[PM-27766] Add policy for blocking account creation from claimed domains. (#6537)

* Add policy for blocking account creation from claimed domains. * dotnet format * check as part of email verification * add feature flag * fix tests * try to fix dates on database integration tests * PR feedback from claude * remove claude local settings * pr feedback * format * fix test * create or alter * PR feedback * PR feedback * Update src/Core/Constants.cs Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com> * fix merge issues * fix tests --------- Co-authored-by: Thomas Rittson <31796059+eliykat@users.noreply.github.com>
2025-12-22 03:03:33 +00:00 · 2025-11-19 20:25:50 -05:00
parent 55fb80b2fc
commit c0700a6946
18 changed files with 1502 additions and 18 deletions
--- a/test/Core.Test/Utilities/EmailValidationTests.cs
+++ b/test/Core.Test/Utilities/EmailValidationTests.cs
@@ -0,0 +1,51 @@
+using Bit.Core.Exceptions;
+using Bit.Core.Utilities;
+using Xunit;
+
+namespace Bit.Core.Test.Utilities;
+
+public class EmailValidationTests
+{
+    [Theory]
+    [InlineData("user@Example.COM", "example.com")]
+    [InlineData("user@EXAMPLE.COM", "example.com")]
+    [InlineData("user@example.com", "example.com")]
+    [InlineData("user@Example.Com", "example.com")]
+    [InlineData("User@DOMAIN.CO.UK", "domain.co.uk")]
+    public void GetDomain_WithMixedCaseEmail_ReturnsLowercaseDomain(string email, string expectedDomain)
+    {
+        // Act
+        var result = EmailValidation.GetDomain(email);
+
+        // Assert
+        Assert.Equal(expectedDomain, result);
+    }
+
+    [Theory]
+    [InlineData("hello@world.com", "world.com")]                // regular email address
+    [InlineData("hello@world.planet.com", "world.planet.com")]  // subdomain
+    [InlineData("hello+1@world.com", "world.com")]              // alias
+    [InlineData("hello.there@world.com", "world.com")]          // period in local-part
+    [InlineData("hello@wörldé.com", "wörldé.com")]              // unicode domain
+    [InlineData("hello@world.cömé", "world.cömé")]              // unicode top-level domain
+    public void GetDomain_WithValidEmail_ReturnsLowercaseDomain(string email, string expectedDomain)
+    {
+        // Act
+        var result = EmailValidation.GetDomain(email);
+
+        // Assert
+        Assert.Equal(expectedDomain, result);
+    }
+
+    [Theory]
+    [InlineData("invalid-email")]
+    [InlineData("@example.com")]
+    [InlineData("user@")]
+    [InlineData("")]
+    public void GetDomain_WithInvalidEmail_ThrowsBadRequestException(string email)
+    {
+        // Act & Assert
+        var exception = Assert.Throws<BadRequestException>(() => EmailValidation.GetDomain(email));
+        Assert.Equal("Invalid email address format.", exception.Message);
+    }
+}