Allow empty email

2023-10-26 00:55:10 +05:30 · 2023-10-26 00:55:10 +05:30 · 9a6f1a659a
commit 9a6f1a659a
parent 4bddbde280
25 changed files with 65 additions and 56 deletions
--- a/2
+++ b/2
@ -46,7 +46,7 @@ test-all-db:
 	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest
 	docker run -d --name couchbase-local-test  -p 8091-8097:8091-8097 -p 11210:11210 -p 11207:11207 -p 18091-18095:18091-18095 -p 18096:18096 -p 18097:18097 couchbase:latest
 	sh scripts/couchbase-test.sh
-	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
+	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb,couchbase" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 	docker rm -vf authorizer_mongodb_db
 	docker rm -vf authorizer_arangodb
--- a/server/db/models/user.go
+++ b/server/db/models/user.go
@ -15,7 +15,7 @@ type User struct {
 	Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
 	ID  string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
-	Email                    string  `gorm:"unique" json:"email" bson:"email" cql:"email" dynamo:"email" index:"email,hash"`
+	Email                    *string `gorm:"unique" json:"email" bson:"email" cql:"email" dynamo:"email" index:"email,hash"`
 	EmailVerifiedAt          *int64  `json:"email_verified_at" bson:"email_verified_at" cql:"email_verified_at" dynamo:"email_verified_at"`
 	Password                 *string `json:"password" bson:"password" cql:"password" dynamo:"password"`
 	SignupMethods            string  `json:"signup_methods" bson:"signup_methods" cql:"signup_methods" dynamo:"signup_methods"`
@ -54,7 +54,7 @@ func (user *User) AsAPIUser() *model.User {
 		FamilyName:               user.FamilyName,
 		MiddleName:               user.MiddleName,
 		Nickname:                 user.Nickname,
-		PreferredUsername:        refs.NewStringRef(user.Email),
+		PreferredUsername:        user.Email,
 		Gender:                   user.Gender,
 		Birthdate:                user.Birthdate,
 		PhoneNumber:              user.PhoneNumber,
--- a/server/db/providers/couchbase/user.go
+++ b/server/db/providers/couchbase/user.go
@ -69,7 +69,7 @@ func (p *provider) DeleteUser(ctx context.Context, user *models.User) error {
 func (p *provider) ListUsers(ctx context.Context, pagination *model.Pagination) (*model.Users, error) {
 	users := []*model.User{}
 	paginationClone := pagination
-	userQuery := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s ORDER BY id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.User)
+	userQuery := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, app_data, created_at, updated_at FROM %s.%s ORDER BY id OFFSET $1 LIMIT $2", p.scopeName, models.Collections.User)
 	queryResult, err := p.db.Query(userQuery, &gocb.QueryOptions{
 		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
 		Context:              ctx,
@ -103,7 +103,7 @@ func (p *provider) ListUsers(ctx context.Context, pagination *model.Pagination)
 // GetUserByEmail to get user information from database using email address
 func (p *provider) GetUserByEmail(ctx context.Context, email string) (*models.User, error) {
 	var user *models.User
-	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, app_data, created_at, updated_at FROM %s.%s WHERE email = $1 LIMIT 1", p.scopeName, models.Collections.User)
 	q, err := p.db.Query(query, &gocb.QueryOptions{
 		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
 		Context:              ctx,
@ -122,7 +122,7 @@ func (p *provider) GetUserByEmail(ctx context.Context, email string) (*models.Us
 // GetUserByID to get user information from database using user ID
 func (p *provider) GetUserByID(ctx context.Context, id string) (*models.User, error) {
 	var user *models.User
-	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE _id = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, app_data, created_at, updated_at FROM %s.%s WHERE _id = $1 LIMIT 1", p.scopeName, models.Collections.User)
 	q, err := p.db.Query(query, &gocb.QueryOptions{
 		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
 		Context:              ctx,
@ -175,7 +175,7 @@ func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{},
 // GetUserByPhoneNumber to get user information from database using phone number
 func (p *provider) GetUserByPhoneNumber(ctx context.Context, phoneNumber string) (*models.User, error) {
 	var user *models.User
-	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, created_at, updated_at FROM %s.%s WHERE phone_number = $1 LIMIT 1", p.scopeName, models.Collections.User)
+	query := fmt.Sprintf("SELECT _id, email, email_verified_at, `password`, signup_methods, given_name, family_name, middle_name, nickname, birthdate, phone_number, phone_number_verified_at, picture, roles, revoked_timestamp, is_multi_factor_auth_enabled, app_data, created_at, updated_at FROM %s.%s WHERE phone_number = $1 LIMIT 1", p.scopeName, models.Collections.User)
