mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-23 17:55:17 +00:00
service Region context everywhere
This commit is contained in:
Max Peintner
@@ -13,12 +13,19 @@ import { getLocale, getTranslations } from "next-intl/server";
|
||||
import { headers } from "next/headers";
|
||||
import Link from "next/link";
|
||||
|
||||
async function loadSessions({ serviceUrl }: { serviceUrl: string }) {
|
||||
async function loadSessions({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
}: {
|
||||
serviceUrl: string;
|
||||
serviceRegion: string;
|
||||
}) {
|
||||
const ids: (string | undefined)[] = await getAllSessionCookieIds();
|
||||
|
||||
if (ids && ids.length) {
|
||||
const response = await listSessions({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
ids: ids.filter((id) => !!id) as string[],
|
||||
});
|
||||
return response?.sessions ?? [];
|
||||
@@ -43,16 +50,20 @@ export default async function Page(props: {
|
||||
|
||||
let defaultOrganization;
|
||||
if (!organization) {
|
||||
const org: Organization | null = await getDefaultOrg({ serviceUrl });
|
||||
const org: Organization | null = await getDefaultOrg({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
});
|
||||
if (org) {
|
||||
defaultOrganization = org.id;
|
||||
}
|
||||
}
|
||||
|
||||
let sessions = await loadSessions({ serviceUrl });
|
||||
let sessions = await loadSessions({ serviceUrl, serviceRegion });
|
||||
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: organization ?? defaultOrganization,
|
||||
});
|
||||
|
||||
|
||||
@@ -36,31 +36,35 @@ export default async function Page(props: {
|
||||
? await loadSessionById(serviceUrl, sessionId, organization)
|
||||
: await loadSessionByLoginname(serviceUrl, loginName, organization);
|
||||
|
||||
async function getAuthMethodsAndUser(host: string, session?: Session) {
|
||||
async function getAuthMethodsAndUser(
|
||||
serviceUrl: string,
|
||||
serviceRegion: string,
|
||||
session?: Session,
|
||||
) {
|
||||
const userId = session?.factors?.user?.id;
|
||||
|
||||
if (!userId) {
|
||||
throw Error("Could not get user id from session");
|
||||
}
|
||||
|
||||
return listAuthenticationMethodTypes({ serviceUrl, userId }).then(
|
||||
(methods) => {
|
||||
return getUserByID({ serviceUrl, userId }).then((user) => {
|
||||
const humanUser =
|
||||
user.user?.type.case === "human"
|
||||
? user.user?.type.value
|
||||
: undefined;
|
||||
return listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
}).then((methods) => {
|
||||
return getUserByID({ serviceUrl, serviceRegion, userId }).then((user) => {
|
||||
const humanUser =
|
||||
user.user?.type.case === "human" ? user.user?.type.value : undefined;
|
||||
|
||||
return {
|
||||
factors: session?.factors,
|
||||
authMethods: methods.authMethodTypes ?? [],
|
||||
phoneVerified: humanUser?.phone?.isVerified ?? false,
|
||||
emailVerified: humanUser?.email?.isVerified ?? false,
|
||||
expirationDate: session?.expirationDate,
|
||||
};
|
||||
});
|
||||
},
|
||||
);
|
||||
return {
|
||||
factors: session?.factors,
|
||||
authMethods: methods.authMethodTypes ?? [],
|
||||
phoneVerified: humanUser?.phone?.isVerified ?? false,
|
||||
emailVerified: humanUser?.email?.isVerified ?? false,
|
||||
expirationDate: session?.expirationDate,
|
||||
};
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
async function loadSessionByLoginname(
|
||||
@@ -70,12 +74,13 @@ export default async function Page(props: {
|
||||
) {
|
||||
return loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
},
|
||||
}).then((session) => {
|
||||
return getAuthMethodsAndUser(serviceUrl, session);
|
||||
return getAuthMethodsAndUser(serviceUrl, serviceRegion, session);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -87,10 +92,15 @@ export default async function Page(props: {
|
||||
const recent = await getSessionCookieById({ sessionId, organization });
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recent.id,
|
||||
sessionToken: recent.token,
|
||||
}).then((sessionResponse) => {
|
||||
return getAuthMethodsAndUser(serviceUrl, sessionResponse.session);
|
||||
return getAuthMethodsAndUser(
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionResponse.session,
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -100,16 +110,19 @@ export default async function Page(props: {
|
||||
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: sessionWithData.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: sessionWithData.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
const identityProviders = await getActiveIdentityProviders({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
orgId: sessionWithData.factors?.user?.organizationId,
|
||||
linking_allowed: true,
|
||||
}).then((resp) => {
|
||||
|
||||
@@ -42,7 +42,11 @@ export default async function Page(props: {
|
||||
const _headers = await headers();
|
||||
const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
if (!provider || !id || !token) {
|
||||
return loginFailed(branding, "IDP context missing");
|
||||
@@ -50,6 +54,7 @@ export default async function Page(props: {
|
||||
|
||||
const intent = await retrieveIDPIntent({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
id,
|
||||
token,
|
||||
});
|
||||
@@ -72,7 +77,11 @@ export default async function Page(props: {
|
||||
return loginFailed(branding, "IDP information missing");
|
||||
}
|
||||
|
||||
const idp = await getIDPByID({ serviceUrl, id: idpInformation.idpId });
|
||||
const idp = await getIDPByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
id: idpInformation.idpId,
|
||||
});
|
||||
const options = idp?.config?.options;
|
||||
|
||||
if (!idp) {
|
||||
@@ -91,6 +100,7 @@ export default async function Page(props: {
|
||||
try {
|
||||
idpLink = await addIDPLink({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
idp: {
|
||||
id: idpInformation.idpId,
|
||||
userId: idpInformation.userId,
|
||||
@@ -121,20 +131,23 @@ export default async function Page(props: {
|
||||
const email = PROVIDER_MAPPING[providerType](idpInformation).email?.email;
|
||||
|
||||
if (options.autoLinking === AutoLinkingOption.EMAIL && email) {
|
||||
foundUser = await listUsers({ serviceUrl, email }).then((response) => {
|
||||
