Merge pull request #215 from wabscale/main

fix: rootless container

Dockerfile

@@ -21,13 +21,15 @@ RUN apk add build-base &&\
     make build-dashboard
 
 FROM alpine:latest
-WORKDIR /root/
+RUN adduser -D -h /authorizer -u 1000 -k /dev/null authorizer
+WORKDIR /authorizer
 RUN mkdir app dashboard
-COPY --from=node-builder /authorizer/app/build app/build
-COPY --from=node-builder /authorizer/app/favicon_io app/favicon_io
-COPY --from=node-builder /authorizer/dashboard/build dashboard/build
-COPY --from=node-builder /authorizer/dashboard/favicon_io dashboard/favicon_io
-COPY --from=go-builder /authorizer/build build
+COPY --from=node-builder --chown=nobody:nobody /authorizer/app/build app/build
+COPY --from=node-builder --chown=nobody:nobody /authorizer/app/favicon_io app/favicon_io
+COPY --from=node-builder --chown=nobody:nobody /authorizer/dashboard/build dashboard/build
+COPY --from=node-builder --chown=nobody:nobody /authorizer/dashboard/favicon_io dashboard/favicon_io
+COPY --from=go-builder --chown=nobody:nobody /authorizer/build build
 COPY templates templates
 EXPOSE 8080
+USER authorizer
 CMD [ "./build/server" ]

README.md

@@ -29,13 +29,15 @@
 - ✅ OAuth2 and OpenID compatible APIs
 - ✅ APIs to update profile securely
 - ✅ Forgot password flow using email
-- ✅ Social logins (Google, Github, Facebook, more coming soon)
+- ✅ Social logins (Google, Github, Facebook, LinkedIn, Apple more coming soon)
 - ✅ Role-based access management
 - ✅ Password-less login with magic link login
+- ✅ Multi factor authentication
+- ✅ Email templating
+- ✅ Webhooks
 
