always create session from /verify page, cleanup idp session, theme wrapper

2025-12-15 09:54:33 +00:00 · 2024-10-25 15:46:00 +02:00
parent 27d4f9b640
commit 3a99d7fe93
7 changed files with 158 additions and 85 deletions
--- a/apps/login/src/lib/server/email.ts
+++ b/apps/login/src/lib/server/email.ts
@@ -76,12 +76,6 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
    }
    return redirect("/authenticator/set?" + params);
  }
-
-  // return {
-  //   authMethodTypes: authMethodResponse.authMethodTypes,
-  //   sessionId: session.id,
-  //   factors: session.factors,
-  // };
 }

 type resendVerifyEmailCommand = {
@@ -94,3 +88,52 @@ export async function resendVerification(command: resendVerifyEmailCommand) {
    ? resendEmailCode(command.userId)
    : resendInviteCode(command.userId);
 }
+
+export async function sendVerificationRedirectWithoutCheck(command: {
+  userId: string;
+  authRequestId?: string;
+}) {
+  const userResponse = await getUserByID(command.userId);
+
+  if (!userResponse || !userResponse.user) {
+    return { error: "Could not load user" };
+  }
+
+  const checks = create(ChecksSchema, {
+    user: {
+      search: {
+        case: "loginName",
+        value: userResponse.user.preferredLoginName,
+      },
+    },
+  });
+
+  const session = await createSessionAndUpdateCookie(
+    checks,
+    undefined,
+    command.authRequestId,
+  );
+
+  const authMethodResponse = await listAuthenticationMethodTypes(
+    command.userId,
+  );
+
+  if (!authMethodResponse || !authMethodResponse.authMethodTypes) {
+    return { error: "Could not load possible authenticators" };
+  }
+  // if no authmethods are found on the user, redirect to set one up
+  if (
+    authMethodResponse &&
+    authMethodResponse.authMethodTypes &&
+    authMethodResponse.authMethodTypes.length == 0
+  ) {
+    const params = new URLSearchParams({
+      sessionId: session.id,
+    });
+
+    if (session.factors?.user?.loginName) {
+      params.set("loginName", session.factors?.user?.loginName);
+    }
+    return redirect("/authenticator/set?" + params);
+  }
+}
--- a/apps/login/src/lib/server/session.ts
+++ b/apps/login/src/lib/server/session.ts
@@ -1,17 +1,12 @@
 "use server";

 import {
-  createSessionAndUpdateCookie,
  createSessionForIdpAndUpdateCookie,
  setSessionAndUpdateCookie,
 } from "@/lib/server/cookie";
 import { deleteSession, listAuthenticationMethodTypes } from "@/lib/zitadel";
-import { create } from "@zitadel/client";
 import { RequestChallenges } from "@zitadel/proto/zitadel/session/v2/challenge_pb";
-import {
-  Checks,
-  ChecksSchema,
-} from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
 import { headers } from "next/headers";
 import {
  getMostRecentSessionCookie,
@@ -31,26 +26,13 @@ type CreateNewSessionCommand = {
  authRequestId?: string;
 };

-export async function createNewSession(options: CreateNewSessionCommand) {
-  const { userId, idpIntent, loginName, password, authRequestId } = options;
+export async function createNewSessionForIdp(options: CreateNewSessionCommand) {
+  const { userId, idpIntent, authRequestId } = options;

-  if (userId && idpIntent) {
-    return createSessionForIdpAndUpdateCookie(userId, idpIntent, authRequestId);
-  } else if (loginName) {
-    const checks = create(
-      ChecksSchema,
-      password
-        ? {
-            user: { search: { case: "loginName", value: loginName } },
-            password: { password },
-          }
-        : { user: { search: { case: "loginName", value: loginName } } },
-    );
-
-    return createSessionAndUpdateCookie(checks, undefined, authRequestId);
-  } else {
+  if (!userId || !idpIntent) {
    throw new Error("No userId or loginName provided");
  }
+  return createSessionForIdpAndUpdateCookie(userId, idpIntent, authRequestId);
 }

 export type UpdateSessionCommand = {