return response.result ? response.result[0] : null;
|
||||
});
|
||||
foundUser = await listUsers({ serviceUrl, serviceRegion, email }).then(
|
||||
(response) => {
|
||||
return response.result ? response.result[0] : null;
|
||||
},
|
||||
);
|
||||
} else if (options.autoLinking === AutoLinkingOption.USERNAME) {
|
||||
foundUser = await listUsers(
|
||||
options.autoLinking === AutoLinkingOption.USERNAME
|
||||
? { serviceUrl, userName: idpInformation.userName }
|
||||
: { serviceUrl, email },
|
||||
? { serviceUrl, serviceRegion, userName: idpInformation.userName }
|
||||
: { serviceUrl, serviceRegion, email },
|
||||
).then((response) => {
|
||||
return response.result ? response.result[0] : null;
|
||||
});
|
||||
} else {
|
||||
foundUser = await listUsers({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userName: idpInformation.userName,
|
||||
email,
|
||||
}).then((response) => {
|
||||
@@ -147,6 +160,7 @@ export default async function Page(props: {
|
||||
try {
|
||||
idpLink = await addIDPLink({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
idp: {
|
||||
id: idpInformation.idpId,
|
||||
userId: idpInformation.userId,
|
||||
@@ -187,12 +201,17 @@ export default async function Page(props: {
|
||||
const suffix = matched?.[1] ?? "";
|
||||
|
||||
// this just returns orgs where the suffix is set as primary domain
|
||||
const orgs = await getOrgsByDomain({ serviceUrl, domain: suffix });
|
||||
const orgs = await getOrgsByDomain({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
domain: suffix,
|
||||
});
|
||||
const orgToCheckForDiscovery =
|
||||
orgs.result && orgs.result.length === 1 ? orgs.result[0].id : undefined;
|
||||
|
||||
const orgLoginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: orgToCheckForDiscovery,
|
||||
});
|
||||
if (orgLoginSettings?.allowDomainDiscovery) {
|
||||
@@ -211,7 +230,11 @@ export default async function Page(props: {
|
||||
});
|
||||
}
|
||||
|
||||
const newUser = await addHuman({ serviceUrl, request: userData });
|
||||
const newUser = await addHuman({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
request: userData,
|
||||
});
|
||||
|
||||
if (newUser) {
|
||||
return (
|
||||
|
||||
@@ -20,12 +20,17 @@ export default async function Page(props: {
|
||||
|
||||
const identityProviders = await getActiveIdentityProviders({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
orgId: organization,
|
||||
}).then((resp) => {
|
||||
return resp.identityProviders;
|
||||
});
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
return (
|
||||
<DynamicTheme branding={branding}>
|
||||
|
||||
@@ -24,7 +24,7 @@ export default async function Page(props: {
|
||||
const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
|
||||
|
||||
if (!organization) {
|
||||
const org = await getDefaultOrg({ serviceUrl });
|
||||
const org = await getDefaultOrg({ serviceUrl, serviceRegion });
|
||||
if (!org) {
|
||||
throw new Error("No default organization found");
|
||||
}
|
||||
@@ -32,14 +32,23 @@ export default async function Page(props: {
|
||||
organization = org.id;
|
||||
}
|
||||
|
||||
const loginSettings = await getLoginSettings({ serviceUrl, organization });
|
||||
|
||||
const passwordComplexitySettings = await getPasswordComplexitySettings({
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const passwordComplexitySettings = await getPasswordComplexitySettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
return (
|
||||
<DynamicTheme branding={branding}>
|
||||
|
||||
@@ -22,7 +22,7 @@ export default async function Page(props: {
|
||||
const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
|
||||
|
||||
if (!organization) {
|
||||
const org = await getDefaultOrg({ serviceUrl });
|
||||
const org = await getDefaultOrg({ serviceUrl, serviceRegion });
|
||||
if (!org) {
|
||||
throw new Error("No default organization found");
|
||||
}
|
||||
@@ -30,12 +30,20 @@ export default async function Page(props: {
|
||||
organization = org.id;
|
||||
}
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
let user: User | undefined;
|
||||
let human: HumanUser | undefined;
|
||||
if (userId) {
|
||||
const userResponse = await getUserByID({ serviceUrl, userId });
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
});
|
||||
if (userResponse) {
|
||||
user = userResponse.user;
|
||||
if (user?.type.case === "human") {
|
||||
|
||||
@@ -30,7 +30,10 @@ export default async function Page(props: {
|
||||
|
||||
let defaultOrganization;
|
||||
if (!organization) {
|
||||
const org: Organization | null = await getDefaultOrg({ serviceUrl });
|
||||
const org: Organization | null = await getDefaultOrg({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
});
|
||||
if (org) {
|
||||
defaultOrganization = org.id;
|
||||
}
|
||||
@@ -38,16 +41,19 @@ export default async function Page(props: {
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: organization ?? defaultOrganization,
|
||||
});
|
||||
|
||||
const contextLoginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const identityProviders = await getActiveIdentityProviders({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
orgId: organization ?? defaultOrganization,
|
||||
}).then((resp) => {
|
||||
return resp.identityProviders;
|
||||
@@ -55,6 +61,7 @@ export default async function Page(props: {
|
||||
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: organization ?? defaultOrganization,
|
||||
});
|
||||
|
||||
|
||||
@@ -38,6 +38,7 @@ export default async function Page(props: {
|
||||
) {
|
||||
return loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
@@ -46,6 +47,7 @@ export default async function Page(props: {
|
||||
if (session && session.factors?.user?.id) {
|
||||
return listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors.user.id,
|
||||
}).then((methods) => {
|
||||
return {
|
||||
@@ -65,12 +67,14 @@ export default async function Page(props: {
|
||||
const recent = await getSessionCookieById({ sessionId, organization });
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recent.id,
|
||||
sessionToken: recent.token,
|
||||
}).then((response) => {
|
||||
if (response?.session && response.session.factors?.user?.id) {
|
||||
return listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: response.session.factors.user.id,
