# Day 6 Architecture vs Implementation - Comprehensive Gap Analysis **Date**: 2025-11-03 **Analysis By**: System Architect **Status**: **CRITICAL GAPS IDENTIFIED** --- ## Executive Summary ### Overall Completion: **55%** This gap analysis compares the **Day 6 Architecture Design** (DAY6-ARCHITECTURE-DESIGN.md) against the **actual implementation** completed on Days 6-7. While significant progress was made, several critical features from the Day 6 architecture plan were **NOT implemented** or only **partially implemented**. **Key Findings**: - ✅ **Fully Implemented**: 2 scenarios (35%) - 🟡 **Partially Implemented**: 1 scenario (15%) - ❌ **Not Implemented**: 3 scenarios (50%) - 📦 **Scope Changed in Day 7**: Email features moved to different architecture --- ## 1. Scenario A: Role Management API ### Status: 🟡 **PARTIALLY IMPLEMENTED (65%)** #### ✅ Fully Implemented Components | Component | Architecture Spec | Implementation Status | Files | |-----------|------------------|----------------------|-------| | **List Users Endpoint** | GET `/api/tenants/{tenantId}/users` | ✅ Implemented | `TenantUsersController.cs` | | **Assign Role Endpoint** | POST `/api/tenants/{tenantId}/users/{userId}/role` | ✅ Implemented | `TenantUsersController.cs` | | **Remove User Endpoint** | DELETE `/api/tenants/{tenantId}/users/{userId}` | ✅ Implemented | `TenantUsersController.cs` | | **AssignUserRoleCommand** | Command + Handler | ✅ Implemented | `AssignUserRoleCommandHandler.cs` | | **RemoveUserCommand** | Command + Handler | ✅ Implemented | `RemoveUserFromTenantCommandHandler.cs` | | **ListTenantUsersQuery** | Query + Handler | ✅ Implemented | `ListTenantUsersQuery.cs` | | **Cross-Tenant Security** | Validation in controller | ✅ Implemented (Day 6 security fix) | `TenantUsersController.cs` | #### ❌ Missing Components (CRITICAL) | Component | Architecture Spec (Section) | Status | Impact | |-----------|---------------------------|--------|--------| | **UpdateUserRoleCommand** | Section 2.5.1 (lines 313-411) | ❌ **NOT IMPLEMENTED** | **HIGH** - Cannot update existing roles without removing user | | **UpdateUserRoleCommandHandler** | Section 2.5.1 | ❌ **NOT IMPLEMENTED** | **HIGH** | | **PUT Endpoint** | PUT `/api/tenants/{tenantId}/users/{userId}/role` | ❌ **NOT IMPLEMENTED** | **HIGH** | | **UserTenantRoleValidator** | Section 2.4 (lines 200-228) | ❌ **NOT IMPLEMENTED** | **MEDIUM** - Validation logic scattered | | **CountByTenantAndRoleAsync** | Section 2.6 (line 589) | ❌ **NOT IMPLEMENTED** | **MEDIUM** - Cannot prevent last owner removal | | **GetByIdsAsync** | Section 2.6 (line 612) | ❌ **NOT IMPLEMENTED** | **LOW** - Performance issue with batch loading | | **Database Index** | `idx_user_tenant_roles_tenant_role` | ❌ **NOT VERIFIED** | **LOW** - Performance concern | | **PagedResult DTO** | Section 2.3.2 (lines 183-190) | ❌ **NOT IMPLEMENTED** | **MEDIUM** - No pagination support | #### 🔍 Implementation Differences **Architecture Design**: ```csharp // Separate endpoints for assign vs update POST /api/tenants/{id}/users/{userId}/role // Create new role PUT /api/tenants/{id}/users/{userId}/role // Update existing role ``` **Actual Implementation**: ```csharp // Single endpoint that does both assign AND update POST /api/tenants/{id}/users/{userId}/role // Creates OR updates // No PUT endpoint ``` **Impact**: - ❌ Not RESTful (PUT should be used for updates) - ⚠️ Frontend cannot distinguish