Wire up intake frontend to backend (#50)

This PR completes the intake forms end-to-end. Once the user creates an
account and logs in they are taken to the participant or volunteer
intake forms depending their role. Once they fill out the intake form,
data is sent to the backend, processed, and stored in the db tables.

Things to do next / questions:
- what should we do after the intake form is submitted (like what should
show up next in the UI) - right now after they log in they will just see
the intake form again
- we must complete the rankings forms --> this requires mostly backend
but also some frontend like making sure some of the options are fetched
from the backend (for the experiences) rather than hardcoded. I will
rebase our rankings branch onto this one and work on this
<!-- 
- our db migrations for the intake not good. i will redo that part and
also ensure things are seeded properly
-->
- also should have some frontend gating by role - eg. if i am a
volunteer i can still go to the /participant/intake form and fill that
out. we should block this
- i don't think we've done the secondary screening for volunteers yet so
that should be done (we can probably do this during the fall term)


## Notion ticket link
<!-- Please replace with your ticket's URL -->
[Ticket
Name](https://www.notion.so/uwblueprintexecs/Task-Board-db95cd7b93f245f78ee85e3a8a6a316d)


<!-- Give a quick summary of the implementation details, provide design
justifications if necessary -->
## Implementation description
* 


<!-- What should the reviewer do to verify your changes? Describe
expected results and include screenshots when appropriate -->
## Steps to test
1.


<!-- Draw attention to the substantial parts of your PR or anything
you'd like a second opinion on -->
## What should reviewers focus on?
* 


## Checklist
- [ ] My PR name is descriptive and in imperative tense
- [ ] My commit messages are descriptive and in imperative tense. My
commits are atomic and trivial commits are squashed or fixup'd into
non-trivial commits
- [ ] I have run the appropriate linter(s)
- [ ] I have requested a review from the PL, as well as other devs who
have background knowledge on this PR or who will be building on top of
this PR

Author: YashK2005

.github/workflows/backend-ci.yml

@@ -15,6 +15,8 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
+    env:
+      POSTGRES_DATABASE_URL: postgresql://testuser:testpassword@localhost:5432/llsc_test
 
     strategy:
       matrix:
@@ -70,7 +72,7 @@ jobs:
     - name: Run database migrations
       working-directory: ./backend
       run: |
-        pdm run alembic upgrade head
+        pdm run alembic upgrade heads
         
     - name: Run linting
       working-directory: ./backend
@@ -89,10 +91,7 @@ jobs:
       run: |
         pdm run python -m pytest tests/unit/ -v --cov=app --cov-report=xml --cov-report=term-missing
         
-    - name: Run integration tests
-      working-directory: ./backend
-      run: |
-        pdm run python -m pytest tests/functional/ -v
+    # Skipping functional tests for now; no active tests in tests/functional
 
     - name: Upload coverage to Codecov
       uses: codecov/codecov-action@v4
@@ -115,8 +114,11 @@ jobs:
         path: backend/security-report.json
 
   e2e-tests:
+    if: ${{ false }}  # Temporarily disabled until real E2E tests exist
     runs-on: ubuntu-latest
     needs: test
+    env:
+      POSTGRES_DATABASE_URL: postgresql://testuser:testpassword@localhost:5432/llsc_test
 
     services:
       postgres:
@@ -163,7 +165,7 @@ jobs:
     - name: Run database migrations
       working-directory: ./backend
       run: |
-        pdm run alembic upgrade head
+        pdm run alembic upgrade heads
         
     - name: Start backend server
       working-directory: ./backend

backend/app/middleware/auth_middleware.py

@@ -27,6 +27,10 @@ def is_public_path(self, path: str) -> bool:
         return False
 
     async def dispatch(self, request: Request, call_next):
+        # Allow preflight CORS requests to pass through without auth
+        if request.method.upper() == "OPTIONS":
+            return await call_next(request)
+
         if self.is_public_path(request.url.path):
             self.logger.info(f"Skipping auth for public path: {request.url.path}")
             return await call_next(request)

backend/app/routes/intake.py

@@ -113,23 +113,24 @@ async def create_form_submission(
         if not current_user:
             raise HTTPException(status_code=401, detail="User not found")
 
