add onboarding email prep

Author: m0nggh

ecs/env.json

@@ -213,6 +213,10 @@
     {
       "name": "ADMIN_JWT_SECRET_KEY",
       "valueFrom": "plumber-<ENVIRONMENT>-admin-jwt-secret-key"
+    },
+    {
+      "name": "ONBOARDING_EMAIL_WEBHOOK_URL",
+      "valueFrom": "plumber-onboarding-email-webhook-url"
     }
   ]
 }

packages/backend/src/config/app.ts

@@ -46,6 +46,7 @@ type AppConfig = {
   }
   launchDarklySdkKey: string
   maxJobAttempts: number
+  onboardingEmailWebhookUrl: string
 }
 
 const port = process.env.PORT || '3000'
@@ -105,6 +106,7 @@ const appConfig: AppConfig = {
   },
   launchDarklySdkKey: process.env.LAUNCH_DARKLY_SDK_KEY,
   maxJobAttempts: Number(process.env.MAX_JOB_ATTEMPTS ?? '10'),
+  onboardingEmailWebhookUrl: process.env.ONBOARDING_EMAIL_WEBHOOK_URL || '',
 }
 
 if (!appConfig.encryptionKey) {

packages/backend/src/graphql/mutations/login-with-selected-sgid.ts

@@ -2,7 +2,12 @@ import { type Request } from 'express'
 import { verify as verifyJwt } from 'jsonwebtoken'
 
 import appConfig from '@/config/app'
-import { getOrCreateUser, setAuthCookie, updateLastLogin } from '@/helpers/auth'
+import {
+  getOrCreateUser,
+  sendOnboardingEmail,
+  setAuthCookie,
+  updateLastLogin,
+} from '@/helpers/auth'
 import logger from '@/helpers/logger'
 import {
   type PublicOfficerEmployment,
@@ -44,6 +49,7 @@ const loginWithSelectedSgid: MutationResolvers['loginWithSelectedSgid'] =
     }
 
     const user = await getOrCreateUser(workEmail)
+    await sendOnboardingEmail(user.id)
     await updateLastLogin(user.id)
     setAuthCookie(context.res, { userId: user.id })
 

packages/backend/src/graphql/mutations/login-with-sgid.ts

@@ -3,7 +3,12 @@ import { type Response } from 'express'
 import { sign as signJwt } from 'jsonwebtoken'
 
 import appConfig from '@/config/app'
-import { getOrCreateUser, setAuthCookie, updateLastLogin } from '@/helpers/auth'
+import {
+  getOrCreateUser,
+  sendOnboardingEmail,
+  setAuthCookie,
+  updateLastLogin,
+} from '@/helpers/auth'
 import { validateAndParseEmail } from '@/helpers/email-validator'
 import logger from '@/helpers/logger'
 import {
@@ -129,6 +134,7 @@ const loginWithSgid: MutationResolvers['loginWithSgid'] = async (
   // Log user in directly if there is only 1 employment.
   if (publicOfficerEmployments.length === 1) {
     const user = await getOrCreateUser(publicOfficerEmployments[0].workEmail)
+    await sendOnboardingEmail(user.id)
     await updateLastLogin(user.id)
     setAuthCookie(context.res, { userId: user.id })
 

packages/backend/src/graphql/mutations/verify-otp.ts

@@ -1,7 +1,7 @@
 import crypto from 'crypto'
 
 import BaseError from '@/errors/base'
-import { setAuthCookie } from '@/helpers/auth'
+import { sendOnboardingEmail, setAuthCookie } from '@/helpers/auth'
 import { validateAndParseEmail } from '@/helpers/email-validator'
 import User from '@/models/user'
 
@@ -51,14 +51,15 @@ const verifyOtp: MutationResolvers['verifyOtp'] = async (
   ) {
     throw new BaseError('Invalid OTP')
   }
+  await sendOnboardingEmail(user.id)
+
   // reset otp columns
   await user.$query().patch({
     otpHash: null,
     otpAttempts: 0,
     otpSentAt: null,
     lastLoginAt: new Date(),
   })
-
   // set auth jwt as cookie
   setAuthCookie(context.res, { userId: user.id })
 

packages/backend/src/helpers/__tests__/auth.test.ts

@@ -1,12 +1,15 @@
+import axios from 'axios'
 import jwt from 'jsonwebtoken'
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
 import appConfig from '@/config/app'
+import User from '@/models/user'
 
 import {
   getAdminTokenUser,
   getOrCreateUser,
   parseAdminToken,
+  sendOnboardingEmail,
   updateLastLogin,
 } from '../auth'
 
@@ -23,6 +26,7 @@ const mocks = vi.hoisted(() => ({
   patch: vi.fn(() => ({
     where: mockPatchWhere,
   })),
+  findById: vi.fn(),
 }))
 
 vi.mock('@/models/user', () => ({
@@ -32,10 +36,24 @@ vi.mock('@/models/user', () => ({
       findOne: mocks.findOne,
       insertAndFetch: mocks.insertAndFetch,
       patch: mocks.patch,
+      findById: mocks.findById,
     })),
   },
 }))
 
