fix: use triggering origin for notification links (#6628)

* take baseurl if saved on event

* refactor: make es mocks reusable

* Revert "refactor: make es mocks reusable"

This reverts commit 434ce12a6a.

* make messages testable

* test asset url

* fmt

* fmt

* simplify notification.Start

* test url combinations

* support init code added

* support password changed

* support reset pw

* support user domain claimed

* support add pwless login

* support verify phone

* Revert "support verify phone"

This reverts commit e40503303e.

* save trigger origin from ctx

* add ready for review check

* camel

* test email otp

* fix variable naming

* fix DefaultOTPEmailURLV2

* Revert "fix DefaultOTPEmailURLV2"

This reverts commit fa34d4d2a8.

* fix email otp challenged test

* fix email otp challenged test

* pass origin in login and gateway requests

* take origin from header

* take x-forwarded if present

* Update internal/notification/handlers/queries.go

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* Update internal/notification/handlers/commands.go

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

* move origin header to ctx if available

* generate

* cleanup

* use forwarded header

* support X-Forwarded-* headers

* standardize context handling

* fix linting

---------

Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>

internal/notification/handlers/origin.go

@@ -2,27 +2,56 @@ package handlers
 
 import (
 	"context"
+	"fmt"
+	"net/url"
 
 	"github.com/zitadel/zitadel/internal/api/authz"
 	http_utils "github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/query"
 )
 
-func (n *NotificationQueries) Origin(ctx context.Context) (context.Context, string, error) {
+type OriginEvent interface {
+	eventstore.Event
+	TriggerOrigin() string
+}
+
+func (n *NotificationQueries) Origin(ctx context.Context, e eventstore.Event) (context.Context, error) {
+	originEvent, ok := e.(OriginEvent)
+	if !ok {
+		return ctx, errors.ThrowInternal(fmt.Errorf("event of type %T doesn't implement OriginEvent", e), "NOTIF-3m9fs", "Errors.Internal")
+	}
+	origin := originEvent.TriggerOrigin()
+	if origin != "" {
+		originURL, err := url.Parse(origin)
+		if err != nil {
+			return ctx, err
+		}
+		return enrichCtx(ctx, originURL.Hostname(), origin), nil
+	}
 	primary, err := query.NewInstanceDomainPrimarySearchQuery(true)
 	if err != nil {
-		return ctx, "", err
+		return ctx, err
 	}
 	domains, err := n.SearchInstanceDomains(ctx, &query.InstanceDomainSearchQueries{
 		Queries: []query.SearchQuery{primary},
 	})
 	if err != nil {
-		return ctx, "", err
+		return ctx, err
 	}
 	if len(domains.Domains) < 1 {
-		return ctx, "", errors.ThrowInternal(nil, "NOTIF-Ef3r1", "Errors.Notification.NoDomain")
+		return ctx, errors.ThrowInternal(nil, "NOTIF-Ef3r1", "Errors.Notification.NoDomain")
 	}
-	ctx = authz.WithRequestedDomain(ctx, domains.Domains[0].Domain)
-	return ctx, http_utils.BuildHTTP(domains.Domains[0].Domain, n.externalPort, n.externalSecure), nil
+	return enrichCtx(
+		ctx,
+		domains.Domains[0].Domain,
+		http_utils.BuildHTTP(domains.Domains[0].Domain, n.externalPort, n.externalSecure),
+	), nil
+}
+
+func enrichCtx(ctx context.Context, host, origin string) context.Context {
+	ctx = authz.WithRequestedDomain(ctx, host)
+	ctx = http_utils.WithComposedOrigin(ctx, origin)
+	return ctx
 }