diff --git a/changelog.d/4-docs/WPB-24006 b/changelog.d/4-docs/WPB-24006
new file mode 100644
index 00000000000..6ac4fd17172
--- /dev/null
+++ b/changelog.d/4-docs/WPB-24006
@@ -0,0 +1 @@
+Updated docs for the team feature `validateSAMLemails`
diff --git a/docs/src/developer/reference/config-options.md b/docs/src/developer/reference/config-options.md
index 1db539323f6..1f64c439fcb 100644
--- a/docs/src/developer/reference/config-options.md
+++ b/docs/src/developer/reference/config-options.md
@@ -288,15 +288,17 @@ The lock status for individual teams can be changed via the internal API (`PUT /
The feature status for individual teams can be changed via the public API (if the feature is unlocked).
-### Validate SAML Emails
+### Require External Email Verification
-The feature only affects email address changes originating from SCIM or SAML. Personal users and team users provisioned through the team management app will *always* be validated.
+The external feature name `validateSAMLemails` is kept for backward compatibility, but it is misleading: the feature applies to email addresses originating from both SCIM and SAML, and it controls ownership verification rather than generic email validation.
-`enabled` means "user has authority over email address": if a new user account with an email address is created, the user behind the account will receive a validation email. If they follow the validation procedure, they will be able to receive emails about their account, eg., if a new device is associated with the account. If the user does not validate their email address, they can still use it to login.
+The feature only affects email address changes originating from SCIM or SAML. Personal users and team users provisioned through the team management app will *always* go through email verification.
-`disabled` means "team admin has authority over email address, and by extension over all member accounts": if a user account with an email address is created, the address is considered valid immediately, without any emails being sent out, and without confirmation from the recipient.
+`enabled` means "user has authority over email address": if a new user account with an email address is created, the user behind the account will receive a verification email. If they complete the verification flow, they will be able to receive emails about their account, eg., if a new device is associated with the account. If they do not verify their email address, they can still use it to log in.
-Validate SAML emails is enabled by default. To disable, use the following syntax:
+`disabled` means "team admin has authority over email address, and by extension over all member accounts": if a user account with an email address is created, the address is auto-activated immediately, without any verification email being sent and without confirmation from the recipient. The user can still receive later account notifications on that address, eg., if a new device is associated with the account.
+
+This feature is enabled by default. To disable it, use the following syntax:
```yaml
# galley.yaml
diff --git a/integration/integration.cabal b/integration/integration.cabal
index 88fede39a13..2a4fb71b60d 100644
--- a/integration/integration.cabal
+++ b/integration/integration.cabal
@@ -158,6 +158,7 @@ library
Test.FeatureFlags.MlsE2EId
Test.FeatureFlags.MlsMigration
Test.FeatureFlags.OutlookCalIntegration
+ Test.FeatureFlags.RequireExternalEmailVerification
Test.FeatureFlags.SearchVisibilityAvailable
Test.FeatureFlags.SearchVisibilityInbound
Test.FeatureFlags.SelfDeletingMessages
@@ -167,7 +168,6 @@ library
Test.FeatureFlags.StealthUsers
Test.FeatureFlags.User
Test.FeatureFlags.Util
- Test.FeatureFlags.ValidateSAMLEmails
Test.Federation
Test.Federator
Test.LegalHold
diff --git a/integration/test/Test/FeatureFlags/ValidateSAMLEmails.hs b/integration/test/Test/FeatureFlags/RequireExternalEmailVerification.hs
similarity index 80%
rename from integration/test/Test/FeatureFlags/ValidateSAMLEmails.hs
rename to integration/test/Test/FeatureFlags/RequireExternalEmailVerification.hs
index 9b4f581b873..5176382afcb 100644
--- a/integration/test/Test/FeatureFlags/ValidateSAMLEmails.hs
+++ b/integration/test/Test/FeatureFlags/RequireExternalEmailVerification.hs
@@ -15,19 +15,19 @@
-- You should have received a copy of the GNU Affero General Public License along
-- with this program. If not, see .
-module Test.FeatureFlags.ValidateSAMLEmails where
+module Test.FeatureFlags.RequireExternalEmailVerification where
import SetupHelpers
import Test.FeatureFlags.Util
import Testlib.Prelude
-testPatchValidateSAMLEmails :: (HasCallStack) => App ()
-testPatchValidateSAMLEmails =
+testPatchRequireExternalEmailVerification :: (HasCallStack) => App ()
+testPatchRequireExternalEmailVerification =
checkPatch OwnDomain "validateSAMLemails"
$ object ["status" .= "disabled"]
-testValidateSAMLEmailsInternal :: (HasCallStack) => App ()
-testValidateSAMLEmailsInternal = do
+testRequireExternalEmailVerification :: (HasCallStack) => App ()
+testRequireExternalEmailVerification = do
(alice, tid, _) <- createTeam OwnDomain 0
withWebSocket alice $ \ws -> do
setFlag InternalAPI ws tid "validateSAMLemails" disabled
diff --git a/integration/test/Test/Spar.hs b/integration/test/Test/Spar.hs
index 1169dad5345..27e622fb8b3 100644
--- a/integration/test/Test/Spar.hs
+++ b/integration/test/Test/Spar.hs
@@ -887,12 +887,12 @@ testSsoLoginAndEmailVerification = do
user %. "email" `shouldMatch` email
-- | This test may be covered by `testScimUpdateEmailAddress` and maybe can be removed.
