Build a generic sync identity that also gives first name and last name

Author: devksingh4

onetime/uinHash-migration.py

@@ -48,8 +48,8 @@ def migrate_uin_hashes():
 
                 # Construct the primary key and update parameters for the destination table
                 destination_pk_id = f"{net_id}{DESTINATION_ID_SUFFIX}"
-                update_expression = "SET uinHash = :uh"
-                expression_attribute_values = {":uh": uin_hash}
+                update_expression = "SET uinHash = :uh, netId = :ne"
+                expression_attribute_values = {":uh": uin_hash, ":ne": net_id}
 
                 # Update the item in the destination DynamoDB table
                 try:

src/api/functions/sync.ts

@@ -0,0 +1,46 @@
+import {
+  UpdateItemCommand,
+  type DynamoDBClient,
+} from "@aws-sdk/client-dynamodb";
+import { genericConfig } from "common/config.js";
+
+export interface SyncFullProfileInputs {
+  uinHash: string;
+  netId: string;
+  firstName: string;
+  lastName: string;
+  dynamoClient: DynamoDBClient;
+}
+
+export async function syncFullProfile({
+  uinHash,
+  netId,
+  firstName,
+  lastName,
+  dynamoClient,
+}: SyncFullProfileInputs) {
+  return dynamoClient.send(
+    new UpdateItemCommand({
+      TableName: genericConfig.UserInfoTable,
+      Key: {
+        id: { S: `${netId}@illinois.edu` },
+      },
+      UpdateExpression:
+        "SET #uinHash = :uinHash, #netId = :netId, #updatedAt = :updatedAt, #firstName = :firstName, #lastName = :lastName",
+      ExpressionAttributeNames: {
+        "#uinHash": "uinHash",
+        "#netId": "netId",
+        "#updatedAt": "updatedAt",
+        "#firstName": "firstName",
+        "#lastName": "lastName",
+      },
+      ExpressionAttributeValues: {
+        ":uinHash": { S: uinHash },
+        ":netId": { S: netId },
+        ":firstName": { S: firstName },
+        ":lastName": { S: lastName },
+        ":updatedAt": { S: new Date().toISOString() },
+      },
+    }),
+  );
+}

src/api/functions/uin.ts

@@ -178,6 +178,7 @@ export async function saveHashedUserUin({
       },
       ExpressionAttributeValues: {
         ":uinHash": { S: uinHash },
+        ":netId": { S: netId },
         ":updatedAt": { S: new Date().toISOString() },
       },
     }),

src/api/routes/syncIdentity.ts

@@ -8,7 +8,7 @@ import rateLimiter from "api/plugins/rateLimiter.js";
 import { FastifyZodOpenApiTypeProvider } from "fastify-zod-openapi";
 import * as z from "zod/v4";
 import { notAuthenticatedError, withTags } from "api/components/index.js";
-import { verifyUiucAccessToken, saveHashedUserUin } from "api/functions/uin.js";
+import { verifyUiucAccessToken, getHashedUserUin } from "api/functions/uin.js";
 import { getRoleCredentials } from "api/functions/sts.js";
 import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
 import { genericConfig, roleArns } from "common/config.js";
@@ -18,6 +18,7 @@ import {
   patchUserProfile,
   resolveEmailToOid,
 } from "api/functions/entraId.js";
+import { syncFullProfile } from "api/functions/sync.js";
 
 const syncIdentityPlugin: FastifyPluginAsync = async (fastify, _options) => {
   const getAuthorizedClients = async () => {
@@ -98,11 +99,16 @@ const syncIdentityPlugin: FastifyPluginAsync = async (fastify, _options) => {
             message: "ID token could not be parsed.",
           });
         }
-        await saveHashedUserUin({
+        const uinHash = await getHashedUserUin({
           uiucAccessToken: accessToken,
           pepper: fastify.secretConfig.UIN_HASHING_SECRET_PEPPER,
-          dynamoClient: fastify.dynamoClient,
+        });
+        await syncFullProfile({
+          uinHash,
+          firstName: givenName,
+          lastName: surname,
           netId,
+          dynamoClient: fastify.dynamoClient,
         });
         let isPaidMember = await checkPaidMembershipFromRedis(
           netId,

src/api/routes/v2/membership.ts

@@ -22,7 +22,7 @@ import {
   withRoles,
   withTags,
 } from "api/components/index.js";
-import { verifyUiucAccessToken, saveHashedUserUin } from "api/functions/uin.js";
+import { verifyUiucAccessToken, getHashedUserUin } from "api/functions/uin.js";
 import { getKey, setKey } from "api/functions/redisCache.js";
 import { getEntraIdToken } from "api/functions/entraId.js";
 import { genericConfig, roleArns } from "common/config.js";
@@ -31,6 +31,7 @@ import { SecretsManagerClient } from "@aws-sdk/client-secrets-manager";
 import { BatchGetItemCommand, DynamoDBClient } from "@aws-sdk/client-dynamodb";
 import { AppRoles } from "common/roles.js";
 import { marshall, unmarshall } from "@aws-sdk/util-dynamodb";
+import { syncFullProfile } from "api/functions/sync.js";
 
 const membershipV2Plugin: FastifyPluginAsync = async (fastify, _options) => {
   const getAuthorizedClients = async () => {
@@ -115,11 +116,16 @@ const membershipV2Plugin: FastifyPluginAsync = async (fastify, _options) => {
           });
         }
         request.log.debug("Saving user hashed UIN!");
-        const saveHashPromise = saveHashedUserUin({
+        const uinHash = await getHashedUserUin({
           uiucAccessToken: accessToken,
           pepper: fastify.secretConfig.UIN_HASHING_SECRET_PEPPER,
-          dynamoClient: fastify.dynamoClient,
+        });
+        const savePromise = syncFullProfile({
+          uinHash,
+          firstName: givenName,
+          lastName: surname,
           netId,
+          dynamoClient: fastify.dynamoClient,
         });
         let isPaidMember = await checkPaidMembershipFromRedis(
           netId,
@@ -132,7 +138,7 @@ const membershipV2Plugin: FastifyPluginAsync = async (fastify, _options) => {
             fastify.dynamoClient,
           );
         }
-        await saveHashPromise;
+        await savePromise;
         request.log.debug("Saved user hashed UIN!");
         if (isPaidMember) {
           throw new ValidationError({