feat(approved-access-domain): QA (#10681)

2025-03-06 07:35:10 +01:00
parent 1ad08cdbe9
commit e92e094a81
69 changed files with 398 additions and 105 deletions
--- a/packages/twenty-server/src/engine/core-modules/approved-access-domain/approved-access-domain.exception.ts
+++ b/packages/twenty-server/src/engine/core-modules/approved-access-domain/approved-access-domain.exception.ts
@ -9,7 +9,9 @@ export class ApprovedAccessDomainException extends CustomException {
 export enum ApprovedAccessDomainExceptionCode {
  APPROVED_ACCESS_DOMAIN_NOT_FOUND = 'APPROVED_ACCESS_DOMAIN_NOT_FOUND',
  APPROVED_ACCESS_DOMAIN_ALREADY_VERIFIED = 'APPROVED_ACCESS_DOMAIN_ALREADY_VERIFIED',
+  APPROVED_ACCESS_DOMAIN_ALREADY_REGISTERED = 'APPROVED_ACCESS_DOMAIN_ALREADY_REGISTERED',
  APPROVED_ACCESS_DOMAIN_DOES_NOT_MATCH_DOMAIN_EMAIL = 'APPROVED_ACCESS_DOMAIN_DOES_NOT_MATCH_DOMAIN_EMAIL',
  APPROVED_ACCESS_DOMAIN_VALIDATION_TOKEN_INVALID = 'APPROVED_ACCESS_DOMAIN_VALIDATION_TOKEN_INVALID',
  APPROVED_ACCESS_DOMAIN_ALREADY_VALIDATED = 'APPROVED_ACCESS_DOMAIN_ALREADY_VALIDATED',
+  APPROVED_ACCESS_DOMAIN_MUST_BE_A_COMPANY_DOMAIN = 'APPROVED_ACCESS_DOMAIN_MUST_BE_A_COMPANY_DOMAIN',
 }
--- a/packages/twenty-server/src/engine/core-modules/approved-access-domain/services/approved-access-domain.service.ts
+++ b/packages/twenty-server/src/engine/core-modules/approved-access-domain/services/approved-access-domain.service.ts
@ -19,6 +19,7 @@ import {
  ApprovedAccessDomainException,
  ApprovedAccessDomainExceptionCode,
 } from 'src/engine/core-modules/approved-access-domain/approved-access-domain.exception';
+import { isWorkDomain } from 'src/utils/is-work-email';

@Injectable()
 // eslint-disable-next-line @nx/workspace-inject-workspace-repository
@ -142,6 +143,25 @@ export class ApprovedAccessDomainService {
    fromUser: User,
    emailToValidateDomain: string,
  ): Promise<ApprovedAccessDomainEntity> {
+    if (!isWorkDomain(domain)) {
+      throw new ApprovedAccessDomainException(
+        'Approved access domain must be a company domain',
+        ApprovedAccessDomainExceptionCode.APPROVED_ACCESS_DOMAIN_MUST_BE_A_COMPANY_DOMAIN,
+      );
+    }
+
+    if (
+      await this.approvedAccessDomainRepository.findOneBy({
+        domain,
+        workspaceId: inWorkspace.id,
+      })
+    ) {
+      throw new ApprovedAccessDomainException(
+        'Approved access domain already registered.',
+        ApprovedAccessDomainExceptionCode.APPROVED_ACCESS_DOMAIN_ALREADY_REGISTERED,
+      );
+    }
+
    const approvedAccessDomain = await this.approvedAccessDomainRepository.save(
      {
        workspaceId: inWorkspace.id,
@ -171,7 +191,9 @@ export class ApprovedAccessDomainService {

    approvedAccessDomainValidator.assertIsDefinedOrThrow(approvedAccessDomain);

-    await this.approvedAccessDomainRepository.delete(approvedAccessDomain);
+    await this.approvedAccessDomainRepository.delete({
+      id: approvedAccessDomain.id,
+    });
  }

  async getApprovedAccessDomains(workspace: Workspace) {
--- a/packages/twenty-server/src/engine/core-modules/approved-access-domain/services/approved-access-domain.spec.ts
+++ b/packages/twenty-server/src/engine/core-modules/approved-access-domain/services/approved-access-domain.spec.ts
@ -113,6 +113,22 @@ describe('ApprovedAccessDomainService', () => {
      );
      expect(result).toEqual(expectedApprovedAccessDomain);
    });
+    it('should throw an exception if approved access domain is not a company domain', async () => {
+      await expect(
+        service.createApprovedAccessDomain(
+          'gmail.com',
+          { id: 'workspace-id' } as Workspace,
+          { email: 'user@gmail.com', isEmailVerified: true } as User,
+          'user@gmail.com',
+        ),
+      ).rejects.toThrowError(
+        new ApprovedAccessDomainException(
+          'Approved access domain must be a company domain',
+          ApprovedAccessDomainExceptionCode.APPROVED_ACCESS_DOMAIN_MUST_BE_A_COMPANY_DOMAIN,
+        ),
+      );
+      expect(approvedAccessDomainRepository.save).not.toHaveBeenCalled();
+    });
  });

  describe('deleteApprovedAccessDomain', () => {
@ -140,9 +156,9 @@ describe('ApprovedAccessDomainService', () => {
        id: approvedAccessDomainId,
        workspaceId: workspace.id,
      });
-      expect(approvedAccessDomainRepository.delete).toHaveBeenCalledWith(
-        approvedAccessDomainEntity,
-      );
+      expect(approvedAccessDomainRepository.delete).toHaveBeenCalledWith({
+        id: approvedAccessDomainEntity.id,
+      });
    });

    it('should throw an error if the approved access domain does not exist', async () => {