fix: make user creation errors helpful (#5382)

* fix: make user creation errors helpful * fix linting and unit testing errors * fix linting * make zitadel config reusable * fix human validations * translate ssr errors * make zitadel config reusable * cover more translations for ssr * handle email validation message centrally * fix unit tests * fix linting * align signatures * use more precise wording * handle phone validation message centrally * fix: return specific profile errors * docs: edit comments * fix unit tests --------- Co-authored-by: Silvan <silvan.reusser@gmail.com>
2025-08-12 01:37:31 +00:00 · 2023-03-14 20:20:38 +01:00
parent 9ff810eb92
commit e00cc187fa
79 changed files with 610 additions and 485 deletions
--- a/internal/api/grpc/admin/export.go
+++ b/internal/api/grpc/admin/export.go
@@ -564,13 +564,13 @@ func (s *Server) getUsers(ctx context.Context, org string, withPasswords bool, w
 			}
 			if user.Human.Email != "" {
 				dataUser.User.Email = &management_pb.ImportHumanUserRequest_Email{
-					Email:           user.Human.Email,
+					Email:           string(user.Human.Email),
 					IsEmailVerified: user.Human.IsEmailVerified,
 				}
 			}
 			if user.Human.Phone != "" {
 				dataUser.User.Phone = &management_pb.ImportHumanUserRequest_Phone{
-					Phone:           user.Human.Phone,
+					Phone:           string(user.Human.Phone),
 					IsPhoneVerified: user.Human.IsPhoneVerified,
 				}
 			}
--- a/internal/api/grpc/admin/user_converter.go
+++ b/internal/api/grpc/admin/user_converter.go
@@ -6,6 +6,7 @@ import (

 	user_grpc "github.com/zitadel/zitadel/internal/api/grpc/user"
 	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
 	admin_grpc "github.com/zitadel/zitadel/pkg/grpc/admin"
 )

@@ -29,7 +30,7 @@ func setUpOrgHumanToCommand(human *admin_grpc.SetUpOrgRequest_Human) *command.Ad

 func setUpOrgHumanEmailToDomain(email *admin_grpc.SetUpOrgRequest_Human_Email) command.Email {
 	return command.Email{
-		Address:  email.Email,
+		Address:  domain.EmailAddress(email.Email),
 		Verified: email.IsEmailVerified,
 	}
 }
@@ -39,7 +40,7 @@ func setUpOrgHumanPhoneToDomain(phone *admin_grpc.SetUpOrgRequest_Human_Phone) c
 		return command.Phone{}
 	}
 	return command.Phone{
-		Number:   phone.Phone,
+		Number:   domain.PhoneNumber(phone.Phone),
 		Verified: phone.IsPhoneVerified,
 	}
 }
--- a/internal/api/grpc/auth/email_converter.go
+++ b/internal/api/grpc/auth/email_converter.go
@@ -10,6 +10,6 @@ import (
 func UpdateMyEmailToDomain(ctx context.Context, email *auth.SetMyEmailRequest) *domain.Email {
 	return &domain.Email{
 		ObjectRoot:   ctxToObjectRoot(ctx),
-		EmailAddress: email.Email,
+		EmailAddress: domain.EmailAddress(email.Email),
 	}
 }
--- a/internal/api/grpc/auth/phone_converter.go
+++ b/internal/api/grpc/auth/phone_converter.go
@@ -10,6 +10,6 @@ import (
 func UpdateMyPhoneToDomain(ctx context.Context, phone *auth.SetMyPhoneRequest) *domain.Phone {
 	return &domain.Phone{
 		ObjectRoot:  ctxToObjectRoot(ctx),
-		PhoneNumber: phone.Phone,
+		PhoneNumber: domain.PhoneNumber(phone.Phone),
 	}
 }
--- a/internal/api/grpc/management/user.go
+++ b/internal/api/grpc/management/user.go
@@ -208,7 +208,7 @@ func AddHumanUserRequestToAddHuman(req *mgmt_pb.AddHumanUserRequest) *command.Ad
 		NickName:    req.Profile.NickName,
 		DisplayName: req.Profile.DisplayName,
 		Email: command.Email{
-			Address:  req.Email.Email,
+			Address:  domain.EmailAddress(req.Email.Email),
 			Verified: req.Email.IsEmailVerified,
 		},
 		PreferredLanguage:      lang,
@@ -221,7 +221,7 @@ func AddHumanUserRequestToAddHuman(req *mgmt_pb.AddHumanUserRequest) *command.Ad
 	}
 	if req.Phone != nil {
 		human.Phone = command.Phone{
-			Number:   req.Phone.Phone,
+			Number:   domain.PhoneNumber(req.Phone.Phone),
 			Verified: req.Phone.IsPhoneVerified,
 		}
 	}
@@ -446,7 +446,7 @@ func (s *Server) ResendHumanInitialization(ctx context.Context, req *mgmt_pb.Res
 	if err != nil {
 		return nil, err
 	}
-	details, err := s.command.ResendInitialMail(ctx, req.UserId, req.Email, authz.GetCtxData(ctx).OrgID, initCodeGenerator)
+	details, err := s.command.ResendInitialMail(ctx, req.UserId, domain.EmailAddress(req.Email), authz.GetCtxData(ctx).OrgID, initCodeGenerator)
 	if err != nil {
 		return nil, err
 	}
--- a/internal/api/grpc/management/user_converter.go
+++ b/internal/api/grpc/management/user_converter.go
@@ -91,37 +91,6 @@ func ListUserMetadataToDomain(req *mgmt_pb.ListUserMetadataRequest) (*query.User
 	}, nil
 }

