feat: add notification policy and password change message (#5065)

Implementation of new notification policy with functionality to send email when a password is changed
2025-08-11 19:17:32 +00:00 · 2023-01-25 09:49:41 +01:00
parent 8b5894c0bb
commit 19621acfd3
73 changed files with 4196 additions and 83 deletions
--- a/internal/repository/instance/eventstore.go
+++ b/internal/repository/instance/eventstore.go
@@ -89,5 +89,7 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(AggregateType, InstanceDomainRemovedEventType, DomainRemovedEventMapper).
 		RegisterFilterEventMapper(AggregateType, InstanceAddedEventType, InstanceAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, InstanceChangedEventType, InstanceChangedEventMapper).
-		RegisterFilterEventMapper(AggregateType, InstanceRemovedEventType, InstanceRemovedEventMapper)
+		RegisterFilterEventMapper(AggregateType, InstanceRemovedEventType, InstanceRemovedEventMapper).
+		RegisterFilterEventMapper(AggregateType, NotificationPolicyAddedEventType, NotificationPolicyAddedEventMapper).
+		RegisterFilterEventMapper(AggregateType, NotificationPolicyChangedEventType, NotificationPolicyChangedEventMapper)
 }
--- a/internal/repository/instance/policy_notification.go
+++ b/internal/repository/instance/policy_notification.go
@@ -0,0 +1,73 @@
+package instance
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+	"github.com/zitadel/zitadel/internal/repository/policy"
+)
+
+const (
+	NotificationPolicyAddedEventType   = instanceEventTypePrefix + policy.NotificationPolicyAddedEventType
+	NotificationPolicyChangedEventType = instanceEventTypePrefix + policy.NotificationPolicyChangedEventType
+)
+
+type NotificationPolicyAddedEvent struct {
+	policy.NotificationPolicyAddedEvent
+}
+
+func NewNotificationPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	passwordChange bool,
+) *NotificationPolicyAddedEvent {
+	return &NotificationPolicyAddedEvent{
+		NotificationPolicyAddedEvent: *policy.NewNotificationPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				NotificationPolicyAddedEventType),
+			passwordChange),
+	}
+}
+
+func NotificationPolicyAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := policy.NotificationPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &NotificationPolicyAddedEvent{NotificationPolicyAddedEvent: *e.(*policy.NotificationPolicyAddedEvent)}, nil
+}
+
+type NotificationPolicyChangedEvent struct {
+	policy.NotificationPolicyChangedEvent
+}
+
+func NewNotificationPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.NotificationPolicyChanges,
+) (*NotificationPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewNotificationPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			NotificationPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &NotificationPolicyChangedEvent{NotificationPolicyChangedEvent: *changedEvent}, nil
+}
+
+func NotificationPolicyChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := policy.NotificationPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &NotificationPolicyChangedEvent{NotificationPolicyChangedEvent: *e.(*policy.NotificationPolicyChangedEvent)}, nil
+}
--- a/internal/repository/org/eventstore.go
+++ b/internal/repository/org/eventstore.go
@@ -83,5 +83,8 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(AggregateType, FlowClearedEventType, FlowClearedEventMapper).
 		RegisterFilterEventMapper(AggregateType, MetadataSetType, MetadataSetEventMapper).
 		RegisterFilterEventMapper(AggregateType, MetadataRemovedType, MetadataRemovedEventMapper).
-		RegisterFilterEventMapper(AggregateType, MetadataRemovedAllType, MetadataRemovedAllEventMapper)
+		RegisterFilterEventMapper(AggregateType, MetadataRemovedAllType, MetadataRemovedAllEventMapper).
+		RegisterFilterEventMapper(AggregateType, NotificationPolicyAddedEventType, NotificationPolicyAddedEventMapper).
+		RegisterFilterEventMapper(AggregateType, NotificationPolicyChangedEventType, NotificationPolicyChangedEventMapper).