 ## Roadmap
 
-- 2 Factor authentication
 - VueJS SDK
 - Svelte SDK
 - React Native SDK

app/package-lock.json

@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@authorizerdev/authorizer-react": "^0.26.0-beta.0",
+				"@authorizerdev/authorizer-react": "^1.0.0",
 				"@types/react": "^17.0.15",
 				"@types/react-dom": "^17.0.9",
 				"esbuild": "^0.12.17",
@@ -26,22 +26,22 @@
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-js": {
-			"version": "0.17.0-beta.1",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.17.0-beta.1.tgz",
-			"integrity": "sha512-jUlFUrs4Ys6LZ5hclPeRt84teygi+bA57d/IpV9GAqOrfifv70jkFeDln4+Bs0mZk74el23Xn+DR9380mqE4Cg==",
+			"version": "1.0.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.0.0.tgz",
+			"integrity": "sha512-TtXA8y06CIZ5f+nk1tgPiSpGR9neCkGHtmKLqGWjWPdObDfekRU5qMtpC2S2uEljAI53mnueLZKmbd9hrReTag==",
 			"dependencies": {
-				"node-fetch": "^2.6.1"
+				"cross-fetch": "^3.1.5"
 			},
 			"engines": {
 				"node": ">=10"
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-react": {
-			"version": "0.26.0-beta.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.26.0-beta.0.tgz",
-			"integrity": "sha512-YfyiGYBmbsp3tLWIxOrOZ/hUTCmdMXVE9SLE8m1xsFsxzJJlUhepp0AMahSbH5EyLj5bchOhOw/rzgpnDZDvMw==",
+			"version": "1.0.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.0.0.tgz",
+			"integrity": "sha512-lXckUe46LTcH+hFxIxPEewQR1/ktd2awoqZsMZZaa0AjQJoekJaUcouBuX0F66VyQG0qezuyEQrye0Z93Ffgug==",
 			"dependencies": {
-				"@authorizerdev/authorizer-js": "^0.17.0-beta.1",
+				"@authorizerdev/authorizer-js": "^1.0.0",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
@@ -404,6 +404,14 @@
 			"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
 			"integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
 		},
+		"node_modules/cross-fetch": {
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz",
+			"integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==",
+			"dependencies": {
+				"node-fetch": "2.6.7"
+			}
+		},
 		"node_modules/css-color-keywords": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/css-color-keywords/-/css-color-keywords-1.0.0.tgz",
@@ -852,19 +860,19 @@
 	},
 	"dependencies": {
 		"@authorizerdev/authorizer-js": {
-			"version": "0.17.0-beta.1",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-0.17.0-beta.1.tgz",
-			"integrity": "sha512-jUlFUrs4Ys6LZ5hclPeRt84teygi+bA57d/IpV9GAqOrfifv70jkFeDln4+Bs0mZk74el23Xn+DR9380mqE4Cg==",
+			"version": "1.0.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-js/-/authorizer-js-1.0.0.tgz",
+			"integrity": "sha512-TtXA8y06CIZ5f+nk1tgPiSpGR9neCkGHtmKLqGWjWPdObDfekRU5qMtpC2S2uEljAI53mnueLZKmbd9hrReTag==",
 			"requires": {
-				"node-fetch": "^2.6.1"
+				"cross-fetch": "^3.1.5"
 			}
 		},
 		"@authorizerdev/authorizer-react": {
-			"version": "0.26.0-beta.0",
-			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-0.26.0-beta.0.tgz",
-			"integrity": "sha512-YfyiGYBmbsp3tLWIxOrOZ/hUTCmdMXVE9SLE8m1xsFsxzJJlUhepp0AMahSbH5EyLj5bchOhOw/rzgpnDZDvMw==",
+			"version": "1.0.0",
+			"resolved": "https://registry.npmjs.org/@authorizerdev/authorizer-react/-/authorizer-react-1.0.0.tgz",
+			"integrity": "sha512-lXckUe46LTcH+hFxIxPEewQR1/ktd2awoqZsMZZaa0AjQJoekJaUcouBuX0F66VyQG0qezuyEQrye0Z93Ffgug==",
 			"requires": {
-				"@authorizerdev/authorizer-js": "^0.17.0-beta.1",
+				"@authorizerdev/authorizer-js": "^1.0.0",
 				"final-form": "^4.20.2",
 				"react-final-form": "^6.5.3",
 				"styled-components": "^5.3.0"
@@ -1161,6 +1169,14 @@
 			"resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
 			"integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
 		},
+		"cross-fetch": {
+			"version": "3.1.5",
+			"resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-3.1.5.tgz",
+			"integrity": "sha512-lvb1SBsI0Z7GDwmuid+mU3kWVBwTVUbe7S0H52yaaAdQOXq2YktTCZdlAcNKFzE6QtRz0snpw9bNiPeOIkkQvw==",
+			"requires": {
+				"node-fetch": "2.6.7"
+			}
+		},
 		"css-color-keywords": {
 			"version": "1.0.0",
 			"resolved": "https://registry.npmjs.org/css-color-keywords/-/css-color-keywords-1.0.0.tgz",

app/package.json

@@ -11,7 +11,7 @@
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^0.26.0-beta.0",
+		"@authorizerdev/authorizer-react": "^1.0.0",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",

