feat: invite user link (#8578)

# Which Problems Are Solved As an administrator I want to be able to invite users to my application with the API V2, some user data I will already prefil, the user should add the authentication method themself (password, passkey, sso). # How the Problems Are Solved - A user can now be created with a email explicitly set to false. - If a user has no verified email and no authentication method, an `InviteCode` can be created through the User V2 API. - the code can be returned or sent through email - additionally `URLTemplate` and an `ApplicatioName` can provided for the email - The code can be resent and verified through the User V2 API - The V1 login allows users to verify and resend the code and set a password (analog user initialization) - The message text for the user invitation can be customized # Additional Changes - `verifyUserPasskeyCode` directly uses `crypto.VerifyCode` (instead of `verifyEncryptedCode`) - `verifyEncryptedCode` is removed (unnecessarily queried for the code generator) # Additional Context - closes #8310 - TODO: login V2 will have to implement invite flow: https://github.com/zitadel/typescript/issues/166
2025-08-11 19:07:30 +00:00 · 2024-09-11 12:53:55 +02:00
parent 02c78a19c6
commit a07b2f4677
114 changed files with 3898 additions and 293 deletions
--- a/internal/command/crypto_test.go
+++ b/internal/command/crypto_test.go
@@ -123,78 +123,6 @@ func Test_newCryptoCode(t *testing.T) {
 	}
 }

-func Test_verifyCryptoCode(t *testing.T) {
-	es := eventstoreExpect(t, expectFilter(
-		eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypeVerifyEmailCode)),
-	))
-	code, err := newEncryptedCode(context.Background(), es.Filter, domain.SecretGeneratorTypeVerifyEmailCode, crypto.CreateMockEncryptionAlg(gomock.NewController(t))) //nolint:staticcheck
-	require.NoError(t, err)
-
-	type args struct {
-		typ     domain.SecretGeneratorType
-		alg     crypto.EncryptionAlgorithm
-		expiry  time.Duration
-		crypted *crypto.CryptoValue
-		plain   string
-	}
-	tests := []struct {
-		name      string
-		eventsore *eventstore.Eventstore
-		args      args
-		wantErr   bool
-	}{
-		{
-			name:      "filter config error",
-			eventsore: eventstoreExpect(t, expectFilterError(io.ErrClosedPipe)),
-			args: args{
-				typ:     domain.SecretGeneratorTypeVerifyEmailCode,
-				alg:     crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
-				expiry:  code.Expiry,
-				crypted: code.Crypted,
-				plain:   code.Plain,
-			},
-			wantErr: true,
-		},
-		{
-			name: "success",
-			eventsore: eventstoreExpect(t, expectFilter(
-				eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypeVerifyEmailCode)),
-			)),
-			args: args{
-				typ:     domain.SecretGeneratorTypeVerifyEmailCode,
-				alg:     crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
-				expiry:  code.Expiry,
-				crypted: code.Crypted,
-				plain:   code.Plain,
-			},
-		},
-		{
-			name: "wrong plain",
-			eventsore: eventstoreExpect(t, expectFilter(
-				eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypeVerifyEmailCode)),
-			)),
-			args: args{
-				typ:     domain.SecretGeneratorTypeVerifyEmailCode,
-				alg:     crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
-				expiry:  code.Expiry,
-				crypted: code.Crypted,
-				plain:   "wrong",
-			},
-			wantErr: true,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			err := verifyEncryptedCode(context.Background(), tt.eventsore.Filter, tt.args.typ, tt.args.alg, time.Now(), tt.args.expiry, tt.args.crypted, tt.args.plain) //nolint:staticcheck
-			if tt.wantErr {
-				assert.Error(t, err)
-				return
-			}
-			require.NoError(t, err)
-		})
-	}
-}
-
 func Test_cryptoCodeGenerator(t *testing.T) {
 	type args struct {
 		typ           domain.SecretGeneratorType