zitadel/internal/domain/human_email.go

package domain

import (
	"io"
	"regexp"
	"strings"
	"time"

	"github.com/zitadel/zitadel/internal/crypto"
	"github.com/zitadel/zitadel/internal/errors"
	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
)

var (
	emailRegex = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$")
)

type EmailAddress string

func (e EmailAddress) Validate() error {
	if e == "" {
		return errors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty")
	}
	if !emailRegex.MatchString(string(e)) {
		return errors.ThrowInvalidArgument(nil, "EMAIL-599BI", "Errors.User.Email.Invalid")
	}
	return nil
}

func (e EmailAddress) Normalize() EmailAddress {
	return EmailAddress(strings.TrimSpace(string(e)))
}

type Email struct {
	es_models.ObjectRoot

	EmailAddress    EmailAddress
	IsEmailVerified bool
	// PlainCode is set by the command and can be used to return it to the caller (API)
	PlainCode *string
}

type EmailCode struct {
	es_models.ObjectRoot

	Code   *crypto.CryptoValue
	Expiry time.Duration
}

func (e *Email) Validate() error {
	if e == nil {
		return errors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty")
	}
	return e.EmailAddress.Validate()
}

func NewEmailCode(emailGenerator crypto.Generator) (*EmailCode, string, error) {
	emailCodeCrypto, code, err := crypto.NewCode(emailGenerator)
	if err != nil {
		return nil, "", err
	}
	return &EmailCode{
		Code:   emailCodeCrypto,
		Expiry: emailGenerator.Expiry(),
	}, code, nil
}

type ConfirmURLData struct {
	UserID string
	Code   string
	OrgID  string
}

// RenderConfirmURLTemplate parses and renders tmpl.
// userID, code and orgID are passed into the [ConfirmURLData].
func RenderConfirmURLTemplate(w io.Writer, tmpl, userID, code, orgID string) error {
	return renderURLTemplate(w, tmpl, &ConfirmURLData{userID, code, orgID})
}
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`package domain`

			`import (`
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`"io"`
feat: new es testing2 (#1428) * fix: org tests * fix: org tests * fix: user grant test * fix: user grant test * fix: project and project role test * fix: project grant test * fix: project grant test * fix: project member, grant member, app changed tests * fix: application tests * fix: application tests * fix: add oidc app test * fix: add oidc app test * fix: add api keys test * fix: iam policies * fix: iam and org member tests * fix: idp config tests * fix: iam tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: org domain test * fix: org tests * fix: org tests * fix: implement org idps * fix: pr requests * fix: email tests * fix: fix idp check * fix: fix user profile 2021-03-19 10:12:56 +00:00			`"regexp"`
fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			`"strings"`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`"time"`
feat(cli): setup (#3267) * commander * commander * selber! * move to packages * fix(errors): implement Is interface * test: command * test: commands * add init steps * setup tenant * add default step yaml * possibility to set password * merge v2 into v2-commander * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: rename iam command side to instance * fix: search query builder can filter events in memory * fix: filters for add member * fix(setup): add `ExternalSecure` to config * chore: name iam to instance * fix: matching * remove unsued func * base url * base url * test(command): filter funcs * test: commands * fix: rename orgiampolicy to domain policy * start from init * commands * config * fix indexes and add constraints * fixes * fix: merge conflicts * fix: protos * fix: md files * setup * add deprecated org iam policy again * typo * fix search query * fix filter * Apply suggestions from code review * remove custom org from org setup * add todos for verification * change apps creation * simplify package structure * fix error * move preparation helper for tests * fix unique constraints * fix config mapping in setup * fix error handling in encryption_keys.go * fix projection config * fix query from old views to projection * fix setup of mgmt api * set iam project and fix instance projection * imports Co-authored-by: Livio Amstutz <livio.a@gmail.com> Co-authored-by: fabi <fabienne.gerschwiler@gmail.com> 2022-03-28 08:05:09 +00:00
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`"github.com/zitadel/zitadel/internal/crypto"`
fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			`"github.com/zitadel/zitadel/internal/errors"`
chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-26 23:01:45 +00:00			`es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`)`