dashboard/package-lock.json

@@ -2605,7 +2605,8 @@
 		"@chakra-ui/css-reset": {
 			"version": "1.1.1",
 			"resolved": "https://registry.npmjs.org/@chakra-ui/css-reset/-/css-reset-1.1.1.tgz",
-			"integrity": "sha512-+KNNHL4OWqeKia5SL858K3Qbd8WxMij9mWIilBzLD4j2KFrl/+aWFw8syMKth3NmgIibrjsljo+PU3fy2o50dg=="
+			"integrity": "sha512-+KNNHL4OWqeKia5SL858K3Qbd8WxMij9mWIilBzLD4j2KFrl/+aWFw8syMKth3NmgIibrjsljo+PU3fy2o50dg==",
+			"requires": {}
 		},
 		"@chakra-ui/descendant": {
 			"version": "2.1.1",
@@ -3209,7 +3210,8 @@
 		"@graphql-typed-document-node/core": {
 			"version": "3.1.1",
 			"resolved": "https://registry.npmjs.org/@graphql-typed-document-node/core/-/core-3.1.1.tgz",
-			"integrity": "sha512-NQ17ii0rK1b34VZonlmT2QMJFI70m0TRwbknO/ihlbatXyaktDhN/98vBiUU6kNBPljqGqyIrl2T4nY2RpFANg=="
+			"integrity": "sha512-NQ17ii0rK1b34VZonlmT2QMJFI70m0TRwbknO/ihlbatXyaktDhN/98vBiUU6kNBPljqGqyIrl2T4nY2RpFANg==",
+			"requires": {}
 		},
 		"@popperjs/core": {
 			"version": "2.11.0",
@@ -3481,7 +3483,8 @@
 		"draftjs-utils": {
 			"version": "0.10.2",
 			"resolved": "https://registry.npmjs.org/draftjs-utils/-/draftjs-utils-0.10.2.tgz",
-			"integrity": "sha512-EstHqr3R3JVcilJrBaO/A+01GvwwKmC7e4TCjC7S94ZeMh4IVmf60OuQXtHHpwItK8C2JCi3iljgN5KHkJboUg=="
+			"integrity": "sha512-EstHqr3R3JVcilJrBaO/A+01GvwwKmC7e4TCjC7S94ZeMh4IVmf60OuQXtHHpwItK8C2JCi3iljgN5KHkJboUg==",
+			"requires": {}
 		},
 		"error-ex": {
 			"version": "1.3.2",
@@ -3755,7 +3758,8 @@
 		"html-to-draftjs": {
 			"version": "1.5.0",
 			"resolved": "https://registry.npmjs.org/html-to-draftjs/-/html-to-draftjs-1.5.0.tgz",
-			"integrity": "sha512-kggLXBNciKDwKf+KYsuE+V5gw4dZ7nHyGMX9m0wy7urzWjKGWyNFetmArRLvRV0VrxKN70WylFsJvMTJx02OBQ=="
+			"integrity": "sha512-kggLXBNciKDwKf+KYsuE+V5gw4dZ7nHyGMX9m0wy7urzWjKGWyNFetmArRLvRV0VrxKN70WylFsJvMTJx02OBQ==",
+			"requires": {}
 		},
 		"import-fresh": {
 			"version": "3.3.0",
@@ -3945,7 +3949,8 @@
 		"react-email-editor": {
 			"version": "1.6.1",
 			"resolved": "https://registry.npmjs.org/react-email-editor/-/react-email-editor-1.6.1.tgz",
-			"integrity": "sha512-pEWpRmTY0ok03cwTGqEOoEldnzThhuRGTrcMnv8W3/jc5MTfcr9USU/IQ9HrVvFStLKoxYBIQnSKY+iCYWOtSQ=="
+			"integrity": "sha512-pEWpRmTY0ok03cwTGqEOoEldnzThhuRGTrcMnv8W3/jc5MTfcr9USU/IQ9HrVvFStLKoxYBIQnSKY+iCYWOtSQ==",
+			"requires": {}
 		},
 		"react-fast-compare": {
 			"version": "3.2.0",
@@ -3968,7 +3973,8 @@
 		"react-icons": {
 			"version": "4.3.1",
 			"resolved": "https://registry.npmjs.org/react-icons/-/react-icons-4.3.1.tgz",
-			"integrity": "sha512-cB10MXLTs3gVuXimblAdI71jrJx8njrJZmNMEMC+sQu5B/BIOmlsAjskdqpn81y8UBVEGuHODd7/ci5DvoSzTQ=="
+			"integrity": "sha512-cB10MXLTs3gVuXimblAdI71jrJx8njrJZmNMEMC+sQu5B/BIOmlsAjskdqpn81y8UBVEGuHODd7/ci5DvoSzTQ==",
+			"requires": {}
 		},
 		"react-is": {
 			"version": "16.13.1",
@@ -4159,7 +4165,8 @@
 		"use-callback-ref": {
 			"version": "1.2.5",
 			"resolved": "https://registry.npmjs.org/use-callback-ref/-/use-callback-ref-1.2.5.tgz",
-			"integrity": "sha512-gN3vgMISAgacF7sqsLPByqoePooY3n2emTH59Ur5d/M8eg4WTWu1xp8i8DHjohftIyEx0S08RiYxbffr4j8Peg=="
+			"integrity": "sha512-gN3vgMISAgacF7sqsLPByqoePooY3n2emTH59Ur5d/M8eg4WTWu1xp8i8DHjohftIyEx0S08RiYxbffr4j8Peg==",
+			"requires": {}
 		},
 		"use-sidecar": {
 			"version": "1.0.5",

dashboard/src/components/EnvComponents/Features.tsx

@@ -1,5 +1,5 @@
 import React from 'react';
-import { Flex, Stack, Text } from '@chakra-ui/react';
+import { Divider, Flex, Stack, Text } from '@chakra-ui/react';
 import InputField from '../InputField';
 import { SwitchInputType } from '../../constants';
 
