2023-05-16 17:34:52 +02:00
|
|
|
"use client";
|
|
|
|
|
|
|
|
|
|
import { useState } from "react";
|
|
|
|
|
import { Button, ButtonVariants } from "./Button";
|
|
|
|
|
import { TextInput } from "./Input";
|
|
|
|
|
import { useForm } from "react-hook-form";
|
|
|
|
|
import { useRouter } from "next/navigation";
|
|
|
|
|
import { Spinner } from "./Spinner";
|
2023-05-22 16:28:47 +02:00
|
|
|
import Alert from "./Alert";
|
2024-07-11 15:56:41 +02:00
|
|
|
import BackButton from "./BackButton";
|
2024-08-06 09:34:45 +02:00
|
|
|
import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
|
|
|
|
|
import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
|
|
|
|
|
import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
|
2023-05-16 17:34:52 +02:00
|
|
|
|
|
|
|
|
type Inputs = {
|
|
|
|
|
password: string;
|
|
|
|
|
};
|
|
|
|
|
|
2023-05-22 16:28:47 +02:00
|
|
|
type Props = {
|
2024-04-04 15:44:02 +02:00
|
|
|
loginSettings: LoginSettings | undefined;
|
2023-05-24 14:28:55 +02:00
|
|
|
loginName?: string;
|
2024-03-25 15:18:51 +01:00
|
|
|
organization?: string;
|
2023-08-22 13:15:33 +02:00
|
|
|
authRequestId?: string;
|
2023-07-03 17:05:55 +02:00
|
|
|
isAlternative?: boolean; // whether password was requested as alternative auth method
|
|
|
|
|
promptPasswordless?: boolean;
|
2023-05-22 16:28:47 +02:00
|
|
|
};
|
|
|
|
|
|
2023-07-03 17:05:55 +02:00
|
|
|
export default function PasswordForm({
|
2024-04-04 15:44:02 +02:00
|
|
|
loginSettings,
|
2023-07-03 17:05:55 +02:00
|
|
|
loginName,
|
2024-03-25 15:18:51 +01:00
|
|
|
organization,
|
2023-08-22 13:15:33 +02:00
|
|
|
authRequestId,
|
2023-07-03 17:05:55 +02:00
|
|
|
promptPasswordless,
|
|
|
|
|
isAlternative,
|
|
|
|
|
}: Props) {
|
2023-05-16 17:34:52 +02:00
|
|
|
const { register, handleSubmit, formState } = useForm<Inputs>({
|
|
|
|
|
mode: "onBlur",
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const [error, setError] = useState<string>("");
|
|
|
|
|
|
|
|
|
|
const [loading, setLoading] = useState<boolean>(false);
|
|
|
|
|
|
|
|
|
|
const router = useRouter();
|
|
|
|
|
|
2023-05-17 13:46:44 +02:00
|
|
|
async function submitPassword(values: Inputs) {
|
2023-05-23 11:15:47 +02:00
|
|
|
setError("");
|
2023-05-16 17:34:52 +02:00
|
|
|
setLoading(true);
|
2024-03-19 14:15:54 +01:00
|
|
|
|
2023-06-30 14:13:03 +02:00
|
|
|
const res = await fetch("/api/session", {
|
2023-05-16 17:34:52 +02:00
|
|
|
method: "PUT",
|
|
|
|
|
headers: {
|
|
|
|
|
"Content-Type": "application/json",
|
|
|
|
|
},
|
|
|
|
|
body: JSON.stringify({
|
2023-06-29 17:04:34 +02:00
|
|
|
loginName,
|
2024-03-25 15:18:51 +01:00
|
|
|
organization,
|
2024-04-17 14:14:25 +02:00
|
|
|
checks: {
|
|
|
|
|
password: { password: values.password },
|
|
|
|
|
} as Checks,
|
2023-08-22 13:15:33 +02:00
|
|
|
authRequestId,
|
2023-05-16 17:34:52 +02:00
|
|
|
}),
|
|
|
|
|
});
|
|
|
|
|
|
2023-05-22 16:28:47 +02:00
|
|
|
const response = await res.json();
|
|
|
|
|
|
