Allow empty email

Makefile

@@ -46,7 +46,7 @@ test-all-db:
 	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest
 	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
 	sh scripts/couchbase-test.sh
-	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
+	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb,couchbase" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 	docker rm -vf authorizer_mongodb_db
 	docker rm -vf authorizer_arangodb

server/db/models/user.go

@@ -15,7 +15,7 @@ type User struct {
 	Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
 	ID  string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
 
-	Email                    string  `gorm:"unique" json:"email" bson:"email" cql:"email" dynamo:"email" index:"email,hash"`
+	Email                    *string `gorm:"unique" json:"email" bson:"email" cql:"email" dynamo:"email" index:"email,hash"`
 	EmailVerifiedAt          *int64  `json:"email_verified_at" bson:"email_verified_at" cql:"email_verified_at" dynamo:"email_verified_at"`
 	Password                 *string `json:"password" bson:"password" cql:"password" dynamo:"password"`
 	SignupMethods            string  `json:"signup_methods" bson:"signup_methods" cql:"signup_methods" dynamo:"signup_methods"`
@@ -54,7 +54,7 @@ func (user *User) AsAPIUser() *model.User {
 		FamilyName:               user.FamilyName,
 		MiddleName:               user.MiddleName,
 		Nickname:                 user.Nickname,
-		PreferredUsername:        refs.NewStringRef(user.Email),
+		PreferredUsername:        user.Email,
 		Gender:                   user.Gender,
 		Birthdate:                user.Birthdate,
 		PhoneNumber:              user.PhoneNumber,

server/db/providers/couchbase/user.go

@@ -69,7 +69,7 @@ func (p *provider) DeleteUser(ctx context.Context, user *models.User) error {
 func (p *provider) ListUsers(ctx context.Context, pagination *model.Pagination) (*model.Users, error) {
 	users := []*model.User{}
 	paginationClone := pagination
-	userQuery := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s ORDER BY id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.User)
+	userQuery := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, app_data, created_at, updated_at FROM %s.%s ORDER BY id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.User)
 	queryResult, err := p.db.Query(userQuery, &gocb.QueryOptions{
 		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
 		Context:              ctx,
@@ -103,7 +103,7 @@ func (p *provider) ListUsers(ctx context.Context, pagination *model.Pagination)
 // GetUserByEmail to get user information from database using email address
 func (p *provider) GetUserByEmail(ctx context.Context, email string) (*models.User, error) {
 	var user *models.User
-	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, app_data, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1", p.scopeName, models.Collections.User)
 	q, err := p.db.Query(query, &gocb.QueryOptions{
 		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
 		Context:              ctx,
@@ -122,7 +122,7 @@ func (p *provider) GetUserByEmail(ctx context.Context, email string) (*models.Us
 // GetUserByID to get user information from database using user ID
 func (p *provider) GetUserByID(ctx context.Context, id string) (*models.User, error) {
 	var user *models.User
-	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE _id = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, app_data, created_at, updated_at FROM %s.%s WHERE _id = $1 LIMIT 1", p.scopeName, models.Collections.User)
 	q, err := p.db.Query(query, &gocb.QueryOptions{
 		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
 		Context:              ctx,
@@ -175,7 +175,7 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 // GetUserByPhoneNumber to get user information from database using phone number
 func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
 	var user *models.User
-	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE phone_number = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, app_data, created_at, updated_at FROM %s.%s WHERE phone_number = $1 LIMIT 1", p.scopeName, models.Collections.User)
 	q, err := p.db.Query(query, &gocb.QueryOptions{
 		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
 		Context:              ctx,

server/db/providers/dynamodb/user.go

@@ -136,7 +136,7 @@ func (p *provider) GetUserByID(ctx context.Context, id string) (*models.User, er
 	var user *models.User
 	err := collection.Get("id", id).OneWithContext(ctx, &user)
 	if err != nil {
-		if user.Email == "" {
+		if refs.StringValue(user.Email) == "" {
 			return user, errors.New("no documets found")
 		} else {
 			return user, nil

server/db/providers/mongodb/provider.go

@@ -47,16 +47,13 @@ func NewProvider() (*provider, error) {
 			Keys:    bson.M{"email": 1},
 			Options: options.Index().SetUnique(true).SetSparse(true),
 		},
-	}, options.CreateIndexes())
-	userCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
 		{
 			Keys: bson.M{"phone_number": 1},
 			Options: options.Index().SetUnique(true).SetSparse(true).SetPartialFilterExpression(map[string]interface{}{
 				"phone_number": map[string]string{"$type": "string"},
 			}),
 		},
 	}, options.CreateIndexes())
-
 	mongodb.CreateCollection(ctx, models.Collections.VerificationRequest, options.CreateCollection())
 	verificationRequestCollection := mongodb.Collection(models.Collections.VerificationRequest, options.Collection())
 	verificationRequestCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{

server/graph/schema.graphqls

@@ -32,7 +32,8 @@ type Meta {
 
 type User {
   id: ID!
-  email: String!
+  # email or phone_number is always present
+  email: String
   email_verified: Boolean!
   signup_methods: String!
   given_name: String

server/handlers/oauth_callback.go

@@ -23,6 +23,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/oauth"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -85,7 +86,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			return
 		}
 