@@ -10,7 +10,7 @@ const Features = ({ variables, setVariables }: any) => {
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
 				Disable Features
 			</Text>
-			<Stack spacing={6} padding="2% 0%">
+			<Stack spacing={6}>
 				<Flex>
 					<Flex w="100%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">Disable Login Page:</Text>
@@ -83,9 +83,15 @@ const Features = ({ variables, setVariables }: any) => {
 						/>
 					</Flex>
 				</Flex>
-				<Flex>
-					<Flex w="100%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Disable Multi Factor Authentication:</Text>
+				<Flex alignItems="center">
+					<Flex w="100%" alignItems="baseline" flexDir="column">
+						<Text fontSize="sm">
+							Disable Multi Factor Authentication (MFA):
+						</Text>
+						<Text fontSize="x-small">
+							Note: Enabling this will ignore Enforcing MFA shown below and will
+							also ignore the user MFA setting.
+						</Text>
 					</Flex>
 					<Flex justifyContent="start" mb={3}>
 						<InputField
@@ -96,13 +102,20 @@ const Features = ({ variables, setVariables }: any) => {
 					</Flex>
 				</Flex>
 			</Stack>
-			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
+			<Divider paddingY={5} />
+			<Text fontSize="md" paddingTop={5} fontWeight="bold" mb={5}>
 				Enable Features
 			</Text>
-			<Stack spacing={6} padding="2% 0%">
-				<Flex>
-					<Flex w="100%" justifyContent="start" alignItems="center">
-						<Text fontSize="sm">Enforce Multi Factor Authentication:</Text>
+			<Stack spacing={6}>
+				<Flex alignItems="center">
+					<Flex w="100%" alignItems="baseline" flexDir="column">
+						<Text fontSize="sm">
+							Enforce Multi Factor Authentication (MFA):
+						</Text>
+						<Text fontSize="x-small">
+							Note: If you disable enforcing after it was enabled, it will still
+							keep MFA enabled for older users.
+						</Text>
 					</Flex>
 					<Flex justifyContent="start" mb={3}>
 						<InputField

dashboard/src/components/UpdateEmailTemplateModal.tsx

@@ -333,7 +333,7 @@ const UpdateEmailTemplate = ({
 											{templateVariables.map((i) => (
 												<Tr key={i.text}>
 													<Td>
-														<Code fontSize="sm">{`{{${i.text}}}`}</Code>
+														<Code fontSize="sm">{`{{.${i.text}}}`}</Code>
 													</Td>
 													<Td>
 														<Text

