From 162bbe31eef54db538e4cdcf7100c92ea8442458 Mon Sep 17 00:00:00 2001
From: Paul Kraft <pauljohanneskraft@users.noreply.github.com>
Date: Wed, 23 Oct 2024 12:28:58 -0700
Subject: [PATCH 1/4] SSO adaptions

---
 functions/src/functions/blocking.ts               |  2 +-
 functions/src/functions/enrollUser.ts             |  2 +-
 .../src/services/user/databaseUserService.ts      | 15 +++++++++------
 functions/src/services/user/userService.ts        |  6 +++++-
 4 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/functions/src/functions/blocking.ts b/functions/src/functions/blocking.ts
index 1a194aa8..752826ed 100644
--- a/functions/src/functions/blocking.ts
+++ b/functions/src/functions/blocking.ts
@@ -54,7 +54,7 @@ export const beforeUserCreatedFunction = beforeUserCreated(async (event) => {
       'Organization does not match invitation code.',
     )
 
-  await userService.enrollUser(invitation, userId)
+  await userService.enrollUser(invitation, userId, { isSingleSignOn: true })
   await factory.trigger().userEnrolled(userId)
 })
 
diff --git a/functions/src/functions/enrollUser.ts b/functions/src/functions/enrollUser.ts
index 3904b0a7..3bcf5806 100644
--- a/functions/src/functions/enrollUser.ts
+++ b/functions/src/functions/enrollUser.ts
@@ -27,7 +27,7 @@ export const enrollUser = validatedOnCall(
     if (invitation === undefined)
       throw new https.HttpsError('not-found', 'Invitation not found')
 
-    await userService.enrollUser(invitation, userId)
+    await userService.enrollUser(invitation, userId, { isSingleSignOn: false })
 
     logger.debug(
       `setupUser: User '${userId}' successfully enrolled in the study with invitation code: ${invitationCode}`,
diff --git a/functions/src/services/user/databaseUserService.ts b/functions/src/services/user/databaseUserService.ts
index 53c2ecb2..4a8a29b3 100644
--- a/functions/src/services/user/databaseUserService.ts
+++ b/functions/src/services/user/databaseUserService.ts
@@ -135,6 +135,7 @@ export class DatabaseUserService implements UserService {
   async enrollUser(
     invitation: Document<Invitation>,
     userId: string,
+    options: { isSingleSignOn: boolean },
   ): Promise<void> {
     logger.info(
       `About to enroll user ${userId} using invitation at '${invitation.id}' with code '${invitation.content.code}'.`,
@@ -150,12 +151,14 @@ export class DatabaseUserService implements UserService {
       )
     }
 
-    await this.auth.updateUser(userId, {
-      displayName: invitation.content.auth?.displayName ?? undefined,
-      email: invitation.content.auth?.email ?? undefined,
-      phoneNumber: invitation.content.auth?.phoneNumber ?? undefined,
-      photoURL: invitation.content.auth?.photoURL ?? undefined,
-    })
+    if (options.isSingleSignOn === false) {
+      await this.auth.updateUser(userId, {
+        displayName: invitation.content.auth?.displayName ?? undefined,
+        email: invitation.content.auth?.email ?? undefined,
+        phoneNumber: invitation.content.auth?.phoneNumber ?? undefined,
+        photoURL: invitation.content.auth?.photoURL ?? undefined,
+      })
+    }
 
     logger.info(
       `Updated auth information for user with id '${userId}' using invitation auth content.`,
diff --git a/functions/src/services/user/userService.ts b/functions/src/services/user/userService.ts
index 7421e13e..2dd1b812 100644
--- a/functions/src/services/user/userService.ts
+++ b/functions/src/services/user/userService.ts
@@ -32,7 +32,11 @@ export interface UserService {
   getInvitationByCode(
     invitationCode: string,
   ): Promise<Document<Invitation> | undefined>
-  enrollUser(invitation: Document<Invitation>, userId: string): Promise<void>
+  enrollUser(
+    invitation: Document<Invitation>,
+    userId: string,
+    options: { isSingleSignOn: boolean },
+  ): Promise<void>
   deleteInvitation(invitation: Document<Invitation>): Promise<void>
 