-		existingUser, err := db.Provider.GetUserByEmail(ctx, user.Email)
+		existingUser, err := db.Provider.GetUserByEmail(ctx, refs.StringValue(user.Email))
 		log := log.WithField("user", user.Email)
 		isSignUp := false
 
@@ -415,7 +416,7 @@ func processGithubUserInfo(ctx context.Context, code string) (*models.User, erro
 		GivenName:  &firstName,
 		FamilyName: &lastName,
 		Picture:    &picture,
-		Email:      email,
+		Email:      &email,
 	}
 
 	return user, nil
@@ -466,7 +467,7 @@ func processFacebookUserInfo(ctx context.Context, code string) (*models.User, er
 		GivenName:  &firstName,
 		FamilyName: &lastName,
 		Picture:    &picture,
-		Email:      email,
+		Email:      &email,
 	}
 
 	return user, nil
@@ -548,7 +549,7 @@ func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, er
 		GivenName:  &firstName,
 		FamilyName: &lastName,
 		Picture:    &profilePicture,
-		Email:      emailAddress,
+		Email:      &emailAddress,
 	}
 
 	return user, nil
@@ -588,7 +589,8 @@ func processAppleUserInfo(ctx context.Context, code string) (*models.User, error
 		log.Debug("Failed to extract email from claims.")
 		return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes")
 	} else {
-		user.Email = val.(string)
+		email := val.(string)
+		user.Email = &email
 	}
 
 	if val, ok := claims["name"]; ok {

server/resolvers/delete_user.go

@@ -10,6 +10,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -51,28 +52,41 @@ func DeleteUserResolver(ctx context.Context, params model.DeleteUserInput) (*mod
 
 	go func() {
 		// delete otp for given email
-		otp, err := db.Provider.GetOTPByEmail(ctx, user.Email)
+		otp, err := db.Provider.GetOTPByEmail(ctx, refs.StringValue(user.Email))
 		if err != nil {
 			log.Infof("No OTP found for email (%s): %v", user.Email, err)
 			// continue
 		} else {
 			err := db.Provider.DeleteOTP(ctx, otp)
 			if err != nil {
-				log.Debugf("Failed to delete otp for given email (%s): %v", user.Email, err)
+				log.Debugf("Failed to delete otp for given email (%s): %v", refs.StringValue(user.Email), err)
+				// continue
+			}
+		}
+
+		// delete otp for given phone number
+		otp, err = db.Provider.GetOTPByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber))
+		if err != nil {
+			log.Infof("No OTP found for email (%s): %v", refs.StringValue(user.Email), err)
+			// continue
+		} else {
+			err := db.Provider.DeleteOTP(ctx, otp)
+			if err != nil {
+				log.Debugf("Failed to delete otp for given phone (%s): %v", refs.StringValue(user.PhoneNumber), err)
 				// continue
 			}
 		}
 
 		// delete verification requests for given email
 		for _, vt := range constants.VerificationTypes {
-			verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, user.Email, vt)
+			verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, refs.StringValue(user.Email), vt)
 			if err != nil {
-				log.Infof("No verification verification request found for email: %s, verification_request_type: %s. %v", user.Email, vt, err)
+				log.Infof("No verification verification request found for email: %s, verification_request_type: %s. %v", refs.StringValue(user.Email), vt, err)
 				// continue
 			} else {
 				err := db.Provider.DeleteVerificationRequest(ctx, verificationRequest)
 				if err != nil {
-					log.Debugf("Failed to DeleteVerificationRequest for email: %s, verification_request_type: %s. %v", user.Email, vt, err)
+					log.Debugf("Failed to DeleteVerificationRequest for email: %s, verification_request_type: %s. %v", refs.StringValue(user.Email), vt, err)
 					// continue
 				}
 			}

server/resolvers/invite_members.go

@@ -106,7 +106,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 		}
 
 		user := &models.User{
-			Email: email,
+			Email: refs.NewStringRef(email),
 			Roles: strings.Join(defaultRoles, ","),
 		}
 		hostname := parsers.GetHost(gc)
@@ -171,7 +171,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 		}
 
 		// exec it as go routine so that we can reduce the api latency
-		go emailservice.SendEmail([]string{user.Email}, constants.VerificationTypeInviteMember, map[string]interface{}{
+		go emailservice.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeInviteMember, map[string]interface{}{
 			"user":             user.ToMap(),
 			"organization":     utils.GetOrganization(),
 			"verification_url": utils.GetInviteVerificationURL(verifyEmailURL, verificationToken, redirectURL),

server/resolvers/login.go

@@ -145,7 +145,7 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		otp := utils.GenerateOTP()
 		expires := time.Now().Add(1 * time.Minute).Unix()
 		otpData, err := db.Provider.UpsertOTP(ctx, &models.OTP{
-			Email:     user.Email,
+			Email:     refs.StringValue(user.Email),
 			Otp:       otp,
 			ExpiresAt: expires,
 		})

server/resolvers/magic_link_login.go

@@ -56,7 +56,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 	inputRoles := []string{}
 
 	user := &models.User{
-		Email: params.Email,
+		Email: refs.NewStringRef(params.Email),
 	}
 
