feat(marketing-initiated-premium): (Auth) [PM-27541] Add optional marketing param to email verification link (#6604)

rr-bw · web-flow · commit 5fb69e42b08f · 2025-11-24T15:06:16.000-08:00
Adds an optional `&amp;fromMarketing=premium` query parameter to the verification email link.

Feature flag: `"pm-26140-marketing-initiated-premium-flow"`
diff --git a/src/Core/Auth/Models/Mail/RegisterVerifyEmail.cs b/src/Core/Auth/Models/Mail/RegisterVerifyEmail.cs
@@ -15,11 +15,13 @@ public class RegisterVerifyEmail : BaseMailModel
     // so we must land on a redirect connector which will redirect to the finish signup page.
     // Note 3: The use of a fragment to indicate the redirect url is to prevent the query string from being logged by
     // proxies and servers. It also helps reduce open redirect vulnerabilities.
-    public string Url => string.Format("{0}/redirect-connector.html#finish-signup?token={1}&email={2}&fromEmail=true",
+    public string Url => string.Format("{0}/redirect-connector.html#finish-signup?token={1}&email={2}&fromEmail=true{3}",
         WebVaultUrl,
         Token,
-        Email);
+        Email,
+        !string.IsNullOrEmpty(FromMarketing) ? $"&fromMarketing={FromMarketing}" : string.Empty);
 
     public string Token { get; set; }
     public string Email { get; set; }
+    public string FromMarketing { get; set; }
 }
diff --git a/src/Core/Auth/UserFeatures/Registration/ISendVerificationEmailForRegistrationCommand.cs b/src/Core/Auth/UserFeatures/Registration/ISendVerificationEmailForRegistrationCommand.cs
@@ -3,5 +3,5 @@ namespace Bit.Core.Auth.UserFeatures.Registration;
 
 public interface ISendVerificationEmailForRegistrationCommand
 {
-    public Task<string?> Run(string email, string? name, bool receiveMarketingEmails);
+    public Task<string?> Run(string email, string? name, bool receiveMarketingEmails, string? fromMarketing);
 }
diff --git a/src/Core/Auth/UserFeatures/Registration/Implementations/SendVerificationEmailForRegistrationCommand.cs b/src/Core/Auth/UserFeatures/Registration/Implementations/SendVerificationEmailForRegistrationCommand.cs
@@ -44,7 +44,7 @@ public SendVerificationEmailForRegistrationCommand(
 
     }
 
-    public async Task<string?> Run(string email, string? name, bool receiveMarketingEmails)
+    public async Task<string?> Run(string email, string? name, bool receiveMarketingEmails, string? fromMarketing)
     {
         if (_globalSettings.DisableUserRegistration)
         {
@@ -92,7 +92,7 @@ public SendVerificationEmailForRegistrationCommand(
             // If the user doesn't exist, create a new EmailVerificationTokenable and send the user
             // an email with a link to verify their email address
             var token = GenerateToken(email, name, receiveMarketingEmails);
-            await _mailService.SendRegistrationVerificationEmailAsync(email, token);
+            await _mailService.SendRegistrationVerificationEmailAsync(email, token, fromMarketing);
         }
 
         // User exists but we will return a 200 regardless of whether the email was sent or not; so return null
diff --git a/src/Core/Platform/Mail/HandlebarsMailService.cs b/src/Core/Platform/Mail/HandlebarsMailService.cs
@@ -78,15 +78,16 @@ public async Task SendVerifyEmailEmailAsync(string email, Guid userId, string to
         await _mailDeliveryService.SendEmailAsync(message);
     }
 
-    public async Task SendRegistrationVerificationEmailAsync(string email, string token)
+    public async Task SendRegistrationVerificationEmailAsync(string email, string token, string? fromMarketing)
     {
         var message = CreateDefaultMessage("Verify Your Email", email);
         var model = new RegisterVerifyEmail
         {
             Token = WebUtility.UrlEncode(token),
             Email = WebUtility.UrlEncode(email),
             WebVaultUrl = _globalSettings.BaseServiceUri.Vault,
-            SiteName = _globalSettings.SiteName
+            SiteName = _globalSettings.SiteName,
+            FromMarketing = WebUtility.UrlEncode(fromMarketing),
         };
         await AddMessageContentAsync(message, "Auth.RegistrationVerifyEmail", model);
         message.MetaData.Add("SendGridBypassListManagement", true);
diff --git a/src/Core/Platform/Mail/IMailService.cs b/src/Core/Platform/Mail/IMailService.cs
@@ -38,7 +38,7 @@ public interface IMailService
     /// <returns>Task</returns>
     Task SendFreeOrgOrFamilyOrgUserWelcomeEmailAsync(User user, string familyOrganizationName);
     Task SendVerifyEmailEmailAsync(string email, Guid userId, string token);
-    Task SendRegistrationVerificationEmailAsync(string email, string token);
+    Task SendRegistrationVerificationEmailAsync(string email, string token, string? fromMarketing);
     Task SendTrialInitiationSignupEmailAsync(
         bool isExistingUser,
         string email,
diff --git a/src/Core/Platform/Mail/NoopMailService.cs b/src/Core/Platform/Mail/NoopMailService.cs
@@ -26,7 +26,7 @@ public Task SendVerifyEmailEmailAsync(string email, Guid userId, string hint)
         return Task.FromResult(0);
     }
 
