TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-11 20:32:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

idp cleanup

Browse Source
This commit is contained in:
peintnermax
2024-08-30 10:46:33 +02:00
parent 27fb7f7b27
commit 01df9fc06d
4 changed files with 55 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
apps/login/src/lib/server/session.ts
View File

@@ -19,7 +19,11 @@ import {
} from "@/utils/session"; } from "@/utils/session";
import { headers } from "next/headers"; import { headers } from "next/headers";
import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb"; import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
import { RequestChallenges } from "@zitadel/proto/zitadel/session/v2/challenge_pb"; import {
RequestChallenges,
RequestChallengesSchema,
} from "@zitadel/proto/zitadel/session/v2/challenge_pb";
import { create } from "@zitadel/client";
type CreateNewSessionCommand = { type CreateNewSessionCommand = {
userId: string; userId: string;
@@ -71,7 +75,7 @@ export type UpdateSessionCommand = {
}; };
export async function updateSession(options: UpdateSessionCommand) { export async function updateSession(options: UpdateSessionCommand) {
const { let {
loginName, loginName,
sessionId, sessionId,
organization, organization,
@@ -110,21 +114,25 @@ export async function updateSession(options: UpdateSessionCommand) {
if (recent && challenges && (!challenges.otpEmail || !challenges.otpSms)) { if (recent && challenges && (!challenges.otpEmail || !challenges.otpSms)) {
const sessionResponse = await getSession(recent.id, recent.token); const sessionResponse = await getSession(recent.id, recent.token);
if (sessionResponse && sessionResponse.session.factors.user.id) { if (sessionResponse && sessionResponse?.session?.factors?.user?.id) {
const userResponse = await getUserByID( const userResponse = await getUserByID(
sessionResponse.session.factors.user.id, sessionResponse.session.factors.user.id,
); );
const humanUser = const humanUser =
userResponse.user.type.case === "human" userResponse.user?.type.case === "human"
? userResponse.user.type.value ? userResponse.user.type.value
: undefined; : undefined;
if (!challenges.otpEmail && humanUser.email.email) { if (!challenges.otpEmail && humanUser?.email?.email) {
challenges.otpEmail = humanUser.email.email; challenges = create(RequestChallengesSchema, {
otpEmail: { deliveryType: { case: "sendCode", value: {} } },
});
} }
if (!challenges.otpSms && humanUser.phone.phone) { if (!challenges.otpEmail && humanUser?.email?.email) {
challenges.otpSms = humanUser.phone.phone; challenges = create(RequestChallengesSchema, {
otpSms: { returnCode: true },
});
} }
} }
} }
@@ -138,7 +146,7 @@ export async function updateSession(options: UpdateSessionCommand) {
// if password, check if user has MFA methods // if password, check if user has MFA methods
let authMethods; let authMethods;
if (checks && checks.password && session.factors.user.id) { if (checks && checks.password && session.factors?.user?.id) {
const response = await listAuthenticationMethodTypes( const response = await listAuthenticationMethodTypes(
session.factors.user.id, session.factors.user.id,
); );

14
apps/login/src/ui/PasswordForm.tsx
View File

@@ -12,7 +12,9 @@ import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings
import { import {
CheckPassword, CheckPassword,
Checks, Checks,
ChecksSchema,
} from "@zitadel/proto/zitadel/session/v2/session_service_pb"; } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
import { create } from "@zitadel/client";
import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb"; import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
import { updateSession } from "@/lib/server/session"; import { updateSession } from "@/lib/server/session";
@@ -54,9 +56,9 @@ export default function PasswordForm({
const response = await updateSession({ const response = await updateSession({
loginName, loginName,
organization, organization,
checks: { checks: create(ChecksSchema, {
password: { password: values.password }, password: { password: values.password },
} as Checks, }),
authRequestId, authRequestId,
}).catch((error: Error) => { }).catch((error: Error) => {
setError(error.message ?? "Could not verify password"); setError(error.message ?? "Could not verify password");
@@ -103,7 +105,11 @@ export default function PasswordForm({
// if no passwordless -> /passkey/add // if no passwordless -> /passkey/add
// exclude password and passwordless // exclude password and passwordless
if (!submitted || !submitted.authMethods) { if (
!submitted ||
!submitted.authMethods ||
!submitted.factors?.user?.loginName
) {
setError("Could not verify password"); setError("Could not verify password");
return; return;
} }
@@ -154,7 +160,7 @@ export default function PasswordForm({
return router.push(`/mfa?` + params); return router.push(`/mfa?` + params);
} else if ( } else if (
submitted.factors && submitted.factors &&
!submitted.factors.passwordless && // if session was not verified with a passkey !submitted.factors.webAuthN && // if session was not verified with a passkey
promptPasswordless && // if explicitly prompted due policy promptPasswordless && // if explicitly prompted due policy
!isAlternative // escaped if password was used as an alternative method !isAlternative // escaped if password was used as an alternative method
) { ) {

