Refactor auth + onboarding flow

apps/server/prisma/schema.prisma

@@ -66,7 +66,7 @@ model Employee {
   firstName     String        @db.VarChar(255)
   lastName      String        @db.VarChar(255)
   email         String        @unique @db.VarChar(255)
-  signatureLink String        @db.VarChar(255)
+  signatureLink String?       @db.VarChar(255)
   scope         EmployeeScope @default(BASE_USER)
   pswdHash      String?       @db.VarChar(255)
   createdAt     DateTime      @default(now())
@@ -75,8 +75,8 @@ model Employee {
 
   originatedForms FormInstance[]
 
-  position   Position @relation(fields: [positionId], references: [id])
-  positionId String   @db.Uuid
+  position   Position? @relation(fields: [positionId], references: [id])
+  positionId String?   @db.Uuid
 
   signerEmployeeAssignedGroups     AssignedGroup[] @relation("signerEmployee")
   signerEmployeeListAssignedGroups AssignedGroup[] @relation("signerEmployeeList")

apps/server/src/app.controller.ts

@@ -33,6 +33,7 @@ import { EmployeesService } from './employees/employees.service';
 import { jwtDecode } from 'jwt-decode';
 import { RegisterEmployeeDto } from './auth/dto/register-employee.dto';
 import { CreateEmployeeDto } from './employees/dto/create-employee.dto';
+import { EmployeeScope } from '@prisma/client';
 
 @Controller()
 export class AppController {
@@ -130,23 +131,16 @@ export class AppController {
     @Body(new ValidationPipe({ transform: true }))
     registerEmployeeDto: RegisterEmployeeDto,
   ) {
-    const { positionName, departmentName, ...employeeDto } =
-      registerEmployeeDto;
-
     const createEmployeeDtoInstance: CreateEmployeeDto = {
-      firstName: employeeDto.firstName,
-      lastName: employeeDto.lastName,
-      email: employeeDto.email,
-      password: employeeDto.password,
-      signatureLink: employeeDto.signatureLink,
-      positionId: '',
-      scope: employeeDto.scope,
+      firstName: registerEmployeeDto.firstName,
+      lastName: registerEmployeeDto.lastName,
+      email: registerEmployeeDto.email,
+      password: registerEmployeeDto.password,
+      scope: EmployeeScope.BASE_USER,
     };
 
-    const newEmployee = await this.authService.register(
+    const newEmployee = await this.employeeService.create(
       createEmployeeDtoInstance,
-      positionName,
-      departmentName,
     );
 
     return new EmployeeEntity(newEmployee);

apps/server/src/auth/auth.service.ts

@@ -3,17 +3,12 @@ import { EmployeesService } from '../employees/employees.service';
 import { JwtService } from '@nestjs/jwt';
 import * as bcrypt from 'bcrypt';
 import { EmployeeEntity } from '../employees/entities/employee.entity';
-import { CreateEmployeeDto } from '../employees/dto/create-employee.dto';
-import { DepartmentsService } from '../departments/departments.service';
-import { PositionsService } from '../positions/positions.service';
-import { Department, EmployeeScope, Position } from '@prisma/client';
+import { EmployeeScope } from '@prisma/client';
 
 @Injectable()
 export class AuthService {
   constructor(
     private employeesService: EmployeesService,
-    private departmentsService: DepartmentsService,
-    private positionsService: PositionsService,
     private jwtService: JwtService,
   ) {}
 
@@ -65,7 +60,7 @@ export class AuthService {
       lastName: user.lastName,
       sub: user.id,
       positionId: user.positionId,
-      departmentId: user.position.departmentId,
+      departmentId: user.position?.departmentId,
       scope: user.scope,
     };
 