-        # Determine form_id if not provided
+        # Determine form_id if not provided and derive effective form_type for auth check
         form_id = submission.form_id
+        effective_form_type = None
         if not form_id:
-            # Auto-detect form based on formType in answers
-            form_type = submission.answers.get("formType")
-            if not form_type:
+            effective_form_type = submission.answers.get("form_type")
+            if not effective_form_type:
                 raise HTTPException(
-                    status_code=400, detail="formType must be specified in answers when form_id is not provided"
+                    status_code=400, detail="form_type must be specified in answers when form_id is not provided"
                 )
 
             # Map formType to form name
             form_name_mapping = {"participant": "Participant Intake Form", "volunteer": "Volunteer Intake Form"}
 
-            form_name = form_name_mapping.get(form_type)
+            form_name = form_name_mapping.get(effective_form_type)
             if not form_name:
                 raise HTTPException(
-                    status_code=400, detail=f"Invalid formType: {form_type}. Must be 'participant' or 'volunteer'"
+                    status_code=400,
+                    detail=f"Invalid formType: {effective_form_type}. Must be 'participant' or 'volunteer'",
                 )
 
             # Find the form
@@ -138,11 +139,23 @@ async def create_form_submission(
             if not form:
                 raise HTTPException(status_code=500, detail=f"Intake form '{form_name}' not found in database")
             form_id = form.id
-
-        # Verify the form exists and is of type 'intake'
-        form = db.query(Form).filter(Form.id == form_id, Form.type == "intake").first()
-        if not form:
-            raise HTTPException(status_code=404, detail="Intake form not found")
+        else:
+            # Verify the form exists and is of type 'intake'
+            form = db.query(Form).filter(Form.id == form_id, Form.type == "intake").first()
+            if not form:
+                raise HTTPException(status_code=404, detail="Intake form not found")
+            # Derive effective type from form name
+            if "Participant" in form.name:
+                effective_form_type = "participant"
+            elif "Volunteer" in form.name:
+                effective_form_type = "volunteer"
+
+        # Enforce role-to-form access (admin exempt)
+        if current_user.role.name != "admin":
+            if current_user.role.name == "volunteer" and effective_form_type != "volunteer":
+                raise HTTPException(status_code=403, detail="Volunteers can only submit the volunteer intake form")
+            if current_user.role.name == "participant" and effective_form_type != "participant":
+                raise HTTPException(status_code=403, detail="Participants can only submit the participant intake form")
 
         # Create the raw form submission record
         db_submission = FormSubmission(

backend/app/schemas/user.py

@@ -78,8 +78,8 @@ class UserUpdateRequest(BaseModel):
     Request schema for user updates, all fields optional
     """
 
-    first_name: Optional[str] = Field(None, min_length=1, max_length=50)
-    last_name: Optional[str] = Field(None, min_length=1, max_length=50)
+    first_name: Optional[str] = Field(None, min_length=0, max_length=50)
+    last_name: Optional[str] = Field(None, min_length=0, max_length=50)
     email: Optional[EmailStr] = None
     role: Optional[UserRole] = None
     approved: Optional[bool] = None
@@ -91,8 +91,8 @@ class UserCreateResponse(BaseModel):
     """
 
     id: UUID
-    first_name: str
-    last_name: str
+    first_name: Optional[str]
+    last_name: Optional[str]
     email: EmailStr
     role_id: int
     auth_id: str
@@ -108,8 +108,8 @@ class UserResponse(BaseModel):
     """
 
     id: UUID
-    first_name: str
-    last_name: str
+    first_name: Optional[str]
+    last_name: Optional[str]
     email: EmailStr
     role_id: int
     auth_id: str

