updated the rules when linking OAuth2 by email

mails/record.go

@@ -12,6 +12,43 @@ import (
 	"github.com/pocketbase/pocketbase/tools/mailer"
 )
 
+// @todo remove after the refactoring
+//
+// SendRecordPasswordLoginAlert sends a OAuth2 password login alert to the specified auth record.
+func SendRecordPasswordLoginAlert(app core.App, authRecord *models.Record, providerNames ...string) error {
+	params := struct {
+		AppName       string
+		AppUrl        string
+		Record        *models.Record
+		ProviderNames []string
+	}{
+		AppName:       app.Settings().Meta.AppName,
+		AppUrl:        app.Settings().Meta.AppUrl,
+		Record:        authRecord,
+		ProviderNames: providerNames,
+	}
+
+	mailClient := app.NewMailClient()
+
+	// resolve body template
+	body, renderErr := resolveTemplateContent(params, templates.Layout, templates.PasswordLoginAlertBody)
+	if renderErr != nil {
+		return renderErr
+	}
+
+	message := &mailer.Message{
+		From: mail.Address{
+			Name:    app.Settings().Meta.SenderName,
+			Address: app.Settings().Meta.SenderAddress,
+		},
+		To:      []mail.Address{{Address: authRecord.Email()}},
+		Subject: "Password login alert",
+		HTML:    body,
+	}
+
+	return mailClient.Send(message)
+}
+
 // SendRecordPasswordReset sends a password reset request email to the specified user.
 func SendRecordPasswordReset(app core.App, authRecord *models.Record) error {
 	token, tokenErr := tokens.NewRecordResetPasswordToken(app, authRecord)

mails/record_test.go

@@ -8,6 +8,35 @@ import (
 	"github.com/pocketbase/pocketbase/tests"
 )
 
+func TestSendRecordPasswordLoginAlert(t *testing.T) {
+	t.Parallel()
+
+	testApp, _ := tests.NewTestApp()
+	defer testApp.Cleanup()
+
+	// ensure that action url normalization will be applied
+	testApp.Settings().Meta.AppUrl = "http://localhost:8090////"
+
+	user, _ := testApp.Dao().FindFirstRecordByData("users", "email", "test@example.com")
+
+	err := mails.SendRecordPasswordLoginAlert(testApp, user, "test1", "test2")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if testApp.TestMailer.TotalSend != 1 {
+		t.Fatalf("Expected one email to be sent, got %d", testApp.TestMailer.TotalSend)
+	}
+
+	expectedParts := []string{"using a password", "OAuth2", "test1", "test2", "auth linked"}
+
+	for _, part := range expectedParts {
+		if !strings.Contains(testApp.TestMailer.LastMessage.HTML, part) {
+			t.Fatalf("Couldn't find %s\n in\n %s", part, testApp.TestMailer.LastMessage.HTML)
+		}
+	}
+}
+
 func TestSendRecordPasswordReset(t *testing.T) {
 	t.Parallel()
 

mails/templates/password_login_alert.go

@@ -0,0 +1,30 @@
+package templates
+
+// Available variables:
+//
+// ```
+// Record        *models.Record
+// AppName       string
+// AppUrl        string
+// ProviderNames []string
+// ```
+const PasswordLoginAlertBody = `
+{{define "content"}}
+	<p>Hello,</p>
+	<p>
+		Just to let you know that someone has logged in to your {{.AppName}} account using a password while you already have
+		OAuth2
+		{{range $index, $provider := .ProviderNames }}
+			{{if $index}}|{{end}}
+		    {{ $provider }}
+		{{ end }}
+		auth linked.
+	</p>
+	<p>If you have recently signed in with a password, you may disregard this email.</p>
+	<p><strong>If you don't recognize the above action, you should immediately change your {{.AppName}} account password.</strong></p>
+	<p>
+	  Thanks,<br/>
+	  {{.AppName}} team
+	</p>
+{{end}}
+`