Update invitation logic (#109)

# Update invitation logic ## ♻️ Current situation & Problem After some discussions and troubleshooting with Firebase support, we are ready to update our invitation logic to make sure patient data is securely stored. ## ⚙️ Release Notes *Add a bullet point list summary of the feature and possible migration guides if this is a breaking change so this section can be added to the release notes.* *Include code snippets that provide examples of the feature implemented or links to the documentation if it appends or changes the public interface.* ## 📚 Documentation *Please ensure that you properly document any additions in conformance to [Spezi Documentation Guide](https://github.com/StanfordSpezi/.github/blob/main/DOCUMENTATIONGUIDE.md).* *You can use this section to describe your solution, but we encourage contributors to document your reasoning and changes using in-line documentation.* ## ✅ Testing *Please ensure that the PR meets the testing requirements set by CodeCov and that new functionality is appropriately tested.* *This section describes important information about the tests and why some elements might not be testable.* ### Code of Conduct & Contributing Guidelines By submitting creating this pull request, you agree to follow our [Code of Conduct](https://github.com/StanfordBDHG/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordBDHG/.github/blob/main/CONTRIBUTING.md): - [x] I agree to follow the [Code of Conduct](https://github.com/StanfordBDHG/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordBDHG/.github/blob/main/CONTRIBUTING.md).
StanfordBDHG · Sep 16, 2024 · cc09c8d · cc09c8d
1 parent aac3939
commit cc09c8d
Show file tree

Hide file tree

Showing 21 changed files with 291 additions and 378 deletions.
diff --git a/firebasestorage.rules b/firebasestorage.rules
@@ -2,7 +2,7 @@ rules_version = '2';
 service firebase.storage {
   match /b/{bucket}/o {
     match /users/{userId}/consent/{fileName} {
-      allow read, write: if request.auth != null && request.auth.uid == userId
+      allow read, write: if request.auth != null && request.auth.uid == userId && ('type' in request.auth.token);
     }
   }
 }
diff --git a/firestore.rules b/firestore.rules
@@ -2,7 +2,7 @@ rules_version = '2';
 service cloud.firestore {
   match /databases/{databaseId}/documents {
     function isAuthenticated() {
-      return request.auth != null;
+      return request.auth != null && ('type' in request.auth.token);
     }
 
     function isAdmin() {
@@ -115,7 +115,7 @@ service cloud.firestore {
       }
 
       allow read: if isAdmin()
-        || isUser(userId)
+        || (request.auth != null && request.auth.uid == userId)
         || isOwnerOrClinicianOf(resource.data.organization);
 
       allow create: if isAdmin()

diff --git a/functions/data/debug/users.json b/functions/data/debug/users.json
@@ -10,7 +10,7 @@
       "type": "admin",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -24,7 +24,7 @@
       "type": "admin",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -39,7 +39,7 @@
       "organization": "stanford",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -54,7 +54,7 @@
       "organization": "stanford",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -69,7 +69,7 @@
       "organization": "jhu",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -84,7 +84,7 @@
       "organization": "umich",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -99,7 +99,7 @@
       "organization": "uw",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -114,7 +114,7 @@
       "organization": "stanford",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -129,52 +129,52 @@
       "organization": "stanford",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
     "auth": {
-      "uid": "engagehf-clinician-jhu.edu",
+      "uid": "engagehf-clinician0-jhu.edu",
       "displayName": "JHU Clinician",
-      "email": "engagehf-clinician@jhu.edu",
+      "email": "engagehf-clinician0@jhu.edu",
       "password": "password"
     },
     "user": {
       "type": "clinician",
       "organization": "jhu",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
     "auth": {
-      "uid": "engagehf-clinician-umich.edu",
+      "uid": "engagehf-clinician0-umich.edu",
       "displayName": "UMich Clinician",
-      "email": "engagehf-clinician@umich.edu",
+      "email": "engagehf-clinician0@umich.edu",
       "password": "password"
     },
     "user": {
       "type": "clinician",
       "organization": "umich",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
     "auth": {
-      "uid": "engagehf-clinician-uw.edu",
+      "uid": "engagehf-clinician0-uw.edu",
       "displayName": "UW Clinician",
-      "email": "engagehf-clinician@uw.edu",
+      "email": "engagehf-clinician0@uw.edu",
       "password": "password"
     },
     "user": {
       "type": "clinician",
       "organization": "uw",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "[email protected]"
     }
   },
   {
@@ -189,7 +189,7 @@
       "organization": "stanford",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "SEEDING0"
     }
   },
   {
@@ -204,7 +204,7 @@
       "organization": "stanford",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "SEEDING1"
     }
   },
   {
@@ -219,7 +219,7 @@
       "organization": "stanford",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "SEEDING2"
     }
   },
   {
@@ -234,7 +234,7 @@
       "organization": "jhu",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "SEEDING3"
     }
   },
   {
@@ -249,7 +249,7 @@
       "organization": "jhu",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "SEEDING4"
     }
   },
   {
@@ -264,7 +264,7 @@
       "organization": "jhu",
       "dateOfEnrollment": "1970-01-01T00:00:00.000Z",
       "lastActiveDate": "1970-01-01T00:00:00.000Z",
-      "invitationCode": ""
+      "invitationCode": "SEEDING5"
     }
   }
 ]
diff --git a/functions/models/package-lock.json b/functions/models/package-lock.json
diff --git a/...dels/src/functions/checkInvitationCode.ts → functions/models/src/functions/enrollUser.ts b/...dels/src/functions/checkInvitationCode.ts → functions/models/src/functions/enrollUser.ts
@@ -8,11 +8,9 @@
 
