45 lines
2.4 KiB
Markdown
45 lines
2.4 KiB
Markdown
# Haumdaucher User Creation
|
|
|
|
This Google Apps Script automatically provisions local Google Firebase accounts (Email/Password) based on the target emails defined in the Haumdaucher Google Sheet.
|
|
|
|
It is designed to run silently and declaratively alongside the `mail_forwarding` module.
|
|
|
|
## Architecture
|
|
- **Environment**: Google Apps Script (Standalone).
|
|
- **Authentication**: Native Google Cloud Platform (GCP) linking. The script authenticates via `ScriptApp.getOAuthToken()` using the underlying GCP project's identity, avoiding hardcoded API keys.
|
|
- **API**: Google Identity Toolkit REST API (`accounts:batchGet`, `accounts:signUp`, `accounts:update`).
|
|
- **Triggers**: `onFormSubmit` (for real-time form entries) and `onChange` (for manual sheet edits).
|
|
|
|
## Declarative Logic
|
|
The script compares the desired state (emails in the Sheet) with the current state (users in Firebase Auth):
|
|
- **Create**: User in sheet but not in Firebase -> Creates an account with a secure random password.
|
|
- **Disable**: User in Firebase but not in sheet -> Soft deletes the account (`disableUser: true`).
|
|
- **Re-Enable**: User in sheet and Firebase but disabled -> Re-enables the account.
|
|
- **Ignore**: User matches both states and is active -> No action.
|
|
|
|
## Operational Instructions
|
|
|
|
### 1. Linking to GCP (Required once)
|
|
To allow the script to call Firebase APIs securely without an API key:
|
|
1. Open the Apps Script project (`clasp open-script`).
|
|
2. Click the **Project Settings** (gear icon) on the left.
|
|
3. Under **Google Cloud Platform (GCP) Project**, click **Change project**.
|
|
4. Enter your GCP Project Number (e.g., `171880300854` - this is the `messagingSenderId` from Terraform outputs).
|
|
5. Click **Set Project**.
|
|
|
|
### 2. Manual Triggers (setup)
|
|
If you modify the code or push a new version, you must reinstall the background triggers:
|
|
1. Open the IDE (`clasp open-script`).
|
|
2. Select the `setup` function from the dropdown.
|
|
3. Click **Run**.
|
|
*(Note: `clasp push` only updates code, it does not update running triggers).*
|
|
|
|
### 3. Dry Run Mode
|
|
By default, the code is set to `DRY_RUN: true`. It will read states and print its intended actions to the Execution Logs, but will NOT mutate Firebase data.
|
|
To activate:
|
|
1. Change `DRY_RUN: false` in `src/Code.js`.
|
|
2. Run `clasp push`.
|
|
|
|
### 4. Admin Reporting
|
|
The script will send an email to `moritz@haumdaucher.de` **only if** state changes occurred (creating, disabling, or re-enabling a user). If no changes are needed, it remains completely silent.
|