dashboard/src/graphql/queries/index.ts

@@ -18,50 +18,50 @@ export const AdminSessionQuery = `
 export const EnvVariablesQuery = `
   query {
     _env{
-      CLIENT_ID,
-      CLIENT_SECRET,
-	    GOOGLE_CLIENT_ID,
-      GOOGLE_CLIENT_SECRET,
-      GITHUB_CLIENT_ID,
-      GITHUB_CLIENT_SECRET,
-      FACEBOOK_CLIENT_ID,
-      FACEBOOK_CLIENT_SECRET,
-      LINKEDIN_CLIENT_ID,
-      LINKEDIN_CLIENT_SECRET,
-      APPLE_CLIENT_ID,
-      APPLE_CLIENT_SECRET,
-      DEFAULT_ROLES,
-      PROTECTED_ROLES,
-      ROLES,
-      JWT_TYPE,
-      JWT_SECRET,
-      JWT_ROLE_CLAIM,
-      JWT_PRIVATE_KEY,
-      JWT_PUBLIC_KEY,
-      REDIS_URL,
-      SMTP_HOST,
-      SMTP_PORT,
-      SMTP_USERNAME,
-      SMTP_PASSWORD,
-      SENDER_EMAIL,
-      ALLOWED_ORIGINS,
-      ORGANIZATION_NAME,
-      ORGANIZATION_LOGO,
-      ADMIN_SECRET,
-      DISABLE_LOGIN_PAGE,
-      DISABLE_MAGIC_LINK_LOGIN,
-      DISABLE_EMAIL_VERIFICATION,
-      DISABLE_BASIC_AUTHENTICATION,
-      DISABLE_SIGN_UP,
-      DISABLE_STRONG_PASSWORD,
-      DISABLE_REDIS_FOR_ENV,
-      CUSTOM_ACCESS_TOKEN_SCRIPT,
-      DATABASE_NAME,
-      DATABASE_TYPE,
-      DATABASE_URL,
-      ACCESS_TOKEN_EXPIRY_TIME,
-      DISABLE_MULTI_FACTOR_AUTHENTICATION,
-	    ENFORCE_MULTI_FACTOR_AUTHENTICATION,
+      CLIENT_ID
+      CLIENT_SECRET
+      GOOGLE_CLIENT_ID
+      GOOGLE_CLIENT_SECRET
+      GITHUB_CLIENT_ID
+      GITHUB_CLIENT_SECRET
+      FACEBOOK_CLIENT_ID
+      FACEBOOK_CLIENT_SECRET
+      LINKEDIN_CLIENT_ID
+      LINKEDIN_CLIENT_SECRET
+      APPLE_CLIENT_ID
+      APPLE_CLIENT_SECRET
+      DEFAULT_ROLES
+      PROTECTED_ROLES
+      ROLES
+      JWT_TYPE
+      JWT_SECRET
+      JWT_ROLE_CLAIM
+      JWT_PRIVATE_KEY
+      JWT_PUBLIC_KEY
+      REDIS_URL
+      SMTP_HOST
+      SMTP_PORT
+      SMTP_USERNAME
+      SMTP_PASSWORD
+      SENDER_EMAIL
+      ALLOWED_ORIGINS
+      ORGANIZATION_NAME
+      ORGANIZATION_LOGO
+      ADMIN_SECRET
+      DISABLE_LOGIN_PAGE
+      DISABLE_MAGIC_LINK_LOGIN
+      DISABLE_EMAIL_VERIFICATION
+      DISABLE_BASIC_AUTHENTICATION
+      DISABLE_SIGN_UP
+      DISABLE_STRONG_PASSWORD
+      DISABLE_REDIS_FOR_ENV
+      CUSTOM_ACCESS_TOKEN_SCRIPT
+      DATABASE_NAME
+      DATABASE_TYPE
+      DATABASE_URL
+      ACCESS_TOKEN_EXPIRY_TIME
+      DISABLE_MULTI_FACTOR_AUTHENTICATION
+      ENFORCE_MULTI_FACTOR_AUTHENTICATION
     }
   }
 `;

dashboard/src/pages/Users.tsx

@@ -302,7 +302,11 @@ export default function Users() {
 								<Th>Roles</Th>
 								<Th>Verified</Th>
 								<Th>Access</Th>
-								<Th>MFA</Th>
+								<Th>
+									<Tooltip label="MultiFactor Authentication Enabled / Disabled">
+										MFA
+									</Tooltip>
+								</Th>
 								<Th>Actions</Th>
 							</Tr>
 						</Thead>
@@ -404,13 +408,13 @@ export default function Users() {
 														<MenuItem
 															onClick={() => multiFactorAuthUpdateHandler(user)}
 														>
-															Disable MFA
+															Disable MultiFactor Authentication
 														</MenuItem>
 													) : (
 														<MenuItem
 															onClick={() => multiFactorAuthUpdateHandler(user)}
 														>
-															Enable MFA
+															Enable MultiFactor Authentication
 														</MenuItem>
 													)}
 												</MenuList>

server/constants/verification_types.go

@@ -12,5 +12,5 @@ const (
 	// VerificationTypeInviteMember is the invite_member verification type
 	VerificationTypeInviteMember = "invite_member"
 	// VerificationTypeOTP is the otp verification type
-	VerificationTypeOTP = "otp"
+	VerificationTypeOTP = "verify_otp"
 )

server/db/providers/cassandradb/email_template.go

@@ -29,7 +29,7 @@ func (p *provider) AddEmailTemplate(ctx context.Context, emailTemplate models.Em
 		return nil, fmt.Errorf("Email template with %s event_name already exists", emailTemplate.EventName)
 	}
 
