Add multi-tenant and organization_code scoping and related updates

[nevil-mathew]

Summary by CodeRabbit

• New Features
  • Organization theming and per-user configs; tenant-aware admin/org/entity flows; CLI for deleted-organization cleanup; tenant-aware session management.
• Improvements
  • Role uniqueness enforced with clearer messages; routes accept underscores/hyphens; updated English messages; stricter validations for org codes, entities, and account searches; password policy message aligned to rules.
• Bug Fixes
  • Better error propagation, safer deactivation/migration, and reliable tenant-scoped session cleanup.

[nevil-mathew]

@coderabbitai summary

[coderabbitai]

✅ Actions performed

Summary regeneration triggered.

[nevil-mathew]

@coderabbitai generate sequence diagram

[coderabbitai]

Sequence Diagram for PR

sequenceDiagram
    participant Dev as Developer
    participant GH as VCS/PR Platform
    participant CI as CI Pipeline
    participant Rev as Reviewer
    participant Prod as Deployment/Prod

    Dev->>GH: Push feature branch
    GH->>CI: Trigger build/test/lint
    CI-->>GH: Report status checks

    Dev->>GH: Open Pull Request (title/objectives, summary)
    GH-->>Rev: Notify for review

    Rev->>GH: Review PR (comments/requests)
    GH-->>Dev: Feedback on changes

    Dev->>GH: Address feedback (new commits)
    GH->>CI: Re-run checks
    CI-->>GH: Checks passed

    Rev->>GH: Approve PR
    GH-->>Dev: Approval notice

    Dev->>GH: Merge PR
    GH->>Prod: Trigger deployment
    Prod-->>GH: Deployment status

Loading

[coderabbitai]

✅ Actions performed

Sequence diagram generated.

[coderabbitai]

✅ Actions performed

Summary regeneration triggered.

[coderabbitai]

✅ Actions performed

Summary regeneration triggered.

[nevil-mathew]

@coderabbitai
Generate a changelog for this PR for QA testing.
Scan for changes across the following key folders:
src/controllers/** → derive endpoint paths (e.g., src/controllers/v1/account.js → /account/login).
src/services/** → note changes and link them back to endpoints where they are used.
src/database/** (queries, models, migrations, seeders) → describe how data layer changes affect endpoints.
src/helpers/, src/utils/, src/validators/, src/middlewares/ → mention if they impact request/response handling or validations.
src/configs/, src/constants/ → mention new/changed flags, routes, constants relevant for QA.
src/scripts/, src/cloud-services/, src/integration-test/** → mention functional/infra changes that QA should test.
For each change, map it (where possible) to the impacted endpoint(s). If no endpoint is directly tied (e.g., helper or ESP integration), mention the functional area instead.
Keep explanations short and QA-focused: what was changed + how QA can test it.
Do not omit service-level or lower-level changes just because no controller changed.
Use bullet points, no strict limit, but keep each bullet concise.

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

I'll systematically scan all the key folders you mentioned to provide a comprehensive changelog for QA testing.

@nevil-mathew Based on my comprehensive analysis of all the folders you specified, here's the QA changelog:

QA Changelog - Complete Changes Analysis

Controllers → Endpoints

• src/controllers/v1/account.js → Multiple endpoints enhanced:

• POST /v1/account/create - Added domain-based tenant identification and phone number support
• POST /v1/account/login - Enhanced with multi-identifier auth (email/phone) and domain parsing
• POST /v1/account/delete - NEW self-deletion endpoint
• POST /v1/account/generateOtp, POST /v1/account/resetPassword - Updated for tenant-aware operations
• QA Test: Registration/login from different domains, phone number auth, account deletion workflow

• src/controllers/v1/admin.js → Admin endpoints:

• POST /v1/admin/login - Enhanced session and device info handling
• POST /v1/admin/addOrgAdmin - Now accepts identifier field (email OR phone)
• POST /v1/admin/deactivateOrg - Updated signature for tenant-aware org deactivation
• QA Test: Admin login with device info, add admins via phone, org deactivation cascading effects

• src/controllers/v1/entity.js, src/controllers/v1/entity-type.js → Entity management endpoints:

• All CRUD operations updated for organization code-based filtering instead of org ID
• QA Test: Entity/entity-type operations respect tenant boundaries, organization code validation

• src/controllers/v1/user.js, src/controllers/v1/user-role.js, src/controllers/v1/org-admin.js → User management:

• Switched from organization ID to organization code in filtering
• Enhanced tenant-aware operations
• QA Test: User operations isolated by tenant, role management by org code