 	q, err := p.db.Query(query, &gocb.QueryOptions{
 		ScanConsistency:      gocb.QueryScanConsistencyRequestPlus,
 		Context:              ctx,
--- a/server/db/providers/dynamodb/user.go
+++ b/server/db/providers/dynamodb/user.go
@ -136,7 +136,7 @@ func (p *provider) GetUserByID(ctx context.Context, id string) (*models.User, er
 	var user *models.User
 	err := collection.Get("id", id).OneWithContext(ctx, &user)
 	if err != nil {
-		if user.Email == "" {
+		if refs.StringValue(user.Email) == "" {
 			return user, errors.New("no documets found")
 		} else {
 			return user, nil
--- a/server/db/providers/mongodb/provider.go
+++ b/server/db/providers/mongodb/provider.go
@ -47,8 +47,6 @@ func NewProvider() (*provider, error) {
 			Keys:    bson.M{"email": 1},
 			Options: options.Index().SetUnique(true).SetSparse(true),
 		},
 	}, options.CreateIndexes())
 	userCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
 		{
 			Keys: bson.M{"phone_number": 1},
 			Options: options.Index().SetUnique(true).SetSparse(true).SetPartialFilterExpression(map[string]interface{}{
@ -56,7 +54,6 @@ func NewProvider() (*provider, error) {
 			}),
 		},
 	}, options.CreateIndexes())
 	mongodb.CreateCollection(ctx, models.Collections.VerificationRequest, options.CreateCollection())
 	verificationRequestCollection := mongodb.Collection(models.Collections.VerificationRequest, options.Collection())
 	verificationRequestCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@ -2286,7 +2286,8 @@ type Meta {
 type User {
  id: ID!
-  email: String!
+  # email or phone_number is always present
  email: String
  email_verified: Boolean!
  signup_methods: String!
  given_name: String
@ -11696,14 +11697,11 @@ func (ec *executionContext) _User_email(ctx context.Context, field graphql.Colle
 		return graphql.Null
 	}
 	if resTmp == nil {
 		if !graphql.HasFieldError(ctx, fc) {
 			ec.Errorf(ctx, "must not be null")
 		}
 		return graphql.Null
 	}
-	res := resTmp.(string)
+	res := resTmp.(*string)
 	fc.Result = res
-	return ec.marshalNString2string(ctx, field.Selections, res)
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
 }
 func (ec *executionContext) fieldContext_User_email(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
@ -19847,9 +19845,6 @@ func (ec *executionContext) _User(ctx context.Context, sel ast.SelectionSet, obj
 			}
 		case "email":
 			out.Values[i] = ec._User_email(ctx, field, obj)
 			if out.Values[i] == graphql.Null {
 				out.Invalids++
 			}
 		case "email_verified":
 			out.Values[i] = ec._User_email_verified(ctx, field, obj)
 			if out.Values[i] == graphql.Null {
--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@ -429,7 +429,7 @@ type UpdateWebhookRequest struct {
 type User struct {
 	ID                       string                 `json:"id"`
-	Email                    string                 `json:"email"`
+	Email                    *string                `json:"email,omitempty"`
 	EmailVerified            bool                   `json:"email_verified"`
 	SignupMethods            string                 `json:"signup_methods"`
 	GivenName                *string                `json:"given_name,omitempty"`
--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@ -32,7 +32,8 @@ type Meta {
 type User {
  id: ID!
-  email: String!
+  # email or phone_number is always present
  email: String
  email_verified: Boolean!
  signup_methods: String!
  given_name: String
--- a/server/handlers/oauth_callback.go
+++ b/server/handlers/oauth_callback.go
@ -23,6 +23,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/oauth"
 	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@ -85,7 +86,7 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			return
 		}
-		existingUser, err := db.Provider.GetUserByEmail(ctx, user.Email)
+		existingUser, err := db.Provider.GetUserByEmail(ctx, refs.StringValue(user.Email))
 		log := log.WithField("user", user.Email)
 		isSignUp := false
@ -415,7 +416,7 @@ func processGithubUserInfo(ctx context.Context, code string) (*models.User, erro
 		GivenName:  &firstName,
 		FamilyName: &lastName,
 		Picture:    &picture,
-		Email:      email,
+		Email:      &email,
 	}
 	return user, nil
@ -466,7 +467,7 @@ func processFacebookUserInfo(ctx context.Context, code string) (*models.User, er
 		GivenName:  &firstName,
 		FamilyName: &lastName,
 		Picture:    &picture,
-		Email:      email,
+		Email:      &email,
 	}
 	return user, nil
@ -548,7 +549,7 @@ func processLinkedInUserInfo(ctx context.Context, code string) (*models.User, er
 		GivenName:  &firstName,
 		FamilyName: &lastName,
 		Picture:    &profilePicture,
-		Email:      emailAddress,
+		Email:      &emailAddress,
 	}
 	return user, nil
@ -588,7 +589,8 @@ func processAppleUserInfo(ctx context.Context, code string) (*models.User, error
 		log.Debug("Failed to extract email from claims.")