-testSsoLoginNoSamlEmailValidation :: (HasCallStack) => TaggedBool "validateSAMLEmails" -> App ()
-testSsoLoginNoSamlEmailValidation (TaggedBool validateSAMLEmails) = do
+testSsoLoginNoSamlEmailValidation :: (HasCallStack) => TaggedBool "requireExternalEmailVerification" -> App ()
+testSsoLoginNoSamlEmailValidation (TaggedBool requireExternalEmailVerification) = do
(owner, tid, _) <- createTeam OwnDomain 1
emailDomain <- randomDomain
- let status = if validateSAMLEmails then "enabled" else "disabled"
+ let status = if requireExternalEmailVerification then "enabled" else "disabled"
assertSuccess =<< setTeamFeatureStatus owner tid "validateSAMLemails" status
void $ setTeamFeatureStatus owner tid "sso" "enabled"
@@ -910,7 +910,7 @@ testSsoLoginNoSamlEmailValidation (TaggedBool validateSAMLEmails) = do
eid = CI.original $ uref ^. SAML.uidSubject . to SAML.unsafeShowNameID
eid `shouldMatch` email
- when validateSAMLEmails $ do
+ when requireExternalEmailVerification $ do
getUsersId OwnDomain [uid] `bindResponse` \res -> do
res.status `shouldMatchInt` 200
user <- res.json & asList >>= assertOne
@@ -936,11 +936,11 @@ testSsoLoginNoSamlEmailValidation (TaggedBool validateSAMLEmails) = do
user %. "email" `shouldMatch` email
-- | create user with non-email externalId. then use put to add an email address.
-testScimUpdateEmailAddress :: (HasCallStack) => TaggedBool "extIdIsEmail" -> TaggedBool "validateSAMLEmails" -> App ()
-testScimUpdateEmailAddress (TaggedBool extIdIsEmail) (TaggedBool validateSAMLEmails) = do
+testScimUpdateEmailAddress :: (HasCallStack) => TaggedBool "extIdIsEmail" -> TaggedBool "requireExternalEmailVerification" -> App ()
+testScimUpdateEmailAddress (TaggedBool extIdIsEmail) (TaggedBool requireExternalEmailVerification) = do
(owner, tid, _) <- createTeam OwnDomain 1
- let status = if validateSAMLEmails then "enabled" else "disabled"
+ let status = if requireExternalEmailVerification then "enabled" else "disabled"
assertSuccess =<< setTeamFeatureStatus owner tid "validateSAMLemails" status
void $ setTeamFeatureStatus owner tid "sso" "enabled"
@@ -991,7 +991,7 @@ testScimUpdateEmailAddress (TaggedBool extIdIsEmail) (TaggedBool validateSAMLEma
res.status `shouldMatchInt` 200
res.json %. "emails" `shouldMatch` [object ["value" .= newEmail]]
- when validateSAMLEmails $ do
+ when requireExternalEmailVerification $ do
getUsersId OwnDomain [uid] `bindResponse` \res -> do
res.status `shouldMatchInt` 200
user <- res.json & asList >>= assertOne
@@ -1164,11 +1164,11 @@ testScimUpdateEmailAddressAndExternalId = do
user %. "status" `shouldMatch` "active"
user %. "email" `shouldMatch` newEmail1
-testScimLoginNoSamlEmailValidation :: (HasCallStack) => TaggedBool "validateSAMLEmails" -> App ()
-testScimLoginNoSamlEmailValidation (TaggedBool validateSAMLEmails) = do
+testScimLoginNoSamlEmailValidation :: (HasCallStack) => TaggedBool "requireExternalEmailVerification" -> App ()
+testScimLoginNoSamlEmailValidation (TaggedBool requireExternalEmailVerification) = do
(owner, tid, _) <- createTeam OwnDomain 1
- let status = if validateSAMLEmails then "enabled" else "disabled"
+ let status = if requireExternalEmailVerification then "enabled" else "disabled"
assertSuccess =<< setTeamFeatureStatus owner tid "validateSAMLemails" status
void $ setTeamFeatureStatus owner tid "sso" "enabled"
@@ -1187,7 +1187,7 @@ testScimLoginNoSamlEmailValidation (TaggedBool validateSAMLEmails) = do
res.status `shouldMatchInt` 200
res.json %. "id" `shouldMatch` uid
- when validateSAMLEmails $ do
+ when requireExternalEmailVerification $ do
getUsersId OwnDomain [uid] `bindResponse` \res -> do
res.status `shouldMatchInt` 200
user <- res.json & asList >>= assertOne
diff --git a/integration/test/Test/Spar/GetByEmail.hs b/integration/test/Test/Spar/GetByEmail.hs
index 5aab06a905a..e1bd65bf73d 100644
--- a/integration/test/Test/Spar/GetByEmail.hs
+++ b/integration/test/Test/Spar/GetByEmail.hs
