refactor: remove authorized email trait in favour of rule

dfo-osdt · Dec 2, 2024 · 807c790 · 807c790
1 parent 297031a
commit 807c790
Show file tree

Hide file tree

Showing 6 changed files with 44 additions and 76 deletions.
diff --git a/app/Filament/Resources/UserResource.php b/app/Filament/Resources/UserResource.php
@@ -4,7 +4,7 @@
 
 use App\Filament\Resources\UserResource\Pages;
 use App\Models\User;
-use App\Rules\AuthorizeEmailDomain;
+use App\Rules\AuthorizedEmailDomain;
 use Filament\Forms;
 use Filament\Forms\Form;
 use Filament\Resources\Resource;
@@ -31,7 +31,7 @@ public static function form(Form $form): Form
                 Forms\Components\Section::make([
                     Forms\Components\TextInput::make('email')
                         ->Filled()
-                        ->rules(['required', 'string', 'email', new AuthorizeEmailDomain]),
+                        ->rules(['bail', 'required', 'string', 'email', new AuthorizedEmailDomain]),
                     Forms\Components\CheckboxList::make('roles')
                         ->relationship(titleAttribute: 'name')
                         ->label('Roles'),

diff --git a/app/Http/Controllers/Auth/InvitedUserController.php b/app/Http/Controllers/Auth/InvitedUserController.php
@@ -3,11 +3,11 @@
 namespace App\Http\Controllers\Auth;
 
 use App\Events\Auth\Invited;
-use App\Http\Controllers\Auth\Traits\AuthorizedDomainTrait;
 use App\Http\Controllers\Controller;
 use App\Http\Resources\UserResource;
 use App\Models\Invitation;
 use App\Models\User;
+use App\Rules\AuthorizedEmailDomain;
 use Hash;
 use Illuminate\Auth\Events\Verified;
 use Illuminate\Http\Request;
@@ -16,23 +16,19 @@
 
 class InvitedUserController extends Controller
 {
-    use AuthorizedDomainTrait;
-
     public function invite(Request $request): UserResource
     {
 
         // validate the request
         $validated = $request->validate([
             'first_name' => 'required|string',
             'last_name' => 'required|string',
-            'email' => 'bail|required|email',
+            'email' => ['bail', 'required', 'email', new AuthorizedEmailDomain],
             'locale' => 'string|in:en,fr',
         ]);
 
         $validated['email'] = strtolower($validated['email']);
 
-        $this->validateEmailDomain($validated['email']);
-
         // does the user already exist?
         if (User::where('email', $validated['email'])->exists()) {
             throw ValidationException::withMessages([

diff --git a/app/Http/Controllers/Auth/RegisteredUserController.php b/app/Http/Controllers/Auth/RegisteredUserController.php
@@ -2,9 +2,9 @@
 
 namespace App\Http\Controllers\Auth;
 
-use App\Http\Controllers\Auth\Traits\AuthorizedDomainTrait;
 use App\Http\Controllers\Controller;
 use App\Models\User;
+use App\Rules\AuthorizedEmailDomain;
 use App\Traits\LocaleTrait;
 use Illuminate\Auth\Events\Registered;
 use Illuminate\Http\JsonResponse;
@@ -15,7 +15,6 @@
 
 class RegisteredUserController extends Controller
 {
-    use AuthorizedDomainTrait;
     use LocaleTrait;
 
     /**
@@ -30,17 +29,14 @@ public function store(Request $request): JsonResponse
         $validated = $request->validate([
             'first_name' => ['required', 'string', 'max:255'],
             'last_name' => ['required', 'string', 'max:255'],
-            'email' => ['required', 'string', 'email', 'max:255'],
+            'email' => ['bail', 'required', 'string', 'email', 'max:255', new AuthorizedEmailDomain],
             'password' => ['required', 'confirmed', Password::min(config('auth.password_min_length'))->uncompromised()],
             'locale' => ['string', 'max:2', 'in:en,fr'],
         ]);
 
         // request email to lowercase - ensure no duplicate emails
         $validated['email'] = strtolower($validated['email']);
 
-        // check if the email domain is part of the allowed domains
-        $this->validateEmailDomain($validated['email']);
-
         // check if the user already exists
         $user = User::where('email', $validated['email'])->first();
         if ($user) {

diff --git a/app/Http/Controllers/Auth/Traits/AuthorizedDomainTrait.php b/app/Http/Controllers/Auth/Traits/AuthorizedDomainTrait.php
diff --git a/app/Rules/AuthorizeEmailDomain.php b/app/Rules/AuthorizeEmailDomain.php
diff --git a/app/Rules/AuthorizedEmailDomain.php b/app/Rules/AuthorizedEmailDomain.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace App\Rules;
+
+use Closure;
+use Illuminate\Contracts\Validation\ValidationRule;
+
+class AuthorizedEmailDomain implements ValidationRule
+{
+    /**
+     * Determine if the email is a valid domain.
+     *
+     * @return Closure
+     */
+    public function validate(string $attribute, mixed $value, Closure $fail): void
+    {
+        if (! $this->isEmailDomainAllowed($value)) {
+            $fail(__('Email domain not allowed'));
+        }
+    }
+
+    /**
+     * Check if the email domain is part of the allowed domains
+     */
+    private function isEmailDomainAllowed(string $email): bool
+    {
+        $allowedDomains = config('osp.allowed_registration_email_domains');
+
+        if ($allowedDomains) {
+            $emailDomain = explode('@', $email)[1];
+            if (! in_array($emailDomain, $allowedDomains)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+}