feat: add onboarding form for cloud first timers

backend/ee-repo-ref.txt

@@ -1 +1 @@
-c8d57987b72fd15f2e3b8d7f6501edaac8235965
+e30b6ea6212d9d3f3b06b5aa8b690a7bf2940877

backend/windmill-api/openapi.yaml

@@ -554,6 +554,34 @@ paths:
                 items:
                   $ref: "#/components/schemas/ExportedUser"
 
+  /users/onboarding:
+    post:
+      summary: Submit user onboarding data
+      operationId: submitOnboardingData
+      tags:
+        - user
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              required:
+                - touch_point
+                - use_case
+              properties:
+                touch_point:
+                  type: string
+                use_case:
+                  type: string
+      responses:
+        '200':
+          description: Onboarding data submitted successfully
+          content:
+            application/json:
+              schema:
+                type: string                
+
   /w/{workspace}/users/delete/{username}:
     delete:
       summary: delete user (require admin privilege)
@@ -18470,12 +18498,15 @@ components:
           type: string
         operator_only:
           type: boolean
+        first_time_user:
+          type: boolean
 
       required:
         - email
         - login_type
         - super_admin
         - verified
+        - first_time_user
 
     Flow:
       allOf:

backend/windmill-api/src/users.rs

@@ -110,6 +110,7 @@ pub fn global_service() -> Router {
         .route("/leave_instance", post(leave_instance))
         .route("/export", get(export_global_users))
         .route("/overwrite", post(overwrite_global_users))
+        .route("/onboarding", post(submit_onboarding_data))
 
     // .route("/list_invite_codes", get(list_invite_codes))
     // .route("/create_invite_code", post(create_invite_code))
@@ -286,6 +287,7 @@ pub struct GlobalUserInfo {
     username: Option<String>,
     #[serde(skip_serializing_if = "Option::is_none")]
     operator_only: Option<bool>,
+    first_time_user: bool,
 }
 
 #[derive(Serialize, Debug)]
@@ -533,7 +535,7 @@ async fn list_users_as_super_admin(
             GlobalUserInfo,
             "WITH active_users AS (SELECT distinct username as email FROM audit WHERE timestamp > NOW() - INTERVAL '1 month' AND (operation = 'users.login' OR operation = 'oauth.login' OR operation = 'users.token.refresh')),
             authors as (SELECT distinct email FROM usr WHERE usr.operator IS false)
-            SELECT email, email NOT IN (SELECT email FROM authors) as operator_only, login_type::text, verified, super_admin, devops, name, company, username
+            SELECT email, email NOT IN (SELECT email FROM authors) as operator_only, login_type::text, verified, super_admin, devops, name, company, username, first_time_user
             FROM password
             WHERE email IN (SELECT email FROM active_users)
             ORDER BY super_admin DESC, devops DESC
@@ -546,7 +548,7 @@ async fn list_users_as_super_admin(
     } else {
         sqlx::query_as!(
             GlobalUserInfo,
-            "SELECT email, login_type::text, verified, super_admin, devops, name, company, username, NULL::bool as operator_only FROM password ORDER BY super_admin DESC, devops DESC, email LIMIT \
+            "SELECT email, login_type::text, verified, super_admin, devops, name, company, username, NULL::bool as operator_only, first_time_user FROM password ORDER BY super_admin DESC, devops DESC, email LIMIT \
             $1 OFFSET $2",
             per_page as i32,
             offset as i32
@@ -749,7 +751,7 @@ async fn global_whoami(
 ) -> JsonResult<GlobalUserInfo> {
     let user = sqlx::query_as!(
         GlobalUserInfo,
-        "SELECT email, login_type::TEXT, super_admin, devops, verified, name, company, username, NULL::bool as operator_only FROM password WHERE \
+        "SELECT email, login_type::TEXT, super_admin, devops, verified, name, company, username, NULL::bool as operator_only, first_time_user FROM password WHERE \
          email = $1",
         email
     )
@@ -770,6 +772,7 @@ async fn global_whoami(
             company: None,
             username: None,
             operator_only: None,
+            first_time_user: false,
         }))
     } else {
         Err(user.unwrap_err())
@@ -1643,6 +1646,14 @@ async fn create_user(
     crate::users_oss::create_user(authed, db, webhook, argon2, nu).await
 }
 
+async fn submit_onboarding_data(
+    authed: ApiAuthed,
+    Extension(db): Extension<DB>,
+    Json(data): Json<crate::users_oss::OnboardingData>,
+) -> Result<String> {
+    crate::users_oss::submit_onboarding_data(authed, Extension(db), Json(data)).await
+}
+
 /// Internal helper for updating workspace user permissions - used by both API and system operations
 pub async fn update_workspace_user_internal(
     w_id: &str,
@@ -1858,15 +1869,15 @@ async fn login(
         username_override: None,
         token_prefix: None,
     };
-    let email_w_h: Option<(String, String, bool, bool)> = sqlx::query_as(
-        "SELECT email, password_hash, super_admin, first_time_user FROM password WHERE email = $1 AND login_type = \
+    let email_w_h: Option<(String, String, bool)> = sqlx::query_as(
+        "SELECT email, password_hash, super_admin FROM password WHERE email = $1 AND login_type = \
          'password'",
     )
     .bind(&email)
     .fetch_optional(&mut *tx)
     .await?;
 
-    if let Some((email, hash, super_admin, first_time_user)) = email_w_h {
+    if let Some((email, hash, super_admin)) = email_w_h {
         let parsed_hash =
             PasswordHash::new(&hash).map_err(|e| Error::internal_err(e.to_string()))?;
         if argon2
@@ -1885,25 +1896,6 @@ async fn login(
             .await?;
             Err(Error::BadRequest("Invalid login".to_string()))
         } else {
-            if first_time_user {
-                sqlx::query_scalar!(
-                    "UPDATE password SET first_time_user = false WHERE email = $1",
-                    &email
-                )
-                .execute(&mut *tx)
-                .await?;
-                let mut c = Cookie::new("first_time", "1");
-                if let Some(domain) = COOKIE_DOMAIN.as_ref() {
-                    c.set_domain(domain);
-                }
-                c.set_secure(false);
-                c.set_expires(time::OffsetDateTime::now_utc() + time::Duration::minutes(15));
-                c.set_http_only(false);
-                c.set_path("/");
-
-                cookies.add(c);
-            }
-
             let token = create_session_token(&email, super_admin, &mut tx, cookies).await?;
 
             let audit_author = AuditAuthor {