-    public Task SendRegistrationVerificationEmailAsync(string email, string hint)
+    public Task SendRegistrationVerificationEmailAsync(string email, string hint, string? fromMarketing)
     {
         return Task.FromResult(0);
     }
diff --git a/src/Identity/Controllers/AccountsController.cs b/src/Identity/Controllers/AccountsController.cs
@@ -109,8 +109,12 @@ GlobalSettings globalSettings
     [HttpPost("register/send-verification-email")]
     public async Task<IActionResult> PostRegisterSendVerificationEmail([FromBody] RegisterSendVerificationEmailRequestModel model)
     {
+        // Only pass fromMarketing if the feature flag is enabled
+        var isMarketingFeatureEnabled = _featureService.IsEnabled(FeatureFlagKeys.MarketingInitiatedPremiumFlow);
+        var fromMarketing = isMarketingFeatureEnabled ? model.FromMarketing : null;
+
         var token = await _sendVerificationEmailForRegistrationCommand.Run(model.Email, model.Name,
-            model.ReceiveMarketingEmails);
+            model.ReceiveMarketingEmails, fromMarketing);
 
         if (token != null)
         {
diff --git a/test/Core.Test/Auth/UserFeatures/Registration/SendVerificationEmailForRegistrationCommandTests.cs b/test/Core.Test/Auth/UserFeatures/Registration/SendVerificationEmailForRegistrationCommandTests.cs
@@ -1,4 +1,5 @@
-﻿using Bit.Core.Auth.Models.Business.Tokenables;
+﻿using Bit.Core.Auth.Models.Api.Request.Accounts;
+using Bit.Core.Auth.Models.Business.Tokenables;
 using Bit.Core.Auth.UserFeatures.Registration.Implementations;
 using Bit.Core.Entities;
 using Bit.Core.Exceptions;
@@ -40,22 +41,55 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenIsNewUserAndEn
             .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any<string>())
             .Returns(false);
 
-        sutProvider.GetDependency<IMailService>()
-            .SendRegistrationVerificationEmailAsync(email, Arg.Any<string>())
-            .Returns(Task.CompletedTask);
+        var mockedToken = "token";
+        sutProvider.GetDependency<IDataProtectorTokenFactory<RegistrationEmailVerificationTokenable>>()
+            .Protect(Arg.Any<RegistrationEmailVerificationTokenable>())
+            .Returns(mockedToken);
+
+        // Act
+        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails, null);
+
+        // Assert
+        await sutProvider.GetDependency<IMailService>()
+            .Received(1)
+            .SendRegistrationVerificationEmailAsync(email, mockedToken, null);
+        Assert.Null(result);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task SendVerificationEmailForRegistrationCommand_WhenFromMarketingIsPremium_SendsEmailWithMarketingParameterAndReturnsNull(SutProvider<SendVerificationEmailForRegistrationCommand> sutProvider,
+        string email, string name, bool receiveMarketingEmails)
+    {
+        // Arrange
+        sutProvider.GetDependency<IUserRepository>()
+            .GetByEmailAsync(email)
+            .ReturnsNull();
+
+        sutProvider.GetDependency<GlobalSettings>()
+            .EnableEmailVerification = true;
+
+        sutProvider.GetDependency<GlobalSettings>()
+            .DisableUserRegistration = false;
+
+        sutProvider.GetDependency<IOrganizationDomainRepository>()
+            .HasVerifiedDomainWithBlockClaimedDomainPolicyAsync(Arg.Any<string>())
+            .Returns(false);
 
         var mockedToken = "token";
         sutProvider.GetDependency<IDataProtectorTokenFactory<RegistrationEmailVerificationTokenable>>()
             .Protect(Arg.Any<RegistrationEmailVerificationTokenable>())
             .Returns(mockedToken);
 
