feat: add the ability to make email optional (#994)

backend/internal/common/errors.go

@@ -378,3 +378,13 @@ func (e *ClientIdAlreadyExistsError) Error() string {
 func (e *ClientIdAlreadyExistsError) HttpStatusCode() int {
 	return http.StatusBadRequest
 }
+
+type UserEmailNotSetError struct{}
+
+func (e *UserEmailNotSetError) Error() string {
+	return "The user does not have an email address set"
+}
+
+func (e *UserEmailNotSetError) HttpStatusCode() int {
+	return http.StatusBadRequest
+}

backend/internal/dto/app_config_dto.go

@@ -21,6 +21,7 @@ type AppConfigUpdateDto struct {
 	SignupDefaultUserGroupIDs                  string `json:"signupDefaultUserGroupIDs" binding:"omitempty,json"`
 	SignupDefaultCustomClaims                  string `json:"signupDefaultCustomClaims" binding:"omitempty,json"`
 	AccentColor                                string `json:"accentColor"`
+	RequireUserEmail                           string `json:"requireUserEmail" binding:"required"`
 	SmtpHost                                   string `json:"smtpHost"`
 	SmtpPort                                   string `json:"smtpPort"`
 	SmtpFrom                                   string `json:"smtpFrom" binding:"omitempty,email"`

backend/internal/dto/user_dto.go

@@ -10,7 +10,7 @@ import (
 type UserDto struct {
 	ID           string           `json:"id"`
 	Username     string           `json:"username"`
-	Email        string           `json:"email" `
+	Email        *string          `json:"email" `
 	FirstName    string           `json:"firstName"`
 	LastName     *string          `json:"lastName"`
 	DisplayName  string           `json:"displayName"`
@@ -24,7 +24,7 @@ type UserDto struct {
 
 type UserCreateDto struct {
 	Username    string  `json:"username" binding:"required,username,min=2,max=50" unorm:"nfc"`
-	Email       string  `json:"email" binding:"required,email" unorm:"nfc"`
+	Email       *string `json:"email" binding:"omitempty,email" unorm:"nfc"`
 	FirstName   string  `json:"firstName" binding:"required,min=1,max=50" unorm:"nfc"`
 	LastName    string  `json:"lastName" binding:"max=50" unorm:"nfc"`
 	DisplayName string  `json:"displayName" binding:"required,min=1,max=100" unorm:"nfc"`
@@ -64,9 +64,9 @@ type UserUpdateUserGroupDto struct {
 }
 
 type SignUpDto struct {
-	Username  string `json:"username" binding:"required,username,min=2,max=50" unorm:"nfc"`
-	Email     string `json:"email" binding:"required,email" unorm:"nfc"`
-	FirstName string `json:"firstName" binding:"required,min=1,max=50" unorm:"nfc"`
-	LastName  string `json:"lastName" binding:"max=50" unorm:"nfc"`
-	Token     string `json:"token"`
+	Username  string  `json:"username" binding:"required,username,min=2,max=50" unorm:"nfc"`
+	Email     *string `json:"email" binding:"omitempty,email" unorm:"nfc"`
+	FirstName string  `json:"firstName" binding:"required,min=1,max=50" unorm:"nfc"`
+	LastName  string  `json:"lastName" binding:"max=50" unorm:"nfc"`
+	Token     string  `json:"token"`
 }

backend/internal/dto/user_dto_test.go

@@ -3,6 +3,7 @@ package dto
 import (
 	"testing"
 
+	"github.com/pocket-id/pocket-id/backend/internal/utils"
 	"github.com/stretchr/testify/require"
 )
 
