Fixes for login flow verify secret config usage and secret config for…

… reset email token generation.

application.yaml

@@ -85,7 +85,6 @@ auth/email-link:
   fromEmailName: ice
   emailValidation:
     authLink: https://some.webpage.example/somePath
-    jwtSecret: bogus
     expirationTime: 1h
     blockDuration: 10m
     sameIpRateCheckPeriod: 1h

auth/email_link/contract.go

@@ -106,7 +106,6 @@ type (
 		} `yaml:"loginSession"`
 		EmailValidation struct {
 			AuthLink       string              `yaml:"authLink"`
-			JwtSecret      string              `yaml:"jwtSecret"`
 			ExpirationTime stdlibtime.Duration `yaml:"expirationTime" mapstructure:"expirationTime"`
 			BlockDuration  stdlibtime.Duration `yaml:"blockDuration"`
 		} `yaml:"emailValidation"`

auth/email_link/emaillink.go

@@ -65,30 +65,11 @@ func (c *client) Close() error {
 func loadConfiguration() *config {
 	var cfg config
 	appcfg.MustLoadFromKey(applicationYamlKey, &cfg)
-	loadEmailValidationConfiguration(&cfg)
 	loadLoginSessionConfiguration(&cfg)
 
 	return &cfg
 }
 
-func loadEmailValidationConfiguration(cfg *config) {
-	if cfg.EmailValidation.JwtSecret == "" {
-		module := strings.ToUpper(strings.ReplaceAll(strings.ReplaceAll(applicationYamlKey, "-", "_"), "/", "_"))
-		cfg.EmailValidation.JwtSecret = os.Getenv(module + "_EMAIL_JWT_SECRET")
-		if cfg.EmailValidation.JwtSecret == "" {
-			cfg.EmailValidation.JwtSecret = os.Getenv("EMAIL_JWT_SECRET")
-		}
-		// If specific one for emails for found - let's use the same one as wintr/auth/ice uses for token generation.
-		if cfg.EmailValidation.JwtSecret == "" {
-			module = strings.ToUpper(strings.ReplaceAll(strings.ReplaceAll(applicationYamlKey, "-", "_"), "/", "_"))
-			cfg.EmailValidation.JwtSecret = os.Getenv(module + "_JWT_SECRET")
-			if cfg.EmailValidation.JwtSecret == "" {
-				cfg.EmailValidation.JwtSecret = os.Getenv("JWT_SECRET")
-			}
-		}
-	}
-}
-
 func loadLoginSessionConfiguration(cfg *config) {
 	if cfg.LoginSession.JwtSecret == "" {
 		module := strings.ToUpper(strings.ReplaceAll(strings.ReplaceAll(applicationYamlKey, "-", "_"), "/", "_"))
@@ -108,9 +89,6 @@ func loadLoginSessionConfiguration(cfg *config) {
 }
 
 func (cfg *config) validate() {
-	if cfg.EmailValidation.JwtSecret == "" {
-		log.Panic(errors.New("no email jwt secret provided"))
-	}
 	if cfg.LoginSession.JwtSecret == "" {
 		log.Panic(errors.New("no login session jwt secret provided"))
 	}

auth/email_link/link_start_auth.go

@@ -252,7 +252,7 @@ func (c *client) generateMagicLinkPayload(id *loginID, oldEmail string, now *tim
 		OldEmail:       oldEmail,
 		DeviceUniqueID: id.DeviceUniqueID,
 	})
-	payload, err := token.SignedString([]byte(c.cfg.EmailValidation.JwtSecret))
+	payload, err := token.SignedString([]byte(c.cfg.LoginSession.JwtSecret))
 	if err != nil {
 		return "", errors.Wrapf(err, "can't generate link payload for id:%#v,now:%v", id, now)
 	}

auth/email_link/link_verify.go

@@ -20,7 +20,7 @@ import (
 func (c *client) SignIn(ctx context.Context, loginSession, confirmationCode string) (tokens *Tokens, emailConfirmed bool, err error) {
 	now := time.Now()
 	var token loginFlowToken
-	if err = parseJwtToken(loginSession, c.cfg.EmailValidation.JwtSecret, &token); err != nil {
+	if err = parseJwtToken(loginSession, c.cfg.LoginSession.JwtSecret, &token); err != nil {
 		return nil, false, errors.Wrapf(err, "invalid login flow token:%v", loginSession)
 	}
 	email := token.Subject

go.mod

@@ -11,23 +11,23 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/ice-blockchain/go-tarantool-client v0.0.0-20230327200757-4fc71fa3f7bb
 	github.com/ice-blockchain/wintr v1.135.0
-	github.com/imroc/req/v3 v3.43.5
+	github.com/imroc/req/v3 v3.43.6
 	github.com/ip2location/ip2location-go/v9 v9.7.0
 	github.com/jackc/pgx/v5 v5.6.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/common v0.53.0
 	github.com/prometheus/prometheus v0.52.0
 	github.com/stretchr/testify v1.9.0
 	github.com/swaggo/swag v1.16.3
-	github.com/testcontainers/testcontainers-go v0.30.0
+	github.com/testcontainers/testcontainers-go v0.31.0
 	github.com/zeebo/xxh3 v1.0.2
 	golang.org/x/mod v0.17.0
 	golang.org/x/net v0.25.0
 )
 
