From 80ab7cc8148a5452d3399c5c83e35c27e0db08f1 Mon Sep 17 00:00:00 2001
From: Jonas Jordan <jj@sernet.de>
Date: Tue, 15 Oct 2024 09:42:47 +0200
Subject: [PATCH] use redirect URL for mailing actions

verinice-veo#3003
---
 .../org/veo/accounts/keycloak/AccountService.kt       | 11 ++++++++++-
 src/main/resources/application.properties             |  3 +++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/main/kotlin/org/veo/accounts/keycloak/AccountService.kt b/src/main/kotlin/org/veo/accounts/keycloak/AccountService.kt
index bc81f49..557256b 100644
--- a/src/main/kotlin/org/veo/accounts/keycloak/AccountService.kt
+++ b/src/main/kotlin/org/veo/accounts/keycloak/AccountService.kt
@@ -52,6 +52,10 @@ class AccountService(
     private val facade: KeycloakFacade,
     @Value("\${veo.accounts.keycloak.mailing.enabled}")
     private val mailingEnabled: Boolean,
+    @Value("\${veo.accounts.keycloak.mailing.actionsRedirectUrl}")
+    private val mailActionsRedirectUrl: String,
+    @Value("\${veo.accounts.keycloak.clients.auth.name}")
+    private val userAuthKeycloakClient: String,
 ) {
     fun findAllAccounts(authAccount: AuthenticatedAccount): List<UserRepresentation> =
         facade.perform {
@@ -358,7 +362,12 @@ class AccountService(
             .apply { if (!isEnabled) return }
             .run { requiredActions + if (!isEmailVerified) listOf("VERIFY_EMAIL") else emptyList() }
             .also { log.debug { "Determined email actions for user $accountId: $it" } }
-            .let { if (mailingEnabled) users().get(accountId).executeActionsEmail(it) }
+            .also { log.debug { "Mailing keycloak client: $userAuthKeycloakClient" } }
+            .also { log.debug { "Mailing actions redirect URL: $mailActionsRedirectUrl" } }
+            .let {
+                    actions ->
+                if (mailingEnabled) users().get(accountId).executeActionsEmail(userAuthKeycloakClient, mailActionsRedirectUrl, actions)
+            }
 
     private fun RealmResource.loadGroups(user: UserRepresentation) {
         user.apply {
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 46bd5b2..bad8b32 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -6,6 +6,9 @@ spring.jndi.ignore=true
 veo.accounts.keycloak.serverUrl=https://auth.staging.verinice.com/auth/
 veo.accounts.keycloak.realm=verinice-veo
 veo.accounts.keycloak.mailing.enabled=true
+# After a user has completed mailing actions (e.g. email verification, password reset), this URL leads them to the actual veo web
+# application.
+veo.accounts.keycloak.mailing.actionsRedirectUrl=https://veo-web.develop.verinice.com/login
 veo.accounts.keycloak.userSuperGroupName=veo-userclass
 # veo.accounts.keycloak.proxyHost=cache.int.company.de
 # veo.accounts.keycloak.proxyPort=3128