backend/app/server.py

@@ -45,6 +45,8 @@ async def lifespan(_: FastAPI):
 # Source: https://stackoverflow.com/questions/77170361/
 # running-alembic-migrations-on-fastapi-startup
 app = FastAPI(lifespan=lifespan)
+
+app.add_middleware(AuthMiddleware, public_paths=PUBLIC_PATHS)
 app.add_middleware(
     CORSMiddleware,
     allow_origins=[
@@ -60,8 +62,6 @@ async def lifespan(_: FastAPI):
     allow_methods=["*"],
     allow_headers=["*"],
 )
-
-app.add_middleware(AuthMiddleware, public_paths=PUBLIC_PATHS)
 app.include_router(auth.router)
 app.include_router(user.router)
 app.include_router(availability.router)

backend/app/services/implementations/intake_form_processor.py

@@ -5,7 +5,7 @@
 
 from sqlalchemy.orm import Session
 
-from app.models import Experience, Treatment, UserData
+from app.models import Experience, Treatment, User, UserData
 
 logger = logging.getLogger(__name__)
 
@@ -48,22 +48,29 @@ def process_form_submission(self, user_id: str, form_data: Dict[str, Any]) -> Us
                 self.db.flush()  # Get ID assigned before processing relationships
 
             # Process different sections of the form
-            self._process_personal_info(user_data, form_data.get("personalInfo", {}))
+            self._process_personal_info(user_data, form_data.get("personal_info", {}))
             self._process_demographics(user_data, form_data.get("demographics", {}))
-            self._process_cancer_experience(user_data, form_data.get("cancerExperience", {}))
+            self._process_cancer_experience(user_data, form_data.get("cancer_experience", {}))
             self._process_flow_control(user_data, form_data)
 
             # Process treatments and experiences (many-to-many)
-            self._process_treatments(user_data, form_data.get("cancerExperience", {}))
-            self._process_experiences(user_data, form_data.get("cancerExperience", {}))
+            cancer_exp = form_data.get("cancer_experience", {})
+            self._process_treatments(user_data, cancer_exp)
+            self._process_experiences(user_data, cancer_exp)
 
             # Process caregiver experience for volunteers (separate from cancer experience)
-            if "caregiverExperience" in form_data:
-                self._process_caregiver_experience(user_data, form_data["caregiverExperience"])
+            if "caregiver_experience" in form_data:
+                self._process_caregiver_experience(user_data, form_data.get("caregiver_experience", {}))
 
             # Process loved one data if present
-            if "lovedOne" in form_data:
-                self._process_loved_one_data(user_data, form_data["lovedOne"])
+            if "loved_one" in form_data:
+                self._process_loved_one_data(user_data, form_data.get("loved_one", {}))
+
+            # Fallback: ensure email is set from the authenticated User if not provided in form
+            if not user_data.email:
+                owning_user = self.db.query(User).filter(User.id == user_data.user_id).first()
+                if owning_user and owning_user.email:
+                    user_data.email = owning_user.email
 
             # Commit all changes
             self.db.commit()
@@ -97,15 +104,23 @@ def _get_or_create_user_data(self, user_id: str) -> Tuple[UserData, bool]:
 
     def _validate_required_fields(self, form_data: Dict[str, Any]):
         """Validate that required fields are present."""
-        if "personalInfo" not in form_data:
-            raise KeyError("personalInfo section is required")
-
-        personal_info = form_data["personalInfo"]
-        required_fields = ["firstName", "lastName", "dateOfBirth", "phoneNumber", "city", "province", "postalCode"]
-
-        for field in required_fields:
-            if field not in personal_info:
-                raise KeyError(f"Required field missing: personalInfo.{field}")
+        personal_info = form_data.get("personal_info")
+        if not personal_info:
+            raise KeyError("personal_info section is required")
+
+        required_fields = [
+            "first_name",
+            "last_name",
+            "date_of_birth",
+            "phone_number",
+            "city",
+            "province",
+            "postal_code",
+        ]
+
+        for key in required_fields:
+            if key not in personal_info:
+                raise KeyError(f"Required field missing: personal_info.{key}")
 
     def _trim_text(self, text: str) -> str:
         """Trim whitespace from text fields."""
@@ -132,48 +147,50 @@ def _parse_date(self, date_str: str):
 