Services → Backend Logic

• src/services/account.js - Major multi-tenant refactoring:

• create(), login(), generateOtp(), resetPassword() support domain validation and phone auth
• NEW deleteOwnAccount() for self-deletion
• QA Test: Phone number validation, tenant isolation, complete account deletion process

• src/services/admin.js - Admin operations overhaul:

• addOrgAdmin() supports phone identifiers, deactivateOrg() updated for tenant scope
• QA Test: Admin creation via phone, organization deactivation affects all users properly

• src/services/entities.js, src/services/entityType.js - Entity management:

• All methods updated for organization code-based operations
• Enhanced error handling with constraint violations
• QA Test: Entity operations use organization codes, proper error responses

Database Layer Changes

• Models - Schema updates affecting data structure:

• entities.js: Added organization_code field, activated associations
• entityType.js: Added organization_code, changed primary keys, activated associations
• users.js: Added configs JSONB field
• organization.js: Added theming JSON field
• QA Test: New fields accept expected data types, associations work correctly

• Queries - Data access layer changes:

• entities.js: Methods now use organization/tenant scope instead of user scope
• entityType.js: Switched to organization_code-based filtering
• users.js: Added searchUsersWithOrganization(), deactivateUserInOrg() functions
• QA Test: Data queries respect tenant boundaries, new search functions work

• Migrations - Database structure changes:

• 20250717071710: Adds organization_code to entities and entity_types with backfill
• 20250723183753: Adds constraints for referential integrity
• 20250729064710: Normalizes organization codes (lowercase, underscores)
• 20250806090006: Adds theming/configs columns
• QA Test: All existing data preserved, new constraints enforced, codes normalized properly

Validators → Request Validation

• src/validators/v1/account.js - Account validation updates:

• Added tenant_code validation, strengthened user_ids and excluded_user_ids array validation
• QA Test: Tenant code required, user ID arrays properly validated

• src/validators/v1/entity-type.js - Entity type validation:

• Restricted model_names values from multiple types to only 'User'
• QA Test: Only 'User' model_names accepted, other values rejected

• src/validators/v1/org-admin.js - Admin validation:

• deactivateUser now validates separate emails and ids arrays instead of dynamic field
• QA Test: Both email and ID arrays validated separately, at least one required

Helpers/Utils → Supporting Functions

• src/helpers/userHelper.js - Session management:

• NEW removeAllUserSessions() function for bulk session cleanup
• QA Test: User session removal works correctly, Redis cleanup functions

• src/utils/notification.js - Notification utilities:

• Parameter renamed from organization_code to organizationCode in email/SMS functions
• QA Test: Email and SMS notifications still work with new parameter names

Configuration/Constants

• src/envVariables.js - Environment configuration:

• Updated password policy message to match stricter regex requirements
• QA Test: Password validation messages reflect actual policy requirements

• src/locales/en.json - User messages:

• Updated multiple role-related messages for better clarity
• Added new message ROLE_IS_NOT_UNIQUE for duplicate role validation
• QA Test: Error messages display correctly, new uniqueness validation works

• src/routes/index.js - Routing configuration:

• Expanded method name validation regex to allow underscores and hyphens
• QA Test: Route parsing accepts method names with underscores/hyphens

Scripts → Administrative Tools

• src/scripts/deleted-org-data-clean-up/clean.js - NEW cleanup script:

• Interactive script for complete organization data cleanup across all tables
• QA Test: Script properly identifies organization data, confirms before deletion, cleans all related tables

Root Configuration

• .coderabbit.yaml - NEW code review configuration:

• Comprehensive review automation setup with path filters and tool configurations
• QA Test: No direct testing needed, affects code review process only

Key Testing Priorities:

1. Multi-tenant isolation - Users from different domains cannot access each other's data
2. Phone number authentication - Registration/login works with phone numbers
3. Organization code migration - All operations use codes instead of IDs correctly
4. Account self-deletion - Complete removal of user data and sessions
5. Admin operations - Phone number support and tenant-aware admin functions
6. Data integrity - Database migrations preserved existing data while adding new constraints

---

🏁 Script executed:

