feat(users): Add email domain based restriction for dashboard entry APIs (#6940)

Author: ThisIsMani

crates/api_models/src/user.rs

@@ -305,18 +305,26 @@ pub struct CreateUserAuthenticationMethodRequest {
     pub owner_type: common_enums::Owner,
     pub auth_method: AuthConfig,
     pub allow_signup: bool,
+    pub email_domain: Option<String>,
 }
 
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
-pub struct UpdateUserAuthenticationMethodRequest {
-    pub id: String,
-    // TODO: When adding more fields make config and new fields option
-    pub auth_method: AuthConfig,
+#[serde(rename_all = "snake_case")]
+pub enum UpdateUserAuthenticationMethodRequest {
+    AuthMethod {
+        id: String,
+        auth_config: AuthConfig,
+    },
+    EmailDomain {
+        owner_id: String,
+        email_domain: String,
+    },
 }
 
 #[derive(Debug, serde::Deserialize, serde::Serialize)]
 pub struct GetUserAuthenticationMethodsRequest {
-    pub auth_id: String,
+    pub auth_id: Option<String>,
+    pub email_domain: Option<String>,
 }
 
 #[derive(Debug, serde::Deserialize, serde::Serialize)]

crates/diesel_models/src/query/user_authentication_method.rs

@@ -64,4 +64,18 @@ impl UserAuthenticationMethod {
         )
         .await
     }
+
+    pub async fn list_user_authentication_methods_for_email_domain(
+        conn: &PgPooledConn,
+        email_domain: &str,
+    ) -> StorageResult<Vec<Self>> {
+        generics::generic_filter::<<Self as HasTable>::Table, _, _, _>(
+            conn,
+            dsl::email_domain.eq(email_domain.to_owned()),
+            None,
+            None,
+            Some(dsl::last_modified_at.asc()),
+        )
+        .await
+    }
 }

crates/diesel_models/src/schema.rs

@@ -1405,6 +1405,8 @@ diesel::table! {
         allow_signup -> Bool,
         created_at -> Timestamp,
         last_modified_at -> Timestamp,
+        #[max_length = 64]
+        email_domain -> Varchar,
     }
 }
 

crates/diesel_models/src/schema_v2.rs

@@ -1352,6 +1352,8 @@ diesel::table! {
         allow_signup -> Bool,
         created_at -> Timestamp,
         last_modified_at -> Timestamp,
+        #[max_length = 64]
+        email_domain -> Varchar,
     }
 }
 

crates/diesel_models/src/user_authentication_method.rs

@@ -17,6 +17,7 @@ pub struct UserAuthenticationMethod {
     pub allow_signup: bool,
     pub created_at: PrimitiveDateTime,
     pub last_modified_at: PrimitiveDateTime,
+    pub email_domain: String,
 }
 
 #[derive(router_derive::Setter, Clone, Debug, Insertable, router_derive::DebugAsDisplay)]
@@ -32,6 +33,7 @@ pub struct UserAuthenticationMethodNew {
     pub allow_signup: bool,
     pub created_at: PrimitiveDateTime,
     pub last_modified_at: PrimitiveDateTime,
+    pub email_domain: String,
 }
 
 #[derive(Clone, Debug, AsChangeset, router_derive::DebugAsDisplay)]
@@ -40,13 +42,17 @@ pub struct OrgAuthenticationMethodUpdateInternal {
     pub private_config: Option<Encryption>,
     pub public_config: Option<serde_json::Value>,
     pub last_modified_at: PrimitiveDateTime,
+    pub email_domain: Option<String>,
 }
 
 pub enum UserAuthenticationMethodUpdate {
     UpdateConfig {
         private_config: Option<Encryption>,
         public_config: Option<serde_json::Value>,
     },
+    EmailDomain {
+        email_domain: String,
+    },
 }
 
 impl From<UserAuthenticationMethodUpdate> for OrgAuthenticationMethodUpdateInternal {
@@ -60,6 +66,13 @@ impl From<UserAuthenticationMethodUpdate> for OrgAuthenticationMethodUpdateInter
                 private_config,
                 public_config,
                 last_modified_at,
+                email_domain: None,
+            },
+            UserAuthenticationMethodUpdate::EmailDomain { email_domain } => Self {
+                private_config: None,
+                public_config: None,
+                last_modified_at,
+                email_domain: Some(email_domain),
             },
         }
     }

crates/router/src/core/errors/user.rs

@@ -108,6 +108,8 @@ pub enum UserErrors {
     InvalidThemeLineage(String),
     #[error("Missing required field: email_config")]
     MissingEmailConfig,
+    #[error("Invalid Auth Method Operation: {0}")]
+    InvalidAuthMethodOperationWithMessage(String),
 }
 
 impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorResponse> for UserErrors {
@@ -280,6 +282,9 @@ impl common_utils::errors::ErrorSwitch<api_models::errors::types::ApiErrorRespon
             Self::MissingEmailConfig => {
                 AER::BadRequest(ApiError::new(sub_code, 56, self.get_error_message(), None))
             }
+            Self::InvalidAuthMethodOperationWithMessage(_) => {
+                AER::BadRequest(ApiError::new(sub_code, 57, self.get_error_message(), None))
+            }
         }
     }
 }
@@ -347,6 +352,9 @@ impl UserErrors {
                 format!("Invalid field: {} in lineage", field_name)
             }
             Self::MissingEmailConfig => "Missing required field: email_config".to_string(),
+            Self::InvalidAuthMethodOperationWithMessage(operation) => {
+                format!("Invalid Auth Method Operation: {}", operation)
+            }
         }
     }
 }