📫 refactor: OpenID Email Claim Fallback (#10296)

* 📫 refactor: Enhance OpenID email Fallback

* Updated email retrieval logic to use preferred_username or upn if email is not available.
* Adjusted logging and user data assignment to reflect the new email handling approach.
* Ensured email domain validation checks the correct email source.

* 🔄 refactor: Update Email Domain Validation Logic

* Modified `isEmailDomainAllowed` function to return true for falsy emails and missing domain restrictions.
* Added new test cases to cover scenarios with and without domain restrictions.
* Ensured proper validation when domain restrictions are present.

packages/api/src/auth/domain.spec.ts

@@ -6,15 +6,27 @@ describe('isEmailDomainAllowed', () => {
     jest.clearAllMocks();
   });
 
-  it('should return false if email is falsy', async () => {
+  it('should return true if email is falsy and no domain restrictions exist', async () => {
     const email = '';
     const result = isEmailDomainAllowed(email);
+    expect(result).toBe(true);
+  });
+
+  it('should return true if domain is not present in the email and no domain restrictions exist', async () => {
+    const email = 'test';
+    const result = isEmailDomainAllowed(email);
+    expect(result).toBe(true);
+  });
+
+  it('should return false if email is falsy and domain restrictions exist', async () => {
+    const email = '';
+    const result = isEmailDomainAllowed(email, ['domain1.com']);
     expect(result).toBe(false);
   });
 
-  it('should return false if domain is not present in the email', async () => {
+  it('should return false if domain is not present in the email and domain restrictions exist', async () => {
     const email = 'test';
-    const result = isEmailDomainAllowed(email);
+    const result = isEmailDomainAllowed(email, ['domain1.com']);
     expect(result).toBe(false);
   });