feat: user v2 phone verification (#6309)

* feat: add phone change and code verification for user v2 api * feat: add phone change and code verification for user v2 api * fix: add ignored phone.proto * fix: integration tests * Update proto/zitadel/user/v2alpha/user_service.proto * Update idp_template.go --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-12 07:47:32 +00:00 · 2023-08-03 06:42:59 +02:00
parent a1942ecdaa
commit ef012d0081
15 changed files with 1511 additions and 8 deletions
--- a/internal/api/grpc/user/v2/phone.go
+++ b/internal/api/grpc/user/v2/phone.go
@@ -0,0 +1,61 @@
+package user
+
+import (
+	"context"
+
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/domain"
+	caos_errs "github.com/zitadel/zitadel/internal/errors"
+	object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
+	user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha"
+)
+
+func (s *Server) SetPhone(ctx context.Context, req *user.SetPhoneRequest) (resp *user.SetPhoneResponse, err error) {
+	var resourceOwner string // TODO: check if still needed
+	var phone *domain.Phone
+
+	switch v := req.GetVerification().(type) {
+	case *user.SetPhoneRequest_SendCode:
+		phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), resourceOwner, req.GetPhone(), s.userCodeAlg)
+	case *user.SetPhoneRequest_ReturnCode:
+		phone, err = s.command.ChangeUserPhoneReturnCode(ctx, req.GetUserId(), resourceOwner, req.GetPhone(), s.userCodeAlg)
+	case *user.SetPhoneRequest_IsVerified:
+		phone, err = s.command.ChangeUserPhoneVerified(ctx, req.GetUserId(), resourceOwner, req.GetPhone())
+	case nil:
+		phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), resourceOwner, req.GetPhone(), s.userCodeAlg)
+	default:
+		err = caos_errs.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetPhone not implemented", v)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return &user.SetPhoneResponse{
+		Details: &object.Details{
+			Sequence:      phone.Sequence,
+			ChangeDate:    timestamppb.New(phone.ChangeDate),
+			ResourceOwner: phone.ResourceOwner,
+		},
+		VerificationCode: phone.PlainCode,
+	}, nil
+}
+
+func (s *Server) VerifyPhone(ctx context.Context, req *user.VerifyPhoneRequest) (*user.VerifyPhoneResponse, error) {
+	details, err := s.command.VerifyUserPhone(ctx,
+		req.GetUserId(),
+		"", // TODO: check if still needed
+		req.GetVerificationCode(),
+		s.userCodeAlg,
+	)
+	if err != nil {
+		return nil, err
+	}
+	return &user.VerifyPhoneResponse{
+		Details: &object.Details{
+			Sequence:      details.Sequence,
+			ChangeDate:    timestamppb.New(details.EventDate),
+			ResourceOwner: details.ResourceOwner,
+		},
+	}, nil
+}
--- a/internal/api/grpc/user/v2/phone_integration_test.go
+++ b/internal/api/grpc/user/v2/phone_integration_test.go
@@ -0,0 +1,171 @@
+//go:build integration
+
+package user_test
+
+import (
+	"testing"
+
+	"github.com/muhlemmer/gu"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
+	"github.com/zitadel/zitadel/internal/integration"
+	object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
+	user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha"
+)
+
+func TestServer_SetPhone(t *testing.T) {
+	userID := Tester.CreateHumanUser(CTX).GetUserId()
+
+	tests := []struct {
+		name    string
+		req     *user.SetPhoneRequest
+		want    *user.SetPhoneResponse
+		wantErr bool
+	}{
+		{
+			name: "default verification",
+			req: &user.SetPhoneRequest{
+				UserId: userID,
+				Phone:  "+41791234568",
+			},
+			want: &user.SetPhoneResponse{
+				Details: &object.Details{
+					Sequence:      1,
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+		},
+		{
+			name: "send verification",
+			req: &user.SetPhoneRequest{
+				UserId: userID,
+				Phone:  "+41791234569",
+				Verification: &user.SetPhoneRequest_SendCode{
+					SendCode: &user.SendPhoneVerificationCode{},
+				},
+			},
+			want: &user.SetPhoneResponse{
+				Details: &object.Details{
+					Sequence:      1,
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+		},
+		{
+			name: "return code",
+			req: &user.SetPhoneRequest{
+				UserId: userID,
+				Phone:  "+41791234566",
+				Verification: &user.SetPhoneRequest_ReturnCode{
+					ReturnCode: &user.ReturnPhoneVerificationCode{},
+				},
+			},
+			want: &user.SetPhoneResponse{
+				Details: &object.Details{
+					Sequence:      1,
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+				VerificationCode: gu.Ptr("xxx"),
+			},
+		},
+		{
+			name: "is verified true",
+			req: &user.SetPhoneRequest{
+				UserId: userID,
+				Phone:  "+41791234565",
+				Verification: &user.SetPhoneRequest_IsVerified{
+					IsVerified: true,
+				},
+			},
+			want: &user.SetPhoneResponse{
+				Details: &object.Details{
+					Sequence:      1,
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+		},
+		{