     def _process_personal_info(self, user_data: UserData, personal_info: Dict[str, Any]):
         """Process personal information fields."""
-        user_data.first_name = self._trim_text(personal_info.get("firstName"))
-        user_data.last_name = self._trim_text(personal_info.get("lastName"))
+        user_data.first_name = self._trim_text(personal_info.get("first_name"))
+        user_data.last_name = self._trim_text(personal_info.get("last_name"))
         user_data.email = self._trim_text(personal_info.get("email"))
-        user_data.phone = self._trim_text(personal_info.get("phoneNumber"))
+        user_data.phone = self._trim_text(personal_info.get("phone_number"))
         user_data.city = self._trim_text(personal_info.get("city"))
         user_data.province = self._trim_text(personal_info.get("province"))
-        user_data.postal_code = self._trim_text(personal_info.get("postalCode"))
+        user_data.postal_code = self._trim_text(personal_info.get("postal_code"))
 
         # Parse date of birth with strict validation
-        if "dateOfBirth" in personal_info:
+        if "date_of_birth" in personal_info:
             try:
-                user_data.date_of_birth = self._parse_date(personal_info["dateOfBirth"])
+                user_data.date_of_birth = self._parse_date(personal_info.get("date_of_birth"))
             except ValueError:
-                raise ValueError(f"Invalid date format for dateOfBirth: {personal_info['dateOfBirth']}")
+                raise ValueError(f"Invalid date format for dateOfBirth: {personal_info.get('date_of_birth')}")
 
     def _process_demographics(self, user_data: UserData, demographics: Dict[str, Any]):
         """Process demographic information."""
-        user_data.gender_identity = self._trim_text(demographics.get("genderIdentity"))
+        user_data.gender_identity = self._trim_text(demographics.get("gender_identity"))
         user_data.pronouns = demographics.get("pronouns", [])
-        user_data.ethnic_group = demographics.get("ethnicGroup", [])
-        user_data.marital_status = self._trim_text(demographics.get("maritalStatus"))
-        user_data.has_kids = demographics.get("hasKids")
-        user_data.other_ethnic_group = self._trim_text(demographics.get("ethnicGroupCustom"))
-        user_data.gender_identity_custom = self._trim_text(demographics.get("genderIdentityCustom"))
+        user_data.ethnic_group = demographics.get("ethnic_group", [])
+        user_data.marital_status = self._trim_text(demographics.get("marital_status"))
+        user_data.has_kids = demographics.get("has_kids")
+        user_data.other_ethnic_group = self._trim_text(demographics.get("ethnic_group_custom"))
+        user_data.gender_identity_custom = self._trim_text(demographics.get("gender_identity_custom"))
 
     def _process_cancer_experience(self, user_data: UserData, cancer_experience: Dict[str, Any]):
         """Process cancer experience information."""
         user_data.diagnosis = self._trim_text(cancer_experience.get("diagnosis"))
-        user_data.other_treatment = self._trim_text(cancer_experience.get("otherTreatment"))
-        user_data.other_experience = self._trim_text(cancer_experience.get("otherExperience"))
+        user_data.other_treatment = self._trim_text(cancer_experience.get("other_treatment"))
+        user_data.other_experience = self._trim_text(cancer_experience.get("other_experience"))
 
         # Parse diagnosis date with strict validation
-        if "dateOfDiagnosis" in cancer_experience:
+        if "date_of_diagnosis" in cancer_experience:
             try:
-                user_data.date_of_diagnosis = self._parse_date(cancer_experience["dateOfDiagnosis"])
+                user_data.date_of_diagnosis = self._parse_date(cancer_experience.get("date_of_diagnosis"))
             except ValueError:
-                raise ValueError(f"Invalid date format for dateOfDiagnosis: {cancer_experience['dateOfDiagnosis']}")
+                raise ValueError(
+                    f"Invalid date format for dateOfDiagnosis: {cancer_experience.get('date_of_diagnosis')}"
+                )
 
     def _process_flow_control(self, user_data: UserData, form_data: Dict[str, Any]):
         """Process flow control fields."""
-        user_data.has_blood_cancer = form_data.get("hasBloodCancer")
-        user_data.caring_for_someone = form_data.get("caringForSomeone")
+        user_data.has_blood_cancer = form_data.get("has_blood_cancer")
+        user_data.caring_for_someone = form_data.get("caring_for_someone")
 
     def _process_treatments(self, user_data: UserData, cancer_exp: Dict[str, Any]):
         """
@@ -242,7 +259,7 @@ def _process_caregiver_experience(self, user_data: UserData, caregiver_exp: Dict
             return
 