@@ -28,10 +28,10 @@ import Testlib.Prelude
-- | Test the /sso/get-by-email endpoint with multi-ingress setup
testGetSsoCodeByEmailWithMultiIngress ::
(HasCallStack) =>
- TaggedBool "validateSAMLemails" ->
+ TaggedBool "requireExternalEmailVerification" ->
TaggedBool "idpScimToken" ->
App ()
-testGetSsoCodeByEmailWithMultiIngress (TaggedBool validateSAMLemails) (TaggedBool isIdPScimToken) = do
+testGetSsoCodeByEmailWithMultiIngress (TaggedBool requireExternalEmailVerification) (TaggedBool isIdPScimToken) = do
let ernieZHost = "nginz-https.ernie.example.com"
bertZHost = "nginz-https.bert.example.com"
@@ -65,7 +65,7 @@ testGetSsoCodeByEmailWithMultiIngress (TaggedBool validateSAMLemails) (TaggedBoo
assertSuccess =<< setTeamFeatureStatus domain tid "sso" "enabled"
-- The test should work for both: SCIM user with and without email confirmation
- let status = if validateSAMLemails then "enabled" else "disabled"
+ let status = if requireExternalEmailVerification then "enabled" else "disabled"
assertSuccess =<< setTeamFeatureStatus owner tid "validateSAMLemails" status
-- Create IdP for ernie domain
@@ -98,7 +98,7 @@ testGetSsoCodeByEmailWithMultiIngress (TaggedBool validateSAMLemails) (TaggedBoo
createScimUser domain scimToken scimUser >>= assertSuccess
if isIdPScimToken
- then when validateSAMLemails $ do
+ then when requireExternalEmailVerification $ do
-- Activate the email so the user can be found by email
activateEmail domain userEmail
else
@@ -124,15 +124,15 @@ testGetSsoCodeByEmailWithMultiIngress (TaggedBool validateSAMLemails) (TaggedBoo
ssoCodeStr `shouldMatch` idpIdBert
-- | Test the /sso/get-by-email endpoint with regular (non-multi-ingress) setup
-testGetSsoCodeByEmailRegular :: (HasCallStack) => (TaggedBool "validateSAMLemails") -> (TaggedBool "idpScimToken") -> App ()
-testGetSsoCodeByEmailRegular (TaggedBool validateSAMLemails) (TaggedBool isIdPScimToken) =
+testGetSsoCodeByEmailRegular :: (HasCallStack) => (TaggedBool "requireExternalEmailVerification") -> (TaggedBool "idpScimToken") -> App ()
+testGetSsoCodeByEmailRegular (TaggedBool requireExternalEmailVerification) (TaggedBool isIdPScimToken) =
withModifiedBackend def {sparCfg = setField "enableIdPByEmailDiscovery" True}
$ \domain -> do
(owner, tid, _) <- createTeam domain 1
void $ setTeamFeatureStatus owner tid "sso" "enabled"
-- The test should work for both: SCIM user with and without email confirmation
- let status = if validateSAMLemails then "enabled" else "disabled"
+ let status = if requireExternalEmailVerification then "enabled" else "disabled"
assertSuccess =<< setTeamFeatureStatus owner tid "validateSAMLemails" status
-- Create IdP without domain binding
@@ -156,7 +156,7 @@ testGetSsoCodeByEmailRegular (TaggedBool validateSAMLemails) (TaggedBool isIdPSc
createScimUser domain scimToken scimUser >>= assertSuccess
if isIdPScimToken
- then when validateSAMLemails $ do
+ then when requireExternalEmailVerification $ do
-- Activate the email so the user can be found by email
activateEmail domain userEmail
else
diff --git a/libs/wire-api/src/Wire/API/Routes/Features.hs b/libs/wire-api/src/Wire/API/Routes/Features.hs
index 92037cc45fe..5759e37659e 100644
--- a/libs/wire-api/src/Wire/API/Routes/Features.hs
+++ b/libs/wire-api/src/Wire/API/Routes/Features.hs
@@ -36,4 +36,6 @@ type family FeatureErrors cfg where
type family FeatureAPIDesc cfg where
FeatureAPIDesc EnforceFileDownloadLocationConfig =
"Custom feature: only supported on some dedicated on-prem systems.
"
+ FeatureAPIDesc RequireExternalEmailVerificationConfig =
+ "Controls whether externally managed email addresses (from SAML or SCIM) must be verified by the user, or are auto-activated.
The external feature name is kept as validateSAMLemails for backward compatibility. That name is misleading because the feature also applies to SCIM-managed users, and it controls email ownership verification rather than generic email validation.
