feat: find user by email address

internal/api/admin.go

@@ -3,6 +3,7 @@ package api
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"strings"
 	"time"
@@ -44,6 +45,79 @@ type AdminListUsersResponse struct {
 	Aud   string         `json:"aud"`
 }
 
+const (
+	userIDParam = "user_id"
+	emailParam  = "email"
+)
+
+func (a *API) loadUserById(db *storage.Connection, userID uuid.UUID) (*models.User, error) {
+	u, err := models.FindUserByID(db, userID)
+	if err != nil {
+		if models.IsNotFoundError(err) {
+			return nil, notFoundError("User not found")
+		}
+		return nil, internalServerError("Database error loading user").WithInternalError(err)
+	}
+
+	return u, nil
+}
+
+func (a *API) loadUserByEmail(db *storage.Connection, userEmail string) (*models.User, error) {
+	u, err := models.FindUserByEmail(db, userEmail)
+	if err != nil {
+		if models.IsNotFoundError(err) {
+			return nil, notFoundError("user not found")
+		}
+		return nil, internalServerError("database error loading user").WithInternalError(err)
+	}
+
+	return u, nil
+}
+
+func (a *API) adminUserFind(w http.ResponseWriter, r *http.Request) error {
+	ctx := r.Context()
+	db := a.db.WithContext(ctx)
+
+	email := r.URL.Query().Get(emailParam)
+	userID := r.URL.Query().Get(userIDParam)
+
+	var user *models.User
+
+	if email == "" && userID == "" {
+		return badRequestError(fmt.Sprintf("%s or %s must be provided", emailParam, userIDParam))
+	} else if email != "" && userID != "" {
+		return badRequestError(fmt.Sprintf("only one of %s or %s must be provided", emailParam, userIDParam))
+	}
+
+	if email != "" {
+		observability.LogEntrySetField(r, emailParam, email)
+
+		email, err := validateEmail(email)
+		if err != nil {
+			return badRequestError("invalid email address provided")
+		}
+
+		user, err = a.loadUserByEmail(db, email)
+		if err != nil {
+			return err
+		}
+	} else {
+		userID, err := uuid.FromString(userID)
+		if err != nil {
+			return badRequestError("invalid user id provided")
+		}
+
+		observability.LogEntrySetField(r, userIDParam, userID)
+
+		user, err = a.loadUserById(db, userID)
+		if err != nil {
+			return err
+		}
+	}
+
+	return sendJSON(w, http.StatusOK, user)
+}
+
 func (a *API) loadUser(w http.ResponseWriter, r *http.Request) (context.Context, error) {
 	ctx := r.Context()
 	db := a.db.WithContext(ctx)
@@ -55,14 +129,10 @@ func (a *API) loadUser(w http.ResponseWriter, r *http.Request) (context.Context,
 
 	observability.LogEntrySetField(r, "user_id", userID)
 
-	u, err := models.FindUserByID(db, userID)
+	u, err := a.loadUserById(db, userID)
 	if err != nil {
-		if models.IsNotFoundError(err) {
-			return nil, notFoundError("User not found")
-		}
-		return nil, internalServerError("Database error loading user").WithInternalError(err)
+		return nil, err
 	}
-
 	return withUser(ctx, u), nil
 }
 