+		RegisterFilterEventMapper(AggregateType, NotificationPolicyRemovedEventType, NotificationPolicyRemovedEventMapper)
 }
--- a/internal/repository/org/policy_notification.go
+++ b/internal/repository/org/policy_notification.go
@@ -0,0 +1,102 @@
+package org
+
+import (
+	"context"
+
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+	"github.com/zitadel/zitadel/internal/repository/policy"
+)
+
+var (
+	NotificationPolicyAddedEventType   = orgEventTypePrefix + policy.NotificationPolicyAddedEventType
+	NotificationPolicyChangedEventType = orgEventTypePrefix + policy.NotificationPolicyChangedEventType
+	NotificationPolicyRemovedEventType = orgEventTypePrefix + policy.NotificationPolicyRemovedEventType
+)
+
+type NotificationPolicyAddedEvent struct {
+	policy.NotificationPolicyAddedEvent
+}
+
+func NewNotificationPolicyAddedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	passwordChange bool,
+) *NotificationPolicyAddedEvent {
+	return &NotificationPolicyAddedEvent{
+		NotificationPolicyAddedEvent: *policy.NewNotificationPolicyAddedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				NotificationPolicyAddedEventType),
+			passwordChange,
+		),
+	}
+}
+
+func NotificationPolicyAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := policy.NotificationPolicyAddedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &NotificationPolicyAddedEvent{NotificationPolicyAddedEvent: *e.(*policy.NotificationPolicyAddedEvent)}, nil
+}
+
+type NotificationPolicyChangedEvent struct {
+	policy.NotificationPolicyChangedEvent
+}
+
+func NewNotificationPolicyChangedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+	changes []policy.NotificationPolicyChanges,
+) (*NotificationPolicyChangedEvent, error) {
+	changedEvent, err := policy.NewNotificationPolicyChangedEvent(
+		eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			NotificationPolicyChangedEventType),
+		changes,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &NotificationPolicyChangedEvent{NotificationPolicyChangedEvent: *changedEvent}, nil
+}
+
+func NotificationPolicyChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := policy.NotificationPolicyChangedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &NotificationPolicyChangedEvent{NotificationPolicyChangedEvent: *e.(*policy.NotificationPolicyChangedEvent)}, nil
+}
+
+type NotificationPolicyRemovedEvent struct {
+	policy.NotificationPolicyRemovedEvent
+}
+
+func NewNotificationPolicyRemovedEvent(
+	ctx context.Context,
+	aggregate *eventstore.Aggregate,
+) *NotificationPolicyRemovedEvent {
+	return &NotificationPolicyRemovedEvent{
+		NotificationPolicyRemovedEvent: *policy.NewNotificationPolicyRemovedEvent(
+			eventstore.NewBaseEventForPush(
+				ctx,
+				aggregate,
+				NotificationPolicyRemovedEventType),
+		),
+	}
+}
+
+func NotificationPolicyRemovedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e, err := policy.NotificationPolicyRemovedEventMapper(event)
+	if err != nil {
+		return nil, err
+	}
+
+	return &NotificationPolicyRemovedEvent{NotificationPolicyRemovedEvent: *e.(*policy.NotificationPolicyRemovedEvent)}, nil
+}
--- a/internal/repository/policy/policy_notification.go
+++ b/internal/repository/policy/policy_notification.go
@@ -0,0 +1,127 @@
+package policy
+
+import (
+	"encoding/json"
+
+	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	"github.com/zitadel/zitadel/internal/eventstore/repository"
+)
+
+const (
+	NotificationPolicyAddedEventType   = "policy.notification.added"
+	NotificationPolicyChangedEventType = "policy.notification.changed"
+	NotificationPolicyRemovedEventType = "policy.notification.removed"
+)
+
+type NotificationPolicyAddedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PasswordChange bool `json:"passwordChange,omitempty"`
+}
+
+func (e *NotificationPolicyAddedEvent) Data() interface{} {
+	return e
+}
+
+func (e *NotificationPolicyAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewNotificationPolicyAddedEvent(
+	base *eventstore.BaseEvent,
+	passwordChange bool,
+) *NotificationPolicyAddedEvent {
+	return &NotificationPolicyAddedEvent{
+		BaseEvent:      *base,
+		PasswordChange: passwordChange,
+	}
+}
+
+func NotificationPolicyAddedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &NotificationPolicyAddedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-0sp2nios", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type NotificationPolicyChangedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+