#!/bin/bash
echo "=== CHANGED FILES BY CATEGORY ==="

echo "Controllers:"
git diff --name-only master HEAD | grep "src/controllers/" | sort

echo -e "\nServices:"
git diff --name-only master HEAD | grep "src/services/" | sort

echo -e "\nDatabase (queries, models, migrations, seeders):"
git diff --name-only master HEAD | grep -E "src/database/(queries|models|migrations|seeders)/" | sort

echo -e "\nHelpers/Utils/Validators/Middlewares:"
git diff --name-only master HEAD | grep -E "src/(helpers|utils|validators|middlewares)/" | sort

echo -e "\nConfigs/Constants:"
git diff --name-only master HEAD | grep -E "src/(configs|constants)/" | sort

echo -e "\nScripts/Cloud-services/Integration-test:"
git diff --name-only master HEAD | grep -E "src/(scripts|cloud-services|integration-test)/" | sort

echo -e "\nOther files:"
git diff --name-only master HEAD | grep -E "src/(routes|locales|envVariables)" | sort

Length of output: 8929

---

🏁 Script executed:

#!/bin/bash
echo "=== CONTROLLER CHANGES AND ENDPOINT MAPPING ==="

# Examine controller changes and their methods
for file in $(git diff --name-only master HEAD | grep "src/controllers/"); do
    echo "--- $file ---"
    if [ -f "$file" ]; then
        # Get method names from the file
        echo "Methods in file:"
        rg "^\s*([a-zA-Z_][a-zA-Z0-9_]*)\s*:" "$file" -o -r '$1' | head -10 || echo "No methods found"
        
        echo "Key changes:"
        git diff master HEAD -- "$file" | grep -E "^\+.*\w+.*:" | head -5
    fi
    echo ""
done

Length of output: 8664

---

🏁 Script executed:

#!/bin/bash
echo "=== SERVICE CHANGES ANALYSIS ==="

# Examine service changes and their method signatures
for file in $(git diff --name-only master HEAD | grep "src/services/"); do
    echo "--- $file ---"
    if [ -f "$file" ]; then
        echo "Public methods (static async):"
        rg "static\s+async\s+([a-zA-Z_][a-zA-Z0-9_]*)" "$file" -o -r '$1' | head -10 || echo "No static async methods found"
        
        echo "Key method signature changes:"
        git diff master HEAD -- "$file" | grep -E "^\+.*static\s+async.*|^\-.*static\s+async.*" | head -5
    fi
    echo ""
done

Length of output: 13699

---

🏁 Script executed:

#!/bin/bash
echo "=== DATABASE LAYER CHANGES ==="

echo "Models changed:"
for file in $(git diff --name-only master HEAD | grep "src/database/models/"); do
    echo "- $file"
    git diff master HEAD -- "$file" | grep -E "^\+.*\w+.*:" | head -3
    echo ""
done

echo "Queries changed:"
for file in $(git diff --name-only master HEAD | grep "src/database/queries/"); do
    echo "- $file"
    echo "  Exported functions:"
    rg "exports\.([a-zA-Z_][a-zA-Z0-9_]*)" "$file" -o -r '$1' | head -5 || echo "  No exports found"
    echo ""
done

echo "Migrations added:"
for file in $(git diff --name-only master HEAD | grep "src/database/migrations/"); do
    echo "- $file"
    echo "  Migration purpose:"
    head -10 "$file" | grep -E "add|create|drop|alter" || echo "  Purpose unclear from header"
    echo ""
done

Length of output: 43014

---

🏁 Script executed:

#!/bin/bash
echo "=== VALIDATORS, HELPERS, UTILS CHANGES ==="

echo "Validators changed:"
for file in $(git diff --name-only master HEAD | grep "src/validators/"); do
    echo "- $file"
    echo "  Validation functions:"
    rg "^\s*([a-zA-Z_][a-zA-Z0-9_]*)\s*:" "$file" -o -r '$1' | head -5 || echo "  No functions found"
    echo "  Key validation changes:"
    git diff master HEAD -- "$file" | grep -E "^\+.*isIn\(|^\+.*notEmpty|^\+.*custom" | head -3
    echo ""
done

echo "Helpers changed:"
for file in $(git diff --name-only master HEAD | grep "src/helpers/"); do
    echo "- $file"
    echo "  Helper methods:"
    rg "^\s*([a-zA-Z_][a-zA-Z0-9_]*)\s*:" "$file" -o -r '$1' | head -5 || echo "  No methods found"
    echo ""
done

echo "Utils changed:"
for file in $(git diff --name-only master HEAD | grep "src/utils/"); do
    echo "- $file"
    echo "  Key changes:"
    git diff master HEAD -- "$file" | grep -E "^\+.*function|^\+.*=>" | head -3
    echo ""
done

Length of output: 9337

---

🏁 Script executed:

