TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-12 18:02:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

set checks to session endpoint

Browse Source
This commit is contained in:
peintnermax
2024-04-17 14:47:52 +02:00
parent 20a589cea2
commit 346f13e38d
3 changed files with 23 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
apps/login/app/api/otp/verify/route.ts
View File

@@ -1,70 +0,0 @@
import {
SessionCookie,
getMostRecentSessionCookie,
getSessionCookieById,
getSessionCookieByLoginName,
} from "#/utils/cookies";
import { setSessionAndUpdateCookie } from "#/utils/session";
import { Checks } from "@zitadel/server";
import { NextRequest, NextResponse, userAgent } from "next/server";
export async function POST(request: NextRequest) {
const body = await request.json();
if (body) {
const { loginName, sessionId, organization, authRequestId, code, method } =
body;
const recentPromise: Promise<SessionCookie> = sessionId
? getSessionCookieById(sessionId).catch((error) => {
return Promise.reject(error);
})
: loginName
? getSessionCookieByLoginName(loginName, organization).catch((error) => {
return Promise.reject(error);
})
: getMostRecentSessionCookie().catch((error) => {
return Promise.reject(error);
});
return recentPromise
.then((recent) => {
const checks: Checks = {};
if (method === "time-based") {
checks.totp = {
code,
};
} else if (method === "sms") {
checks.otpSms = {
code,
};
} else if (method === "email") {
checks.otpEmail = {
code,
};
}
return setSessionAndUpdateCookie(
recent,
checks,
undefined,
authRequestId
).then((session) => {
return NextResponse.json({
sessionId: session.id,
factors: session.factors,
challenges: session.challenges,
});
});
})
.catch((error) => {
return NextResponse.json({ details: error }, { status: 500 });
});
} else {
return NextResponse.json(
{ details: "Request body is missing" },
{ status: 400 }
);
}
}

3
apps/login/app/api/session/route.ts
View File

@@ -105,7 +105,7 @@ export async function PUT(request: NextRequest) {
).then(async (session) => {
// if password, check if user has MFA methods
let authFactors;
if (checks.password && session.factors?.user?.id) {
if (checks && checks.password && session.factors?.user?.id) {
const response = await listHumanAuthFactors(
server,
session.factors?.user?.id
@@ -123,6 +123,7 @@ export async function PUT(request: NextRequest) {
});
})
.catch((error) => {
console.error(error);
return NextResponse.json({ details: error }, { status: 500 });
});
} else {

40
apps/login/ui/LoginOTP.tsx
View File

@@ -9,6 +9,7 @@ import { Spinner } from "./Spinner";
import { Checks } from "@zitadel/server";
import { useForm } from "react-hook-form";
import { TextInput } from "./Input";
import { Challenges } from "@zitadel/server";
// either loginName or sessionId must be provided
type Props = {
@@ -16,7 +17,7 @@ type Props = {
sessionId?: string;
authRequestId?: string;
organization?: string;
method?: string;
method: string;
code?: string;
};
@@ -47,22 +48,30 @@ export default function LoginOTP({
});
useEffect(() => {
if (!initialized.current) {
if (!initialized.current && ["email", "sms"].includes(method)) {
initialized.current = true;
setLoading(true);
updateSessionForOTPChallenge();
// .then((response) => {
// setLoading(false);
// })
// .catch((error) => {
// setError(error);
// setLoading(false);
// });
updateSessionForOTPChallenge()
.then((response) => {
setLoading(false);
})
.catch((error) => {
setError(error);
setLoading(false);
});
}
}, []);
async function updateSessionForOTPChallenge() {
const challenges: Challenges = {};
if (method === "email") {
challenges.otpEmail = "peintnerm@gmail.com";
}
if (method === "sms") {
challenges.otpSms = "";
}
setLoading(true);
const res = await fetch("/api/session", {
method: "PUT",
@@ -73,14 +82,7 @@ export default function LoginOTP({
loginName,
sessionId,
organization,
challenges:
method === "email"
? {
otpEmail: true,
}
: method === "sms"
? { otpSms: true }
: {},
challenges,
authRequestId,
}),
});