@@ -16,7 +17,7 @@ func TestUserCreateDto_Validate(t *testing.T) {
 			name: "valid input",
 			input: UserCreateDto{
 				Username:    "testuser",
-				Email:       "test@example.com",
+				Email:       utils.Ptr("test@example.com"),
 				FirstName:   "John",
 				LastName:    "Doe",
 				DisplayName: "John Doe",
@@ -26,7 +27,7 @@ func TestUserCreateDto_Validate(t *testing.T) {
 		{
 			name: "missing username",
 			input: UserCreateDto{
-				Email:       "test@example.com",
+				Email:       utils.Ptr("test@example.com"),
 				FirstName:   "John",
 				LastName:    "Doe",
 				DisplayName: "John Doe",
@@ -36,7 +37,7 @@ func TestUserCreateDto_Validate(t *testing.T) {
 		{
 			name: "missing display name",
 			input: UserCreateDto{
-				Email:     "test@example.com",
+				Email:     utils.Ptr("test@example.com"),
 				FirstName: "John",
 				LastName:  "Doe",
 			},
@@ -46,7 +47,7 @@ func TestUserCreateDto_Validate(t *testing.T) {
 			name: "username contains invalid characters",
 			input: UserCreateDto{
 				Username:    "test/ser",
-				Email:       "test@example.com",
+				Email:       utils.Ptr("test@example.com"),
 				FirstName:   "John",
 				LastName:    "Doe",
 				DisplayName: "John Doe",
@@ -57,7 +58,7 @@ func TestUserCreateDto_Validate(t *testing.T) {
 			name: "invalid email",
 			input: UserCreateDto{
 				Username:    "testuser",
-				Email:       "not-an-email",
+				Email:       utils.Ptr("not-an-email"),
 				FirstName:   "John",
 				LastName:    "Doe",
 				DisplayName: "John Doe",
@@ -68,7 +69,7 @@ func TestUserCreateDto_Validate(t *testing.T) {
 			name: "first name too short",
 			input: UserCreateDto{
 				Username:    "testuser",
-				Email:       "test@example.com",
+				Email:       utils.Ptr("test@example.com"),
 				FirstName:   "",
 				LastName:    "Doe",
 				DisplayName: "John Doe",
@@ -79,7 +80,7 @@ func TestUserCreateDto_Validate(t *testing.T) {
 			name: "last name too long",
 			input: UserCreateDto{
 				Username:    "testuser",
-				Email:       "test@example.com",
+				Email:       utils.Ptr("test@example.com"),
 				FirstName:   "John",
 				LastName:    "abcdfghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz",
 				DisplayName: "John Doe",

backend/internal/job/api_key_expiry_job.go

@@ -37,7 +37,7 @@ func (j *ApiKeyEmailJobs) checkAndNotifyExpiringApiKeys(ctx context.Context) err
 	}
 
 	for _, key := range apiKeys {
-		if key.User.Email == "" {
+		if key.User.Email == nil {
 			continue
 		}
 		err = j.apiKeyService.SendApiKeyExpiringSoonEmail(ctx, key)

backend/internal/model/app_config.go

@@ -46,6 +46,7 @@ type AppConfig struct {
 	// Internal
 	InstanceID AppConfigVariable `key:"instanceId,internal"` // Internal
 	// Email
+	RequireUserEmail                           AppConfigVariable `key:"requireUserEmail,public"` // Public
 	SmtpHost                                   AppConfigVariable `key:"smtpHost"`
 	SmtpPort                                   AppConfigVariable `key:"smtpPort"`
 	SmtpFrom                                   AppConfigVariable `key:"smtpFrom"`

backend/internal/model/user.go

@@ -13,12 +13,12 @@ import (
 type User struct {
 	Base
 
-	Username    string `sortable:"true"`
-	Email       string `sortable:"true"`
-	FirstName   string `sortable:"true"`
-	LastName    string `sortable:"true"`
-	DisplayName string `sortable:"true"`
-	IsAdmin     bool   `sortable:"true"`
+	Username    string  `sortable:"true"`
+	Email       *string `sortable:"true"`
+	FirstName   string  `sortable:"true"`
+	LastName    string  `sortable:"true"`
+	DisplayName string  `sortable:"true"`
+	IsAdmin     bool    `sortable:"true"`
 	Locale      *string
 	LdapID      *string
 	Disabled    bool `sortable:"true"`

backend/internal/service/api_key_service.go

@@ -144,9 +144,13 @@ func (s *ApiKeyService) SendApiKeyExpiringSoonEmail(ctx context.Context, apiKey
 		}
 	}
 
+	if user.Email == nil {
+		return &common.UserEmailNotSetError{}
+	}
+
 	err := SendEmail(ctx, s.emailService, email.Address{
 		Name:  user.FullName(),
-		Email: user.Email,
+		Email: *user.Email,
 	}, ApiKeyExpiringSoonTemplate, &ApiKeyExpiringSoonTemplateData{
 		ApiKeyName: apiKey.Name,
 		ExpiresAt:  apiKey.ExpiresAt.ToTime(),

backend/internal/service/app_config_service.go

@@ -71,6 +71,7 @@ func (s *AppConfigService) getDefaultDbConfig() *model.AppConfig {
 		// Internal
 		InstanceID: model.AppConfigVariable{Value: ""},
 		// Email
+		RequireUserEmail:              model.AppConfigVariable{Value: "true"},
 		SmtpHost:                      model.AppConfigVariable{},
 		SmtpPort:                      model.AppConfigVariable{},
 		SmtpFrom:                      model.AppConfigVariable{},

backend/internal/service/audit_log_service.go

@@ -111,9 +111,13 @@ func (s *AuditLogService) CreateNewSignInWithEmail(ctx context.Context, ipAddres
 				return
 			}
 
