Add domain mapping feature with email validation (#1460)

Co-authored-by: Jake Laderman <[email protected]>

Author: michaeljguarino

apps/core/lib/core.ex

@@ -4,6 +4,12 @@ defmodule Core do
 
   @chars String.codepoints("abcdefghijklmnopqrstuvwxyz")
 
+  def priv_file!(filename) do
+    :code.priv_dir(:core)
+    |> Path.join(filename)
+    |> File.read!()
+  end
+
   def conf(key), do: Application.get_env(:core, key)
 
   def env(var, :int, default) do

apps/core/lib/core/schema/domain_mapping.ex

@@ -24,15 +24,17 @@ defmodule Core.Schema.DomainMapping do
     from(dm in query, where: dm.workos_connection_id == ^conn_id)
   end
 
-  @restricted ~w(gmail.com outlook.com hotmail.com yahoo.com)
+  @restricted Core.priv_file!("generic_emails.txt") |> String.split(~r/\s+/)
+
+  def restricted(), do: @restricted
 
   @valid ~w(domain account_id enable_sso workos_connection_id)a
 
   def changeset(model, attrs \\ %{}) do
     model
     |> cast(attrs, @valid)
     |> unique_constraint(:domain)
-    |> validate_exclusion(:domain, @restricted, message: "cannot reserve any of [#{Enum.join(@restricted, ",")}]")
+    |> validate_exclusion(:domain, @restricted, message: "cannot create domain mappings for consumer email domains")
     |> foreign_key_constraint(:account_id)
     |> validate_required([:domain])
   end

apps/core/lib/core/schema/user.ex

@@ -90,6 +90,13 @@ defmodule Core.Schema.User do
     timestamps()
   end
 
+  def domain(%__MODULE__{email: email}) do
+    case String.split(email, "@") do
+      [_, domain] -> domain
+      _ -> nil
+    end
+  end
+
   def mark_url_safe(), do: Process.put({__MODULE__, :url_safe}, true)
 
   def url_safe?(), do: !!Process.get({__MODULE__, :url_safe})

apps/core/lib/core/services/accounts.ex

@@ -112,6 +112,16 @@ defmodule Core.Services.Accounts do
           do: Stripe.Customer.update(cid, stripe)
       %{db: db} -> {:ok, db}
     end)
+    |> add_operation(:domain_mappings, fn
+      %{db: %Account{domain_mappings: [_ | _] = mappings} = account} ->
+        email_domain = User.domain(user)
+        case {Enum.all?(mappings, fn %DomainMapping{domain: domain} -> domain == email_domain end), !!user.email_confirmed} do
+          {true, false} -> {:error, "you must confirm your email to modify domain mappings"}
+          {true, _} -> {:ok, account}
+          {_, _} -> {:error, "you cannot create a domain mapping that does not match your email domain"}
+        end
+      %{db: db} -> {:ok, db}
+    end)
     |> execute(extract: :db)
   end
 

apps/core/lib/core/services/users.ex

@@ -6,6 +6,7 @@ defmodule Core.Services.Users do
   alias Core.Clients.ZeroSSL
   alias Core.PubSub
   alias Core.Schema.{
+    Account,
     PersistedToken,
     User,
     Publisher,
@@ -354,8 +355,15 @@ defmodule Core.Services.Users do
       |> Core.Repo.insert()
     end)
     |> add_operation(:user, fn %{pre: user} ->
-      with {:ok, %{user: user}} <- Accounts.create_account(Map.get(attrs, :account, %{}), user),
-        do: {:ok, user}
+      case Accounts.get_mapping_for_email(user.email) do
+        %DomainMapping{account: %Account{id: aid}} ->
+          user
+          |> Ecto.Changeset.change(%{account_id: aid})
+          |> Core.Repo.update()
+        _ ->
+          Accounts.create_account(Map.get(attrs, :account, %{}), user)
+          |> when_ok(& &1.user)
+      end
     end)
     |> execute(extract: :user)
     |> notify(:create)