"
FeatureAPIDesc _ = ""
diff --git a/libs/wire-api/src/Wire/API/Routes/Public/Galley/Feature.hs b/libs/wire-api/src/Wire/API/Routes/Public/Galley/Feature.hs
index b326f6e7715..2083e829754 100644
--- a/libs/wire-api/src/Wire/API/Routes/Public/Galley/Feature.hs
+++ b/libs/wire-api/src/Wire/API/Routes/Public/Galley/Feature.hs
@@ -42,7 +42,7 @@ type FeatureAPI =
:<|> FeatureAPIGetPut SearchVisibilityAvailableConfig
:<|> SearchVisibilityGet
:<|> SearchVisibilitySet
- :<|> FeatureAPIGet ValidateSAMLEmailsConfig
+ :<|> FeatureAPIGet RequireExternalEmailVerificationConfig
:<|> FeatureAPIGet DigitalSignaturesConfig
:<|> FeatureAPIGetPut AppLockConfig
:<|> FeatureAPIGetPut FileSharingConfig
@@ -108,7 +108,7 @@ type DeprecatedFeatureConfigs =
[ LegalholdConfig,
SSOConfig,
SearchVisibilityAvailableConfig,
- ValidateSAMLEmailsConfig,
+ RequireExternalEmailVerificationConfig,
DigitalSignaturesConfig,
AppLockConfig,
FileSharingConfig,
@@ -129,7 +129,7 @@ type family AllDeprecatedFeatureConfigAPI cfgs where
type DeprecatedFeatureAPI =
FeatureStatusDeprecatedGet DeprecationNotice1 SearchVisibilityAvailableConfig V2
:<|> FeatureStatusDeprecatedPut DeprecationNotice1 SearchVisibilityAvailableConfig V2
- :<|> FeatureStatusDeprecatedGet DeprecationNotice1 ValidateSAMLEmailsConfig V2
+ :<|> FeatureStatusDeprecatedGet DeprecationNotice1 RequireExternalEmailVerificationConfig V2
:<|> FeatureStatusDeprecatedGet DeprecationNotice2 DigitalSignaturesConfig V2
type FeatureAPIGet cfg =
diff --git a/libs/wire-api/src/Wire/API/Team/Feature.hs b/libs/wire-api/src/Wire/API/Team/Feature.hs
index e1bd98a718e..15117fde387 100644
--- a/libs/wire-api/src/Wire/API/Team/Feature.hs
+++ b/libs/wire-api/src/Wire/API/Team/Feature.hs
@@ -61,7 +61,7 @@ module Wire.API.Team.Feature
SearchVisibilityAvailableConfig (..),
SelfDeletingMessagesConfigB (..),
SelfDeletingMessagesConfig,
- ValidateSAMLEmailsConfig (..),
+ RequireExternalEmailVerificationConfig (..),
DigitalSignaturesConfig (..),
ConferenceCallingConfigB (..),
ConferenceCallingConfig,
@@ -256,7 +256,7 @@ data FeatureSingleton cfg where
FeatureSingletonLegalholdConfig :: FeatureSingleton LegalholdConfig
FeatureSingletonSSOConfig :: FeatureSingleton SSOConfig
FeatureSingletonSearchVisibilityAvailableConfig :: FeatureSingleton SearchVisibilityAvailableConfig
- FeatureSingletonValidateSAMLEmailsConfig :: FeatureSingleton ValidateSAMLEmailsConfig
+ FeatureSingletonRequireExternalEmailVerificationConfig :: FeatureSingleton RequireExternalEmailVerificationConfig
FeatureSingletonDigitalSignaturesConfig :: FeatureSingleton DigitalSignaturesConfig
FeatureSingletonConferenceCallingConfig :: FeatureSingleton ConferenceCallingConfig
FeatureSingletonSndFactorPasswordChallengeConfig :: FeatureSingleton SndFactorPasswordChallengeConfig
@@ -753,29 +753,35 @@ instance ToSchema SearchVisibilityAvailableConfig where
type instance DeprecatedFeatureName V2 SearchVisibilityAvailableConfig = "search-visibility"
--------------------------------------------------------------------------------
--- ValidateSAMLEmails feature
+-- RequireExternalEmailVerification feature
--- | This feature does not have a PUT endpoint. See Note [unsettable features].
-data ValidateSAMLEmailsConfig = ValidateSAMLEmailsConfig
+-- | Controls whether externally managed email addresses (from SAML or SCIM)
+-- must be verified by the user, or are auto-activated. When disabled, no
+-- verification email is sent, but the address is still activated immediately
+-- and can receive later account notifications such as new-device emails.
+-- The external feature name is kept for backward compatibility.
+--
+-- (This feature does not have a PUT endpoint. See Note [unsettable features].)
