Add support for custom URLs for email verification

[DanielBiegler]

Scope

What's changed:

• New Env Var USER_REGISTER_URL_ALLOW_LIST similar to USER_INVITE_URL_ALLOW_LIST
• Initial doc (misses link to API-doc since it doesnt exist yet)
• Register payload accepts a new Url parameter
• If said parameter is set, you must configure the env var (just like with invites)
• If said parameter is set and valid, the verification URL inside of the email is now your specified url allowing you to build a custom verification page outside the data studio

Potential Risks / Drawbacks

• This follows the logic how invites work but we could change it to do the validation inside of the joi schema

Review Notes / Questions

• We might want to change the env var to USER_VERIFY_URL_ALLOW_LIST to make it more clear that this is pertaining to verification and not registration for example but thats a minor thing

---

Fixes #22561

[changeset-bot]

🦋 Changeset detected

Latest commit: 47d6cf3

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 9 packages

Name	Type
@directus/types	Patch
@directus/env	Patch
@directus/api	Minor
@directus/sdk	Patch
@directus/extensions-sdk	Patch
@directus/extensions	Patch
directus	Patch
create-directus-extension	Patch
@directus/extensions-registry	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[phazonoverload]

Feel free to merge - the rest isn't documented anyway. I'm working on it and will incorporate this ;)

[paescuj]

🎉

[shubham-am-i]

Hi Team,

I'm encountering an issue with the recent update that adds support for custom URLs in email verification. Despite the fix being merged and the verification_url now included, I still receive an error indicating an invalid payload. Here are the details:

{ "errors": [ { "message": "Invalid payload. \"verification_url\" is not allowed.", "extensions": { "code": "INVALID_PAYLOAD", "reason": "\"verification_url\" is not allowed" } } ] }

Context
This issue arises when attempting to utilize the new verification_url parameter in the registration payload. According to the merged PR (#22565), the payload should accept a new Url parameter, provided that the appropriate environment variable (USER_REGISTER_URL_ALLOW_LIST) is configured.

Steps Taken

1. Environment Variable Configuration:
   Set the USER_REGISTER_URL_ALLOW_LIST environment variable, mirroring the logic used for USER_INVITE_URL_ALLOW_LIST.
2. Verified that the environment variable is correctly loaded by the application.
3. Payload Structure:
   Constructed the registration payload with the verification_url parameter, ensuring it adheres to the expected format.
   Verification:
4. Checked the codebase to ensure the recent changes from PR Add support for custom URLs for email verification #22565 are present and correctly integrated.

Potential Issues

1. Schema Validation: There might be an oversight in the Joi schema validation, where the new verification_url parameter isn't yet recognized or allowed.
2. Environment Variable Misconfiguration: Although unlikely, there could be a misconfiguration or misinterpretation of the environment variable setup.
3. Documentation Gap: The initial documentation mentions a missing link to the API documentation, which might be crucial for understanding the exact requirements and constraints of the new parameter.

Request for Assistance
Could you please review the schema validation logic to confirm that the verification_url parameter is correctly permitted? Additionally, any updates or clarifications in the documentation regarding the usage and setup of this new feature would be greatly appreciated.

Thank you for your attention to this matter. Looking forward to your guidance on resolving this issue.

[DanielBiegler]

Hey @shubham-am-i it sounds like youre not on the latest version v10.11.2 - it is confirmed to work.

For example:

USER_REGISTER_URL_ALLOW_LIST=http://asd.de

And then an API request like the following:

curljson \
-d '{ "email": "[email protected]", "password": "test", "verification_url": "http://asd.de" }' \
<YOUR-DIRECTUS-URL-HERE>/users/register

works and correctly uses the verification URL inside of the email.

Please verify that youre on the correct Directus version and are POSTing to the correct URL /users/register

If you have further troubles please provide your settings and api request in a new issue instead of this PR - Thank you! :)