   // Organizations

From 673dc1c5516526d40c27a66ee746ea1ae91544a2 Mon Sep 17 00:00:00 2001
From: Paul Kraft <pauljohanneskraft@users.noreply.github.com>
Date: Wed, 23 Oct 2024 14:33:35 -0700
Subject: [PATCH 2/4] update tests

---
 .../src/services/user/databaseUserService.test.ts    | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/functions/src/services/user/databaseUserService.test.ts b/functions/src/services/user/databaseUserService.test.ts
index 75f42969..c59322e4 100644
--- a/functions/src/services/user/databaseUserService.test.ts
+++ b/functions/src/services/user/databaseUserService.test.ts
@@ -54,7 +54,9 @@ describe('DatabaseUserService', () => {
 
       const invitation = await userService.getInvitationByCode(invitationCode)
       if (!invitation) assert.fail('Invitation not found')
-      await userService.enrollUser(invitation, userId)
+      await userService.enrollUser(invitation, userId, {
+        isSingleSignOn: false,
+      })
 
       const auth = await admin.auth().getUser(userId)
       expect(auth.displayName).to.equal(displayName)
@@ -96,7 +98,9 @@ describe('DatabaseUserService', () => {
 
       const invitation = await userService.getInvitationByCode(invitationCode)
       if (!invitation) assert.fail('Invitation not found')
-      await userService.enrollUser(invitation, userId)
+      await userService.enrollUser(invitation, userId, {
+        isSingleSignOn: false,
+      })
 
       const auth = await admin.auth().getUser(userId)
       expect(auth.displayName).to.equal(displayName)
@@ -141,7 +145,9 @@ describe('DatabaseUserService', () => {
 
       const invitation = await userService.getInvitationByCode(invitationCode)
       if (!invitation) assert.fail('Invitation not found')
-      await userService.enrollUser(invitation, userId)
+      await userService.enrollUser(invitation, userId, {
+        isSingleSignOn: false,
+      })
 
       const auth = await admin.auth().getUser(userId)
       expect(auth.displayName).to.equal(displayName)

From 3ab72859cfed43a6a379068ccbb8b17390a80dd0 Mon Sep 17 00:00:00 2001
From: Paul Kraft <pauljohanneskraft@users.noreply.github.com>
Date: Wed, 23 Oct 2024 14:44:20 -0700
Subject: [PATCH 3/4] lint:fix

---
 functions/src/services/user/databaseUserService.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions/src/services/user/databaseUserService.ts b/functions/src/services/user/databaseUserService.ts
index 4a8a29b3..497f8933 100644
--- a/functions/src/services/user/databaseUserService.ts
+++ b/functions/src/services/user/databaseUserService.ts
@@ -151,7 +151,7 @@ export class DatabaseUserService implements UserService {
       )
     }
 
-    if (options.isSingleSignOn === false) {
+    if (!options.isSingleSignOn) {
       await this.auth.updateUser(userId, {
         displayName: invitation.content.auth?.displayName ?? undefined,
         email: invitation.content.auth?.email ?? undefined,

From 85598f391bdce9549d2e077bd8ae97c56a5bb011 Mon Sep 17 00:00:00 2001
From: Paul Kraft <pauljohanneskraft@users.noreply.github.com>
Date: Thu, 24 Oct 2024 14:16:24 -0700
Subject: [PATCH 4/4] Make sure to not update claims for sso in
 beforeUserCreated

---
 functions/src/services/user/databaseUserService.ts | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/functions/src/services/user/databaseUserService.ts b/functions/src/services/user/databaseUserService.ts
index 497f8933..54352a18 100644
--- a/functions/src/services/user/databaseUserService.ts
+++ b/functions/src/services/user/databaseUserService.ts
@@ -217,7 +217,9 @@ export class DatabaseUserService implements UserService {
       )
     })
 
-    await this.updateClaims(userId)
+    if (!options.isSingleSignOn) {
+      await this.updateClaims(userId)
+    }
   }
 
   async deleteInvitation(invitation: Document<Invitation>): Promise<void> {