POST /api/user

[mahalakshme]

Need:

One of our clients wanted the message of user credentials to be sent only after the training on Glific is complete. So Glific will setup a flow where once training is complete, via a hook they will POST the user details to Avni.

Instead of above just activate user.

As is:

• Currently we don't have a API endpoint to create user.
• From webapp when a user is created, it is created by POSTing the ids of catchment, user groups etc.,

AC:

• The discussion was that all the details in UserAndCatchments file will be posted from Glific to Avni
• So POST request payload can look like this:

{
  "Username": "mahanew",
  "Name": "mahanew",
  "Email address": "[email protected]",
  "Mobile number": "+919791267079",
  "Catchment":  {
      "Name": "Warkula",
      "Locations with full hierarchy": ["Maharashtra, Parbhani, Manwat, Aambegaon", "Maharashtra, Kolhapur, Shahuwadi, Ambarde"]
   },
  "User groups": ['Administrator', 'Project Leads' ],
  "Settings": {
    "Preferred language": "en",
    "Identifier prefix": "MN",
    "Date picker mode": "calendar",
    "Time picker mode": "clock",
    "Track location": true,
    "Ignore sync settings in DEA": true,
    "Work order->Year": ['2023-24']
  }
}

Validations (same error messages like in User and Catchments CSV upload):

• When a location, say 'Maharashtra, Kolhapur, Shahuwadi, Ambarde' is not present then return 400 Bad Request with error message 'Provided Location does not exist in Avni. Please add it or check for spelling mistakes and ensure space between two locations '%s'. User with other locations should not get created. Also this location presence checking need to be case in-sensitive.
• Validations to make sure mandatory fields present, and right values are posted. Only mandatory fields are username, name, phoneNumber, catchment.name, catchment.locations, syncSettings. When any of these fields not present then return 400 Bad request with error message 'Invalid or Empty value specified for mandatory field %s.'
• Should support phone numbers with all country codes like done for CSV upload. Same validations done for CSV upload.
  - When the mobile numbers are prefixed with 91 or +91 or 0 make sure the number of digits that follows are ten in number.
  - Dont make it mandatory to enter + for phone number. If it is not entered, add + before sending the request to AWS cognito and inserting into db. If it is entered as well fine.
  - When any of the above w.r to having a valid phone number is not adhered, then return 400 Bad Request with error message 'Provided value '%s' for phone number is invalid.'
• Few other validation messages on respective field validations like preferredLanguage, date-picker mode, time-picker mode, track location, sync settings are:
  - Provided value '%s' for Preferred Language is invalid.
  - Provided value '%s' for Date picker mode is invalid.
  - Provided value '%s' for track location is invalid.
  - '2023-24' is not a valid value for the concept 'Year'. To input this value, add this as an answer to the coded concept 'Year'.

Default values when not mentioned:

en for locale,
empty for idPrefix, email - ie., without email set for user, everything should work
calendar for datePickerMode
clock for timePickerMode
Everyone group for groupNames
false for ignoreSyncSettingsInDEA
false for trackLocation

General:

• Based on the organisation, username suffix should get added to username before saving.
• Should create the user in cognito when there are no validation errors.
• When any of the above mentioned validation errors occur, return 400 Bad Request and should not save user with the other details.
• Also should create catchments with already created locations added to it if catchment doesn't exist. If catchment exists add any new location to the catchment. Locations mentioned are case insensitive.
• Make sure when user is created in cognito, it is created with state such that reset of temporary password is required unless 'Do not require password change for new user' setting is enabled.
• Make sure finding the locations to add to catchment is done s.t without affecting Avni performance.
• The JSON keys in POST payload need to be case-insensitive

Out of scope:

• Working with Keycloak
• Bulk saving of multiple users at the same time

Tech analysis:

• Email - not mandatory for Cognito - doesn't seem to be used by client in focus as well - Vinay mentioned was added initially though we didnt want to add since in Cognito it was mandatory - It is not mandatory now, though in Cognito settings we are enforcing it.
• Separating catchment and user creation can lead to confusion. So let's keep them together.

Old: Ignore:

Option 2: - 5-6 days

• Separate uploading of catchments alone in Avni
• Then posting the user information without location information

analysis/questions:

• Email - not mandatory for Cognito - doesn't seem to be used by client in focus as well - Vinay mentioned was added initially though we didnt want to add since in Cognito it was mandatory - It is not mandatory now, though in Cognito settings we are enforcing it.
• except user groups most of the others can be hard-coded
• username is going to be mobile number

Inputs:

• we will add @ and suffix to avoid issues and to retain sanity in Avni
• locale might not by default be Maharashtra - need to collect
• location if not exist need to do error handling
• share sample CSV file with Glific

[vinayvenu]

@mahalakshme adding in some comments, surely this will be included when the story is detailed out

1. We should include GET of user (so it can be verified programmatically)
2. Have default values for settings etc

[mahalakshme]

@vinayvenu noted