From 17166dc0f595d5d538f0c464d4253d368f5b4b48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rui=20Tom=C3=A9?= <108268980+r-tome@users.noreply.github.com> Date: Wed, 11 Feb 2026 22:10:59 +0000 Subject: [PATCH] [PM-28300] Remove BlockClaimedDomainAccountCreation feature flag checks (#6934) * [PM-28300] Remove BlockClaimedDomainAccountCreation feature flag checks * Fix user registration tests by adding proper email domains * Remove redundant feature flag checks from user registration tests * Remove BlockClaimedDomainAccountCreation constant from FeatureFlagKeys --- ...medDomainAccountCreationPolicyValidator.cs | 12 +- .../Implementations/RegisterUserCommand.cs | 7 - ...VerificationEmailForRegistrationCommand.cs | 20 +-- src/Core/Constants.cs | 1 - ...mainAccountCreationPolicyValidatorTests.cs | 50 +----- .../Registration/RegisterUserCommandTests.cs | 145 +++++++++++------- ...icationEmailForRegistrationCommandTests.cs | 24 ++- 7 files changed, 113 insertions(+), 146 deletions(-) diff --git a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidator.cs b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidator.cs index 92ba11f5a6..36634ae2ba 100644 --- a/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidator.cs +++ b/src/Core/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidator.cs @@ -5,21 +5,17 @@ using Bit.Core.AdminConsole.Enums; using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces; using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models; using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyUpdateEvents.Interfaces; -using Bit.Core.Services; namespace Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyValidators; public class BlockClaimedDomainAccountCreationPolicyValidator : IPolicyValidator, IPolicyValidationEvent { private readonly IOrganizationHasVerifiedDomainsQuery _organizationHasVerifiedDomainsQuery; - private readonly IFeatureService _featureService; public BlockClaimedDomainAccountCreationPolicyValidator( - IOrganizationHasVerifiedDomainsQuery organizationHasVerifiedDomainsQuery, - IFeatureService featureService) + IOrganizationHasVerifiedDomainsQuery organizationHasVerifiedDomainsQuery) { _organizationHasVerifiedDomainsQuery = organizationHasVerifiedDomainsQuery; - _featureService = featureService; } public PolicyType Type => PolicyType.BlockClaimedDomainAccountCreation; @@ -34,12 +30,6 @@ public class BlockClaimedDomainAccountCreationPolicyValidator : IPolicyValidator public async Task ValidateAsync(PolicyUpdate policyUpdate, Policy? currentPolicy) { - // Check if feature is enabled - if (!_featureService.IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)) - { - return "This feature is not enabled"; - } - // Only validate when trying to ENABLE the policy if (policyUpdate is { Enabled: true }) { diff --git a/src/Core/Auth/UserFeatures/Registration/Implementations/RegisterUserCommand.cs b/src/Core/Auth/UserFeatures/Registration/Implementations/RegisterUserCommand.cs index ba63afb54c..d10d61f413 100644 --- a/src/Core/Auth/UserFeatures/Registration/Implementations/RegisterUserCommand.cs +++ b/src/Core/Auth/UserFeatures/Registration/Implementations/RegisterUserCommand.cs @@ -81,7 +81,6 @@ public class RegisterUserCommand : IRegisterUserCommand _emergencyAccessInviteTokenDataFactory = emergencyAccessInviteTokenDataFactory; _providerServiceDataProtector = dataProtectionProvider.CreateProtector("ProviderServiceDataProtector"); - _featureService = featureService; } public async Task RegisterUser(User user) @@ -413,12 +412,6 @@ public class RegisterUserCommand : IRegisterUserCommand private async Task ValidateEmailDomainNotBlockedAsync(string email, Guid? excludeOrganizationId = null) { - // Only check if feature flag is enabled - if (!_featureService.IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)) - { - return; - } - var emailDomain = EmailValidation.GetDomain(email); var isDomainBlocked = await _organizationDomainRepository.HasVerifiedDomainWithBlockClaimedDomainPolicyAsync( diff --git a/src/Core/Auth/UserFeatures/Registration/Implementations/SendVerificationEmailForRegistrationCommand.cs b/src/Core/Auth/UserFeatures/Registration/Implementations/SendVerificationEmailForRegistrationCommand.cs index 2e8587eee6..de7b3fca69 100644 --- a/src/Core/Auth/UserFeatures/Registration/Implementations/SendVerificationEmailForRegistrationCommand.cs +++ b/src/Core/Auth/UserFeatures/Registration/Implementations/SendVerificationEmailForRegistrationCommand.cs @@ -22,7 +22,6 @@ public class SendVerificationEmailForRegistrationCommand : ISendVerificationEmai private readonly GlobalSettings _globalSettings; private readonly IMailService _mailService; private readonly IDataProtectorTokenFactory _tokenDataFactory; - private readonly IFeatureService _featureService; private readonly IOrganizationDomainRepository _organizationDomainRepository; public SendVerificationEmailForRegistrationCommand( @@ -31,7 +30,6 @@ public class SendVerificationEmailForRegistrationCommand : ISendVerificationEmai GlobalSettings globalSettings, IMailService mailService, IDataProtectorTokenFactory tokenDataFactory, - IFeatureService featureService, IOrganizationDomainRepository organizationDomainRepository) { _logger = logger; @@ -39,7 +37,6 @@ public class SendVerificationEmailForRegistrationCommand : ISendVerificationEmai _globalSettings = globalSettings; _mailService = mailService; _tokenDataFactory = tokenDataFactory; - _featureService = featureService; _organizationDomainRepository = organizationDomainRepository; } @@ -57,17 +54,14 @@ public class SendVerificationEmailForRegistrationCommand : ISendVerificationEmai } // Check if the email domain is blocked by an organization policy - if (_featureService.IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation)) - { - var emailDomain = EmailValidation.GetDomain(email); + var emailDomain = EmailValidation.GetDomain(email); - if (await _organizationDomainRepository.HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(emailDomain)) - { - _logger.LogInformation( - "User registration email verification blocked by domain claim policy. Domain: {Domain}", - emailDomain); - throw new BadRequestException("This email address is claimed by an organization using Bitwarden."); - } + if (await _organizationDomainRepository.HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(emailDomain)) + { + _logger.LogInformation( + "User registration email verification blocked by domain claim policy. Domain: {Domain}", + emailDomain); + throw new BadRequestException("This email address is claimed by an organization using Bitwarden."); } // Check to see if the user already exists diff --git a/src/Core/Constants.cs b/src/Core/Constants.cs index 8e9f694d24..c20114c6aa 100644 --- a/src/Core/Constants.cs +++ b/src/Core/Constants.cs @@ -140,7 +140,6 @@ public static class FeatureFlagKeys public const string CreateDefaultLocation = "pm-19467-create-default-location"; public const string AutomaticConfirmUsers = "pm-19934-auto-confirm-organization-users"; public const string PM23845_VNextApplicationCache = "pm-24957-refactor-memory-application-cache"; - public const string BlockClaimedDomainAccountCreation = "pm-28297-block-uninvited-claimed-domain-registration"; public const string DefaultUserCollectionRestore = "pm-30883-my-items-restored-users"; public const string PremiumAccessQuery = "pm-29495-refactor-premium-interface"; public const string RefactorMembersComponent = "pm-29503-refactor-members-inheritance"; diff --git a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidatorTests.cs b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidatorTests.cs index e317a5886e..2b277c6ae6 100644 --- a/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidatorTests.cs +++ b/test/Core.Test/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/BlockClaimedDomainAccountCreationPolicyValidatorTests.cs @@ -4,7 +4,6 @@ using Bit.Core.AdminConsole.Enums; using Bit.Core.AdminConsole.OrganizationFeatures.OrganizationDomains.Interfaces; using Bit.Core.AdminConsole.OrganizationFeatures.Policies.Models; using Bit.Core.AdminConsole.OrganizationFeatures.Policies.PolicyValidators; -using Bit.Core.Services; using Bit.Core.Test.AdminConsole.AutoFixture; using Bit.Test.Common.AutoFixture; using Bit.Test.Common.AutoFixture.Attributes; @@ -20,10 +19,6 @@ public class BlockClaimedDomainAccountCreationPolicyValidatorTests SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainsAsync(policyUpdate.OrganizationId) .Returns(false); @@ -41,10 +36,6 @@ public class BlockClaimedDomainAccountCreationPolicyValidatorTests SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainsAsync(policyUpdate.OrganizationId) .Returns(true); @@ -61,11 +52,6 @@ public class BlockClaimedDomainAccountCreationPolicyValidatorTests [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, false)] PolicyUpdate policyUpdate, SutProvider sutProvider) { - // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - // Act var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null); @@ -82,10 +68,6 @@ public class