feat(organizations): config-gated email verification policy {strict|off}#3919
Conversation
Add config.organizations.emailVerification.mode ('strict' default) and gate
the existing email-verification checks in handleSignupOrganization and the
domain search controller. 'strict' preserves current behavior; 'off' always
auto-provisions / searches (same path as a mailer-not-configured env).
emailVerified stays server-only (no input-surface change); zero data-model
change. Adds unit tests for both modes.
|
Warning Review limit reached
More reviews will be available in 20 minutes and 37 seconds. Learn how PR review limits work. Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file). ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based credits. 🚦 How do rate limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (3)
WalkthroughAdds a ChangesEmail Verification Config-Gated Policy
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related issues
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR makes organizations’ email-verification gating configurable via config.organizations.emailVerification.mode, so deployments can choose between enforcing verification (strict, default) vs. auto-provisioning/searching even for unverified users (off) when the mailer is configured.
Changes:
- Add a config-gated “email verification policy” check to signup org provisioning (
handleSignupOrganization). - Add the same config gate to the organizations domain-search controller (
search). - Add unit tests covering both
strictandoffpolicy modes, and document the config in the organizations development config.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| modules/organizations/tests/organizations.emailVerification.policy.unit.tests.js | Adds unit coverage for the two newly gated surfaces across strict vs off modes. |
| modules/organizations/services/organizations.service.js | Replaces the hardcoded mailer+unverified branch with a config-driven strict/off policy gate. |
| modules/organizations/controllers/organizations.controller.js | Gates domain-search blocking for unverified users behind the same strict/off policy. |
| modules/organizations/config/organizations.development.config.js | Documents and sets the default emailVerification.mode to strict in dev config. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #3919 +/- ##
=======================================
Coverage 92.66% 92.66%
=======================================
Files 169 169
Lines 5535 5537 +2
Branches 1778 1780 +2
=======================================
+ Hits 5129 5131 +2
Misses 326 326
Partials 80 80
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@modules/organizations/controllers/organizations.controller.js`:
- Around line 185-191: The async `search` function in
`organizations.controller.js` is missing the required JSDoc header. Add a
one-line description plus `@param` entries for `req` and `res`, and include an
`@returns` tag documenting the resolved value for the async handler so it
matches the project’s JSDoc requirements.
In `@modules/organizations/services/organizations.service.js`:
- Around line 136-147: Add the missing JSDoc header for
handleSignupOrganization: include a one-line description, an `@param` entry for
user, and an `@returns` entry that documents the resolved value since this async
function returns a promise. Place the JSDoc immediately above
handleSignupOrganization so it matches the modified function and follows the
project’s documentation guideline.
- Around line 143-147: The email verification gate in organizations provisioning
is treating unknown orgConfig.emailVerification.mode values as non-strict, which
can bypass verification; update OrganizationsService’s strict-mode check to
normalize the mode value and fail closed so unrecognized values still behave as
strict. Apply the same normalization logic in the corresponding controller path
as well, using the existing emailVerificationStrict / emailVerification.mode
handling so both entry points enforce the same default-strict behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro
Run ID: 1289b193-0c9e-4af9-accd-993e354cd09c
📒 Files selected for processing (4)
modules/organizations/config/organizations.development.config.jsmodules/organizations/controllers/organizations.controller.jsmodules/organizations/services/organizations.service.jsmodules/organizations/tests/organizations.emailVerification.policy.unit.tests.js
…view) Adversarial review (Copilot + CodeRabbit, security): the gate treated any non-'strict' value as 'off', so a typo or wrong casing silently bypassed verification (fail open). Bypass now requires the explicit permissive 'off' value; default / typo / casing all keep the strict gate. Adds a fail-closed unit test. Gate logic aligned in both the service and the controller. Claude-Session: https://claude.ai/code/session_011zXXYka6vU5utEGoT4frME
Make email verification a config-gated policy instead of a hardcoded conditional.
config.organizations.emailVerification = { mode: 'strict' }(default).strict= current behavior (unverified users get no org/membership when the mailer is configured);off= auto-provision regardless (same path as the mailer-not-configured fallback). Gates both the org-provisioning service branch and the domain-search controller.Zero data-model change (derives from the existing server-set fields);
emailVerifiedstays server-only (no mass-assignment surface). Default behavior is byte-identical to today. Unit tests cover both modes.Closes #3916
Summary by CodeRabbit
New Features
Bug Fixes