SSO adaptions (#161)

# SSO adaptions

## ♻️ Current situation & Problem
*Link any open issues or pull requests (PRs) related to this PR. Please
ensure that all non-trivial PRs are first tracked and discussed in an
existing GitHub issue or discussion.*


## ⚙️ Release Notes 
*Add a bullet point list summary of the feature and possible migration
guides if this is a breaking change so this section can be added to the
release notes.*
*Include code snippets that provide examples of the feature implemented
or links to the documentation if it appends or changes the public
interface.*


## 📚 Documentation
*Please ensure that you properly document any additions in conformance
to [Spezi Documentation
Guide](https://github.com/StanfordSpezi/.github/blob/main/DOCUMENTATIONGUIDE.md).*
*You can use this section to describe your solution, but we encourage
contributors to document your reasoning and changes using in-line
documentation.*


## ✅ Testing
*Please ensure that the PR meets the testing requirements set by CodeCov
and that new functionality is appropriately tested.*
*This section describes important information about the tests and why
some elements might not be testable.*


### Code of Conduct & Contributing Guidelines 

By submitting creating this pull request, you agree to follow our [Code
of
Conduct](https://github.com/StanfordBDHG/.github/blob/main/CODE_OF_CONDUCT.md)
and [Contributing
Guidelines](https://github.com/StanfordBDHG/.github/blob/main/CONTRIBUTING.md):
- [ ] I agree to follow the [Code of
Conduct](https://github.com/StanfordBDHG/.github/blob/main/CODE_OF_CONDUCT.md)
and [Contributing
Guidelines](https://github.com/StanfordBDHG/.github/blob/main/CONTRIBUTING.md).

functions/src/functions/blocking.ts

@@ -60,7 +60,7 @@ export const beforeUserCreatedFunction = beforeUserCreated(
         'Organization does not match invitation code.',
       )
 
-    await userService.enrollUser(invitation, userId)
+    await userService.enrollUser(invitation, userId, { isSingleSignOn: true })
     await factory.trigger().userEnrolled(userId)
   },
 )

functions/src/functions/enrollUser.ts

@@ -27,7 +27,7 @@ export const enrollUser = validatedOnCall(
     if (invitation === undefined)
       throw new https.HttpsError('not-found', 'Invitation not found')
 
-    await userService.enrollUser(invitation, userId)
+    await userService.enrollUser(invitation, userId, { isSingleSignOn: false })
 
     logger.debug(
       `setupUser: User '${userId}' successfully enrolled in the study with invitation code: ${invitationCode}`,

functions/src/services/user/databaseUserService.test.ts

@@ -54,7 +54,9 @@ describe('DatabaseUserService', () => {
 
       const invitation = await userService.getInvitationByCode(invitationCode)
       if (!invitation) assert.fail('Invitation not found')
-      await userService.enrollUser(invitation, userId)
+      await userService.enrollUser(invitation, userId, {
+        isSingleSignOn: false,
+      })
 
       const auth = await admin.auth().getUser(userId)
       expect(auth.displayName).to.equal(displayName)
@@ -96,7 +98,9 @@ describe('DatabaseUserService', () => {
 
       const invitation = await userService.getInvitationByCode(invitationCode)
       if (!invitation) assert.fail('Invitation not found')
-      await userService.enrollUser(invitation, userId)
+      await userService.enrollUser(invitation, userId, {
+        isSingleSignOn: false,
+      })
 
       const auth = await admin.auth().getUser(userId)
       expect(auth.displayName).to.equal(displayName)
@@ -141,7 +145,9 @@ describe('DatabaseUserService', () => {
 
       const invitation = await userService.getInvitationByCode(invitationCode)
       if (!invitation) assert.fail('Invitation not found')
-      await userService.enrollUser(invitation, userId)
+      await userService.enrollUser(invitation, userId, {
+        isSingleSignOn: false,
+      })
 
       const auth = await admin.auth().getUser(userId)
       expect(auth.displayName).to.equal(displayName)

functions/src/services/user/databaseUserService.ts

@@ -135,6 +135,7 @@ export class DatabaseUserService implements UserService {
   async enrollUser(
     invitation: Document<Invitation>,
     userId: string,
+    options: { isSingleSignOn: boolean },
   ): Promise<void> {
     logger.info(
       `About to enroll user ${userId} using invitation at '${invitation.id}' with code '${invitation.content.code}'.`,
@@ -150,12 +151,14 @@ export class DatabaseUserService implements UserService {
       )
     }
 
-    await this.auth.updateUser(userId, {
-      displayName: invitation.content.auth?.displayName ?? undefined,
-      email: invitation.content.auth?.email ?? undefined,
-      phoneNumber: invitation.content.auth?.phoneNumber ?? undefined,
-      photoURL: invitation.content.auth?.photoURL ?? undefined,
-    })
+    if (!options.isSingleSignOn) {
+      await this.auth.updateUser(userId, {
+        displayName: invitation.content.auth?.displayName ?? undefined,
+        email: invitation.content.auth?.email ?? undefined,
+        phoneNumber: invitation.content.auth?.phoneNumber ?? undefined,
+        photoURL: invitation.content.auth?.photoURL ?? undefined,
+      })
+    }
 
     logger.info(
       `Updated auth information for user with id '${userId}' using invitation auth content.`,
@@ -214,7 +217,9 @@ export class DatabaseUserService implements UserService {
       )
     })
 
-    await this.updateClaims(userId)
+    if (!options.isSingleSignOn) {
+      await this.updateClaims(userId)
+    }
   }
 
   async deleteInvitation(invitation: Document<Invitation>): Promise<void> {

functions/src/services/user/userService.ts

@@ -32,7 +32,11 @@ export interface UserService {
   getInvitationByCode(
     invitationCode: string,
   ): Promise<Document<Invitation> | undefined>
-  enrollUser(invitation: Document<Invitation>, userId: string): Promise<void>
+  enrollUser(
+    invitation: Document<Invitation>,
+    userId: string,
+    options: { isSingleSignOn: boolean },
+  ): Promise<void>
   deleteInvitation(invitation: Document<Invitation>): Promise<void>
 
   // Organizations