1040 prototype email gateway

CHANGELOG.md

@@ -11,6 +11,17 @@ Recommendation: for ease of reading, use the following order:
 - Fixed
 -->
 
+## [Unreleased]
+### Added
+- GQL suport to query and update email on the currently logged account
+- Account registration sends `AccountLifecycleEvent` to `Outbox`
+### Changed
+- Emails are mandatory for Kamu accounts now:
+   - predefined users need to specify an email in config
+   - predefined users are auto-synced at startup in case they existed before
+   - GitHub users are queried for primary verified email, even if it is not public
+   - migration code for the database existing users
+
 ## [0.220.0] - 2025-01-27
 ### Changed
 - Private Datasets:

Cargo.toml

@@ -6,6 +6,7 @@ members = [
     "src/utils/database-common",
     "src/utils/database-common-macros",
     "src/utils/datafusion-cli",
+    "src/utils/email-utils",
     "src/utils/enum-variants",
     "src/utils/event-sourcing",
     "src/utils/event-sourcing-macros",
@@ -111,6 +112,7 @@ async-utils = { version = "0.220.0", path = "src/utils/async-utils", default-fea
 container-runtime = { version = "0.220.0", path = "src/utils/container-runtime", default-features = false }
 database-common = { version = "0.220.0", path = "src/utils/database-common", default-features = false }
 database-common-macros = { version = "0.220.0", path = "src/utils/database-common-macros", default-features = false }
+email-utils = { version = "0.220.0", path = "src/utils/email-utils", default-features = false }
 enum-variants = { version = "0.220.0", path = "src/utils/enum-variants", default-features = false }
 event-sourcing = { version = "0.220.0", path = "src/utils/event-sourcing", default-features = false }
 event-sourcing-macros = { version = "0.220.0", path = "src/utils/event-sourcing-macros", default-features = false }

examples/archive/commercial-fishing/.kamuconfig

@@ -6,9 +6,12 @@ content:
       - accountName: kamu
         isAdmin: true
         avatarUrl: https://avatars.githubusercontent.com/u/50896974?s=200&v=4
+        email: support+kamu@kamu.dev
       - accountName: acme.fishing.co
         accountType: Organization
         avatarUrl: https://cdn-icons-png.flaticon.com/512/1090/1090630.png
+        email: support+acme.fishing.co@kamu.dev
       - accountName: globalfishingwatch.org
         accountType: Organization
         avatarUrl: https://cdn-icons-png.flaticon.com/512/744/744480.png
+        email: support+globalfishingwatch.org@kamu.dev

examples/archive/water-management/.kamuconfig

@@ -6,7 +6,11 @@ content:
       - accountName: kamu
         isAdmin: true
         avatarUrl: https://avatars.githubusercontent.com/u/50896974?s=200&v=4
+        email: support+kamu@kamu.dev
       - accountName: rijkswaterstaat.nl
         avatarUrl: https://www.shutterstock.com/image-vector/royal-exclusive-badge-logo-two-260nw-236025661.jpg
+        email: support+rijkswaterstaat.nl@kamu.dev
       - accountName: deltares.nl
-        avatarUrl: https://avatars.githubusercontent.com/u/6613768?s=200&v=4
+        avatarUrl: https://avatars.githubusercontent.com/u/6613768?s=200&v=4
+        email: support+deltares.nl@kamu.dev
+

images/kamu-base-with-data-mt/extra/.kamuconfig

@@ -6,45 +6,62 @@ content:
       - accountName: kamu
         isAdmin: true
         avatarUrl: https://avatars.githubusercontent.com/u/50896974?s=200&v=4
+        email: support+kamu@kamu.dev
       - accountName: sh101-bowen
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3118/3118054.png
+        email: support+sh101-bowen@kamu.dev
       - accountName: sh102-gambier
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3118/3118054.png
+        email: support+sh102-gambier@kamu.dev
       - accountName: sh103-howe
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3118/3118054.png
+        email: support+sh103-howe@kamu.dev
       - accountName: sh104-granville
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3118/3118054.png
+        email: support+sh104-granville@kamu.dev
       - accountName: sh105-keats
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3118/3118054.png
+        email: support+sh105-keats@kamu.dev
       - accountName: sh106-seymour
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3118/3118054.png
+        email: support+sh106-seymour@kamu.dev
       - accountName: moa.gov.nl
         accountType: Organization
         displayName: moa.gov.nl
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3530/3530558.png
+        email: support+moa.gov.nl@kamu.dev
       - accountName: mim.dk
         accountType: Organization
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3530/3530558.png
+        email: support+mim.dk@kamu.dev
       - accountName: ofb.gouv.fr
         accountType: Organization
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3530/3530558.png
+        email: support+ofb.gouv.fr@kamu.dev
       - accountName: mmo.gov.uk
         accountType: Organization
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3530/3530558.png
+        email: support+mmo.gov.uk@kamu.dev
       - accountName: protectedseas.net
         accountType: Organization
         avatarUrl: https://cdn-icons-png.flaticon.com/512/3530/3530558.png
+        email: support+protectedseas.net@kamu.dev
       - accountName: bmis-bycatch.org
         accountType: Organization
         displayName: Bycatch Management Information System
         avatarUrl: https://cdn-icons-png.flaticon.com/128/10197/10197245.png
+        email: support+bmis-bycatch.org@kamu.dev
       - accountName: acme.fishing.co
         accountType: Organization
         avatarUrl: https://cdn-icons-png.flaticon.com/512/1090/1090630.png
+        email: support+acme.fishing.co@kamu.dev
       - accountName: globalfishingwatch.org
         accountType: Organization
         avatarUrl: https://cdn-icons-png.flaticon.com/512/744/744480.png
+        email: support+globalfishingwatch.org@kamu.dev
       - accountName: rijkswaterstaat.nl
         avatarUrl: https://www.shutterstock.com/image-vector/royal-exclusive-badge-logo-two-260nw-236025661.jpg
+        email: support+rijkswaterstaat.nl@kamu.dev
       - accountName: deltares.nl
-        avatarUrl: https://avatars.githubusercontent.com/u/6613768?s=200&v=4
+        avatarUrl: https://avatars.githubusercontent.com/u/6613768?s=200&v=4
+        email: support+deltares.nl@kamu.dev