|
||||
}).then((methods) => {
|
||||
return {
|
||||
@@ -82,7 +86,11 @@ export default async function Page(props: {
|
||||
});
|
||||
}
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
return (
|
||||
<DynamicTheme branding={branding}>
|
||||
|
||||
@@ -65,24 +65,24 @@ export default async function Page(props: {
|
||||
throw Error("Could not get user id from session");
|
||||
}
|
||||
|
||||
return listAuthenticationMethodTypes({ serviceUrl, userId }).then(
|
||||
(methods) => {
|
||||
return getUserByID({ serviceUrl, userId }).then((user) => {
|
||||
const humanUser =
|
||||
user.user?.type.case === "human"
|
||||
? user.user?.type.value
|
||||
: undefined;
|
||||
return listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
}).then((methods) => {
|
||||
return getUserByID({ serviceUrl, serviceRegion, userId }).then((user) => {
|
||||
const humanUser =
|
||||
user.user?.type.case === "human" ? user.user?.type.value : undefined;
|
||||
|
||||
return {
|
||||
factors: session?.factors,
|
||||
authMethods: methods.authMethodTypes ?? [],
|
||||
phoneVerified: humanUser?.phone?.isVerified ?? false,
|
||||
emailVerified: humanUser?.email?.isVerified ?? false,
|
||||
expirationDate: session?.expirationDate,
|
||||
};
|
||||
});
|
||||
},
|
||||
);
|
||||
return {
|
||||
factors: session?.factors,
|
||||
authMethods: methods.authMethodTypes ?? [],
|
||||
phoneVerified: humanUser?.phone?.isVerified ?? false,
|
||||
emailVerified: humanUser?.email?.isVerified ?? false,
|
||||
expirationDate: session?.expirationDate,
|
||||
};
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
async function loadSessionByLoginname(
|
||||
@@ -92,6 +92,7 @@ export default async function Page(props: {
|
||||
) {
|
||||
return loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
@@ -109,6 +110,7 @@ export default async function Page(props: {
|
||||
const recent = await getSessionCookieById({ sessionId, organization });
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recent.id,
|
||||
sessionToken: recent.token,
|
||||
}).then((sessionResponse) => {
|
||||
@@ -116,9 +118,14 @@ export default async function Page(props: {
|
||||
});
|
||||
}
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: sessionWithData.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
|
||||
@@ -47,6 +47,7 @@ export default async function Page(props: {
|
||||
? await loadSessionById(serviceUrl, sessionId, organization)
|
||||
: await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: { loginName, organization },
|
||||
});
|
||||
|
||||
@@ -58,6 +59,7 @@ export default async function Page(props: {
|
||||
const recent = await getSessionCookieById({ sessionId, organization });
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recent.id,
|
||||
sessionToken: recent.token,
|
||||
}).then((response) => {
|
||||
@@ -70,11 +72,13 @@ export default async function Page(props: {
|
||||
// email links do not come with organization, thus we need to use the session's organization
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: organization ?? session?.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: organization ?? session?.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
|
||||
@@ -36,11 +36,20 @@ export default async function Page(props: {
|
||||
const _headers = await headers();
|
||||
const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const loginSettings = await getLoginSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const session = await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
@@ -50,7 +59,11 @@ export default async function Page(props: {
|
||||
let totpResponse: RegisterTOTPResponse | undefined, error: Error | undefined;
|
||||
if (session && session.factors?.user?.id) {
|
||||
if (method === "time-based") {
|
||||
await registerTOTP({ serviceUrl, userId: session.factors.user.id })
|
||||
await registerTOTP({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors.user.id,
|
||||
})
|
||||
.then((resp) => {
|
||||
if (resp) {
|
||||
totpResponse = resp;
|
||||
@@ -61,18 +74,22 @@ export default async function Page(props: {
|
||||
});
|
||||
} else if (method === "sms") {
|
||||
// does not work
|
||||
await addOTPSMS({ serviceUrl, userId: session.factors.user.id }).catch(
|
||||
(error) => {
|
||||
error = new Error("Could not add OTP via SMS");
|
||||
},
|
||||
);
|
||||
await addOTPSMS({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors.user.id,
|
||||
}).catch((error) => {
|
||||
error = new Error("Could not add OTP via SMS");
|
||||
});
|
||||
} else if (method === "email") {
|
||||
// works
|
||||
await addOTPEmail({ serviceUrl, userId: session.factors.user.id }).catch(
|
||||
(error) => {
|
||||
error = new Error("Could not add OTP via Email");
|
||||
},
|
||||
);
|
||||
await addOTPEmail({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors.user.id,
|
||||
}).catch((error) => {
|
||||
error = new Error("Could not add OTP via Email");
|
||||
});
|
||||
} else {
|
||||
throw new Error("Invalid method");
|
||||
}
|
||||
|
||||
@@ -5,11 +5,7 @@ import { UserAvatar } from "@/components/user-avatar";
|
||||
import { getSessionCookieById } from "@/lib/cookies";
|
||||
import { getServiceUrlFromHeaders } from "@/lib/service";
|
||||
import { loadMostRecentSession } from "@/lib/session";
|
||||
import {
|
||||
getBrandingSettings,
|
||||
getLoginSettings,
|
||||
getSession,
|
||||
} from "@/lib/zitadel";
|
||||
import { getBrandingSettings, getSession } from "@/lib/zitadel";
|
||||
import { getLocale, getTranslations } from "next-intl/server";
|
||||
import { headers } from "next/headers";
|
||||
|
||||
@@ -31,6 +27,7 @@ export default async function Page(props: {
|
||||
? await loadSessionById(serviceUrl, sessionId, organization)
|
||||
: await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: { loginName, organization },
|
||||
});
|
||||
|
||||
@@ -42,6 +39,7 @@ export default async function Page(props: {
|
||||
const recent = await getSessionCookieById({ sessionId, organization });
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recent.id,
|
||||
sessionToken: recent.token,
|
||||
}).then((response) => {
|
||||
@@ -51,9 +49,11 @@ export default async function Page(props: {
|
||||
});
|
||||