-	insertQuery := fmt.Sprintf("INSERT INTO %s (id, event_name, subject, template,  created_at, updated_at) VALUES ('%s', '%s', '%s','%s', %d, %d)", KeySpace+"."+models.Collections.EmailTemplate, emailTemplate.ID, emailTemplate.EventName, emailTemplate.Subject, emailTemplate.Template, emailTemplate.CreatedAt, emailTemplate.UpdatedAt)
+	insertQuery := fmt.Sprintf("INSERT INTO %s (id, event_name, subject, design, template,  created_at, updated_at) VALUES ('%s', '%s', '%s','%s','%s', %d, %d)", KeySpace+"."+models.Collections.EmailTemplate, emailTemplate.ID, emailTemplate.EventName, emailTemplate.Subject, emailTemplate.Design, emailTemplate.Template, emailTemplate.CreatedAt, emailTemplate.UpdatedAt)
 	err := p.db.Query(insertQuery).Exec()
 	if err != nil {
 		return nil, err
@@ -103,14 +103,14 @@ func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagin
 	// there is no offset in cassandra
 	// so we fetch till limit + offset
 	// and return the results from offset to limit
-	query := fmt.Sprintf("SELECT id, event_name, subject, template, created_at, updated_at FROM %s LIMIT %d", KeySpace+"."+models.Collections.EmailTemplate, pagination.Limit+pagination.Offset)
+	query := fmt.Sprintf("SELECT id, event_name, subject, design, template, created_at, updated_at FROM %s LIMIT %d", KeySpace+"."+models.Collections.EmailTemplate, pagination.Limit+pagination.Offset)
 
 	scanner := p.db.Query(query).Iter().Scanner()
 	counter := int64(0)
 	for scanner.Next() {
 		if counter >= pagination.Offset {
 			var emailTemplate models.EmailTemplate
-			err := scanner.Scan(&emailTemplate.ID, &emailTemplate.EventName, &emailTemplate.Subject, &emailTemplate.Template, &emailTemplate.CreatedAt, &emailTemplate.UpdatedAt)
+			err := scanner.Scan(&emailTemplate.ID, &emailTemplate.EventName, &emailTemplate.Subject, &emailTemplate.Design, &emailTemplate.Template, &emailTemplate.CreatedAt, &emailTemplate.UpdatedAt)
 			if err != nil {
 				return nil, err
 			}
@@ -128,8 +128,8 @@ func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagin
 // GetEmailTemplateByID to get EmailTemplate by id
 func (p *provider) GetEmailTemplateByID(ctx context.Context, emailTemplateID string) (*model.EmailTemplate, error) {
 	var emailTemplate models.EmailTemplate
-	query := fmt.Sprintf(`SELECT id, event_name, subject, template, created_at, updated_at FROM %s WHERE id = '%s' LIMIT 1`, KeySpace+"."+models.Collections.EmailTemplate, emailTemplateID)
-	err := p.db.Query(query).Consistency(gocql.One).Scan(&emailTemplate.ID, &emailTemplate.EventName, &emailTemplate.Subject, &emailTemplate.Template, &emailTemplate.CreatedAt, &emailTemplate.UpdatedAt)
+	query := fmt.Sprintf(`SELECT id, event_name, subject, design, template, created_at, updated_at FROM %s WHERE id = '%s' LIMIT 1`, KeySpace+"."+models.Collections.EmailTemplate, emailTemplateID)
+	err := p.db.Query(query).Consistency(gocql.One).Scan(&emailTemplate.ID, &emailTemplate.EventName, &emailTemplate.Subject, &emailTemplate.Design, &emailTemplate.Template, &emailTemplate.CreatedAt, &emailTemplate.UpdatedAt)
 	if err != nil {
 		return nil, err
 	}
@@ -139,8 +139,8 @@ func (p *provider) GetEmailTemplateByID(ctx context.Context, emailTemplateID str
 // GetEmailTemplateByEventName to get EmailTemplate by event_name
 func (p *provider) GetEmailTemplateByEventName(ctx context.Context, eventName string) (*model.EmailTemplate, error) {
 	var emailTemplate models.EmailTemplate
-	query := fmt.Sprintf(`SELECT id, event_name, subject, template, created_at, updated_at FROM %s WHERE event_name = '%s' LIMIT 1 ALLOW FILTERING`, KeySpace+"."+models.Collections.EmailTemplate, eventName)
-	err := p.db.Query(query).Consistency(gocql.One).Scan(&emailTemplate.ID, &emailTemplate.EventName, &emailTemplate.Subject, &emailTemplate.Template, &emailTemplate.CreatedAt, &emailTemplate.UpdatedAt)
+	query := fmt.Sprintf(`SELECT id, event_name, subject, design, template, created_at, updated_at FROM %s WHERE event_name = '%s' LIMIT 1 ALLOW FILTERING`, KeySpace+"."+models.Collections.EmailTemplate, eventName)
+	err := p.db.Query(query).Consistency(gocql.One).Scan(&emailTemplate.ID, &emailTemplate.EventName, &emailTemplate.Subject, &emailTemplate.Design, &emailTemplate.Template, &emailTemplate.CreatedAt, &emailTemplate.UpdatedAt)
 	if err != nil {
 		return nil, err
 	}