+data RequireExternalEmailVerificationConfig = RequireExternalEmailVerificationConfig
deriving (Eq, Show, Generic, GSOP.Generic)
- deriving (Arbitrary) via (GenericUniform ValidateSAMLEmailsConfig)
- deriving (RenderableSymbol) via (RenderableTypeName ValidateSAMLEmailsConfig)
- deriving (ParseDbFeature, Default) via (TrivialFeature ValidateSAMLEmailsConfig)
+ deriving (Arbitrary) via (GenericUniform RequireExternalEmailVerificationConfig)
+ deriving (RenderableSymbol) via (RenderableTypeName RequireExternalEmailVerificationConfig)
+ deriving (ParseDbFeature, Default) via (TrivialFeature RequireExternalEmailVerificationConfig)
-instance ToSchema ValidateSAMLEmailsConfig where
- schema = object "ValidateSAMLEmailsConfig" objectSchema
+instance ToSchema RequireExternalEmailVerificationConfig where
+ schema = object "RequireExternalEmailVerificationConfig" objectSchema
-instance Default (LockableFeature ValidateSAMLEmailsConfig) where
+instance Default (LockableFeature RequireExternalEmailVerificationConfig) where
def = defUnlockedFeature
-instance ToObjectSchema ValidateSAMLEmailsConfig where
- objectSchema = pure ValidateSAMLEmailsConfig
+instance ToObjectSchema RequireExternalEmailVerificationConfig where
+ objectSchema = pure RequireExternalEmailVerificationConfig
-instance IsFeatureConfig ValidateSAMLEmailsConfig where
- type FeatureSymbol ValidateSAMLEmailsConfig = "validateSAMLemails"
- featureSingleton = FeatureSingletonValidateSAMLEmailsConfig
+instance IsFeatureConfig RequireExternalEmailVerificationConfig where
+ type FeatureSymbol RequireExternalEmailVerificationConfig = "validateSAMLemails"
+ featureSingleton = FeatureSingletonRequireExternalEmailVerificationConfig
-type instance DeprecatedFeatureName V2 ValidateSAMLEmailsConfig = "validate-saml-emails"
+type instance DeprecatedFeatureName V2 RequireExternalEmailVerificationConfig = "validate-saml-emails"
--------------------------------------------------------------------------------
-- DigitalSignatures feature
@@ -2207,7 +2213,7 @@ type Features =
SSOConfig,
SearchVisibilityAvailableConfig,
SearchVisibilityInboundConfig,
- ValidateSAMLEmailsConfig,
+ RequireExternalEmailVerificationConfig,
DigitalSignaturesConfig,
AppLockConfig,
FileSharingConfig,
diff --git a/libs/wire-api/src/Wire/API/Team/FeatureFlags.hs b/libs/wire-api/src/Wire/API/Team/FeatureFlags.hs
index fa743d9c7fc..7915eb9a126 100644
--- a/libs/wire-api/src/Wire/API/Team/FeatureFlags.hs
+++ b/libs/wire-api/src/Wire/API/Team/FeatureFlags.hs
@@ -182,19 +182,19 @@ newtype instance FeatureDefaults SearchVisibilityInboundConfig
deriving (FromJSON, ToJSON) via Defaults (Feature SearchVisibilityInboundConfig)
deriving (ParseFeatureDefaults) via OptionalField SearchVisibilityInboundConfig
-newtype instance FeatureDefaults ValidateSAMLEmailsConfig
- = ValidateSAMLEmailsDefaults (Feature ValidateSAMLEmailsConfig)
+newtype instance FeatureDefaults RequireExternalEmailVerificationConfig
+ = RequireExternalEmailVerificationDefaults (Feature RequireExternalEmailVerificationConfig)
deriving stock (Eq, Show)
deriving newtype (Default, GetFeatureDefaults)
- deriving (FromJSON, ToJSON) via Defaults (Feature ValidateSAMLEmailsConfig)
+ deriving (FromJSON, ToJSON) via Defaults (Feature RequireExternalEmailVerificationConfig)
-instance ParseFeatureDefaults (FeatureDefaults ValidateSAMLEmailsConfig) where
+instance ParseFeatureDefaults (FeatureDefaults RequireExternalEmailVerificationConfig) where
parseFeatureDefaults obj =
do
-- Accept the legacy typo in config input for backward compatibility,
-- but prefer the canonical feature key when both are present.
