fix: account email validation during signup (#11307)

- Refactor email validation logic to be a service - Use the service for both email/pass signup and Google SSO - fix account email validation during signup - Use `blocked_domain` setting for both email/pass signup and Google Sign In [`BLOCKED_DOMAIN` via GlobalConfig] - add specs for `account_builder` - add specs for the new service --------- Co-authored-by: Sojan Jose <sojan@pepalo.com>
2025-05-21 09:15:39 +05:30
parent a07f2a7c1b
commit df7401f71c
6 changed files with 215 additions and 53 deletions
--- a/spec/controllers/devise/omniauth_callbacks_controller_spec.rb
+++ b/spec/controllers/devise/omniauth_callbacks_controller_spec.rb
@@ -3,6 +3,7 @@ require 'rails_helper'
 RSpec.describe 'DeviseOverrides::OmniauthCallbacksController', type: :request do
  let(:account_builder) { double }
  let(:user_double) { object_double(:user) }
+  let(:email_validation_service) { instance_double(Account::SignUpEmailValidationService) }

  def set_omniauth_config(for_email = 'test@example.com')
    OmniAuth.config.test_mode = true
@@ -17,13 +18,18 @@ RSpec.describe 'DeviseOverrides::OmniauthCallbacksController', type: :request do
    )
  end

+  before do
+    allow(Account::SignUpEmailValidationService).to receive(:new).and_return(email_validation_service)
+  end
+
  describe '#omniauth_sucess' do
    it 'allows signup' do
-      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true' do
+      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true', FRONTEND_URL: 'http://www.example.com' do
        set_omniauth_config('test_not_preset@example.com')
        allow(AccountBuilder).to receive(:new).and_return(account_builder)
        allow(account_builder).to receive(:perform).and_return(user_double)
        allow(Avatar::AvatarFromUrlJob).to receive(:perform_later).and_return(true)
+        allow(email_validation_service).to receive(:perform).and_return(true)

        get '/omniauth/google_oauth2/callback'

@@ -43,8 +49,10 @@ RSpec.describe 'DeviseOverrides::OmniauthCallbacksController', type: :request do
    end

    it 'blocks personal accounts signup' do
-      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true' do
+      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true', FRONTEND_URL: 'http://www.example.com' do
        set_omniauth_config('personal@gmail.com')
+        allow(email_validation_service).to receive(:perform).and_raise(CustomExceptions::Account::InvalidEmail.new({ valid: false, disposable: nil }))
+
        get '/omniauth/google_oauth2/callback'

        # expect a 302 redirect to auth/google_oauth2/callback
@@ -57,10 +65,13 @@ RSpec.describe 'DeviseOverrides::OmniauthCallbacksController', type: :request do
    end

    it 'blocks personal accounts signup with different Gmail case variations' do
-      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true' do
+      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'true', FRONTEND_URL: 'http://www.example.com' do
        # Test different case variations of Gmail
        ['personal@Gmail.com', 'personal@GMAIL.com', 'personal@Gmail.COM'].each do |email|
          set_omniauth_config(email)
+          allow(email_validation_service).to receive(:perform).and_raise(CustomExceptions::Account::InvalidEmail.new({ valid: false,
+                                                                                                                       disposable: nil }))
+
          get '/omniauth/google_oauth2/callback'

          # expect a 302 redirect to auth/google_oauth2/callback
@@ -76,8 +87,10 @@ RSpec.describe 'DeviseOverrides::OmniauthCallbacksController', type: :request do
    # This test does not affect line coverage, but it is important to ensure that the logic
    # does not allow any signup if the ENV explicitly disables it
    it 'blocks signup if ENV disabled' do
-      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'false' do
+      with_modified_env ENABLE_ACCOUNT_SIGNUP: 'false', FRONTEND_URL: 'http://www.example.com' do
        set_omniauth_config('does-not-exist-for-sure@example.com')
+        allow(email_validation_service).to receive(:perform).and_return(true)
+
        get '/omniauth/google_oauth2/callback'

        # expect a 302 redirect to auth/google_oauth2/callback
@@ -90,38 +103,42 @@ RSpec.describe 'DeviseOverrides::OmniauthCallbacksController', type: :request do
    end

    it 'allows login' do
-      create(:user, email: 'test@example.com')
-      set_omniauth_config('test@example.com')
+      with_modified_env FRONTEND_URL: 'http://www.example.com' do
+        create(:user, email: 'test@example.com')
+        set_omniauth_config('test@example.com')

-      get '/omniauth/google_oauth2/callback'
-      # expect a 302 redirect to auth/google_oauth2/callback
-      expect(response).to redirect_to('http://www.example.com/auth/google_oauth2/callback')
+        get '/omniauth/google_oauth2/callback'
+        # expect a 302 redirect to auth/google_oauth2/callback
+        expect(response).to redirect_to('http://www.example.com/auth/google_oauth2/callback')

-      follow_redirect!
-      expect(response).to redirect_to(%r{/app/login\?email=.+&sso_auth_token=.+$})
+        follow_redirect!
+        expect(response).to redirect_to(%r{/app/login\?email=.+&sso_auth_token=.+$})

-      # expect app/login page to respond with 200 and render
-      follow_redirect!
-      expect(response).to have_http_status(:ok)
+        # expect app/login page to respond with 200 and render
+        follow_redirect!
+        expect(response).to have_http_status(:ok)
+      end
    end

    # from a line coverage point of view this may seem redundant
    # but to ensure that the logic allows for existing users even if they have a gmail account
    # we need to test this explicitly
    it 'allows personal account login' do
-      create(:user, email: 'personal-existing@gmail.com')
-      set_omniauth_config('personal-existing@gmail.com')
+      with_modified_env FRONTEND_URL: 'http://www.example.com' do
+        create(:user, email: 'personal-existing@gmail.com')
+        set_omniauth_config('personal-existing@gmail.com')

-      get '/omniauth/google_oauth2/callback'
-      # expect a 302 redirect to auth/google_oauth2/callback
-      expect(response).to redirect_to('http://www.example.com/auth/google_oauth2/callback')
+        get '/omniauth/google_oauth2/callback'
+        # expect a 302 redirect to auth/google_oauth2/callback
+        expect(response).to redirect_to('http://www.example.com/auth/google_oauth2/callback')

-      follow_redirect!
-      expect(response).to redirect_to(%r{/app/login\?email=.+&sso_auth_token=.+$})
+        follow_redirect!
+        expect(response).to redirect_to(%r{/app/login\?email=.+&sso_auth_token=.+$})

-      # expect app/login page to respond with 200 and render
-      follow_redirect!
-      expect(response).to have_http_status(:ok)
+        # expect app/login page to respond with 200 and render
+        follow_redirect!
+        expect(response).to have_http_status(:ok)
+      end
    end
  end
 end