12 +102,14 @@ export class AdminController {
         request.userContext.adminRecord = undefined;
       }
 
+      console.log('[DEBUG] Admin verify - Returning isAdmin: false');
       // User is not an admin
       return reply.code(200).send({
         isAdmin: false,
         adminRecord: null
       });
     } catch (error) {
+      console.log('[DEBUG] Admin verify - Error caught:', error instanceof Error ? error.message : 'Unknown error');
       logger.error('Error verifying admin access', {
         error: error instanceof Error ? error.message : 'Unknown error',
         userId: request.userContext?.userId?.substring(0, 8) + '...'
@@ -381,6 +399,9 @@ export class AdminController {
   }
 
   private resolveUserEmail(request: FastifyRequest): string | undefined {
+    console.log('[DEBUG] resolveUserEmail - request.userContext:', JSON.stringify(request.userContext, null, 2));
+    console.log('[DEBUG] resolveUserEmail - request.user:', JSON.stringify((request as any).user, null, 2));
+
     const candidates: Array<string | undefined> = [
       request.userContext?.email,
       (request as any).user?.email,
@@ -389,11 +410,15 @@ export class AdminController {
       (request as any).user?.preferred_username,
     ];
 
+    console.log('[DEBUG] resolveUserEmail - candidates:', candidates);
+
     for (const value of candidates) {
       if (typeof value === 'string' && value.includes('@')) {
+        console.log('[DEBUG] resolveUserEmail - found email:', value);
         return value.trim();
       }
     }
+    console.log('[DEBUG] resolveUserEmail - no email found');
     return undefined;
   }
 }