set checks to session endpoint

2025-12-12 18:32:20 +00:00 · 2024-04-17 14:47:52 +02:00
parent 20a589cea2
commit 346f13e38d
3 changed files with 23 additions and 90 deletions
--- a/apps/login/app/api/otp/verify/route.ts
+++ b/apps/login/app/api/otp/verify/route.ts
@@ -1,70 +0,0 @@
-import {
-  SessionCookie,
-  getMostRecentSessionCookie,
-  getSessionCookieById,
-  getSessionCookieByLoginName,
-} from "#/utils/cookies";
-import { setSessionAndUpdateCookie } from "#/utils/session";
-import { Checks } from "@zitadel/server";
-import { NextRequest, NextResponse, userAgent } from "next/server";
-
-export async function POST(request: NextRequest) {
-  const body = await request.json();
-
-  if (body) {
-    const { loginName, sessionId, organization, authRequestId, code, method } =
-      body;
-
-    const recentPromise: Promise<SessionCookie> = sessionId
-      ? getSessionCookieById(sessionId).catch((error) => {
-          return Promise.reject(error);
-        })
-      : loginName
-      ? getSessionCookieByLoginName(loginName, organization).catch((error) => {
-          return Promise.reject(error);
-        })
-      : getMostRecentSessionCookie().catch((error) => {
-          return Promise.reject(error);
-        });
-
-    return recentPromise
-      .then((recent) => {
-        const checks: Checks = {};
-
-        if (method === "time-based") {
-          checks.totp = {
-            code,
-          };
-        } else if (method === "sms") {
-          checks.otpSms = {
-            code,
-          };
-        } else if (method === "email") {
-          checks.otpEmail = {
-            code,
-          };
-        }
-
-        return setSessionAndUpdateCookie(
-          recent,
-          checks,
-          undefined,
-          authRequestId
-        ).then((session) => {
-          return NextResponse.json({
-            sessionId: session.id,
-            factors: session.factors,
-            challenges: session.challenges,
-          });
-        });
-      })
-      .catch((error) => {
-        return NextResponse.json({ details: error }, { status: 500 });
-      });
-  } else {
-    return NextResponse.json(
-      { details: "Request body is missing" },
-      { status: 400 }
-    );
-  }
-}
--- a/apps/login/app/api/session/route.ts
+++ b/apps/login/app/api/session/route.ts
@@ -105,7 +105,7 @@ export async function PUT(request: NextRequest) {
        ).then(async (session) => {
          // if password, check if user has MFA methods
          let authFactors;
-          if (checks.password && session.factors?.user?.id) {
+          if (checks && checks.password && session.factors?.user?.id) {
            const response = await listHumanAuthFactors(
              server,
              session.factors?.user?.id
@@ -123,6 +123,7 @@ export async function PUT(request: NextRequest) {
        });
      })
      .catch((error) => {
+        console.error(error);
        return NextResponse.json({ details: error }, { status: 500 });
      });
  } else {