migrations/mysql/20250121102654_require_account_emails.sql

@@ -0,0 +1,6 @@
+UPDATE accounts
+    SET email = CONCAT(account_name, '@example.com')
+    WHERE email IS NULL;
+
+ALTER TABLE accounts
+    MODIFY email VARCHAR(320) NOT NULL;

migrations/postgres/20250121102649_require_account_emails.sql

@@ -0,0 +1,6 @@
+UPDATE accounts
+    SET email = account_name || '@example.com'
+    WHERE email IS NULL;
+
+ALTER TABLE accounts
+    ALTER COLUMN email SET NOT NULL;

migrations/sqlite/20250121102658_require_account_emails.sql

@@ -0,0 +1,48 @@
+PRAGMA foreign_keys = OFF;
+
+CREATE TABLE accounts_new (
+    id VARCHAR(100) NOT NULL PRIMARY KEY,
+    account_name VARCHAR(100) NOT NULL,
+    email VARCHAR(320) NOT NULL,
+    display_name VARCHAR(200) NOT NULL,
+    account_type TEXT NOT NULL CHECK(account_type IN ('user', 'organization')),
+    avatar_url VARCHAR(1000),
+    registered_at TIMESTAMP(6) NOT NULL,
+    is_admin INTEGER NOT NULL,
+    provider VARCHAR(25) NOT NULL,
+    provider_identity_key VARCHAR(100) NOT NULL
+);
+
+INSERT INTO accounts_new (
+    id, 
+    account_name, 
+    email, 
+    display_name, 
+    account_type, 
+    avatar_url, 
+    registered_at, 
+    is_admin,
+    provider,
+    provider_identity_key
+)
+    SELECT
+        id,
+        account_name,
+        COALESCE(email, account_name || '@example.com') AS email,
+        display_name,
+        account_type,
+        avatar_url,
+        registered_at,
+        is_admin,
+        provider,
+        provider_identity_key
+    FROM accounts;
+
+DROP TABLE accounts;
+ALTER TABLE accounts_new RENAME TO accounts;
+
+CREATE UNIQUE INDEX idx_accounts_name ON accounts(account_name);
+CREATE UNIQUE INDEX idx_accounts_email ON accounts(email);
+CREATE UNIQUE INDEX idx_accounts_provider_identity_key ON accounts(provider_identity_key);
+
+PRAGMA foreign_keys = ON;

resources/schema.gql

@@ -45,6 +45,10 @@ type Account {
 	"""
 	accountType: AccountType!
 	"""
+	Email address
+	"""
+	email: String!
+	"""
 	Avatar URL
 	"""
 	avatarUrl: String
@@ -122,6 +126,10 @@ type AccountFlowsMut {
 scalar AccountID
 
 type AccountMut {
+	"""
+	Update account email
+	"""
+	updateEmail(newEmail: String!): UpdateEmailResult!
 	"""
 	Access to the mutable flow configurations of this account
 	"""
@@ -2022,6 +2030,25 @@ type TriggerFlowSuccess implements TriggerFlowResult {
 	message: String!
 }
 
+type UpdateEmailInvalid implements UpdateEmailResult {
+	dummy: Boolean!
+	message: String!
+}
+
+type UpdateEmailNonUnique implements UpdateEmailResult {
+	dummy: Boolean!
+	message: String!
+}
+
+interface UpdateEmailResult {
+	message: String!
+}
+
+type UpdateEmailSuccess implements UpdateEmailResult {
+	newEmail: String!
+	message: String!
+}
+
 interface UpdateReadmeResult {
 	message: String!
 }

src/adapter/auth-oso-rebac/tests/tests/test_oso_dataset_authorizer.rs

@@ -124,7 +124,7 @@ impl DatasetAuthorizerHarness {
         if let CurrentAccountSubject::Logged(logged_account) = &current_account_subject {
             predefined_accounts_config
                 .predefined
-                .push(AccountConfig::from_name(
+                .push(AccountConfig::test_config_from_name(
                     logged_account.account_name.clone(),
                 ));
         }