fix: improvements for login flow (incl. webauthn) (#1026)

* fix: typo ZITADEL uppercase for OTP Issuer * fix: password validation after change in current user agent * fix: otp validation after setup in current user agent * add waiting * add waiting * show u2f state * regenerate css * add useragentID to webauthn verify * return mfa attribute in mgmt * switch between providers * use preferredLoginName for webauthn display * some fixes * correct translations for login * add some missing event translations * fix usersession test * remove unnecessary cancel button on password change done
2025-08-12 11:27:33 +00:00 · 2020-12-07 12:09:10 +01:00
parent 8b88a0ab86
commit 077a9a628e
48 changed files with 451 additions and 123 deletions
--- a/internal/user/repository/eventsourcing/model/otp.go
+++ b/internal/user/repository/eventsourcing/model/otp.go
@@ -3,6 +3,7 @@ package model
 import (
 	"encoding/json"
 	"github.com/caos/logging"
+
 	"github.com/caos/zitadel/internal/crypto"
 	caos_errs "github.com/caos/zitadel/internal/errors"
 	es_models "github.com/caos/zitadel/internal/eventstore/models"
@@ -16,6 +17,10 @@ type OTP struct {
 	State  int32               `json:"-"`
 }

+type OTPVerified struct {
+	UserAgentID string `json:"userAgentID,omitempty"`
+}
+
 func OTPFromModel(otp *model.OTP) *OTP {
 	return &OTP{
 		ObjectRoot: otp.ObjectRoot,
@@ -55,3 +60,11 @@ func (o *OTP) setData(event *es_models.Event) error {
 	}
 	return nil
 }
+
+func (o *OTPVerified) SetData(event *es_models.Event) error {
+	if err := json.Unmarshal(event.Data, o); err != nil {
+		logging.Log("EVEN-BF421").WithError(err).Error("could not unmarshal event data")
+		return caos_errs.ThrowInternal(err, "MODEL-GB6hj", "could not unmarshal event")
+	}
+	return nil
+}
--- a/internal/user/repository/eventsourcing/model/password.go
+++ b/internal/user/repository/eventsourcing/model/password.go
@@ -26,6 +26,11 @@ type PasswordCode struct {
 	NotificationType int32               `json:"notificationType,omitempty"`
 }

+type PasswordChange struct {
+	Password
+	UserAgentID string `json:"userAgentID,omitempty"`
+}
+
 func PasswordFromModel(password *model.Password) *Password {
 	return &Password{
 		ObjectRoot:     password.ObjectRoot,
@@ -51,6 +56,17 @@ func PasswordCodeToModel(code *PasswordCode) *model.PasswordCode {
 	}
 }

+func PasswordChangeFromModel(password *model.Password, userAgentID string) *PasswordChange {
+	return &PasswordChange{
+		Password: Password{
+			ObjectRoot:     password.ObjectRoot,
+			Secret:         password.SecretCrypto,
+			ChangeRequired: password.ChangeRequired,
+		},
+		UserAgentID: userAgentID,
+	}
+}
+
 func (u *Human) appendUserPasswordChangedEvent(event *es_models.Event) error {
 	u.Password = new(Password)
 	err := u.Password.setData(event)
@@ -84,3 +100,12 @@ func (c *PasswordCode) SetData(event *es_models.Event) error {
 	}
 	return nil
 }
+
+func (pw *PasswordChange) SetData(event *es_models.Event) error {
+	if err := json.Unmarshal(event.Data, pw); err != nil {
+		logging.Log("EVEN-ADs31").WithError(err).Error("could not unmarshal event data")
+		return caos_errs.ThrowInternal(err, "MODEL-BDd32", "could not unmarshal event")
+	}
+	pw.ObjectRoot.AppendEvent(event)
+	return nil
+}
--- a/internal/user/repository/eventsourcing/model/web_auth_n.go
+++ b/internal/user/repository/eventsourcing/model/web_auth_n.go
@@ -32,6 +32,7 @@ type WebAuthNVerify struct {
 	AAGUID            []byte `json:"aaguid"`
 	SignCount         uint32 `json:"signCount"`
 	WebAuthNTokenName string `json:"webAuthNTokenName"`
+	UserAgentID       string `json:"userAgentID,omitempty"`
 }

 type WebAuthNSignCount struct {
@@ -104,7 +105,7 @@ func WebAuthNToModel(webAuthN *WebAuthNToken) *model.WebAuthNToken {
 	}
 }

-func WebAuthNVerifyFromModel(webAuthN *model.WebAuthNToken) *WebAuthNVerify {
+func WebAuthNVerifyFromModel(webAuthN *model.WebAuthNToken, userAgentID string) *WebAuthNVerify {
 	return &WebAuthNVerify{
 		WebAuthNTokenID:   webAuthN.WebAuthNTokenID,
 		KeyID:             webAuthN.KeyID,
@@ -113,6 +114,7 @@ func WebAuthNVerifyFromModel(webAuthN *model.WebAuthNToken) *WebAuthNVerify {
 		SignCount:         webAuthN.SignCount,
 		AttestationType:   webAuthN.AttestationType,
 		WebAuthNTokenName: webAuthN.WebAuthNTokenName,
+		UserAgentID:       userAgentID,
 	}
 }

@@ -148,6 +150,14 @@ func WebAuthNLoginToModel(webAuthN *WebAuthNLogin) *model.WebAuthNLogin {
 	}
 }

+func (w *WebAuthNVerify) SetData(event *es_models.Event) error {
+	if err := json.Unmarshal(event.Data, w); err != nil {
+		logging.Log("EVEN-G342rf").WithError(err).Error("could not unmarshal event data")
+		return caos_errs.ThrowInternal(err, "MODEL-B6641", "could not unmarshal event")
+	}
+	return nil
+}
+
 func (u *Human) appendU2FAddedEvent(event *es_models.Event) error {
 	webauthn := new(WebAuthNToken)
 	err := webauthn.setData(event)