feat: updated request domain check logic

src/dependencies.py

@@ -12,17 +12,20 @@
 async def check_domain(
     request: Request, session: Annotated[AsyncSession, Depends(get_session)]
 ) -> None:
-    if request.user.is_authenticated:
-        if request_needs_domain_check(request) and await email_domain_denied(
-            session, request.user.email
-        ):
+    if request_needs_domain_check(request):
+        if not request.user.is_authenticated:
+            raise HTTPException(status_code=HTTPStatus.FORBIDDEN)
+        if await email_domain_denied(session, request.user.email):
             raise HTTPException(
                 status_code=HTTPStatus.FORBIDDEN, detail="email domain denied"
             )
 
 
 def request_needs_domain_check(request: Request) -> bool:
-    open_endpoints = os.getenv("OPEN_ENDPOINT_PATHS", "/v1/admin/me,/v1/institutions")
+    open_endpoints = os.getenv(
+        "OPEN_ENDPOINT_PATHS",
+        "/v1/admin/me,/v1/institutions,/v1/institutions/domains/allowed",
+    )
     open_methods = os.getenv("OPEN_ENDPOINT_METHODS", "GET")
     endpoints = open_endpoints.split(",")
     methods = open_methods.split(",")