Finished log in and sign up for volunteers and participants and linked it with the intake form (#46)

## Notion ticket link
<!-- Please replace with your ticket's URL -->
[Ticket
Name](https://www.notion.so/uwblueprintexecs/Login-Page-1fd10f3fb1dc809686a7ea3b4f7c2ca0?source=copy_link)


<!-- Give a quick summary of the implementation details, provide design
justifications if necessary -->
## Implementation description
* Added sign up and login pages
* Added password reset and log in verification
* Linked login with intake forms (french versions not available yet)
* Added the admin pages (not functional yet)


<!-- What should the reviewer do to verify your changes? Describe
expected results and include screenshots when appropriate -->
## Steps to test
1. Create users for volunteers and participants and try logging in
2. Reset password
3. Test the intake form depending on how completed that is
4. Try seeing if all the page transitions works


<!-- Draw attention to the substantial parts of your PR or anything
you'd like a second opinion on -->
## What should reviewers focus on?
* Should the emails for verification and reset password look different


## Checklist
- [ ] My PR name is descriptive and in imperative tense
- [ ] My commit messages are descriptive and in imperative tense. My
commits are atomic and trivial commits are squashed or fixup'd into
non-trivial commits
- [ ] I have run the appropriate linter(s)
- [ ] I have requested a review from the PL, as well as other devs who
have background knowledge on this PR or who will be building on top of
this PR

---------

Co-authored-by: Lucy Qi <[email protected]>
Co-authored-by: richieb21 <[email protected]>
Co-authored-by: YashK2005 <[email protected]>

Author: 4 people

backend/app/interfaces/auth_service.py

@@ -129,3 +129,10 @@ def is_authorized_by_email(self, access_token, requested_email):
         :rtype: bool
         """
         pass
+
+    @abstractmethod
+    def verify_email(self, email):
+        """
+        Verify the email address of the user with the given email
+        """
+        pass

backend/app/middleware/auth_middleware.py

@@ -17,7 +17,14 @@ def __init__(self, app: ASGIApp, public_paths: List[str] = None):
         self.logger = logging.getLogger(LOGGER_NAME("auth_middleware"))
 
     def is_public_path(self, path: str) -> bool:
-        return path in self.public_paths
+        for public_path in self.public_paths:
+            # Handle parameterized routes by checking if path starts with the pattern
+            if public_path.endswith("{email}") and path.startswith(public_path.replace("{email}", "")):
+                return True
+            # Exact match for non-parameterized routes
+            if path == public_path:
+                return True
+        return False
 
     async def dispatch(self, request: Request, call_next):
         if self.is_public_path(request.url.path):

backend/app/models/User.py

@@ -11,8 +11,8 @@
 class User(Base):
     __tablename__ = "users"
     id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
-    first_name = Column(String(80), nullable=False)
-    last_name = Column(String(80), nullable=False)
+    first_name = Column(String(80), nullable=True)
+    last_name = Column(String(80), nullable=True)
     email = Column(String(120), unique=True, nullable=False)
     role_id = Column(Integer, ForeignKey("roles.id"), nullable=False)
     auth_id = Column(String, nullable=False)

backend/app/routes/auth.py

@@ -1,4 +1,4 @@
-from fastapi import APIRouter, Depends, HTTPException, Request
+from fastapi import APIRouter, Depends, HTTPException, Request, Response
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 
 from ..schemas.auth import AuthResponse, LoginRequest, RefreshRequest, Token
@@ -68,3 +68,31 @@ async def refresh(refresh_data: RefreshRequest, auth_service: AuthService = Depe
         return auth_service.renew_token(refresh_data.refresh_token)
     except Exception as e:
         raise HTTPException(status_code=401, detail=str(e))
+
+
+@router.post("/resetPassword/{email}")
+async def reset_password(email: str, auth_service: AuthService = Depends(get_auth_service)):
+    try:
+        auth_service.reset_password(email)
+        # Return 204 No Content for successful password reset email sending
+        return Response(status_code=204)
+    except Exception:
+        # Don't reveal if email exists or not for security reasons
+        # Always return success even if email doesn't exist
+        return Response(status_code=204)
+
+
+@router.post("/verify/{email}")
+async def verify_email(email: str, auth_service: AuthService = Depends(get_auth_service)):
+    try:
+        auth_service.verify_email(email)
+        return Response(status_code=200)
+    except ValueError as e:
+        # Log the error for debugging but don't expose it to the client
+        print(f"Email verification failed for {email}: {str(e)}")
+        # Return 404 for user not found instead of 400
+        return Response(status_code=404)
+    except Exception as e:
+        # Log unexpected errors
+        print(f"Unexpected error during email verification for {email}: {str(e)}")
+        return Response(status_code=500)

backend/app/schemas/user.py

@@ -40,8 +40,8 @@ class UserBase(BaseModel):
     Base schema for user model with common attributes shared across schemas.
     """
 
