feat: add notification policy and password change message (#5065)

Implementation of new notification policy with functionality to send email when a password is changed

internal/notification/projection.go

@@ -137,6 +137,10 @@ func (p *notificationsProjection) reducers() []handler.AggregateReducer {
 					Event:  user.HumanPhoneCodeAddedType,
 					Reduce: p.reducePhoneCodeAdded,
 				},
+				{
+					Event:  user.HumanPasswordChangedType,
+					Reduce: p.reducePasswordChanged,
+				},
 			},
 		},
 	}
@@ -463,6 +467,74 @@ func (p *notificationsProjection) reducePasswordlessCodeRequested(event eventsto
 	return crdb.NewNoOpStatement(e), nil
 }
 
+func (p *notificationsProjection) reducePasswordChanged(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*user.HumanPasswordChangedEvent)
+	if !ok {
+		return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Yko2z8", "reduce.wrong.event.type %s", user.HumanPasswordChangedType)
+	}
+	ctx := setNotificationContext(event.Aggregate())
+	alreadyHandled, err := p.checkIfAlreadyHandled(ctx, event, nil, user.HumanPasswordChangeSentType)
+	if err != nil {
+		return nil, err
+	}
+	if alreadyHandled {
+		return crdb.NewNoOpStatement(e), nil
+	}
+
+	notificationPolicy, err := p.queries.NotificationPolicyByOrg(ctx, true, e.Aggregate().ResourceOwner, false)
+	if errors.IsNotFound(err) {
+		return crdb.NewNoOpStatement(e), nil
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	if notificationPolicy.PasswordChange {
+		colors, err := p.queries.ActiveLabelPolicyByOrg(ctx, e.Aggregate().ResourceOwner, false)
+		if err != nil {
+			return nil, err
+		}
+
+		template, err := p.queries.MailTemplateByOrg(ctx, e.Aggregate().ResourceOwner, false)
+		if err != nil {
+			return nil, err
+		}
+
+		notifyUser, err := p.queries.GetNotifyUserByID(ctx, true, e.Aggregate().ID, false)
+		if err != nil {
+			return nil, err
+		}
+		translator, err := p.getTranslatorWithOrgTexts(ctx, notifyUser.ResourceOwner, domain.PasswordChangeMessageType)
+		if err != nil {
+			return nil, err
+		}
+
+		ctx, origin, err := p.origin(ctx)
+		if err != nil {
+			return nil, err
+		}
+		err = types.SendEmail(
+			ctx,
+			string(template.Template),
+			translator,
+			notifyUser,
+			p.getSMTPConfig,
+			p.getFileSystemProvider,
+			p.getLogProvider,
+			colors,
+			p.assetsPrefix(ctx),
+		).SendPasswordChange(notifyUser, origin)
+		if err != nil {
+			return nil, err
+		}
+		err = p.commands.PasswordChangeSent(ctx, e.Aggregate().ResourceOwner, e.Aggregate().ID)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return crdb.NewNoOpStatement(e), nil
+}
+
 func (p *notificationsProjection) reducePhoneCodeAdded(event eventstore.Event) (*handler.Statement, error) {
 	e, ok := event.(*user.HumanPhoneCodeAddedEvent)
 	if !ok {

internal/notification/static/i18n/de.yaml

@@ -40,3 +40,10 @@ PasswordlessRegistration:
   Greeting: Hallo {{.FirstName}} {{.LastName}},
   Text: Wir haben eine Anfrage für das Hinzufügen eines Token für den passwortlosen Login erhalten. Du kannst den untenstehenden Button verwenden, um dein Token oder Gerät hinzuzufügen.
   ButtonText: Passwortlosen Login hinzufügen
+PasswordChange:
+  Title: ZITADEL - Passwort von Benutzer wurde geändert
+  PreHeader: Passwort Änderung
+  Subject: Passwort von Benutzer wurde geändert
+  Greeting: Hallo {{.FirstName}} {{.LastName}},
+  Text: Das Password vom Benutzer wurde geändert, wenn diese Änderung von jemand anderem gemacht wurde, empfehlen wir die sofortige Zurücksetzung ihres Passworts.
+  ButtonText: Login