}
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
|
||||
const loginSettings = await getLoginSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
return (
|
||||
<DynamicTheme branding={branding}>
|
||||
|
||||
@@ -24,13 +24,18 @@ export default async function Page(props: {
|
||||
|
||||
const session = await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
},
|
||||
});
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
return (
|
||||
<DynamicTheme branding={branding}>
|
||||
|
||||
@@ -28,21 +28,28 @@ export default async function Page(props: {
|
||||
// also allow no session to be found (ignoreUnkownUsername)
|
||||
const sessionFactors = await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
},
|
||||
});
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const passwordComplexity = await getPasswordComplexitySettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: sessionFactors?.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: sessionFactors?.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
|
||||
@@ -29,7 +29,10 @@ export default async function Page(props: {
|
||||
|
||||
let defaultOrganization;
|
||||
if (!organization) {
|
||||
const org: Organization | null = await getDefaultOrg({ serviceUrl });
|
||||
const org: Organization | null = await getDefaultOrg({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
});
|
||||
|
||||
if (org) {
|
||||
defaultOrganization = org.id;
|
||||
@@ -41,6 +44,7 @@ export default async function Page(props: {
|
||||
try {
|
||||
sessionFactors = await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
@@ -53,10 +57,12 @@ export default async function Page(props: {
|
||||
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: organization ?? defaultOrganization,
|
||||
});
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: organization ?? defaultOrganization,
|
||||
});
|
||||
|
||||
|
||||
@@ -34,6 +34,7 @@ export default async function Page(props: {
|
||||
if (loginName) {
|
||||
session = await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
@@ -41,19 +42,32 @@ export default async function Page(props: {
|
||||
});
|
||||
}
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const passwordComplexity = await getPasswordComplexitySettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: session?.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
const loginSettings = await getLoginSettings({ serviceUrl, organization });
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
let user: User | undefined;
|
||||
let displayName: string | undefined;
|
||||
if (userId) {
|
||||
const userResponse = await getUserByID({ serviceUrl, userId });
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
});
|
||||
user = userResponse.user;
|
||||
|
||||
if (user?.type.case === "human") {
|
||||
|
||||
@@ -26,21 +26,37 @@ export default async function Page(props: {
|
||||
const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
|
||||
|
||||
if (!organization) {
|
||||
const org: Organization | null = await getDefaultOrg({ serviceUrl });
|
||||
const org: Organization | null = await getDefaultOrg({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
});
|
||||
if (org) {
|
||||
organization = org.id;
|
||||
}
|
||||
}
|
||||
|
||||
const legal = await getLegalAndSupportSettings({ serviceUrl, organization });
|
||||
const legal = await getLegalAndSupportSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
const passwordComplexitySettings = await getPasswordComplexitySettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const loginSettings = await getLoginSettings({ serviceUrl, organization });
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
if (!loginSettings?.allowRegister) {
|
||||
return (
|
||||
|
||||
@@ -26,7 +26,10 @@ export default async function Page(props: {
|
||||
const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers);
|
||||
|
||||
if (!organization) {
|
||||
const org: Organization | null = await getDefaultOrg({ serviceUrl });
|
||||
const org: Organization | null = await getDefaultOrg({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
});
|
||||
if (org) {
|
||||
organization = org.id;
|
||||
}
|
||||
@@ -34,15 +37,28 @@ export default async function Page(props: {
|
||||
|
||||
const missingData = !firstname || !lastname || !email;
|
||||
|
||||
const legal = await getLegalAndSupportSettings({ serviceUrl, organization });
|
||||
const legal = await getLegalAndSupportSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
const passwordComplexitySettings = await getPasswordComplexitySettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const loginSettings = await getLoginSettings({ serviceUrl, organization });
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
return missingData ? (
|
||||
<DynamicTheme branding={branding}>
|
||||
|
||||
@@ -22,6 +22,7 @@ import { redirect } from "next/navigation";
|
||||
|
||||
async function loadSession(
|
||||
serviceUrl: string,
|
||||
serviceRegion: string,
|
||||
loginName: string,
|
||||
authRequestId?: string,
|
||||
) {
|
||||
@@ -30,6 +31,7 @@ async function loadSession(
|
||||
if (authRequestId) {
|
||||
return createCallback({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
req: create(CreateCallbackRequestSchema, {
|
||||
authRequestId,
|
||||
callbackKind: {
|
||||
@@ -46,6 +48,7 @@ async function loadSession(
|
||||
}
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recent.id,
|
||||
sessionToken: recent.token,
|
||||
}).then((response) => {
|
||||
@@ -66,15 +69,24 @@ export default async function Page(props: { searchParams: Promise<any> }) {
|
||||
const { loginName, authRequestId, organization } = searchParams;
|
||||
const sessionFactors = await loadSession(
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
loginName,
|
||||
authRequestId,
|
||||
);
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
let loginSettings;
|
||||
if (!authRequestId) {
|
||||
loginSettings = await getLoginSettings({ serviceUrl, organization });
|
||||
loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
}
|
||||
|
||||
return (
|
||||
|
||||
@@ -27,12 +27,17 @@ export default async function Page(props: {
|
||||
throw new Error("No host found");
|
||||
}
