permitted users should not be required to hold an existing account before logging in

[Syntaf]

Right now, a permitted user logging in for the first time requires an already existing user entry to be given permissions by /login. This causes an issue because user_id is not known until they actually create an Auth0 account, so it cannot be used to look up a user before their account is created.

Consider the example scenario, we have an empty users table, and one permitted organizer who has not yet created an account:

------------------------------------
| permitted_organizers              |
------------------------------------
| gmercer015@gmail.com              |
------------------------------------

Now if that user decides to log in and create their account, the frontend will post the following data to the backend in order to authenticate and create their profile:

{
  clientID:"jyb8nxXVywA8ezS3Vin9CnEhkY3FH7fC"
  created_at:"2017-04-07T22:00:27.737Z"
  email:"gmercer015@gmail.com"
  email_verified:true
  family_name:"Mercer"
  gender:"male"
  given_name:"Grant"
  global_client_id:"tOV53QArH6IMnkdHVUHnc2BOiMpcznE2"
  identities:Array(1)
  locale:"en"
  loginType:"org"
  name:"Grant Mercer"
  nickname:"gmercer015"
  picture:"https://lh6.googleusercontent.com/-k0WgEvjGoVc/AAAAAAAAAAI/AAAAAAAACrM/ee8HnyRWMTc/photo.jpg"
  updated_at:"2017-04-07T22:50:35.496Z"
  user_id:"google-oauth2|105950922553210130192"
}

The issue is that the backend performs the following query in getUserData:

SELECT user_id, name, email, permissions FROM users WHERE user_id = auth0|58e8102939c61c78fe17a940

which, since the user does not yet exist, fails. This then prompts the backend to return 403 and fail. The backend expects all users to have existing accounts which is incorrect, the route must accommodate permitted users who do not yet have a user entry in the database.

[stevenbrookslv]

Believe issue is fixed, if not we can re-open issue up