move domain allowlist to Auth0 action

macfarlandian commented 1 month ago

Description of the change

We already had an action that was mostly overlapping with our deprecated hook, so this just adds the missing piece of denying access to signups that don't hit the domain mapping. (The diff is a little misleading, because the domain-mapping solution was already what was live in Auth0; all I did was add the deny call at the end and move recidiviz email domains into the mapping instead of handling them separately.) While in there I reorganized the files a bit to better reflect the Auth0 resources they represent.

All of these changes are already live in staging and the hook has been deleted. You can see evidence of this working in the Auth0 logs: expected success, expected failure

Type of change

[ ] Bug fix (non-breaking change that fixes an issue)
[ ] New feature (non-breaking change that adds functionality)
[ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
[x] Configuration change (adjusts configuration to achieve some end related to functionality, development, performance, or security)

Related issues

Closes #656

Checklists

Development

These boxes should be checked by the submitter prior to merging:

[x] Manual testing against realistic data has been performed locally

Code review

These boxes should be checked by reviewers prior to merging:

[ ] This pull request has a descriptive title and information useful to a reviewer
[ ] This pull request has been moved out of a Draft state, has no "Work In Progress" label, and has assigned reviewers
[ ] Potential security implications or infrastructural changes have been considered, if relevant