internal/notification/static/i18n/en.yaml

@@ -40,3 +40,10 @@ PasswordlessRegistration:
   Greeting: Hello {{.FirstName}} {{.LastName}},
   Text: We received a request to add a token for passwordless login. Please use the button below to add your token or device for passwordless login.
   ButtonText: Add Passwordless Login
+PasswordChange:
+  Title: ZITADEL - Password of user has changed
+  PreHeader: Change password
+  Subject: Password of user has changed
+  Greeting: Hello {{.FirstName}} {{.LastName}},
+  Text: The password of your user has changed, if this change was not done by you, please be advised to immediately reset your password.
+  ButtonText: Login

internal/notification/static/i18n/fr.yaml

@@ -40,3 +40,10 @@ PasswordlessRegistration:
   Greeting: Bonjour {{.FirstName}} {{.LastName}},
   Text: Nous avons reçu une demande d'ajout d'un jeton pour la connexion sans mot de passe. Veuillez utiliser le bouton ci-dessous pour ajouter votre jeton ou dispositif pour la connexion sans mot de passe.
   ButtonText: Ajouter une connexion sans mot de passe
+PasswordChange:
+  Title: ZITADEL - Le mot de passe de l'utilisateur a changé
+  PreHeader: Modifier le mot de passe
+  Subject: Le mot de passe de l'utilisateur a changé
+  Greeting: Bonjour {{.FirstName}} {{.LastName}},
+  Text: Le mot de passe de votre utilisateur a changé, si ce changement n'a pas été fait par vous, nous vous conseillons de réinitialiser immédiatement votre mot de passe.
+  ButtonText: Login

internal/notification/static/i18n/it.yaml

@@ -40,3 +40,10 @@ PasswordlessRegistration:
   Greeting: 'Ciao {{.FirstName}} {{.LastName}},'
   Text: Abbiamo ricevuto una richiesta per aggiungere l'autenticazione passwordless. Usa il pulsante qui sotto per aggiungere il tuo token o dispositivo per il login senza password.
   ButtonText: Attiva passwordless
+PasswordChange:
+  Title: ZITADEL - La password dell'utente è stata modificata
+  PreHeader: Modifica della password
+  Subject: La password dell'utente è stata modificata
+  Greeting: Ciao {{.FirstName}} {{.LastName}},
+  Text: La password del vostro utente è cambiata; se questa modifica non è stata fatta da voi, vi consigliamo di reimpostare immediatamente la vostra password.
+  ButtonText: Login

internal/notification/static/i18n/zh.yaml

@@ -40,3 +40,10 @@ PasswordlessRegistration:
   Greeting: 你好 {{.FirstName}} {{.LastName}},
   Text: 我们收到了为无密码登录添加令牌的请求。请使用下面的按钮添加您的令牌或设备以进行无密码登录。
   ButtonText: 添加无密码登录
+PasswordChange:
+  Title: ZITADEL - 用户的密码已经改变
+  PreHeader: 更改密码
+  Subject: 用户的密码已经改变
+  Greeting: 你好 {{.FirstName}} {{.LastName}},
+  Text: 您的用户的密码已经改变，如果这个改变不是由您做的，请注意立即重新设置您的密码。
+  ButtonText: 登录

internal/notification/types/password_change.go

@@ -0,0 +1,13 @@
+package types
+
+import (
+	"github.com/zitadel/zitadel/internal/api/ui/console"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func (notify Notify) SendPasswordChange(user *query.NotifyUser, origin string) error {
+	url := console.LoginHintLink(origin, user.PreferredLoginName)
+	args := make(map[string]interface{})
+	return notify(url, args, domain.PasswordChangeMessageType, true)
+}