+			name: "is verified false",
+			req: &user.SetPhoneRequest{
+				UserId: userID,
+				Phone:  "+41791234564",
+				Verification: &user.SetPhoneRequest_IsVerified{
+					IsVerified: false,
+				},
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.SetPhone(CTX, tt.req)
+			if tt.wantErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+			integration.AssertDetails(t, tt.want, got)
+			if tt.want.GetVerificationCode() != "" {
+				assert.NotEmpty(t, got.GetVerificationCode())
+			}
+		})
+	}
+}
+
+func TestServer_VerifyPhone(t *testing.T) {
+	userResp := Tester.CreateHumanUser(CTX)
+	tests := []struct {
+		name    string
+		req     *user.VerifyPhoneRequest
+		want    *user.VerifyPhoneResponse
+		wantErr bool
+	}{
+		{
+			name: "wrong code",
+			req: &user.VerifyPhoneRequest{
+				UserId:           userResp.GetUserId(),
+				VerificationCode: "xxx",
+			},
+			wantErr: true,
+		},
+		{
+			name: "wrong user",
+			req: &user.VerifyPhoneRequest{
+				UserId:           "xxx",
+				VerificationCode: userResp.GetPhoneCode(),
+			},
+			wantErr: true,
+		},
+		{
+			name: "verify user",
+			req: &user.VerifyPhoneRequest{
+				UserId:           userResp.GetUserId(),
+				VerificationCode: userResp.GetPhoneCode(),
+			},
+			want: &user.VerifyPhoneResponse{
+				Details: &object.Details{
+					Sequence:      1,
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := Client.VerifyPhone(CTX, tt.req)
+			if tt.wantErr {
+				require.Error(t, err)
+			} else {
+				require.NoError(t, err)
+			}
+			integration.AssertDetails(t, tt.want, got)
+		})
+	}
+}
--- a/internal/api/grpc/user/v2/user.go
+++ b/internal/api/grpc/user/v2/user.go
@@ -32,6 +32,7 @@ func (s *Server) AddHumanUser(ctx context.Context, req *user.AddHumanUserRequest
 		UserId:    human.ID,
 		Details:   object.DomainToDetailsPb(human.Details),
 		EmailCode: human.EmailCode,
+		PhoneCode: human.PhoneCode,
 	}, nil
 }

@@ -77,9 +78,13 @@ func addUserRequestToAddHuman(req *user.AddHumanUserRequest) (*command.AddHuman,
 			ReturnCode:  req.GetEmail().GetReturnCode() != nil,
 			URLTemplate: urlTemplate,
 		},
+		Phone: command.Phone{
+			Number:     domain.PhoneNumber(req.GetPhone().GetPhone()),
+			Verified:   req.GetPhone().GetIsVerified(),
+			ReturnCode: req.GetPhone().GetReturnCode() != nil,
+		},
 		PreferredLanguage:      language.Make(req.GetProfile().GetPreferredLanguage()),
 		Gender:                 genderToDomain(req.GetProfile().GetGender()),
-		Phone:                  command.Phone{}, // TODO: add as soon as possible
 		Password:               req.GetPassword().GetPassword(),
 		EncodedPasswordHash:    req.GetHashedPassword().GetHash(),
 		PasswordChangeRequired: passwordChangeRequired,
--- a/internal/api/grpc/user/v2/user_integration_test.go
+++ b/internal/api/grpc/user/v2/user_integration_test.go
@@ -75,6 +75,7 @@ func TestServer_AddHumanUser(t *testing.T) {
 						Gender:            user.Gender_GENDER_DIVERSE.Enum(),
 					},
 					Email: &user.SetHumanEmail{},
+					Phone: &user.SetHumanPhone{},
 					Metadata: []*user.SetMetadataEntry{
 						{
 							Key:   "somekey",
@@ -97,7 +98,7 @@ func TestServer_AddHumanUser(t *testing.T) {
 			},
 		},
 		{
-			name: "return verification code",
+			name: "return email verification code",
 			args: args{
 				CTX,
 				&user.AddHumanUserRequest{
@@ -187,6 +188,53 @@ func TestServer_AddHumanUser(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "return phone verification code",
+			args: args{
+				CTX,
+				&user.AddHumanUserRequest{
+					Organisation: &object.Organisation{
+						Org: &object.Organisation_OrgId{
+							OrgId: Tester.Organisation.ID,
+						},
+					},
+					Profile: &user.SetHumanProfile{
+						FirstName:         "Donald",
+						LastName:          "Duck",
+						NickName:          gu.Ptr("Dukkie"),
+						DisplayName:       gu.Ptr("Donald Duck"),
+						PreferredLanguage: gu.Ptr("en"),
+						Gender:            user.Gender_GENDER_DIVERSE.Enum(),
+					},
+					Email: &user.SetHumanEmail{},
+					Phone: &user.SetHumanPhone{
+						Phone: "+41791234567",
+						Verification: &user.SetHumanPhone_ReturnCode{
+							ReturnCode: &user.ReturnPhoneVerificationCode{},
+						},
+					},
+					Metadata: []*user.SetMetadataEntry{
+						{
+							Key:   "somekey",
+							Value: []byte("somevalue"),
+						},
+					},
+					PasswordType: &user.AddHumanUserRequest_Password{
+						Password: &user.Password{
+							Password:       "DifficultPW666!",
+							ChangeRequired: true,
+						},
+					},
+				},
+			},
+			want: &user.AddHumanUserResponse{
+				Details: &object.Details{
+					ChangeDate:    timestamppb.Now(),
+					ResourceOwner: Tester.Organisation.ID,
+				},
+				PhoneCode: gu.Ptr("something"),
+			},
+		},
 		{
 			name: "custom template error",
 			args: args{