feat: pass and handle auth request context for email links (#7815)

* pass and handle auth request context * tests and cleanup * cleanup
2025-12-08 05:42:27 +00:00 · 2024-04-24 17:50:58 +02:00
parent ac985e2dfb
commit d016379e2a
38 changed files with 851 additions and 2018 deletions
--- a/internal/api/ui/login/auth_request.go
+++ b/internal/api/ui/login/auth_request.go
@@ -3,6 +3,8 @@ package login
 import (
 	"net/http"

+	"github.com/zitadel/logging"
+
 	http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
 	"github.com/zitadel/zitadel/internal/domain"
 )
@@ -33,3 +35,23 @@ func (l *Login) getAuthRequestAndParseData(r *http.Request, data interface{}) (*
 func (l *Login) getParseData(r *http.Request, data interface{}) error {
 	return l.parser.Parse(r, data)
 }
+
+// checkOptionalAuthRequestOfEmailLinks tries to get the [domain.AuthRequest] from the request.
+// In case any error occurs, e.g. if the user agent does not correspond, the `authRequestID` query parameter will be
+// removed from the request URL and form to ensure subsequent functions and pages do not use it.
+// This function is used for handling links in emails, which could possibly be opened on another device than the
+// auth request was initiated.
+func (l *Login) checkOptionalAuthRequestOfEmailLinks(r *http.Request) *domain.AuthRequest {
+	authReq, err := l.getAuthRequest(r)
+	if err == nil {
+		return authReq
+	}
+	logging.WithError(err).Infof("authrequest could not be found for email link on path %s", r.URL.RequestURI())
+	queries := r.URL.Query()
+	queries.Del(QueryAuthRequestID)
+	r.URL.RawQuery = queries.Encode()
+	r.RequestURI = r.URL.RequestURI()
+	r.Form.Del(QueryAuthRequestID)
+	r.PostForm.Del(QueryAuthRequestID)
+	return nil
+}