- mCanonical :: Maybe (FeatureDefaults ValidateSAMLEmailsConfig) <- obj .:? featureKey @ValidateSAMLEmailsConfig
- mLegacy :: Maybe (FeatureDefaults ValidateSAMLEmailsConfig) <- obj .:? "validateSAMLEmails"
+ mCanonical :: Maybe (FeatureDefaults RequireExternalEmailVerificationConfig) <- obj .:? featureKey @RequireExternalEmailVerificationConfig
+ mLegacy :: Maybe (FeatureDefaults RequireExternalEmailVerificationConfig) <- obj .:? "validateSAMLEmails"
pure $ fromMaybe def (mCanonical <|> mLegacy)
data instance FeatureDefaults DigitalSignaturesConfig = DigitalSignaturesDefaults
diff --git a/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/Feature_team.hs b/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/Feature_team.hs
index 540fa355c3f..63ca21f3541 100644
--- a/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/Feature_team.hs
+++ b/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/Feature_team.hs
@@ -56,8 +56,8 @@ testObject_Feature_team_10 = Feature FeatureStatusDisabled SSOConfig
testObject_Feature_team_11 :: Feature SearchVisibilityAvailableConfig
testObject_Feature_team_11 = Feature FeatureStatusEnabled SearchVisibilityAvailableConfig
-testObject_Feature_team_12 :: Feature ValidateSAMLEmailsConfig
-testObject_Feature_team_12 = Feature FeatureStatusDisabled ValidateSAMLEmailsConfig
+testObject_Feature_team_12 :: Feature RequireExternalEmailVerificationConfig
+testObject_Feature_team_12 = Feature FeatureStatusDisabled RequireExternalEmailVerificationConfig
testObject_Feature_team_13 :: Feature DigitalSignaturesConfig
testObject_Feature_team_13 = Feature FeatureStatusEnabled DigitalSignaturesConfig
diff --git a/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/LockableFeaturePatch_team.hs b/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/LockableFeaturePatch_team.hs
index 478398eb383..b8da4386055 100644
--- a/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/LockableFeaturePatch_team.hs
+++ b/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/LockableFeaturePatch_team.hs
@@ -56,8 +56,8 @@ testObject_LockableFeaturePatch_team_10 = LockableFeaturePatch (Just FeatureStat
testObject_LockableFeaturePatch_team_11 :: LockableFeaturePatch SearchVisibilityAvailableConfig
testObject_LockableFeaturePatch_team_11 = LockableFeaturePatch (Just FeatureStatusEnabled) (Just LockStatusLocked) (Just SearchVisibilityAvailableConfig)
-testObject_LockableFeaturePatch_team_12 :: LockableFeaturePatch ValidateSAMLEmailsConfig
-testObject_LockableFeaturePatch_team_12 = LockableFeaturePatch (Just FeatureStatusDisabled) Nothing (Just ValidateSAMLEmailsConfig)
+testObject_LockableFeaturePatch_team_12 :: LockableFeaturePatch RequireExternalEmailVerificationConfig
+testObject_LockableFeaturePatch_team_12 = LockableFeaturePatch (Just FeatureStatusDisabled) Nothing (Just RequireExternalEmailVerificationConfig)
testObject_LockableFeaturePatch_team_13 :: LockableFeaturePatch DigitalSignaturesConfig
testObject_LockableFeaturePatch_team_13 = LockableFeaturePatch (Just FeatureStatusEnabled) (Just LockStatusLocked) (Just DigitalSignaturesConfig)
diff --git a/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/LockableFeature_team.hs b/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/LockableFeature_team.hs
index 2cfb3a4cdbd..b6e17ed1334 100644
--- a/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/LockableFeature_team.hs
+++ b/libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/LockableFeature_team.hs
@@ -58,8 +58,8 @@ testObject_LockableFeature_team_10 = LockableFeature FeatureStatusDisabled LockS
testObject_LockableFeature_team_11 :: LockableFeature SearchVisibilityAvailableConfig
testObject_LockableFeature_team_11 = LockableFeature FeatureStatusEnabled LockStatusLocked SearchVisibilityAvailableConfig
-testObject_LockableFeature_team_12 :: LockableFeature ValidateSAMLEmailsConfig
-testObject_LockableFeature_team_12 = LockableFeature FeatureStatusDisabled LockStatusLocked ValidateSAMLEmailsConfig
+testObject_LockableFeature_team_12 :: LockableFeature RequireExternalEmailVerificationConfig
+testObject_LockableFeature_team_12 = LockableFeature FeatureStatusDisabled LockStatusLocked RequireExternalEmailVerificationConfig
testObject_LockableFeature_team_13 :: LockableFeature DigitalSignaturesConfig
testObject_LockableFeature_team_13 = LockableFeature FeatureStatusEnabled LockStatusLocked DigitalSignaturesConfig
