fix(notifications): bring back legacy notification handling (#9015)

# Which Problems Are Solved There are some problems related to the use of CockroachDB with the new notification handling (#8931). See #9002 for details. # How the Problems Are Solved - Brought back the previous notification handler as legacy mode. - Added a configuration to choose between legacy mode and new parallel workers. - Enabled legacy mode by default to prevent issues. # Additional Changes None # Additional Context - closes https://github.com/zitadel/zitadel/issues/9002 - relates to #8931
2025-08-11 21:37:32 +00:00 · 2024-12-06 10:56:19 +01:00
parent 71d381b5e7
commit 7a3ae8f499
23 changed files with 2870 additions and 1 deletions
--- a/internal/notification/types/domain_claimed.go
+++ b/internal/notification/types/domain_claimed.go
@@ -0,0 +1,20 @@
+package types
+
+import (
+	"context"
+	"strings"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/api/ui/login"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func (notify Notify) SendDomainClaimed(ctx context.Context, user *query.NotifyUser, username string) error {
+	url := login.LoginLink(http_utils.DomainContext(ctx).Origin(), user.ResourceOwner)
+	index := strings.LastIndex(user.LastEmail, "@")
+	args := make(map[string]interface{})
+	args["TempUsername"] = username
+	args["Domain"] = user.LastEmail[index+1:]
+	return notify(url, args, domain.DomainClaimedMessageType, true)
+}
--- a/internal/notification/types/email_verification_code.go
+++ b/internal/notification/types/email_verification_code.go
@@ -0,0 +1,28 @@
+package types
+
+import (
+	"context"
+	"strings"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/api/ui/login"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func (notify Notify) SendEmailVerificationCode(ctx context.Context, user *query.NotifyUser, code string, urlTmpl, authRequestID string) error {
+	var url string
+	if urlTmpl == "" {
+		url = login.MailVerificationLink(http_utils.DomainContext(ctx).Origin(), user.ID, code, user.ResourceOwner, authRequestID)
+	} else {
+		var buf strings.Builder
+		if err := domain.RenderConfirmURLTemplate(&buf, urlTmpl, user.ID, code, user.ResourceOwner); err != nil {
+			return err
+		}
+		url = buf.String()
+	}
+
+	args := make(map[string]interface{})
+	args["Code"] = code
+	return notify(url, args, domain.VerifyEmailMessageType, true)
+}
--- a/internal/notification/types/email_verification_code_test.go
+++ b/internal/notification/types/email_verification_code_test.go
@@ -0,0 +1,92 @@
+package types
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func TestNotify_SendEmailVerificationCode(t *testing.T) {
+	type args struct {
+		user          *query.NotifyUser
+		origin        *http_utils.DomainCtx
+		code          string
+		urlTmpl       string
+		authRequestID string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *notifyResult
+		wantErr error
+	}{
+		{
+			name: "default URL",
+			args: args{
+				user: &query.NotifyUser{
+					ID:            "user1",
+					ResourceOwner: "org1",
+				},
+				origin:        &http_utils.DomainCtx{InstanceHost: "example.com", Protocol: "https"},
+				code:          "123",
+				urlTmpl:       "",
+				authRequestID: "authRequestID",
+			},
+			want: &notifyResult{
+				url:                                "https://example.com/ui/login/mail/verification?authRequestID=authRequestID&code=123&orgID=org1&userID=user1",
+				args:                               map[string]interface{}{"Code": "123"},
+				messageType:                        domain.VerifyEmailMessageType,
+				allowUnverifiedNotificationChannel: true,
+			},
+		},
+		{
+			name: "template error",
+			args: args{
+				user: &query.NotifyUser{
+					ID:            "user1",
+					ResourceOwner: "org1",
+				},
+				origin:        &http_utils.DomainCtx{InstanceHost: "example.com", Protocol: "https"},
+				code:          "123",
+				urlTmpl:       "{{",
+				authRequestID: "authRequestID",
+			},
+			want:    &notifyResult{},
+			wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"),
+		},
+		{
+			name: "template success",
+			args: args{
+				user: &query.NotifyUser{
+					ID:            "user1",
+					ResourceOwner: "org1",
+				},
+				origin:        &http_utils.DomainCtx{InstanceHost: "example.com", Protocol: "https"},
+				code:          "123",
+				urlTmpl:       "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}",
+				authRequestID: "authRequestID",
+			},
+			want: &notifyResult{
+				url:                                "https://example.com/email/verify?userID=user1&code=123&orgID=org1",
+				args:                               map[string]interface{}{"Code": "123"},
+				messageType:                        domain.VerifyEmailMessageType,
+				allowUnverifiedNotificationChannel: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, notify := mockNotify()
