Check again email traces

backend/src/ee/services/audit-log/audit-log-types.ts

@@ -92,8 +92,8 @@ export enum EventType {
 
 interface UserActorMetadata {
   userId: string;
-  email?: string;
-  username?: string;
+  email?: string | null;
+  username: string;
 }
 
 interface ServiceActorMetadata {

backend/src/server/plugins/audit-log.ts

@@ -43,8 +43,8 @@ export const injectAuditLogInfo = fp(async (server: FastifyZodProvider) => {
       payload.actor = {
         type: ActorType.USER,
         metadata: {
-          email: req.auth.user.email as string | undefined,
-          username: req.auth.user.username as string | undefined,
+          email: req.auth.user.email,
+          username: req.auth.user.username,
           userId: req.permission.id
         }
       };

backend/src/server/routes/v1/admin-router.ts

@@ -94,6 +94,7 @@ export const registerAdminRouter = async (server: FastifyZodProvider) => {
         event: PostHogEventTypes.AdminInit,
         distinctId: user.user.username ?? "",
         properties: {
+          username: user.user.username,
           email: user.user.email ?? "",
           lastName: user.user.lastName || "",
           firstName: user.user.firstName || ""

backend/src/server/routes/v3/signup-router.ts

@@ -139,6 +139,7 @@ export const registerSignupRouter = async (server: FastifyZodProvider) => {
         event: PostHogEventTypes.UserSignedUp,
         distinctId: user.username ?? "",
         properties: {
+          username: user.username,
           email: user.email ?? "",
           attributionSource: req.body.attributionSource
         }

backend/src/services/auth/auth-login-service.ts

@@ -193,7 +193,7 @@ export const authLoginServiceFactory = ({ userDAL, tokenService, smtpService }:
       clientPublicKey: null
     });
     // send multi factor auth token if they it enabled
-    if (userEnc.isMfaEnabled) {
+    if (userEnc.isMfaEnabled && userEnc.email) {
       const mfaToken = jwt.sign(
         {
           authTokenType: AuthTokenType.MFA_TOKEN,
@@ -206,12 +206,10 @@ export const authLoginServiceFactory = ({ userDAL, tokenService, smtpService }:
         }
       );
 
-      if (userEnc.email) {
-        await sendUserMfaCode({
-          userId: userEnc.userId,
-          email: userEnc.email
-        });
-      }
+      await sendUserMfaCode({
+        userId: userEnc.userId,
+        email: userEnc.email
+      });
 
       return { isMfaEnabled: true, token: mfaToken } as const;
     }
@@ -271,7 +269,7 @@ export const authLoginServiceFactory = ({ userDAL, tokenService, smtpService }:
    * OAuth2 login for google,github, and other oauth2 provider
    * */
   const oauth2Login = async ({ email, firstName, lastName, authMethod, callbackPort }: TOauthLoginDTO) => {
-    let user = await userDAL.findUserByEmail(email);
+    let user = await userDAL.findUserByUsername(email);
     const serverCfg = await getServerCfg();
 
     const appCfg = getConfig();

backend/src/services/auth/auth-password-service.ts

@@ -99,7 +99,7 @@ export const authPaswordServiceFactory = ({
    * Email password reset flow via email. Step 1 send email
    */
   const sendPasswordResetEmail = async (email: string) => {
-    const user = await userDAL.findUserByEmail(email);
+    const user = await userDAL.findUserByUsername(email);
     // ignore as user is not found to avoid an outside entity to identify infisical registered accounts
     if (!user || (user && !user.isAccepted)) return;
 
@@ -126,7 +126,7 @@ export const authPaswordServiceFactory = ({
    * */
   const verifyPasswordResetEmail = async (email: string, code: string) => {
     const cfg = getConfig();
-    const user = await userDAL.findUserByEmail(email);
+    const user = await userDAL.findUserByUsername(email);
     // ignore as user is not found to avoid an outside entity to identify infisical registered accounts
     if (!user || (user && !user.isAccepted)) {
       throw new Error("Failed email verification for pass reset");

backend/src/services/auth/auth-signup-service.ts

@@ -44,7 +44,7 @@ export const authSignupServiceFactory = ({
       throw new Error("Provided a disposable email");
     }
 