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
const sessionFactors = sessionId
|
||||
? await loadSessionById(serviceUrl, sessionId, organization)
|
||||
: await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: { loginName, organization },
|
||||
});
|
||||
|
||||
@@ -44,6 +49,7 @@ export default async function Page(props: {
|
||||
const recent = await getSessionCookieById({ sessionId, organization });
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recent.id,
|
||||
sessionToken: recent.token,
|
||||
}).then((response) => {
|
||||
|
||||
@@ -23,13 +23,18 @@ export default async function Page(props: {
|
||||
|
||||
const sessionFactors = await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
},
|
||||
});
|
||||
|
||||
const branding = await getBrandingSettings({ serviceUrl, organization });
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
return (
|
||||
<DynamicTheme branding={branding}>
|
||||
|
||||
@@ -35,6 +35,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
|
||||
|
||||
const branding = await getBrandingSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization,
|
||||
});
|
||||
|
||||
@@ -48,6 +49,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
|
||||
if ("loginName" in searchParams) {
|
||||
sessionFactors = await loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
@@ -57,6 +59,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
|
||||
if (doSend && sessionFactors?.factors?.user?.id) {
|
||||
await sendEmailCode({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: sessionFactors?.factors?.user?.id,
|
||||
urlTemplate:
|
||||
`${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
|
||||
@@ -70,6 +73,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
|
||||
if (doSend) {
|
||||
await sendEmailCode({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
urlTemplate:
|
||||
`${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
|
||||
@@ -80,7 +84,11 @@ export default async function Page(props: { searchParams: Promise<any> }) {
|
||||
});
|
||||
}
|
||||
|
||||
const userResponse = await getUserByID({ serviceUrl, userId });
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
});
|
||||
if (userResponse) {
|
||||
user = userResponse.user;
|
||||
if (user?.type.case === "human") {
|
||||
|
||||
@@ -32,13 +32,16 @@ export const fetchCache = "default-no-store";
|
||||
|
||||
async function loadSessions({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
ids,
|
||||
}: {
|
||||
serviceUrl: string;
|
||||
serviceRegion: string;
|
||||
ids: string[];
|
||||
}): Promise<Session[]> {
|
||||
const response = await listSessions({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
ids: ids.filter((id: string | undefined) => !!id),
|
||||
});
|
||||
|
||||
@@ -55,6 +58,7 @@ const IDP_SCOPE_REGEX = /urn:zitadel:iam:org:idp:id:(.+)/;
|
||||
**/
|
||||
async function isSessionValid(
|
||||
serviceUrl: string,
|
||||
serviceRegion: string,
|
||||
session: Session,
|
||||
): Promise<boolean> {
|
||||
// session can't be checked without user
|
||||
@@ -67,6 +71,7 @@ async function isSessionValid(
|
||||
|
||||
const authMethodTypes = await listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors.user.id,
|
||||
});
|
||||
|
||||
@@ -116,6 +121,7 @@ async function isSessionValid(
|
||||
// only check settings if no auth methods are available, as this would require a setup
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: session.factors?.user?.organizationId,
|
||||
});
|
||||
if (loginSettings?.forceMfa || loginSettings?.forceMfaLocalOnly) {
|
||||
@@ -159,6 +165,7 @@ async function isSessionValid(
|
||||
|
||||
async function findValidSession(
|
||||
serviceUrl: string,
|
||||
serviceRegion: string,
|
||||
sessions: Session[],
|
||||
authRequest: AuthRequest,
|
||||
): Promise<Session | undefined> {
|
||||
@@ -185,7 +192,7 @@ async function findValidSession(
|
||||
|
||||
// return the first valid session according to settings
|
||||
for (const session of sessionsWithHint) {
|
||||
if (await isSessionValid(serviceUrl, session)) {
|
||||
if (await isSessionValid(serviceUrl, serviceRegion, session)) {
|
||||
return session;
|
||||
}
|
||||
}
|
||||
@@ -211,7 +218,7 @@ export async function GET(request: NextRequest) {
|
||||
const ids = sessionCookies.map((s) => s.id);
|
||||
let sessions: Session[] = [];
|
||||
if (ids && ids.length) {
|
||||
sessions = await loadSessions({ serviceUrl, ids });
|
||||
sessions = await loadSessions({ serviceUrl, serviceRegion, ids });
|
||||
}
|
||||
|
||||
if (authRequestId && sessionId) {
|
||||
@@ -224,7 +231,11 @@ export async function GET(request: NextRequest) {
|
||||
if (selectedSession && selectedSession.id) {
|
||||
console.log(`Found session ${selectedSession.id}`);
|
||||
|
||||
const isValid = await isSessionValid(serviceUrl, selectedSession);
|
||||
const isValid = await isSessionValid(
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
selectedSession,
|
||||
);
|
||||
|
||||
console.log("Session is valid:", isValid);
|
||||
|
||||
@@ -259,6 +270,7 @@ export async function GET(request: NextRequest) {
|
||||
try {
|
||||
const { callbackUrl } = await createCallback({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
req: create(CreateCallbackRequestSchema, {
|
||||
authRequestId,
|
||||
callbackKind: {
|
||||
@@ -286,6 +298,7 @@ export async function GET(request: NextRequest) {
|
||||
) {
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: selectedSession.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
@@ -317,7 +330,11 @@ export async function GET(request: NextRequest) {
|
||||
}
|
||||
|
||||
if (authRequestId) {
|
||||
const { authRequest } = await getAuthRequest({ serviceUrl, authRequestId });
|
||||
const { authRequest } = await getAuthRequest({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
authRequestId,
|
||||
});
|
||||
|
||||
let organization = "";
|
||||
let suffix = "";
|
||||
@@ -346,6 +363,7 @@ export async function GET(request: NextRequest) {
|
||||
if (orgDomain) {
|
||||
const orgs = await getOrgsByDomain({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
domain: orgDomain,
|
||||
});
|
||||
if (orgs.result && orgs.result.length === 1) {
|
||||
@@ -362,6 +380,7 @@ export async function GET(request: NextRequest) {
|
||||
|
||||
const identityProviders = await getActiveIdentityProviders({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
orgId: organization ? organization : undefined,
|
||||
}).then((resp) => {
|
||||
return resp.identityProviders;
|
||||
@@ -387,6 +406,7 @@ export async function GET(request: NextRequest) {
|
||||
|
||||
return startIdentityProviderFlow({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
idpId,
|
||||
urls: {
|
||||
successUrl:
|
||||
@@ -487,6 +507,7 @@ export async function GET(request: NextRequest) {
|
||||
**/
|
||||
const selectedSession = await findValidSession(
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessions,
|
||||
authRequest,
|
||||
);
|
||||
@@ -516,6 +537,7 @@ export async function GET(request: NextRequest) {
|
||||
|
||||
const { callbackUrl } = await createCallback({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
req: create(CreateCallbackRequestSchema, {
|
||||
authRequestId,
|
||||
callbackKind: {
|
||||
@@ -529,6 +551,7 @@ export async function GET(request: NextRequest) {
|
||||
// check for loginHint, userId hint and valid sessions
|
||||
let selectedSession = await findValidSession(
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessions,
|
||||
authRequest,
|
||||
);
|
||||
@@ -553,6 +576,7 @@ export async function GET(request: NextRequest) {
|
||||
try {
|
||||
const { callbackUrl } = await createCallback({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
req: create(CreateCallbackRequestSchema, {
|
||||
authRequestId,
|
||||
callbackKind: {
|
||||
|
||||
@@ -32,6 +32,7 @@ export async function setMyPassword({
|
||||
|
||||
const { session } = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
});
|
||||
|
||||
@@ -39,6 +39,7 @@ export async function createSessionAndUpdateCookie(
|
||||
|
||||
const createdSession = await createSessionFromChecks({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
checks,
|
||||
challenges,
|
||||
lifetime,
|
||||
@@ -47,6 +48,7 @@ export async function createSessionAndUpdateCookie(
|
||||
if (createdSession) {
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: createdSession.sessionId,
|
||||
sessionToken: createdSession.sessionToken,
|
||||
}).then((response) => {
|
||||
@@ -101,6 +103,7 @@ export async function createSessionForIdpAndUpdateCookie(
|
||||
|
||||
const createdSession = await createSessionForUserIdAndIdpIntent({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
idpIntent,
|
||||
lifetime,
|
||||
@@ -112,6 +115,7 @@ export async function createSessionForIdpAndUpdateCookie(
|
||||
|
||||
const { session } = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: createdSession.sessionId,
|
||||
sessionToken: createdSession.sessionToken,
|
||||
});
|
||||
@@ -163,6 +167,7 @@ export async function setSessionAndUpdateCookie(
|
||||
|
||||
return setSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recentCookie.id,
|
||||
sessionToken: recentCookie.token,
|
||||
challenges,
|
||||
@@ -189,6 +194,7 @@ export async function setSessionAndUpdateCookie(
|
||||
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
}).then((response) => {
|
||||
|
||||
@@ -28,6 +28,7 @@ export async function startIDPFlow(command: StartIDPFlowCommand) {
|
||||
|
||||
return startIdentityProviderFlow({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
idpId: command.idpId,
|
||||
urls: {
|
||||
successUrl: `${host.includes("localhost") ? "http://" : "https://"}${host}${command.successUrl}`,
|
||||
@@ -73,6 +74,7 @@ export async function createNewSessionFromIdpIntent(
|
||||
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: command.userId,
|
||||
});
|
||||
|
||||
@@ -82,6 +84,7 @@ export async function createNewSessionFromIdpIntent(
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: userResponse.user.details?.resourceOwner,
|
||||
});
|
||||
|
||||
|
||||
@@ -31,6 +31,7 @@ export async function inviteUser(command: InviteUserCommand) {
|
||||
|
||||
const human = await addHumanUser({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
email: command.email,
|
||||
firstName: command.firstName,
|
||||
lastName: command.lastName,
|
||||
@@ -44,6 +45,7 @@ export async function inviteUser(command: InviteUserCommand) {
|
||||
|
||||
const codeResponse = await createInviteCode({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true`,
|
||||
userId: human.userId,
|
||||
});
|
||||
|
||||
@@ -43,6 +43,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
|
||||
|
||||
const loginSettingsByContext = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: command.organization,
|
||||
});
|
||||
|
||||
@@ -52,6 +53,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
|
||||
|
||||
let searchUsersRequest: SearchUsersCommand = {
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
searchValue: command.loginName,
|
||||
organizationId: command.organization,
|
||||
loginSettings: loginSettingsByContext,
|
||||
@@ -73,6 +75,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
|
||||
const redirectUserToSingleIDPIfAvailable = async () => {
|
||||
const identityProviders = await getActiveIdentityProviders({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
orgId: command.organization,
|
||||
}).then((resp) => {
|
||||
return resp.identityProviders;
|
||||
@@ -103,6 +106,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
|
||||
|
||||
const resp = await startIdentityProviderFlow({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
idpId: identityProviders[0].id,
|
||||
urls: {
|
||||
successUrl:
|
||||
@@ -161,6 +165,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
|
||||
|
||||
const resp = await startIdentityProviderFlow({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
idpId: idp.id,
|
||||
urls: {
|
||||
successUrl:
|
||||
@@ -186,6 +191,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
|
||||
|
||||
const userLoginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: user.details?.resourceOwner,
|
||||
});
|
||||
|
||||
@@ -244,6 +250,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
|
||||
|
||||
const methods = await listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors?.user?.id,
|
||||
});
|
||||
|
||||
@@ -406,6 +413,7 @@ export async function sendLoginname(command: SendLoginnameCommand) {