+			if user.Email == nil {
+				return
+			}
+
 			innerErr = SendEmail(innerCtx, s.emailService, email.Address{
 				Name:  user.FullName(),
-				Email: user.Email,
+				Email: *user.Email,
 			}, NewLoginTemplate, &NewLoginTemplateData{
 				IPAddress: ipAddress,
 				Country:   createdAuditLog.Country,
@@ -122,7 +126,7 @@ func (s *AuditLogService) CreateNewSignInWithEmail(ctx context.Context, ipAddres
 				DateTime:  createdAuditLog.CreatedAt.UTC(),
 			})
 			if innerErr != nil {
-				slog.ErrorContext(innerCtx, "Failed to send notification email", slog.Any("error", innerErr), slog.String("address", user.Email))
+				slog.ErrorContext(innerCtx, "Failed to send notification email", slog.Any("error", innerErr), slog.String("address", *user.Email))
 				return
 			}
 		}()

backend/internal/service/e2etest_service.go

@@ -79,7 +79,7 @@ func (s *TestService) SeedDatabase(baseURL string) error {
 					ID: "f4b89dc2-62fb-46bf-9f5f-c34f4eafe93e",
 				},
 				Username:    "tim",
-				Email:       "tim.cook@test.com",
+				Email:       utils.Ptr("tim.cook@test.com"),
 				FirstName:   "Tim",
 				LastName:    "Cook",
 				DisplayName: "Tim Cook",
@@ -90,7 +90,7 @@ func (s *TestService) SeedDatabase(baseURL string) error {
 					ID: "1cd19686-f9a6-43f4-a41f-14a0bf5b4036",
 				},
 				Username:    "craig",
-				Email:       "craig.federighi@test.com",
+				Email:       utils.Ptr("craig.federighi@test.com"),
 				FirstName:   "Craig",
 				LastName:    "Federighi",
 				DisplayName: "Craig Federighi",

backend/internal/service/email_service.go

@@ -62,9 +62,13 @@ func (srv *EmailService) SendTestEmail(ctx context.Context, recipientUserId stri
 		return err
 	}
 
+	if user.Email == nil {
+		return &common.UserEmailNotSetError{}
+	}
+
 	return SendEmail(ctx, srv,
 		email.Address{
-			Email: user.Email,
+			Email: *user.Email,
 			Name:  user.FullName(),
 		}, TestTemplate, nil)
 }

backend/internal/service/jwt_service_test.go

@@ -16,6 +16,7 @@ import (
 	"github.com/lestrrat-go/jwx/v3/jwa"
 	"github.com/lestrrat-go/jwx/v3/jwk"
 	"github.com/lestrrat-go/jwx/v3/jwt"
+	"github.com/pocket-id/pocket-id/backend/internal/utils"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 
@@ -342,7 +343,7 @@ func TestGenerateVerifyAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "user123",
 			},
-			Email:   "user@example.com",
+			Email:   utils.Ptr("user@example.com"),
 			IsAdmin: false,
 		}
 
@@ -385,7 +386,7 @@ func TestGenerateVerifyAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "admin123",
 			},
-			Email:   "admin@example.com",
+			Email:   utils.Ptr("admin@example.com"),
 			IsAdmin: true,
 		}
 
@@ -464,7 +465,7 @@ func TestGenerateVerifyAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "eddsauser123",
 			},
-			Email:   "eddsauser@example.com",
+			Email:   utils.Ptr("eddsauser@example.com"),
 			IsAdmin: true,
 		}
 
@@ -521,7 +522,7 @@ func TestGenerateVerifyAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "ecdsauser123",
 			},
-			Email:   "ecdsauser@example.com",
+			Email:   utils.Ptr("ecdsauser@example.com"),
 			IsAdmin: true,
 		}
 
@@ -578,7 +579,7 @@ func TestGenerateVerifyAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "rsauser123",
 			},
-			Email:   "rsauser@example.com",
+			Email:   utils.Ptr("rsauser@example.com"),
 			IsAdmin: true,
 		}
 
@@ -965,7 +966,7 @@ func TestGenerateVerifyOAuthAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "user123",
 			},
-			Email: "user@example.com",
+			Email: utils.Ptr("user@example.com"),
 		}
 		const clientID = "test-client-123"
 
@@ -1092,7 +1093,7 @@ func TestGenerateVerifyOAuthAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "eddsauser789",
 			},
-			Email: "eddsaoauth@example.com",
+			Email: utils.Ptr("eddsaoauth@example.com"),
 		}
 		const clientID = "eddsa-oauth-client"
 
@@ -1149,7 +1150,7 @@ func TestGenerateVerifyOAuthAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "ecdsauser789",
 			},
-			Email: "ecdsaoauth@example.com",
+			Email: utils.Ptr("ecdsaoauth@example.com"),
 		}
 		const clientID = "ecdsa-oauth-client"
 
