From 2f7c628dcdfa0afbb569f9d2f4ffbbf3b1341d37 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Tue, 6 May 2025 14:55:20 +0200 Subject: [PATCH] cleanup --- apps/login/locales/de.json | 1 + apps/login/locales/en.json | 1 + apps/login/locales/es.json | 1 + apps/login/locales/it.json | 1 + apps/login/locales/pl.json | 1 + apps/login/locales/ru.json | 1 + apps/login/locales/zh.json | 1 + .../src/app/(login)/device/consent/page.tsx | 2 +- apps/login/src/app/login/route.ts | 11 -- apps/login/src/lib/device.ts | 125 ------------------ 10 files changed, 8 insertions(+), 137 deletions(-) delete mode 100644 apps/login/src/lib/device.ts diff --git a/apps/login/locales/de.json b/apps/login/locales/de.json index 25f2ad4b38..f01d3d8f10 100644 --- a/apps/login/locales/de.json +++ b/apps/login/locales/de.json @@ -207,6 +207,7 @@ } }, "error": { + "noUserCode": "Kein Benutzercode angegeben!", "noDeviceRequest": " Es wurde keine Geräteanforderung gefunden. Bitte überprüfen Sie die URL.", "unknownContext": "Der Kontext des Benutzers konnte nicht ermittelt werden. Stellen Sie sicher, dass Sie zuerst den Benutzernamen eingeben oder einen loginName als Suchparameter angeben.", "sessionExpired": "Ihre aktuelle Sitzung ist abgelaufen. Bitte melden Sie sich erneut an.", diff --git a/apps/login/locales/en.json b/apps/login/locales/en.json index efcb5a8503..49f1fb99da 100644 --- a/apps/login/locales/en.json +++ b/apps/login/locales/en.json @@ -207,6 +207,7 @@ } }, "error": { + "noUserCode": "No user code provided!", "noDeviceRequest": "No device request found.", "unknownContext": "Could not get the context of the user. Make sure to enter the username first or provide a loginName as searchParam.", "sessionExpired": "Your current session has expired. Please login again.", diff --git a/apps/login/locales/es.json b/apps/login/locales/es.json index 9a9f63f5cd..8ec58e2b55 100644 --- a/apps/login/locales/es.json +++ b/apps/login/locales/es.json @@ -207,6 +207,7 @@ } }, "error": { + "noUserCode": "¡No se proporcionó código de usuario!", "noDeviceRequest": "No se encontró ninguna solicitud de dispositivo.", "unknownContext": "No se pudo obtener el contexto del usuario. Asegúrate de ingresar primero el nombre de usuario o proporcionar un loginName como parámetro de búsqueda.", "sessionExpired": "Tu sesión actual ha expirado. Por favor, inicia sesión de nuevo.", diff --git a/apps/login/locales/it.json b/apps/login/locales/it.json index af1a60f3cd..c59aeda2ab 100644 --- a/apps/login/locales/it.json +++ b/apps/login/locales/it.json @@ -207,6 +207,7 @@ } }, "error": { + "noUserCode": "Nessun codice utente fornito!", "noDeviceRequest": "Nessuna richiesta di dispositivo trovata.", "unknownContext": "Impossibile ottenere il contesto dell'utente. Assicurati di inserire prima il nome utente o di fornire un loginName come parametro di ricerca.", "sessionExpired": "La tua sessione attuale è scaduta. Effettua nuovamente l'accesso.", diff --git a/apps/login/locales/pl.json b/apps/login/locales/pl.json index a82efd9807..132c06f10f 100644 --- a/apps/login/locales/pl.json +++ b/apps/login/locales/pl.json @@ -207,6 +207,7 @@ } }, "error": { + "noUserCode": "Nie podano kodu użytkownika!", "noDeviceRequest": "Nie znaleziono żądania urządzenia.", "unknownContext": "Nie udało się pobrać kontekstu użytkownika. Upewnij się, że najpierw wprowadziłeś nazwę użytkownika lub podałeś login jako parametr wyszukiwania.", "sessionExpired": "Twoja sesja wygasła. Zaloguj się ponownie.", diff --git a/apps/login/locales/ru.json b/apps/login/locales/ru.json index f3ac0dfa43..9a3ecd7cdd 100644 --- a/apps/login/locales/ru.json +++ b/apps/login/locales/ru.json @@ -207,6 +207,7 @@ } }, "error": { + "noUserCode": "Не указан код пользователя!", "noDeviceRequest": "Не найдена ни одна заявка на устройство.", "unknownContext": "Не удалось получить контекст пользователя. Укажите имя пользователя или loginName в параметрах поиска.", "sessionExpired": "Ваша сессия истекла. Войдите снова.", diff --git a/apps/login/locales/zh.json b/apps/login/locales/zh.json index 72c4bc4735..d0fdd44d16 100644 --- a/apps/login/locales/zh.json +++ b/apps/login/locales/zh.json @@ -207,6 +207,7 @@ } }, "error": { + "noUserCode": "未提供用户代码!", "noDeviceRequest": "没有找到设备请求。", "unknownContext": "无法获取用户的上下文。请先输入用户名或提供 loginName 作为搜索参数。", "sessionExpired": "当前会话已过期,请重新登录。", diff --git a/apps/login/src/app/(login)/device/consent/page.tsx b/apps/login/src/app/(login)/device/consent/page.tsx index 150c9b4043..9d55f4f6b8 100644 --- a/apps/login/src/app/(login)/device/consent/page.tsx +++ b/apps/login/src/app/(login)/device/consent/page.tsx @@ -22,7 +22,7 @@ export default async function Page(props: { const organization = searchParams?.organization; if (!userCode || !requestId) { - return