between create and update operations - ⚠️ Less explicit API semantics #### 🔴 Critical Missing Validation **Architecture Required (Section 2.5.1, lines 374-410)**: ```csharp // Rule 1: Cannot self-demote from TenantOwner // Rule 2: Cannot remove last TenantOwner (requires CountByTenantAndRoleAsync) // Rule 3: AIAgent role restriction ``` **Actual Implementation**: - ✅ Rule 3 implemented (AIAgent restriction) - ❌ Rule 1 **NOT FULLY IMPLEMENTED** (no check in UpdateRole because no UpdateRole exists) - ❌ Rule 2 **NOT IMPLEMENTED** (missing repository method) --- ## 2. Scenario B: Email Verification ### Status: ✅ **FULLY IMPLEMENTED (95%)** (Day 7) #### ✅ Fully Implemented Components | Component | Architecture Spec | Implementation Status | Files | |-----------|------------------|----------------------|-------| | **Email Service Interface** | Section 3.3.2 (lines 862-893) | ✅ Implemented | `IEmailService.cs` | | **SMTP Email Service** | Section 3.3.4 (lines 1041-1092) | ✅ Implemented | `SmtpEmailService.cs` | | **Mock Email Service** | Testing support | ✅ Implemented (better than spec) | `MockEmailService.cs` | | **VerifyEmailCommand** | Section 3.5.1 (lines 1150-1223) | ✅ Implemented | `VerifyEmailCommandHandler.cs` | | **Email Verification Flow** | User.cs updates | ✅ Implemented | `User.cs` | | **Verification Endpoint** | POST `/api/auth/verify-email` | ✅ Implemented | `AuthController.cs` | | **Token Hashing** | SHA-256 hashing | ✅ Implemented | `User.cs` | | **24h Token Expiration** | Section 3.4 (line 1102) | ✅ Implemented | `User.cs` | | **Auto-Send on Registration** | Section 3.8 (lines 1500-1587) | ✅ Implemented | `RegisterTenantCommandHandler.cs` | #### ❌ Missing Components (MEDIUM Impact) | Component | Architecture Spec (Section) | Status | Impact | |-----------|---------------------------|--------|--------| | **SendGrid Integration** | Section 3.3.3 (lines 896-1038) | ❌ **NOT IMPLEMENTED** | **MEDIUM** - Only SMTP available | | **ResendVerificationCommand** | Section 3.5.1 (lines 1226-1328) | ❌ **NOT IMPLEMENTED** | **MEDIUM** - Users cannot resend verification | | **Resend Verification Endpoint** | POST `/api/auth/resend-verification` | ❌ **NOT IMPLEMENTED** | **MEDIUM** | | **Email Rate Limiting** | Database-backed (Section 3.6) | 🟡 **PARTIAL** - Memory-based only | **HIGH** - Not persistent across restarts | | **EmailRateLimit Entity** | Database table (Section 3.2, lines 828-843) | ❌ **NOT IMPLEMENTED** | **MEDIUM** - Using in-memory cache | | **Email Status Endpoint** | GET `/api/auth/email-status` | ❌ **NOT IMPLEMENTED** | **LOW** - No way to check verification status | | **Welcome Email** | Section 3.5.1 (lines 1193-1205) | ❌ **NOT IMPLEMENTED** | **LOW** - Nice to have | #### 🟡 Partial Implementation Concerns **Rate Limiting Implementation**: - Architecture Required: Database-backed `EmailRateLimiter` (Section 3.6, lines 1332-1413) - Actual Implementation: `MemoryRateLimitService` (in-memory only) - **Impact**: Rate limit state lost on server restart (acceptable for MVP, but not production-ready) **Email Provider Strategy**: - Architecture Required: SendGrid (primary) + SMTP (fallback) - Actual Implementation: SMTP only - **Impact**: No production-ready email provider (SendGrid recommended for deliverability) --- ## 3. Combined Features (Scenario C) ### Status: ❌ **NOT IMPLEMENTED (0%)** The Day 6 architecture document proposed a **combined