Changes to Allowed Domains

- improved error displays on front end when a user with a not allowed
  domain signs up for both local and external
- added corresponding tests

Author: alihadimazeh

app/controllers/api/v1/users_controller.rb

@@ -62,7 +62,7 @@ def create
         create_user_params[:language] = current_user&.language || I18n.default_locale if create_user_params[:language].blank?
 
         # renders an error if the user is signing up with an invalid domain based off site settings
-        return render_error errors: Rails.configuration.custom_error_msgs[:unauthorized], status: :forbidden unless valid_domain?
+        return render_error errors: Rails.configuration.custom_error_msgs[:banned_user], status: :forbidden unless valid_domain?
 
         user = UserCreator.new(user_params: create_user_params.except(:invite_token), provider: current_provider, role: default_role).call
 

app/controllers/external_controller.rb

@@ -48,9 +48,10 @@ def create_user
       return redirect_to root_path(error: Rails.configuration.custom_error_msgs[:invite_token_invalid])
     end
 
-    return render_error status: :forbidden unless valid_domain?(user_info[:email])
+    # Redirect to root if the user doesn't exist and has an invalid domain
+    return redirect_to root_path(error: Rails.configuration.custom_error_msgs[:banned_user]) if new_user && !valid_domain?(user_info[:email])
 
-    # Create the user if they dont exist
+    # Create the user if they don't exist
     if new_user
       user = UserCreator.new(user_params: user_info, provider: current_provider, role: default_role).call
       user.save!

app/javascript/components/admin/site_settings/registration/Registration.jsx

@@ -108,6 +108,7 @@ export default function Registration() {
           <input
             className="form-control"
             placeholder={t('admin.site_settings.registration.enter_allowed_domains_rule')}
+            defaultValue={siteSettings?.AllowedDomains}
           />
           <Button
             variant="brand"

app/javascript/components/home/HomePage.jsx

@@ -59,6 +59,9 @@ export default function HomePage() {
       case 'SignupError':
         toast.error(t('toast.error.users.signup_error'));
         break;
+      case 'BannedUser':
+        toast.error(t('toast.error.users.banned'));
+        break;
       default:
     }
     if (error) { setSearchParams(searchParams.delete('error')); }

app/javascript/hooks/mutations/users/useCreateUser.jsx

@@ -51,6 +51,8 @@ export default function useCreateUser() {
           toast.error(t('toast.error.users.invalid_invite'));
         } else if (err.response.data.errors === 'EmailAlreadyExists') {
           toast.error(t('toast.error.users.email_exists'));
+        } else if (err.response.data.errors === 'BannedUser') {
+          toast.error(t('toast.error.users.banned'));
         } else {
           toast.error(t('toast.error.problem_completing_action'));
         }

spec/controllers/external_controller_spec.rb

@@ -371,6 +371,15 @@
 
           expect { get :create_user, params: { provider: 'openid_connect' } }.not_to change(User, :count)
         end
+
+        it 'does not affect existing users with different domains' do
+          request.env['omniauth.auth'] = OmniAuth.config.mock_auth[:openid_connect]
+
+          create(:user, external_id: OmniAuth.config.mock_auth[:openid_connect][:uid])
+
+          get :create_user, params: { provider: 'openid_connect' }
+          expect(response).not_to redirect_to(root_path(error: Rails.configuration.custom_error_msgs[:banned_user]))
+        end
       end
 
       context 'restricted domain set to multiple domain' do