-func AddHumanUserRequestToDomain(req *mgmt_pb.AddHumanUserRequest) *domain.Human {
-	h := &domain.Human{
-		Username: req.UserName,
-	}
-	preferredLanguage, err := language.Parse(req.Profile.PreferredLanguage)
-	logging.Log("MANAG-M029f").OnError(err).Debug("language malformed")
-	h.Profile = &domain.Profile{
-		FirstName:         req.Profile.FirstName,
-		LastName:          req.Profile.LastName,
-		NickName:          req.Profile.NickName,
-		DisplayName:       req.Profile.DisplayName,
-		PreferredLanguage: preferredLanguage,
-		Gender:            user_grpc.GenderToDomain(req.Profile.Gender),
-	}
-	h.Email = &domain.Email{
-		EmailAddress:    req.Email.Email,
-		IsEmailVerified: req.Email.IsEmailVerified,
-	}
-	if req.Phone != nil {
-		h.Phone = &domain.Phone{
-			PhoneNumber:     req.Phone.Phone,
-			IsPhoneVerified: req.Phone.IsPhoneVerified,
-		}
-	}
-	if req.InitialPassword != "" {
-		h.Password = &domain.Password{SecretString: req.InitialPassword, ChangeRequired: true}
-	}
-
-	return h
-}
-
 func ImportHumanUserRequestToDomain(req *mgmt_pb.ImportHumanUserRequest) (human *domain.Human, passwordless bool, links []*domain.UserIDPLink) {
 	human = &domain.Human{
 		Username: req.UserName,
@@ -137,12 +106,12 @@ func ImportHumanUserRequestToDomain(req *mgmt_pb.ImportHumanUserRequest) (human
 		Gender:            user_grpc.GenderToDomain(req.Profile.Gender),
 	}
 	human.Email = &domain.Email{
-		EmailAddress:    req.Email.Email,
+		EmailAddress:    domain.EmailAddress(req.Email.Email),
 		IsEmailVerified: req.Email.IsEmailVerified,
 	}
 	if req.Phone != nil {
 		human.Phone = &domain.Phone{
-			PhoneNumber:     req.Phone.Phone,
+			PhoneNumber:     domain.PhoneNumber(req.Phone.Phone),
 			IsPhoneVerified: req.Phone.IsPhoneVerified,
 		}
 	}
@@ -199,7 +168,7 @@ func UpdateHumanEmailRequestToDomain(ctx context.Context, req *mgmt_pb.UpdateHum
 			AggregateID:   req.UserId,
 			ResourceOwner: authz.GetCtxData(ctx).OrgID,
 		},
-		EmailAddress:    req.Email,
+		EmailAddress:    domain.EmailAddress(req.Email),
 		IsEmailVerified: req.IsEmailVerified,
 	}
 }
@@ -207,7 +176,7 @@ func UpdateHumanEmailRequestToDomain(ctx context.Context, req *mgmt_pb.UpdateHum
 func UpdateHumanPhoneRequestToDomain(req *mgmt_pb.UpdateHumanPhoneRequest) *domain.Phone {
 	return &domain.Phone{
 		ObjectRoot:      models.ObjectRoot{AggregateID: req.UserId},
