Rspec tests and data migration

app/assets/locales/en.json

@@ -321,7 +321,7 @@
           "approval": "Approve/Decline"
         },
         "specific_email_domain_signup": "Specific Email Domain Signup",
-        "specific_email_domain_signup_description": "Allow specific email domains to sign up. Format must be: test.com,domain.com",
+        "specific_email_domain_signup_description": "Allow specific email domains to sign up. Format must be: @test.com,domain.com",
         "enter_domain_signup_rule" : "Enter a specific domain signup rule"
       }
     },

app/controllers/api/v1/users_controller.rb

@@ -61,6 +61,9 @@ def create
         # Users created by a user will have the creator language by default with a fallback to the server configured default_locale.
         create_user_params[:language] = current_user&.language || I18n.default_locale if create_user_params[:language].blank?
 
+        # renders an error if the user is signing up with an invalid domain based off site settings
+        return render_error errors: Rails.configuration.custom_error_msgs[:unauthorized], status: :forbidden unless valid_domain?
+
         user = UserCreator.new(user_params: create_user_params.except(:invite_token), provider: current_provider, role: default_role).call
 
         smtp_enabled = ENV['SMTP_SERVER'].present?
@@ -184,6 +187,16 @@ def valid_invite_token
         Invitation.destroy_by(email: create_user_params[:email].downcase, provider: current_provider,
                               token: create_user_params[:invite_token]).present?
       end
+
+      def valid_domain?
+        specific_domain_emails = SettingGetter.new(setting_name: 'SpecificEmailDomainSignUp', provider: current_provider).call
+        return true if specific_domain_emails.blank?
+        domains = specific_domain_emails.split(',')
+        domains.each do |domain|
+          return true if create_user_params[:email].end_with?(domain)
+        end
+        return false
+      end
     end
   end
 end

db/data/20240806205559_add_domain_specific_email_signup_to_site_settings.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+class AddDomainSpecificEmailSignupToSiteSettings < ActiveRecord::Migration[7.1]
+  def up
+    setting = Setting.find_or_create_by(name: 'SpecificEmailDomainSignUp')
+
+    SiteSetting.create!(setting:, value: '', provider: 'greenlight') unless SiteSetting.exists?(setting:, provider: 'greenlight')
+
+    Tenant.all.each do |tenant|
+      SiteSetting.create!(setting:, value: '', provider: tenant.name) unless SiteSetting.exists?(setting:, provider: tenant.name)
+    end
+  end
+
+  def down
+    Tenant.all.each do |tenant|
+      SiteSetting.find_by(setting: Setting.find_by(name: 'Maintenance'), provider: tenant.name)&.destroy
+    end
+
+    SiteSetting.find_by(setting: Setting.find_by(name: 'Maintenance'), provider: 'greenlight')&.destroy
+
+    Setting.find_by(name: 'SpecificEmailDomainSignUp')&.destroy
+  end
+end

db/data_schema.rb

@@ -1 +1 @@
-DataMigrate::Data.define(version: 20240423162700)
+DataMigrate::Data.define(version: 20240806205559)

spec/controllers/users_controller_spec.rb

@@ -301,6 +301,66 @@
         expect(response.parsed_body['errors']).not_to be_nil
       end
     end
+
+    context 'Specific Email Domain Signup' do
+      context 'restricted domain not set' do
+        before do
+          site_settings = instance_double(SettingGetter)
+          allow(SettingGetter).to receive(:new).with(setting_name: 'SpecificEmailDomainSignUp', provider: 'greenlight').and_return(site_settings)
+          allow(site_settings).to receive(:call).and_return('')
+        end
+
+        it 'creates the user' do
+          expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+        end
+      end
+
+      context 'restricted domain set to 1 domain' do
+        before do
+          site_settings = instance_double(SettingGetter)
+          allow(SettingGetter).to receive(:new).with(setting_name: 'SpecificEmailDomainSignUp', provider: 'greenlight').and_return(site_settings)
+          allow(site_settings).to receive(:call).and_return('@domain.com')
+        end
+
+        it 'creates the user if the domain is allowed' do
+          user_params[:user][:email] = '[email protected]'
+          expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+        end
+
+        it 'does not create if the domain is not allowed' do
+          user_params[:user][:email] = '[email protected]'
+          expect { post :create, params: user_params }.not_to change(User, :count)
+        end
+      end
+
+      context 'restricted domain set to multiple domain' do
+        before do
+          site_settings = instance_double(SettingGetter)
+          allow(SettingGetter).to receive(:new).with(setting_name: 'SpecificEmailDomainSignUp', provider: 'greenlight').and_return(site_settings)
+          allow(site_settings).to receive(:call).and_return('@example.com,@test.com,@domain.com')
+        end
+
+        it 'creates the user if the domain is allowed 1' do
+          user_params[:user][:email] = '[email protected]'
+          expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+        end
+
+        it 'creates the user if the domain is allowed 2' do
+          user_params[:user][:email] = '[email protected]'
+          expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+        end
+
+        it 'creates the user if the domain is allowed 3' do
+          user_params[:user][:email] = '[email protected]'
+          expect { post :create, params: user_params }.to change(User, :count).from(0).to(1)
+        end
+
+        it 'does not create if the domain is not allowed' do
+          user_params[:user][:email] = '[email protected]'
+          expect { post :create, params: user_params }.not_to change(User, :count)
+        end
+      end
+    end
   end
 
   describe '#show' do