Create new UNAFFILIATED_EMAIL flow for affiliation invitation (#3603)

Author: seeker25

auth-api/devops/vaults.gcp.env

@@ -71,3 +71,4 @@ ENVIRONMENT_NAME="op://CD/$APP_ENV/base/DEPLOYMENT_ENV"
 
 # web-url
 BUSINESS_REGISTRY_URL="op://web-url/$APP_ENV/business-registry-ui/BUSINESS_REGISTRY_URL"
+REGISTRY_HOME_URL="op://web-url/$APP_ENV/business/REGISTRY_HOME_URL"

auth-api/migrations/versions/2026_02_06_add_unaffiliated_email_type.py

@@ -0,0 +1,42 @@
+"""Add UNAFFILIATED_EMAIL affiliation invitation type and make from_org_id nullable.
+
+Revision ID: a1b2c3d4e5f6
+Revises: 57e4f388c6ed
+Create Date: 2026-02-06
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy import Boolean, String
+
+
+# revision identifiers, used by Alembic.
+revision = 'a1b2c3d4e5f6'
+down_revision = '57e4f388c6ed'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    op.alter_column('affiliation_invitation_types', 'code', type_=sa.String(20), existing_type=sa.String(15))
+    op.alter_column('affiliation_invitations', 'type', type_=sa.String(20), existing_type=sa.String(15))
+
+    ait = sa.table('affiliation_invitation_types',
+                   sa.column('code', String),
+                   sa.column('description', String),
+                   sa.column('default', Boolean)
+                   )
+    op.bulk_insert(ait,
+                   [
+                       {'code': 'UNAFFILIATED_EMAIL', 'description': 'Invitation sent to entity email when no org affiliation exists', 'default': False}
+                   ])
+    op.alter_column('affiliation_invitations', 'from_org_id', nullable=True)
+    op.alter_column('affiliation_invitations', 'sender_id', nullable=True, existing_type=sa.Integer())
+
+
+def downgrade():
+    op.alter_column('affiliation_invitations', 'sender_id', nullable=False, existing_type=sa.Integer())
+    op.alter_column('affiliation_invitations', 'from_org_id', nullable=False)
+    op.execute("DELETE FROM affiliation_invitation_types WHERE code = 'UNAFFILIATED_EMAIL'")
+    op.alter_column('affiliation_invitations', 'type', type_=sa.String(15), existing_type=sa.String(20))
+    op.alter_column('affiliation_invitation_types', 'code', type_=sa.String(15), existing_type=sa.String(20))

auth-api/src/auth_api/config.py

@@ -152,6 +152,7 @@ class _Config:  # pylint: disable=too-few-public-methods
     EMAIL_TOKEN_SECRET_KEY = os.getenv("EMAIL_TOKEN_SECRET_KEY")
     TOKEN_EXPIRY_PERIOD = os.getenv("TOKEN_EXPIRY_PERIOD")
     AFFILIATION_TOKEN_EXPIRY_PERIOD_MINS = os.getenv("AFFILIATION_TOKEN_EXPIRY_PERIOD_MINS", "720")
+    UNAFFILIATED_EMAIL_TOKEN_EXPIRY_PERIOD_MINS = os.getenv("UNAFFILIATED_EMAIL_TOKEN_EXPIRY_PERIOD_MINS", "10080")
     STAFF_ADMIN_EMAIL = os.getenv("STAFF_ADMIN_EMAIL")
 
     # front end serves this image in this name.can be moved to openshift config as well..
@@ -312,6 +313,7 @@ class TestConfig(_Config):  # pylint: disable=too-few-public-methods
     API_GW_CONSUMER_EMAIL = "test.all.mc@gov.bc.ca"
     WEB_APP_URL = "https://localhost.com"
     BUSINESS_REGISTRY_URL = "https://localhost.com"
+    REGISTRY_HOME_URL = "https://localhost.com"
 
 
 class ProdConfig(_Config):  # pylint: disable=too-few-public-methods

auth-api/src/auth_api/exceptions/errors.py

@@ -60,6 +60,10 @@ class Error(Enum):
         "The business specified for the affiliation invitation could not be found.",
         HTTPStatus.BAD_REQUEST,
     )
+    AFFILIATION_ALREADY_EXISTS = (
+        "An affiliation already exists for this business.",
+        HTTPStatus.CONFLICT,
+    )
     FAILED_INVITATION = "Failed to dispatch the invitation", HTTPStatus.INTERNAL_SERVER_ERROR
     FAILED_NOTIFICATION = "Failed to dispatch the notification", HTTPStatus.INTERNAL_SERVER_ERROR
     DELETE_FAILED_ONLY_OWNER = (

auth-api/src/auth_api/models/affiliation_invitation.py

@@ -36,11 +36,11 @@ class AffiliationInvitation(BaseModel):  # pylint: disable=too-many-instance-att
     __tablename__ = "affiliation_invitations"
 
     id = Column(Integer, primary_key=True)
-    from_org_id = Column(ForeignKey("orgs.id"), nullable=False, index=True)
+    from_org_id = Column(ForeignKey("orgs.id"), nullable=True, index=True)
     to_org_id = Column(ForeignKey("orgs.id"), nullable=True, index=True)
     entity_id = Column(ForeignKey("entities.id"), nullable=False, index=True)
     affiliation_id = Column(ForeignKey("affiliations.id"), nullable=True, index=True)
-    sender_id = Column(ForeignKey("users.id"), nullable=False)
+    sender_id = Column(ForeignKey("users.id"), nullable=True)
     approver_id = Column(ForeignKey("users.id"), nullable=True)
     recipient_email = Column(String(8000), nullable=True)
     sent_date = Column(DateTime, nullable=False)
@@ -59,11 +59,18 @@ class AffiliationInvitation(BaseModel):  # pylint: disable=too-many-instance-att
     to_org = relationship("Org", foreign_keys=[to_org_id], lazy="select")
     affiliation = relationship("Affiliation", foreign_keys=[affiliation_id], lazy="select")
 
