nhost · dbarrosop · Mar 21, 2024 · Mar 18, 2024
diff --git a/go/api/openapi.yaml b/go/api/openapi.yaml
@@ -168,7 +168,7 @@ paths:
       summary: Change user email
       tags:
         - user
-        - email-and-password
+        - email
       security:
         - BearerAuth: []
       requestBody:
@@ -185,13 +185,34 @@ paths:
               schema:
                 $ref: '#/components/schemas/OKResponse'
 
+  /user/email/send-verification-email:
+    post:
+      summary: Send email verification email
+      tags:
+        - user
+        - email
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UserEmailSendVerificationEmailRequest'
+        required: true
+      responses:
+        '200':
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/OKResponse'
+          description: >-
+            Email verification email sent successfully
+
   /user/password/reset:
     post:
       summary: >-
         Request a password reset. An email with a verification link will be sent to the user's address
       tags:
         - user
-        - email-and-password
+        - password
       requestBody:
         content:
           application/json:
@@ -289,6 +310,7 @@ components:
             - disabled-endpoint
             - disabled-user
             - email-already-in-use
+            - email-already-verified
             - forbidden-anonymous
             - internal-server-error
             - invalid-email-password
@@ -446,6 +468,20 @@ components:
       required:
         - newEmail
 
+    UserEmailSendVerificationEmailRequest:
+      type: object
+      additionalProperties: false
+      properties:
+        email:
+          description: A valid email
+          example: [email protected]
+          format: email
+          type: string
+        options:
+          $ref: "#/components/schemas/OptionsRedirectTo"
+      required:
+        - email
+
     UserPasswordResetRequest:
       type: object
       additionalProperties: false

diff --git a/go/api/server.gen.go b/go/api/server.gen.go
diff --git a/go/api/types.gen.go b/go/api/types.gen.go
diff --git a/go/controller/controller.go b/go/controller/controller.go
@@ -4,13 +4,18 @@ package controller
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/google/uuid"
 	"github.com/jackc/pgx/v5/pgtype"
 	"github.com/nhost/hasura-auth/go/notifications"
 	"github.com/nhost/hasura-auth/go/sql"
 )
 
+const (
+	In30Days = 720 * time.Hour
+)
+
 func deptr[T any](x *T) T { //nolint:ireturn
 	if x == nil {
 		return *new(T)

diff --git a/go/controller/errors.go b/go/controller/errors.go
@@ -33,6 +33,7 @@ var (
 	ErrInvalidRequest                  = &APIError{api.InvalidRequest}
 	ErrSignupDisabled                  = &APIError{api.SignupDisabled}
 	ErrDisabledEndpoint                = &APIError{api.DisabledEndpoint}
+	ErrEmailAlreadyVerified            = &APIError{api.EmailAlreadyVerified}
 )
 
 func logError(err error) slog.Attr {
@@ -73,6 +74,12 @@ func (response ErrorResponse) VisitPostUserPasswordResetResponse(w http.Response
 	return response.visit(w)
 }
 
+func (response ErrorResponse) VisitPostUserEmailSendVerificationEmailResponse(
+	w http.ResponseWriter,
+) error {
+	return response.visit(w)
+}
+
 func (response ErrorResponse) VisitPostPatResponse(w http.ResponseWriter) error {
 	return response.visit(w)
 }
@@ -82,6 +89,7 @@ func isSensitive(err api.ErrorResponseError) bool {
 	case
 		api.DisabledUser,
 		api.EmailAlreadyInUse,
+		api.EmailAlreadyVerified,
 		api.ForbiddenAnonymous,
 		api.InvalidEmailPassword,
 		api.InvalidPat,
@@ -141,6 +149,12 @@ func (ctrl *Controller) sendError( //nolint:funlen,cyclop
 			Error:   err.t,
 			Message: "Email already in use",
 		}
+	case api.EmailAlreadyVerified:
+		return ErrorResponse{
+			Status:  http.StatusBadRequest,
+			Error:   err.t,
+			Message: "User's email is already verified",
+		}
 	case api.ForbiddenAnonymous:
 		return ErrorResponse{
 			Status:  http.StatusForbidden,

diff --git a/go/controller/post_signin_passwordless_email.go b/go/controller/post_signin_passwordless_email.go
@@ -86,7 +86,7 @@ func (ctrl *Controller) PostSigninPasswordlessEmail( //nolint:ireturn
 		"",
 		logger,
 	); err != nil {
-		return nil, err
+		return ctrl.sendError(err), nil
 	}
 
 	return api.PostSigninPasswordlessEmail200JSONResponse(api.OK), nil

diff --git a/go/controller/post_signup_email_password.go b/go/controller/post_signup_email_password.go
@@ -106,7 +106,7 @@ func (ctrl *Controller) postSignupEmailPasswordWithEmailVerificationOrUserDisabl
 		"",
 		logger,
 	); err != nil {
-		return nil, err
+		return ctrl.sendError(err), nil
 	}
 
 	return api.PostSignupEmailPassword200JSONResponse{Session: nil}, nil

diff --git a/go/controller/post_user_email_change.go b/go/controller/post_user_email_change.go
@@ -51,7 +51,7 @@ func (ctrl *Controller) PostUserEmailChange( //nolint:ireturn
 		string(request.Body.NewEmail),
 		logger,
 	); err != nil {
-		return nil, err
+		return ctrl.sendError(err), nil
 	}
 
 	return api.PostUserEmailChange200JSONResponse(api.OK), nil