Group users of same private domain (#243)

* Added Domain Category field and fix store tests

* Add GetAccountByDomain method

* Add Domain Category to authorization claims

* Initial GetAccountWithAuthorizationClaims test cases

* Renamed Private Domain map and index it on saving account

* New Go build tags

* Added NewRegularUser function

* Updated restore to account for primary domain account

Also, added another test case

* Added grouping user of private domains

Also added auxiliary methods for update metadata and domain attributes

* Update http handles get account method and tests

* Fix lint and document another case

* Removed unnecessary log

* Move use cases to method and add flow comments

* Split the new user and existing logic from GetAccountWithAuthorizationClaims

* Review: minor corrections

Co-authored-by: braginini <bangvalo@gmail.com>

management/server/jwtclaims/claims.go

@@ -2,7 +2,8 @@ package jwtclaims
 
 // AuthorizationClaims stores authorization information from JWTs
 type AuthorizationClaims struct {
-	UserId    string
-	AccountId string
-	Domain    string
+	UserId         string
+	AccountId      string
+	Domain         string
+	DomainCategory string
 }

management/server/jwtclaims/extractor.go

@@ -6,10 +6,11 @@ import (
 )
 
 const (
-	TokenUserProperty = "user"
-	AccountIDSuffix   = "wt_account_id"
-	DomainIDSuffix    = "wt_account_domain"
-	UserIDClaim       = "sub"
+	TokenUserProperty    = "user"
+	AccountIDSuffix      = "wt_account_id"
+	DomainIDSuffix       = "wt_account_domain"
+	DomainCategorySuffix = "wt_account_domain_category"
+	UserIDClaim          = "sub"
 )
 
 // Extract function type
@@ -47,5 +48,9 @@ func ExtractClaimsFromRequestContext(r *http.Request, authAudiance string) Autho
 	if ok {
 		jwtClaims.Domain = domainClaim.(string)
 	}
+	domainCategoryClaim, ok := claims[authAudiance+DomainCategorySuffix]
+	if ok {
+		jwtClaims.DomainCategory = domainCategoryClaim.(string)
+	}
 	return jwtClaims
 }

management/server/jwtclaims/extractor_test.go

@@ -19,6 +19,9 @@ func newTestRequestWithJWT(t *testing.T, claims AuthorizationClaims, audiance st
 	if claims.Domain != "" {
 		claimMaps[audiance+DomainIDSuffix] = claims.Domain
 	}
+	if claims.DomainCategory != "" {
+		claimMaps[audiance+DomainCategorySuffix] = claims.DomainCategory
+	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claimMaps)
 	r, err := http.NewRequest(http.MethodGet, "http://localhost", nil)
 	require.NoError(t, err, "creating testing request failed")
@@ -41,9 +44,10 @@ func TestExtractClaimsFromRequestContext(t *testing.T) {
 		name:          "All Claim Fields",
 		inputAudiance: "https://login/",
 		inputAuthorizationClaims: AuthorizationClaims{
-			UserId:    "test",
-			Domain:    "test.com",
-			AccountId: "testAcc",
+			UserId:         "test",
+			Domain:         "test.com",
+			AccountId:      "testAcc",
+			DomainCategory: "public",
 		},
 		testingFunc: require.EqualValues,
 		expectedMSG: "extracted claims should match input claims",
@@ -72,6 +76,18 @@ func TestExtractClaimsFromRequestContext(t *testing.T) {
 	}
 
 	testCase4 := test{
+		name:          "Category Is Empty",
+		inputAudiance: "https://login/",
+		inputAuthorizationClaims: AuthorizationClaims{
+			UserId:    "test",
+			Domain:    "test.com",
+			AccountId: "testAcc",
+		},
+		testingFunc: require.EqualValues,
+		expectedMSG: "extracted claims should match input claims",
+	}
+
+	testCase5 := test{
 		name:          "Only User ID Is set",
 		inputAudiance: "https://login/",
 		inputAuthorizationClaims: AuthorizationClaims{
@@ -81,7 +97,7 @@ func TestExtractClaimsFromRequestContext(t *testing.T) {
 		expectedMSG: "extracted claims should match input claims",
 	}
 
-	for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4} {
+	for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4, testCase5} {
 		t.Run(testCase.name, func(t *testing.T) {
 
 			request := newTestRequestWithJWT(t, testCase.inputAuthorizationClaims, testCase.inputAudiance)