 		return user, fmt.Errorf("unable to extract email, please check the scopes enabled for your app. It needs `email`, `name` scopes")
 	} else {
-		user.Email = val.(string)
+		email := val.(string)
 		user.Email = &email
 	}
 	if val, ok := claims["name"]; ok {
--- a/server/resolvers/delete_user.go
+++ b/server/resolvers/delete_user.go
@ -10,6 +10,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@ -51,28 +52,41 @@ func DeleteUserResolver(ctx context.Context, params model.DeleteUserInput) (*mod
 	go func() {
 		// delete otp for given email
-		otp, err := db.Provider.GetOTPByEmail(ctx, user.Email)
+		otp, err := db.Provider.GetOTPByEmail(ctx, refs.StringValue(user.Email))
 		if err != nil {
 			log.Infof("No OTP found for email (%s): %v", user.Email, err)
 			// continue
 		} else {
 			err := db.Provider.DeleteOTP(ctx, otp)
 			if err != nil {
-				log.Debugf("Failed to delete otp for given email (%s): %v", user.Email, err)
+				log.Debugf("Failed to delete otp for given email (%s): %v", refs.StringValue(user.Email), err)
 				// continue
 			}
 		}
 		// delete otp for given phone number
 		otp, err = db.Provider.GetOTPByPhoneNumber(ctx, refs.StringValue(user.PhoneNumber))
 		if err != nil {
 			log.Infof("No OTP found for email (%s): %v", refs.StringValue(user.Email), err)
 			// continue
 		} else {
 			err := db.Provider.DeleteOTP(ctx, otp)
 			if err != nil {
 				log.Debugf("Failed to delete otp for given phone (%s): %v", refs.StringValue(user.PhoneNumber), err)
 				// continue
 			}
 		}
 		// delete verification requests for given email
 		for _, vt := range constants.VerificationTypes {
-			verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, user.Email, vt)
+			verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, refs.StringValue(user.Email), vt)
 			if err != nil {
-				log.Infof("No verification verification request found for email: %s, verification_request_type: %s. %v", user.Email, vt, err)
+				log.Infof("No verification verification request found for email: %s, verification_request_type: %s. %v", refs.StringValue(user.Email), vt, err)
 				// continue
 			} else {
 				err := db.Provider.DeleteVerificationRequest(ctx, verificationRequest)
 				if err != nil {
-					log.Debugf("Failed to DeleteVerificationRequest for email: %s, verification_request_type: %s. %v", user.Email, vt, err)
+					log.Debugf("Failed to DeleteVerificationRequest for email: %s, verification_request_type: %s. %v", refs.StringValue(user.Email), vt, err)
 					// continue
 				}
 			}
--- a/server/resolvers/invite_members.go
+++ b/server/resolvers/invite_members.go
@ -106,7 +106,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 		}
 		user := &models.User{
-			Email: email,
+			Email: refs.NewStringRef(email),
 			Roles: strings.Join(defaultRoles, ","),
 		}
 		hostname := parsers.GetHost(gc)
@ -171,7 +171,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 		}
 		// exec it as go routine so that we can reduce the api latency
-		go emailservice.SendEmail([]string{user.Email}, constants.VerificationTypeInviteMember, map[string]interface{}{
+		go emailservice.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeInviteMember, map[string]interface{}{
 			"user":             user.ToMap(),
 			"organization":     utils.GetOrganization(),
 			"verification_url": utils.GetInviteVerificationURL(verifyEmailURL, verificationToken, redirectURL),
--- a/server/resolvers/login.go
+++ b/server/resolvers/login.go
@ -145,7 +145,7 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		otp := utils.GenerateOTP()
 		expires := time.Now().Add(1 * time.Minute).Unix()
 		otpData, err := db.Provider.UpsertOTP(ctx, &models.OTP{
-			Email:     user.Email,
+			Email:     refs.StringValue(user.Email),
 			Otp:       otp,
 			ExpiresAt: expires,
 		})
--- a/server/resolvers/magic_link_login.go
+++ b/server/resolvers/magic_link_login.go
@ -56,7 +56,7 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 	inputRoles := []string{}
