fix: claim verified domain from usernames (#603)

* fix: return orgDomain validationType

* added missing translations for orgDomain activity

* claim org domain

* show message if domain token was requested

* fix tests

* fix tests

Co-authored-by: Max Peintner <max@caos.ch>

internal/management/repository/eventsourcing/eventstore/org.go

@@ -2,11 +2,12 @@ package eventstore
 
 import (
 	"context"
-	"strings"
 	"github.com/caos/logging"
+	"strings"
 
 	"github.com/caos/zitadel/internal/api/authz"
 	"github.com/caos/zitadel/internal/errors"
+	es_models "github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/eventstore/sdk"
 	mgmt_view "github.com/caos/zitadel/internal/management/repository/eventsourcing/view"
 	global_model "github.com/caos/zitadel/internal/model"
@@ -15,8 +16,6 @@ import (
 	org_es_model "github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
 	"github.com/caos/zitadel/internal/org/repository/view/model"
 	usr_es "github.com/caos/zitadel/internal/user/repository/eventsourcing"
-
-
 )
 
 const (
@@ -48,7 +47,7 @@ func (repo *OrgRepository) OrgByDomainGlobal(ctx context.Context, domain string)
 }
 
 func (repo *OrgRepository) CreateOrg(ctx context.Context, name string) (*org_model.Org, error) {
-	org, aggregates, err := repo.OrgEventstore.PrepareCreateOrg(ctx, &org_model.Org{Name: name})
+	org, aggregates, err := repo.OrgEventstore.PrepareCreateOrg(ctx, &org_model.Org{Name: name}, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -118,7 +117,14 @@ func (repo *OrgRepository) GenerateMyOrgDomainValidation(ctx context.Context, do
 
 func (repo *OrgRepository) ValidateMyOrgDomain(ctx context.Context, domain *org_model.OrgDomain) error {
 	domain.AggregateID = authz.GetCtxData(ctx).OrgID
-	return repo.OrgEventstore.ValidateOrgDomain(ctx, domain)
+	users := func(ctx context.Context, domain string) ([]*es_models.Aggregate, error) {
+		userIDs, err := repo.View.UserIDsByDomain(domain)
+		if err != nil {
+			return nil, err
+		}
+		return repo.UserEvents.PrepareDomainClaimed(ctx, userIDs)
+	}
+	return repo.OrgEventstore.ValidateOrgDomain(ctx, domain, users)
 }
 
 func (repo *OrgRepository) SetMyPrimaryOrgDomain(ctx context.Context, domain *org_model.OrgDomain) error {

internal/management/repository/eventsourcing/handler/org_domain.go

@@ -45,7 +45,8 @@ func (d *OrgDomain) processOrgDomain(event *models.Event) (err error) {
 	switch event.Type {
 	case model.OrgDomainAdded:
 		err = domain.AppendEvent(event)
-	case model.OrgDomainVerified:
+	case model.OrgDomainVerified,
+		model.OrgDomainVerificationAdded:
 		err = domain.SetData(event)
 		if err != nil {
 			return err

internal/management/repository/eventsourcing/handler/user.go

@@ -26,12 +26,12 @@ const (
 	userTable = "management.users"
 )
 
-func (p *User) ViewModel() string {
+func (u *User) ViewModel() string {
 	return userTable
 }
 
-func (p *User) EventQuery() (*models.SearchQuery, error) {
-	sequence, err := p.view.GetLatestUserSequence()
+func (u *User) EventQuery() (*models.SearchQuery, error) {
+	sequence, err := u.view.GetLatestUserSequence()
 	if err != nil {
 		return nil, err
 	}
@@ -51,7 +51,7 @@ func (u *User) Reduce(event *models.Event) (err error) {
 	}
 }
 
-func (p *User) ProcessUser(event *models.Event) (err error) {
+func (u *User) ProcessUser(event *models.Event) (err error) {
 	user := new(view_model.UserView)
 	switch event.Type {
 	case es_model.UserAdded,
@@ -60,7 +60,7 @@ func (p *User) ProcessUser(event *models.Event) (err error) {
 		if err != nil {
 			return err
 		}
-		err = p.fillLoginNames(user)
+		err = u.fillLoginNames(user)
 	case es_model.UserProfileChanged,
 		es_model.UserEmailChanged,
 		es_model.UserEmailVerified,
@@ -75,20 +75,30 @@ func (p *User) ProcessUser(event *models.Event) (err error) {
 		es_model.MfaOtpAdded,
 		es_model.MfaOtpVerified,
 		es_model.MfaOtpRemoved:
-		user, err = p.view.UserByID(event.AggregateID)
+		user, err = u.view.UserByID(event.AggregateID)
 		if err != nil {
 			return err
 		}
 		err = user.AppendEvent(event)
+	case es_model.DomainClaimed:
+		user, err = u.view.UserByID(event.AggregateID)
+		if err != nil {
+			return err
+		}
+		err = user.AppendEvent(event)
+		if err != nil {
+			return err
+		}
+		err = u.fillLoginNames(user)
 	case es_model.UserRemoved:
-		err = p.view.DeleteUser(event.AggregateID, event.Sequence)
+		err = u.view.DeleteUser(event.AggregateID, event.Sequence)
 	default:
-		return p.view.ProcessedUserSequence(event.Sequence)
+		return u.view.ProcessedUserSequence(event.Sequence)
 	}
 	if err != nil {
 		return err
 	}
-	return p.view.PutUser(user, user.Sequence)
+	return u.view.PutUser(user, user.Sequence)
 }
 
 func (u *User) ProcessOrg(event *models.Event) (err error) {
@@ -161,7 +171,7 @@ func (u *User) fillLoginNames(user *view_model.UserView) (err error) {
 	return nil
 }
 
-func (p *User) OnError(event *models.Event, err error) error {
+func (u *User) OnError(event *models.Event, err error) error {
 	logging.LogWithFields("SPOOL-is8wa", "id", event.AggregateID).WithError(err).Warn("something went wrong in user handler")
-	return spooler.HandleError(event, err, p.view.GetLatestUserFailedEvent, p.view.ProcessedUserFailedEvent, p.view.ProcessedUserSequence, p.errorCountUntilSkip)
+	return spooler.HandleError(event, err, u.view.GetLatestUserFailedEvent, u.view.ProcessedUserFailedEvent, u.view.ProcessedUserSequence, u.errorCountUntilSkip)
 }

internal/management/repository/eventsourcing/view/user.go

@@ -27,6 +27,10 @@ func (v *View) UsersByOrgID(orgID string) ([]*model.UserView, error) {
 	return view.UsersByOrgID(v.Db, userTable, orgID)
 }
 
+func (v *View) UserIDsByDomain(domain string) ([]string, error) {
+	return view.UserIDsByDomain(v.Db, userTable, domain)
+}
+
 func (v *View) IsUserUnique(userName, email string) (bool, error) {
 	return view.IsUserUnique(v.Db, userTable, userName, email)
 }