+    def _get_expiry_minutes(self):
+        """Get expiry minutes based on invitation type."""
+        config = get_named_config()
+        if self.type == AffiliationInvitationTypeEnum.UNAFFILIATED_EMAIL.value:
+            return int(config.UNAFFILIATED_EMAIL_TOKEN_EXPIRY_PERIOD_MINS)
+        return int(config.AFFILIATION_TOKEN_EXPIRY_PERIOD_MINS)
+
     @hybrid_property
     def expires_on(self):
         """Calculate the expiry date based on the config value."""
         if self.invitation_status_code == InvitationStatuses.PENDING.value:
-            return self.sent_date + timedelta(minutes=int(get_named_config().AFFILIATION_TOKEN_EXPIRY_PERIOD_MINS))
+            return self.sent_date + timedelta(minutes=self._get_expiry_minutes())
         return None
 
     @hybrid_property
@@ -75,9 +82,7 @@ def status(self):
             return self.invitation_status_code
 
         if self.invitation_status_code == InvitationStatuses.PENDING.value:
-            expiry_time = self.sent_date + timedelta(
-                minutes=int(get_named_config().AFFILIATION_TOKEN_EXPIRY_PERIOD_MINS)
-            )
+            expiry_time = self.sent_date + timedelta(minutes=self._get_expiry_minutes())
             if current_time >= expiry_time:
                 return InvitationStatuses.EXPIRED.value
         return self.invitation_status_code
@@ -91,7 +96,7 @@ def create_from_dict(cls, invitation_info: dict, user_id, affiliation_id=None):
         affiliation_invitation = AffiliationInvitation()
         affiliation_invitation.sender_id = user_id
         affiliation_invitation.affiliation_id = affiliation_id
-        affiliation_invitation.from_org_id = invitation_info["fromOrgId"]
+        affiliation_invitation.from_org_id = invitation_info.get("fromOrgId")
         affiliation_invitation.to_org_id = invitation_info.get("toOrgId")
         affiliation_invitation.entity_id = invitation_info["entityId"]
         affiliation_invitation.recipient_email = invitation_info.get("recipientEmail")

auth-api/src/auth_api/models/affiliation_invitation_type.py

@@ -16,6 +16,8 @@
 It defines the different types of an Affiliation Invitation.
 """
 
+from sqlalchemy import Column, String
+
 from .base_model import BaseCodeModel
 
 
@@ -24,6 +26,8 @@ class AffiliationInvitationType(BaseCodeModel):  # pylint: disable=too-few-publi
 
     __tablename__ = "affiliation_invitation_types"
 
+    code = Column(String(20), primary_key=True)
+
     @classmethod
     def get_default_type(cls):
         """Return the default type code for an Affiliation Invitation."""

auth-api/src/auth_api/models/dataclass.py

@@ -20,6 +20,7 @@
 from requests import Request
 
 from auth_api.utils.enums import KeycloakGroupActions
+from auth_api.utils.serializable import Serializable
 
 
 @dataclass
@@ -209,6 +210,17 @@ class ProductReviewTask:
     external_source_id: str | None = None
 
 
+@dataclass
+class UnaffiliatedEmailInvitationData(Serializable):
+    """Data for sending an unaffiliated email invitation to the mailer queue."""
+
+    business_name: str
+    email_addresses: str
+    business_identifier: str
+    token: str
+    context_url: str
+
+
 @dataclass
 class AffiliationBase:
     """Small class for searching in Names and LEAR."""

auth-api/src/auth_api/resources/v1/affiliation_invitation.py

@@ -98,6 +98,21 @@ def post_affiliation_invitation():
     return response, status
 
 
+@bp.route("/unaffiliated/<string:business_identifier>", methods=["POST"])
+@cross_origin(origins="*", methods=["POST"])
+@_jwt.has_one_of_roles([Role.SYSTEM.value])
+def post_unaffiliated_invitation(business_identifier):
+    """Send an unaffiliated email invitation for the entity."""
+    try:
+        entity = EntityService.find_by_business_identifier(business_identifier, skip_auth=True)
+        if not entity:
+            return {"message": "Business not found."}, HTTPStatus.NOT_FOUND
+        AffiliationInvitationService.send_unaffiliated_email_invitation(entity)
+        return {}, HTTPStatus.CREATED
+    except BusinessException as exception:
+        return {"code": exception.code, "message": exception.message}, exception.status_code
+
+
 @bp.route("/<string:affiliation_invitation_id>", methods=["GET", "OPTIONS"])
 @cross_origin(origins="*", methods=["GET", "PATCH", "DELETE"])
 @_jwt.requires_auth