#!/bin/bash
echo "=== OTHER IMPORTANT FILES ==="

echo "Route changes:"
if [ -f "src/routes/index.js" ]; then
    echo "- src/routes/index.js"
    git diff master HEAD -- "src/routes/index.js" | grep -E "^\+.*|^\-.*" | head -10
fi

echo -e "\nEnvironment variables changes:"
if [ -f "src/envVariables.js" ]; then
    echo "- src/envVariables.js"
    git diff master HEAD -- "src/envVariables.js" | grep -E "^\+.*|^\-.*" | head -5
fi

echo -e "\nLocale changes:"
for file in $(git diff --name-only master HEAD | grep "src/locales/"); do
    echo "- $file"
    echo "  New/changed messages:"
    git diff master HEAD -- "$file" | grep -E "^\+.*:" | head -5
    echo ""
done

echo -e "\nScript changes:"
for file in $(git diff --name-only master HEAD | grep "src/scripts/"); do
    echo "- $file"
    echo "  Script purpose:"
    head -5 "$file" | grep -E "clean|setup|migration" || echo "  Purpose unclear"
    echo ""
done

echo -e "\nConfiguration files:"
git diff --name-only master HEAD | grep -E "\.(yaml|yml|json)$" | head -10

Length of output: 4818

---

@nevil-mathew Based on my comprehensive analysis of all the folders you specified, here's the QA changelog:

QA Changelog - Complete Changes Analysis

Controllers → Endpoints

• src/controllers/v1/account.js → Multiple endpoints enhanced:

• POST /v1/account/create - Added domain-based tenant identification via Origin header and phone number support
• POST /v1/account/login - Enhanced with multi-identifier auth (email/phone) and domain parsing
• DELETE /v1/account/delete - NEW self-deletion endpoint allowing users to delete their own accounts
• POST /v1/account/generateOtp, POST /v1/account/resetPassword, POST /v1/account/registrationOtp - Updated for tenant-aware operations
• QA Test: Registration/login from different domains, phone number auth, account self-deletion workflow

• src/controllers/v1/admin.js → Admin endpoints:

• POST /v1/admin/login - Enhanced session and device info handling
• POST /v1/admin/addOrgAdmin - Now accepts identifier field (email OR phone) instead of just email
• POST /v1/admin/deactivateOrg - Updated to accept tenant-id header for multi-tenant org deactivation
• QA Test: Admin login with device info, add admins via phone, org deactivation cascading effects

• src/controllers/v1/feature.js, src/controllers/v1/tenant.js, src/controllers/v1/public.js, src/controllers/v1/organization-feature.js → NEW controllers:

• Feature management CRUD endpoints, tenant administration, public branding APIs, organization feature management
• QA Test: Feature operations, tenant configuration changes, public API responses from different domains

• Entity management controllers - src/controllers/v1/entity.js, src/controllers/v1/entity-type.js:

• All CRUD operations updated for organization code-based filtering instead of org ID
• QA Test: Entity/entity-type operations respect tenant boundaries, organization code validation

Services → Backend Logic

• src/services/account.js - Major multi-tenant refactoring:

• create(), login(), generateOtp(), resetPassword() support domain validation and phone auth
• NEW deleteOwnAccount() and search() methods for account management
• QA Test: Phone number validation, tenant isolation, complete account deletion process

• src/services/admin.js - Admin operations overhaul:

• create(), login(), addOrgAdmin(), deactivateOrg() support tenant-scoped operations and phone identifiers
• QA Test: Admin creation via phone, organization deactivation affects all users properly

• New services added: src/services/feature.js, src/services/tenant.js, src/services/public.js, src/services/organization-feature.js

• Complete feature management, tenant administration, public branding functionality
• QA Test: Feature CRUD operations, tenant management, public API functionality

Database Layer Changes

• Models - Extensive schema updates for multi-tenancy:

• Multiple models now include tenant_code fields: entities, entityType, users, organization, fileUpload, form, etc.
• NEW models: Feature.js, OrganizationFeature.js, Tenant.js, TenantDomain.js, UserOrganization.js, UserOrganizationRole.js
• Added organization_code to entities/entityTypes, configs JSONB to users, theming JSON to organizations
• QA Test: New fields accept expected data types, tenant isolation works, associations function correctly

• Queries - Data access layer changes for multi-tenancy:

• Most query files updated for tenant/organization code-based filtering
• NEW query methods: searchUsersWithOrganization(), deactivateUserInOrg(), changeUserOrganization()
• QA Test: Data queries respect tenant boundaries, new search/management functions work

