fix: backend fixes (#1452)

* fix: email change not possible if init state

* fix: email change not possible if init state

* passwordless

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

internal/command/user_human_email.go

@@ -23,6 +23,9 @@ func (c *Commands) ChangeHumanEmail(ctx context.Context, email *domain.Email) (*
 	if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted {
 		return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound")
 	}
+	if existingEmail.UserState == domain.UserStateInitial {
+		return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J8dsk", "Errors.User.NotInitialised")
+	}
 	userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel)
 	changedEvent, hasChanged := existingEmail.NewChangedEvent(ctx, userAgg, email.EmailAddress)
 	if !hasChanged {

internal/command/user_human_email_test.go

@@ -79,6 +79,49 @@ func TestCommandSide_ChangeHumanEmail(t *testing.T) {
 				err: caos_errs.IsPreconditionFailed,
 			},
 		},
+		{
+			name: "user not initialized, precondition error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							user.NewHumanAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								"username",
+								"firstname",
+								"lastname",
+								"nickname",
+								"displayname",
+								language.German,
+								domain.GenderUnspecified,
+								"email@test.ch",
+								true,
+							),
+						),
+						eventFromEventPusher(
+							user.NewHumanInitialCodeAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								nil, time.Hour*1,
+							),
+						),
+					),
+				),
+			},
+			args: args{
+				ctx: context.Background(),
+				email: &domain.Email{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID: "user1",
+					},
+					EmailAddress: "email@test.ch",
+				},
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: caos_errs.IsPreconditionFailed,
+			},
+		},
 		{
 			name: "email not changed, precondition error",
 			fields: fields{

internal/command/user_human_webauthn_model.go

@@ -53,11 +53,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessVerifiedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
 			}
 		case *user.HumanU2FVerifiedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
 			}
 		case *user.HumanWebAuthNSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
@@ -65,11 +65,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
 			}
 		case *user.HumanU2FSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
 			}
 		case *user.HumanWebAuthNRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
@@ -77,11 +77,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
 			}
 		case *user.HumanU2FRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
 			}
 		case *user.UserRemovedEvent:
 			wm.WriteModel.AppendEvents(e)