 	user := &models.User{
-		Email: params.Email,
+		Email: refs.NewStringRef(params.Email),
 	}
 	// find user with email
--- a/server/resolvers/mobile_signup.go
+++ b/server/resolvers/mobile_signup.go
@ -131,7 +131,7 @@ func MobileSignupResolver(ctx context.Context, params *model.MobileSignUpInput)
 	}
 	user := &models.User{
-		Email:       emailInput,
+		Email:       &emailInput,
 		PhoneNumber: &mobile,
 	}
--- a/server/resolvers/resend_otp.go
+++ b/server/resolvers/resend_otp.go
@ -100,7 +100,7 @@ func ResendOTPResolver(ctx context.Context, params model.ResendOTPRequest) (*mod
 	otp := utils.GenerateOTP()
 	if _, err := db.Provider.UpsertOTP(ctx, &models.OTP{
-		Email:     user.Email,
+		Email:     refs.StringValue(user.Email),
 		Otp:       otp,
 		ExpiresAt: time.Now().Add(1 * time.Minute).Unix(),
 	}); err != nil {
--- a/server/resolvers/signup.go
+++ b/server/resolvers/signup.go
@ -158,7 +158,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 	user.Password = &password
 	if email != "" {
 		user.SignupMethods = constants.AuthRecipeMethodBasicAuth
-		user.Email = email
+		user.Email = &email
 	}
 	if params.GivenName != nil {
 		user.GivenName = params.GivenName
--- a/server/resolvers/test_endpoint.go
+++ b/server/resolvers/test_endpoint.go
@ -39,7 +39,7 @@ func TestEndpointResolver(ctx context.Context, params model.TestEndpointRequest)
 	user := model.User{
 		ID:            uuid.NewString(),
-		Email:         "test_endpoint@foo.com",
+		Email:         refs.NewStringRef("test_endpoint@authorizer.dev"),
 		EmailVerified: true,
 		SignupMethods: constants.AuthRecipeMethodMagicLinkLogin,
 		GivenName:     refs.NewStringRef("Foo"),
--- a/server/resolvers/update_profile.go
+++ b/server/resolvers/update_profile.go
@ -196,7 +196,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 	hasEmailChanged := false
-	if params.Email != nil && user.Email != refs.StringValue(params.Email) {
+	if params.Email != nil && refs.StringValue(user.Email) != refs.StringValue(params.Email) {
 		// check if valid email
 		if !validators.IsValidEmail(*params.Email) {
 			log.Debug("Failed to validate email: ", refs.StringValue(params.Email))
@ -220,7 +220,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 		go memorystore.Provider.DeleteAllUserSessions(user.ID)
 		go cookie.DeleteSession(gc)
-		user.Email = newEmail
+		user.Email = &newEmail
 		isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
 		if err != nil {
 			log.Debug("Failed to get disable email verification env variable: ", err)
@ -257,7 +257,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 			}
 			// exec it as go routine so that we can reduce the api latency
-			go email.SendEmail([]string{user.Email}, verificationType, map[string]interface{}{
+			go email.SendEmail([]string{refs.StringValue(user.Email)}, verificationType, map[string]interface{}{
 				"user":             user.ToMap(),
 				"organization":     utils.GetOrganization(),
 				"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),
--- a/server/resolvers/update_user.go
+++ b/server/resolvers/update_user.go
@ -127,7 +127,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		}
 	}
-	if params.Email != nil && user.Email != *params.Email {
+	if params.Email != nil && refs.StringValue(user.Email) != refs.StringValue(params.Email) {
 		// check if valid email
 		if !validators.IsValidEmail(*params.Email) {
 			log.Debug("Invalid email: ", *params.Email)
@ -145,7 +145,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		go memorystore.Provider.DeleteAllUserSessions(user.ID)
 		hostname := parsers.GetHost(gc)
-		user.Email = newEmail
+		user.Email = &newEmail
 		user.EmailVerifiedAt = nil
 		// insert verification request
 		_, nonceHash, err := utils.GenerateNonce()
@ -173,7 +173,7 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 		}
 		// exec it as go routine so that we can reduce the api latency
-		go email.SendEmail([]string{user.Email}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