internal/api/admin_test.go

@@ -358,6 +358,58 @@ func (ts *AdminTestSuite) TestAdminUserCreate() {
 	}
 }
 
+// TestAdminUserFind_GetEmail tests API /admin/user/find?email=xyz route (GET)
+func (ts *AdminTestSuite) TestAdminUserFind_GetEmail() {
+	u, err := models.NewUser("12345678", "test1@example.com", "test", ts.Config.JWT.Aud, map[string]interface{}{"full_name": "Test Get User by Email"})
+	require.NoError(ts.T(), err, "Error making new user")
+	require.NoError(ts.T(), ts.API.db.Create(u), "Error creating user")
+
+	// Setup request
+	w := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/admin/users/find?email=%s", u.Email), nil)
+
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", ts.token))
+
+	ts.API.handler.ServeHTTP(w, req)
+	require.Equal(ts.T(), http.StatusOK, w.Code)
+
+	data := make(map[string]interface{})
+	require.NoError(ts.T(), json.NewDecoder(w.Body).Decode(&data))
+
+	assert.Equal(ts.T(), data["email"], "test1@example.com")
+	assert.NotNil(ts.T(), data["app_metadata"])
+	assert.NotNil(ts.T(), data["user_metadata"])
+	md := data["user_metadata"].(map[string]interface{})
+	assert.Len(ts.T(), md, 1)
+	assert.Equal(ts.T(), "Test Get User by Email", md["full_name"])
+}
+
+// TestAdminUserFind_GetUserID tests API /admin/user/find?email=xyz route (GET)
+func (ts *AdminTestSuite) TestAdminUserFind_GetUserID() {
+	u, err := models.NewUser("12345678", "test1@example.com", "test", ts.Config.JWT.Aud, map[string]interface{}{"full_name": "Test Get User by ID"})
+	require.NoError(ts.T(), err, "Error making new user")
+	require.NoError(ts.T(), ts.API.db.Create(u), "Error creating user")
+
+	// Setup request
+	w := httptest.NewRecorder()
+	req := httptest.NewRequest(http.MethodGet, fmt.Sprintf("/admin/users/find?user_id=%s", u.ID), nil)
+
+	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", ts.token))
+
+	ts.API.handler.ServeHTTP(w, req)
+	require.Equal(ts.T(), http.StatusOK, w.Code)
+
+	data := make(map[string]interface{})
+	require.NoError(ts.T(), json.NewDecoder(w.Body).Decode(&data))
+
+	assert.Equal(ts.T(), data["email"], "test1@example.com")
+	assert.NotNil(ts.T(), data["app_metadata"])
+	assert.NotNil(ts.T(), data["user_metadata"])
+	md := data["user_metadata"].(map[string]interface{})
+	assert.Len(ts.T(), md, 1)
+	assert.Equal(ts.T(), "Test Get User by ID", md["full_name"])
+}
+
 // TestAdminUserGet tests API /admin/user route (GET)
 func (ts *AdminTestSuite) TestAdminUserGet() {
 	u, err := models.NewUser("12345678", "test1@example.com", "test", ts.Config.JWT.Aud, map[string]interface{}{"full_name": "Test Get User"})

internal/api/api.go

@@ -249,6 +249,10 @@ func NewAPIWithVersion(ctx context.Context, globalConfig *conf.GlobalConfigurati
 					r.Put("/", api.adminUserUpdate)
 					r.Delete("/", api.adminUserDelete)
 				})
+
+				r.Route("/find", func(r *router) {
+					r.Get("/", api.adminUserFind)
+				})
 			})
 
 			r.Post("/generate_link", api.adminGenerateLink)

internal/models/user.go

@@ -453,6 +453,11 @@ func FindUserByID(tx *storage.Connection, id uuid.UUID) (*User, error) {
 	return findUser(tx, "instance_id = ? and id = ?", uuid.Nil, id)
 }
 
+// FindUserByEmail finds a user with the matching email address.
+func FindUserByEmail(tx *storage.Connection, email string) (*User, error) {
+	return findUser(tx, "instance_id = ? and LOWER(email) = ? and is_sso_user = false", uuid.Nil, strings.ToLower(email))
+}
+
 // FindUserByRecoveryToken finds a user with the matching recovery token.
 func FindUserByRecoveryToken(tx *storage.Connection, token string) (*User, error) {
 	return findUser(tx, "recovery_token = ? and is_sso_user = false", token)

internal/models/user_test.go

@@ -133,6 +133,15 @@ func (ts *UserTestSuite) TestFindUserByID() {
 	require.Equal(ts.T(), u.ID, n.ID)
 }
 
+func (ts *UserTestSuite) TestFindUserByEmail() {
+	u := ts.createUser()
+
+	n, err := FindUserByEmail(ts.db, u.GetEmail())
+	require.NoError(ts.T(), err)
+
+	require.Equal(ts.T(), u.ID, n.ID)
+}
+
 func (ts *UserTestSuite) TestFindUserByRecoveryToken() {
 	u := ts.createUser()
 	u.RecoveryToken = "asdf"

openapi.yaml

@@ -1438,6 +1438,51 @@ paths:
               schema:
                 $ref: "#/components/schemas/ErrorSchema"
 
+  /admin/users/find:
+    get:
+      summary: Find a user by email or user ID.
+      tags:
+        - admin
+      security:
+        - APIKeyAuth: []
+          AdminAuth: []
+      parameters:
+        - name: email
+          in: query
+          required: false
+          schema:
+            type: string
+            format: email
+        - name: user_id
+          in: query
+          required: false
+          schema:
+            type: string
+            format: uuid
+      responses:
+        200:
+          description: User details.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/UserSchema"
+        400:
+          description: Bad request. Either email or user_id must be provided, but not both.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorSchema"
+        401:
+          $ref: "#/components/responses/UnauthorizedResponse"
+        403:
+          $ref: "#/components/responses/ForbiddenResponse"
+        404:
+          description: User not found.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ErrorSchema"
+
   /admin/sso/providers:
     get:
       summary: Fetch a list of all registered SSO providers.