-		PhoneNumber:     req.Phone,
+		PhoneNumber:     domain.PhoneNumber(req.Phone),
 		IsPhoneVerified: req.IsPhoneVerified,
 	}
 }
--- a/internal/api/grpc/system/instance_converter.go
+++ b/internal/api/grpc/system/instance_converter.go
@@ -59,7 +59,7 @@ func CreateInstancePbToSetupInstance(req *system_pb.CreateInstanceRequest, defau
 func createInstancePbToAddHuman(req *system_pb.CreateInstanceRequest_Human, defaultHuman command.AddHuman, userLoginMustBeDomain bool, org, externalDomain string) *command.AddHuman {
 	user := defaultHuman
 	if req.Email != nil {
-		user.Email.Address = req.Email.Email
+		user.Email.Address = domain.EmailAddress(req.Email.Email)
 		user.Email.Verified = req.Email.IsEmailVerified
 	}
 	if req.Profile != nil {
@@ -164,7 +164,7 @@ func AddInstancePbToSetupInstance(req *system_pb.AddInstanceRequest, defaultInst
 		instance.Org.Human = new(command.AddHuman)
 	}
 	if req.OwnerEmail.Email != "" {
-		instance.Org.Human.Email.Address = req.OwnerEmail.Email
+		instance.Org.Human.Email.Address = domain.EmailAddress(req.OwnerEmail.Email)
 		instance.Org.Human.Email.Verified = req.OwnerEmail.IsEmailVerified
 	}
 	if req.OwnerProfile != nil {
--- a/internal/api/grpc/user/converter.go
+++ b/internal/api/grpc/user/converter.go
@@ -58,11 +58,11 @@ func HumanToPb(view *query.Human, assetPrefix, owner string) *user_pb.Human {
 			AvatarUrl:         domain.AvatarURL(assetPrefix, owner, view.AvatarKey),
 		},
 		Email: &user_pb.Email{
-			Email:           view.Email,
+			Email:           string(view.Email),
 			IsEmailVerified: view.IsEmailVerified,
 		},
 		Phone: &user_pb.Phone{
-			Phone:           view.Phone,
+			Phone:           string(view.Phone),
 			IsPhoneVerified: view.IsPhoneVerified,
 		},
 	}
@@ -91,7 +91,7 @@ func ProfileToPb(profile *query.Profile, assetPrefix string) *user_pb.Profile {

 func EmailToPb(email *query.Email) *user_pb.Email {
 	return &user_pb.Email{
-		Email:           email.Email,
+		Email:           string(email.Email),
 		IsEmailVerified: email.IsVerified,
 	}
 }
@@ -105,7 +105,7 @@ func PhoneToPb(phone *query.Phone) *user_pb.Phone {

 func ModelEmailToPb(email *query.Email) *user_pb.Email {
 	return &user_pb.Email{
-		Email:           email.Email,
+		Email:           string(email.Email),
 		IsEmailVerified: email.IsVerified,
 	}
 }