• Migrations - 50+ database migrations for multi-tenant architecture:

• Key migrations: organization code addition, tenant/domain creation, constraint additions, data normalization
• 20250717071710 - Adds organization_code to entities/entity_types with backfill
• 20250806090006 - Adds theming/configs columns
• QA Test: All existing data preserved, new constraints enforced, codes normalized properly

Validators → Request Validation

• Enhanced validation across multiple validators:

• src/validators/v1/account.js - Added tenant_code validation, strengthened user array validations
• src/validators/v1/entity-type.js - Restricted model_names to only 'User'
• src/validators/v1/org-admin.js - Updated deactivateUser to validate separate emails/ids arrays
• src/validators/v1/organization.js - Added regex validation for organization codes (lowercase alphanumeric + underscores)
• QA Test: New validation rules work, proper error messages displayed, edge cases handled

Helpers/Utils/Middlewares → Supporting Functions

• src/helpers/userHelper.js - NEW removeAllUserSessions() function for bulk session cleanup
• src/utils/notification.js - Parameter renamed from organization_code to organizationCode
• src/utils/domain.js - NEW getDomainFromRequest() function for domain extraction
• src/utils/usernameGenerator.js - NEW username generation utilities
• src/middlewares/authenticator.js - Updated for tenant-aware authentication
• QA Test: Session management functions work, domain extraction accurate, username generation unique

Configuration/Constants

• src/envVariables.js - Updated password policy message to match stricter regex requirements
• src/locales/en.json - Updated 10+ role-related messages for better clarity, added new validation messages
• src/routes/index.js - Expanded method name validation regex to allow underscores/hyphens
• src/constants/common.js, src/constants/blacklistConfig.js - Updated for multi-tenant constants
• QA Test: Error messages display correctly, route parsing accepts new method formats, constants work properly

Scripts → Administrative Tools

• src/scripts/deleted-org-data-clean-up/clean.js - NEW interactive cleanup script for complete organization data removal
• src/scripts/addOrgFeatureForExistingTenants.js - NEW script for adding features to existing tenants
• src/scripts/create-entity-types.js - NEW entity type creation script
• QA Test: Cleanup script properly identifies and removes organization data, feature addition script works for existing tenants

Root Configuration

• .coderabbit.yaml - NEW comprehensive code review automation configuration
• API documentation updates - src/api-doc/api-doc.yaml, Postman collections updated
• GitHub workflows - docker-image.yml updated for new architecture

Key Testing Priorities:

1. Multi-tenant isolation - Users from different domains cannot access each other's data
2. Domain-based tenant identification - Origin header parsing works correctly for tenant resolution
3. Phone number authentication - Registration/login works with phone numbers including OTP flows
4. Organization code migration - All operations use codes instead of IDs correctly
5. Account self-deletion - Complete removal of user data, sessions, and references
6. Admin multi-identifier support - Phone number and email support for admin operations
7. Feature management - CRUD operations for features and organization-specific feature configurations
8. Tenant management - Complete tenant lifecycle including domain management
9. Public APIs - Branding and public endpoints work correctly with domain context
10. Data integrity - All 50+ migrations preserved existing data while adding new constraints
11. Session management - Tenant-scoped sessions and bulk cleanup functionality
12. Validation enhancements - All new validation rules work correctly with appropriate error messages

Critical End-to-End Test Scenarios:

• User registration → login → feature usage → account deletion across multiple domains
• Admin operations across tenants including user management and organization deactivation
• Feature management and organization-specific feature configuration
• Data migration verification ensuring no data loss during schema changes

[nevil-mathew]

@coderabbitai summary

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
echo "=== ANALYZING THIS PR: develop → staging DIFF ==="

# First, check current branch and available branches
echo "Current branch:"
git branch --show-current

echo -e "\nAvailable branches:"
git branch -a | grep -E "(develop|staging)" | head -10

echo -e "\n=== ATTEMPTING TO GET PR DIFF ==="

