fix: use triggering origin for notification links (#6628)

* take baseurl if saved on event * refactor: make es mocks reusable * Revert "refactor: make es mocks reusable" This reverts commit 434ce12a6a. * make messages testable * test asset url * fmt * fmt * simplify notification.Start * test url combinations * support init code added * support password changed * support reset pw * support user domain claimed * support add pwless login * support verify phone * Revert "support verify phone" This reverts commit e40503303e. * save trigger origin from ctx * add ready for review check * camel * test email otp * fix variable naming * fix DefaultOTPEmailURLV2 * Revert "fix DefaultOTPEmailURLV2" This reverts commit fa34d4d2a8. * fix email otp challenged test * fix email otp challenged test * pass origin in login and gateway requests * take origin from header * take x-forwarded if present * Update internal/notification/handlers/queries.go Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * Update internal/notification/handlers/commands.go Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> * move origin header to ctx if available * generate * cleanup * use forwarded header * support X-Forwarded-* headers * standardize context handling * fix linting --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2025-08-11 21:07:31 +00:00 · 2023-10-10 15:20:53 +02:00
parent 0180779d6d
commit 8f6cb47567
47 changed files with 2405 additions and 508 deletions
--- a/internal/notification/handlers/user_notifier.go
+++ b/internal/notification/handlers/user_notifier.go
@@ -5,9 +5,8 @@ import (
 	"strings"
 	"time"

-	"github.com/zitadel/zitadel/internal/api/authz"
+	http_util "github.com/zitadel/zitadel/internal/api/http"
 	"github.com/zitadel/zitadel/internal/api/ui/login"
-	"github.com/zitadel/zitadel/internal/command"
 	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/errors"
@@ -27,27 +26,19 @@ const (

 type userNotifier struct {
 	crdb.StatementHandler
-	commands     *command.Commands
+	commands     Commands
 	queries      *NotificationQueries
-	assetsPrefix func(context.Context) string
+	channels     types.ChannelChains
 	otpEmailTmpl string
-	metricSuccessfulDeliveriesEmail,
-	metricFailedDeliveriesEmail,
-	metricSuccessfulDeliveriesSMS,
-	metricFailedDeliveriesSMS string
 }

 func NewUserNotifier(
 	ctx context.Context,
 	config crdb.StatementHandlerConfig,
-	commands *command.Commands,
+	commands Commands,
 	queries *NotificationQueries,
-	assetsPrefix func(context.Context) string,
+	channels types.ChannelChains,
 	otpEmailTmpl string,
-	metricSuccessfulDeliveriesEmail,
-	metricFailedDeliveriesEmail,
-	metricSuccessfulDeliveriesSMS,
-	metricFailedDeliveriesSMS string,
 ) *userNotifier {
 	p := new(userNotifier)
 	config.ProjectionName = UserNotificationsProjectionTable
@@ -55,12 +46,8 @@ func NewUserNotifier(
 	p.StatementHandler = crdb.NewStatementHandler(ctx, config)
 	p.commands = commands
 	p.queries = queries
-	p.assetsPrefix = assetsPrefix
+	p.channels = channels
 	p.otpEmailTmpl = otpEmailTmpl
-	p.metricSuccessfulDeliveriesEmail = metricSuccessfulDeliveriesEmail
-	p.metricFailedDeliveriesEmail = metricFailedDeliveriesEmail
-	p.metricSuccessfulDeliveriesSMS = metricSuccessfulDeliveriesSMS
-	p.metricFailedDeliveriesSMS = metricFailedDeliveriesSMS
 	projection.NotificationsProjection = p
 	return p
 }
@@ -177,25 +164,12 @@ func (u *userNotifier) reduceInitCodeAdded(event eventstore.Event) (*handler.Sta
 	if err != nil {
 		return nil, err
 	}
-
-	ctx, origin, err := u.queries.Origin(ctx)
+	ctx, err = u.queries.Origin(ctx, e)
 	if err != nil {
 		return nil, err
 	}
-	err = types.SendEmail(
-		ctx,
-		string(template.Template),
-		translator,
-		notifyUser,
-		u.queries.GetSMTPConfig,
-		u.queries.GetFileSystemProvider,
-		u.queries.GetLogProvider,
-		colors,
-		u.assetsPrefix(ctx),
-		e,
-		u.metricSuccessfulDeliveriesEmail,
-		u.metricFailedDeliveriesEmail,
-	).SendUserInitCode(notifyUser, origin, code)
+	err = types.SendEmail(ctx, u.channels, string(template.Template), translator, notifyUser, colors, e).
