feat: pass and handle auth request context for email links (#7815)

* pass and handle auth request context

* tests and cleanup

* cleanup

internal/api/ui/login/init_password_handler.go

@@ -1,8 +1,8 @@
 package login
 
 import (
-	"fmt"
 	"net/http"
+	"net/url"
 
 	http_mw "github.com/zitadel/zitadel/internal/api/http/middleware"
 	"github.com/zitadel/zitadel/internal/domain"
@@ -38,14 +38,20 @@ type initPasswordData struct {
 	HasSymbol    string
 }
 
-func InitPasswordLink(origin, userID, code, orgID string) string {
-	return fmt.Sprintf("%s%s?userID=%s&code=%s&orgID=%s", externalLink(origin), EndpointInitPassword, userID, code, orgID)
+func InitPasswordLink(origin, userID, code, orgID, authRequestID string) string {
+	v := url.Values{}
+	v.Set(queryInitPWUserID, userID)
+	v.Set(queryInitPWCode, code)
+	v.Set(queryOrgID, orgID)
+	v.Set(QueryAuthRequestID, authRequestID)
+	return externalLink(origin) + EndpointInitPassword + "?" + v.Encode()
 }
 
 func (l *Login) handleInitPassword(w http.ResponseWriter, r *http.Request) {
+	authReq := l.checkOptionalAuthRequestOfEmailLinks(r)
 	userID := r.FormValue(queryInitPWUserID)
 	code := r.FormValue(queryInitPWCode)
-	l.renderInitPassword(w, r, nil, userID, code, nil)
+	l.renderInitPassword(w, r, authReq, userID, code, nil)
 }
 
 func (l *Login) handleInitPasswordCheck(w http.ResponseWriter, r *http.Request) {
@@ -94,7 +100,7 @@ func (l *Login) resendPasswordSet(w http.ResponseWriter, r *http.Request, authRe
 		l.renderInitPassword(w, r, authReq, userID, "", err)
 		return
 	}
-	_, err = l.command.RequestSetPassword(setContext(r.Context(), userOrg), userID, userOrg, domain.NotificationTypeEmail, passwordCodeGenerator)
+	_, err = l.command.RequestSetPassword(setContext(r.Context(), userOrg), userID, userOrg, domain.NotificationTypeEmail, passwordCodeGenerator, authReq.ID)
 	l.renderInitPassword(w, r, authReq, userID, "", err)
 }