register totp, login catch expired session

2025-12-13 02:08:18 +00:00 · 2024-04-22 15:09:39 +02:00
parent b78e5063cb
commit 4f9e7d7a21
10 changed files with 2721 additions and 5933 deletions
--- a/apps/login/lib/server-actions.ts
+++ b/apps/login/lib/server-actions.ts
@@ -0,0 +1,24 @@
+"use server";
+
+import { getMostRecentCookieWithLoginname } from "#/utils/cookies";
+import { getSession, server, verifyTOTPRegistration } from "./zitadel";
+
+export async function verifyTOTP(
+  code: string,
+  loginName?: string,
+  organization?: string
+) {
+  return getMostRecentCookieWithLoginname(loginName, organization)
+    .then((recent) => {
+      return getSession(server, recent.id, recent.token).then((response) => {
+        return { session: response?.session, token: recent.token };
+      });
+    })
+    .then(({ session, token }) => {
+      if (session?.factors?.user?.id) {
+        return verifyTOTPRegistration(code, session.factors.user.id, token);
+      } else {
+        throw Error("No user id found in session.");
+      }
+    });
+}
--- a/apps/login/lib/zitadel.ts
+++ b/apps/login/lib/zitadel.ts
@@ -1,4 +1,8 @@
-import { GetUserByIDResponse, RegisterTOTPResponse } from "@zitadel/server";
+import {
+  GetUserByIDResponse,
+  RegisterTOTPResponse,
+  VerifyTOTPRegistrationResponse,
+} from "@zitadel/server";
 import {
  LegalAndSupportSettings,
  PasswordComplexitySettings,
@@ -50,6 +54,8 @@ import {
  AddOTPSMSResponse,
 } from "@zitadel/server";

+const SESSION_LIFETIME_S = 3000;
+
 export const zitadelConfig: ZitadelServerOptions = {
  name: "zitadel login",
  apiUrl: process.env.ZITADEL_API_URL ?? "",
@@ -124,8 +130,6 @@ export async function registerTOTP(
      token: token,
    };

-    console.log(token);
-
    const sessionUser = initializeServer(authConfig);
    userService = user.getUser(sessionUser);
  } else {
@@ -185,7 +189,7 @@ export async function createSessionFromChecks(
      checks: checks,
      challenges,
      lifetime: {
-        seconds: 300,
+        seconds: SESSION_LIFETIME_S,
        nanos: 0,
      },
    },
@@ -302,6 +306,27 @@ export async function addHumanUser(
  );
 }

+export async function verifyTOTPRegistration(
+  code: string,
+  userId: string,
+  token?: string
+): Promise<VerifyTOTPRegistrationResponse> {
+  let userService;
+  if (token) {
+    const authConfig: ZitadelServerOptions = {
+      name: "zitadel login",
+      apiUrl: process.env.ZITADEL_API_URL ?? "",
+      token: token,
+    };
+
+    const sessionUser = initializeServer(authConfig);
+    userService = user.getUser(sessionUser);
+  } else {
+    userService = user.getUser(server);
+  }
+  return userService.verifyTOTPRegistration({ code, userId }, {});
+}
+
 export async function getUserByID(
  userId: string
 ): Promise<GetUserByIDResponse> {