 	// find user with email

server/resolvers/mobile_signup.go

@@ -131,7 +131,7 @@ func MobileSignupResolver(ctx context.Context, params *model.MobileSignUpInput)
 	}
 
 	user := &models.User{
-		Email:       emailInput,
+		Email:       &emailInput,
 		PhoneNumber: &mobile,
 	}
 

server/resolvers/resend_otp.go

@@ -100,7 +100,7 @@ func ResendOTPResolver(ctx context.Context, params model.ResendOTPRequest) (*mod
 
 	otp := utils.GenerateOTP()
 	if _, err := db.Provider.UpsertOTP(ctx, &models.OTP{
-		Email:     user.Email,
+		Email:     refs.StringValue(user.Email),
 		Otp:       otp,
 		ExpiresAt: time.Now().Add(1 * time.Minute).Unix(),
 	}); err != nil {

server/resolvers/signup.go

@@ -158,7 +158,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 	user.Password = &password
 	if email != "" {
 		user.SignupMethods = constants.AuthRecipeMethodBasicAuth
-		user.Email = email
+		user.Email = &email
 	}
 	if params.GivenName != nil {
 		user.GivenName = params.GivenName

server/resolvers/test_endpoint.go

@@ -39,7 +39,7 @@ func TestEndpointResolver(ctx context.Context, params model.TestEndpointRequest)
 
 	user := model.User{
 		ID:            uuid.NewString(),
-		Email:         "test_endpoint@foo.com",
+		Email:         refs.NewStringRef("test_endpoint@authorizer.dev"),
 		EmailVerified: true,
 		SignupMethods: constants.AuthRecipeMethodMagicLinkLogin,
 		GivenName:     refs.NewStringRef("Foo"),

server/resolvers/update_profile.go

@@ -196,7 +196,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 
 	hasEmailChanged := false
 
-	if params.Email != nil && user.Email != refs.StringValue(params.Email) {
+	if params.Email != nil && refs.StringValue(user.Email) != refs.StringValue(params.Email) {
 		// check if valid email
 		if !validators.IsValidEmail(*params.Email) {
 			log.Debug("Failed to validate email: ", refs.StringValue(params.Email))
@@ -220,7 +220,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 		go memorystore.Provider.DeleteAllUserSessions(user.ID)
 		go cookie.DeleteSession(gc)
 
-		user.Email = newEmail
+		user.Email = &newEmail
 		isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
 		if err != nil {
 			log.Debug("Failed to get disable email verification env variable: ", err)
@@ -257,7 +257,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 			}
 
 			// exec it as go routine so that we can reduce the api latency
-			go email.SendEmail([]string{user.Email}, verificationType, map[string]interface{}{
+			go email.SendEmail([]string{refs.StringValue(user.Email)}, verificationType, map[string]interface{}{
 				"user":             user.ToMap(),
 				"organization":     utils.GetOrganization(),
 				"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),

server/resolvers/update_user.go

@@ -127,7 +127,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		}
 	}
 
-	if params.Email != nil && user.Email != *params.Email {
+	if params.Email != nil && refs.StringValue(user.Email) != refs.StringValue(params.Email) {
 		// check if valid email
 		if !validators.IsValidEmail(*params.Email) {
 			log.Debug("Invalid email: ", *params.Email)
@@ -145,7 +145,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		go memorystore.Provider.DeleteAllUserSessions(user.ID)
 
 		hostname := parsers.GetHost(gc)
-		user.Email = newEmail
+		user.Email = &newEmail
 		user.EmailVerifiedAt = nil
 		// insert verification request
 		_, nonceHash, err := utils.GenerateNonce()
@@ -173,7 +173,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		}
 
 		// exec it as go routine so that we can reduce the api latency
-		go email.SendEmail([]string{user.Email}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
+		go email.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
 			"user":             user.ToMap(),
 			"organization":     utils.GetOrganization(),
 			"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),

server/test/profile_test.go

@@ -43,8 +43,7 @@ func profileTests(t *testing.T, s TestSetup) {
 		assert.NotNil(t, profileRes)
 		s.GinContext.Request.Header.Set("Authorization", "")
 		newEmail := profileRes.Email
-		assert.Equal(t, email, newEmail, "emails should be equal")
-
+		assert.Equal(t, email, refs.StringValue(newEmail), "emails should be equal")
 		cleanData(email)
 	})
 }

server/test/signup_test.go

@@ -50,7 +50,7 @@ func signupTests(t *testing.T, s TestSetup) {
 		})
 		assert.Nil(t, err, "signup should be successful")
 		user := *res.User
-		assert.Equal(t, email, user.Email)
+		assert.Equal(t, email, refs.StringValue(user.Email))
 		assert.Equal(t, "test", user.AppData["test"])
 		assert.Nil(t, res.AccessToken, "access token should be nil")
 		res, err = resolvers.SignupResolver(ctx, model.SignUpInput{