Invitation Codes #54
Invitation Codes #54
Conversation
There was a problem hiding this comment.
@MatthewTurk247 I think invitation codes should not be stored in the storage bucket but in the firebase database. The storage bucket should only be used for large files like the consent document. That's probably the best use case we have for that now.
In addition, we are still missing the functionality in the cloud function like in the Spezi Study App: https://github.com/StanfordSpezi/SpeziStudyApplication.
This PR includes a few more things but demonstrates how we included a basic functionality in the app: StanfordSpezi/SpeziStudyApplication@4f5e88d.
The final cloud function and current logic is found in the study app repo. It has a multi-study approach which makes it a bit more complicated but follows the same approach to validate an invitation code:
- Cloud function: https://github.com/StanfordSpezi/SpeziStudyApplication/blob/main/functions/index.js
- Invitation Code View: https://github.com/StanfordSpezi/SpeziStudyApplication/blob/main/StudyApplication/[…]ng/OnboardingMechanisms/InvitationCode/InvitationCodeView.swift
I don’t think that we have to initially update SpeziOnboarding at this point, we can implement all that in the app but it might be eventually nice to move it out to one of the Spezi Package if needed.
The Spezi Study Application importantly does not include the mapping of the anonymous account to the other login (e.g. username or password). I think we should be able to do this without any changes to SpeziAccount.
In addition, it does not include the protection rule on SignUp to only allow this if you have a proper invitation code. This is not needed in the Spezi Study App as we don’t have any Accounts in there but will be necessary for PICS.
You can find more about these cloud functions here: https://firebase.google.com/docs/auth/extend-with-blocking-functions?gen=2nd
I would suggest to use the same function and structure as in the Study App. We have a functions folder that contains everything. The Firebase configuration (https://github.com/StanfordSpezi/SpeziStudyApplication/blob/main/firebase.json) includes that so you can test all the cloud functions locally in the emulator without ever needing to deploy them to the cloud project.
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #54 +/- ##
===========================================
+ Coverage 28.44% 54.97% +26.53%
===========================================
Files 35 37 +2
Lines 1245 1370 +125
===========================================
+ Hits 354 753 +399
+ Misses 891 617 -274
... and 15 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
|
There was a problem hiding this comment.
Thank you for the improvements @MatthewTurk247! I had a few smaller comments; should be small stuff that we can to to get it across the finish line.
I committed a few smaller things that I noticed during the review.
|
@MatthewTurk247 Looks like some of the REUSE checks are still failing, you will most likely need to add |
Co-authored-by: Paul Schmiedmayer <[email protected]>
…WatchStudy into invitation-codes
# Account Linking ## ♻️ Current situation & Problem In the `FirebaseEmailPasswordAccountService` of our project, the `signUp` function solely handles the creation of new user accounts or signing in with OAuth credentials. This process did not account for users who are already signed in (possibly anonymously) and wish to link their accounts with email and password credentials. See [#54](StanfordBDHG/PediatricAppleWatchStudy#54) for details. ## ⚙️ Release Notes - The `signUp` function in `FirebaseEmailPasswordAccountService` now supports linking new email and password credentials to already signed-in users (including anonymous accounts). - If onboarding starts with an anonymous account, users can expect a seamless transition when upgrading from said anonymous account to a permanent one. - Fixes an issue where the reauthentication alert doesn't work. ## 📚 Documentation The modification ensures that if a user is already signed in (anonymously or with OAuth credentials), their account can be upgraded with email and password credentials by linking these new credentials to their existing account. See [Firebase documentation](https://firebase.google.com/docs/auth/ios/anonymous-auth) for details. ## ✅ Testing TBD. ## 📝 Code of Conduct & Contributing Guidelines By submitting creating this pull request, you agree to follow our [Code of Conduct](https://github.com/StanfordSpezi/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordSpezi/.github/blob/main/CONTRIBUTING.md): - [x] I agree to follow the [Code of Conduct](https://github.com/StanfordSpezi/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordSpezi/.github/blob/main/CONTRIBUTING.md). --------- Co-authored-by: Andreas Bauer <[email protected]>
|
@MatthewTurk247 This release should unblock your issue thanks to @Supereg: https://github.com/StanfordSpezi/SpeziFirebase/releases/tag/1.1.0 |
|
@PSchmiedmayer, the onboarding flow is almost there, but a failed account operation error still shows up, even though linking appears to work just fine in Firebase emulator now. And if I tap the sign-up button again, the error message says that the account already exists. I have a feeling that one or two lines of code might be missing somewhere, or something needs to be removed, but I cannot quite put a finger on it. |
There was a problem hiding this comment.
@MatthewTurk247 Thank you for all the additional improvements! The overall PR looks good to me; I only had a few smaller comments that would be great to be addressed before merging the PR.
Feel free to merge the PR once all of them are addressed 👍
Co-authored-by: Paul Schmiedmayer <[email protected]>
Co-authored-by: Paul Schmiedmayer <[email protected]>
# Study Enrollment via Invitation Code Authentication and Customize Onboarding ## ♻️ Current situation & Problem Currently, there is no way to validate the identity of the user of the app to enroll them in the study. ## ⚙️ Release Notes - Customized Spezi Onboarding Flow to have language and symbols relevant to Engage - Integrated invitation code authorization into the onboarding flow, using cloud functions to validate supplied code against a database of valid codes stored in Firebase. ## 📚 Documentation Integrated code based on: StanfordBDHG/PediatricAppleWatchStudy#54. The Onboarding flow now has custom views: <img width="256" alt="Screenshot 2024-04-09 at 10 24 14 PM" src="https://github.com/StanfordBDHG/ENGAGE-HF/assets/108841122/ee4b1fe0-d560-4918-8de0-28be1d7aa7b3"> <img width="256" alt="Screenshot 2024-04-09 at 10 26 21 PM" src="https://github.com/StanfordBDHG/ENGAGE-HF/assets/108841122/a06f18b1-a944-4008-968b-0eab1aa36ca0"> <img width="256" alt="Screenshot 2024-04-09 at 10 26 28 PM" src="https://github.com/StanfordBDHG/ENGAGE-HF/assets/108841122/57d05f25-86d5-409c-8d92-31f25c7a17ed"> See SpeziOnboarding for documentation of the other views. ## ✅ Testing Thoroughly tested the onboarding flow, including the invitation code authorization and account creation process. ### Code of Conduct & Contributing Guidelines By submitting creating this pull request, you agree to follow our [Code of Conduct](https://github.com/StanfordBDHG/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordBDHG/.github/blob/main/CONTRIBUTING.md): - [X] I agree to follow the [Code of Conduct](https://github.com/StanfordBDHG/.github/blob/main/CODE_OF_CONDUCT.md) and [Contributing Guidelines](https://github.com/StanfordBDHG/.github/blob/main/CONTRIBUTING.md). --------- Co-authored-by: Paul Schmiedmayer <[email protected]>
Invitation Codes
♻️ Current situation & Problem
There is a new collection in Firestore called invitation code bucket called
invitationCodes. During onboarding, we sign the user in anonymously so we can check if they have a valid code. If they do, we assign that code to their new de-anonymized account and remove it frominvitationCodesso it cannot be used again. Some kind of verification step like this hedges against spam and unapproved use.⚙️ Release Notes
📚 Documentation
See Firebase documentation.
✅ Testing
TBD.
Code of Conduct & Contributing Guidelines
By submitting creating this pull request, you agree to follow our Code of Conduct and Contributing Guidelines: