zitadel/apps/login/src/lib/server/loginname.ts

"use server";

import { headers } from "next/headers";
import { redirect } from "next/navigation";
import { createSessionForUserIdAndUpdateCookie } from "../../utils/session";
import { idpTypeToSlug } from "../idp";
import {
  getActiveIdentityProviders,
  getLoginSettings,
  listAuthenticationMethodTypes,
  listUsers,
  startIdentityProviderFlow,
} from "../zitadel";

export type SendLoginnameCommand = {
  loginName: string;
  authRequestId?: string;
  organization?: string;
};

export async function sendLoginname(command: SendLoginnameCommand) {
  const users = await listUsers({
    userName: command.loginName,
    organizationId: command.organization,
  });

  if (users.details?.totalResult == BigInt(1) && users.result[0].userId) {
    const userId = users.result[0].userId;
    const session = await createSessionForUserIdAndUpdateCookie(
      userId,
      undefined,
      undefined,
      command.authRequestId,
    );

    if (!session.factors?.user?.id) {
      throw Error("Could not create session for user");
    }

    const methods = await listAuthenticationMethodTypes(
      session.factors?.user?.id,
    );

    return {
      authMethodTypes: methods.authMethodTypes,
      sessionId: session.id,
      factors: session.factors,
    };
  }

  const loginSettings = await getLoginSettings(command.organization);
  // TODO: check if allowDomainDiscovery has to be allowed too, to redirect to the register page
  // user not found, check if register is enabled on organization

  if (loginSettings?.allowRegister && !loginSettings?.allowUsernamePassword) {
    // TODO redirect to loginname page with idp hint
    const identityProviders = await getActiveIdentityProviders(
      command.organization,
    ).then((resp) => {
      return resp.identityProviders;
    });

    if (identityProviders.length === 1) {
      const host = headers().get("host");
      console.log("host", host);
      const identityProviderType = identityProviders[0].type;

      const provider = idpTypeToSlug(identityProviderType);

      const params = new URLSearchParams();

      if (command.authRequestId) {
        params.set("authRequestId", command.authRequestId);
      }

      if (command.organization) {
        params.set("organization", command.organization);
      }

      return startIdentityProviderFlow({
        idpId: identityProviders[0].id,
        urls: {
          successUrl:
            `${host}/idp/${provider}/success?` + new URLSearchParams(params),
          failureUrl:
            `${host}/idp/${provider}/failure?` + new URLSearchParams(params),
        },
      }).then((resp: any) => {
        if (resp.authUrl) {
          return redirect(resp.authUrl);
        }
      });
    } else {
      throw Error("Could not find user");
    }
  } else if (
    loginSettings?.allowRegister &&
    loginSettings?.allowUsernamePassword
  ) {
    const params = new URLSearchParams();

    if (command.organization) {
      params.set("organization", command.organization);
    }
    if (command.authRequestId) {
      params.set("authRequestId", command.authRequestId);
    }
    if (command.loginName) {
      params.set("loginName", command.loginName);
    }

    const registerUrl = new URL("/register?" + params);

    return redirect(registerUrl.toString());
  }

  throw Error("Could not find user");
}
loginname action 2024-08-29 16:25:44 +02:00			`"use server";`

			`import { headers } from "next/headers";`
command adr, prettier import config 2024-09-05 13:48:33 +02:00			`import { redirect } from "next/navigation";`
			`import { createSessionForUserIdAndUpdateCookie } from "../../utils/session";`
loginname action 2024-08-29 16:25:44 +02:00			`import { idpTypeToSlug } from "../idp";`
			`import {`
			`getActiveIdentityProviders,`
			`getLoginSettings,`
			`listAuthenticationMethodTypes,`
			`listUsers,`
			`startIdentityProviderFlow,`
			`} from "../zitadel";`

cleanup typing 2024-08-30 09:52:42 +02:00			`export type SendLoginnameCommand = {`
loginname action 2024-08-29 16:25:44 +02:00			`loginName: string;`
			`authRequestId?: string;`
			`organization?: string;`
			`};`

command adr 2024-09-05 13:38:03 +02:00			`export async function sendLoginname(command: SendLoginnameCommand) {`
loginname action 2024-08-29 16:25:44 +02:00			`const users = await listUsers({`
command adr 2024-09-05 13:38:03 +02:00			`userName: command.loginName,`
			`organizationId: command.organization,`
loginname action 2024-08-29 16:25:44 +02:00			`});`