diff --git a/libs/wire-subsystems/src/Wire/FeaturesConfigSubsystem/Types.hs b/libs/wire-subsystems/src/Wire/FeaturesConfigSubsystem/Types.hs
index d581888dd0f..4a13a8947b1 100644
--- a/libs/wire-subsystems/src/Wire/FeaturesConfigSubsystem/Types.hs
+++ b/libs/wire-subsystems/src/Wire/FeaturesConfigSubsystem/Types.hs
@@ -71,7 +71,7 @@ instance GetFeatureConfig SSOConfig
instance GetFeatureConfig SearchVisibilityAvailableConfig
-instance GetFeatureConfig ValidateSAMLEmailsConfig
+instance GetFeatureConfig RequireExternalEmailVerificationConfig
instance GetFeatureConfig DigitalSignaturesConfig
diff --git a/services/galley/src/Galley/API/Public/Feature.hs b/services/galley/src/Galley/API/Public/Feature.hs
index 81f8d6247c8..0c55a19471b 100644
--- a/services/galley/src/Galley/API/Public/Feature.hs
+++ b/services/galley/src/Galley/API/Public/Feature.hs
@@ -43,7 +43,7 @@ featureAPI =
<@> featureAPIGetPut
<@> mkNamedAPI @"get-search-visibility" getSearchVisibility
<@> mkNamedAPI @"set-search-visibility" (setSearchVisibility (featureEnabledForTeam @SearchVisibilityAvailableConfig))
- <@> mkNamedAPI @'("get", ValidateSAMLEmailsConfig) getFeature
+ <@> mkNamedAPI @'("get", RequireExternalEmailVerificationConfig) getFeature
<@> mkNamedAPI @'("get", DigitalSignaturesConfig) getFeature
<@> featureAPIGetPut
<@> featureAPIGetPut
@@ -86,7 +86,7 @@ deprecatedFeatureConfigAPI :: API DeprecatedFeatureAPI GalleyEffects
deprecatedFeatureConfigAPI =
mkNamedAPI @'("get-deprecated", '(SearchVisibilityAvailableConfig, V2)) getFeature
<@> mkNamedAPI @'("put-deprecated", '(SearchVisibilityAvailableConfig, V2)) setFeature
- <@> mkNamedAPI @'("get-deprecated", '(ValidateSAMLEmailsConfig, V2)) getFeature
+ <@> mkNamedAPI @'("get-deprecated", '(RequireExternalEmailVerificationConfig, V2)) getFeature
<@> mkNamedAPI @'("get-deprecated", '(DigitalSignaturesConfig, V2)) getFeature
deprecatedFeatureAPI :: API (AllDeprecatedFeatureConfigAPI DeprecatedFeatureConfigs) GalleyEffects
@@ -94,7 +94,7 @@ deprecatedFeatureAPI =
mkNamedAPI @'("get-config", LegalholdConfig) getSingleFeatureForUser
<@> mkNamedAPI @'("get-config", SSOConfig) getSingleFeatureForUser
<@> mkNamedAPI @'("get-config", SearchVisibilityAvailableConfig) getSingleFeatureForUser
- <@> mkNamedAPI @'("get-config", ValidateSAMLEmailsConfig) getSingleFeatureForUser
+ <@> mkNamedAPI @'("get-config", RequireExternalEmailVerificationConfig) getSingleFeatureForUser
<@> mkNamedAPI @'("get-config", DigitalSignaturesConfig) getSingleFeatureForUser
<@> mkNamedAPI @'("get-config", AppLockConfig) getSingleFeatureForUser
<@> mkNamedAPI @'("get-config", FileSharingConfig) getSingleFeatureForUser
diff --git a/services/galley/src/Galley/API/Teams/Features.hs b/services/galley/src/Galley/API/Teams/Features.hs
index b74003df0c3..ea705bcb79a 100644
--- a/services/galley/src/Galley/API/Teams/Features.hs
+++ b/services/galley/src/Galley/API/Teams/Features.hs
@@ -323,7 +323,7 @@ instance SetFeatureConfig SearchVisibilityAvailableConfig where
FeatureStatusEnabled -> pure ()
FeatureStatusDisabled -> SearchVisibilityData.resetSearchVisibility tid
-instance SetFeatureConfig ValidateSAMLEmailsConfig
+instance SetFeatureConfig RequireExternalEmailVerificationConfig
instance SetFeatureConfig DigitalSignaturesConfig
diff --git a/services/spar/src/Spar/Intra/Galley.hs b/services/spar/src/Spar/Intra/Galley.hs
index b938931c56a..31e3e89ba88 100644
--- a/services/spar/src/Spar/Intra/Galley.hs
+++ b/services/spar/src/Spar/Intra/Galley.hs
@@ -108,7 +108,7 @@ isEmailValidationEnabledTeam tid = do
resp <- call $ method GET . paths ["i", "teams", toByteString' tid, "features", "validateSAMLemails"]
pure
( statusCode resp == 200
- && ( ((.status) <$> responseJsonMaybe @(LockableFeature ValidateSAMLEmailsConfig) resp)
+ && ( ((.status) <$> responseJsonMaybe @(LockableFeature RequireExternalEmailVerificationConfig) resp)
== Just FeatureStatusEnabled
)
)
diff --git a/services/spar/test-integration/Util/Email.hs b/services/spar/test-integration/Util/Email.hs
index 0809638ef2a..b9bf4761eed 100644
--- a/services/spar/test-integration/Util/Email.hs
+++ b/services/spar/test-integration/Util/Email.hs
@@ -102,6 +102,6 @@ activate brig (k, c) =
setSamlEmailValidation :: (HasCallStack) => TeamId -> Feature.FeatureStatus -> TestSpar ()
setSamlEmailValidation tid status = do
galley <- view teGalley