-    let user = await userDAL.findUserByEmail(email);
+    let user = await userDAL.findUserByUsername(email);
     if (user && user.isAccepted) {
       // TODO(akhilmhdh-pg): copy as old one. this needs to be changed due to security issues
       throw new Error("Failed to send verification code for complete account");
@@ -70,7 +70,7 @@ export const authSignupServiceFactory = ({
   };
 
   const verifyEmailSignup = async (email: string, code: string) => {
-    const user = await userDAL.findUserByEmail(email);
+    const user = await userDAL.findUserByUsername(email);
     if (!user || (user && user.isAccepted)) {
       // TODO(akhilmhdh): copy as old one. this needs to be changed due to security issues
       throw new Error("Failed to send verification code for complete account");
@@ -152,7 +152,7 @@ export const authSignupServiceFactory = ({
     if (!organizationId) {
       await orgService.createOrganization({
         userId: user.id,
-        userEmail: user.email ?? user.username ?? "", // TODO: look into
+        userEmail: user.email ?? user.username,
         orgName: organizationName
       });
     }
@@ -219,7 +219,7 @@ export const authSignupServiceFactory = ({
     encryptedPrivateKeyTag,
     authorization
   }: TCompleteAccountInviteDTO) => {
-    const user = await userDAL.findUserByEmail(email);
+    const user = await userDAL.findUserByUsername(email);
     if (!user || (user && user.isAccepted)) {
       throw new Error("Failed to complete account for complete user");
     }

backend/src/services/org/org-service.ts

@@ -370,7 +370,7 @@ export const orgServiceFactory = ({
       });
     }
     const invitee = await orgDAL.transaction(async (tx) => {
-      const inviteeUser = await userDAL.findUserByEmail(inviteeEmail, tx);
+      const inviteeUser = await userDAL.findUserByUsername(inviteeEmail, tx);
       if (inviteeUser) {
         // if user already exist means its already part of infisical
         // Thus the signup flow is not needed anymore
@@ -461,7 +461,7 @@ export const orgServiceFactory = ({
    * magic link and issue a temporary signup token for user to complete setting up their account
    */
   const verifyUserToOrg = async ({ orgId, email, code }: TVerifyUserToOrgDTO) => {
-    const user = await userDAL.findUserByEmail(email);
+    const user = await userDAL.findUserByUsername(email);
     if (!user) {
       throw new BadRequestError({ message: "Invalid request", name: "Verify user to org" });
     }

backend/src/services/telemetry/telemetry-types.ts

@@ -37,6 +37,7 @@ export type TSecretModifiedEvent = {
 export type TAdminInitEvent = {
   event: PostHogEventTypes.AdminInit;
   properties: {
+    username: string;
     email: string;
     firstName: string;
     lastName: string;
@@ -46,6 +47,7 @@ export type TAdminInitEvent = {
 export type TUserSignedUpEvent = {
   event: PostHogEventTypes.UserSignedUp;
   properties: {
+    username: string;
     email: string;
     attributionSource?: string;
   };

backend/src/services/user/user-dal.ts

@@ -16,7 +16,7 @@ export type TUserDALFactory = ReturnType<typeof userDALFactory>;
 
 export const userDALFactory = (db: TDbClient) => {
   const userOrm = ormify(db, TableName.Users);
-  const findUserByEmail = async (email: string, tx?: Knex) => userOrm.findOne({ email }, tx);
+  const findUserByUsername = async (username: string, tx?: Knex) => userOrm.findOne({ username }, tx);
 
   // USER ENCRYPTION FUNCTIONS
   // -------------------------
@@ -121,7 +121,7 @@ export const userDALFactory = (db: TDbClient) => {
 
   return {
     ...userOrm,
-    findUserByEmail,
+    findUserByUsername,
     findUserEncKeyByUsername,
     findUserEncKeyByUserId,
     updateUserEncryptionByUserId,