{t("error.no_user_code")}
; + return
{t("error.noUserCode")}
; } const _headers = await headers(); diff --git a/apps/login/src/app/login/route.ts b/apps/login/src/app/login/route.ts index 365f83a225..3072f45229 100644 --- a/apps/login/src/app/login/route.ts +++ b/apps/login/src/app/login/route.ts @@ -1,5 +1,4 @@ import { getAllSessions } from "@/lib/cookies"; -import { loginWithDeviceAndSession } from "@/lib/device"; import { idpTypeToSlug } from "@/lib/idp"; import { loginWithOIDCAndSession } from "@/lib/oidc"; import { loginWithSAMLAndSession } from "@/lib/saml"; @@ -126,16 +125,6 @@ export async function GET(request: NextRequest) { sessionCookies, request, }); - } else if (requestId.startsWith("device_")) { - // this finishes the login process for Device Authorization - return loginWithDeviceAndSession({ - serviceUrl, - deviceRequest: requestId.replace("device_", ""), - sessionId, - sessions, - sessionCookies, - request, - }); } } diff --git a/apps/login/src/lib/device.ts b/apps/login/src/lib/device.ts deleted file mode 100644 index 36074803b9..0000000000 --- a/apps/login/src/lib/device.ts +++ /dev/null @@ -1,125 +0,0 @@ -import { Cookie } from "@/lib/cookies"; -import { sendLoginname, SendLoginnameCommand } from "@/lib/server/loginname"; -import { - authorizeOrDenyDeviceAuthorization, - getLoginSettings, -} from "@/lib/zitadel"; -import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb"; -import { NextRequest, NextResponse } from "next/server"; -import { constructUrl } from "./service"; -import { isSessionValid } from "./session"; - -type LoginWithOIDCandSession = { - serviceUrl: string; - deviceRequest: string; - sessionId: string; - sessions: Session[]; - sessionCookies: Cookie[]; - request: NextRequest; -}; -export async function loginWithDeviceAndSession({ - serviceUrl, - deviceRequest, - sessionId, - sessions, - sessionCookies, - request, -}: LoginWithOIDCandSession) { - console.log( - `Login with session: ${sessionId} and deviceRequest: ${deviceRequest}`, - ); - - const selectedSession = sessions.find((s) => s.id === sessionId); - - if (selectedSession && selectedSession.id) { - console.log(`Found session ${selectedSession.id}`); - - const isValid = await isSessionValid({ - serviceUrl, - session: selectedSession, - }); - - console.log("Session is valid:", isValid); - - if (!isValid && selectedSession.factors?.user) { - // if the session is not valid anymore, we need to redirect the user to re-authenticate / - // TODO: handle IDP intent direcly if available - const command: SendLoginnameCommand = { - loginName: selectedSession.factors.user?.loginName, - organization: selectedSession.factors?.user?.organizationId, - requestId: `device_${deviceRequest}`, - }; - - const res = await sendLoginname(command); - - if (res && "redirect" in res && res?.redirect) { - const absoluteUrl = constructUrl(request, res.redirect); - return NextResponse.redirect(absoluteUrl.toString()); - } - } - - const cookie = sessionCookies.find( - (cookie) => cookie.id === selectedSession?.id, - ); - - if (cookie && cookie.id && cookie.token) { - const session = { - sessionId: cookie?.id, - sessionToken: cookie?.token, - }; - - // works not with _rsc request - try { - const authResponse = await authorizeOrDenyDeviceAuthorization({ - serviceUrl, - deviceAuthorizationId: deviceRequest, - session, - }); - if (!authResponse) { - return NextResponse.json( - { error: "An error occurred!" }, - { status: 500 }, - ); - } - } catch (error: unknown) { - // handle already handled gracefully as these could come up if old emails with requestId are used (reset password, register emails etc.) - console.error(error); - if ( - error && - typeof error === "object" && - "code" in error && - error?.code === 9 - ) { - const loginSettings = await getLoginSettings({ - serviceUrl, - organization: selectedSession.factors?.user?.organizationId, - }); - - if (loginSettings?.defaultRedirectUri) { - return NextResponse.redirect(loginSettings.defaultRedirectUri); - } - - const signedinUrl = constructUrl(request, "/signedin"); - - signedinUrl.searchParams.set("requestId", `device_${deviceRequest}`); - - if (selectedSession.factors?.user?.loginName) { - signedinUrl.searchParams.set( - "loginName", - selectedSession.factors?.user?.loginName, - ); - } - if (selectedSession.factors?.user?.organizationId) { - signedinUrl.searchParams.set( - "organization", - selectedSession.factors?.user?.organizationId, - ); - } - return NextResponse.redirect(signedinUrl); - } else { - return NextResponse.json({ error }, { status: 500 }); - } - } - } - } -}