@@ -1206,7 +1207,7 @@ func TestGenerateVerifyOAuthAccessToken(t *testing.T) {
 			Base: model.Base{
 				ID: "rsauser789",
 			},
-			Email: "rsaoauth@example.com",
+			Email: utils.Ptr("rsaoauth@example.com"),
 		}
 		const clientID = "rsa-oauth-client"
 

backend/internal/service/ldap_service.go

@@ -17,6 +17,7 @@ import (
 
 	"github.com/go-ldap/ldap/v3"
 	"github.com/google/uuid"
+	"github.com/pocket-id/pocket-id/backend/internal/utils"
 	"golang.org/x/text/unicode/norm"
 	"gorm.io/gorm"
 
@@ -348,7 +349,7 @@ func (s *LdapService) SyncUsers(ctx context.Context, tx *gorm.DB, client *ldap.C
 
 		newUser := dto.UserCreateDto{
 			Username:    value.GetAttributeValue(dbConfig.LdapAttributeUserUsername.Value),
-			Email:       value.GetAttributeValue(dbConfig.LdapAttributeUserEmail.Value),
+			Email:       utils.PtrOrNil(value.GetAttributeValue(dbConfig.LdapAttributeUserEmail.Value)),
 			FirstName:   value.GetAttributeValue(dbConfig.LdapAttributeUserFirstName.Value),
 			LastName:    value.GetAttributeValue(dbConfig.LdapAttributeUserLastName.Value),
 			DisplayName: value.GetAttributeValue(dbConfig.LdapAttributeUserDisplayName.Value),

backend/internal/service/user_service.go

@@ -244,6 +244,10 @@ func (s *UserService) CreateUser(ctx context.Context, input dto.UserCreateDto) (
 }
 
 func (s *UserService) createUserInternal(ctx context.Context, input dto.UserCreateDto, isLdapSync bool, tx *gorm.DB) (model.User, error) {
+	if s.appConfigService.GetDbConfig().RequireUserEmail.IsTrue() && input.Email == nil {
+		return model.User{}, &common.UserEmailNotSetError{}
+	}
+
 	user := model.User{
 		FirstName:   input.FirstName,
 		LastName:    input.LastName,
@@ -339,6 +343,10 @@ func (s *UserService) UpdateUser(ctx context.Context, userID string, updatedUser
 }
 
 func (s *UserService) updateUserInternal(ctx context.Context, userID string, updatedUser dto.UserCreateDto, updateOwnUser bool, isLdapSync bool, tx *gorm.DB) (model.User, error) {
+	if s.appConfigService.GetDbConfig().RequireUserEmail.IsTrue() && updatedUser.Email == nil {
+		return model.User{}, &common.UserEmailNotSetError{}
+	}
+
 	var user model.User
 	err := tx.
 		WithContext(ctx).
@@ -437,6 +445,10 @@ func (s *UserService) requestOneTimeAccessEmailInternal(ctx context.Context, use
 		return err
 	}
 
+	if user.Email == nil {
+		return &common.UserEmailNotSetError{}
+	}
+
 	oneTimeAccessToken, err := s.createOneTimeAccessTokenInternal(ctx, user.ID, ttl, tx)
 	if err != nil {
 		return err
@@ -464,7 +476,7 @@ func (s *UserService) requestOneTimeAccessEmailInternal(ctx context.Context, use
 
 		errInternal := SendEmail(innerCtx, s.emailService, email.Address{
 			Name:  user.FullName(),
-			Email: user.Email,
+			Email: *user.Email,
 		}, OneTimeAccessTemplate, &OneTimeAccessTemplateData{
 			Code:              oneTimeAccessToken,
 			LoginLink:         link,
@@ -472,7 +484,7 @@ func (s *UserService) requestOneTimeAccessEmailInternal(ctx context.Context, use
 			ExpirationString:  utils.DurationToString(ttl),
 		})
 		if errInternal != nil {
-			slog.ErrorContext(innerCtx, "Failed to send one-time access token email", slog.Any("error", errInternal), slog.String("address", user.Email))
+			slog.ErrorContext(innerCtx, "Failed to send one-time access token email", slog.Any("error", errInternal), slog.String("address", *user.Email))
 			return
 		}
 	}()

backend/internal/utils/ptr_util.go

@@ -1,13 +1,16 @@
 package utils
 
+// Ptr returns a pointer to the given value.
 func Ptr[T any](v T) *T {
 	return &v
 }
 
-func PtrValueOrZero[T any](ptr *T) T {
-	if ptr == nil {
-		var zero T
-		return zero
+// PtrOrNil returns a pointer to v if v is not the zero value of its type,
+// otherwise it returns nil.
+func PtrOrNil[T comparable](v T) *T {
+	var zero T
+	if v == zero {
+		return nil
 	}
-	return *ptr
+	return &v
 }