[PM-5093][PM-7325] Added trial initiation email verification endpoint (#4221)

* Added trial initiation user verification endpoint * Added explanatory comment for why we add artificial delay * Updated RegistrationStart to Registration reference event * Ensure that productTier query param is an int * Added email value to trial initiation email
2025-04-05 21:18:13 -05:00 · 2024-07-29 14:18:12 -04:00 · 2024-07-29 14:18:12 -04:00 · 656e0c20f9
commit 656e0c20f9
parent 2b738a5a4c
12 changed files with 266 additions and 1 deletions
--- a/src/Core/Billing/Models/Api/Requests/Accounts/TrialSendVerificationEmailRequestModel.cs
+++ b/src/Core/Billing/Models/Api/Requests/Accounts/TrialSendVerificationEmailRequestModel.cs
@ -0,0 +1,10 @@
 using Bit.Core.Auth.Models.Api.Request.Accounts;
 using Bit.Core.Billing.Enums;
 namespace Bit.Core.Billing.Models.Api.Requests.Accounts;
 public class TrialSendVerificationEmailRequestModel : RegisterSendVerificationEmailRequestModel
 {
    public ProductTierType ProductTier { get; set; }
    public IEnumerable<ProductType> Products { get; set; }
 }
--- a/src/Core/Billing/Models/Mail/TrialInititaionVerifyEmail.cs
+++ b/src/Core/Billing/Models/Mail/TrialInititaionVerifyEmail.cs
@ -0,0 +1,33 @@
 using Bit.Core.Auth.Models.Mail;
 using Bit.Core.Billing.Enums;
 namespace Bit.Core.Billing.Models.Mail;
 public class TrialInitiationVerifyEmail : RegisterVerifyEmail
 {
    /// <summary>
    /// See comment on <see cref="RegisterVerifyEmail"/>.<see cref="RegisterVerifyEmail.Url"/>
    /// </summary>
    public new string Url
    {
        get => $"{WebVaultUrl}/{Route}" +
               $"?token={Token}" +
               $"&email={Email}" +
               $"&fromEmail=true" +
               $"&productTier={(int)ProductTier}" +
               $"&product={string.Join(",", Product.Select(p => (int)p))}";
    }
    public ProductTierType ProductTier { get; set; }
    public IEnumerable<ProductType> Product { get; set; }
    /// <summary>
    /// Currently we only support one product type at a time, despite Product being a collection.
    /// If we receive both PasswordManager and SecretsManager, we'll send the user to the PM trial route
    /// </summary>
    private string Route =>
        Product.Any(p => p == ProductType.PasswordManager)
            ? "trial-initiation"
            : "secrets-manager-trial-initiation";
 }
--- a/src/Core/Billing/TrialInitiation/Registration/ISendTrialInitiationEmailForRegistrationCommand.cs
+++ b/src/Core/Billing/TrialInitiation/Registration/ISendTrialInitiationEmailForRegistrationCommand.cs
@ -0,0 +1,14 @@
 #nullable enable
 using Bit.Core.Billing.Enums;
 namespace Bit.Core.Billing.TrialInitiation.Registration;
 public interface ISendTrialInitiationEmailForRegistrationCommand
 {
    public Task<string?> Handle(
        string email,
        string? name,
        bool receiveMarketingEmails,
        ProductTierType productTier,
        IEnumerable<ProductType> products);
 }
--- a/src/Core/Billing/TrialInitiation/Registration/Implementations/SendTrialInitiationEmailForRegistrationCommand.cs
+++ b/src/Core/Billing/TrialInitiation/Registration/Implementations/SendTrialInitiationEmailForRegistrationCommand.cs
@ -0,0 +1,74 @@
 #nullable enable
 using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Exceptions;
 using Bit.Core.Repositories;
 using Bit.Core.Services;
 using Bit.Core.Settings;
 using Bit.Core.Tokens;
 using Bit.Core.Utilities;
 namespace Bit.Core.Billing.TrialInitiation.Registration.Implementations;
 public class SendTrialInitiationEmailForRegistrationCommand(
    IUserRepository userRepository,
    GlobalSettings globalSettings,
    IMailService mailService,
    IDataProtectorTokenFactory<RegistrationEmailVerificationTokenable> tokenDataFactory)
    : ISendTrialInitiationEmailForRegistrationCommand
 {
    public async Task<string?> Handle(
        string email,
        string? name,
        bool receiveMarketingEmails,
        ProductTierType productTier,
        IEnumerable<ProductType> products)
    {
        ArgumentException.ThrowIfNullOrWhiteSpace(email, nameof(email));
        var userExists = await CheckUserExistsConstantTimeAsync(email);
        var token = GenerateToken(email, name, receiveMarketingEmails);
        if (!globalSettings.EnableEmailVerification)
        {