47
apps/login/src/ui/SignInWithIDP.tsx
View File

@@ -60,6 +60,17 @@ export function SignInWithIDP({
return response; return response;
} }
async function navigateToAuthUrl(id: string, type: IdentityProviderType) {
const startFlowResponse = await startFlow(id, idpTypeToSlug(type));
if (
startFlowResponse &&
startFlowResponse.nextStep.case === "authUrl" &&
startFlowResponse?.nextStep.value
) {
router.push(startFlowResponse.nextStep.value);
}
}
return ( return (
<div className="flex flex-col w-full space-y-2 text-sm"> <div className="flex flex-col w-full space-y-2 text-sm">
{identityProviders && {identityProviders &&
@@ -70,12 +81,7 @@ export function SignInWithIDP({
<SignInWithGithub <SignInWithGithub
key={`idp-${i}`} key={`idp-${i}`}
onClick={() => onClick={() =>
startFlow( navigateToAuthUrl(idp.id, IdentityProviderType.GITHUB)
idp.id,
idpTypeToSlug(IdentityProviderType.GITHUB),
).then(({ authUrl }) => {
router.push(authUrl);
})
} }
></SignInWithGithub> ></SignInWithGithub>
); );
@@ -83,7 +89,9 @@ export function SignInWithIDP({
return ( return (
<SignInWithGithub <SignInWithGithub
key={`idp-${i}`} key={`idp-${i}`}
onClick={() => alert("TODO: unimplemented")} onClick={() =>
navigateToAuthUrl(idp.id, IdentityProviderType.GITHUB_ES)
}
></SignInWithGithub> ></SignInWithGithub>
); );
case IdentityProviderType.AZURE_AD: case IdentityProviderType.AZURE_AD:
@@ -91,12 +99,7 @@ export function SignInWithIDP({
<SignInWithAzureAD <SignInWithAzureAD
key={`idp-${i}`} key={`idp-${i}`}
onClick={() => onClick={() =>
startFlow( navigateToAuthUrl(idp.id, IdentityProviderType.AZURE_AD)
idp.id,
idpTypeToSlug(IdentityProviderType.AZURE_AD),
).then(({ authUrl }) => {
router.push(authUrl);
})
} }
></SignInWithAzureAD> ></SignInWithAzureAD>
); );
@@ -107,12 +110,7 @@ export function SignInWithIDP({
e2e="google" e2e="google"
name={idp.name} name={idp.name}
onClick={() => onClick={() =>
startFlow( navigateToAuthUrl(idp.id, IdentityProviderType.GOOGLE)
idp.id,
idpTypeToSlug(IdentityProviderType.GOOGLE),
).then(({ authUrl }) => {
router.push(authUrl);
})
} }
></SignInWithGoogle> ></SignInWithGoogle>
); );
@@ -120,14 +118,21 @@ export function SignInWithIDP({
return ( return (
<SignInWithGitlab <SignInWithGitlab
key={`idp-${i}`} key={`idp-${i}`}
onClick={() => alert("TODO: unimplemented")} onClick={() =>
navigateToAuthUrl(idp.id, IdentityProviderType.GITLAB)
}
></SignInWithGitlab> ></SignInWithGitlab>
); );
case IdentityProviderType.GITLAB_SELF_HOSTED: case IdentityProviderType.GITLAB_SELF_HOSTED:
return ( return (
<SignInWithGitlab <SignInWithGitlab
key={`idp-${i}`} key={`idp-${i}`}
onClick={() => alert("TODO: unimplemented")} onClick={() =>
navigateToAuthUrl(
idp.id,
IdentityProviderType.GITLAB_SELF_HOSTED,
)
}
></SignInWithGitlab> ></SignInWithGitlab>
); );
default: default:

4
packages/zitadel-client/src/v3alpha.ts
View File

@@ -1,5 +1,5 @@
import { ZITADELUsers } from "@zitadel/proto/zitadel/resources/user/v3alpha/user_service_connect"; import { ZITADELUsers } from "@zitadel/proto/zitadel/resources/user/v3alpha/user_service_pb";
import { ZITADELUserSchemas } from "@zitadel/proto/zitadel/resources/userschema/v3alpha/user_schema_service_connect"; import { ZITADELUserSchemas } from "@zitadel/proto/zitadel/resources/userschema/v3alpha/user_schema_service_pb";
import { createClientFor } from "./helpers"; import { createClientFor } from "./helpers";
export const createUserSchemaServiceClient = createClientFor(ZITADELUserSchemas); export const createUserSchemaServiceClient = createClientFor(ZITADELUserSchemas);