moritz
/
haumdaucher_de
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
haumdaucher_de/user_creation/README.md

2.4 KiB
Raw Blame History

Haumdaucher User Creation

This Google Apps Script automatically provisions local Google Firebase accounts (Email/Password) based on the target emails defined in the Haumdaucher Google Sheet.

It is designed to run silently and declaratively alongside the mail_forwarding module.

Architecture

  • Environment: Google Apps Script (Standalone).
  • Authentication: Native Google Cloud Platform (GCP) linking. The script authenticates via ScriptApp.getOAuthToken() using the underlying GCP project's identity, avoiding hardcoded API keys.
  • API: Google Identity Toolkit REST API (accounts:batchGet, accounts:signUp, accounts:update).
  • Triggers: onFormSubmit (for real-time form entries) and onChange (for manual sheet edits).

Declarative Logic

The script compares the desired state (emails in the Sheet) with the current state (users in Firebase Auth):

  • Create: User in sheet but not in Firebase -> Creates an account with a secure random password.
  • Disable: User in Firebase but not in sheet -> Soft deletes the account (disableUser: true).
  • Re-Enable: User in sheet and Firebase but disabled -> Re-enables the account.
  • Ignore: User matches both states and is active -> No action.

Operational Instructions

1. Linking to GCP (Required once)

To allow the script to call Firebase APIs securely without an API key:

  1. Open the Apps Script project (clasp open-script).
  2. Click the Project Settings (gear icon) on the left.
  3. Under Google Cloud Platform (GCP) Project, click Change project.
  4. Enter your GCP Project Number (e.g., 171880300854 - this is the messagingSenderId from Terraform outputs).
  5. Click Set Project.

2. Manual Triggers (setup)

If you modify the code or push a new version, you must reinstall the background triggers:

  1. Open the IDE (clasp open-script).
  2. Select the setup function from the dropdown.
  3. Click Run. (Note: clasp push only updates code, it does not update running triggers).

3. Dry Run Mode

By default, the code is set to DRY_RUN: true. It will read states and print its intended actions to the Execution Logs, but will NOT mutate Firebase data. To activate:

  1. Change DRY_RUN: false in src/Code.js.
  2. Run clasp push.

4. Admin Reporting

The script will send an email to moritz@haumdaucher.de only if state changes occurred (creating, disabling, or re-enabling a user). If no changes are needed, it remains completely silent.