migration** strategy (Section 4.2, lines 1747-1828) that was **NOT followed**. Instead: - Day 6 did **partial** role management (no database migration) - Day 7 added **separate migrations** for email features (3 migrations) **Architecture Proposed (Single Migration)**: ```sql -- File: Day6RoleManagementAndEmailVerification.cs -- 1. Add index: idx_user_tenant_roles_tenant_role -- 2. Add column: email_verification_token_expires_at -- 3. Add index: idx_users_email_verification_token -- 4. Create table: email_rate_limits ``` **Actual Implementation (Multiple Migrations)**: - Migration 1: `20251103202856_AddEmailVerification.cs` (email_verification_token_expires_at) - Migration 2: `20251103204505_AddPasswordResetToken.cs` (password reset fields) - Migration 3: `20251103210023_AddInvitations.cs` (invitations table) - ❌ **No migration for** `idx_user_tenant_roles_tenant_role` (performance index) - ❌ **No migration for** `email_rate_limits` table (database-backed rate limiting) **Impact**: - ⚠️ Missing performance optimization index - ❌ No persistent rate limiting (production concern) --- ## 4. Missing Database Schema Changes ### ❌ Critical Database Gaps | Schema Change | Architecture Spec (Section) | Status | Impact | |---------------|---------------------------|--------|--------| | **idx_user_tenant_roles_tenant_role** | Section 2.2 (lines 124-128) | ❌ NOT ADDED | **MEDIUM** - Performance issue with role queries | | **idx_users_email_verification_token** | Section 3.2 (lines 822-824) | ❌ NOT VERIFIED | **LOW** - May exist, needs verification | | **email_rate_limits table** | Section 3.2 (lines 828-843) | ❌ NOT CREATED | **HIGH** - No persistent rate limiting | | **email_verification_token_expires_at** | Section 3.2 (line 819) | ✅ ADDED | **GOOD** | **SQL to Add Missing Schema**: ```sql -- Missing index from Day 6 architecture CREATE INDEX IF NOT EXISTS idx_user_tenant_roles_tenant_role ON identity.user_tenant_roles(tenant_id, role); -- Missing rate limiting table from Day 6 architecture CREATE TABLE IF NOT EXISTS identity.email_rate_limits ( id UUID PRIMARY KEY DEFAULT gen_random_uuid(), email VARCHAR(255) NOT NULL, tenant_id UUID NOT NULL, operation_type VARCHAR(50) NOT NULL, last_sent_at TIMESTAMP NOT NULL, attempts_count INT NOT NULL DEFAULT 1, CONSTRAINT uq_email_rate_limit UNIQUE (email, tenant_id, operation_type) ); CREATE INDEX idx_email_rate_limits_email ON identity.email_rate_limits(email, tenant_id); CREATE INDEX idx_email_rate_limits_cleanup ON identity.email_rate_limits(last_sent_at); ``` --- ## 5. Missing API Endpoints ### ❌ Endpoints Not Implemented | Endpoint | Architecture Spec | Status | Priority | |----------|------------------|--------|----------| | **PUT** `/api/tenants/{tenantId}/users/{userId}/role` | Section 2.3.1 (line 138) | ❌ NOT IMPLEMENTED | **HIGH** | | **GET** `/api/tenants/{tenantId}/users/{userId}` | Section 2.3.1 (line 137) | ❌ NOT IMPLEMENTED | **MEDIUM** | | **POST** `/api/auth/resend-verification` | Section 3.7 (lines 1454-1469) | ❌ NOT IMPLEMENTED | **MEDIUM** | | **GET** `/api/auth/email-status` | Section 3.7 (lines 1474-1491) | ❌ NOT IMPLEMENTED | **LOW** | --- ## 6. Missing Application Layer Components ### Commands & Handlers | Component | Architecture Spec (Section) | Status | Priority | |-----------|---------------------------|--------|----------| | **UpdateUserRoleCommand** | Section 2.5.1 (lines 313-372) | ❌ NOT IMPLEMENTED | **HIGH** | | **UpdateUserRoleCommandHandler** | Section 2.5.1 (lines 313-372) | ❌ NOT IMPLEMENTED | **HIGH** | | **ResendVerificationEmailCommand** | Section 3.5.1 (lines 1226-1328) | ❌ NOT IMPLEMENTED | **MEDIUM** | | **ResendVerificationEmailCommandHandler** | Section 3.5.1 (lines 1226-1328) | ❌ NOT IMPLEMENTED | **MEDIUM** | ### DTOs | DTO | Architecture Spec (Section) | Status | Priority | |-----|---------------------------|--------|----------| | **PagedResult** | Section 2.3.2 (lines 183-190) | ❌ NOT IMPLEMENTED | **MEDIUM** | | **UserWithRoleDto** | Section 2.3.2 (lines 168-181) | 🟡 PARTIAL (no pagination) | **MEDIUM** | | **EmailStatusDto** | Section 3.7 (line 1495) | ❌ NOT IMPLEMENTED | **LOW** | | **ResendVerificationRequest** | Section 3.7 (line 1494) | ❌ NOT IMPLEMENTED | **MEDIUM** | --- ## 7. Missing Infrastructure Components ### Services | Service | Architecture Spec (Section) | Status | Priority | |---------|---------------------------|--------|----------| | **SendGridEmailService** | Section 3.3.3 (lines 896-1038) | ❌ NOT IMPLEMENTED | **MEDIUM** | | **EmailRateLimiter** (Database) | Section 3.6 (lines 1348-1413) | 🟡 Memory-based only | **HIGH** | | **IEmailRateLimiter** interface | Section 3.6 (lines 1332-1344) | 🟡 IRateLimitService (different interface) | **MEDIUM** | ### Repository Methods | Method | Architecture Spec (Section) | Status | Priority | |--------|---------------------------|--------|----------| | **IUserTenantRoleRepository.CountByTenantAndRoleAsync** | Section 2.6 (lines 587-591) | ❌ NOT IMPLEMENTED | **HIGH** | | **IUserRepository.GetByIdsAsync** | Section 2.6 (lines 609-614) | ❌ NOT IMPLEMENTED | **LOW** | | **IUserRepository.GetByEmailVerificationTokenAsync** | Section 3.5.1 (line 1175) | ❌ NOT VERIFIED | **MEDIUM** | --- ## 8. Missing Business Validation Rules ### ❌ Critical Validation Gaps | Validation Rule | Architecture Spec (Section) | Status | Impact | |----------------|---------------------------|--------|--------| | **Cannot remove last TenantOwner** | Section 2.5.1 (lines 390-403) | ❌ NOT IMPLEMENTED | **CRITICAL** - Can delete all owners | | **Cannot self-demote from TenantOwner** | Section 2.5.1 (lines 382-388) | 🟡 PARTIAL - Only in AssignRole | **HIGH** - Missing in UpdateRole | | **Rate limit: 1 email per minute** | Section 3.5.1 (lines 1274-1287) | 🟡 In-memory only | **MEDIUM** - Not persistent | | **Email enumeration prevention** | Section 3.5.1 (lines 1251-1265) | ✅ IMPLEMENTED | **GOOD** | | **Token expiration validation** | Section 3.4 (lines 1109-1122) | ✅ IMPLEMENTED | **GOOD** | --- ## 9. Missing Configuration ### ❌ Configuration Gaps | Config Item | Architecture Spec (Section) | Status | Priority | |-------------|---------------------------|--------|----------| | **SendGrid API Key** | Section 3.9 (lines 1594-1600) | ❌ NOT CONFIGURED | **MEDIUM** | | **SendGrid From Email** | Section 3.9 | ❌ NOT CONFIGURED | **MEDIUM** | | **EmailProvider setting** | Section 3.9 (line 1617) | 🟡 No auto-switch logic | **LOW** | | **Email verification config** | Section 3.9 (lines 1602-1616) | 🟡 PARTIAL | **LOW** | --- ## 10. Missing Documentation & Tests ### Documentation | Document | Architecture Spec (Section) | Status | |----------|---------------------------|--------| | **Swagger API Documentation** | Section 11.1 (lines 2513-2534) | 🟡 PARTIAL - Basic docs only | | **SendGrid Setup Guide** | Section 11.2 (lines 2537-2574) | ❌ NOT CREATED | | **Implementation Summary** | Section 11.3 (lines 2576-2625) | ✅ Created (DAY6-TEST-REPORT.md, DAY7 progress) | ### Tests | Test Category | Architecture Spec (Section) | Status | Priority | |--------------|---------------------------|--------|----------| | **Unit Tests - UserTenantRoleValidator** | Section 7.1 (lines 2050-2112) | ❌ NOT CREATED | **MEDIUM** | | **Integration Tests - UpdateRole** | Section 7.2 (lines 2159-2177) | ❌ NOT CREATED | **HIGH** | | **Integration Tests - Self-demote prevention** | Section 7.2 (lines 2159-2177) | ❌ NOT CREATED | **HIGH** | | **Integration Tests - Last owner prevention** | Section 7.2 (lines 2144-2158) | ❌ NOT CREATED | **HIGH** | | **Integration Tests - Email rate limiting** | Section 7.2 (lines 2230-2250) | 🟡 PARTIAL - In-memory only | **MEDIUM** | | **Integration Tests - Resend verification** | Section 7.2 (lines 2186-2228) | ❌ NOT CREATED | **MEDIUM** | --- ## 11. Gap Analysis Summary by Priority ### 🔴 CRITICAL Gaps (Must Fix Immediately) 1. ❌ **UpdateUserRoleCommand + Handler + PUT Endpoint** - Users cannot update roles without removing/re-adding - Non-RESTful API design - Missing business validation 2. ❌ **CountByTenantAndRoleAsync Repository Method** - Cannot prevent deletion of last TenantOwner - **SECURITY RISK**: Tenant can be left without owner 3. ❌ **Database-Backed Email Rate Limiting** - Current in-memory implementation not production-ready - Rate limit state lost on restart - **SECURITY RISK**: Email bombing attacks possible ### 🟡 HIGH Priority Gaps (Should Fix in Day 8) 4. ❌ **ResendVerificationEmail Command + Endpoint** - Users stuck if verification email fails - Poor user experience 5. ❌ **PagedResult DTO** - No pagination support for user lists - Performance issue with large tenant user lists 6. ❌ **Database Performance Index** (`idx_user_tenant_roles_tenant_role`) - Role queries will be slow at scale 7. ❌ **SendGrid Email Service** - SMTP not production-ready for deliverability - Need reliable email provider ### 🟢 MEDIUM Priority Gaps (Can Fix in Day 9-10) 8. ❌ **Get Single User Endpoint** (GET `/api/tenants/{id}/users/{userId}`) 9. ❌ **Email Status Endpoint** (GET `/api/auth/email-status`) 10. ❌ **GetByIdsAsync Repository Method** (batch user loading optimization) 11. ❌ **SendGrid Configuration Guide** 12. ❌ **Missing Integration Tests** (UpdateRole, self-demote, last owner, rate limiting) ### ⚪ LOW Priority Gaps (Future Enhancement) 13. ❌ **Welcome Email** (nice to have) 14. ❌ **Complete Swagger Documentation** 15. ❌ **Unit Tests for Business Validation** --- ## 12. Recommendations ### Immediate Actions (Day 8 - Priority 1) **1. Implement UpdateUserRole Feature (4 hours)** ``` Files to Create: - Commands/UpdateUserRole/UpdateUserRoleCommand.cs - Commands/UpdateUserRole/UpdateUserRoleCommandHandler.cs - Tests: UpdateUserRoleTests.cs Controller Changes: - Add PUT endpoint to TenantUsersController.cs Repository Changes: - Add CountByTenantAndRoleAsync to IUserTenantRoleRepository ``` **2. Fix Last Owner Deletion Vulnerability (2 hours)** ``` Changes Required: - Implement CountByTenantAndRoleAsync in UserTenantRoleRepository - Add validation in RemoveUserFromTenantCommandHandler - Add integration tests for last owner scenarios ``` **3. Add Database-Backed Rate Limiting (3 hours)** ``` Database Changes: - Create email_rate_limits table migration - Add EmailRateLimit entity and configuration