server/db/providers/cassandradb/provider.go

@@ -224,10 +224,11 @@ func NewProvider() (*provider, error) {
 		return nil, err
 	}
 	// add subject on email_templates table
-	emailTemplateAlterQuery := fmt.Sprintf(`ALTER TABLE %s.%s ADD subject text;`, KeySpace, models.Collections.EmailTemplate)
+	emailTemplateAlterQuery := fmt.Sprintf(`ALTER TABLE %s.%s ADD (subject text, design text);`, KeySpace, models.Collections.EmailTemplate)
 	err = session.Query(emailTemplateAlterQuery).Exec()
 	if err != nil {
-		return nil, err
+		log.Debug("Failed to alter table as column exists: ", err)
+		// continue
 	}
 
 	otpCollection := fmt.Sprintf("CREATE TABLE IF NOT EXISTS %s.%s (id text, email text, otp text, expires_at bigint, updated_at bigint, created_at bigint, PRIMARY KEY (id))", KeySpace, models.Collections.OTP)

server/email/email.go

@@ -18,7 +18,7 @@ import (
 
 func getDefaultTemplate(event string) *model.EmailTemplate {
 	switch event {
-	case constants.VerificationTypeBasicAuthSignup, constants.VerificationTypeMagicLinkLogin:
+	case constants.VerificationTypeBasicAuthSignup, constants.VerificationTypeMagicLinkLogin, constants.VerificationTypeUpdateEmail:
 		return &model.EmailTemplate{
 			Subject:  emailVerificationSubject,
 			Template: emailVerificationTemplate,

server/env/env.go

@@ -355,28 +355,28 @@ func InitAllEnv() error {
 	if val, ok := envData[constants.EnvKeyLinkedInClientID]; !ok || val == "" {
 		envData[constants.EnvKeyLinkedInClientID] = osLinkedInClientID
 	}
-	if osFacebookClientID != "" && envData[constants.EnvKeyLinkedInClientID] != osFacebookClientID {
+	if osLinkedInClientID != "" && envData[constants.EnvKeyLinkedInClientID] != osLinkedInClientID {
 		envData[constants.EnvKeyLinkedInClientID] = osLinkedInClientID
 	}
 
 	if val, ok := envData[constants.EnvKeyLinkedInClientSecret]; !ok || val == "" {
 		envData[constants.EnvKeyLinkedInClientSecret] = osLinkedInClientSecret
 	}
-	if osFacebookClientSecret != "" && envData[constants.EnvKeyLinkedInClientSecret] != osFacebookClientSecret {
+	if osLinkedInClientSecret != "" && envData[constants.EnvKeyLinkedInClientSecret] != osLinkedInClientSecret {
 		envData[constants.EnvKeyLinkedInClientSecret] = osLinkedInClientSecret
 	}
 
 	if val, ok := envData[constants.EnvKeyAppleClientID]; !ok || val == "" {
 		envData[constants.EnvKeyAppleClientID] = osAppleClientID
 	}
-	if osFacebookClientID != "" && envData[constants.EnvKeyAppleClientID] != osFacebookClientID {
+	if osAppleClientID != "" && envData[constants.EnvKeyAppleClientID] != osAppleClientID {
 		envData[constants.EnvKeyAppleClientID] = osAppleClientID
 	}
 
 	if val, ok := envData[constants.EnvKeyAppleClientSecret]; !ok || val == "" {
 		envData[constants.EnvKeyAppleClientSecret] = osAppleClientSecret
 	}
-	if osFacebookClientSecret != "" && envData[constants.EnvKeyAppleClientSecret] != osFacebookClientSecret {
+	if osAppleClientSecret != "" && envData[constants.EnvKeyAppleClientSecret] != osAppleClientSecret {
 		envData[constants.EnvKeyAppleClientSecret] = osAppleClientSecret
 	}
 