2023-05-24 17:00:25 +02:00
|
|
|
setLoading(false);
|
2023-05-16 17:34:52 +02:00
|
|
|
if (!res.ok) {
|
2024-04-25 09:14:30 +02:00
|
|
|
setError(response.details?.details ?? "Could not verify password");
|
2023-05-22 16:28:47 +02:00
|
|
|
return Promise.reject(response.details);
|
2023-05-16 17:34:52 +02:00
|
|
|
}
|
2023-05-24 17:00:25 +02:00
|
|
|
return response;
|
2023-05-16 17:34:52 +02:00
|
|
|
}
|
|
|
|
|
|
2024-07-15 17:20:38 +02:00
|
|
|
async function resetPassword() {
|
|
|
|
|
setError("");
|
|
|
|
|
setLoading(true);
|
|
|
|
|
|
|
|
|
|
const res = await fetch("/api/resetpassword", {
|
|
|
|
|
method: "POST",
|
|
|
|
|
headers: {
|
|
|
|
|
"Content-Type": "application/json",
|
|
|
|
|
},
|
|
|
|
|
body: JSON.stringify({
|
|
|
|
|
loginName,
|
|
|
|
|
organization,
|
|
|
|
|
authRequestId,
|
|
|
|
|
}),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const response = await res.json();
|
|
|
|
|
|
|
|
|
|
setLoading(false);
|
|
|
|
|
if (!res.ok) {
|
|
|
|
|
console.log(response.details.details);
|
|
|
|
|
setError(response.details?.details ?? "Could not verify password");
|
|
|
|
|
return Promise.reject(response.details);
|
|
|
|
|
}
|
|
|
|
|
return response;
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-17 13:46:44 +02:00
|
|
|
function submitPasswordAndContinue(value: Inputs): Promise<boolean | void> {
|
2024-04-16 15:33:14 +02:00
|
|
|
return submitPassword(value).then((resp) => {
|
2024-04-18 15:56:20 +02:00
|
|
|
// if user has mfa -> /otp/[method] or /u2f
|
|
|
|
|
// if mfa is forced and user has no mfa -> /mfa/set
|
2024-04-16 09:27:58 +02:00
|
|
|
// if no passwordless -> /passkey/add
|
2024-04-30 11:51:05 +02:00
|
|
|
|
2024-07-17 15:37:57 +02:00
|
|
|
// exclude password and passwordless
|
2024-04-30 11:51:05 +02:00
|
|
|
const availableSecondFactors = resp.authMethods?.filter(
|
2024-04-07 03:56:46 -04:00
|
|
|
(m: AuthenticationMethodType) =>
|
2024-07-17 15:37:57 +02:00
|
|
|
m !== AuthenticationMethodType.PASSWORD &&
|
|
|
|
|
m !== AuthenticationMethodType.PASSKEY,
|
2024-04-30 11:51:05 +02:00
|
|
|
);
|
2024-07-17 15:37:57 +02:00
|
|
|
|
2024-04-30 11:51:05 +02:00
|
|
|
if (availableSecondFactors.length == 1) {
|
2024-04-16 09:29:40 +02:00
|
|
|
const params = new URLSearchParams({
|
|
|
|
|
loginName: resp.factors.user.loginName,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (authRequestId) {
|
2024-04-24 10:25:28 +02:00
|
|
|
params.append("authRequestId", authRequestId);
|
2024-04-16 09:29:40 +02:00
|
|
|
}
|
2024-04-16 09:27:58 +02:00
|
|
|
|
|
|
|
|
if (organization) {
|
|
|
|
|
params.append("organization", organization);
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-30 11:51:05 +02:00
|
|
|
const factor = availableSecondFactors[0];
|
2024-07-17 15:37:57 +02:00
|
|
|
// if passwordless is other method, but user selected password as alternative, perform a login
|
|
|
|
|
if (factor === AuthenticationMethodType.TOTP) {
|
2024-04-30 11:51:05 +02:00
|
|
|
