mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-25 16:17:42 +00:00
verify check, mfa check response
This commit is contained in:
Max Peintner
@@ -98,7 +98,10 @@ export async function createNewSessionFromIdpIntent(
|
|||||||
}
|
}
|
||||||
|
|
||||||
// TODO: check if user has MFA methods
|
// TODO: check if user has MFA methods
|
||||||
// checkMFAFactors(session, loginSettings, authMethods, organization, authRequestId);
|
// const mfaFactorCheck = checkMFAFactors(session, loginSettings, authMethods, organization, authRequestId);
|
||||||
|
// if (mfaFactorCheck?.redirect) {
|
||||||
|
// return mfaFactorCheck;
|
||||||
|
// }
|
||||||
|
|
||||||
const url = await getNextUrl(
|
const url = await getNextUrl(
|
||||||
command.authRequestId && session.id
|
command.authRequestId && session.id
|
||||||
|
|||||||
@@ -185,7 +185,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
|
|||||||
return { error: "Could not verify password!" };
|
return { error: "Could not verify password!" };
|
||||||
}
|
}
|
||||||
|
|
||||||
checkMFAFactors(
|
const mfaFactorCheck = checkMFAFactors(
|
||||||
session,
|
session,
|
||||||
loginSettings,
|
loginSettings,
|
||||||
authMethods,
|
authMethods,
|
||||||
@@ -193,6 +193,10 @@ export async function sendPassword(command: UpdateSessionCommand) {
|
|||||||
command.authRequestId,
|
command.authRequestId,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (mfaFactorCheck?.redirect) {
|
||||||
|
return mfaFactorCheck;
|
||||||
|
}
|
||||||
|
|
||||||
if (command.authRequestId && session.id) {
|
if (command.authRequestId && session.id) {
|
||||||
const nextUrl = await getNextUrl(
|
const nextUrl = await getNextUrl(
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -1,7 +1,7 @@
|
|||||||
"use server";
|
"use server";
|
||||||
|
|
||||||
import { createSessionAndUpdateCookie } from "@/lib/server/cookie";
|
import { createSessionAndUpdateCookie } from "@/lib/server/cookie";
|
||||||
import { addHumanUser, getLoginSettings } from "@/lib/zitadel";
|
import { addHumanUser, getLoginSettings, getUserByID } from "@/lib/zitadel";
|
||||||
import { create } from "@zitadel/client";
|
import { create } from "@zitadel/client";
|
||||||
import { Factors } from "@zitadel/proto/zitadel/session/v2/session_pb";
|
import { Factors } from "@zitadel/proto/zitadel/session/v2/session_pb";
|
||||||
import {
|
import {
|
||||||
@@ -9,6 +9,7 @@ import {
|
|||||||
ChecksSchema,
|
ChecksSchema,
|
||||||
} from "@zitadel/proto/zitadel/session/v2/session_service_pb";
|
} from "@zitadel/proto/zitadel/session/v2/session_service_pb";
|
||||||
import { getNextUrl } from "../client";
|
import { getNextUrl } from "../client";
|
||||||
|
import { checkEmailVerification } from "../verify-helper";
|
||||||
|
|
||||||
type RegisterUserCommand = {
|
type RegisterUserCommand = {
|
||||||
email: string;
|
email: string;
|
||||||
@@ -25,7 +26,7 @@ export type RegisterUserResponse = {
|
|||||||
factors: Factors | undefined;
|
factors: Factors | undefined;
|
||||||
};
|
};
|
||||||
export async function registerUser(command: RegisterUserCommand) {
|
export async function registerUser(command: RegisterUserCommand) {
|
||||||
const human = await addHumanUser({
|
const addResponse = await addHumanUser({
|
||||||
email: command.email,
|
email: command.email,
|
||||||
firstName: command.firstName,
|
firstName: command.firstName,
|
||||||
lastName: command.lastName,
|
lastName: command.lastName,
|
||||||
@@ -33,14 +34,14 @@ export async function registerUser(command: RegisterUserCommand) {
|
|||||||
organization: command.organization,
|
organization: command.organization,
|
||||||
});
|
});
|
||||||
|
|
||||||
if (!human) {
|
if (!addResponse) {
|
||||||
return { error: "Could not create user" };
|
return { error: "Could not create user" };
|
||||||
}
|
}
|
||||||
|
|
