TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-12 09:54:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

cleanup setsession

Browse Source
This commit is contained in:
peintnermax
2024-04-16 09:27:58 +02:00
parent cee9c272be
commit 1a06f4257c
3 changed files with 70 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apps/login/lib/zitadel.ts
View File

@@ -190,10 +190,8 @@ export async function setSession(
server: ZitadelServer, server: ZitadelServer,
sessionId: string, sessionId: string,
sessionToken: string, sessionToken: string,
password: string | undefined, challenges: RequestChallenges | undefined,
totpCode: string | undefined, checks: Checks
webAuthN: { credentialAssertionData: any } | undefined,
challenges: RequestChallenges | undefined
): Promise<SetSessionResponse | undefined> { ): Promise<SetSessionResponse | undefined> {
const sessionService = session.getSession(server); const sessionService = session.getSession(server);
@@ -205,16 +203,8 @@ export async function setSession(
metadata: {}, metadata: {},
}; };
if (password && payload.checks) { if (checks && payload.checks) {
payload.checks.password = { password }; payload.checks = checks;
}
if (totpCode && payload.checks) {
payload.checks.totp = { code: totpCode };
}
if (webAuthN && payload.checks) {
payload.checks.webAuthN = webAuthN;
} }
return sessionService.setSession(payload, {}); return sessionService.setSession(payload, {});

104
apps/login/ui/PasswordForm.tsx
View File

@@ -69,7 +69,27 @@ export default function PasswordForm({
function submitPasswordAndContinue(value: Inputs): Promise<boolean | void> { function submitPasswordAndContinue(value: Inputs): Promise<boolean | void> {
return submitPassword(value).then((resp: any) => { return submitPassword(value).then((resp: any) => {
if ( // if user has mfa -> /totp
// if mfa is forced -> /mfa/set
// if no passwordless -> /passkey/add
if (resp.authFactors?.length >= 1) {
const params = new URLSearchParams(
authRequestId
? {
loginName: resp.factors.user.loginName,
authRequestId,
}
: {
loginName: resp.factors.user.loginName,
}
);
if (organization) {
params.append("organization", organization);
}
return router.push(`/mfa/set?` + params);
} else if (
resp.factors && resp.factors &&
!resp.factors.passwordless && // if session was not verified with a passkey !resp.factors.passwordless && // if session was not verified with a passkey
promptPasswordless && // if explicitly prompted due policy promptPasswordless && // if explicitly prompted due policy
@@ -85,67 +105,35 @@ export default function PasswordForm({
} }
return router.push(`/passkey/add?` + params); return router.push(`/passkey/add?` + params);
} else if (authRequestId && resp && resp.sessionId) {
const params = new URLSearchParams({
sessionId: resp.sessionId,
authRequest: authRequestId,
});
if (organization) {
params.append("organization", organization);
}
return router.push(`/login?` + params);
} else { } else {
let continueWithMfa = undefined; // without OIDC flow
if ( const params = new URLSearchParams(
loginSettings?.forceMfa && authRequestId
resp.authFactors?.length >= 1 // TODO if forceMFA is set and no user methods prompt to add method (/mfa/add) ? {
) { loginName: resp.factors.user.loginName,
if (loginSettings.secondFactors?.length === 1) { authRequestId,
continueWithMfa = loginSettings.secondFactors[0]; }
} else { : {
// continueWithMfa = loginSettings.secondFactors[0]; loginName: resp.factors.user.loginName,
// render selection page for mfa (/mfa/select) }
} );
} else if (loginSettings?.forceMfa && resp.authFactors?.length === 0) {
const params = new URLSearchParams(
authRequestId
? {
loginName: resp.factors.user.loginName,
authRequestId,
}
: {
loginName: resp.factors.user.loginName,
}
);
if (organization) { if (organization) {
params.append("organization", organization); params.append("organization", organization);
}
return router.push(`/mfa/set?` + params);
} }
// OIDC flows
if (authRequestId && resp && resp.sessionId) {
const params = new URLSearchParams({
sessionId: resp.sessionId,
authRequest: authRequestId,
});
if (organization) { return router.push(`/signedin?` + params);
params.append("organization", organization);
}
return router.push(`/login?` + params);
} else {
// without OIDC flow
const params = new URLSearchParams(
authRequestId
? {
loginName: resp.factors.user.loginName,
authRequestId,
}
: {
loginName: resp.factors.user.loginName,
}
);
if (organization) {
params.append("organization", organization);
}
return router.push(`/signedin?` + params);
}
} }
}); });
} }

25
apps/login/utils/session.ts
View File

@@ -12,7 +12,12 @@ import {
addSessionToCookie, addSessionToCookie,
updateSessionCookie, updateSessionCookie,
} from "./cookies"; } from "./cookies";
import { Session, Challenges, RequestChallenges } from "@zitadel/server"; import {
Session,
Challenges,
RequestChallenges,
Checks,
} from "@zitadel/server";
export async function createSessionAndUpdateCookie( export async function createSessionAndUpdateCookie(
loginName: string, loginName: string,
@@ -189,14 +194,24 @@ export async function setSessionAndUpdateCookie(
totpCode: string | undefined, totpCode: string | undefined,
authRequestId: string | undefined authRequestId: string | undefined
): Promise<SessionWithChallenges> { ): Promise<SessionWithChallenges> {
const checks: Checks = {};
if (password) {
checks.password = { password };
}
if (webAuthN) {
checks.webAuthN = webAuthN;
}
if (totpCode) {
checks.totp = { code: totpCode };
}
return setSession( return setSession(
server, server,
recentCookie.id, recentCookie.id,
recentCookie.token, recentCookie.token,
password, challenges,
totpCode, checks
webAuthN,
challenges
).then((updatedSession) => { ).then((updatedSession) => {
if (updatedSession) { if (updatedSession) {
const sessionCookie: SessionCookie = { const sessionCookie: SessionCookie = {