|
||||
|
||||
const orgLoginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: orgToCheckForDiscovery,
|
||||
});
|
||||
if (orgLoginSettings?.allowDomainDiscovery) {
|
||||
|
||||
@@ -64,6 +64,7 @@ export async function setOTP(command: SetOTPCommand) {
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: command.organization,
|
||||
});
|
||||
|
||||
|
||||
@@ -53,6 +53,7 @@ export async function registerPasskeyLink(
|
||||
const sessionCookie = await getSessionCookieById({ sessionId });
|
||||
const session = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
});
|
||||
@@ -73,6 +74,7 @@ export async function registerPasskeyLink(
|
||||
// use session token to add the passkey
|
||||
const registerLink = await createPasskeyRegistrationLink({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
});
|
||||
|
||||
@@ -82,6 +84,7 @@ export async function registerPasskeyLink(
|
||||
|
||||
return registerPasskey({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
code: registerLink.code,
|
||||
domain: hostname,
|
||||
@@ -109,6 +112,7 @@ export async function verifyPasskeyRegistration(command: VerifyPasskeyCommand) {
|
||||
});
|
||||
const session = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
});
|
||||
@@ -120,6 +124,7 @@ export async function verifyPasskeyRegistration(command: VerifyPasskeyCommand) {
|
||||
|
||||
return zitadelVerifyPasskeyRegistration({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
request: create(VerifyPasskeyRegistrationRequestSchema, {
|
||||
passkeyId: command.passkeyId,
|
||||
publicKeyCredential: command.publicKeyCredential,
|
||||
@@ -177,6 +182,7 @@ export async function sendPasskey(command: SendPasskeyCommand) {
|
||||
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session?.factors?.user?.id,
|
||||
});
|
||||
|
||||
|
||||
@@ -54,6 +54,7 @@ export async function resetPassword(command: ResetPasswordCommand) {
|
||||
|
||||
const users = await listUsers({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
loginName: command.loginName,
|
||||
organizationId: command.organization,
|
||||
});
|
||||
@@ -69,6 +70,7 @@ export async function resetPassword(command: ResetPasswordCommand) {
|
||||
|
||||
return passwordReset({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
urlTemplate:
|
||||
`${host.includes("localhost") ? "http://" : "https://"}${host}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
|
||||
@@ -101,6 +103,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
|
||||
if (!sessionCookie) {
|
||||
const users = await listUsers({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
loginName: command.loginName,
|
||||
organizationId: command.organization,
|
||||
});
|
||||
@@ -115,6 +118,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
|
||||
|
||||
loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: command.organization,
|
||||
});
|
||||
|
||||
@@ -143,6 +147,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
|
||||
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session?.factors?.user?.id,
|
||||
});
|
||||
|
||||
@@ -156,6 +161,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
|
||||
if (!loginSettings) {
|
||||
loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization:
|
||||
command.organization ?? session.factors?.user?.organizationId,
|
||||
});
|
||||
@@ -201,6 +207,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
|
||||
if (command.checks && command.checks.password && session.factors?.user?.id) {
|
||||
const response = await listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors.user.id,
|
||||
});
|
||||
if (response.authMethodTypes && response.authMethodTypes.length) {
|
||||
@@ -267,6 +274,7 @@ export async function changePassword(command: {
|
||||
|
||||
return setUserPassword({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
password: command.password,
|
||||
user,
|
||||
@@ -290,6 +298,7 @@ export async function checkSessionAndSetPassword({
|
||||
|
||||
const { session } = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
});
|
||||
@@ -308,6 +317,7 @@ export async function checkSessionAndSetPassword({
|
||||
// check if the user has no password set in order to set a password
|
||||
const authmethods = await listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors.user.id,
|
||||
});
|
||||
|
||||
@@ -328,6 +338,7 @@ export async function checkSessionAndSetPassword({
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: session.factors.user.organizationId,
|
||||
});
|
||||
|
||||
@@ -359,6 +370,7 @@ export async function checkSessionAndSetPassword({
|
||||
|
||||
const selfService = await myUserService(
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
`${sessionCookie.token}`,
|
||||
);
|
||||
|
||||
|
||||
@@ -38,6 +38,7 @@ export async function registerUser(command: RegisterUserCommand) {
|
||||
|
||||
const addResponse = await addHumanUser({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
email: command.email,
|
||||
firstName: command.firstName,
|
||||
lastName: command.lastName,
|
||||
@@ -51,6 +52,7 @@ export async function registerUser(command: RegisterUserCommand) {
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: command.organization,
|
||||
});
|
||||
|
||||
@@ -92,6 +94,7 @@ export async function registerUser(command: RegisterUserCommand) {
|
||||
} else {
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session?.factors?.user?.id,
|
||||
});
|
||||
|
||||
|
||||
@@ -29,6 +29,7 @@ export async function continueWithSession({
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: session.factors?.user?.organizationId,
|
||||
});
|
||||
|
||||
@@ -131,6 +132,7 @@ export async function updateSession(options: UpdateSessionCommand) {
|
||||
if (checks && checks.password && session.factors?.user?.id) {
|
||||
const response = await listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session.factors.user.id,
|
||||
});
|
||||
if (response.authMethodTypes && response.authMethodTypes.length) {
|
||||
@@ -160,6 +162,7 @@ export async function clearSession(options: ClearSessionOptions) {
|
||||
|
||||
const deletedSession = await deleteSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: session.id,
|
||||
sessionToken: session.token,
|
||||
});
|
||||