 require (
 	cloud.google.com/go v0.114.0 // indirect
-	cloud.google.com/go/auth v0.4.2 // indirect
+	cloud.google.com/go/auth v0.5.0 // indirect
 	cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	cloud.google.com/go/firestore v1.15.0 // indirect
@@ -51,13 +51,13 @@ require (
 	github.com/cloudwego/base64x v0.1.4 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/containerd/cgroups/v3 v3.0.3 // indirect
-	github.com/containerd/containerd v1.7.15 // indirect
+	github.com/containerd/containerd v1.7.17 // indirect
 	github.com/containerd/errdefs v0.1.0 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/dennwc/varint v1.0.0 // indirect
 	github.com/distribution/reference v0.6.0 // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v26.0.1+incompatible // indirect
+	github.com/docker/docker v26.1.3+incompatible // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
@@ -164,9 +164,9 @@ require (
 	golang.org/x/tools v0.21.0 // indirect
 	google.golang.org/api v0.181.0 // indirect
 	google.golang.org/appengine/v2 v2.0.6 // indirect
-	google.golang.org/genproto v0.0.0-20240521202816-d264139d666e // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect
+	google.golang.org/genproto v0.0.0-20240528155852-a33235495d66 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240528155852-a33235495d66 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240528155852-a33235495d66 // indirect
 	google.golang.org/grpc v1.64.0 // indirect
 	google.golang.org/protobuf v1.34.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect

go.sum

@@ -1,8 +1,8 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY=
 cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E=
-cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg=
-cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc=
+cloud.google.com/go/auth v0.5.0 h1:GtSZfKJkPrZi/s3AkiHnUYVI4dTP/kg8+I3unm0omag=
+cloud.google.com/go/auth v0.5.0/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc=
 cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4=
 cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q=
 cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc=
@@ -220,8 +220,8 @@ github.com/ice-blockchain/go-tarantool-client v0.0.0-20230327200757-4fc71fa3f7bb
 github.com/ice-blockchain/go-tarantool-client v0.0.0-20230327200757-4fc71fa3f7bb/go.mod h1:ZsQU7i3mxhgBBu43Oev7WPFbIjP4TniN/b1UPNGbrq8=
 github.com/ice-blockchain/wintr v1.135.0 h1:jT+Jh6SAkYpYrrQrSLHh4nEGVwNYzosd5KjDZBE/25Q=
 github.com/ice-blockchain/wintr v1.135.0/go.mod h1:pVCNepiemtnyQ9j/oxchD3uZVP2B8v2LcFSb4e6/U/s=
-github.com/imroc/req/v3 v3.43.5 h1:fL7dOEfld+iEv1rwnIxseJz2/Y7JZ/HgbAURLZkat80=
-github.com/imroc/req/v3 v3.43.5/go.mod h1:SQIz5iYop16MJxbo8ib+4LnostGCok8NQf8ToyQc2xA=
+github.com/imroc/req/v3 v3.43.6 h1:DDbN6sIBfZliQXbtmhAhlPcCDxmx9awthbVKw29dAyQ=
+github.com/imroc/req/v3 v3.43.6/go.mod h1:SQIz5iYop16MJxbo8ib+4LnostGCok8NQf8ToyQc2xA=
 github.com/ip2location/ip2location-go/v9 v9.7.0 h1:ipwl67HOWcrw+6GOChkEXcreRQR37NabqBd2ayYa4Q0=
 github.com/ip2location/ip2location-go/v9 v9.7.0/go.mod h1:MPLnsKxwQlvd2lBNcQCsLoyzJLDBFizuO67wXXdzoyI=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
@@ -528,12 +528,12 @@ google.golang.org/appengine/v2 v2.0.6/go.mod h1:WoEXGoXNfa0mLvaH5sV3ZSGXwVmy8yf7
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20240521202816-d264139d666e h1:axIBUGXSVho2zB+3tJj8l9Qvm/El5vVYPYqhGA5PmJM=
-google.golang.org/genproto v0.0.0-20240521202816-d264139d666e/go.mod h1:gOvX/2dWTqh+u3+IHjFeCxinlz5AZ5qhOufbQPub/dE=
-google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e h1:SkdGTrROJl2jRGT/Fxv5QUf9jtdKCQh4KQJXbXVLAi0=
-google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e/go.mod h1:LweJcLbyVij6rCex8YunD8DYR5VDonap/jYl3ZRxcIU=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
+google.golang.org/genproto v0.0.0-20240528155852-a33235495d66 h1:6IA7E1OlRtIFenXkkABjdcbYNLXurpN1BO10krvLmUk=
+google.golang.org/genproto v0.0.0-20240528155852-a33235495d66/go.mod h1:gOvX/2dWTqh+u3+IHjFeCxinlz5AZ5qhOufbQPub/dE=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528155852-a33235495d66 h1:q5Vm4XD/BQ4bLPSIOEg5CjENqxW/wNchAP/GFCo0wVA=
+google.golang.org/genproto/googleapis/api v0.0.0-20240528155852-a33235495d66/go.mod h1:LweJcLbyVij6rCex8YunD8DYR5VDonap/jYl3ZRxcIU=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240528155852-a33235495d66 h1:Dr/7zyt2bNrIJig4n+eIWx98s8vpo/gjS0JwWrxWEok=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240528155852-a33235495d66/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=