+		SendUserInitCode(ctx, notifyUser, code)
 	if err != nil {
 		return nil, err
 	}
@@ -247,25 +221,12 @@ func (u *userNotifier) reduceEmailCodeAdded(event eventstore.Event) (*handler.St
 	if err != nil {
 		return nil, err
 	}
-
-	ctx, origin, err := u.queries.Origin(ctx)
+	ctx, err = u.queries.Origin(ctx, e)
 	if err != nil {
 		return nil, err
 	}
-	err = types.SendEmail(
-		ctx,
-		string(template.Template),
-		translator,
-		notifyUser,
-		u.queries.GetSMTPConfig,
-		u.queries.GetFileSystemProvider,
-		u.queries.GetLogProvider,
-		colors,
-		u.assetsPrefix(ctx),
-		e,
-		u.metricSuccessfulDeliveriesEmail,
-		u.metricFailedDeliveriesEmail,
-	).SendEmailVerificationCode(notifyUser, origin, code, e.URLTemplate)
+	err = types.SendEmail(ctx, u.channels, string(template.Template), translator, notifyUser, colors, e).
+		SendEmailVerificationCode(ctx, notifyUser, code, e.URLTemplate)
 	if err != nil {
 		return nil, err
 	}
@@ -316,41 +277,15 @@ func (u *userNotifier) reducePasswordCodeAdded(event eventstore.Event) (*handler
 	if err != nil {
 		return nil, err
 	}
-
-	ctx, origin, err := u.queries.Origin(ctx)
+	ctx, err = u.queries.Origin(ctx, e)
 	if err != nil {
 		return nil, err
 	}
-	notify := types.SendEmail(
-		ctx,
-		string(template.Template),
-		translator,
-		notifyUser,
-		u.queries.GetSMTPConfig,
-		u.queries.GetFileSystemProvider,
-		u.queries.GetLogProvider,
-		colors,
-		u.assetsPrefix(ctx),
-		e,
-		u.metricSuccessfulDeliveriesEmail,
-		u.metricFailedDeliveriesEmail,
-	)
+	notify := types.SendEmail(ctx, u.channels, string(template.Template), translator, notifyUser, colors, e)
 	if e.NotificationType == domain.NotificationTypeSms {
-		notify = types.SendSMSTwilio(
-			ctx,
-			translator,
-			notifyUser,
-			u.queries.GetTwilioConfig,
-			u.queries.GetFileSystemProvider,
-			u.queries.GetLogProvider,
-			colors,
-			u.assetsPrefix(ctx),
-			e,
-			u.metricSuccessfulDeliveriesSMS,
-			u.metricFailedDeliveriesSMS,
-		)
+		notify = types.SendSMSTwilio(ctx, u.channels, translator, notifyUser, colors, e)
 	}
-	err = notify.SendPasswordCode(notifyUser, origin, code, e.URLTemplate)
+	err = notify.SendPasswordCode(ctx, notifyUser, code, e.URLTemplate)
 	if err != nil {
 		return nil, err
 	}
@@ -437,25 +372,12 @@ func (u *userNotifier) reduceOTPSMS(
 	if err != nil {
 		return nil, err
 	}
-
-	ctx, origin, err := u.queries.Origin(ctx)
+	ctx, err = u.queries.Origin(ctx, event)
 	if err != nil {
 		return nil, err
 	}
-	notify := types.SendSMSTwilio(
-		ctx,
-		translator,
-		notifyUser,
-		u.queries.GetTwilioConfig,
-		u.queries.GetFileSystemProvider,
-		u.queries.GetLogProvider,
-		colors,
-		u.assetsPrefix(ctx),
-		event,
-		u.metricSuccessfulDeliveriesSMS,
-		u.metricFailedDeliveriesSMS,
-	)
-	err = notify.SendOTPSMSCode(authz.GetInstance(ctx).RequestedDomain(), origin, plainCode, expiry)
+	notify := types.SendSMSTwilio(ctx, u.channels, translator, notifyUser, colors, event)
+	err = notify.SendOTPSMSCode(ctx, plainCode, expiry)
 	if err != nil {
 		return nil, err
 	}
@@ -568,30 +490,16 @@ func (u *userNotifier) reduceOTPEmail(
 	if err != nil {
 		return nil, err
 	}
-
-	ctx, origin, err := u.queries.Origin(ctx)
+	ctx, err = u.queries.Origin(ctx, event)
 	if err != nil {
 		return nil, err
 	}
-	url, err := urlTmpl(plainCode, origin, notifyUser)
+	url, err := urlTmpl(plainCode, http_util.ComposedOrigin(ctx), notifyUser)
 	if err != nil {
 		return nil, err
 	}
-	notify := types.SendEmail(
-		ctx,
-		string(template.Template),
-		translator,
-		notifyUser,
-		u.queries.GetSMTPConfig,
-		u.queries.GetFileSystemProvider,
-		u.queries.GetLogProvider,
-		colors,
-		u.assetsPrefix(ctx),
-		event,
-		u.metricSuccessfulDeliveriesEmail,
-		u.metricFailedDeliveriesEmail,
-	)
-	err = notify.SendOTPEmailCode(notifyUser, url, authz.GetInstance(ctx).RequestedDomain(), origin, plainCode, expiry)
+	notify := types.SendEmail(ctx, u.channels, string(template.Template), translator, notifyUser, colors, event)
+	err = notify.SendOTPEmailCode(ctx, url, plainCode, expiry)
 	if err != nil {
 		return nil, err
 	}
@@ -634,25 +542,12 @@ func (u *userNotifier) reduceDomainClaimed(event eventstore.Event) (*handler.Sta
 	if err != nil {
 		return nil, err
 	}
-
-	ctx, origin, err := u.queries.Origin(ctx)
+	ctx, err = u.queries.Origin(ctx, e)
 	if err != nil {
 		return nil, err
 	}
-	err = types.SendEmail(
-		ctx,
-		string(template.Template),
-		translator,
-		notifyUser,
-		u.queries.GetSMTPConfig,
-		u.queries.GetFileSystemProvider,
-		u.queries.GetLogProvider,
-		colors,
-		u.assetsPrefix(ctx),
-		e,
-		u.metricSuccessfulDeliveriesEmail,
-		u.metricFailedDeliveriesEmail,
-	).SendDomainClaimed(notifyUser, origin, e.UserName)
+	err = types.SendEmail(ctx, u.channels, string(template.Template), translator, notifyUser, colors, e).
