refactor: address review comments for join view

2026-03-10 22:54:41 +01:00 · 2026-03-10 22:54:41 +01:00 · 021b709e6a
commit 021b709e6a
parent f1d0526209
12 changed files with 113 additions and 31 deletions
--- a/lib/membership/join_request.ex
+++ b/lib/membership/join_request.ex
@ -37,6 +37,7 @@ defmodule Mv.Membership.JoinRequest do
      accept [:email, :first_name, :last_name, :form_data, :schema_version]

      change Mv.Membership.JoinRequest.Changes.SetConfirmationToken
+      change Mv.Membership.JoinRequest.Changes.FilterFormDataByAllowlist
    end

    read :get_by_confirmation_token_hash do
@ -77,6 +78,8 @@ defmodule Mv.Membership.JoinRequest do
  end

  validations do
+    # Format/formatting of email is not validated here; invalid addresses may fail at send time
+    # or can be enforced via an Ash change if needed.
    validate present(:email), on: [:create]
  end

--- a/lib/membership/join_request/changes/filter_form_data_by_allowlist.ex
+++ b/lib/membership/join_request/changes/filter_form_data_by_allowlist.ex
@ -0,0 +1,38 @@
+defmodule Mv.Membership.JoinRequest.Changes.FilterFormDataByAllowlist do
+  @moduledoc """
+  Filters form_data to only keys that are in the join form allowlist (server-side).
+
+  Ensures that even when submit_join_request/2 is called directly (e.g. from tests or API),
+  only allowlisted custom fields are persisted. Typed fields (email, first_name, last_name)
+  are not part of form_data; allowlist is join_form_field_ids minus those.
+  """
+  use Ash.Resource.Change
+
+  alias Mv.Membership
+
+  @typed_fields ["email", "first_name", "last_name"]
+
+  @spec change(Ash.Changeset.t(), keyword(), Ash.Resource.Change.context()) :: Ash.Changeset.t()
+  def change(changeset, _opts, _context) do
+    form_data = Ash.Changeset.get_attribute(changeset, :form_data) || %{}
+
+    allowlist_ids =
+      case Membership.get_join_form_allowlist() do
+        list when is_list(list) ->
+          list
+          |> Enum.map(fn item -> item.id end)
+          |> MapSet.new()
+          |> MapSet.difference(MapSet.new(@typed_fields))
+
+        _ ->
+          MapSet.new()
+      end
+
+    filtered =
+      form_data
+      |> Enum.filter(fn {key, _} -> MapSet.member?(allowlist_ids, to_string(key)) end)
+      |> Map.new()
+
+    Ash.Changeset.force_change_attribute(changeset, :form_data, filtered)
+  end
+end