fix(login): prevent init mail on idp registration (#7895)

zitadel · May 3, 2024 · 9008941 · 9008941
1 parent b72ecf6
commit 9008941
Show file tree

Hide file tree

Showing 9 changed files with 204 additions and 35 deletions.
diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -551,7 +551,7 @@ func (repo *AuthRequestRepo) AutoRegisterExternalUser(ctx context.Context, regis
 		}
 	}
 	human := command.AddHumanFromDomain(registerUser, metadatas, request, externalIDP)
-	err = repo.Command.AddUserHuman(ctx, resourceOwner, human, true, repo.UserCodeAlg)
+	err = repo.Command.AddUserHuman(ctx, resourceOwner, human, false, repo.UserCodeAlg)
 	if err != nil {
 		return err
 	}

diff --git a/internal/command/user_human.go b/internal/command/user_human.go
@@ -288,7 +288,7 @@ func (c *Commands) addHumanCommandEmail(ctx context.Context, filter preparation.
 		if human.Email.ReturnCode {
 			human.EmailCode = &emailCode.Plain
 		}
-		return append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &a.Aggregate, emailCode.Crypted, emailCode.Expiry, human.Email.URLTemplate, human.Email.ReturnCode)), nil
+		return append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &a.Aggregate, emailCode.Crypted, emailCode.Expiry, human.Email.URLTemplate, human.Email.ReturnCode, human.AuthRequestID)), nil
 	}
 	return cmds, nil
 }
@@ -411,10 +411,9 @@ func (h *AddHuman) ensureDisplayName() {
 //     and / or
 //   - have no authentication method (password / passwordless)
 func (h *AddHuman) shouldAddInitCode() bool {
-	return !h.ExternalIDP &&
-		!h.Email.Verified ||
-		!h.Passwordless &&
-			h.Password == ""
+	return len(h.Links) == 0 &&
+		(!h.Email.Verified ||
+			(!h.Passwordless && h.Password == ""))
 }
 
 // Deprecated: use commands.AddUserHuman

diff --git a/internal/command/user_human_test.go b/internal/command/user_human_test.go
@@ -519,6 +519,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
 							1*time.Hour,
 							"https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}",
 							false,
+							"",
 						),
 					),
 				),
@@ -591,6 +592,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
 							1*time.Hour,
 							"",
 							true,
+							"",
 						),
 					),
 				),

diff --git a/internal/command/user_v2_email.go b/internal/command/user_v2_email.go
@@ -250,7 +250,7 @@ func generateCodeCommand(ctx context.Context, agg *eventstore.Aggregate, gen cry
 		return nil, "", err
 	}
 
-	cmd := user.NewHumanEmailCodeAddedEventV2(ctx, agg, value, gen.Expiry(), urlTmpl, returnCode)
+	cmd := user.NewHumanEmailCodeAddedEventV2(ctx, agg, value, gen.Expiry(), urlTmpl, returnCode, "")
 	if returnCode {
 		return cmd, plain, nil
 	}

diff --git a/internal/command/user_v2_email_test.go b/internal/command/user_v2_email_test.go
@@ -448,7 +448,7 @@ func TestCommands_ResendUserEmailCode(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -577,7 +577,7 @@ func TestCommands_ResendUserEmailCodeURLTemplate(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -696,7 +696,7 @@ func TestCommands_ResendUserEmailReturnCode(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -1070,7 +1070,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) {
 								Crypted:    []byte("a"),
 							},
 							time.Hour*1,
-							"", false,
+							"", false, "",
 						),
 					),
 				),
@@ -1126,7 +1126,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) {
 								Crypted:    []byte("a"),
 							},
 							time.Hour*1,
-							"", true,
+							"", true, "",
 						),
 					),
 				),
@@ -1183,7 +1183,7 @@ func TestCommands_changeUserEmailWithGenerator(t *testing.T) {
 								Crypted:    []byte("a"),
 							},
 							time.Hour*1,
-							"https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", false,
+							"https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", false, "",
 						),
 					),
 				),
@@ -1308,7 +1308,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -1352,7 +1352,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -1366,7 +1366,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) {
 								Crypted:    []byte("a"),
 							},
 							time.Hour*1,
-							"", false,
+							"", false, "",
 						),
 					),
 				),
@@ -1416,7 +1416,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -1430,7 +1430,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) {
 								Crypted:    []byte("a"),
 							},
 							time.Hour*1,
-							"", true,
+							"", true, "",
 						),
 					),
 				),
@@ -1481,7 +1481,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -1495,7 +1495,7 @@ func TestCommands_resendUserEmailCodeWithGeneratorEvents(t *testing.T) {
 								Crypted:    []byte("a"),
 							},
 							time.Hour*1,
-							"https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", false,
+							"https://example.com/email/verify?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}", false, "",
 						),
 					),
 				),
@@ -1642,7 +1642,7 @@ func TestCommands_VerifyUserEmail(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -1757,7 +1757,7 @@ func TestCommands_verifyUserEmailWithGenerator(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),
@@ -1804,7 +1804,7 @@ func TestCommands_verifyUserEmailWithGenerator(t *testing.T) {
 									Crypted:    []byte("a"),
 								},
 								time.Hour*1,
-								"", false,
+								"", false, "",
 							),
 						),
 					),

diff --git a/internal/command/user_v2_human.go b/internal/command/user_v2_human.go
@@ -317,7 +317,7 @@ func (c *Commands) changeUserEmail(ctx context.Context, cmds []eventstore.Comman
 			if err != nil {
 				return cmds, code, err
 			}
-			cmds = append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &wm.Aggregate().Aggregate, cryptoCode.Crypted, cryptoCode.Expiry, email.URLTemplate, email.ReturnCode))
+			cmds = append(cmds, user.NewHumanEmailCodeAddedEventV2(ctx, &wm.Aggregate().Aggregate, cryptoCode.Crypted, cryptoCode.Expiry, email.URLTemplate, email.ReturnCode, ""))
 			if email.ReturnCode {
 				code = &cryptoCode.Plain
 			}