server/resolvers/forgot_password.go

@@ -15,6 +15,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/parsers"
+	"github.com/authorizerdev/authorizer/server/refs"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 	"github.com/authorizerdev/authorizer/server/validators"
@@ -61,9 +62,9 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		log.Debug("Failed to generate nonce: ", err)
 		return res, err
 	}
-	redirectURL := parsers.GetAppURL(gc) + "/reset-password"
-	if params.RedirectURI != nil {
-		redirectURL = *params.RedirectURI
+	redirectURL := parsers.GetAppURL(gc)
+	if strings.TrimSpace(refs.StringValue(params.RedirectURI)) != "" {
+		redirectURL = refs.StringValue(params.RedirectURI)
 	}
 
 	verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURL)

server/resolvers/update_profile.go

@@ -245,7 +245,7 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 			}
 
 			// exec it as go routine so that we can reduce the api latency
-			go email.SendEmail([]string{user.Email}, constants.VerificationTypeBasicAuthSignup, map[string]interface{}{
+			go email.SendEmail([]string{user.Email}, verificationType, map[string]interface{}{
 				"user":             user.ToMap(),
 				"organization":     utils.GetOrganization(),
 				"verification_url": utils.GetEmailVerificationURL(verificationToken, hostname),

server/test/add_email_template_test.go

@@ -31,7 +31,7 @@ func addEmailTemplateTest(t *testing.T, s TestSetup) {
 			assert.Nil(t, emailTemplate)
 		})
 
-		t.Run("should not add email template for empty template", func(t *testing.T) {
+		t.Run("should not add email template for empty subject", func(t *testing.T) {
 			emailTemplate, err := resolvers.AddEmailTemplateResolver(ctx, model.AddEmailTemplateRequest{
 				EventName: s.TestInfo.TestEmailTemplateEventTypes[0],
 				Template:  " test ",
@@ -50,12 +50,25 @@ func addEmailTemplateTest(t *testing.T, s TestSetup) {
 			assert.Error(t, err)
 			assert.Nil(t, emailTemplate)
 		})
+
+		t.Run("should not add email template with empty design", func(t *testing.T) {
+			emailTemplate, err := resolvers.AddEmailTemplateResolver(ctx, model.AddEmailTemplateRequest{
+				EventName: s.TestInfo.TestEmailTemplateEventTypes[0],
+				Template:  "test",
+				Subject:   "test",
+				Design:    "   ",
+			})
+			assert.Error(t, err)
+			assert.Nil(t, emailTemplate)
+		})
+
 		for _, eventType := range s.TestInfo.TestEmailTemplateEventTypes {
 			t.Run("should add email template for "+eventType, func(t *testing.T) {
 				emailTemplate, err := resolvers.AddEmailTemplateResolver(ctx, model.AddEmailTemplateRequest{
 					EventName: eventType,
 					Template:  "Test email",
 					Subject:   "Test email",
+					Design:    "Test design",
 				})
 				assert.NoError(t, err)
 				assert.NotNil(t, emailTemplate)
@@ -65,6 +78,7 @@ func addEmailTemplateTest(t *testing.T, s TestSetup) {
 				assert.NoError(t, err)
 				assert.Equal(t, et.EventName, eventType)
 				assert.Equal(t, "Test email", et.Subject)
+				assert.Equal(t, "Test design", et.Design)
 			})
 		}
 	})

server/test/update_email_template_test.go

@@ -32,6 +32,7 @@ func updateEmailTemplateTest(t *testing.T, s TestSetup) {
 			ID:       emailTemplate.ID,
 			Template: refs.NewStringRef("Updated test template"),
 			Subject:  refs.NewStringRef("Updated subject"),
+			Design:   refs.NewStringRef("Updated design"),
 		})
 
 		assert.NoError(t, err)
@@ -44,5 +45,6 @@ func updateEmailTemplateTest(t *testing.T, s TestSetup) {
 		assert.Equal(t, emailTemplate.ID, updatedEmailTemplate.ID)
 		assert.Equal(t, updatedEmailTemplate.Template, "Updated test template")
 		assert.Equal(t, updatedEmailTemplate.Subject, "Updated subject")
+		assert.Equal(t, updatedEmailTemplate.Design, "Updated design")
 	})
 }