TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-14 13:33:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a0c67aae2a91b3a94d053c460639c30144c03e94
zitadel/apps/login/src/lib/server/loginname.ts

210 lines
6.8 KiB
TypeScript
Raw Normal View History

loginname action
2024-08-29 16:25:44 +02:00
"use server";
implement redirects from server
2024-09-11 15:27:31 +02:00
import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
loginname action
2024-08-29 16:25:44 +02:00
import { headers } from "next/headers";
command adr, prettier import config
2024-09-05 13:48:33 +02:00
import { redirect } from "next/navigation";
import { createSessionForUserIdAndUpdateCookie } from "../../utils/session";
loginname action
2024-08-29 16:25:44 +02:00
import { idpTypeToSlug } from "../idp";
import {
getActiveIdentityProviders,
getLoginSettings,
listAuthenticationMethodTypes,
listUsers,
startIdentityProviderFlow,
} from "../zitadel";
cleanup typing
2024-08-30 09:52:42 +02:00
export type SendLoginnameCommand = {
loginname action
2024-08-29 16:25:44 +02:00
loginName: string;
authRequestId?: string;
organization?: string;
};
command adr
2024-09-05 13:38:03 +02:00
export async function sendLoginname(command: SendLoginnameCommand) {
loginname action
2024-08-29 16:25:44 +02:00
const users = await listUsers({
listusers with loginname
2024-09-11 09:27:04 +02:00
loginName: command.loginName,
command adr
2024-09-05 13:38:03 +02:00
organizationId: command.organization,
loginname action
2024-08-29 16:25:44 +02:00
});
implement redirects from server
2024-09-11 15:27:31 +02:00
const loginSettings = await getLoginSettings(command.organization);
loginname action
2024-08-29 16:25:44 +02:00
if (users.details?.totalResult == BigInt(1) && users.result[0].userId) {
const userId = users.result[0].userId;
const session = await createSessionForUserIdAndUpdateCookie(
userId,
undefined,
undefined,
command adr
2024-09-05 13:38:03 +02:00
command.authRequestId,
loginname action
2024-08-29 16:25:44 +02:00
);
cleanup typing
2024-08-30 09:52:42 +02:00
if (!session.factors?.user?.id) {
throw Error("Could not create session for user");
loginname action
2024-08-29 16:25:44 +02:00
}
const methods = await listAuthenticationMethodTypes(
session.factors?.user?.id,
);
implement redirects from server
2024-09-11 15:27:31 +02:00
if (!methods.authMethodTypes || !methods.authMethodTypes.length) {
throw Error(
"User has no available authentication methods. Contact your administrator to setup authentication for the requested user.",
);
}
if (methods.authMethodTypes.length == 1) {
const method = methods.authMethodTypes[0];
switch (method) {
case AuthenticationMethodType.PASSWORD: // user has only password as auth method
const paramsPassword: any = {
loginName: session.factors?.user?.loginName,
};
// TODO: does this have to be checked in loginSettings.allowDomainDiscovery
if (command.organization || session.factors?.user?.organizationId) {
paramsPassword.organization =
command.organization ?? session.factors?.user?.organizationId;
}
if (
loginSettings?.passkeysType &&
loginSettings?.passkeysType === PasskeysType.ALLOWED
) {
paramsPassword.promptPasswordless = `true`;
}
if (command.authRequestId) {
paramsPassword.authRequestId = command.authRequestId;
}
return redirect("/password?" + new URLSearchParams(paramsPassword));
case AuthenticationMethodType.PASSKEY: // AuthenticationMethodType.AUTHENTICATION_METHOD_TYPE_PASSKEY
const paramsPasskey: any = { loginName: command.loginName };
if (command.authRequestId) {
paramsPasskey.authRequestId = command.authRequestId;
}
if (command.organization || session.factors?.user?.organizationId) {
paramsPasskey.organization =
command.organization ?? session.factors?.user?.organizationId;
}
return redirect(
"/passkey/login?" + new URLSearchParams(paramsPasskey),
);
}
} else {
// prefer passkey in favor of other methods
if (methods.authMethodTypes.includes(AuthenticationMethodType.PASSKEY)) {
const passkeyParams: any = {