+		go email.SendEmail([]string{refs.StringValue(user.Email)}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
 			"user":             user.ToMap(),
 			"organization":     utils.GetOrganization(),
 			"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname, redirectURL),
--- a/server/test/profile_test.go
+++ b/server/test/profile_test.go
@ -43,8 +43,7 @@ func profileTests(t *testing.T, s TestSetup) {
 		assert.NotNil(t, profileRes)
 		s.GinContext.Request.Header.Set("Authorization", "")
 		newEmail := profileRes.Email
-		assert.Equal(t, email, newEmail, "emails should be equal")
+		assert.Equal(t, email, refs.StringValue(newEmail), "emails should be equal")
 		cleanData(email)
 	})
 }
--- a/server/test/signup_test.go
+++ b/server/test/signup_test.go
@ -50,7 +50,7 @@ func signupTests(t *testing.T, s TestSetup) {
 		})
 		assert.Nil(t, err, "signup should be successful")
 		user := *res.User
-		assert.Equal(t, email, user.Email)
+		assert.Equal(t, email, refs.StringValue(user.Email))
 		assert.Equal(t, "test", user.AppData["test"])
 		assert.Nil(t, res.AccessToken, "access token should be nil")
 		res, err = resolvers.SignupResolver(ctx, model.SignUpInput{
--- a/server/test/update_all_users_tests.go
+++ b/server/test/update_all_users_tests.go
@ -19,7 +19,7 @@ func updateAllUsersTest(t *testing.T, s TestSetup) {
 		_, ctx := createContext(s)
 		for i := 0; i < 10; i++ {
 			user := &models.User{
-				Email:         fmt.Sprintf("update_all_user_%d_%s", i, s.TestInfo.Email),
+				Email:         refs.NewStringRef(fmt.Sprintf("update_all_user_%d_%s", i, s.TestInfo.Email)),
 				SignupMethods: constants.AuthRecipeMethodBasicAuth,
 				Roles:         "user",
 			}
@ -61,7 +61,7 @@ func updateAllUsersTest(t *testing.T, s TestSetup) {
 			} else {
 				assert.True(t, refs.BoolValue(u.IsMultiFactorAuthEnabled))
 			}
-			cleanData(u.Email)
+			cleanData(refs.StringValue(u.Email))
 		}
 	})
 }
--- a/server/test/user_test.go
+++ b/server/test/user_test.go
@ -59,14 +59,14 @@ func userTest(t *testing.T, s TestSetup) {
 		})
 		assert.Nil(t, err)
 		assert.Equal(t, res.User.ID, userRes.ID)
-		assert.Equal(t, email, userRes.Email)
+		assert.Equal(t, email, refs.StringValue(userRes.Email))
 		// Should get user by email
 		userRes, err = resolvers.UserResolver(ctx, model.GetUserRequest{
 			Email: &email,
 		})
 		assert.Nil(t, err)
 		assert.Equal(t, res.User.ID, userRes.ID)
-		assert.Equal(t, email, userRes.Email)
+		assert.Equal(t, email, refs.StringValue(userRes.Email))
 		cleanData(email)
 	})
 }
--- a/server/test/validate_jwt_token_test.go
+++ b/server/test/validate_jwt_token_test.go
@ -8,6 +8,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/resolvers"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
@ -41,7 +42,7 @@ func validateJwtTokenTest(t *testing.T, s TestSetup) {
 	scope := []string{"openid", "email", "profile", "offline_access"}
 	user := &models.User{
 		ID:        uuid.New().String(),
-		Email:     "jwt_test_" + s.TestInfo.Email,
+		Email:     refs.NewStringRef("jwt_test_" + s.TestInfo.Email),
 		Roles:     "user",
 		UpdatedAt: time.Now().Unix(),
 		CreatedAt: time.Now().Unix(),
@ -96,6 +97,6 @@ func validateJwtTokenTest(t *testing.T, s TestSetup) {
 		})
 		assert.NoError(t, err)
 		assert.True(t, res.IsValid)
-		assert.Equal(t, user.Email, res.Claims["email"])
+		assert.Equal(t, refs.StringValue(user.Email), res.Claims["email"])
 	})
 }
--- a/server/test/verify_email_test.go
+++ b/server/test/verify_email_test.go
@ -24,7 +24,7 @@ func verifyEmailTest(t *testing.T, s TestSetup) {
 		assert.NoError(t, err)
 		assert.NotNil(t, res)
 		user := *res.User
-		assert.Equal(t, email, user.Email)
+		assert.Equal(t, email, refs.StringValue(user.Email))
 		assert.Nil(t, res.AccessToken, "access token should be nil")
 		verificationRequest, err := db.Provider.GetVerificationRequestByEmail(ctx, email, constants.VerificationTypeBasicAuthSignup)
 		assert.Nil(t, err)