@@ -85,30 +80,4 @@ export class AuthService {
       refreshToken,
     };
   }
-
-  /**
-   * Register a new employee.
-   * @param createEmployeeDto the employee's data
-   * @param positionName the employee's position name
-   * @param departmentName the employee's department name
-   * @returns the new employee
-   */
-  async register(
-    createEmployeeDto: CreateEmployeeDto,
-    positionName: string,
-    departmentName: string,
-  ) {
-    const department: Department =
-      await this.departmentsService.findOrCreateOneByName(departmentName);
-
-    const position: Position =
-      await this.positionsService.findOrCreateOneByNameInDepartment(
-        positionName,
-        department.id,
-      );
-
-    createEmployeeDto.positionId = position.id;
-    const newEmployee = await this.employeesService.create(createEmployeeDto);
-    return newEmployee;
-  }
 }

apps/server/src/auth/dto/register-employee.dto.ts

@@ -1,5 +1,4 @@
 import { ApiProperty } from '@nestjs/swagger';
-import { EmployeeScope } from '@prisma/client';
 import { IsNotEmpty, IsString, MinLength, IsEmail } from 'class-validator';
 
 export class RegisterEmployeeDto {
@@ -23,23 +22,4 @@ export class RegisterEmployeeDto {
   @MinLength(5)
   @ApiProperty()
   password: string;
-
-  @IsString()
-  @IsNotEmpty()
-  @ApiProperty()
-  positionName: string;
-
-  @IsString()
-  @IsNotEmpty()
-  @ApiProperty()
-  departmentName: string;
-
-  @IsString()
-  @IsNotEmpty()
-  @ApiProperty()
-  signatureLink: string;
-
-  @IsNotEmpty()
-  @ApiProperty({ enum: EmployeeScope })
-  scope: EmployeeScope;
 }

apps/server/src/employees/dto/create-employee.dto.ts

@@ -20,9 +20,8 @@ export class CreateEmployeeDto {
   lastName: string;
 
   @IsUUID()
-  @IsNotEmpty()
   @ApiProperty()
-  positionId: string;
+  positionId?: string;
 
   @IsEmail()
   @IsNotEmpty()
@@ -35,11 +34,6 @@ export class CreateEmployeeDto {
   @ApiProperty()
   password: string;
 
-  @IsString()
-  @IsNotEmpty()
-  @ApiProperty()
-  signatureLink: string;
-
   @IsString()
   @IsNotEmpty()
   @ApiProperty({ enum: EmployeeScope })

apps/server/src/employees/dto/onboard-employee.dto.ts

@@ -0,0 +1,14 @@
+import { ApiProperty } from '@nestjs/swagger';
+import { IsString, IsNotEmpty } from 'class-validator';
+
+export class OnboardEmployeeDto {
+  @IsString()
+  @IsNotEmpty()
+  @ApiProperty()
+  signatureLink: string;
+
+  @IsString()
+  @IsNotEmpty()
+  @ApiProperty()
+  positionId: string;
+}

apps/server/src/employees/employees.controller.ts

@@ -34,6 +34,7 @@ import { UserEntity } from '../auth/entities/user.entity';
 import { JwtAuthGuard } from '../auth/guards/jwt-auth.guard';
 import { LoggerServiceImpl } from '../logger/logger.service';
 import { AdminAuthGuard } from '../auth/guards/admin-auth.guard';
+import { OnboardEmployeeDto } from './dto/onboard-employee.dto';
 
 @ApiTags('employees')
 @Controller('employees')
@@ -61,6 +62,26 @@ export class EmployeesController {
     return new EmployeeEntity(newEmployee);
   }
 
+  @Patch('/onboarding')
+  @UseGuards(JwtAuthGuard)
+  @ApiCreatedResponse({ type: EmployeeEntity })
+  @ApiForbiddenResponse({ description: AppErrorMessage.FORBIDDEN })
+  @ApiUnprocessableEntityResponse({
+    description: AppErrorMessage.UNPROCESSABLE_ENTITY,
+  })
+  @ApiBadRequestResponse({ description: AppErrorMessage.UNPROCESSABLE_ENTITY })
+  async onboardEmployee(
+    @AuthUser() currentUser: UserEntity,
+    @Body(new ValidationPipe({ transform: true }))
+    onboardEmployeeDto: OnboardEmployeeDto,
+  ) {
+    const onboardedEmployee = await this.employeesService.update(
+      currentUser.id,
+      onboardEmployeeDto,
+    );
+    return new EmployeeEntity(onboardedEmployee);
+  }
+
   @Get()
   @UseGuards(JwtAuthGuard)
   @ApiOkResponse({ type: [EmployeeEntity] })

