feat: pass and handle auth request context for email links (#7815)

* pass and handle auth request context * tests and cleanup * cleanup
2025-08-11 21:37:32 +00:00 · 2024-04-24 17:50:58 +02:00
parent ac985e2dfb
commit d016379e2a
38 changed files with 851 additions and 2018 deletions
--- a/internal/notification/types/email_verification_code.go
+++ b/internal/notification/types/email_verification_code.go
@@ -10,10 +10,10 @@ import (
 	"github.com/zitadel/zitadel/internal/query"
 )

-func (notify Notify) SendEmailVerificationCode(ctx context.Context, user *query.NotifyUser, code string, urlTmpl string) error {
+func (notify Notify) SendEmailVerificationCode(ctx context.Context, user *query.NotifyUser, code string, urlTmpl, authRequestID string) error {
 	var url string
 	if urlTmpl == "" {
-		url = login.MailVerificationLink(http_utils.ComposedOrigin(ctx), user.ID, code, user.ResourceOwner)
+		url = login.MailVerificationLink(http_utils.ComposedOrigin(ctx), user.ID, code, user.ResourceOwner, authRequestID)
 	} else {
 		var buf strings.Builder
 		if err := domain.RenderConfirmURLTemplate(&buf, urlTmpl, user.ID, code, user.ResourceOwner); err != nil {
--- a/internal/notification/types/email_verification_code_test.go
+++ b/internal/notification/types/email_verification_code_test.go
@@ -15,10 +15,11 @@ import (

 func TestNotify_SendEmailVerificationCode(t *testing.T) {
 	type args struct {
-		user    *query.NotifyUser
-		origin  string
-		code    string
-		urlTmpl string
+		user          *query.NotifyUser
+		origin        string
+		code          string
+		urlTmpl       string
+		authRequestID string
 	}
 	tests := []struct {
 		name    string
@@ -33,12 +34,13 @@ func TestNotify_SendEmailVerificationCode(t *testing.T) {
 					ID:            "user1",
 					ResourceOwner: "org1",
 				},
-				origin:  "https://example.com",
-				code:    "123",
-				urlTmpl: "",
+				origin:        "https://example.com",
+				code:          "123",
+				urlTmpl:       "",
+				authRequestID: "authRequestID",
 			},
 			want: &notifyResult{
-				url:                                "https://example.com/ui/login/mail/verification?userID=user1&code=123&orgID=org1",
+				url:                                "https://example.com/ui/login/mail/verification?authRequestID=authRequestID&code=123&orgID=org1&userID=user1",
 				args:                               map[string]interface{}{"Code": "123"},
 				messageType:                        domain.VerifyEmailMessageType,
 				allowUnverifiedNotificationChannel: true,
@@ -51,9 +53,10 @@ func TestNotify_SendEmailVerificationCode(t *testing.T) {
 					ID:            "user1",
 					ResourceOwner: "org1",
 				},
-				origin:  "https://example.com",
-				code:    "123",
-				urlTmpl: "{{",
+				origin:        "https://example.com",
+				code:          "123",
+				urlTmpl:       "{{",
+				authRequestID: "authRequestID",
 			},
 			want:    &notifyResult{},
 			wantErr: zerrors.ThrowInvalidArgument(nil, "DOMAIN-oGh5e", "Errors.User.InvalidURLTemplate"),
@@ -65,9 +68,10 @@ func TestNotify_SendEmailVerificationCode(t *testing.T) {
 					ID:            "user1",
 					ResourceOwner: "org1",
 				},
-				origin:  "https://example.com",
-				code:    "123",
-				urlTmpl: "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}",
+				origin:        "https://example.com",
+				code:          "123",
+				urlTmpl:       "https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}",
+				authRequestID: "authRequestID",
 			},
 			want: &notifyResult{
 				url:                                "https://example.com/email/verify?userID=user1&code=123&orgID=org1",
@@ -80,7 +84,7 @@ func TestNotify_SendEmailVerificationCode(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			got, notify := mockNotify()
-			err := notify.SendEmailVerificationCode(http_utils.WithComposedOrigin(context.Background(), tt.args.origin), tt.args.user, tt.args.code, tt.args.urlTmpl)
+			err := notify.SendEmailVerificationCode(http_utils.WithComposedOrigin(context.Background(), tt.args.origin), tt.args.user, tt.args.code, tt.args.urlTmpl, tt.args.authRequestID)
 			require.ErrorIs(t, err, tt.wantErr)
 			assert.Equal(t, tt.want, got)
 		})
--- a/internal/notification/types/init_code.go
+++ b/internal/notification/types/init_code.go
@@ -9,8 +9,8 @@ import (
 	"github.com/zitadel/zitadel/internal/query"
 )

-func (notify Notify) SendUserInitCode(ctx context.Context, user *query.NotifyUser, code string) error {
-	url := login.InitUserLink(http_utils.ComposedOrigin(ctx), user.ID, user.PreferredLoginName, code, user.ResourceOwner, user.PasswordSet)
+func (notify Notify) SendUserInitCode(ctx context.Context, user *query.NotifyUser, code, authRequestID string) error {
+	url := login.InitUserLink(http_utils.ComposedOrigin(ctx), user.ID, user.PreferredLoginName, code, user.ResourceOwner, user.PasswordSet, authRequestID)
 	args := make(map[string]interface{})
 	args["Code"] = code
 	return notify(url, args, domain.InitCodeMessageType, true)
--- a/internal/notification/types/password_code.go
+++ b/internal/notification/types/password_code.go
@@ -10,10 +10,10 @@ import (
 	"github.com/zitadel/zitadel/internal/query"
 )

-func (notify Notify) SendPasswordCode(ctx context.Context, user *query.NotifyUser, code, urlTmpl string) error {
+func (notify Notify) SendPasswordCode(ctx context.Context, user *query.NotifyUser, code, urlTmpl, authRequestID string) error {
 	var url string
 	if urlTmpl == "" {
-		url = login.InitPasswordLink(http_utils.ComposedOrigin(ctx), user.ID, code, user.ResourceOwner)
+		url = login.InitPasswordLink(http_utils.ComposedOrigin(ctx), user.ID, code, user.ResourceOwner, authRequestID)
 	} else {
 		var buf strings.Builder
 		if err := domain.RenderConfirmURLTemplate(&buf, urlTmpl, user.ID, code, user.ResourceOwner); err != nil {