[PM-34776/PM-37797] Add invite link email domain validation endpoint#7683
Open
r-tome wants to merge 9 commits into
Open
[PM-34776/PM-37797] Add invite link email domain validation endpoint#7683r-tome wants to merge 9 commits into
r-tome wants to merge 9 commits into
Conversation
- Introduced IsEmailDomainAllowed method to check if an email's domain is permitted based on allowed domains. - Added necessary using directives for MailAddress and domain sanitization utilities.
- Removed the IsEmailDomainAllowed method and associated using directives for MailAddress. - Cleaned up the code by eliminating unused methods related to email domain validation.
- Introduced InviteLinkDomainValidator class with IsEmailDomainAllowed method to validate if an email's domain is in the list of allowed domains. - Utilized MailAddress for email parsing and added domain sanitization logic.
- Implemented ValidateEmailDomain method in OrganizationInviteLinksController to check if an email's domain is allowed based on the invite link's permitted domains. - Created OrganizationInviteLinkValidateEmailDomainRequestModel for request validation and OrganizationInviteLinkValidateEmailDomainResponseModel for response formatting. - Integrated IOrganizationInviteLinkRepository to retrieve invite link details by code.
- Created InviteLinkDomainValidatorTests class to validate email domain functionality. - Added tests for various scenarios including invalid emails, empty domain lists, and matching domains. - Ensured comprehensive coverage of the IsEmailDomainAllowed method's behavior.
…eLinksController - Implemented a test to validate that an allowed email domain returns the expected result when checked against an organization invite link. - Ensured the test verifies the creation of an invite link and the subsequent validation of an email domain against the allowed domains list.
… domain - Introduced ValidateOrganizationInviteLinkEmailDomainQuery class to validate if an email's domain is allowed based on the invite link's permitted domains. - Created IValidateOrganizationInviteLinkEmailDomainQuery interface to define the validation method. - Added unit tests for the validation query to ensure correct behavior for various scenarios, including link not found and domain matching.
…r email domain - Updated ValidateEmailDomain method to utilize IValidateOrganizationInviteLinkEmailDomainQuery for domain validation instead of directly accessing the repository. - Removed unnecessary repository dependency and streamlined the response handling for validation results. - Registered the new validation query in OrganizationServiceCollectionExtensions for dependency injection.
Contributor
🤖 Bitwarden Claude Code ReviewOverall Assessment: APPROVE Reviewed the new anonymous Code Review DetailsNo findings. Notes considered and dropped:
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #7683 +/- ##
==========================================
+ Coverage 60.07% 60.23% +0.15%
==========================================
Files 2132 2140 +8
Lines 93904 94424 +520
Branches 8341 8412 +71
==========================================
+ Hits 56417 56872 +455
- Misses 35503 35561 +58
- Partials 1984 1991 +7 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
jrmccannon
requested changes
May 21, 2026
| /// </summary> | ||
| public static bool IsEmailDomainAllowed(string? email, IEnumerable<string> allowedDomains) | ||
| { | ||
| if (!MailAddress.TryCreate(email, out var mailAddress)) |
Contributor
There was a problem hiding this comment.
EmailValidation.IsValidEmail our preferred method of validating. I would validate that way then use the EmailValidation.GetDomain method (which does the same thing but is a shared method).
Contributor
Author
There was a problem hiding this comment.
I did know that existed! Replaced
… existing email validation method
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-34776
https://bitwarden.atlassian.net/browse/PM-37797
📔 Objective
Add an anonymous
POST /organizations/invite-link/validate-email-domainendpoint so clients can check whether an email belongs to an invite link's allowed domains before login/signup.Introduces
InviteLinkDomainValidator(will be reused by the accept command).Clients PR