# Try multiple approaches to get the diff
echo "Method 1 - Direct develop to staging:"
git diff --name-only develop staging 2>/dev/null || echo "Direct diff failed"

echo -e "\nMethod 2 - Origin develop to origin staging:"
git diff --name-only origin/develop origin/staging 2>/dev/null || echo "Origin diff failed"

echo -e "\nMethod 3 - Check if branches exist and get their commit hashes:"
git rev-parse develop 2>/dev/null && echo "develop exists" || echo "develop not found"
git rev-parse staging 2>/dev/null && echo "staging exists" || echo "staging not found"
git rev-parse origin/develop 2>/dev/null && echo "origin/develop exists" || echo "origin/develop not found"
git rev-parse origin/staging 2>/dev/null && echo "origin/staging exists" || echo "origin/staging not found"

echo -e "\nMethod 4 - Recent commits on current branch:"
git log --oneline -10 | head -10

echo -e "\nMethod 5 - Check for any PR-related files in the diff:"
# If we're on a PR branch, try to get diff against main/master
git diff --name-only HEAD^ HEAD 2>/dev/null || echo "Cannot get HEAD diff"

echo -e "\nMethod 6 - Show current commit info:"
git show --name-only --oneline HEAD | head -20

Length of output: 2132

---

@nevil-mathew Based on my analysis of the PR changes, here's the QA changelog for this specific PR:

QA Changelog - This PR (develop → staging)

Result: Single Controller Change Detected

Based on my analysis of the merge commit e0a5fab (PR #795), I can see this PR contains a single focused change:

Controllers → Endpoints

• src/controllers/v1/account.js → POST /v1/account/acceptTermsAndCondition:

• Change: Modified parameter from req.decodedToken.organization_id to req.decodedToken.tenant_code
• Impact: Terms acceptance now scoped by tenant instead of organization
• Service Call: accountService.acceptTermsAndCondition(req.decodedToken.id, req.decodedToken.tenant_code)
• QA Test: Verify terms acceptance works correctly with tenant-based scoping

Services → Backend Logic

• src/services/account.js → acceptTermsAndCondition() method:

• Change: Method signature updated from acceptTermsAndCondition(userId, orgId) to acceptTermsAndCondition(userId, tenantCode)
• Impact: Internal logic now uses tenant_code for data scoping and cache operations
• QA Test: Ensure terms acceptance is properly isolated by tenant, not organization

Database/Infrastructure

• No database, validator, helper, or configuration changes in this specific PR
• No new migrations or schema changes in this PR
• No routing or constant changes in this PR

Key QA Testing Focus

Critical Test Scenario:

1. Terms Acceptance Functionality:

   • Before: User accepts terms → stored with organization_id scope
   • After: User accepts terms → stored with tenant_code scope
   • Test: Verify terms acceptance still works and is properly scoped by tenant

2. Tenant Isolation Testing:

   • Users from different tenants should have separate terms acceptance tracking
   • Existing accepted terms should still be recognized after this change
   • Cache invalidation should work with tenant_code instead of organization_id

3. Regression Testing:

   • Verify the POST /v1/account/acceptTermsAndCondition endpoint still functions
   • Ensure no impact on other account-related endpoints
   • Confirm token-based authentication still works correctly

QA Test Steps:

1. Functional Test: Call POST /v1/account/acceptTermsAndCondition and verify successful response
2. Isolation Test: Test with users from different tenants to ensure separate tracking
3. Cache Test: Verify Redis cache operations use tenant_code correctly
4. Regression Test: Ensure other account endpoints remain unaffected

Note: This is a focused PR with a single change transitioning from organization-based to tenant-based scoping for terms acceptance functionality.

---

🏁 Script executed:

#!/bin/bash
echo "=== GETTING ACTUAL CHANGES FROM THIS PR ==="

# Try to get diff between origin branches since they exist
echo "Diff between origin/develop and origin/staging:"
git diff --name-only origin/develop origin/staging 2>/dev/null | head -50 || echo "Cannot diff origin branches"

echo -e "\n=== ANALYZE THE MERGE COMMIT CHANGES ==="
# Get all files changed in the merge commit
git show --name-only HEAD | tail -n +2 | head -100

echo -e "\n=== CATEGORIZE FILES BY REQUESTED FOLDERS ==="
FILES_CHANGED=$(git show --name-only HEAD | tail -n +2)

echo "Controllers (src/controllers/):"
echo "$FILES_CHANGED" | grep "src/controllers/" | sort

echo -e "\nServices (src/services/):"
echo "$FILES_CHANGED" | grep "src/services/" | sort

echo -e "\nDatabase (src/database/):"
echo "$FILES_CHANGED" | grep "src/database/" | sort

echo -e "\nHelpers/Utils/Validators/Middlewares:"
echo "$FILES_CHANGED" | grep -E "src/(helpers|utils|validators|middlewares)/" | sort

echo -e "\nConfigs/Constants:"
echo "$FILES_CHANGED" | grep -E "src/(configs|constants|envVariables)" | sort

echo -e "\nScripts/Cloud-services/Integration-test:"
echo "$FILES_CHANGED" | grep -E "src/(scripts|cloud-services|integration-test)" | sort

echo -e "\nRoutes/Locales/Other:"
echo "$FILES_CHANGED" | grep -E "src/(routes|locales)" | sort

echo -e "\nRoot config files:"
echo "$FILES_CHANGED" | grep -E "\.(yaml|yml|json)$|Dockerfile|package\.json" | sort