fix: v2 human command (#3435) * add/register human command done * validations * crypto * move clientid * keys * fix: clientID * remove v2 package * tests * tests running * revert old code * instance domain from ctx * chore: rename zitadel app ids * comments * fix: test 2022-04-12 14:20:17 +00:00			`var (`
fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			emailRegex = regexp.MustCompile("^[a-zA-Z0-9.!#$%&'+\\/=?^_`{\|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)$")
fix: v2 human command (#3435) * add/register human command done * validations * crypto * move clientid * keys * fix: clientID * remove v2 package * tests * tests running * revert old code * instance domain from ctx * chore: rename zitadel app ids * comments * fix: test 2022-04-12 14:20:17 +00:00			`)`
feat: new es testing2 (#1428) * fix: org tests * fix: org tests * fix: user grant test * fix: user grant test * fix: project and project role test * fix: project grant test * fix: project grant test * fix: project member, grant member, app changed tests * fix: application tests * fix: application tests * fix: add oidc app test * fix: add oidc app test * fix: add api keys test * fix: iam policies * fix: iam and org member tests * fix: idp config tests * fix: iam tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: user tests * fix: org domain test * fix: org tests * fix: org tests * fix: implement org idps * fix: pr requests * fix: email tests * fix: fix idp check * fix: fix user profile 2021-03-19 10:12:56 +00:00
fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			`type EmailAddress string`

			`func (e EmailAddress) Validate() error {`
			`if e == "" {`
			`return errors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty")`
			`}`
			`if !emailRegex.MatchString(string(e)) {`
			`return errors.ThrowInvalidArgument(nil, "EMAIL-599BI", "Errors.User.Email.Invalid")`
			`}`
			`return nil`
			`}`

			`func (e EmailAddress) Normalize() EmailAddress {`
			`return EmailAddress(strings.TrimSpace(string(e)))`
			`}`

fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`type Email struct {`
			`es_models.ObjectRoot`

fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			`EmailAddress EmailAddress`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`IsEmailVerified bool`
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`// PlainCode is set by the command and can be used to return it to the caller (API)`
			`PlainCode *string`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`}`

			`type EmailCode struct {`
			`es_models.ObjectRoot`

			`Code *crypto.CryptoValue`
			`Expiry time.Duration`
			`}`

fix: make user creation errors helpful (#5382) * fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com> 2023-03-14 19:20:38 +00:00			`func (e *Email) Validate() error {`
			`if e == nil {`
			`return errors.ThrowInvalidArgument(nil, "EMAIL-spblu", "Errors.User.Email.Empty")`
			`}`
			`return e.EmailAddress.Validate()`
fix: use domain models for v2 eventstore (#1151) * fix: use domain models for v2 eventstore * fix: user domain model * Update internal/api/grpc/admin/login_policy_converter.go Co-authored-by: Livio Amstutz <livio.a@gmail.com> * fix: converter Co-authored-by: Livio Amstutz <livio.a@gmail.com> 2021-01-05 08:33:45 +00:00			`}`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 15:06:45 +00:00
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`func NewEmailCode(emailGenerator crypto.Generator) (*EmailCode, string, error) {`
			`emailCodeCrypto, code, err := crypto.NewCode(emailGenerator)`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 15:06:45 +00:00			`if err != nil {`
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`return nil, "", err`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 15:06:45 +00:00			`}`
			`return &EmailCode{`
			`Code: emailCodeCrypto,`
			`Expiry: emailGenerator.Expiry(),`
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`}, code, nil`
			`}`

			`type ConfirmURLData struct {`
			`UserID string`
			`Code string`
			`OrgID string`
			`}`

feat: implement register Passkey user API v2 (#5873) * command/crypto: DRY the code - reuse the the algorithm switch to create a secret generator - add a verifyCryptoCode function * command: crypto code tests * migrate webauthn package * finish integration tests with webauthn mock client 2023-05-24 10:22:00 +00:00			`// RenderConfirmURLTemplate parses and renders tmpl.`
feat: user v2alpha email API (#5708) * chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35ae924a3f706a0a7394f933910c2e65. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-04-25 07:02:29 +00:00			`// userID, code and orgID are passed into the [ConfirmURLData].`
feat: implement register Passkey user API v2 (#5873) * command/crypto: DRY the code - reuse the the algorithm switch to create a secret generator - add a verifyCryptoCode function * command: crypto code tests * migrate webauthn package * finish integration tests with webauthn mock client 2023-05-24 10:22:00 +00:00			`func RenderConfirmURLTemplate(w io.Writer, tmpl, userID, code, orgID string) error {`
			`return renderURLTemplate(w, tmpl, &ConfirmURLData{userID, code, orgID})`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 15:06:45 +00:00			`}`