Adds Service Desk custom email verification email

Feature context

Click to expand 👇

Right now it is not possible to customize the Service Desk email address (intake and sending) in its entirety. On self-hosted instances you have more control over the used addresses, but you will still have a rather cryptic target email address for a specific service desk in a project. For .com users it's currently not possible to customize the Service Desk email at all.

There is a proposal and a further exploration around this issue. A summary of the solution path is the following: Users set up their custom email to forward all emails to the cryptic Service Desk email and provide SMTP credentials so we can send emails on their behalf. This way customers seeking support will only see the custom email address in their communication.

There is further discussion about improving and changing the general infrastructure, but this approach is a MVC to solve the issue for our customers.

🗺 How does it contribute to the whole feature?

Click to expand 👇

This MR is the second part in a series of MRs that will follow in order to complete this feature. See #329990 (comment 1227384943) for a detailed breakdown. Here's a summary:

1. ✅ Using SMTP credentials. Foundation work. Add Service Desk custom email foundation (!108017 - merged)
2. 🎯 Verify email ownership, correct function and setup Part 2: Move credentials to own table to address additional access methods
3. Ingest replies from custom email
4. Add settings and validation to Settings page
5. Add documentation

What does this MR do and why?

🎏 The feature as a whole is hidden behind the feature flag service_desk_custom_email and is not enabled on production yet

This MR adds one of three emails we need for Service Desk custom email address setup end verification. GitLab will send this email to the provided custom email address with a +verify subaddressing part. If the user set up email forwarding to their projects service desk address correctly, GitLab can later ingest this email and verify the ownership of the email and correct From headers and that subaddressing works.

⚠ This email is not intended for humans, but contains a bit of copy, so users know what this is about when they find it in their mailbox. Technically we'd only need the verification code in the email body. This is the reason why there is no HTML version and no translation. Note: The subject can be translated.

Merge request dependency

❗ This MR depends on Adds service desk verification triggered email (!116037 - merged) as it uses newly introduced instance methods in NotifyPreview. I will keep this MR updated with all changes in the parent MR and change the merge target to master once the dependency has been merged. This MR has also been added as a merge request dependency.

!116037 (merged) has been merged.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Email: service_desk_custom_email_verification_email (text only)

How to set up and validate locally

Easy path (rails mailer previews)

1. Open mailer preview locally and view the text version of this mail http://127.0.0.1:3000/rails/mailers/notify/service_desk_custom_email_verification_email

Send the mail via rails console

⚠ As this forcibly tries to send the email via the provided SMTP credentials you can only use this mailer by providing correct SMTP credentials and the service provider must support subaddressing. See the guide on how to set up service desk in GDK step no. 5 that describes how you can get SMTP credentials for a new GMail account (enable 2FA and create an app password).

1. Find a project ID in your installation that you have not used for any Service Desk (including CustomEmailCredentials and CustomEmailVerification testing) setup and testing. Why? It makes these steps a lot easier 🙂
2. Open the rails console bin/rails c in gitlab folder
3. Find the project by id

   project = Project.find(5) # Where 5 is your project id

4. Create ServiceDeskSetting entry (which holds Service Desk related meta info and custom email stuff)

   settings = ServiceDeskSetting.create!(
     project: project,
     custom_email: 'user@gmail.com' # Use your "real" test email address
   )

5. Create ServiceDesk::CustomEmailCredential

   # Use your "real" test email credentials here. If you use a GMail address
   # you only need to change the smtp_username and smtp_password
   credential = ServiceDesk::CustomEmailCredential.create!(
      project: project,
      smtp_address: 'smtp.gmail.com',
      smtp_port: 587,
      smtp_username: 'user@gmail.com',
      smtp_password: 'supersecret'
    )

6. Create ServiceDesk::CustomEmailVerification entry (which holds meta info for the state of the verification process)

   verification = ServiceDesk::CustomEmailVerification.create!(
      project: project,
      token: 'XXXXXXXXXXXX',
      triggerer: User.first, # that should be @root, that's fine
      triggered_at: Time.current,
      state: 0 # which is "running"
    )

7. Reset associations on project, because we access these objects from ServiceDeskSetting internally via project

   project.reset

8. Actually send the mail

   Notify.service_desk_custom_email_verification_email(settings).deliver

9. Go to the mailbox of the custom email address you're using. You should find a new email from your email to your email that contains a verification token.
10. (Optional) clean up the mess and remove entries

    settings.destroy
    credential.destroy
    verification.destroy

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.