+        var fromMarketing = MarketingInitiativeConstants.Premium;
+
         // Act
-        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails);
+        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails, fromMarketing);
 
         // Assert
         await sutProvider.GetDependency<IMailService>()
             .Received(1)
-            .SendRegistrationVerificationEmailAsync(email, mockedToken);
+            .SendRegistrationVerificationEmailAsync(email, mockedToken, fromMarketing);
         Assert.Null(result);
     }
 
@@ -87,12 +121,12 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenIsExistingUser
             .Returns(mockedToken);
 
         // Act
-        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails);
+        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails, null);
 
         // Assert
         await sutProvider.GetDependency<IMailService>()
             .DidNotReceive()
-            .SendRegistrationVerificationEmailAsync(email, mockedToken);
+            .SendRegistrationVerificationEmailAsync(email, mockedToken, null);
         Assert.Null(result);
     }
 
@@ -124,7 +158,7 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenIsNewUserAndEn
             .Returns(mockedToken);
 
         // Act
-        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails);
+        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails, null);
 
         // Assert
         Assert.Equal(mockedToken, result);
@@ -140,7 +174,7 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenOpenRegistrati
             .DisableUserRegistration = true;
 
         // Act & Assert
-        await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Run(email, name, receiveMarketingEmails));
+        await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Run(email, name, receiveMarketingEmails, null));
     }
 
     [Theory]
@@ -166,7 +200,7 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenIsExistingUser
             .Returns(false);
 
         // Act & Assert
-        await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Run(email, name, receiveMarketingEmails));
+        await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Run(email, name, receiveMarketingEmails, null));
     }
 
     [Theory]
@@ -177,7 +211,7 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenNullEmail_Thro
         sutProvider.GetDependency<GlobalSettings>()
             .DisableUserRegistration = false;
 
-        await Assert.ThrowsAsync<ArgumentNullException>(async () => await sutProvider.Sut.Run(null, name, receiveMarketingEmails));
+        await Assert.ThrowsAsync<ArgumentNullException>(async () => await sutProvider.Sut.Run(null, name, receiveMarketingEmails, null));
     }
 
     [Theory]
@@ -187,7 +221,7 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenEmptyEmail_Thr
     {
         sutProvider.GetDependency<GlobalSettings>()
             .DisableUserRegistration = false;
-        await Assert.ThrowsAsync<ArgumentNullException>(async () => await sutProvider.Sut.Run("", name, receiveMarketingEmails));
+        await Assert.ThrowsAsync<ArgumentNullException>(async () => await sutProvider.Sut.Run("", name, receiveMarketingEmails, null));
     }
 
     [Theory]
@@ -210,7 +244,7 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenBlockedDomain_
             .Returns(true);
 
         // Act & Assert
-        var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Run(email, name, receiveMarketingEmails));
+        var exception = await Assert.ThrowsAsync<BadRequestException>(() => sutProvider.Sut.Run(email, name, receiveMarketingEmails, null));
         Assert.Equal("This email address is claimed by an organization using Bitwarden.", exception.Message);
     }
 
@@ -246,7 +280,7 @@ public async Task SendVerificationEmailForRegistrationCommand_WhenAllowedDomain_
             .Returns(mockedToken);
 
         // Act
-        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails);
+        var result = await sutProvider.Sut.Run(email, name, receiveMarketingEmails, null);
 
         // Assert
         Assert.Equal(mockedToken, result);
@@ -270,7 +304,7 @@ public async Task SendVerificationEmailForRegistrationCommand_InvalidEmailFormat
 
         // Act & Assert
         var exception = await Assert.ThrowsAsync<BadRequestException>(() =>
-            sutProvider.Sut.Run(email, name, receiveMarketingEmails));
+            sutProvider.Sut.Run(email, name, receiveMarketingEmails, null));
         Assert.Equal("Invalid email address format.", exception.Message);
     }
 }
diff --git a/test/Identity.Test/Controllers/AccountsControllerTests.cs b/test/Identity.Test/Controllers/AccountsControllerTests.cs
@@ -241,7 +241,7 @@ public async Task PostRegisterSendEmailVerification_WhenTokenReturnedFromCommand
 
         var token = "fakeToken";
 
-        _sendVerificationEmailForRegistrationCommand.Run(email, name, receiveMarketingEmails).Returns(token);
+        _sendVerificationEmailForRegistrationCommand.Run(email, name, receiveMarketingEmails, null).Returns(token);
 