+		SendDomainClaimed(ctx, notifyUser, e.UserName)
 	if err != nil {
 		return nil, err
 	}
@@ -701,25 +596,12 @@ func (u *userNotifier) reducePasswordlessCodeRequested(event eventstore.Event) (
 	if err != nil {
 		return nil, err
 	}
-
-	ctx, origin, err := u.queries.Origin(ctx)
+	ctx, err = u.queries.Origin(ctx, e)
 	if err != nil {
 		return nil, err
 	}
-	err = types.SendEmail(
-		ctx,
-		string(template.Template),
-		translator,
-		notifyUser,
-		u.queries.GetSMTPConfig,
-		u.queries.GetFileSystemProvider,
-		u.queries.GetLogProvider,
-		colors,
-		u.assetsPrefix(ctx),
-		e,
-		u.metricSuccessfulDeliveriesEmail,
-		u.metricFailedDeliveriesEmail,
-	).SendPasswordlessRegistrationLink(notifyUser, origin, code, e.ID, e.URLTemplate)
+	err = types.SendEmail(ctx, u.channels, string(template.Template), translator, notifyUser, colors, e).
+		SendPasswordlessRegistrationLink(ctx, notifyUser, code, e.ID, e.URLTemplate)
 	if err != nil {
 		return nil, err
 	}
@@ -771,25 +653,12 @@ func (u *userNotifier) reducePasswordChanged(event eventstore.Event) (*handler.S
 		if err != nil {
 			return nil, err
 		}
-
-		ctx, origin, err := u.queries.Origin(ctx)
+		ctx, err = u.queries.Origin(ctx, e)
 		if err != nil {
 			return nil, err
 		}
-		err = types.SendEmail(
-			ctx,
-			string(template.Template),
-			translator,
-			notifyUser,
-			u.queries.GetSMTPConfig,
-			u.queries.GetFileSystemProvider,
-			u.queries.GetLogProvider,
-			colors,
-			u.assetsPrefix(ctx),
-			e,
-			u.metricSuccessfulDeliveriesEmail,
-			u.metricFailedDeliveriesEmail,
-		).SendPasswordChange(notifyUser, origin)
+		err = types.SendEmail(ctx, u.channels, string(template.Template), translator, notifyUser, colors, e).
+			SendPasswordChange(ctx, notifyUser)
 		if err != nil {
 			return nil, err
 		}
@@ -836,24 +705,12 @@ func (u *userNotifier) reducePhoneCodeAdded(event eventstore.Event) (*handler.St
 	if err != nil {
 		return nil, err
 	}
-
-	ctx, origin, err := u.queries.Origin(ctx)
+	ctx, err = u.queries.Origin(ctx, e)
 	if err != nil {
 		return nil, err
 	}
-	err = types.SendSMSTwilio(
-		ctx,
-		translator,
-		notifyUser,
-		u.queries.GetTwilioConfig,
-		u.queries.GetFileSystemProvider,
-		u.queries.GetLogProvider,
-		colors,
-		u.assetsPrefix(ctx),
-		e,
-		u.metricSuccessfulDeliveriesSMS,
-		u.metricFailedDeliveriesSMS,
-	).SendPhoneVerificationCode(notifyUser, origin, code, authz.GetInstance(ctx).RequestedDomain())
+	err = types.SendSMSTwilio(ctx, u.channels, translator, notifyUser, colors, e).
+		SendPhoneVerificationCode(ctx, code)
 	if err != nil {
 		return nil, err
 	}