BlockClaimedDomainAccountCreationPolicyValidatorTests SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainsAsync(policyUpdate.OrganizationId) .Returns(false); @@ -105,10 +87,6 @@ public class BlockClaimedDomainAccountCreationPolicyValidatorTests SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainsAsync(policyUpdate.OrganizationId) .Returns(true); @@ -128,10 +106,6 @@ public class BlockClaimedDomainAccountCreationPolicyValidatorTests SutProvider sutProvider) { // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - var savePolicyModel = new SavePolicyModel(policyUpdate, null, new EmptyMetadataModel()); // Act @@ -144,31 +118,11 @@ public class BlockClaimedDomainAccountCreationPolicyValidatorTests .HasVerifiedDomainsAsync(Arg.Any()); } - [Theory, BitAutoData] - public async Task ValidateAsync_FeatureFlagDisabled_ReturnsError( - [PolicyUpdate(PolicyType.BlockClaimedDomainAccountCreation, true)] PolicyUpdate policyUpdate, - SutProvider sutProvider) - { - // Arrange - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(false); - - // Act - var result = await sutProvider.Sut.ValidateAsync(policyUpdate, null); - - // Assert - Assert.Equal("This feature is not enabled", result); - await sutProvider.GetDependency() - .DidNotReceive() - .HasVerifiedDomainsAsync(Arg.Any()); - } - [Fact] public void Type_ReturnsBlockClaimedDomainAccountCreation() { // Arrange - var validator = new BlockClaimedDomainAccountCreationPolicyValidator(null, null); + var validator = new BlockClaimedDomainAccountCreationPolicyValidator(null); // Act & Assert Assert.Equal(PolicyType.BlockClaimedDomainAccountCreation, validator.Type); @@ -178,7 +132,7 @@ public class BlockClaimedDomainAccountCreationPolicyValidatorTests public void RequiredPolicies_ReturnsEmpty() { // Arrange - var validator = new BlockClaimedDomainAccountCreationPolicyValidator(null, null); + var validator = new BlockClaimedDomainAccountCreationPolicyValidator(null); // Act var requiredPolicies = validator.RequiredPolicies.ToList(); diff --git a/test/Core.Test/Auth/UserFeatures/Registration/RegisterUserCommandTests.cs b/test/Core.Test/Auth/UserFeatures/Registration/RegisterUserCommandTests.cs index 29193bacbc..5631fd7f54 100644 --- a/test/Core.Test/Auth/UserFeatures/Registration/RegisterUserCommandTests.cs +++ b/test/Core.Test/Auth/UserFeatures/Registration/RegisterUserCommandTests.cs @@ -106,9 +106,14 @@ public class RegisterUserCommandTests { // Arrange user.Id = Guid.NewGuid(); + user.Email = $"test+{Guid.NewGuid()}@example.com"; organization.Id = Guid.NewGuid(); organization.Name = "Test Organization"; + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), organization.Id) + .Returns(false); + sutProvider.GetDependency() .CreateUserAsync(user) .Returns(IdentityResult.Success); @@ -134,6 +139,12 @@ public class RegisterUserCommandTests SutProvider sutProvider) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), organization.Id) + .Returns(false); + var expectedError = new IdentityError(); sutProvider.GetDependency() .CreateUserAsync(user) @@ -161,9 +172,14 @@ public class RegisterUserCommandTests SutProvider sutProvider) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; organization.PlanType = planType; organization.Name = "Enterprise Org"; + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), organization.Id) + .Returns(false); + sutProvider.GetDependency() .CreateUserAsync(user) .Returns(IdentityResult.Success); @@ -192,6 +208,12 @@ public class RegisterUserCommandTests SutProvider sutProvider) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), organization.Id) + .Returns(false); + sutProvider.GetDependency() .CreateUserAsync(user) .Returns(IdentityResult.Success); @@ -220,8 +242,13 @@ public class RegisterUserCommandTests SutProvider sutProvider, User user, string masterPasswordHash) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; user.ReferenceData = null; + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .CreateUserAsync(user, masterPasswordHash) .Returns(IdentityResult.Success); @@ -247,6 +274,12 @@ public class RegisterUserCommandTests [Policy(PolicyType.TwoFactorAuthentication, true)] PolicyStatus policy) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .DisableUserRegistration.Returns(false); @@ -350,6 +383,12 @@ public class RegisterUserCommandTests SutProvider sutProvider, User user, string masterPasswordHash, OrganizationUser orgUser, string orgInviteToken, Guid? orgUserId) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .DisableUserRegistration.Returns(true); @@ -388,6 +427,12 @@ public