         // Act
         var result = await _sut.PostRegisterSendVerificationEmail(model);
@@ -264,7 +264,7 @@ public async Task PostRegisterSendEmailVerification_WhenNoTokenIsReturnedFromCom
             ReceiveMarketingEmails = receiveMarketingEmails
         };
 
-        _sendVerificationEmailForRegistrationCommand.Run(email, name, receiveMarketingEmails).ReturnsNull();
+        _sendVerificationEmailForRegistrationCommand.Run(email, name, receiveMarketingEmails, null).ReturnsNull();
 
         // Act
         var result = await _sut.PostRegisterSendVerificationEmail(model);
@@ -274,6 +274,55 @@ public async Task PostRegisterSendEmailVerification_WhenNoTokenIsReturnedFromCom
         Assert.Equal(204, noContentResult.StatusCode);
     }
 
+    [Theory]
+    [BitAutoData]
+    public async Task PostRegisterSendEmailVerification_WhenFeatureFlagEnabled_PassesFromMarketingToCommandAsync(
+        string email, string name, bool receiveMarketingEmails)
+    {
+        // Arrange
+        var fromMarketing = MarketingInitiativeConstants.Premium;
+        var model = new RegisterSendVerificationEmailRequestModel
+        {
+            Email = email,
+            Name = name,
+            ReceiveMarketingEmails = receiveMarketingEmails,
+            FromMarketing = fromMarketing,
+        };
+
+        _featureService.IsEnabled(FeatureFlagKeys.MarketingInitiatedPremiumFlow).Returns(true);
+
+        // Act
+        await _sut.PostRegisterSendVerificationEmail(model);
+
+        // Assert
+        await _sendVerificationEmailForRegistrationCommand.Received(1)
+            .Run(email, name, receiveMarketingEmails, fromMarketing);
+    }
+
+    [Theory]
+    [BitAutoData]
+    public async Task PostRegisterSendEmailVerification_WhenFeatureFlagDisabled_PassesNullFromMarketingToCommandAsync(
+        string email, string name, bool receiveMarketingEmails)
+    {
+        // Arrange
+        var model = new RegisterSendVerificationEmailRequestModel
+        {
+            Email = email,
+            Name = name,
+            ReceiveMarketingEmails = receiveMarketingEmails,
+            FromMarketing = MarketingInitiativeConstants.Premium, // model includes FromMarketing: "premium"
+        };
+
+        _featureService.IsEnabled(FeatureFlagKeys.MarketingInitiatedPremiumFlow).Returns(false);
+
+        // Act
+        await _sut.PostRegisterSendVerificationEmail(model);
+
+        // Assert
+        await _sendVerificationEmailForRegistrationCommand.Received(1)
+            .Run(email, name, receiveMarketingEmails, null); // fromMarketing gets ignored and null gets passed
+    }
+
     [Theory, BitAutoData]
     public async Task PostRegisterFinish_WhenGivenOrgInvite_ShouldRegisterUser(
         string email, string masterPasswordHash, string orgInviteToken, Guid organizationUserId, string userSymmetricKey,
diff --git a/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs b/test/IntegrationTestCommon/Factories/IdentityApplicationFactory.cs
@@ -35,7 +35,7 @@ protected override void ConfigureWebHost(IWebHostBuilder builder)
         // This allows us to use the official registration flow
         SubstituteService<IMailService>(service =>
         {
-            service.SendRegistrationVerificationEmailAsync(Arg.Any<string>(), Arg.Any<string>())
+            service.SendRegistrationVerificationEmailAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>())
                 .ReturnsForAnyArgs(Task.CompletedTask)
                 .AndDoes(call =>
                 {