return router.push(`/otp/time-based?` + params);
|
2024-07-17 15:37:57 +02:00
|
|
|
} else if (factor === AuthenticationMethodType.OTP_SMS) {
|
2024-04-30 11:51:05 +02:00
|
|
|
return router.push(`/otp/sms?` + params);
|
2024-07-17 15:37:57 +02:00
|
|
|
} else if (factor === AuthenticationMethodType.OTP_EMAIL) {
|
2024-04-30 11:51:05 +02:00
|
|
|
return router.push(`/otp/email?` + params);
|
2024-07-17 15:37:57 +02:00
|
|
|
} else if (factor === AuthenticationMethodType.U2F) {
|
2024-04-18 15:56:20 +02:00
|
|
|
return router.push(`/u2f?` + params);
|
2024-04-16 15:33:14 +02:00
|
|
|
}
|
2024-04-30 11:51:05 +02:00
|
|
|
} else if (availableSecondFactors.length >= 1) {
|
2024-04-16 15:33:14 +02:00
|
|
|
const params = new URLSearchParams({
|
|
|
|
|
loginName: resp.factors.user.loginName,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (authRequestId) {
|
2024-04-30 11:13:31 +02:00
|
|
|
params.append("authRequestId", authRequestId);
|
2024-04-16 15:33:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (organization) {
|
|
|
|
|
params.append("organization", organization);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return router.push(`/mfa?` + params);
|
2024-07-17 15:02:34 +02:00
|
|
|
} else if (
|
|
|
|
|
resp.factors &&
|
|
|
|
|
!resp.factors.passwordless && // if session was not verified with a passkey
|
|
|
|
|
promptPasswordless && // if explicitly prompted due policy
|
|
|
|
|
!isAlternative // escaped if password was used as an alternative method
|
|
|
|
|
) {
|
2024-04-18 15:56:20 +02:00
|
|
|
const params = new URLSearchParams({
|
|
|
|
|
loginName: resp.factors.user.loginName,
|
2024-07-17 15:02:34 +02:00
|
|
|
promptPasswordless: "true",
|
2024-04-18 15:56:20 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (authRequestId) {
|
2024-04-29 15:48:36 +02:00
|
|
|
params.append("authRequestId", authRequestId);
|
2024-04-18 15:56:20 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (organization) {
|
|
|
|
|
params.append("organization", organization);
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-17 15:02:34 +02:00
|
|
|
return router.push(`/passkey/add?` + params);
|
|
|
|
|
} else if (loginSettings?.forceMfa && !availableSecondFactors.length) {
|
2024-03-25 15:18:51 +01:00
|
|
|
const params = new URLSearchParams({
|
|
|
|
|
loginName: resp.factors.user.loginName,
|
2024-07-17 15:02:34 +02:00
|
|
|
checkAfter: "true", // this defines if the check is directly made after the setup
|
2024-03-25 15:18:51 +01:00
|
|
|
});
|
|
|
|
|
|
2024-04-16 09:29:40 +02:00
|
|
|
if (authRequestId) {
|
2024-04-17 16:22:23 +02:00
|
|
|
params.append("authRequestId", authRequestId);
|
2024-04-16 09:29:40 +02:00
|
|
|
}
|
|
|
|
|
|
2024-03-25 15:18:51 +01:00
|
|
|
if (organization) {
|
|
|
|
|
params.append("organization", organization);
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-17 15:02:34 +02:00
|
|
|
return router.push(`/mfa/set?` + params);
|
2024-07-16 14:28:49 +02:00
|
|
|