 import { z } from 'zod'
 
-export const checkInvitationCodeInputSchema = z.object({
-  invitationCode: z.string(),
+export const enrollUserInputSchema = z.object({
+  invitationCode: z.string().regex(/^[A-Z0-9]{8,16}$/),
 })
-export type CheckInvitationCodeInput = z.input<
-  typeof checkInvitationCodeInputSchema
->
+export type EnrollUserInputSchema = z.input<typeof enrollUserInputSchema>
 
-export type CheckInvitationCodeOutput = undefined
+export type EnrollUserOutputSchema = undefined
diff --git a/functions/models/src/index.ts b/functions/models/src/index.ts
@@ -26,13 +26,13 @@ export * from './fhir/fhirMedication.js'
 export * from './fhir/fhirObservation.js'
 export * from './fhir/fhirQuestionnaire.js'
 export * from './fhir/fhirQuestionnaireResponse.js'
-export * from './functions/checkInvitationCode.js'
 export * from './functions/createInvitation.js'
 export * from './functions/customSeed.js'
 export * from './functions/defaultSeed.js'
 export * from './functions/deleteInvitation.js'
 export * from './functions/deleteUser.js'
 export * from './functions/dismissMessage.js'
+export * from './functions/enrollUser.js'
 export * from './functions/exportHealthSummary.js'
 export * from './functions/getUsersInformation.js'
 export * from './functions/registerDevice.js'

diff --git a/functions/models/src/types/invitation.ts b/functions/models/src/types/invitation.ts
@@ -21,14 +21,12 @@ export const invitationConverter = new Lazy(
     new SchemaConverter({
       schema: z
         .object({
-          userId: optionalish(z.string()),
           code: z.string(),
           auth: optionalish(z.lazy(() => userAuthConverter.value.schema)),
           user: z.lazy(() => userRegistrationConverter.value.schema),
         })
         .transform((values) => new Invitation(values)),
       encode: (object) => ({
-        userId: object.userId ?? null,
         code: object.code,
         auth: object.auth ? userAuthConverter.value.encode(object.auth) : null,
         user: userRegistrationConverter.value.encode(object.user),
@@ -39,20 +37,17 @@ export const invitationConverter = new Lazy(
 export class Invitation {
   // Properties
 
-  readonly userId?: string
   readonly code: string
   readonly auth?: UserAuth
   readonly user: UserRegistration
 
   // Constructor
 
   constructor(input: {
-    userId?: string
     code: string
     auth?: UserAuth
     user: UserRegistration
   }) {
-    this.userId = input.userId
     this.code = input.code
     this.auth = input.auth
     this.user = input.user