- let req = put $ galley . paths p . json (Feature.Feature @Feature.ValidateSAMLEmailsConfig status Feature.ValidateSAMLEmailsConfig)
- p = ["/i/teams", toByteString' tid, "features", Feature.featureNameBS @Feature.ValidateSAMLEmailsConfig]
+ let req = put $ galley . paths p . json (Feature.Feature @Feature.RequireExternalEmailVerificationConfig status Feature.RequireExternalEmailVerificationConfig)
+ p = ["/i/teams", toByteString' tid, "features", Feature.featureNameBS @Feature.RequireExternalEmailVerificationConfig]
call req !!! const 200 === statusCode
diff --git a/tools/db/migrate-features/src/Work.hs b/tools/db/migrate-features/src/Work.hs
index 79e1e1c4ff9..8aef63d20dd 100644
--- a/tools/db/migrate-features/src/Work.hs
+++ b/tools/db/migrate-features/src/Work.hs
@@ -375,7 +375,7 @@ writeFeatures
(def :: LockableFeaturePatch SSOConfig) {status = sso_status}
writeFeature team_id $
- (def :: LockableFeaturePatch ValidateSAMLEmailsConfig)
+ (def :: LockableFeaturePatch RequireExternalEmailVerificationConfig)
{ status = validate_saml_emails
}
diff --git a/tools/stern/src/Stern/API.hs b/tools/stern/src/Stern/API.hs
index 7553ec8e5b3..dd1b104d67a 100644
--- a/tools/stern/src/Stern/API.hs
+++ b/tools/stern/src/Stern/API.hs
@@ -155,8 +155,8 @@ sitemap' =
:<|> Named @"put-route-sso-config" (mkFeatureStatusPutRoute @SSOConfig)
:<|> Named @"get-route-search-visibility-available-config" (mkFeatureGetRoute @SearchVisibilityAvailableConfig)
:<|> Named @"put-route-search-visibility-available-config" (mkFeatureStatusPutRoute @SearchVisibilityAvailableConfig)
- :<|> Named @"get-route-validate-saml-emails-config" (mkFeatureGetRoute @ValidateSAMLEmailsConfig)
- :<|> Named @"put-route-validate-saml-emails-config" (mkFeatureStatusPutRoute @ValidateSAMLEmailsConfig)
+ :<|> Named @"get-route-validate-saml-emails-config" (mkFeatureGetRoute @RequireExternalEmailVerificationConfig)
+ :<|> Named @"put-route-validate-saml-emails-config" (mkFeatureStatusPutRoute @RequireExternalEmailVerificationConfig)
:<|> Named @"get-route-digital-signatures-config" (mkFeatureGetRoute @DigitalSignaturesConfig)
:<|> Named @"put-route-digital-signatures-config" (mkFeatureStatusPutRoute @DigitalSignaturesConfig)
:<|> Named @"get-route-file-sharing-config" (mkFeatureGetRoute @FileSharingConfig)
diff --git a/tools/stern/src/Stern/API/Routes.hs b/tools/stern/src/Stern/API/Routes.hs
index ef0222fdbb2..d3152fe4158 100644
--- a/tools/stern/src/Stern/API/Routes.hs
+++ b/tools/stern/src/Stern/API/Routes.hs
@@ -256,8 +256,8 @@ type SternAPI =
:<|> Named "put-route-sso-config" (MkFeatureStatusPutRoute SSOConfig)
:<|> Named "get-route-search-visibility-available-config" (MkFeatureGetRoute SearchVisibilityAvailableConfig)
:<|> Named "put-route-search-visibility-available-config" (MkFeatureStatusPutRoute SearchVisibilityAvailableConfig)
- :<|> Named "get-route-validate-saml-emails-config" (MkFeatureGetRoute ValidateSAMLEmailsConfig)
- :<|> Named "put-route-validate-saml-emails-config" (MkFeatureStatusPutRoute ValidateSAMLEmailsConfig)
+ :<|> Named "get-route-validate-saml-emails-config" (MkFeatureGetRoute RequireExternalEmailVerificationConfig)
+ :<|> Named "put-route-validate-saml-emails-config" (MkFeatureStatusPutRoute RequireExternalEmailVerificationConfig)
:<|> Named "get-route-digital-signatures-config" (MkFeatureGetRoute DigitalSignaturesConfig)
:<|> Named "put-route-digital-signatures-config" (MkFeatureStatusPutRoute DigitalSignaturesConfig)
:<|> Named "get-route-file-sharing-config" (MkFeatureGetRoute FileSharingConfig)
diff --git a/tools/stern/test/integration/API.hs b/tools/stern/test/integration/API.hs
index 7d80f83d9f4..942e2e6bc2a 100644
--- a/tools/stern/test/integration/API.hs
+++ b/tools/stern/test/integration/API.hs
@@ -87,7 +87,7 @@ tests s =
test s "GET /teams/:tid/admins" testGetTeamAdminInfo,
test s "/teams/:tid/features/legalhold" testLegalholdConfig,
test s "/teams/:tid/features/sso" $ testFeatureStatus @SSOConfig,
- test s "/teams/:tid/features/validateSamlEmails" $ testFeatureStatus @ValidateSAMLEmailsConfig,
+ test s "/teams/:tid/features/validateSamlEmails" $ testFeatureStatus @RequireExternalEmailVerificationConfig,
test s "/teams/:tid/features/digitalSignatures" $ testFeatureStatus @DigitalSignaturesConfig,
test s "/teams/:tid/features/fileSharing" $ testFeatureStatus @FileSharingConfig,
test s "/teams/:tid/features/conference-calling" $ testFeatureStatusOptTtl defConfCalling (Just FeatureTTLUnlimited),