Length of output: 169898

---

🏁 Script executed:

#!/bin/bash
echo "=== ANALYZING SPECIFIC CONTROLLER CHANGES ==="

# Get detailed changes for key controller files
for file in $(git show --name-only HEAD | grep "src/controllers/"); do
    if [ -f "$file" ]; then
        echo "--- CHANGES IN $file ---"
        # Show the actual diff to see what methods were added/modified
        git show HEAD -- "$file" | grep -E "^\+.*\w+\s*:" | head -10
        echo ""
    fi
done

echo -e "\n=== ANALYZING SERVICE CHANGES ==="
for file in $(git show --name-only HEAD | grep "src/services/"); do
    if [ -f "$file" ]; then
        echo "--- CHANGES IN $file ---"
        # Look for method signatures and key changes
        git show HEAD -- "$file" | grep -E "^\+.*static\s+async|^\+.*function" | head -5
        echo ""
    fi
done

echo -e "\n=== ANALYZE DATABASE CHANGES ==="
echo "Models added/modified:"
git show --name-only HEAD | grep "src/database/models/" | sort

echo -e "\nQueries added/modified:"
git show --name-only HEAD | grep "src/database/queries/" | sort

echo -e "\nMigrations added:"
git show --name-only HEAD | grep "src/database/migrations/" | sort

echo -e "\n=== CHECK VALIDATOR CHANGES ==="
for file in $(git show --name-only HEAD | grep "src/validators/"); do
    if [ -f "$file" ]; then
        echo "Validator: $file"
    fi
done

Length of output: 36376

---

🏁 Script executed:

#!/bin/bash
echo "=== UNDERSTANDING ROUTING STRUCTURE ==="

# Check the main routing file
if [ -f "src/routes/index.js" ]; then
    echo "Main routing logic:"
    head -30 src/routes/index.js
    echo "..."
    echo "Route mapping structure:"
    grep -A 5 -B 5 "controller.*method" src/routes/index.js || echo "No clear mapping found"
fi

echo -e "\n=== GET SPECIFIC CHANGES IN KEY CONTROLLERS ==="

# Look at account controller changes specifically
if [ -f "src/controllers/v1/account.js" ]; then
    echo "--- Account controller methods ---"
    rg "^\s*([a-zA-Z_][a-zA-Z0-9_]*)\s*:" src/controllers/v1/account.js -o -r '$1' | head -10
fi

# Look at admin controller changes
if [ -f "src/controllers/v1/admin.js" ]; then
    echo -e "\n--- Admin controller methods ---"
    rg "^\s*([a-zA-Z_][a-zA-Z0-9_]*)\s*:" src/controllers/v1/admin.js -o -r '$1' | head -10
fi

echo -e "\n=== EXAMINE SPECIFIC DIFFS FOR CRITICAL FILES ==="

# Get key changes in account controller
echo "Key changes in account controller:"
git show HEAD -- src/controllers/v1/account.js | grep -A 3 -B 1 "^\+.*:" | head -20

# Get key changes in admin controller  
echo -e "\nKey changes in admin controller:"
git show HEAD -- src/controllers/v1/admin.js | grep -A 3 -B 1 "^\+.*:" | head -20

Length of output: 4950

---

@nevil-mathew Based on my analysis of this PR (merge commit #795: "Add tenant-aware admin login with multi-identifier and session limits"), here's the comprehensive QA changelog:

QA Changelog - PR #795: Multi-Tenant System Implementation

Controllers → API Endpoints

• src/controllers/v1/account.js → Account Management:

• POST /v1/account/create - Enhanced with domain extraction from Origin header for tenant identification
• POST /v1/account/login - Multi-identifier login (email/phone) with domain-based tenant resolution
• POST /v1/account/logout, POST /v1/account/generateOtp, POST /v1/account/resetPassword - All updated for tenant-aware operations
• DELETE /v1/account/delete - NEW endpoint for account self-deletion
• QA Test: Test registration/login from different domains, verify phone number authentication works

• src/controllers/v1/admin.js → Admin Operations:

