BUG: Candidate change own email broken

tomlovesgithub commented 1 year ago

Describe the bug Candidates who use the profile functionality to update their email address will be stuck in a 'boot loop' when clicking into the profile area due to their candidate document not being updated but their auth email being updated by the background function.

To Reproduce Steps to reproduce the behavior:

Go to 'profile'
update your email address (automatically logs you out)
log in again
go to profile
'log out' modal pops up and prompts you to logout -> returns you to step 3

Expected behavior update does not cause bootloop Need to check if candidate's email already exists.

Additional context It has been highlighted that the background function exposed here is also used by the admin frontend, and that there is no auth to ensure that the user requesting the change is the same user who owns the candidate account.

Suggested fix (and improvement)

The following outline provides the key tasks in both fixing this bug and improving our solution to be simpler and more secure

Apply

[ ] Remove call to cloud function updateEmailAddress

In the following places include a hint so the user knows they are changing their login email:

[ ] On candidate profile form
[ ] On application personal details form

Whenever the email address is changed

[ ] Update the candidate document
[ ] If email differs from auth email address then call auth service to update email address
[ ] If the change occurs on Application > Personal details form then also update the application document

Admin

[ ] In Candidate view remove login email tab
[ ] Change email address in candidate document

Digital-Platform

[ ] Remove callable function updateEmailAddress
[ ] Amend the onCandidatePersonalDetailsUpdate background function to also check for email address changes:
- If email has changed then
- Get auth email
- If auth email is different then
- Update auth email

nickaddy commented 1 year ago

Hey team! Please add your planning poker estimate with Zenhub @drieJAC @HalcyonJAC @tomlovesgithub @warrensearle

warrensearle commented 1 year ago

@tomlovesgithub and @warrensearle to refine ticket content

warrensearle commented 1 year ago

@tomlovesgithub and I have reviewed this ticket and progressed it to ready to play

warrensearle commented 10 months ago

@nickaddy, @tomlovesgithub and @warrensearle the improvements suggested in this ticket are still relevant:

ensure candidate only has one email address for login and contact
make it clear to the user that they are changing their login & contact email
improve security by removing cloud function updateEmailAddress

However the ticket needs further re-writing as the original bug described is no longer a problem.

drieJAC commented 1 month ago

Also need to make sure the new email address doesnt already exist in the auth db

drieJAC commented 1 month ago

We can use transactions in firebase to ensure that when writing to multiple sources they either all succeed or all fail to prevent db conflicts

nickaddy commented 1 month ago

@drieJAC We have already closed up one of the above points with the previous ticket:

Regarding the points around authorisation:

User needs to be logged in/log in to change email address, is that not sufficient authorisation?
We will be consolidating security with 2FA anyway

Does this ticket need to be rewritten/customised?

jac-uk / digital-platform