||||||
const loginSettings = await getLoginSettings(command.organization);
|
const loginSettings = await getLoginSettings(command.organization);
|
||||||
|
|
||||||
let checkPayload: any = {
|
let checkPayload: any = {
|
||||||
user: { search: { case: "userId", value: human.userId } },
|
user: { search: { case: "userId", value: addResponse.userId } },
|
||||||
};
|
};
|
||||||
|
|
||||||
if (command.password) {
|
if (command.password) {
|
||||||
@@ -75,6 +76,28 @@ export async function registerUser(command: RegisterUserCommand) {
|
|||||||
|
|
||||||
return { redirect: "/passkey/set?" + params };
|
return { redirect: "/passkey/set?" + params };
|
||||||
} else {
|
} else {
|
||||||
|
const userResponse = await getUserByID(session?.factors?.user?.id);
|
||||||
|
|
||||||
|
if (!userResponse.user) {
|
||||||
|
return { error: "Could not find user" };
|
||||||
|
}
|
||||||
|
|
||||||
|
const humanUser =
|
||||||
|
userResponse.user.type.case === "human"
|
||||||
|
? userResponse.user.type.value
|
||||||
|
: undefined;
|
||||||
|
|
||||||
|
const emailVerificationCheck = checkEmailVerification(
|
||||||
|
session,
|
||||||
|
humanUser,
|
||||||
|
session.factors.user.organizationId,
|
||||||
|
command.authRequestId,
|
||||||
|
);
|
||||||
|
|
||||||
|
if (emailVerificationCheck?.redirect) {
|
||||||
|
return emailVerificationCheck;
|
||||||
|
}
|
||||||
|
|
||||||
const url = await getNextUrl(
|
const url = await getNextUrl(
|
||||||
command.authRequestId && session.id
|
command.authRequestId && session.id
|
||||||
? {
|
? {
|
||||||
|
|||||||
@@ -139,7 +139,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// redirect to mfa factor if user has one, or redirect to set one up
|
// redirect to mfa factor if user has one, or redirect to set one up
|
||||||
checkMFAFactors(
|
const mfaFactorCheck = checkMFAFactors(
|
||||||
session,
|
session,
|
||||||
loginSettings,
|
loginSettings,
|
||||||
authMethodResponse.authMethodTypes,
|
authMethodResponse.authMethodTypes,
|
||||||
@@ -147,6 +147,10 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
|
|||||||
command.authRequestId,
|
command.authRequestId,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (mfaFactorCheck?.redirect) {
|
||||||
|
return mfaFactorCheck;
|
||||||
|
}
|
||||||
|
|
||||||
// login user if no additional steps are required
|
// login user if no additional steps are required
|
||||||
if (command.authRequestId && session.id) {
|
if (command.authRequestId && session.id) {
|
||||||
const nextUrl = await getNextUrl(
|
const nextUrl = await getNextUrl(
|
||||||
@@ -299,7 +303,7 @@ export async function sendVerificationRedirectWithoutCheck(
|
|||||||
const loginSettings = await getLoginSettings(user.details?.resourceOwner);
|
const loginSettings = await getLoginSettings(user.details?.resourceOwner);
|
||||||
|
|
||||||
// redirect to mfa factor if user has one, or redirect to set one up
|
// redirect to mfa factor if user has one, or redirect to set one up
|
||||||
checkMFAFactors(
|
const mfaFactorCheck = checkMFAFactors(
|
||||||
session,
|
session,
|
||||||
loginSettings,
|
loginSettings,
|
||||||
authMethodResponse.authMethodTypes,
|
authMethodResponse.authMethodTypes,
|
||||||
@@ -307,6 +311,10 @@ export async function sendVerificationRedirectWithoutCheck(
|
|||||||
command.authRequestId,
|
command.authRequestId,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if (mfaFactorCheck?.redirect) {
|
||||||
|
return mfaFactorCheck;
|
||||||
|
}
|
||||||
|
|
||||||
// login user if no additional steps are required
|
// login user if no additional steps are required
|
||||||
if (command.authRequestId && session.id) {
|
if (command.authRequestId && session.id) {
|
||||||
const nextUrl = await getNextUrl(
|
const nextUrl = await getNextUrl(
|
||||||
|
|||||||
Reference in New Issue
Block a user