+			err := notify.SendEmailVerificationCode(http_utils.WithDomainContext(context.Background(), tt.args.origin), tt.args.user, tt.args.code, tt.args.urlTmpl, tt.args.authRequestID)
+			require.ErrorIs(t, err, tt.wantErr)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
--- a/internal/notification/types/init_code.go
+++ b/internal/notification/types/init_code.go
@@ -0,0 +1,17 @@
+package types
+
+import (
+	"context"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/api/ui/login"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func (notify Notify) SendUserInitCode(ctx context.Context, user *query.NotifyUser, code, authRequestID string) error {
+	url := login.InitUserLink(http_utils.DomainContext(ctx).Origin(), user.ID, user.PreferredLoginName, code, user.ResourceOwner, user.PasswordSet, authRequestID)
+	args := make(map[string]interface{})
+	args["Code"] = code
+	return notify(url, args, domain.InitCodeMessageType, true)
+}
--- a/internal/notification/types/invite_code.go
+++ b/internal/notification/types/invite_code.go
@@ -0,0 +1,31 @@
+package types
+
+import (
+	"context"
+	"strings"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/api/ui/login"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func (notify Notify) SendInviteCode(ctx context.Context, user *query.NotifyUser, code, applicationName, urlTmpl, authRequestID string) error {
+	var url string
+	if applicationName == "" {
+		applicationName = "ZITADEL"
+	}
+	if urlTmpl == "" {
+		url = login.InviteUserLink(http_utils.DomainContext(ctx).Origin(), user.ID, user.PreferredLoginName, code, user.ResourceOwner, authRequestID)
+	} else {
+		var buf strings.Builder
+		if err := domain.RenderConfirmURLTemplate(&buf, urlTmpl, user.ID, code, user.ResourceOwner); err != nil {
+			return err
+		}
+		url = buf.String()
+	}
+	args := make(map[string]interface{})
+	args["Code"] = code
+	args["ApplicationName"] = applicationName
+	return notify(url, args, domain.InviteUserMessageType, true)
+}
--- a/internal/notification/types/otp.go
+++ b/internal/notification/types/otp.go
@@ -0,0 +1,29 @@
+package types
+
+import (
+	"context"
+	"time"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+func (notify Notify) SendOTPSMSCode(ctx context.Context, code string, expiry time.Duration) error {
+	args := otpArgs(ctx, code, expiry)
+	return notify("", args, domain.VerifySMSOTPMessageType, false)
+}
+
+func (notify Notify) SendOTPEmailCode(ctx context.Context, url, code string, expiry time.Duration) error {
+	args := otpArgs(ctx, code, expiry)
+	return notify(url, args, domain.VerifyEmailOTPMessageType, false)
+}
+
+func otpArgs(ctx context.Context, code string, expiry time.Duration) map[string]interface{} {
+	domainCtx := http_utils.DomainContext(ctx)
+	args := make(map[string]interface{})
+	args["OTP"] = code
+	args["Origin"] = domainCtx.Origin()
+	args["Domain"] = domainCtx.RequestedDomain()
+	args["Expiry"] = expiry
+	return args
+}
--- a/internal/notification/types/password_change.go
+++ b/internal/notification/types/password_change.go
@@ -0,0 +1,16 @@
+package types
+
+import (
+	"context"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/api/ui/console"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func (notify Notify) SendPasswordChange(ctx context.Context, user *query.NotifyUser) error {
+	url := console.LoginHintLink(http_utils.DomainContext(ctx).Origin(), user.PreferredLoginName)
+	args := make(map[string]interface{})
+	return notify(url, args, domain.PasswordChangeMessageType, true)
+}
--- a/internal/notification/types/password_code.go
+++ b/internal/notification/types/password_code.go
@@ -0,0 +1,27 @@
+package types
+
+import (
+	"context"
+	"strings"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/api/ui/login"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func (notify Notify) SendPasswordCode(ctx context.Context, user *query.NotifyUser, code, urlTmpl, authRequestID string) error {
+	var url string
+	if urlTmpl == "" {
+		url = login.InitPasswordLink(http_utils.DomainContext(ctx).Origin(), user.ID, code, user.ResourceOwner, authRequestID)
+	} else {
+		var buf strings.Builder
+		if err := domain.RenderConfirmURLTemplate(&buf, urlTmpl, user.ID, code, user.ResourceOwner); err != nil {
+			return err
+		}
+		url = buf.String()
+	}
+	args := make(map[string]interface{})
+	args["Code"] = code
+	return notify(url, args, domain.PasswordResetMessageType, true)
+}
--- a/internal/notification/types/passwordless_registration_link.go
+++ b/internal/notification/types/passwordless_registration_link.go
@@ -0,0 +1,25 @@
+package types
+
+import (
+	"context"
+	"strings"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/api/ui/login"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+)
+
+func (notify Notify) SendPasswordlessRegistrationLink(ctx context.Context, user *query.NotifyUser, code, codeID, urlTmpl string) error {