Original file line number	Diff line number	Diff line change
`@@ -3,5 +3,5 @@ namespace Bit.Core.Auth.UserFeatures.Registration;`
`3`	`3`
`4`	`4`	`public interface ISendVerificationEmailForRegistrationCommand`
`5`	`5`	`{`
`6`		`- public Task<string?> Run(string email, string? name, bool receiveMarketingEmails);`
	`6`	`+ public Task<string?> Run(string email, string? name, bool receiveMarketingEmails, string? fromMarketing);`
`7`	`7`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ public SendVerificationEmailForRegistrationCommand(`
`44`	`44`
`45`	`45`	`}`
`46`	`46`
`47`		`- public async Task<string?> Run(string email, string? name, bool receiveMarketingEmails)`
	`47`	`+ public async Task<string?> Run(string email, string? name, bool receiveMarketingEmails, string? fromMarketing)`
`48`	`48`	`{`
`49`	`49`	`if (_globalSettings.DisableUserRegistration)`
`50`	`50`	`{`
`@@ -92,7 +92,7 @@ public SendVerificationEmailForRegistrationCommand(`
`92`	`92`	`// If the user doesn't exist, create a new EmailVerificationTokenable and send the user`
`93`	`93`	`// an email with a link to verify their email address`
`94`	`94`	`var token = GenerateToken(email, name, receiveMarketingEmails);`
`95`		`- await _mailService.SendRegistrationVerificationEmailAsync(email, token);`
	`95`	`+ await _mailService.SendRegistrationVerificationEmailAsync(email, token, fromMarketing);`
`96`	`96`	`}`
`97`	`97`
`98`	`98`	`// User exists but we will return a 200 regardless of whether the email was sent or not; so return null`
Original file line number	Diff line number	Diff line change
`@@ -78,15 +78,16 @@ public async Task SendVerifyEmailEmailAsync(string email, Guid userId, string to`
`78`	`78`	`await _mailDeliveryService.SendEmailAsync(message);`
`79`	`79`	`}`
`80`	`80`
`81`		`- public async Task SendRegistrationVerificationEmailAsync(string email, string token)`
	`81`	`+ public async Task SendRegistrationVerificationEmailAsync(string email, string token, string? fromMarketing)`
`82`	`82`	`{`
`83`	`83`	`var message = CreateDefaultMessage("Verify Your Email", email);`
`84`	`84`	`var model = new RegisterVerifyEmail`
`85`	`85`	`{`
`86`	`86`	`Token = WebUtility.UrlEncode(token),`
`87`	`87`	`Email = WebUtility.UrlEncode(email),`
`88`	`88`	`WebVaultUrl = _globalSettings.BaseServiceUri.Vault,`
`89`		`- SiteName = _globalSettings.SiteName`
	`89`	`+ SiteName = _globalSettings.SiteName,`
	`90`	`+ FromMarketing = WebUtility.UrlEncode(fromMarketing),`
`90`	`91`	`};`
`91`	`92`	`await AddMessageContentAsync(message, "Auth.RegistrationVerifyEmail", model);`
`92`	`93`	`message.MetaData.Add("SendGridBypassListManagement", true);`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public Task SendVerifyEmailEmailAsync(string email, Guid userId, string hint)`
`26`	`26`	`return Task.FromResult(0);`
`27`	`27`	`}`
`28`	`28`
`29`		`- public Task SendRegistrationVerificationEmailAsync(string email, string hint)`
	`29`	`+ public Task SendRegistrationVerificationEmailAsync(string email, string hint, string? fromMarketing)`
`30`	`30`	`{`
`31`	`31`	`return Task.FromResult(0);`
`32`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -109,8 +109,12 @@ GlobalSettings globalSettings`
`109`	`109`	`[HttpPost("register/send-verification-email")]`
`110`	`110`	`public async Task<IActionResult> PostRegisterSendVerificationEmail([FromBody] RegisterSendVerificationEmailRequestModel model)`
`111`	`111`	`{`
	`112`	`+ // Only pass fromMarketing if the feature flag is enabled`
	`113`	`+ var isMarketingFeatureEnabled = _featureService.IsEnabled(FeatureFlagKeys.MarketingInitiatedPremiumFlow);`
	`114`	`+ var fromMarketing = isMarketingFeatureEnabled ? model.FromMarketing : null;`
	`115`	`+`
`112`	`116`	`var token = await _sendVerificationEmailForRegistrationCommand.Run(model.Email, model.Name,`
`113`		`- model.ReceiveMarketingEmails);`
	`117`	`+ model.ReceiveMarketingEmails, fromMarketing);`
`114`	`118`
`115`	`119`	`if (token != null)`
`116`	`120`	`{`
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ protected override void ConfigureWebHost(IWebHostBuilder builder)`
`35`	`35`	`// This allows us to use the official registration flow`
`36`	`36`	`SubstituteService<IMailService>(service =>`
`37`	`37`	`{`
`38`		`- service.SendRegistrationVerificationEmailAsync(Arg.Any<string>(), Arg.Any<string>())`
	`38`	`+ service.SendRegistrationVerificationEmailAsync(Arg.Any<string>(), Arg.Any<string>(), Arg.Any<string>())`
`39`	`39`	`.ReturnsForAnyArgs(Task.CompletedTask)`
`40`	`40`	`.AndDoes(call =>`
`41`	`41`	`{`