TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-13 10:57:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

move userverificationcheck to server action

Browse Source
This commit is contained in:
Max Peintner
2025-05-21 10:15:17 +02:00
parent b6e7dba3a6
commit 14a8e74b69
6 changed files with 40 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
apps/login/src/app/(login)/verify/page.tsx
View File

@@ -6,7 +6,7 @@ import { VerifyRedirectButton } from "@/components/verify-redirect-button";
import { sendEmailCode } from "@/lib/server/verify"; import { sendEmailCode } from "@/lib/server/verify";
import { getServiceUrlFromHeaders } from "@/lib/service-url"; import { getServiceUrlFromHeaders } from "@/lib/service-url";
import { loadMostRecentSession } from "@/lib/session"; import { loadMostRecentSession } from "@/lib/session";
import { checkUserVerification } from "@/lib/verify-helper"; import { checkUserVerification } from "@/lib/verification-helper";
import { import {
getBrandingSettings, getBrandingSettings,
getUserByID, getUserByID,

3
apps/login/src/lib/server/loginname.ts
View File

@@ -9,7 +9,8 @@ import { idpTypeToIdentityProviderType, idpTypeToSlug } from "../idp";
import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb"; import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
import { UserState } from "@zitadel/proto/zitadel/user/v2/user_pb"; import { UserState } from "@zitadel/proto/zitadel/user/v2/user_pb";
import { getServiceUrlFromHeaders } from "../service-url"; import { getServiceUrlFromHeaders } from "../service-url";
import { checkEmailVerified, checkUserVerification } from "../verify-helper"; import { checkUserVerification } from "../verification-helper";
import { checkEmailVerified } from "../verify-helper";
import { import {
getActiveIdentityProviders, getActiveIdentityProviders,
getIDPByID, getIDPByID,

6
apps/login/src/lib/server/passkeys.ts
View File

@@ -25,10 +25,8 @@ import {
getSessionCookieByLoginName, getSessionCookieByLoginName,
} from "../cookies"; } from "../cookies";
import { getServiceUrlFromHeaders } from "../service-url"; import { getServiceUrlFromHeaders } from "../service-url";
import { import { checkUserVerification } from "../verification-helper";
checkEmailVerification, import { checkEmailVerification } from "../verify-helper";
checkUserVerification,
} from "../verify-helper";
import { setSessionAndUpdateCookie } from "./cookie"; import { setSessionAndUpdateCookie } from "./cookie";
type VerifyPasskeyCommand = { type VerifyPasskeyCommand = {

2
apps/login/src/lib/server/password.ts
View File

@@ -29,11 +29,11 @@ import { headers } from "next/headers";
import { getNextUrl } from "../client"; import { getNextUrl } from "../client";
import { getSessionCookieById, getSessionCookieByLoginName } from "../cookies"; import { getSessionCookieById, getSessionCookieByLoginName } from "../cookies";
import { getServiceUrlFromHeaders } from "../service-url"; import { getServiceUrlFromHeaders } from "../service-url";
import { checkUserVerification } from "../verification-helper";
import { import {
checkEmailVerification, checkEmailVerification,
checkMFAFactors, checkMFAFactors,
checkPasswordChangeRequired, checkPasswordChangeRequired,
checkUserVerification,
} from "../verify-helper"; } from "../verify-helper";
type ResetPasswordCommand = { type ResetPasswordCommand = {

34
apps/login/src/lib/verification-helper.ts Normal file
View File

@@ -0,0 +1,34 @@
"use server";
import crypto from "crypto";
import { cookies } from "next/headers";
import { getOrSetFingerprintId } from "./fingerprint";
export async function checkUserVerification(userId: string): Promise<boolean> {
// check if a verification was done earlier
const cookiesList = await cookies();
const userAgentId = await getOrSetFingerprintId();
const verificationCheck = crypto
.createHash("sha256")
.update(`${userId}:${userAgentId}`)
.digest("hex");
const cookieValue = await cookiesList.get("verificationCheck")?.value;
if (!cookieValue) {
console.warn(
"User verification check cookie not found. User verification check failed.",
);
return false;
}
if (cookieValue !== verificationCheck) {
console.warn(
`User verification check failed. Expected ${verificationCheck} but got ${cookieValue}`,
);
return false;
}
return true;
}

32
apps/login/src/lib/verify-helper.ts
View File

@@ -4,10 +4,7 @@ import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings
import { PasswordExpirySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb"; import { PasswordExpirySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
import { HumanUser } from "@zitadel/proto/zitadel/user/v2/user_pb"; import { HumanUser } from "@zitadel/proto/zitadel/user/v2/user_pb";
import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb"; import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
import crypto from "crypto";
import moment from "moment"; import moment from "moment";
import { cookies } from "next/headers";
import { getOrSetFingerprintId } from "./fingerprint";
import { getUserByID } from "./zitadel"; import { getUserByID } from "./zitadel";
export function checkPasswordChangeRequired( export function checkPasswordChangeRequired(
@@ -252,32 +249,3 @@ export async function checkMFAFactors(
return { redirect: `/mfa/set?` + params }; return { redirect: `/mfa/set?` + params };
} }
} }
export async function checkUserVerification(userId: string): Promise<boolean> {
// check if a verification was done earlier
const cookiesList = await cookies();
const userAgentId = await getOrSetFingerprintId();
const verificationCheck = crypto
.createHash("sha256")
.update(`${userId}:${userAgentId}`)
.digest("hex");
const cookieValue = await cookiesList.get("verificationCheck")?.value;
if (!cookieValue) {
console.warn(
"User verification check cookie not found. User verification check failed.",
);
return false;
}
if (cookieValue !== verificationCheck) {
console.warn(
`User verification check failed. Expected ${verificationCheck} but got ${cookieValue}`,
);
return false;
}
return true;
}