} else if (authRequestId && resp.sessionId) {
|
2024-04-16 09:27:58 +02:00
|
|
|
const params = new URLSearchParams({
|
|
|
|
|
sessionId: resp.sessionId,
|
|
|
|
|
authRequest: authRequestId,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (organization) {
|
|
|
|
|
params.append("organization", organization);
|
2024-04-04 15:44:02 +02:00
|
|
|
}
|
2024-04-16 09:27:58 +02:00
|
|
|
|
|
|
|
|
return router.push(`/login?` + params);
|
|
|
|
|
} else {
|
|
|
|
|
// without OIDC flow
|
|
|
|
|
const params = new URLSearchParams(
|
|
|
|
|
authRequestId
|
|
|
|
|
? {
|
|
|
|
|
loginName: resp.factors.user.loginName,
|
|
|
|
|
authRequestId,
|
|
|
|
|
}
|
|
|
|
|
: {
|
|
|
|
|
loginName: resp.factors.user.loginName,
|
2024-05-13 16:17:12 -04:00
|
|
|
},
|
2024-04-16 09:27:58 +02:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
if (organization) {
|
|
|
|
|
params.append("organization", organization);
|
2024-03-06 14:44:48 +01:00
|
|
|
}
|
2024-04-16 09:27:58 +02:00
|
|
|
|
|
|
|
|
return router.push(`/signedin?` + params);
|
2023-06-19 15:59:16 +02:00
|
|
|
}
|
2023-05-16 17:34:52 +02:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (
|
|
|
|
|
<form className="w-full">
|
2023-05-23 11:15:47 +02:00
|
|
|
<div className={`${error && "transform-gpu animate-shake"}`}>
|
2023-05-16 17:34:52 +02:00
|
|
|
<TextInput
|
|
|
|
|
type="password"
|
|
|
|
|
autoComplete="password"
|
|
|
|
|
{...register("password", { required: "This field is required" })}
|
2023-05-17 13:46:44 +02:00
|
|
|
label="Password"
|
2023-05-16 17:34:52 +02:00
|
|
|
// error={errors.username?.message as string}
|
|
|
|
|
/>
|
2024-07-15 17:20:38 +02:00
|
|
|
<button
|
|
|
|
|
className="transition-all text-sm hover:text-primary-light-500 dark:hover:text-primary-dark-500"
|
|
|
|
|
onClick={() => resetPassword()}
|
2024-07-16 14:50:15 +02:00
|
|
|
type="button"
|
2024-07-15 17:20:38 +02:00
|
|
|
disabled={loading}
|
|
|
|
|
>
|
|
|
|
|
Reset Password
|
|
|
|
|
</button>
|
2023-05-22 16:28:47 +02:00
|
|
|
|
|
|
|
|
{loginName && (
|
|
|
|
|
<input type="hidden" name="loginName" value={loginName} />
|
|
|
|
|
)}
|
2023-05-16 17:34:52 +02:00
|
|
|
</div>
|
|
|
|
|
|
2023-05-22 16:28:47 +02:00
|
|
|
{error && (
|
|
|
|
|
<div className="py-4">
|
|
|
|
|
<Alert>{error}</Alert>
|
|
|
|
|
</div>
|
|
|
|
|
)}
|
|
|
|
|
|
2023-05-16 17:34:52 +02:00
|
|
|
<div className="mt-8 flex w-full flex-row items-center">
|
2024-07-11 15:56:41 +02:00
|
|
|
<BackButton />
|
2023-05-16 17:34:52 +02:00
|
|
|
<span className="flex-grow"></span>
|
|
|
|
|
<Button
|
|
|
|
|
type="submit"
|
|
|
|
|
className="self-end"
|
|
|
|
|
variant={ButtonVariants.Primary}
|
|
|
|
|
disabled={loading || !formState.isValid}
|
2023-05-17 13:46:44 +02:00
|
|
|
onClick={handleSubmit(submitPasswordAndContinue)}
|
2023-05-16 17:34:52 +02:00
|
|
|
>
|
|
|
|
|
{loading && <Spinner className="h-5 w-5 mr-2" />}
|
|
|
|
|
continue
|
|
|
|
|
</Button>
|
|
|
|
|
</div>
|
|
|
|
|
</form>
|
|
|
|
|
);
|
|
|
|
|
}
|