@@ -181,6 +184,7 @@ export async function cleanupSession({ sessionId }: CleanupSessionCommand) {
|
||||
|
||||
const deleteResponse = await deleteSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
});
|
||||
|
||||
@@ -38,6 +38,7 @@ export async function addU2F(command: RegisterU2FCommand) {
|
||||
|
||||
const session = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
});
|
||||
@@ -82,6 +83,7 @@ export async function verifyU2F(command: VerifyU2FCommand) {
|
||||
|
||||
const session = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
});
|
||||
|
||||
@@ -34,6 +34,7 @@ export async function verifyTOTP(
|
||||
|
||||
return loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams: {
|
||||
loginName,
|
||||
organization,
|
||||
@@ -42,6 +43,7 @@ export async function verifyTOTP(
|
||||
if (session?.factors?.user?.id) {
|
||||
return verifyTOTPRegistration({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
code,
|
||||
userId: session.factors.user.id,
|
||||
});
|
||||
@@ -67,6 +69,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
|
||||
const verifyResponse = command.isInvite
|
||||
? await verifyInviteCode({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: command.userId,
|
||||
verificationCode: command.code,
|
||||
}).catch(() => {
|
||||
@@ -74,6 +77,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
|
||||
})
|
||||
: await verifyEmail({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: command.userId,
|
||||
verificationCode: command.code,
|
||||
}).catch(() => {
|
||||
@@ -105,6 +109,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
|
||||
|
||||
session = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
}).then((response) => {
|
||||
@@ -119,6 +124,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
|
||||
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session?.factors?.user?.id,
|
||||
});
|
||||
|
||||
@@ -130,6 +136,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
|
||||
} else {
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: command.userId,
|
||||
});
|
||||
|
||||
@@ -169,11 +176,13 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: user.details?.resourceOwner,
|
||||
});
|
||||
|
||||
const authMethodResponse = await listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: user.userId,
|
||||
});
|
||||
|
||||
@@ -252,10 +261,11 @@ export async function resendVerification(command: resendVerifyEmailCommand) {
|
||||
}
|
||||
|
||||
return command.isInvite
|
||||
? resendInviteCode({ serviceUrl, userId: command.userId })
|
||||
? resendInviteCode({ serviceUrl, serviceRegion, userId: command.userId })
|
||||
: resendEmailCode({
|
||||
userId: command.userId,
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
urlTemplate:
|
||||
`${host.includes("localhost") ? "http://" : "https://"}${host}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
|
||||
(command.authRequestId
|
||||
@@ -266,14 +276,16 @@ export async function resendVerification(command: resendVerifyEmailCommand) {
|
||||
|
||||
type sendEmailCommand = {
|
||||
serviceUrl: string;
|
||||
serviceRegion: string;
|
||||
userId: string;
|
||||
urlTemplate: string;
|
||||
};
|
||||
|
||||
export async function sendEmailCode(command: sendEmailCommand) {
|
||||
return zitadelSendEmailCode({
|
||||
userId: command.userId,
|
||||
serviceUrl: command.serviceUrl,
|
||||
serviceRegion: command.serviceRegion,
|
||||
userId: command.userId,
|
||||
urlTemplate: command.urlTemplate,
|
||||
});
|
||||
}
|
||||
@@ -313,6 +325,7 @@ export async function sendVerificationRedirectWithoutCheck(
|
||||
|
||||
session = await getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: sessionCookie.id,
|
||||
sessionToken: sessionCookie.token,
|
||||
}).then((response) => {
|
||||
@@ -327,6 +340,7 @@ export async function sendVerificationRedirectWithoutCheck(
|
||||
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: session?.factors?.user?.id,
|
||||
});
|
||||
|
||||
@@ -338,6 +352,7 @@ export async function sendVerificationRedirectWithoutCheck(
|
||||
} else if ("userId" in command) {
|
||||
const userResponse = await getUserByID({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: command.userId,
|
||||
});
|
||||
|
||||
@@ -377,6 +392,7 @@ export async function sendVerificationRedirectWithoutCheck(
|
||||
|
||||
const authMethodResponse = await listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId: user.userId,
|
||||
});
|
||||
|
||||
@@ -402,6 +418,7 @@ export async function sendVerificationRedirectWithoutCheck(
|
||||
|
||||
const loginSettings = await getLoginSettings({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
organization: user.details?.resourceOwner,
|
||||
});
|
||||
|
||||
|
||||
@@ -30,7 +30,7 @@ export async function createServiceForHost<T extends ServiceClass>(
|
||||
process.env.QA_SYSTEM_USER_ID &&
|
||||
process.env.QA_SYSTEM_USER_PRIVATE_KEY
|
||||
) {
|
||||
token = await systemAPIToken(serviceRegion);
|
||||
token = await systemAPIToken({ serviceRegion });
|
||||
} else if (process.env.ZITADEL_SERVICE_USER_TOKEN) {
|
||||
token = process.env.ZITADEL_SERVICE_USER_TOKEN;
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ import { getSession } from "./zitadel";
|
||||
|
||||
type LoadMostRecentSessionParams = {
|
||||
serviceUrl: string;
|
||||
serviceRegion: string;
|
||||
sessionParams: {
|
||||
loginName?: string;
|
||||
organization?: string;
|
||||
@@ -13,6 +14,7 @@ type LoadMostRecentSessionParams = {
|
||||
|
||||
export async function loadMostRecentSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionParams,
|
||||
}: LoadMostRecentSessionParams): Promise<Session | undefined> {
|
||||
const recent = await getMostRecentCookieWithLoginname({
|
||||
@@ -22,6 +24,7 @@ export async function loadMostRecentSession({
|
||||
|
||||
return getSession({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
sessionId: recent.id,
|
||||
sessionToken: recent.token,
|
||||
}).then((resp: GetSessionResponse) => resp.session);
|
||||
|
||||
@@ -1184,6 +1184,7 @@ export async function setUserPassword({
|
||||
if (!code) {
|
||||
const authmethods = await listAuthenticationMethodTypes({
|
||||
serviceUrl,
|
||||
serviceRegion,
|
||||
userId,
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user