move userverificationcheck to server action

2025-08-12 11:17:32 +00:00 · 2025-05-21 10:15:17 +02:00
parent b6e7dba3a6
commit 14a8e74b69
6 changed files with 40 additions and 39 deletions
--- a/apps/login/src/app/(login)/verify/page.tsx
+++ b/apps/login/src/app/(login)/verify/page.tsx
@@ -6,7 +6,7 @@ import { VerifyRedirectButton } from "@/components/verify-redirect-button";
 import { sendEmailCode } from "@/lib/server/verify";
 import { getServiceUrlFromHeaders } from "@/lib/service-url";
 import { loadMostRecentSession } from "@/lib/session";
-import { checkUserVerification } from "@/lib/verify-helper";
+import { checkUserVerification } from "@/lib/verification-helper";
 import {
  getBrandingSettings,
  getUserByID,
--- a/apps/login/src/lib/server/loginname.ts
+++ b/apps/login/src/lib/server/loginname.ts
@@ -9,7 +9,8 @@ import { idpTypeToIdentityProviderType, idpTypeToSlug } from "../idp";
 import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
 import { UserState } from "@zitadel/proto/zitadel/user/v2/user_pb";
 import { getServiceUrlFromHeaders } from "../service-url";
-import { checkEmailVerified, checkUserVerification } from "../verify-helper";
+import { checkUserVerification } from "../verification-helper";
+import { checkEmailVerified } from "../verify-helper";
 import {
  getActiveIdentityProviders,
  getIDPByID,
--- a/apps/login/src/lib/server/passkeys.ts
+++ b/apps/login/src/lib/server/passkeys.ts
@@ -25,10 +25,8 @@ import {
  getSessionCookieByLoginName,
 } from "../cookies";
 import { getServiceUrlFromHeaders } from "../service-url";
-import {
-  checkEmailVerification,
-  checkUserVerification,
-} from "../verify-helper";
+import { checkUserVerification } from "../verification-helper";
+import { checkEmailVerification } from "../verify-helper";
 import { setSessionAndUpdateCookie } from "./cookie";

 type VerifyPasskeyCommand = {
--- a/apps/login/src/lib/server/password.ts
+++ b/apps/login/src/lib/server/password.ts
@@ -29,11 +29,11 @@ import { headers } from "next/headers";
 import { getNextUrl } from "../client";
 import { getSessionCookieById, getSessionCookieByLoginName } from "../cookies";
 import { getServiceUrlFromHeaders } from "../service-url";
+import { checkUserVerification } from "../verification-helper";
 import {
  checkEmailVerification,
  checkMFAFactors,
  checkPasswordChangeRequired,
-  checkUserVerification,
 } from "../verify-helper";

 type ResetPasswordCommand = {
--- a/apps/login/src/lib/verification-helper.ts
+++ b/apps/login/src/lib/verification-helper.ts
@@ -0,0 +1,34 @@
+"use server";
+
+import crypto from "crypto";
+import { cookies } from "next/headers";
+import { getOrSetFingerprintId } from "./fingerprint";
+
+export async function checkUserVerification(userId: string): Promise<boolean> {
+  // check if a verification was done earlier
+  const cookiesList = await cookies();
+  const userAgentId = await getOrSetFingerprintId();
+
+  const verificationCheck = crypto
+    .createHash("sha256")
+    .update(`${userId}:${userAgentId}`)
+    .digest("hex");
+
+  const cookieValue = await cookiesList.get("verificationCheck")?.value;
+
+  if (!cookieValue) {
+    console.warn(
+      "User verification check cookie not found. User verification check failed.",
+    );
+    return false;
+  }
+
+  if (cookieValue !== verificationCheck) {
+    console.warn(
+      `User verification check failed. Expected ${verificationCheck} but got ${cookieValue}`,
+    );
+    return false;
+  }
+
+  return true;
+}
--- a/apps/login/src/lib/verify-helper.ts
+++ b/apps/login/src/lib/verify-helper.ts
@@ -4,10 +4,7 @@ import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings
 import { PasswordExpirySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
 import { HumanUser } from "@zitadel/proto/zitadel/user/v2/user_pb";
 import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
-import crypto from "crypto";
 import moment from "moment";
-import { cookies } from "next/headers";
-import { getOrSetFingerprintId } from "./fingerprint";
 import { getUserByID } from "./zitadel";

 export function checkPasswordChangeRequired(
@@ -252,32 +249,3 @@ export async function checkMFAFactors(
    return { redirect: `/mfa/set?` + params };
  }
 }
-
-export async function checkUserVerification(userId: string): Promise<boolean> {
-  // check if a verification was done earlier
-  const cookiesList = await cookies();
-  const userAgentId = await getOrSetFingerprintId();
-
-  const verificationCheck = crypto
-    .createHash("sha256")
-    .update(`${userId}:${userAgentId}`)
-    .digest("hex");
-
-  const cookieValue = await cookiesList.get("verificationCheck")?.value;
-
-  if (!cookieValue) {
-    console.warn(
-      "User verification check cookie not found. User verification check failed.",
-    );
-    return false;
-  }
-
-  if (cookieValue !== verificationCheck) {
-    console.warn(
-      `User verification check failed. Expected ${verificationCheck} but got ${cookieValue}`,
-    );
-    return false;
-  }
-
-  return true;
-}