+	var url string
+	if urlTmpl == "" {
+		url = domain.PasswordlessInitCodeLink(http_utils.DomainContext(ctx).Origin()+login.HandlerPrefix+login.EndpointPasswordlessRegistration, user.ID, user.ResourceOwner, codeID, code)
+	} else {
+		var buf strings.Builder
+		if err := domain.RenderPasskeyURLTemplate(&buf, urlTmpl, user.ID, user.ResourceOwner, codeID, code); err != nil {
+			return err
+		}
+		url = buf.String()
+	}
+	return notify(url, nil, domain.PasswordlessRegistrationMessageType, true)
+}
--- a/internal/notification/types/passwordless_registration_link_test.go
+++ b/internal/notification/types/passwordless_registration_link_test.go
@@ -0,0 +1,90 @@
+package types
+
+import (
+	"context"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	http_utils "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/domain"
+	"github.com/zitadel/zitadel/internal/query"
+	"github.com/zitadel/zitadel/internal/zerrors"
+)
+
+func TestNotify_SendPasswordlessRegistrationLink(t *testing.T) {
+	type args struct {
+		user    *query.NotifyUser
+		origin  *http_utils.DomainCtx
+		code    string
+		codeID  string
+		urlTmpl string
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    *notifyResult
+		wantErr error
+	}{
+		{
+			name: "default URL",
+			args: args{
+				user: &query.NotifyUser{
+					ID:            "user1",
+					ResourceOwner: "org1",
+				},
+				origin:  &http_utils.DomainCtx{InstanceHost: "example.com", Protocol: "https"},
+				code:    "123",
+				codeID:  "456",
+				urlTmpl: "",
+			},
+			want: &notifyResult{
+				url:                                "https://example.com/ui/login/login/passwordless/init?userID=user1&orgID=org1&codeID=456&code=123",
+				messageType:                        domain.PasswordlessRegistrationMessageType,
+				allowUnverifiedNotificationChannel: true,
+			},
+		},
+		{
+			name: "template error",
+			args: args{
+				user: &query.NotifyUser{
+					ID:            "user1",
+					ResourceOwner: "org1",
+				},
+				origin:  &http_utils.DomainCtx{InstanceHost: "example.com", Protocol: "https"},
+				code:    "123",
+				codeID:  "456",
+				urlTmpl: "{{",
+			},
+			want:    &notifyResult{},
+			wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"),
+		},
+		{
+			name: "template success",
+			args: args{
+				user: &query.NotifyUser{
+					ID:            "user1",
+					ResourceOwner: "org1",
+				},
+				origin:  &http_utils.DomainCtx{InstanceHost: "example.com", Protocol: "https"},
+				code:    "123",
+				codeID:  "456",
+				urlTmpl: "https://example.com/passkey/register?userID={{.UserID}}&orgID={{.OrgID}}&codeID={{.CodeID}}&code={{.Code}}",
+			},
+			want: &notifyResult{
+				url:                                "https://example.com/passkey/register?userID=user1&orgID=org1&codeID=456&code=123",
+				messageType:                        domain.PasswordlessRegistrationMessageType,
+				allowUnverifiedNotificationChannel: true,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, notify := mockNotify()
+			err := notify.SendPasswordlessRegistrationLink(http_utils.WithDomainContext(context.Background(), tt.args.origin), tt.args.user, tt.args.code, tt.args.codeID, tt.args.urlTmpl)
+			require.ErrorIs(t, err, tt.wantErr)
+			assert.Equal(t, tt.want, got)
+		})
+	}
+}
--- a/internal/notification/types/phone_verification_code.go
+++ b/internal/notification/types/phone_verification_code.go
@@ -0,0 +1,15 @@
+package types
+
+import (
+	"context"
+
+	http_util "github.com/zitadel/zitadel/internal/api/http"
+	"github.com/zitadel/zitadel/internal/domain"
+)
+
+func (notify Notify) SendPhoneVerificationCode(ctx context.Context, code string) error {
+	args := make(map[string]interface{})
+	args["Code"] = code
+	args["Domain"] = http_util.DomainContext(ctx).RequestedDomain()
+	return notify("", args, domain.VerifyPhoneMessageType, true)
+}
--- a/internal/notification/types/types_test.go
+++ b/internal/notification/types/types_test.go
@@ -0,0 +1,23 @@
+package types
+
+type notifyResult struct {
+	url                                string
+	args                               map[string]interface{}
+	messageType                        string
+	allowUnverifiedNotificationChannel bool
+}
+
+// mockNotify returns a notifyResult and Notify function for easy mocking.
+// The notifyResult will only be populated after Notify is called.
+func mockNotify() (*notifyResult, Notify) {
+	dst := new(notifyResult)
+	return dst, func(url string, args map[string]interface{}, messageType string, allowUnverifiedNotificationChannel bool) error {
+		*dst = notifyResult{
+			url:                                url,
+			args:                               args,
+			messageType:                        messageType,
+			allowUnverifiedNotificationChannel: allowUnverifiedNotificationChannel,
+		}
+		return nil
+	}
+}