+	PasswordChange *bool `json:"passwordChange,omitempty"`
+}
+
+func (e *NotificationPolicyChangedEvent) Data() interface{} {
+	return e
+}
+
+func (e *NotificationPolicyChangedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewNotificationPolicyChangedEvent(
+	base *eventstore.BaseEvent,
+	changes []NotificationPolicyChanges,
+) (*NotificationPolicyChangedEvent, error) {
+	if len(changes) == 0 {
+		return nil, errors.ThrowPreconditionFailed(nil, "POLICY-09sp2m", "Errors.NoChangesFound")
+	}
+	changeEvent := &NotificationPolicyChangedEvent{
+		BaseEvent: *base,
+	}
+	for _, change := range changes {
+		change(changeEvent)
+	}
+	return changeEvent, nil
+}
+
+type NotificationPolicyChanges func(*NotificationPolicyChangedEvent)
+
+func ChangePasswordChange(passwordChange bool) func(*NotificationPolicyChangedEvent) {
+	return func(e *NotificationPolicyChangedEvent) {
+		e.PasswordChange = &passwordChange
+	}
+}
+
+func NotificationPolicyChangedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	e := &NotificationPolicyChangedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}
+
+	err := json.Unmarshal(event.Data, e)
+	if err != nil {
+		return nil, errors.ThrowInternal(err, "POLIC-09s2oss", "unable to unmarshal policy")
+	}
+
+	return e, nil
+}
+
+type NotificationPolicyRemovedEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *NotificationPolicyRemovedEvent) Data() interface{} {
+	return nil
+}
+
+func (e *NotificationPolicyRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewNotificationPolicyRemovedEvent(base *eventstore.BaseEvent) *NotificationPolicyRemovedEvent {
+	return &NotificationPolicyRemovedEvent{
+		BaseEvent: *base,
+	}
+}
+
+func NotificationPolicyRemovedEventMapper(event *repository.Event) (eventstore.Event, error) {
+	return &NotificationPolicyRemovedEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
--- a/internal/repository/user/eventstore.go
+++ b/internal/repository/user/eventstore.go
@@ -59,6 +59,7 @@ func RegisterEventMappers(es *eventstore.Eventstore) {
 		RegisterFilterEventMapper(AggregateType, HumanPasswordChangedType, HumanPasswordChangedEventMapper).
 		RegisterFilterEventMapper(AggregateType, HumanPasswordCodeAddedType, HumanPasswordCodeAddedEventMapper).
 		RegisterFilterEventMapper(AggregateType, HumanPasswordCodeSentType, HumanPasswordCodeSentEventMapper).
+		RegisterFilterEventMapper(AggregateType, HumanPasswordChangeSentType, HumanPasswordChangeSentEventMapper).
 		RegisterFilterEventMapper(AggregateType, HumanPasswordCheckSucceededType, HumanPasswordCheckSucceededEventMapper).
 		RegisterFilterEventMapper(AggregateType, HumanPasswordCheckFailedType, HumanPasswordCheckFailedEventMapper).
 		RegisterFilterEventMapper(AggregateType, UserIDPLinkAddedType, UserIDPLinkAddedEventMapper).
--- a/internal/repository/user/human_password.go
+++ b/internal/repository/user/human_password.go
@@ -16,6 +16,7 @@ import (
 const (
 	passwordEventPrefix             = humanEventPrefix + "password."
 	HumanPasswordChangedType        = passwordEventPrefix + "changed"
+	HumanPasswordChangeSentType     = passwordEventPrefix + "change.sent"
 	HumanPasswordCodeAddedType      = passwordEventPrefix + "code.added"
 	HumanPasswordCodeSentType       = passwordEventPrefix + "code.sent"
 	HumanPasswordCheckSucceededType = passwordEventPrefix + "check.succeeded"
@@ -144,6 +145,34 @@ func HumanPasswordCodeSentEventMapper(event *repository.Event) (eventstore.Event
 	}, nil
 }

+type HumanPasswordChangeSentEvent struct {
+	eventstore.BaseEvent `json:"-"`
+}
+
+func (e *HumanPasswordChangeSentEvent) Data() interface{} {
+	return nil
+}
+
+func (e *HumanPasswordChangeSentEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint {
+	return nil
+}
+
+func NewHumanPasswordChangeSentEvent(ctx context.Context, aggregate *eventstore.Aggregate) *HumanPasswordChangeSentEvent {
+	return &HumanPasswordChangeSentEvent{
+		BaseEvent: *eventstore.NewBaseEventForPush(
+			ctx,
+			aggregate,
+			HumanPasswordChangeSentType,
+		),
+	}
+}
+
+func HumanPasswordChangeSentEventMapper(event *repository.Event) (eventstore.Event, error) {
+	return &HumanPasswordChangeSentEvent{
+		BaseEvent: *eventstore.BaseEventFromRepo(event),
+	}, nil
+}
+
 type HumanPasswordCheckSucceededEvent struct {
 	eventstore.BaseEvent `json:"-"`
 	*AuthRequestInfo