feat: user v2alpha email API (#5708)

* chore(proto): update versions * change protoc plugin * some cleanups * define api for setting emails in new api * implement user.SetEmail * move SetEmail buisiness logic into command * resuse newCryptoCode * command: add ChangeEmail unit tests Not complete, was not able to mock the generator. * Revert "resuse newCryptoCode" This reverts commit c89e90ae35. * undo change to crypto code generators * command: use a generator so we can test properly * command: reorganise ChangeEmail improve test coverage * implement VerifyEmail including unit tests * add URL template tests * proto: change context to object * remove old auth option * remove old auth option * fix linting errors run gci on modified files * add permission checks and fix some errors * comments * comments --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2025-08-11 21:47:32 +00:00 · 2023-04-25 09:02:29 +02:00
parent 2a79e77c7b
commit 095ec21678
58 changed files with 3589 additions and 399 deletions
--- a/internal/domain/human_email.go
+++ b/internal/domain/human_email.go
@@ -1,12 +1,15 @@
 package domain

 import (
+	"io"
 	"regexp"
 	"strings"
+	"text/template"
 	"time"

 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/errors"
+	caos_errs "github.com/zitadel/zitadel/internal/errors"
 	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
 )

@@ -35,6 +38,8 @@ type Email struct {

 	EmailAddress    EmailAddress
 	IsEmailVerified bool
+	// PlainCode is set by the command and can be used to return it to the caller (API)
+	PlainCode *string
 }

 type EmailCode struct {
@@ -51,13 +56,36 @@ func (e *Email) Validate() error {
 	return e.EmailAddress.Validate()
 }

-func NewEmailCode(emailGenerator crypto.Generator) (*EmailCode, error) {
-	emailCodeCrypto, _, err := crypto.NewCode(emailGenerator)
+func NewEmailCode(emailGenerator crypto.Generator) (*EmailCode, string, error) {
+	emailCodeCrypto, code, err := crypto.NewCode(emailGenerator)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 	return &EmailCode{
 		Code:   emailCodeCrypto,
 		Expiry: emailGenerator.Expiry(),
-	}, nil
+	}, code, nil
+}
+
+type ConfirmURLData struct {
+	UserID string
+	Code   string
+	OrgID  string
+}
+
+// RenderConfirmURLTemplate parses and renders tmplStr.
+// userID, code and orgID are passed into the [ConfirmURLData].
+// "%s%s?userID=%s&code=%s&orgID=%s"
+func RenderConfirmURLTemplate(w io.Writer, tmplStr, userID, code, orgID string) error {
+	tmpl, err := template.New("").Parse(tmplStr)
+	if err != nil {
+		return caos_errs.ThrowInvalidArgument(err, "USERv2-ooD8p", "Errors.User.Email.InvalidURLTemplate")
+	}
+
+	data := &ConfirmURLData{userID, code, orgID}
+	if err = tmpl.Execute(w, data); err != nil {
+		return caos_errs.ThrowInvalidArgument(err, "USERv2-ohSi5", "Errors.User.Email.InvalidURLTemplate")
+	}
+
+	return nil
 }
--- a/internal/domain/human_email_test.go
+++ b/internal/domain/human_email_test.go
@@ -1,7 +1,13 @@
 package domain

 import (
+	"strings"
 	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	caos_errs "github.com/zitadel/zitadel/internal/errors"
 )

 func TestEmailValid(t *testing.T) {
@@ -72,3 +78,57 @@ func TestEmailValid(t *testing.T) {
 		})
 	}
 }
+
+func TestRenderConfirmURLTemplate(t *testing.T) {
+	type args struct {
+		tmplStr string
+		userID  string
+		code    string
+		orgID   string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    string
+		wantErr error
+	}{
+		{
+			name: "invalid template",
+			args: args{
+				tmplStr: "{{",
+				userID:  "user1",
+				code:    "123",
+				orgID:   "org1",
+			},
+			wantErr: caos_errs.ThrowInvalidArgument(nil, "USERv2-ooD8p", "Errors.User.Email.InvalidURLTemplate"),
+		},
+		{
+			name: "execution error",
+			args: args{
+				tmplStr: "{{.Foo}}",
+				userID:  "user1",
+				code:    "123",
+				orgID:   "org1",
+			},
+			wantErr: caos_errs.ThrowInvalidArgument(nil, "USERv2-ohSi5", "Errors.User.Email.InvalidURLTemplate"),
+		},
+		{
+			name: "success",
+			args: args{
+				tmplStr: "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}",
+				userID:  "user1",
+				code:    "123",
+				orgID:   "org1",
+			},
+			want: "https://example.com/email/verify?userID=user1&code=123&orgID=org1",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var w strings.Builder
+			err := RenderConfirmURLTemplate(&w, tt.args.tmplStr, tt.args.userID, tt.args.code, tt.args.orgID)
+			require.ErrorIs(t, err, tt.wantErr)
+			assert.Equal(t, tt.want, w.String())
+		})
+	}
+}