enable privacy popups for everyobe

Author: dr3

functions/utilities/getTypeSafeUser.js

@@ -66,5 +66,6 @@ const getTypeSafeUser = (user) => {
 }
 
 module.exports = {
-    getTypeSafeUser
+    getTypeSafeUser,
+    getGuardianEmails
 }

functions/utilities/privacy/debugRouter.js

@@ -15,10 +15,11 @@ const {
   acceptedByKey,
   variantModeKey,
   latestTouchKey,
+  ageSetKey
 } = require("./privacyKeys");
-
-// /api/privacy/student/ultra-secret/view (GET)
-// /api/privacy/student/ultra-secret/reset (POST)
+const {
+  getGuardianEmails
+} = require("../getTypeSafeUser");
 
 const userDB = firebase.firestore().collection("users");
 
@@ -39,6 +40,7 @@ const getViewData = (req) => {
     acceptedByKey,
     variantModeKey,
     latestTouchKey,
+    ageSetKey,
     "birthMonth",
     "birthYear",
   ];
@@ -49,6 +51,7 @@ const getViewData = (req) => {
     data[key] = req.user[key] || null;
   });
 
+  data.guardianEmails = getGuardianEmails(req.user) || [];
   data.privacyState = req.user.privacy || null;
   data.isUnderThirteen = isUnderThirteen(req.user);
 
@@ -79,10 +82,15 @@ router.post("/reset", studentMiddleware, async (req, res) => {
     [acceptedByKey]: req.body.acceptedByKey || null,
     [variantModeKey]: req.body.variantMode || null,
     [latestTouchKey]: req.body.latestTouch || null,
-    birthMonth: req.body.birthMonth || "1",
-    birthYear: req.body.birthYear || "2025",
+    birthMonth: req.body.birthMonth || null,
+    birthYear: req.body.birthYear || null,
   };
 
+  if (req.body.emails) {
+    updateBody.emails = req.body.emails;
+    updateBody.guardianEmail = null;
+  }
+
   await userDB.doc(req.user.uid).update(updateBody);
 
   return res.status(200).send(getResponseBody(req, updateBody));

functions/utilities/privacy/privacyKeys.js

@@ -16,6 +16,7 @@ const guardianPrivacyAuthTokenKey = "guardianPrivacyAuthToken";
 const acceptedKey = `${latestPrivacyVersion}-accepted`;
 const acceptedByKey = `${latestPrivacyVersion}-acceptedBy`;
 const variantModeKey = `${latestPrivacyVersion}-variant`;
+const ageSetKey = `${latestPrivacyVersion}-ageSet`;
 
 module.exports = {
   firstSeenKey,
@@ -26,4 +27,5 @@ module.exports = {
   acceptedKey,
   acceptedByKey,
   variantModeKey,
+  ageSetKey
 };

functions/utilities/privacy/router.js

@@ -12,9 +12,13 @@ const {
   guardianPrivacyAuthTokenKey,
   acceptedKey,
   acceptedByKey,
-  latestTouchKey
+  latestTouchKey,
+  ageSetKey
 } = require("./privacyKeys");
 const debugRouter = require("./debugRouter");
+const {
+  getGuardianEmails
+} = require("../getTypeSafeUser");
 
 router.use("/student/ultra-secret", debugRouter);
 
@@ -140,14 +144,18 @@ router.get("/student/delay", studentMiddleware, async (req, res) => {
 
 router.post("/student/update", studentMiddleware, async (req, res) => {
   try {
+    const emails = mergeAccountEmailsWithReqBodyGuardianEmails(req, res);
+    const hasGuardianEmails = emails.some(e => e?.type === 'guardian');
+    const guardianTouchKey = req.user[userNeedsGuardianTouchKey] || Date.now();
+
     const updateBody = {
-      emails: mergeAccountEmailsWithReqBodyGuardianEmails(req, res),
+      emails,
       guardianEmail: null,
       [guardianPrivacyAuthTokenKey]:
         req.user[guardianPrivacyAuthTokenKey] ||
         generateGuardianPrivacyAuthToken(),
       [userNeedsGuardianTouchKey]:
-        req.user[userNeedsGuardianTouchKey] || Date.now(),
+        hasGuardianEmails ? guardianTouchKey : null,
       [firstSeenKey]: req.user[firstSeenKey] || Date.now(),
       [dueByKey]: req.user[dueByKey] || Date.now() + SevenDays,
       [latestTouchKey]: Date.now(),
@@ -168,6 +176,47 @@ router.post("/student/update", studentMiddleware, async (req, res) => {
   }
 });
 
+router.post("/student/update-age", studentMiddleware, async (req, res) => {
+  try {
+    const month = req.body.month;
+    const year = req.body.year;
+
+    if (
+      typeof month !== "number" ||
+      month < 1 ||
+      month > 12 ||
+      typeof year !== "number" ||
+      year < 1900 ||
+      year > new Date().getFullYear()
+    ) {
+      return res.status(200).send({
+        success: false,
+        error: "Invalid month or year",
+        data: null,
+      });
+    }
+
+    const updateBody = {
+      birthMonth: String(month),
+      birthYear: String(year),
+      [ageSetKey]: Date.now(),
+    };
+
+    await userDB.doc(req.user.uid).update(updateBody);
+
+    return res
+      .status(200)
+      .send({ success: true, data: updateBody, error: null });
+  } catch (e) {
+    console.error("Failed to update age", req.user.uid, e);
+    return res.status(200).send({
+      success: false,
+      error: "Failed to update age",
+      data: null,
+    });
+  }
+});
+
 router.get("/student/accept", studentMiddleware, async (req, res) => {
   try {
     const updateBody = {

functions/utilities/privacy/utils.js

@@ -6,6 +6,9 @@ const {
   acceptedKey,
   variantModeKey,
 } = require("./privacyKeys");
+const {
+  getGuardianEmails
+} = require("../getTypeSafeUser");
 
 const userDB = firebase.firestore().collection("users");
 