-    first_name: str = Field(..., min_length=1, max_length=50)
-    last_name: str = Field(..., min_length=1, max_length=50)
+    first_name: Optional[str] = Field(None, min_length=0, max_length=50)
+    last_name: Optional[str] = Field(None, min_length=0, max_length=50)
     email: EmailStr
     role: UserRole
 

backend/app/server.py

@@ -24,6 +24,8 @@
     "/openapi.json",
     "/auth/login",
     "/auth/register",
+    "/auth/resetPassword/{email}",
+    "/auth/verify/{email}",
     "/health",
     "/test-middleware-public",
     "/email/send-test-email",
@@ -47,6 +49,7 @@ async def lifespan(_: FastAPI):
     CORSMiddleware,
     allow_origins=[
         "http://localhost:3000",
+        "http://localhost:3002",
         "https://uw-blueprint-starter-code.firebaseapp.com",
         "https://uw-blueprint-starter-code.web.app",
         # TODO: create a separate middleware function to dynamically

backend/app/services/implementations/auth_service.py

@@ -1,6 +1,8 @@
 import logging
+import os
 
 import firebase_admin.auth
+import requests
 from fastapi import HTTPException
 
 from app.utilities.constants import LOGGER_NAME
@@ -46,10 +48,29 @@ def renew_token(self, refresh_token: str) -> Token:
 
     def reset_password(self, email: str) -> None:
         try:
-            firebase_admin.auth.generate_password_reset_link(email)
+            # Use Firebase REST API to send password reset email
+            url = f"https://identitytoolkit.googleapis.com/v1/accounts:sendOobCode?key={os.getenv('FIREBASE_WEB_API_KEY')}"
+            data = {
+                "requestType": "PASSWORD_RESET",
+                "email": email,
+                "continueUrl": "http://localhost:3000/set-new-password",  # Custom action URL
+            }
+
+            response = requests.post(url, json=data)
+            response_json = response.json()
+
+            if response.status_code != 200:
+                error_message = response_json.get("error", {}).get("message", "Unknown error")
+                self.logger.error(f"Failed to send password reset email: {error_message}")
+                # Don't raise exception for security reasons - don't reveal if email exists
+                return
+
+            self.logger.info(f"Password reset email sent successfully to {email}")
+
         except Exception as e:
             self.logger.error(f"Failed to reset password: {str(e)}")
-            raise
+            # Don't raise exception for security reasons - don't reveal if email exists
+            return
 
     def send_email_verification_link(self, email: str) -> None:
         try:
@@ -87,3 +108,27 @@ def is_authorized_by_email(self, access_token: str, requested_email: str) -> boo
         except Exception as e:
             print(f"Authorization error: {str(e)}")
             return False
+
+    def verify_email(self, email: str):
+        try:
+            user = self.user_service.get_user_by_email(email)
+            if not user:
+                self.logger.error(f"User not found for email: {email}")
+                raise ValueError("User not found")
+
+            if not user.auth_id:
+                self.logger.error(f"User {user.id} has no auth_id")
+                raise ValueError("User has no auth_id")
+
+            self.logger.info(f"Updating email verification for user {user.id} with auth_id {user.auth_id}")
+            firebase_admin.auth.update_user(user.auth_id, email_verified=True)
+            self.logger.info(f"Successfully verified email for user {user.id}")
+
+        except ValueError as e:
+            # User not found in database - this might happen if there's a timing issue
+            # between Firebase user creation and database user creation
+            self.logger.warning(f"User not found in database for email {email}: {str(e)}")
+            raise
+        except Exception as e:
+            self.logger.error(f"Failed to verify email for {email}: {str(e)}")
+            raise

backend/migrations/versions/88c4cf2a6bd2_merge_heads.py

@@ -0,0 +1,23 @@
+"""merge heads
+
+Revision ID: 88c4cf2a6bd2
+Revises: abcd1234active, d6d4e2e5af85, fef3717e0fc2
+Create Date: 2025-07-20 16:06:01.056373
+
+"""
+
+from typing import Sequence, Union
+
+# revision identifiers, used by Alembic.
+revision: str = "88c4cf2a6bd2"
+down_revision: Union[str, None] = ("abcd1234active", "d6d4e2e5af85", "fef3717e0fc2")
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    pass
+
+
+def downgrade() -> None:
+    pass

backend/migrations/versions/d6d4e2e5af85_set_first_last_name_to_nullable.py

@@ -0,0 +1,32 @@
+"""set-first-last-name-to-nullable
+
+Revision ID: d6d4e2e5af85
+Revises: c9bc2b4d1036
+Create Date: 2025-06-11 22:22:13.206761
+
+"""
+
+from typing import Sequence, Union
+
+import sqlalchemy as sa
+from alembic import op
+
+# revision identifiers, used by Alembic.
+revision: str = "d6d4e2e5af85"
+down_revision: Union[str, None] = "c9bc2b4d1036"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column("users", "first_name", existing_type=sa.VARCHAR(length=80), nullable=True)
+    op.alter_column("users", "last_name", existing_type=sa.VARCHAR(length=80), nullable=True)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column("users", "last_name", existing_type=sa.VARCHAR(length=80), nullable=False)
+    op.alter_column("users", "first_name", existing_type=sa.VARCHAR(length=80), nullable=False)
+    # ### end Alembic commands ###