         # Handle "Other" caregiver experience text
-        user_data.other_experience = caregiver_exp.get("otherExperience")
+        user_data.other_experience = caregiver_exp.get("other_experience")
 
         # Process caregiver experiences - map to same experiences table
         experience_names = caregiver_exp.get("experiences", [])
@@ -280,18 +297,18 @@ def _process_loved_one_data(self, user_data: UserData, loved_one_data: Dict[str,
         self._process_loved_one_demographics(user_data, loved_one_data.get("demographics", {}))
 
         # Process loved one cancer experience
-        self._process_loved_one_cancer_experience(user_data, loved_one_data.get("cancerExperience", {}))
+        self._process_loved_one_cancer_experience(user_data, loved_one_data.get("cancer_experience", {}))
 
         # Process loved one treatments and experiences
-        self._process_loved_one_treatments(user_data, loved_one_data.get("cancerExperience", {}))
-        self._process_loved_one_experiences(user_data, loved_one_data.get("cancerExperience", {}))
+        self._process_loved_one_treatments(user_data, loved_one_data.get("cancer_experience", {}))
+        self._process_loved_one_experiences(user_data, loved_one_data.get("cancer_experience", {}))
 
     def _process_loved_one_demographics(self, user_data: UserData, demographics: Dict[str, Any]):
         """Process loved one demographic information."""
         if not demographics:
             return
 
-        user_data.loved_one_gender_identity = demographics.get("genderIdentity")
+        user_data.loved_one_gender_identity = demographics.get("gender_identity")
         user_data.loved_one_age = demographics.get("age")
 
     def _process_loved_one_cancer_experience(self, user_data: UserData, cancer_exp: Dict[str, Any]):
@@ -302,15 +319,17 @@ def _process_loved_one_cancer_experience(self, user_data: UserData, cancer_exp:
         user_data.loved_one_diagnosis = self._trim_text(cancer_exp.get("diagnosis"))
 
         # Parse loved one diagnosis date with strict validation
-        if "dateOfDiagnosis" in cancer_exp:
+        if "date_of_diagnosis" in cancer_exp:
             try:
-                user_data.loved_one_date_of_diagnosis = self._parse_date(cancer_exp["dateOfDiagnosis"])
+                user_data.loved_one_date_of_diagnosis = self._parse_date(cancer_exp.get("date_of_diagnosis"))
             except ValueError:
-                raise ValueError(f"Invalid date format for loved one dateOfDiagnosis: {cancer_exp['dateOfDiagnosis']}")
+                raise ValueError(
+                    f"Invalid date format for loved one dateOfDiagnosis: {cancer_exp.get('date_of_diagnosis')}"
+                )
 
         # Handle "Other" treatment and experience text for loved one with trimming
-        user_data.loved_one_other_treatment = self._trim_text(cancer_exp.get("otherTreatment"))
-        user_data.loved_one_other_experience = self._trim_text(cancer_exp.get("otherExperience"))
+        user_data.loved_one_other_treatment = self._trim_text(cancer_exp.get("other_treatment"))
+        user_data.loved_one_other_experience = self._trim_text(cancer_exp.get("other_experience"))
 
     def _process_loved_one_treatments(self, user_data: UserData, cancer_exp: Dict[str, Any]):
         """Process loved one treatments - map frontend names to database records."""

backend/app/services/implementations/user_service.py

@@ -40,8 +40,8 @@ async def create_user(self, user: UserCreateRequest) -> UserCreateResponse:
 
             # Create user in database
             db_user = User(
-                first_name=user.first_name,
-                last_name=user.last_name,
+                first_name=user.first_name or "",
+                last_name=user.last_name or "",
                 email=user.email,
                 role_id=role_id,
                 auth_id=firebase_user.uid,