@@ -41,6 +44,10 @@ const isUnderThirteen = (user) => {
     return false;
   }
 
+  if (user.code) {
+    return false; // assume teachers are over 13
+  }
+
   return true;
 };
 
@@ -56,8 +63,8 @@ const getPrivacyVariant = (user) => {
   }
 }
 
-const shouldRetryPopup = (lastTouched, isUnder13) => {
-  if (isUnder13) return false;
+const shouldRetryPopup = (lastTouched, isUnder13, guardianEmails) => {
+  if (isUnder13 && guardianEmails.length) return false;
 
   try {
     if (!lastTouched) return false;
@@ -68,20 +75,38 @@ const shouldRetryPopup = (lastTouched, isUnder13) => {
   }
 }
 
+const hasValidAge = (email, user) => {
+  try {
+    if (!email.includes("@mcmill.co.uk")) return true; // only enforce for test accounts for now
+    if (user.code) return true; // assume teachers are valid
+
+    const birthYear = getCleanNumber(user?.birthYear);
+    const birthMonth = getCleanNumber(user?.birthMonth);
+
+    if (!birthYear || !birthMonth) return false;
+    if (birthYear < 1900 || birthYear > new Date().getFullYear()) return false;
+    if (birthMonth < 1 || birthMonth > 12) return false;
+
+    return true;
+  } catch {
+    return true; // fail safe
+  }
+}
+
 const getPrivacyState = (email, user) => {
   const isUnder13 = isUnderThirteen(user);
   const variant = getPrivacyVariant(user);
+  const guardianEmails = getGuardianEmails(user);
+  const validAge = hasValidAge(email, user);
 
   const useUnder13 = isUnder13 && variant !== 'year8webinar'
 
-  if (
-    !email.includes("@mcmill.co.uk") ||
-    process.env.IS_FIREBASE_CLI == "true"
-  ) {
+  if (!validAge) {
+    // User has invalid age data
     return {
       debug: 1,
-      visible: false,
-      mode: "none",
+      visible: true,
+      mode: "update-age",
       variant
     };
   }
@@ -100,7 +125,7 @@ const getPrivacyState = (email, user) => {
   const dueBy = user[dueByKey];
   const latestTouch = user[latestTouchKey];
 
-  const shouldRetry = shouldRetryPopup(latestTouch, useUnder13);
+  const shouldRetry = shouldRetryPopup(latestTouch, useUnder13, guardianEmails);
 
   const delayResponse = {
     visible: true,

scripts/privacy-reset-bulk.js

@@ -0,0 +1,53 @@
+const fs = require('fs');
+const path = require('path');
+const fb = require('firebase-admin');
+const downloadUsers = require('./utils/downloadUsers');
+const {
+  firstSeenKey,
+  latestTouchKey,
+  dueByKey,
+  userNeedsGuardianTouchKey,
+  guardianPrivacyAuthTokenKey,
+  acceptedKey,
+  acceptedByKey,
+  variantModeKey,
+  ageSetKey
+} = require('../functions/utilities/privacy/privacyKeys');
+const { getGuardianEmails } = require('../functions/utilities/getTypeSafeUser');
+
+const userDb = fb.firestore().collection('users');
+
+const dry = true;
+
+const run = async () => {
+  let users = await downloadUsers();
+  const file = path.join(__dirname, `../private/tmp-users.json`);
+  const accounts = JSON.parse(fs.readFileSync(file)).users;
+
+  for (let a of accounts) {
+    const u = users[a.localId];
+    if (!u) continue;
+
+    const emails = getGuardianEmails(u);
+
+    if (u[userNeedsGuardianTouchKey] && !emails.length) {
+      console.log('Resetting privacy touch for user without guardian email:', a.localId);
+
+      if (!dry) {
+        await userDb.doc(a.localId).set({
+        [firstSeenKey]: fb.firestore.FieldValue.delete(),
+        [latestTouchKey]: fb.firestore.FieldValue.delete(),
+        [dueByKey]: fb.firestore.FieldValue.delete(),
+        [userNeedsGuardianTouchKey]: fb.firestore.FieldValue.delete(),
+        [guardianPrivacyAuthTokenKey]: fb.firestore.FieldValue.delete(),
+        [acceptedKey]: fb.firestore.FieldValue.delete(),
+        [acceptedByKey]: fb.firestore.FieldValue.delete(),
+        [variantModeKey]: fb.firestore.FieldValue.delete(),
+        [ageSetKey]: fb.firestore.FieldValue.delete(),
+      }, {merge: true});
+      }
+    }
+  }
+}
+
+run();

scripts/privacy-reset.js

@@ -11,6 +11,7 @@ const {
   acceptedKey,
   acceptedByKey,
   variantModeKey,
+  ageSetKey
 } = require('../functions/utilities/privacy/privacyKeys');
 
 // ---------------------
@@ -51,6 +52,7 @@ const run = async () => {
     [acceptedKey]: fb.firestore.FieldValue.delete(),
     [acceptedByKey]: fb.firestore.FieldValue.delete(),
     [variantModeKey]: fb.firestore.FieldValue.delete(),
+    [ageSetKey]: fb.firestore.FieldValue.delete(),
    }, {merge: true});
 
   console.log(`User "${email}" privacy data deleted`);