Skip to content

[PM-34776/PM-37797] Add invite link email domain validation endpoint#7683

Open
r-tome wants to merge 10 commits into
mainfrom
ac/pm-37797/invite-link-email-domain-validation-endpoint
Open

[PM-34776/PM-37797] Add invite link email domain validation endpoint#7683
r-tome wants to merge 10 commits into
mainfrom
ac/pm-37797/invite-link-email-domain-validation-endpoint

Conversation

@r-tome
Copy link
Copy Markdown
Contributor

@r-tome r-tome commented May 20, 2026
edited
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-34776
https://bitwarden.atlassian.net/browse/PM-37797

📔 Objective

Add an anonymous POST /organizations/invite-link/validate-email-domain endpoint so clients can check whether an email belongs to an invite link's allowed domains before login/signup.

Introduces InviteLinkDomainValidator (will be reused by the accept command).

Clients PR

r-tome added 8 commits May 20, 2026 16:21
@r-tome
Add email domain validation to OrganizationInviteLink
be6514f 
- Introduced IsEmailDomainAllowed method to check if an email's domain is permitted based on allowed domains.
- Added necessary using directives for MailAddress and domain sanitization utilities.
@r-tome
Refactor OrganizationInviteLink by removing email domain validation
18ba4db 
- Removed the IsEmailDomainAllowed method and associated using directives for MailAddress.
- Cleaned up the code by eliminating unused methods related to email domain validation.
@r-tome
Add InviteLinkDomainValidator for email domain validation
0bc952f 
- Introduced InviteLinkDomainValidator class with IsEmailDomainAllowed method to validate if an email's domain is in the list of allowed domains.
- Utilized MailAddress for email parsing and added domain sanitization logic.
@r-tome
Add email domain validation endpoint for organization invite links
d23a571 
- Implemented ValidateEmailDomain method in OrganizationInviteLinksController to check if an email's domain is allowed based on the invite link's permitted domains.
- Created OrganizationInviteLinkValidateEmailDomainRequestModel for request validation and OrganizationInviteLinkValidateEmailDomainResponseModel for response formatting.
- Integrated IOrganizationInviteLinkRepository to retrieve invite link details by code.
@r-tome
Add unit tests for InviteLinkDomainValidator
fb2dfa6 
- Created InviteLinkDomainValidatorTests class to validate email domain functionality.
- Added tests for various scenarios including invalid emails, empty domain lists, and matching domains.
- Ensured comprehensive coverage of the IsEmailDomainAllowed method's behavior.
@r-tome
Add integration test for email domain validation in OrganizationInvit…
af33e22 
…eLinksController

- Implemented a test to validate that an allowed email domain returns the expected result when checked against an organization invite link.
- Ensured the test verifies the creation of an invite link and the subsequent validation of an email domain against the allowed domains list.
@r-tome
Add validation query and interface for organization invite link email…
7014308 
… domain

- Introduced ValidateOrganizationInviteLinkEmailDomainQuery class to validate if an email's domain is allowed based on the invite link's permitted domains.
- Created IValidateOrganizationInviteLinkEmailDomainQuery interface to define the validation method.
- Added unit tests for the validation query to ensure correct behavior for various scenarios, including link not found and domain matching.
@r-tome
Refactor OrganizationInviteLinksController to use validation query fo…
199d060 
…r email domain

- Updated ValidateEmailDomain method to utilize IValidateOrganizationInviteLinkEmailDomainQuery for domain validation instead of directly accessing the repository.
- Removed unnecessary repository dependency and streamlined the response handling for validation results.
- Registered the new validation query in OrganizationServiceCollectionExtensions for dependency injection.
@r-tome r-tome added the ai-review Request a Claude code review label May 20, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 20, 2026
edited
Loading

Bitwarden Claude Code Review

Overall Assessment: APPROVE

Reviewed the new anonymous POST /organizations/invite-link/validate-email-domain endpoint, the IValidateOrganizationInviteLinkEmailDomainQuery and InviteLinkDomainValidator it delegates to, the DI registration, and the accompanying unit and integration tests. The implementation follows established server conventions (CommandResult error mapping via BaseAdminConsoleController.Handle, TryAddScoped DI, query/command separation) and reuses the shared EmailValidation.IsValidEmail/GetDomain helpers after the earlier reviewer feedback was addressed.

Code Review Details

No blocking findings. The change is narrowly scoped, well-tested, and consistent with the surrounding invite-link feature. Worth noting (not blocking) that ValidateAsync intentionally skips the additional organization-state checks that GetOrganizationInviteLinkStatusQuery performs (e.g. organization.Enabled, organization.UseInviteLinks); the client is expected to call the status endpoint separately for those, so this remains a pure domain-match check.

@r-tome r-tome mentioned this pull request May 20, 2026
Open
@r-tome r-tome marked this pull request as ready for review May 20, 2026 16:12
@r-tome r-tome requested a review from a team as a code owner May 20, 2026 16:12
@codecov
Copy link
Copy Markdown

codecov Bot commented May 20, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.45%. Comparing base (d903096) to head (f084a4b).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7683      +/-   ##
==========================================
- Coverage   64.86%   60.45%   -4.42%     
==========================================
  Files        2140     2144       +4     
  Lines       94629    94656      +27     
  Branches     8445     8448       +3     
==========================================
- Hits        61378    57221    -4157     
- Misses      31155    35430    +4275     
+ Partials     2096     2005      -91

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

jrmccannon
jrmccannon requested changes May 21, 2026
View reviewed changes
Comment thread src/Core/AdminConsole/Utilities/InviteLinkDomainValidator.cs Outdated
/// </summary>
public static bool IsEmailDomainAllowed(string? email, IEnumerable<string> allowedDomains)
{
if (!MailAddress.TryCreate(email, out var mailAddress))
Copy link
Copy Markdown
Contributor

@jrmccannon jrmccannon May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EmailValidation.IsValidEmail our preferred method of validating. I would validate that way then use the EmailValidation.GetDomain method (which does the same thing but is a shared method).

Copy link
Copy Markdown
Contributor Author

@r-tome r-tome May 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did know that existed! Replaced

@r-tome r-tome requested a review from jrmccannon May 21, 2026 13:41
@r-tome
Merge branch 'main' into ac/pm-37797/invite-link-email-domain-validat…
f084a4b 
…ion-endpoint

# Conflicts:
#	src/Api/AdminConsole/Controllers/OrganizationInviteLinksController.cs
#	src/Core/OrganizationFeatures/OrganizationServiceCollectionExtensions.cs
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 22, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrmccannon jrmccannon jrmccannon approved these changes

@JaredSnider-Bitwarden JaredSnider-Bitwarden Awaiting requested review from JaredSnider-Bitwarden

Assignees

No one assigned

Labels

ai-review Request a Claude code review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@r-tome @jrmccannon