			`if (users.details?.totalResult == BigInt(1) && users.result[0].userId) {`
			`const userId = users.result[0].userId;`
			`const session = await createSessionForUserIdAndUpdateCookie(`
			`userId,`
			`undefined,`
			`undefined,`
command adr 2024-09-05 13:38:03 +02:00			`command.authRequestId,`
loginname action 2024-08-29 16:25:44 +02:00			`);`

cleanup typing 2024-08-30 09:52:42 +02:00			`if (!session.factors?.user?.id) {`
			`throw Error("Could not create session for user");`
loginname action 2024-08-29 16:25:44 +02:00			`}`

			`const methods = await listAuthenticationMethodTypes(`
			`session.factors?.user?.id,`
			`);`

			`return {`
			`authMethodTypes: methods.authMethodTypes,`
			`sessionId: session.id,`
			`factors: session.factors,`
			`};`
			`}`

command adr 2024-09-05 13:38:03 +02:00			`const loginSettings = await getLoginSettings(command.organization);`
loginname action 2024-08-29 16:25:44 +02:00			`// TODO: check if allowDomainDiscovery has to be allowed too, to redirect to the register page`
			`// user not found, check if register is enabled on organization`

			`if (loginSettings?.allowRegister && !loginSettings?.allowUsernamePassword) {`
			`// TODO redirect to loginname page with idp hint`
			`const identityProviders = await getActiveIdentityProviders(`
command adr 2024-09-05 13:38:03 +02:00			`command.organization,`
loginname action 2024-08-29 16:25:44 +02:00			`).then((resp) => {`
			`return resp.identityProviders;`
			`});`

			`if (identityProviders.length === 1) {`
			`const host = headers().get("host");`
			`console.log("host", host);`
			`const identityProviderType = identityProviders[0].type;`

			`const provider = idpTypeToSlug(identityProviderType);`

			`const params = new URLSearchParams();`

command adr 2024-09-05 13:38:03 +02:00			`if (command.authRequestId) {`
			`params.set("authRequestId", command.authRequestId);`
loginname action 2024-08-29 16:25:44 +02:00			`}`

command adr 2024-09-05 13:38:03 +02:00			`if (command.organization) {`
			`params.set("organization", command.organization);`
loginname action 2024-08-29 16:25:44 +02:00			`}`

			`return startIdentityProviderFlow({`
			`idpId: identityProviders[0].id,`
			`urls: {`
			`successUrl:`
			`${host}/idp/${provider}/success?` + new URLSearchParams(params),
			`failureUrl:`
			`${host}/idp/${provider}/failure?` + new URLSearchParams(params),
			`},`
			`}).then((resp: any) => {`
			`if (resp.authUrl) {`
			`return redirect(resp.authUrl);`
			`}`
			`});`
			`} else {`
session actions 2024-09-03 10:24:05 +02:00			`throw Error("Could not find user");`
loginname action 2024-08-29 16:25:44 +02:00			`}`
			`} else if (`
			`loginSettings?.allowRegister &&`
			`loginSettings?.allowUsernamePassword`
			`) {`
command adr 2024-09-05 13:38:03 +02:00			`const params = new URLSearchParams();`

			`if (command.organization) {`
			`params.set("organization", command.organization);`
			`}`
			`if (command.authRequestId) {`
			`params.set("authRequestId", command.authRequestId);`
loginname action 2024-08-29 16:25:44 +02:00			`}`
command adr 2024-09-05 13:38:03 +02:00			`if (command.loginName) {`
			`params.set("loginName", command.loginName);`
loginname action 2024-08-29 16:25:44 +02:00			`}`

command adr 2024-09-05 13:38:03 +02:00			`const registerUrl = new URL("/register?" + params);`
loginname action 2024-08-29 16:25:44 +02:00
			`return redirect(registerUrl.toString());`
			`}`

session actions 2024-09-03 10:24:05 +02:00			`throw Error("Could not find user");`
loginname action 2024-08-29 16:25:44 +02:00			`}`