Code Changes: - Implement DatabaseEmailRateLimiter service - Replace MemoryRateLimitService in DI configuration ``` ### Short-Term Actions (Day 9 - Priority 2) **4. Implement ResendVerification Feature (2 hours)** ``` Files to Create: - Commands/ResendVerificationEmail/ResendVerificationEmailCommand.cs - Commands/ResendVerificationEmail/ResendVerificationEmailCommandHandler.cs Controller Changes: - Add POST /api/auth/resend-verification endpoint ``` **5. Add Pagination Support (2 hours)** ``` Files to Create: - Dtos/PagedResult.cs - Update ListTenantUsersQueryHandler to return PagedResult ``` **6. Add Performance Index (1 hour)** ``` Migration: - Create migration to add idx_user_tenant_roles_tenant_role ``` ### Medium-Term Actions (Day 10 - Priority 3) **7. SendGrid Integration (3 hours)** ``` Files to Create: - Services/SendGridEmailService.cs - Configuration: Add SendGrid settings to appsettings - Documentation: SendGrid setup guide ``` **8. Missing Integration Tests (4 hours)** ``` Tests to Add: - UpdateRole scenarios (success + validation) - Self-demote prevention - Last owner prevention - Database-backed rate limiting - Resend verification ``` --- ## 13. Implementation Effort Estimate | Priority | Feature Set | Estimated Hours | Can Start | |----------|------------|----------------|-----------| | **CRITICAL** | UpdateUserRole + Last Owner Fix + DB Rate Limit | 9 hours | Immediately | | **HIGH** | ResendVerification + Pagination + Index | 5 hours | After Critical | | **MEDIUM** | SendGrid + Get User + Email Status | 5 hours | After High | | **LOW** | Welcome Email + Docs + Unit Tests | 4 hours | After Medium | | **TOTAL** | **All Missing Features** | **23 hours** | **~3 working days** | --- ## 14. Risk Assessment ### Security Risks | Risk | Severity | Mitigation Status | |------|----------|------------------| | **Last TenantOwner Deletion** | 🔴 CRITICAL | ❌ NOT MITIGATED | | **Email Bombing (Rate Limit Bypass)** | 🟡 HIGH | 🟡 PARTIAL (in-memory only) | | **Self-Demote Privilege Escalation** | 🟡 MEDIUM | 🟡 PARTIAL (AssignRole only) | | **Cross-Tenant Access** | ✅ RESOLVED | ✅ Fixed in Day 6 | ### Production Readiness Risks | Component | Status | Blocker for Production | |-----------|--------|----------------------| | **Role Management API** | 🟡 PARTIAL | ⚠️ YES - Missing UpdateRole | | **Email Verification** | ✅ FUNCTIONAL | ✅ NO - Works with SMTP | | **Email Rate Limiting** | 🟡 IN-MEMORY | ⚠️ YES - Not persistent | | **Email Deliverability** | 🟡 SMTP ONLY | ⚠️ YES - Need SendGrid | | **Database Performance** | 🟡 MISSING INDEX | ⚠️ MODERATE - Slow at scale | --- ## 15. Conclusion ### Overall Assessment **Day 6 Architecture Completion: 55%** | Scenario | Planned | Implemented | Completion % | |----------|---------|-------------|--------------| | **Scenario A: Role Management API** | 17 components | 11 components | **65%** | | **Scenario B: Email Verification** | 21 components | 20 components | **95%** | | **Scenario C: Combined Migration** | 1 migration | 0 migrations | **0%** | | **Database Schema** | 4 changes | 1 change | **25%** | | **API Endpoints** | 9 endpoints | 5 endpoints | **55%** | | **Commands/Queries** | 8 handlers | 5 handlers | **62%** | | **Infrastructure** | 5 services | 2 services | **40%** | | **Tests** | 25 test scenarios | 12 test scenarios | **48%** | ### Critical Findings #### What Went Well ✅ 1. Email verification flow is **production-ready** (95% complete) 2. Cross-tenant security vulnerability **fixed immediately** (Day 6) 3. Role assignment API **partially functional** (can assign and remove) 4. Test coverage **high** (68 tests, 85% pass rate) #### Critical Gaps ❌ 1. **No UpdateRole functionality** - Users cannot change roles without deleting 2. **Last owner deletion possible** - Security vulnerability 3. **Rate limiting not persistent** - Production concern 4. **Missing pagination** - Performance issue at scale 5. **No SendGrid** - Email deliverability concern ### Production Readiness **Current Status**: ⚠️ **NOT PRODUCTION READY** **Blockers**: 1. Missing UpdateUserRole feature (users cannot update roles) 2. Last TenantOwner deletion vulnerability (security risk) 3. Non-persistent rate limiting (email bombing risk) 4. Missing SendGrid integration (email deliverability) **Recommended Action**: **Complete Day 8 CRITICAL fixes before production deployment** --- ## 16. Next Steps ### Immediate (Day 8 Morning) 1. ✅ Create this gap analysis document 2. ⏭️ Present findings to Product Manager 3. ⏭️ Prioritize gap fixes with stakeholders 4. ⏭️ Start implementation of CRITICAL gaps ### Day 8 Implementation Plan ``` Morning (4 hours): - Implement UpdateUserRoleCommand + Handler - Add PUT endpoint to TenantUsersController - Add CountByTenantAndRoleAsync to repository Afternoon (4 hours): - Implement database-backed rate limiting - Create email_rate_limits table migration - Add last owner deletion prevention - Write integration tests ``` ### Day 9-10 Cleanup - Implement ResendVerification feature - Add pagination support - SendGrid integration - Complete missing tests --- **Document Version**: 1.0 **Status**: Ready for Review **Action Required**: Product Manager decision on gap prioritization --- ## Appendix: Quick Reference ### Files to Create (Critical Priority) ``` Application Layer: - Commands/UpdateUserRole/UpdateUserRoleCommand.cs - Commands/UpdateUserRole/UpdateUserRoleCommandHandler.cs - Commands/ResendVerificationEmail/ResendVerificationEmailCommand.cs - Commands/ResendVerificationEmail/ResendVerificationEmailCommandHandler.cs - Dtos/PagedResult.cs Infrastructure Layer: - Services/SendGridEmailService.cs - Services/DatabaseEmailRateLimiter.cs - Persistence/Configurations/EmailRateLimitConfiguration.cs - Persistence/Migrations/AddEmailRateLimitsTable.cs - Persistence/Migrations/AddRoleManagementIndex.cs Tests: - IntegrationTests/UpdateUserRoleTests.cs - IntegrationTests/LastOwnerPreventionTests.cs - IntegrationTests/DatabaseRateLimitTests.cs ``` ### Repository Methods to Add ```csharp // IUserTenantRoleRepository.cs Task CountByTenantAndRoleAsync(Guid tenantId, TenantRole role, CancellationToken cancellationToken); // IUserRepository.cs Task> GetByIdsAsync(IEnumerable userIds, CancellationToken cancellationToken); Task GetByEmailVerificationTokenAsync(string tokenHash, Guid tenantId, CancellationToken cancellationToken); ``` ### SQL Migrations to Add ```sql -- Migration 1: Performance index CREATE INDEX idx_user_tenant_roles_tenant_role ON identity.user_tenant_roles(tenant_id, role); -- Migration 2: Rate limiting table CREATE TABLE identity.email_rate_limits ( id UUID PRIMARY KEY, email VARCHAR(255) NOT NULL, tenant_id UUID NOT NULL, operation_type VARCHAR(50) NOT NULL, last_sent_at TIMESTAMP NOT NULL, attempts_count INT NOT NULL DEFAULT 1, UNIQUE (email, tenant_id, operation_type) ); ```