if there is an email conflict doesn't it make more sense to notify the user when they submit the application rather than the admin who is approving/denying the application? there isn't really anything the admin can do if they find that an email already exists in the db other than reach out directly

hmm this is a good question, and likely related to product.

for the pantry and food manufacturer flow: a DB user should be created with an empty cognito sub when the application is submitted. we could make an api call to check if the primary email exists in cognito and throw an error otherwise (since having a cognito account makes them an official user) and not allow for modal submission.

for admin and volunteers: this is a little harder, since i am not quite sure what our frontend flow is going to be for creating these two yet. how is this email going to be obtained from the frontend?

@sam-schu @Yurika-Kan

I think checking if the primary email already exists in cognito to allow for modal submission is a good solution for pantry and food manufacturer

For admins and volunteers, the email will be provided directly (we do already have volunteer creation in the frontend on the admin volunteer management page). But for all four user types, a user should only have a cognito account if they also have a db user, so checking that the email does not already exist in our own db should be sufficient to know it won't exist in cognito (so the check you added here should hopefully never need to activate, but it should be fine to have it as a failsafe). I did have it written down in my list of future work to deal with the case where we try to create a user with an email that already exists, so I don't think you need to worry about updating the existing db user creation flows to account for that in this PR.

Makes sense to not worry about it in this pr. Just want to raise one potential case for us to think about if we decide to check against the db in the future.

If an application gets rejected, and they re-apply, it won't let them submit their application again because they already have an account in the db even if they don't have a cognito account

Based off the client meeting today, our flow of applying/rejecting may change. Based on this, I think it may be best to hold off on this logic for now. Definitely good to keep in mind right now though.

yep! with how they're planning on handling approving/denying the re-application scenario should not be an issue

I think we should change the email from the default to 1) indicate that their application was approved and 2) provide further information other than simply the password, like how to access the signup page, or even a link to the application. When I got the email I wasn't quite sure what to do with it

You can look at my cognito docs for instructions on how to change the default email, lmk if you have any questions

how to access this page will definitely change, but we can just put the link as localhost for right now, and change it later, so i like the idea of more information on what to do with the password as well.

the application approved sounds good too, but im not sure if there is a separate automated email for that. i know in many modern flows (for example, email verification after you submit a job application), you receive 2 emails: one saying your application was submitted, and another being to verify your email. if we have a separate one for this, i suggest we keep the template basic on how to setup the account.

I'm fine to table this discussion for now since the email template can be easily changed without code later.

If the intended flow is to have two emails that's fine with me, although it seems easier to implement and simpler to just have 1 email from cognito rather than having a call to cognito and a call to ses.

Why was this removed? We now don't have a test for if the pantry approval process works.

I think we should be asserting the following:

mockUsersService.create was called with the right DTO
mockRepository.update was called with { status: 'approved', pantryUser: newPantryUser }

fixed the test