+vi.mock('axios', () => ({
+  default: {
+    post: vi.fn(),
+  },
+}))
+vi.mock('@/config/app', () => ({
+  default: {
+    isProd: false,
+    onboardingEmailWebhookUrl: 'https://test-webhook.com',
+    adminJwtSecretKey: 'test-secret-key',
+  },
+}))
+
 describe('Auth helpers', () => {
   afterEach(() => {
     vi.restoreAllMocks()
@@ -202,4 +220,107 @@ describe('Auth helpers', () => {
       )
     })
   })
+
+  describe('sendOnboardingEmail', () => {
+    beforeEach(() => {
+      vi.clearAllMocks()
+    })
+
+    afterEach(() => {
+      vi.restoreAllMocks()
+    })
+
+    it('throws error with no user id', async () => {
+      await expect(sendOnboardingEmail('')).rejects.toThrowError(
+        'User id required',
+      )
+    })
+
+    it('throws error with non-existent user id', async () => {
+      mocks.findById.mockResolvedValueOnce(null)
+      await expect(sendOnboardingEmail('non-existent-id')).rejects.toThrowError(
+        'User not found',
+      )
+    })
+
+    it('does not send email if user has logged in before', async () => {
+      const mockUser = {
+        id: 'test-id',
+        email: '[email protected]',
+        lastLoginAt: new Date(),
+        createdAt: new Date(),
+      }
+
+      mocks.findById.mockResolvedValueOnce(mockUser)
+
+      await sendOnboardingEmail(mockUser.id)
+      expect(axios.post).not.toHaveBeenCalled()
+    })
+
+    it('does not send email if user was created before release date', async () => {
+      const mockUser = {
+        id: 'test-id',
+        email: '[email protected]',
+        createdAt: new Date('2024-01-01'), // Before release date
+      }
+
+      mocks.findById.mockResolvedValueOnce(mockUser)
+
+      await sendOnboardingEmail(mockUser.id)
+      expect(axios.post).not.toHaveBeenCalled()
+    })
+
+    it('does not send email in non-prod environment', async () => {
+      const mockUser = {
+        id: 'test-id',
+        email: '[email protected]',
+        createdAt: new Date('2025-03-01'), // After release date
+      }
+
+      mocks.findById.mockResolvedValueOnce(mockUser)
+
+      await sendOnboardingEmail(mockUser.id)
+      expect(axios.post).not.toHaveBeenCalled()
+    })
+
+    it('sends email in prod for eligible users', async () => {
+      appConfig.isProd = true
+
+      const mockUser = {
+        id: 'test-id',
+        email: '[email protected]',
+        lastLoginAt: null,
+        createdAt: new Date('2025-03-01'), // After release date
+      } as unknown as User
+
+      mocks.findById.mockResolvedValueOnce(mockUser)
+      vi.mocked(axios.post).mockResolvedValueOnce({ data: {} })
+
+      await sendOnboardingEmail(mockUser.id)
+
+      expect(axios.post).toHaveBeenCalledWith(
+        appConfig.onboardingEmailWebhookUrl,
+        {
+          email: mockUser.email,
+        },
+      )
+    })
+
+    it('does not send email if webhook URL is not configured', async () => {
+      vi.mocked(appConfig).isProd = true
+      vi.mocked(appConfig).onboardingEmailWebhookUrl = ''
+
+      const mockUser = {
+        id: 'test-id',
+        email: '[email protected]',
+        lastLoginAt: null,
+        createdAt: new Date('2025-03-01'), // After release date
+      } as unknown as User
+
+      mocks.findById.mockResolvedValueOnce(mockUser)
+
+      await sendOnboardingEmail(mockUser.id)
+      expect(axios.post).not.toHaveBeenCalled()
+    })
+  })
 })

packages/backend/src/helpers/auth.ts

@@ -1,3 +1,4 @@
+import axios from 'axios'
 import { Request, Response } from 'express'
 import jwt, { JsonWebTokenError } from 'jsonwebtoken'
 
@@ -7,6 +8,7 @@ import User from '@/models/user'
 const AUTH_COOKIE_NAME = 'plumber.sid'
 // 3 days expiry
 const TOKEN_EXPIRES_IN_SEC = 3 * 24 * 60 * 60
+const ONBOARDING_EMAIL_RELEASE_DATE = new Date('2025-02-27')
 
 export function setAuthCookie(
   res: Response,
@@ -61,6 +63,32 @@ export async function getOrCreateUser(email: string): Promise<User> {
   return user
 }
 
+export async function sendOnboardingEmail(id: string) {
+  if (!id) {
+    throw new Error('User id required!')
+  }
+
+  const user = await User.query().findById(id)
+  if (!user) {
+    throw new Error('User not found!')
+  }
+
+  // check if user has logged in before and has been created
+  // after the specified date for the release of onboarding email
+  if (
+    user.lastLoginAt !== null ||
+    new Date(user.createdAt) < ONBOARDING_EMAIL_RELEASE_DATE
+  ) {
+    return
+  }
+  // call plumber webhook to send onboarding email only in prod
+  if (appConfig.isProd && appConfig.onboardingEmailWebhookUrl) {
+    await axios.post(appConfig.onboardingEmailWebhookUrl, {
+      email: user.email,
+    })
+  }
+}
+
 export async function updateLastLogin(id: string) {
   if (!id) {
     throw new Error('User id required!')