[FEAT] Extraneous customer_email field on TokenBaseCardCreateInput

[damienwebdev]

💡 Feature request

Feature Name

TokenBaseCardCreateInput API Clean up

The Desired Behavior

"customer_email" on TokenBaseCardCreateInput is no longer a required field.

Your Use Case

As a developer, I would like to not send customer_email when creating a tokenbase card.

Environment

TokenBase version: 4.5.5
Magento version: 2.4.5-p5
PHP version: PHP 8.1.18 (cli) (built: Apr 14 2023 04:39:07) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.18, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.18, Copyright (c), by Zend Technologies

I was reviewing some code and noted that this field was in a request body. I was concerned that this could be leveraged to add cards to another customer's account. This is, luckily, not the case.

It appears that this is used because ParadoxLabs\TokenBase\Model\Api\GraphQL\UpdateCard allows for guest cards to be created (which I find a little surprising).

That being said, looking at this API it feels like it violates the "Interface Segregation" Principle since the field is not required for authenticated customers. I would suggest another operation like createTokenbaseCardForCustomer or createTokenbaseCardForGuest to clarify this API.