fix(admin-form): validate email domain before transfer ownership#9235
Open
faizkhairi wants to merge 2 commits intoopengovsg:developfrom
Open
fix(admin-form): validate email domain before transfer ownership#9235faizkhairi wants to merge 2 commits intoopengovsg:developfrom
faizkhairi wants to merge 2 commits intoopengovsg:developfrom
Conversation
Add domain whitelist validation to transferFormOwnership() to prevent
admins from transferring form ownership to emails from non-whitelisted
domains. Uses the same AgencyModel.findOne({ emailDomain }) pattern
already used in collaborator validation.
The check runs after verifying the new owner is different from the
current owner (Step 1) and before looking up the new owner in the
database (Step 2), so we fail fast on invalid domains.
kevin9foong
reviewed
Mar 25, 2026
| }) | ||
| // Step 1b: Validate that the new owner's email domain is whitelisted. | ||
| .andThen((currentOwner) => { | ||
| const emailDomain = newOwnerEmail.split('@').pop() |
Contributor
There was a problem hiding this comment.
hi there, instead of making a new database query and validation logic, could we reuse the AuthService validateEmailDomain(email) method?
Author
There was a problem hiding this comment.
I refactored to reuse AuthService.validateEmailDomain() and map InvalidDomainError to TransferOwnershipError to keep the existing error contract. This also gives us the extra validator.isEmail() guard for free.
Hope this helps!
Replace inline AgencyModel.findOne() with AuthService.validateEmailDomain() as suggested in review. Maps InvalidDomainError to TransferOwnershipError to preserve existing error contract.
Author
|
Hey @kevin9foong, just a friendly bump. The refactor to reuse \ is in place per your review feedback. Let me know if there's anything else needed for this to move forward. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
transferFormOwnership()to block ownership transfer when the target email domain is not whitelisted in any agencyAgencyModel.findOne({ emailDomain })pattern already used in collaborator validation (line 1300-1301)Related Issue
Closes #5971
Changes
apps/backend/src/app/modules/form/admin-form/admin-form.service.tsAgencyModel.findOne({ emailDomain })How It Works
newOwnerEmail(e.g.,"data.gov.sg"from"user@data.gov.sg")AgencyModel.findOne({ emailDomain })to check if domain belongs to any whitelisted agencyTransferOwnershipErrorwith message"{email} is not part of a whitelisted agency"Test Plan
Happy to add unit tests in
admin-form.service.spec.tsif needed.