mirror of
				https://github.com/zitadel/zitadel.git
				synced 2025-10-25 20:38:48 +00:00 
			
		
		
		
	fix(login): ignore select_account in case there aren't any session to choose (#7981)
# Which Problems Are Solved When poviding `select_account` in an OIDC auth request, ZITADEL would always show the account selection page even if there aren't any user sessions to choose and the user would then need to click the `Other User` button to be presented the login page. # How the Problems Are Solved This PR changes the behavior and ignores the `select_account` prompt in case there aren't any existing user sessions and will directly present the login page. # Additional Changes None # Additional Context Closes #7213
This commit is contained in:
		| @@ -1113,19 +1113,24 @@ func (repo *AuthRequestRepo) nextStepsUser(ctx context.Context, request *domain. | ||||
| 	if len(request.Prompt) > 0 && !domain.IsPrompt(request.Prompt, domain.PromptSelectAccount) { | ||||
| 		return append(steps, new(domain.LoginStep)), nil | ||||
| 	} else { | ||||
| 		// if no user was specified, no prompt or select_account was provided, | ||||
| 		// if no user was specified, either select_account or no prompt was provided, | ||||
| 		// then check the active user sessions (of the user agent) | ||||
| 		users, err := repo.usersForUserSelection(ctx, request) | ||||
| 		if err != nil { | ||||
| 			return nil, err | ||||
| 		} | ||||
| 		if domain.IsPrompt(request.Prompt, domain.PromptSelectAccount) { | ||||
| 		// in case select_account was specified ignore it if there aren't any user sessions | ||||
| 		if domain.IsPrompt(request.Prompt, domain.PromptSelectAccount) && len(users) > 0 { | ||||
| 			steps = append(steps, &domain.SelectUserStep{Users: users}) | ||||
| 		} | ||||
| 		// If we get here, either no sessions were found for select_account | ||||
| 		// or no prompt was provided. | ||||
| 		// In either case if there was a specific idp is selected (scope), directly redirect | ||||
| 		if request.SelectedIDPConfigID != "" { | ||||
| 			steps = append(steps, &domain.RedirectToExternalIDPStep{}) | ||||
| 		} | ||||
| 		if len(request.Prompt) == 0 && len(users) == 0 { | ||||
| 		// or there aren't any sessions to use, present the login page (https://github.com/zitadel/zitadel/issues/7213) | ||||
| 		if len(users) == 0 { | ||||
| 			steps = append(steps, new(domain.LoginStep)) | ||||
| 		} | ||||
| 		// if no prompt was provided, but there are multiple user sessions, then the user must decide which to use | ||||
|   | ||||
| @@ -466,7 +466,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { | ||||
| 			nil, | ||||
| 		}, | ||||
| 		{ | ||||
| 			"user not set, prompt select account, no active session, select account step", | ||||
| 			"user not set, prompt select account, no active session, login step", | ||||
| 			fields{ | ||||
| 				userSessionViewProvider: &mockViewUserSession{ | ||||
| 					Users: nil, | ||||
| @@ -475,9 +475,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { | ||||
| 			}, | ||||
| 			args{&domain.AuthRequest{Prompt: []domain.Prompt{domain.PromptSelectAccount}}, false}, | ||||
| 			[]domain.NextStep{ | ||||
| 				&domain.SelectUserStep{ | ||||
| 					Users: []domain.UserSelection{}, | ||||
| 				}}, | ||||
| 				&domain.LoginStep{}}, | ||||
| 			nil, | ||||
| 		}, | ||||
| 		{ | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Livio Spring
					Livio Spring