moritz
/
haumdaucher_de
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
haumdaucher_de/user_creation
History
Moritz Graf a16ebd641e docs: refactor GEMINI.md -> AGENTS.md, update user_creation docs and fix code quality issues 2026-04-26 18:36:59 +02:00
..
src docs: refactor GEMINI.md -> AGENTS.md, update user_creation docs and fix code quality issues 2026-04-26 18:36:59 +02:00
.clasp.json User adding is now configured and should work 2026-04-26 17:33:32 +02:00
AGENTS.md docs: refactor GEMINI.md -> AGENTS.md, update user_creation docs and fix code quality issues 2026-04-26 18:36:59 +02:00
README.md docs: refactor GEMINI.md -> AGENTS.md, update user_creation docs and fix code quality issues 2026-04-26 18:36:59 +02:00
email_templates.md Finalizing user_creation 2026-04-26 18:21:48 +02:00

README.md

Haumdaucher User Creation

This Google Apps Script automatically provisions local Google Firebase accounts (Email/Password) based on the target emails defined in the Haumdaucher Google Sheet.

It is designed to run silently and declaratively alongside the mail_forwarding module.

Architecture

  • Environment: Google Apps Script (Standalone).
  • Authentication: Native Google Cloud Platform (GCP) linking. The script authenticates via ScriptApp.getOAuthToken() using the underlying GCP project's identity, avoiding hardcoded API keys.
  • API: Google Identity Toolkit REST API (accounts:query, accounts, accounts:update, accounts:sendOobCode).
  • Triggers: onFormSubmit (for real-time form entries) and onChange (for manual sheet edits).

Declarative Logic

The script compares the desired state (emails in the Sheet) with the current state (users in Firebase Auth):

  • Create: User in sheet but not in Firebase -> Creates an account with a secure random password.
  • Disable: User in Firebase but not in sheet -> Soft deletes the account (disableUser: true).
  • Re-Enable: User in sheet and Firebase but disabled -> Re-enables the account.
  • Ignore: User matches both states and is active -> No action.

Operational Instructions

1. Linking to GCP (Required once)

To allow the script to call Firebase APIs securely without an API key:

  1. Open the Apps Script project (clasp open-script).
  2. Click the Project Settings (gear icon) on the left.
  3. Under Google Cloud Platform (GCP) Project, click Change project.
  4. Enter your GCP Project Number (e.g., 171880300854 - this is the messagingSenderId from Terraform outputs).
  5. Click Set Project.

2. Manual Triggers (setup)

If you modify the code or push a new version, you must reinstall the background triggers:

  1. Open the IDE (clasp open-script).
  2. Select the setup function from the dropdown.
  3. Click Run. (Note: clasp push only updates code, it does not update running triggers).

3. Dry Run Mode

The code natively supports a DRY_RUN flag in CONFIG. When set to true, it will read states and print its intended actions to the Execution Logs, but will NOT mutate Firebase data. Currently, this is configured for production (DRY_RUN: false).

4. Admin Reporting

The script will send an email to info@haumdaucher.de only if state changes occurred (creating, disabling, or re-enabling a user). If no changes are needed, it remains completely silent.

5. Email Templates & Custom Actions

The Identity Platform email templates (Password Reset, etc.) are NOT managed via Terraform due to provider limitations. They are stored in email_templates.md and must be manually copy-pasted into the Firebase Console. The action URL for Password Resets has been customized to point to the main Vue.js frontend (https://haumdaucher.de/), which intercepts the mode=resetPassword parameter and displays the custom PasswordReset.vue component to maintain the club's aesthetic.