Use absolute URLs for confirmation emails (#50297)

This PR updates the MapIdentityApi endpoints that send confirmation emails to use absolute URLs. Previously the emails used relative links which of course do not work for links in emails.

Fixes #50296

Author: halter73

src/Identity/Core/src/IdentityApiEndpointRouteBuilderExtensions.cs

@@ -57,7 +57,7 @@ public static IEndpointConventionBuilder MapIdentityApi<TUser>(this IEndpointRou
         // NOTE: We cannot inject UserManager<TUser> directly because the TUser generic parameter is currently unsupported by RDG.
         // https://github.com/dotnet/aspnetcore/issues/47338
         routeGroup.MapPost("/register", async Task<Results<Ok, ValidationProblem>>
-            ([FromBody] RegisterRequest registration, [FromServices] IServiceProvider sp) =>
+            ([FromBody] RegisterRequest registration, HttpContext context, [FromServices] IServiceProvider sp) =>
         {
             var userManager = sp.GetRequiredService<UserManager<TUser>>();
 
@@ -85,7 +85,7 @@ public static IEndpointConventionBuilder MapIdentityApi<TUser>(this IEndpointRou
                 return CreateValidationProblem(result);
             }
 
-            await SendConfirmationEmailAsync(user, userManager, email);
+            await SendConfirmationEmailAsync(user, userManager, context, email);
             return TypedResults.Ok();
         });
 
@@ -194,15 +194,15 @@ await signInManager.ValidateSecurityStampAsync(refreshTicket.Principal) is not T
         });
 
         routeGroup.MapPost("/resendConfirmationEmail", async Task<Ok>
-            ([FromBody] ResendEmailRequest resendRequest, [FromServices] IServiceProvider sp) =>
+            ([FromBody] ResendEmailRequest resendRequest, HttpContext context, [FromServices] IServiceProvider sp) =>
         {
             var userManager = sp.GetRequiredService<UserManager<TUser>>();
             if (await userManager.FindByEmailAsync(resendRequest.Email) is not { } user)
             {
                 return TypedResults.Ok();
             }
 
-            await SendConfirmationEmailAsync(user, userManager, resendRequest.Email);
+            await SendConfirmationEmailAsync(user, userManager, context, resendRequest.Email);
             return TypedResults.Ok();
         });
 
@@ -348,7 +348,7 @@ await emailSender.SendEmailAsync(resetRequest.Email, "Reset your password",
         });
 
         accountGroup.MapPost("/info", async Task<Results<Ok<InfoResponse>, ValidationProblem, NotFound>>
-            (ClaimsPrincipal claimsPrincipal, [FromBody] InfoRequest infoRequest, [FromServices] IServiceProvider sp) =>
+            (ClaimsPrincipal claimsPrincipal, [FromBody] InfoRequest infoRequest, HttpContext context, [FromServices] IServiceProvider sp) =>
         {
             var userManager = sp.GetRequiredService<UserManager<TUser>>();
             if (await userManager.GetUserAsync(claimsPrincipal) is not { } user)
@@ -382,14 +382,14 @@ await emailSender.SendEmailAsync(resetRequest.Email, "Reset your password",
 
                 if (email != infoRequest.NewEmail)
                 {
-                    await SendConfirmationEmailAsync(user, userManager, infoRequest.NewEmail, isChange: true);
+                    await SendConfirmationEmailAsync(user, userManager, context, infoRequest.NewEmail, isChange: true);
                 }
             }
 
             return TypedResults.Ok(await CreateInfoResponseAsync(user, claimsPrincipal, userManager));
         });
 
-        async Task SendConfirmationEmailAsync(TUser user, UserManager<TUser> userManager, string email, bool isChange = false)
+        async Task SendConfirmationEmailAsync(TUser user, UserManager<TUser> userManager, HttpContext context, string email, bool isChange = false)
         {
             if (confirmEmailEndpointName is null)
             {
@@ -414,7 +414,7 @@ async Task SendConfirmationEmailAsync(TUser user, UserManager<TUser> userManager
                 routeValues.Add("changedEmail", email);
             }
 
-            var confirmEmailUrl = linkGenerator.GetPathByName(confirmEmailEndpointName, routeValues)
+            var confirmEmailUrl = linkGenerator.GetUriByName(context, confirmEmailEndpointName, routeValues)
                 ?? throw new NotSupportedException($"Could not find endpoint named '{confirmEmailEndpointName}'.");
 
             await emailSender.SendEmailAsync(email, "Confirm your email",

src/Identity/test/Identity.FunctionalTests/MapIdentityApiTests.cs

@@ -13,6 +13,7 @@
 using Identity.DefaultUI.WebSite;
 using Identity.DefaultUI.WebSite.Data;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Hosting.Server;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.AspNetCore.Identity.UI.Services;
@@ -31,8 +32,9 @@ namespace Microsoft.AspNetCore.Identity.FunctionalTests;
 
 public class MapIdentityApiTests : LoggedTest
 {
-    private string Email { get; } = $"{Guid.NewGuid()}@example.com";
-    private string Password { get; } = "[PLACEHOLDER]-1a";
+    private static string Email { get; } = $"{Guid.NewGuid()}@example.com";
+    private static string Password { get; } = "[PLACEHOLDER]-1a";
+    private static Uri BaseAddress { get; } = new Uri("http://example.com");
 
     [Theory]
     [MemberData(nameof(AddIdentityModes))]
@@ -1273,7 +1275,10 @@ private async Task<WebApplication> CreateAppAsync<TUser, TContext>(Action<IServi
         where TContext : DbContext
     {
         var builder = WebApplication.CreateSlimBuilder();
-        builder.WebHost.UseTestServer();
+        builder.WebHost.UseTestServer(options =>
+        {
+            options.BaseAddress = BaseAddress;
+        });
         builder.Services.AddSingleton(LoggerFactory);
         builder.Services.AddAuthorization();
 
@@ -1348,7 +1353,9 @@ private static string GetEmailConfirmationLink(TestEmail email)
         Assert.True(confirmationMatch.Success);
         Assert.Equal(2, confirmationMatch.Groups.Count);
 
-        return WebUtility.HtmlDecode(confirmationMatch.Groups[1].Value);
+        var url = WebUtility.HtmlDecode(confirmationMatch.Groups[1].Value);
+        Assert.StartsWith(BaseAddress.ToString(), url);
+        return url;
     }
 
     private static string GetPasswordResetCode(TestEmail email)