            await PerformConstantTimeOperationsAsync();
            if (userExists)
            {
                throw new BadRequestException($"Email {email} is already taken");
            }
            return token;
        }
        await PerformConstantTimeOperationsAsync();
        if (!userExists)
        {
            await mailService.SendTrialInitiationSignupEmailAsync(email, token, productTier, products);
        }
        return null;
    }
    /// <summary>
    /// Perform constant time operations to prevent timing attacks
    /// </summary>
    private static async Task PerformConstantTimeOperationsAsync()
    {
        await Task.Delay(130);
    }
    private string GenerateToken(string email, string? name, bool receiveMarketingEmails)
    {
        var tokenable = new RegistrationEmailVerificationTokenable(email, name, receiveMarketingEmails);
        return tokenDataFactory.Protect(tokenable);
    }
    private async Task<bool> CheckUserExistsConstantTimeAsync(string email)
    {
        var user = await userRepository.GetByEmailAsync(email);
        return CoreHelpers.FixedTimeEquals(user?.Email.ToLowerInvariant() ?? string.Empty, email.ToLowerInvariant());
    }
 }
--- a/src/Core/Billing/TrialInitiation/TrialInitiationCollectionExtensions.cs
+++ b/src/Core/Billing/TrialInitiation/TrialInitiationCollectionExtensions.cs
@ -0,0 +1,13 @@
 using Bit.Core.Billing.TrialInitiation.Registration;
 using Bit.Core.Billing.TrialInitiation.Registration.Implementations;
 using Microsoft.Extensions.DependencyInjection;
 namespace Bit.Core.Billing.TrialInitiation;
 public static class TrialInitiationCollectionExtensions
 {
    public static void AddTrialInitiationServices(this IServiceCollection services)
    {
        services.AddSingleton<ISendTrialInitiationEmailForRegistrationCommand, SendTrialInitiationEmailForRegistrationCommand>();
    }
 }
--- a/src/Core/MailTemplates/Handlebars/Billing/TrialInitiationVerifyEmail.html.hbs
+++ b/src/Core/MailTemplates/Handlebars/Billing/TrialInitiationVerifyEmail.html.hbs
@ -0,0 +1,24 @@
 {{#>FullHtmlLayout}}
 <table width="100%" cellpadding="0" cellspacing="0" style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
    <tr style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none; text-align: left;" valign="top" align="center">
            Verify your email address below to finish signing up for your free trial.
        </td>
    </tr>
    <tr style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
        <td class="content-block last" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0; -webkit-text-size-adjust: none; text-align: left;" valign="top" align="center">
            If you did not request this email from Bitwarden, you can safely ignore it.
            <br style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
            <br style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
        </td>
    </tr>
    <tr style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
        <td class="content-block" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; color: #333; line-height: 25px; margin: 0; -webkit-font-smoothing: antialiased; padding: 0 0 10px; -webkit-text-size-adjust: none; text-align: center;" valign="top" align="center">
            <a href="{{{Url}}}" clicktracking=off target="_blank" style="color: #ffffff; text-decoration: none; text-align: center; cursor: pointer; display: inline-block; border-radius: 5px; background-color: #175DDC; border-color: #175DDC; border-style: solid; border-width: 10px 20px; margin: 0; font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 16px; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;">
                Verify email
            </a>
            <br style="margin: 0; box-sizing: border-box; color: #333; line-height: 25px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none;" />
        </td>
    </tr>
 </table>
 {{/FullHtmlLayout}}
--- a/src/Core/MailTemplates/Handlebars/Billing/TrialInitiationVerifyEmail.text.hbs
+++ b/src/Core/MailTemplates/Handlebars/Billing/TrialInitiationVerifyEmail.text.hbs
@ -0,0 +1,8 @@
 {{#>BasicTextLayout}}
 Verify your email address using the link below and start your free trial of Bitwarden.
 If you did not request this email from Bitwarden, you can safely ignore it.