apps/server/src/employees/employees.errors.ts

@@ -1,4 +1,5 @@
 export enum EmployeeErrorMessage {
   EMPLOYEE_NOT_FOUND = 'Employee could not be found with this email',
   EMPLOYEE_NOT_FOUND_CLIENT = 'Employee could not be found',
+  EMPLOYEE_NOT_ONBOARDED = 'Employee has not been onboarded',
 }

apps/server/src/employees/employees.service.ts

@@ -19,8 +19,6 @@ export class EmployeesService {
         firstName: createEmployeeDto.firstName,
         lastName: createEmployeeDto.lastName,
         email: createEmployeeDto.email,
-        positionId: createEmployeeDto.positionId,
-        signatureLink: createEmployeeDto.signatureLink,
         pswdHash: await bcrypt.hash(
           createEmployeeDto.password,
           await bcrypt.genSalt(),

apps/server/src/employees/entities/employee.entity.ts

@@ -14,13 +14,13 @@ export class EmployeeBaseEntity implements Employee {
   lastName: string;
 
   @Exclude()
-  positionId: string;
+  positionId: string | null;
 
   @ApiProperty()
   email: string;
 
   @ApiProperty()
-  signatureLink: string;
+  signatureLink: string | null;
 
   @ApiProperty({ enum: EmployeeScope })
   scope: EmployeeScope;
@@ -44,7 +44,7 @@ export class EmployeeBaseEntity implements Employee {
 
 export class EmployeeEntity extends EmployeeBaseEntity {
   @ApiProperty()
-  position: PositionBaseEntity;
+  position: PositionBaseEntity | null;
 
   constructor(partial: Partial<EmployeeEntity>) {
     super(partial);

apps/server/src/form-instances/form-instances.service.ts

@@ -220,6 +220,12 @@ export class FormInstancesService {
       throw new NotFoundException(EmployeeErrorMessage.EMPLOYEE_NOT_FOUND);
     }
 
+    if (!employee.positionId || !employee.position) {
+      throw new BadRequestException(
+        EmployeeErrorMessage.EMPLOYEE_NOT_ONBOARDED,
+      );
+    }
+
     const formInstances = await this.prisma.formInstance.findMany({
       where: {
         assignedGroups: {
@@ -537,6 +543,12 @@ export class FormInstancesService {
       where: { id: currentUser.id },
     });
 
+    if (!employee.positionId) {
+      throw new BadRequestException(
+        EmployeeErrorMessage.EMPLOYEE_NOT_ONBOARDED,
+      );
+    }
+
     const position = await this.prisma.position.findFirstOrThrow({
       where: { id: employee.positionId },
     });

apps/web/openapi-ts.config.ts

@@ -6,7 +6,7 @@ export default {
     path: './src/client',
   },
   plugins: [
-    '@hey-api/client-fetch',
+    '@hey-api/client-axios',
     '@tanstack/react-query',
     '@hey-api/schemas',
     {

apps/web/package.json

@@ -22,6 +22,7 @@
     "@emotion/react": "11.10.5",
     "@emotion/styled": "11.10.5",
     "@fontsource/hanken-grotesk": "4.5.2",
+    "@hey-api/client-axios": "0.6.1",
     "@tanstack/react-query": "5.0.5",
     "@trpc/client": "10.38.0",
     "@trpc/server": "10.38.0",

apps/web/src/authConfig.ts

@@ -45,5 +45,5 @@ export const loginRequest = {
 
 export const graphConfig = {
   graphMeEndpoint:
-    'https://graph.microsoft.com/v1.0/me?$select=id,displayName,department,jobTitle,givenName,surname,userPrincipalName',
+    'https://graph.microsoft.com/v1.0/me?$select=id,displayName,department,jobTitle,givenName,surname,userPrincipalName,mail',
 };