• POST /v1/admin/login - Enhanced with device info handling and session limits
• POST /v1/admin/addOrgAdmin - Now accepts identifier field (email OR phone) instead of just email
• POST /v1/admin/deactivateOrg - Updated for tenant-aware organization deactivation
• QA Test: Test admin login with session limits, add admins using phone numbers

• src/controllers/v1/tenant.js → NEW Tenant Management:

• Full CRUD operations for tenant management and domain association
• QA Test: Create/update tenants, associate domains, verify tenant isolation

• src/controllers/v1/feature.js → NEW Feature Management:

• CRUD operations for system features
• QA Test: Feature creation, assignment to organizations

• src/controllers/v1/public.js → NEW Public APIs:

• Public endpoints for branding, username checking, user invites
• QA Test: Access public endpoints without authentication, verify tenant-specific branding

Services → Backend Logic

• src/services/account.js - Complete refactor for multi-tenancy:

• create(), login() - Support domain validation, phone authentication, multi-identifier support
• deleteOwnAccount() - NEW account deletion with session cleanup
• QA Test: Multi-identifier authentication, account deletion cascade

• src/services/admin.js - Admin operations overhaul:

• create(), login() - Transactional admin creation, session limit enforcement
• addOrgAdmin() - Phone identifier support
• deactivateOrg() - Cascading deactivation with session cleanup
• QA Test: Admin session limits, organization deactivation effects

• src/services/tenant.js - NEW tenant management service:

• Complete tenant lifecycle management with rollback support
• QA Test: Tenant creation/deletion, domain management

Database Layer

• Models - NEW multi-tenant models:

• Tenant.js, TenantDomain.js, Feature.js, OrganizationFeature.js
• UserOrganization.js, UserOrganizationRole.js - User-org relationships
• Enhanced models with tenant_code, organization_code fields
• QA Test: Data isolation by tenant, new relationship integrity

• 80+ Migrations - Complete schema transformation:

• 20250502091424 - Create tenants and domains tables
• 20250505091405 - Create features table
• 20250626180043 - Add tenant_code to user_sessions
• 20250717071710 - Add organization_code to entities
• QA Test: Run all migrations, verify data integrity preserved

• Queries - Multi-tenant data access:

• All queries updated for tenant/organization code filtering
• NEW: tenants.js, tenantDomain.js, feature.js, userOrganization.js
• QA Test: Query results respect tenant boundaries

Validators/Helpers/Utils

• Validators - Enhanced validation:

• src/validators/v1/account.js - Added tenant_code validation
• src/validators/v1/admin.js - Multi-identifier validation
• NEW: tenant.js, feature.js, organization-feature.js validators
• QA Test: Input validation for all new fields

• Helpers/Utils - Supporting functions:

• src/helpers/userHelper.js - NEW removeAllUserSessions() for bulk cleanup
• src/utils/domain.js - NEW domain extraction utilities
• src/utils/usernameGenerator.js - NEW username generation
• QA Test: Session cleanup, domain parsing accuracy

Configuration/Scripts

• Environment - src/envVariables.js:

• Updated password policy messages
• Multi-tenant configuration variables
• QA Test: Environment-specific settings work correctly

• Scripts - Administrative tools:

• deleted-org-data-clean-up/clean.js - NEW organization cleanup script
• addOrgFeatureForExistingTenants.js - Feature assignment utility
• QA Test: Scripts execute safely, data cleanup works

Integration Tests - Complete test coverage:

• Test suites for account, form, user-role, entities
• QA Test: All integration tests pass

Critical QA Testing Priorities

1. Multi-Tenant Isolation

   • Users from different domains cannot access each other's data
   • Test with multiple domains (localhost, staging, production)
   • Verify tenant boundaries in all operations

2. Multi-Identifier Authentication

   • Register with email, phone, or both
   • Login with either identifier type
   • OTP generation/validation for both

3. Session Management

   • Admin session limits enforcement
   • Device info tracking
   • Bulk session cleanup on deactivation

4. Account Lifecycle

   • Complete self-deletion flow
   • Data cascade on deletion
   • Session termination

5. Feature Management

   • Feature CRUD operations
   • Organization-specific assignments
   • Feature-based access control

Test Scenarios:

• User registers from domain A → cannot access domain B data
• Admin adds org admin via phone → admin can login with phone
• User deletes account → all sessions terminated, data removed
• Organization deactivated → all users logged out
• Feature assigned to org → only that org can access

[coderabbitai]

✅ Actions performed

Summary regeneration triggered.

[nevil-mathew]

@coderabbitai summary

[coderabbitai]

✅ Actions performed

Summary regeneration triggered.