feat: http provider signing key addition (#10641)

# Which Problems Are Solved HTTP Request to HTTP providers for Email or SMS are not signed. # How the Problems Are Solved Add a Signing Key to the HTTP Provider resources, which is then used to generate a header to sign the payload. # Additional Changes Additional tests for query side of the SMTP provider. # Additional Context Closes #10067 --------- Co-authored-by: Marco A. <marco@zitadel.com> (cherry picked from commit 8909b9a2a6)
2025-12-09 02:42:14 +00:00 · 2025-09-08 13:00:04 +02:00
parent d2d94ea088
commit 1a7cd6e1af
36 changed files with 2113 additions and 132 deletions
--- a/internal/api/grpc/admin/email_converters.go
+++ b/internal/api/grpc/admin/email_converters.go
@@ -68,7 +68,8 @@ func emailProviderToPb(config *query.SMTPConfig) settings_pb.EmailConfig {
 func httpToPb(http *query.HTTP) *settings_pb.EmailProvider_Http {
 	return &settings_pb.EmailProvider_Http{
 		Http: &settings_pb.EmailProviderHTTP{
-			Endpoint: http.Endpoint,
+			Endpoint:   http.Endpoint,
+			SigningKey: http.SigningKey,
 		},
 	}
 }
@@ -76,11 +77,12 @@ func httpToPb(http *query.HTTP) *settings_pb.EmailProvider_Http {
 func smtpToPb(config *query.SMTP) *settings_pb.EmailProvider_Smtp {
 	return &settings_pb.EmailProvider_Smtp{
 		Smtp: &settings_pb.EmailProviderSMTP{
-			Tls:           config.TLS,
-			Host:          config.Host,
-			User:          config.User,
-			SenderAddress: config.SenderAddress,
-			SenderName:    config.SenderName,
+			Tls:            config.TLS,
+			Host:           config.Host,
+			User:           config.User,
+			SenderAddress:  config.SenderAddress,
+			SenderName:     config.SenderName,
+			ReplyToAddress: config.ReplyToAddress,
 		},
 	}
 }
@@ -123,11 +125,14 @@ func addEmailProviderHTTPToConfig(ctx context.Context, req *admin_pb.AddEmailPro
 }

 func updateEmailProviderHTTPToConfig(ctx context.Context, req *admin_pb.UpdateEmailProviderHTTPRequest) *command.ChangeSMTPConfigHTTP {
+	// TODO handle expiration, currently only immediate expiration is supported
+	expirationSigningKey := req.GetExpirationSigningKey() != nil
 	return &command.ChangeSMTPConfigHTTP{
-		ResourceOwner: authz.GetInstance(ctx).InstanceID(),
-		ID:            req.Id,
-		Description:   req.Description,
-		Endpoint:      req.Endpoint,
+		ResourceOwner:        authz.GetInstance(ctx).InstanceID(),
+		ID:                   req.Id,
+		Description:          req.Description,
+		Endpoint:             req.Endpoint,
+		ExpirationSigningKey: expirationSigningKey,
 	}
 }