loginName: command.loginName,
altPassword: `${methods.authMethodTypes.includes(1)}`, // show alternative password option
};
if (command.authRequestId) {
passkeyParams.authRequestId = command.authRequestId;
}
if (command.organization || session.factors?.user?.organizationId) {
passkeyParams.organization =
command.organization ?? session.factors?.user?.organizationId;
}
return redirect("/passkey/login?" + new URLSearchParams(passkeyParams));
} else if (
methods.authMethodTypes.includes(AuthenticationMethodType.IDP)
) {
// TODO: redirect user to idp
} else if (
methods.authMethodTypes.includes(AuthenticationMethodType.PASSWORD)
) {
// user has no passkey setup and login settings allow passkeys
const paramsPasswordDefault: any = { loginName: command.loginName };
if (loginSettings?.passkeysType === 1) {
paramsPasswordDefault.promptPasswordless = `true`; // PasskeysType.PASSKEYS_TYPE_ALLOWED,
}
if (command.authRequestId) {
paramsPasswordDefault.authRequestId = command.authRequestId;
}
if (command.organization || session.factors?.user?.organizationId) {
paramsPasswordDefault.organization =
command.organization ?? session.factors?.user?.organizationId;
}
return redirect(
"/password?" + new URLSearchParams(paramsPasswordDefault),
);
}
}
loginname action
2024-08-29 16:25:44 +02:00
}
// TODO: check if allowDomainDiscovery has to be allowed too, to redirect to the register page
// user not found, check if register is enabled on organization
if (loginSettings?.allowRegister && !loginSettings?.allowUsernamePassword) {
// TODO redirect to loginname page with idp hint
const identityProviders = await getActiveIdentityProviders(
command adr
2024-09-05 13:38:03 +02:00
command.organization,
loginname action
2024-08-29 16:25:44 +02:00
).then((resp) => {
return resp.identityProviders;
});
if (identityProviders.length === 1) {
const host = headers().get("host");
const identityProviderType = identityProviders[0].type;
const provider = idpTypeToSlug(identityProviderType);
const params = new URLSearchParams();
command adr
2024-09-05 13:38:03 +02:00
if (command.authRequestId) {
params.set("authRequestId", command.authRequestId);
loginname action
2024-08-29 16:25:44 +02:00
}
command adr
2024-09-05 13:38:03 +02:00
if (command.organization) {
params.set("organization", command.organization);
loginname action
2024-08-29 16:25:44 +02:00
}
username redirect
2024-09-11 13:44:15 +02:00
const resp = await startIdentityProviderFlow({
loginname action
2024-08-29 16:25:44 +02:00
idpId: identityProviders[0].id,
urls: {
successUrl:
`${host}/idp/${provider}/success?` + new URLSearchParams(params),
failureUrl:
`${host}/idp/${provider}/failure?` + new URLSearchParams(params),
},
});
username redirect
2024-09-11 13:44:15 +02:00
if (resp?.nextStep.case === "authUrl") {
return redirect(resp.nextStep.value);
}
loginname action
2024-08-29 16:25:44 +02:00
}
username redirect
2024-09-11 13:44:15 +02:00
throw Error("Could not find user");
loginname action
2024-08-29 16:25:44 +02:00
} else if (
loginSettings?.allowRegister &&
loginSettings?.allowUsernamePassword
) {
command adr
2024-09-05 13:38:03 +02:00
const params = new URLSearchParams();
if (command.organization) {
params.set("organization", command.organization);
}
if (command.authRequestId) {
params.set("authRequestId", command.authRequestId);
loginname action
2024-08-29 16:25:44 +02:00
}
command adr
2024-09-05 13:38:03 +02:00
if (command.loginName) {
params.set("loginName", command.loginName);
loginname action
2024-08-29 16:25:44 +02:00
}
fix redirect from loginname
2024-09-10 15:16:27 +02:00
const registerUrl = "/register?" + params;
loginname action
2024-08-29 16:25:44 +02:00
fix redirect from loginname
2024-09-10 15:16:27 +02:00
return redirect(registerUrl);
loginname action
2024-08-29 16:25:44 +02:00
}
session actions
2024-09-03 10:24:05 +02:00
throw Error("Could not find user");
loginname action
2024-08-29 16:25:44 +02:00
}
Reference in New Issue Copy Permalink