class RegisterUserCommandTests SutProvider sutProvider, User user, string masterPasswordHash, OrganizationUser orgUser, string orgInviteToken, Guid? orgUserId) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .DisableUserRegistration.Returns(false); @@ -457,10 +502,6 @@ public class RegisterUserCommandTests .GetByIdAsync(orgUserId) .Returns(orgUser); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - // Mock the new overload that excludes the organization - it should return true (domain IS blocked by another org) sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blocked-domain.com", orgUser.OrganizationId) @@ -504,10 +545,6 @@ public class RegisterUserCommandTests .GetByIdAsync(orgUserId) .Returns(orgUser); - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - // Mock the new overload - it should return false (domain is NOT blocked by OTHER orgs) sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("company-domain.com", orgUser.OrganizationId) @@ -541,6 +578,10 @@ public class RegisterUserCommandTests orgUser.Email = user.Email; orgUser.Id = orgUserId; + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), Arg.Any()) + .Returns(false); + var orgInviteTokenable = new OrgUserInviteTokenable(orgUser); sutProvider.GetDependency>() @@ -644,6 +685,12 @@ public class RegisterUserCommandTests public async Task RegisterUserViaEmailVerificationToken_DisabledOpenRegistration_ThrowsBadRequestException(SutProvider sutProvider, User user, string masterPasswordHash, string emailVerificationToken) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .DisableUserRegistration = true; @@ -721,6 +768,12 @@ public class RegisterUserCommandTests string masterPasswordHash, string orgSponsoredFreeFamilyPlanInviteToken) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .DisableUserRegistration = true; @@ -811,6 +864,12 @@ public class RegisterUserCommandTests string masterPasswordHash, string acceptEmergencyAccessInviteToken, Guid acceptEmergencyAccessId) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .DisableUserRegistration = true; @@ -931,6 +990,8 @@ public class RegisterUserCommandTests User user, string masterPasswordHash, Guid providerUserId) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; + // Start with plaintext var nowMillis = CoreHelpers.ToEpocMilliseconds(DateTime.UtcNow); var decryptedProviderInviteToken = $"ProviderUserInvite {providerUserId} {user.Email} {nowMillis}"; @@ -950,6 +1011,10 @@ public class RegisterUserCommandTests .CreateProtector("ProviderServiceDataProtector") .Returns(mockDataProtector); + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .DisableUserRegistration = true; @@ -975,10 +1040,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "user@blocked-domain.com"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blocked-domain.com") .Returns(true); @@ -1002,10 +1063,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "user@allowed-domain.com"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("allowed-domain.com") .Returns(false); @@ -1038,9 +1095,14 @@ public class RegisterUserCommandTests SutProvider sutProvider) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; organization.PlanType = planType; organization.Name = "Family Org"; + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), organization.Id) + .Returns(false); + sutProvider.GetDependency() .CreateUserAsync(user) .Returns(IdentityResult.Success); @@ -1071,10 +1133,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "user@blocked-domain.com"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blocked-domain.com") .Returns(true); @@ -1102,10 +1160,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "user@blocked-domain.com"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blocked-domain.com") .Returns(true); @@ -1131,10 +1185,6 @@ public class RegisterUserCommandTests emergencyAccess.Email = user.Email; emergencyAccess.Id = acceptEmergencyAccessId; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blocked-domain.com") .Returns(true); @@ -1183,10 +1233,6 @@ public class RegisterUserCommandTests sutProvider.GetDependency() .OrganizationInviteExpirationHours.Returns(120); // 5 days - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blocked-domain.com") .Returns(true); @@ -1213,10 +1259,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "invalid-email-format"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - // Act & Assert var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.RegisterUser(user)); @@ -1232,10 +1274,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "invalid-email-format"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency>() .TryUnprotect(emailVerificationToken, out Arg.Any()) .Returns(callInfo => @@ -1261,9 +1299,14 @@ public class RegisterUserCommandTests SutProvider sutProvider) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; user.ReferenceData = null; orgUser.Email = user.Email; + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .CreateUserAsync(user, masterPasswordHash) .Returns(IdentityResult.Success); @@ -1310,11 +1353,16 @@ public class RegisterUserCommandTests SutProvider sutProvider) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; Organization organization = new Organization { Name = null }; + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .CreateUserAsync(user) .Returns(IdentityResult.Success); @@ -1348,10 +1396,15 @@ public class RegisterUserCommandTests SutProvider sutProvider) { // Arrange + user.Email = $"test+{Guid.NewGuid()}@example.com"; user.ReferenceData = null; orgUser.Email = user.Email; organization.PlanType = PlanType.EnterpriseAnnually; + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any(), Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .CreateUserAsync(user, masterPasswordHash) .Returns(IdentityResult.Success); @@ -1406,10 +1459,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "user@blocked-domain.com"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blocked-domain.com", organization.Id) .Returns(true); @@ -1429,10 +1478,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "user@company-domain.com"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - // Domain is claimed by THIS organization, so it should be allowed sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("company-domain.com", organization.Id) @@ -1461,10 +1506,6 @@ public class RegisterUserCommandTests // Arrange user.Email = "user@unclaimed-domain.com"; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("unclaimed-domain.com", organization.Id) .Returns(false); // Domain is not claimed by any org diff --git a/test/Core.Test/Auth/UserFeatures/Registration/SendVerificationEmailForRegistrationCommandTests.cs b/test/Core.Test/Auth/UserFeatures/Registration/SendVerificationEmailForRegistrationCommandTests.cs index 91e8351d2c..c7bb72ccbb 100644 --- a/test/Core.Test/Auth/UserFeatures/Registration/SendVerificationEmailForRegistrationCommandTests.cs +++ b/test/Core.Test/Auth/UserFeatures/Registration/SendVerificationEmailForRegistrationCommandTests.cs @@ -59,9 +59,11 @@ public class SendVerificationEmailForRegistrationCommandTests [Theory] [BitAutoData] public async Task SendVerificationEmailForRegistrationCommand_WhenFromMarketingIsPremium_SendsEmailWithMarketingParameterAndReturnsNull(SutProvider sutProvider, - string email, string name, bool receiveMarketingEmails) + string name, bool receiveMarketingEmails) { // Arrange + var email = $"test+{Guid.NewGuid()}@example.com"; + sutProvider.GetDependency() .GetByEmailAsync(email) .ReturnsNull(); @@ -167,9 +169,15 @@ public class SendVerificationEmailForRegistrationCommandTests [Theory] [BitAutoData] public async Task SendVerificationEmailForRegistrationCommand_WhenOpenRegistrationDisabled_ThrowsBadRequestException(SutProvider sutProvider, - string email, string name, bool receiveMarketingEmails) + string name, bool receiveMarketingEmails) { // Arrange + var email = $"test+{Guid.NewGuid()}@example.com"; + + sutProvider.GetDependency() + .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any()) + .Returns(false); + sutProvider.GetDependency() .DisableUserRegistration = true; @@ -235,10 +243,6 @@ public class SendVerificationEmailForRegistrationCommandTests sutProvider.GetDependency() .DisableUserRegistration = false; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("blockedcompany.com") .Returns(true); @@ -266,10 +270,6 @@ public class SendVerificationEmailForRegistrationCommandTests sutProvider.GetDependency() .DisableUserRegistration = false; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - sutProvider.GetDependency() .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync("allowedcompany.com") .Returns(false); @@ -298,10 +298,6 @@ public class SendVerificationEmailForRegistrationCommandTests sutProvider.GetDependency() .DisableUserRegistration = false; - sutProvider.GetDependency() - .IsEnabled(FeatureFlagKeys.BlockClaimedDomainAccountCreation) - .Returns(true); - // Act & Assert var exception = await Assert.ThrowsAsync(() => sutProvider.Sut.Run(email, name, receiveMarketingEmails, null));