 {{{Url}}}
 {{/BasicTextLayout}}
--- a/src/Core/Services/IMailService.cs
+++ b/src/Core/Services/IMailService.cs
@ -1,6 +1,7 @@
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Entities.Provider;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Entities;
 using Bit.Core.Models.Mail;
@ -11,6 +12,11 @@ public interface IMailService
    Task SendWelcomeEmailAsync(User user);
    Task SendVerifyEmailEmailAsync(string email, Guid userId, string token);
    Task SendRegistrationVerificationEmailAsync(string email, string token);
    Task SendTrialInitiationSignupEmailAsync(
        string email,
        string token,
        ProductTierType productTier,
        IEnumerable<ProductType> products);
    Task SendVerifyDeleteEmailAsync(string email, Guid userId, string token);
    Task SendChangeEmailAlreadyExistsEmailAsync(string fromEmail, string toEmail);
    Task SendChangeEmailEmailAsync(string newEmailAddress, string token);
--- a/src/Core/Services/Implementations/HandlebarsMailService.cs
+++ b/src/Core/Services/Implementations/HandlebarsMailService.cs
@ -4,6 +4,8 @@ using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Entities.Provider;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Auth.Models.Mail;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Billing.Models.Mail;
 using Bit.Core.Entities;
 using Bit.Core.Models.Mail;
 using Bit.Core.Models.Mail.FamiliesForEnterprise;
@ -70,6 +72,27 @@ public class HandlebarsMailService : IMailService
        await _mailDeliveryService.SendEmailAsync(message);
    }
    public async Task SendTrialInitiationSignupEmailAsync(
        string email,
        string token,
        ProductTierType productTier,
        IEnumerable<ProductType> products)
    {
        var message = CreateDefaultMessage("Verify your email", email);
        var model = new TrialInitiationVerifyEmail
        {
            Token = WebUtility.UrlEncode(token),
            Email = email,
            WebVaultUrl = _globalSettings.BaseServiceUri.VaultWithHash,
            SiteName = _globalSettings.SiteName,
            ProductTier = productTier,
            Product = products
        };
        await AddMessageContentAsync(message, "Billing.TrialInitiationVerifyEmail", model);
        message.MetaData.Add("SendGridBypassListManagement", true);
        message.Category = "VerifyEmail";
        await _mailDeliveryService.SendEmailAsync(message);
    }
    public async Task SendVerifyDeleteEmailAsync(string email, Guid userId, string token)
    {
@ -492,7 +515,7 @@ public class HandlebarsMailService : IMailService
        return CreateDefaultMessage(subject, new List<string> { toEmail });
    }
-    private MailMessage CreateDefaultMessage(string subject, IEnumerable<string> toEmails)
+    private static MailMessage CreateDefaultMessage(string subject, IEnumerable<string> toEmails)
    {
        return new MailMessage
        {
--- a/src/Core/Services/NoopImplementations/NoopMailService.cs
+++ b/src/Core/Services/NoopImplementations/NoopMailService.cs
@ -1,6 +1,7 @@
 using Bit.Core.AdminConsole.Entities;
 using Bit.Core.AdminConsole.Entities.Provider;
 using Bit.Core.Auth.Entities;
 using Bit.Core.Billing.Enums;
 using Bit.Core.Entities;
 using Bit.Core.Models.Mail;
@ -23,6 +24,15 @@ public class NoopMailService : IMailService
        return Task.FromResult(0);
    }
    public Task SendTrialInitiationSignupEmailAsync(
        string email,
        string token,
        ProductTierType productTier,
        IEnumerable<ProductType> products)
    {
        return Task.FromResult(0);
    }
    public Task SendChangeEmailEmailAsync(string newEmailAddress, string token)
    {
        return Task.FromResult(0);
--- a/src/Identity/Billing/Controller/AccountsController.cs
+++ b/src/Identity/Billing/Controller/AccountsController.cs
@ -0,0 +1,48 @@
 using Bit.Core;
 using Bit.Core.Billing.Models.Api.Requests.Accounts;
 using Bit.Core.Billing.TrialInitiation.Registration;
 using Bit.Core.Context;
 using Bit.Core.Tools.Enums;
 using Bit.Core.Tools.Models.Business;
 using Bit.Core.Tools.Services;
 using Bit.Core.Utilities;
 using Bit.SharedWeb.Utilities;
 using Microsoft.AspNetCore.Mvc;
 namespace Bit.Identity.Billing.Controller;
 [Route("accounts")]
 [ExceptionHandlerFilter]
 public class AccountsController(
    ICurrentContext currentContext,
    ISendTrialInitiationEmailForRegistrationCommand sendTrialInitiationEmailForRegistrationCommand,
    IReferenceEventService referenceEventService) : Microsoft.AspNetCore.Mvc.Controller
 {
    [RequireFeature(FeatureFlagKeys.EmailVerification)]
    [HttpPost("trial/send-verification-email")]
    public async Task<IActionResult> PostTrialInitiationSendVerificationEmailAsync([FromBody] TrialSendVerificationEmailRequestModel model)
    {
        var token = await sendTrialInitiationEmailForRegistrationCommand.Handle(
            model.Email,
            model.Name,
            model.ReceiveMarketingEmails,
            model.ProductTier,
            model.Products);
        var refEvent = new ReferenceEvent
        {
            Type = ReferenceEventType.SignupEmailSubmit,
            ClientId = currentContext.ClientId,
            ClientVersion = currentContext.ClientVersion,
            Source = ReferenceEventSource.Registration
        };
        await referenceEventService.RaiseEventAsync(refEvent);
        if (token != null)
        {
            return Ok(token);
        }
        return NoContent();
    }
 }
--- a/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
+++ b/src/SharedWeb/Utilities/ServiceCollectionExtensions.cs
@ -16,6 +16,7 @@ using Bit.Core.Auth.Repositories;
 using Bit.Core.Auth.Services;
 using Bit.Core.Auth.Services.Implementations;
 using Bit.Core.Auth.UserFeatures;
 using Bit.Core.Billing.TrialInitiation;
 using Bit.Core.Entities;
 using Bit.Core.Enums;
 using Bit.Core.HostedServices;
@ -99,6 +100,7 @@ public static class ServiceCollectionExtensions
    {
        services.AddScoped<ICipherService, CipherService>();
        services.AddUserServices(globalSettings);
        services.AddTrialInitiationServices();
        services.AddOrganizationServices(globalSettings);
        services.AddScoped<ICollectionService, CollectionService>();
        services.AddScoped<IGroupService, GroupService>();