F24/sayi/invite-user-endpoint

[sthuray]

Notion ticket link

Invite User Endpoint + Email Link

Implementation description

• Implemented generateSIgnInLink in authService
• Implemented sendInviteEmail in authService (uses generateSignInLink)
• Implemented /auth/invite-user endpoint in authRoutes.ts (sends invite email to newly created user with INVITED status)
• Installed firebase app in frontend and initialized it in firebase.js (using new frontend/.env secrets)
• Login process: checkIfSignInLink (Login.tsx) -> loginWithSignInLink (AuthAPIClient.ts) -> /auth/loginWithSignInLink (authRoutes.ts)
  • (Login.tsx) checkIfSignInLink calls authAPIClient.loginWithSignInLink if a user is not already logged in and firebase has confirmed that the url is a sign in link.
  • (AuthAPIClient.ts) loginWithSignInLink makes the call to the firebase app to signInWithEmailLink and then posts accessToken and refreshToken to /auth/loginWithSignInLink (note that this is how the regular login process works)
  • (AuthRoutes.ts) /auth/loginWithSignInLink sets refreshToken as cookie and returns data in the expected structure for login
  • (AuthAPIClient.ts) if the post to /auth/loginWithSignInLink is successful, stores data in localStorage as a json object and returns the data.
  • (Login.tsx) if the previous steps are successful, the authenticated_user is set successfully (login is completed)

Steps to test

0. Might have to Install yarn in your frontend directory manually with "yarn add firebase" (https://classic.yarnpkg.com/en/package/firebase) if docker-compose up --build isn't working
1. Create user by posting to /user/ endpoint

2. Test /auth/invite-user errors
   a. with an email not in firebase

b. with an email that doesn't have UserStatus.INVITED

3. Send invite email to newly created user with /auth/invite-user (successful)

4. Test login process by logging into an alternate account and then clicking sign-in link
   (Login with sign-in process isn't executed and original user stays logged in. Note that the sign-in link isn't invalidated, it will work if you log out and then click it).
   (Tested but no image, check that original user's authenticated_user remains in local storage).

5. After logging out, click the sign-in link (successful)

6. After successfully signing in with sign-in link, logout and click again (test error)

7. Send a new invite link to the user with INVITED status but wait for 6 hours before clicking it. Link should have expired (not tested, but it should have same output as 6).

What should reviewers focus on?

• Is the login process implemented well (are there places where it passes too much/too little information, or are the functions too tightly coupled).
• Note: User is not updated to ACTIVE status yet (should it be part of this process)
• Side note for future: in step 2a, it returns a 500 error code when it should return a 404 NotFound, so the getUserByEmail function in userService isn't functioning as expected

Checklist

• My PR name is descriptive and in imperative tense
• My commit messages are descriptive and in imperative tense. My commits are atomic and trivial commits are squashed or fixup'd into non-trivial commits
• I have run the appropriate linter(s)
• I have requested a review from the PL, as well as other devs who have background knowledge on this PR or who will be building on top of this PR

[trinity-y]

Note: User is not updated to ACTIVE status yet (should it be part of this process)

this part looks good, the user is updated to active once they have successfully reset the password (because in case they follow the link and then don't reset the password, they wouldn't be able to get another email)

[jerry-cheng5]

Really great work! This ticket wasn't easy, but you managed to figure it out.

Just a few minor fixes, and we should be able to merge before end of term!

[jerry-cheng5]

changes look good to me