skipsend, checkinvite

2025-08-24 21:54:03 +00:00 · 2024-12-24 09:15:12 +01:00
parent 2951b617ce
commit 53fc22e048
4 changed files with 68 additions and 30 deletions
--- a/apps/login/src/app/(login)/verify/page.tsx
+++ b/apps/login/src/app/(login)/verify/page.tsx
@@ -3,6 +3,7 @@ import { DynamicTheme } from "@/components/dynamic-theme";
 import { UserAvatar } from "@/components/user-avatar";
 import { VerifyForm } from "@/components/verify-form";
 import { VerifyRedirectButton } from "@/components/verify-redirect-button";
+import { resendVerification } from "@/lib/server/verify";
 import { loadMostRecentSession } from "@/lib/session";
 import {
  getBrandingSettings,
@@ -19,8 +20,15 @@ export default async function Page(props: { searchParams: Promise<any> }) {
  const t = await getTranslations({ locale, namespace: "verify" });
  const tError = await getTranslations({ locale, namespace: "error" });

-  const { userId, loginName, code, organization, authRequestId, invite } =
-    searchParams;
+  const {
+    userId,
+    loginName,
+    code,
+    organization,
+    authRequestId,
+    invite,
+    skipsend,
+  } = searchParams;

  const branding = await getBrandingSettings(organization);

@@ -34,7 +42,21 @@ export default async function Page(props: { searchParams: Promise<any> }) {
      loginName,
      organization,
    });
+
+    if (!skipsend && sessionFactors?.factors?.user?.id) {
+      await resendVerification({
+        userId: sessionFactors?.factors?.user?.id,
+        isInvite: invite === "true",
+      });
+    }
  } else if ("userId" in searchParams && userId) {
+    if (!skipsend) {
+      await resendVerification({
+        userId,
+        isInvite: invite === "true",
+      });
+    }
+
    const userResponse = await getUserByID(userId);
    if (userResponse) {
      user = userResponse.user;
--- a/apps/login/src/components/verify-form.tsx
+++ b/apps/login/src/components/verify-form.tsx
@@ -88,12 +88,12 @@ export function VerifyForm({
          setLoading(false);
        });

-      if (response?.error) {
+      if (response && "error" in response && response?.error) {
        setError(response.error);
        return;
      }

-      if (response?.redirect) {
+      if (response && "redirect" in response && response?.redirect) {
        return router.push(response?.redirect);
      }
    },
--- a/apps/login/src/lib/server/loginname.ts
+++ b/apps/login/src/lib/server/loginname.ts
@@ -8,6 +8,7 @@ import { idpTypeToIdentityProviderType, idpTypeToSlug } from "../idp";

 import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
 import { UserState } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import { checkInvite } from "../verify-helper";
 import {
  getActiveIdentityProviders,
  getIDPByID,
@@ -171,29 +172,21 @@ export async function sendLoginname(command: SendLoginnameCommand) {
    );

    if (!methods.authMethodTypes || !methods.authMethodTypes.length) {
-      if (
-        potentialUsers[0].type.case === "human" &&
-        potentialUsers[0].type.value.email &&
-        !potentialUsers[0].type.value.email.isVerified
-      ) {
-        const paramsVerify = new URLSearchParams({
-          loginName: session.factors?.user?.loginName,
-          userId: session.factors?.user?.id, // verify needs user id
-          invite: "true", // TODO: check - set this to true as we dont expect old email verification method here
-        });
+      const humanUser =
+        potentialUsers[0].type.case === "human"
+          ? potentialUsers[0].type.value
+          : undefined;

-        if (command.organization || session.factors?.user?.organizationId) {
-          paramsVerify.append(
-            "organization",
-            command.organization ?? session.factors?.user?.organizationId,
-          );
-        }
+      // redirect to /verify invite if no auth method is set and email is not verified
+      const inviteCheck = checkInvite(
+        session,
+        humanUser,
+        session.factors.user.organizationId,
+        command.authRequestId,
+      );

-        if (command.authRequestId) {
-          paramsVerify.append("authRequestId", command.authRequestId);
-        }
-
-        return { redirect: "/verify?" + paramsVerify };
+      if (inviteCheck?.redirect) {
+        return inviteCheck;
      }

      const paramsAuthenticatorSetup = new URLSearchParams({
--- a/apps/login/src/lib/verify-helper.ts
+++ b/apps/login/src/lib/verify-helper.ts
@@ -29,17 +29,40 @@ export function checkPasswordChangeRequired(
  }
 }

+export function checkInvite(
+  session: Session,
+  humanUser?: HumanUser,
+  organization?: string,
+  authRequestId?: string,
+) {
+  if (humanUser?.email && humanUser.email.isVerified) {
+    const paramsVerify = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+      userId: session.factors?.user?.id as string, // verify needs user id
+      invite: "true", // TODO: check - set this to true as we dont expect old email verification method here
+    });
+
+    if (organization || session.factors?.user?.organizationId) {
+      paramsVerify.append(
+        "organization",
+        organization ?? (session.factors?.user?.organizationId as string),
+      );
+    }
+
+    if (authRequestId) {
+      paramsVerify.append("authRequestId", authRequestId);
+    }
+
+    return { redirect: "/verify?" + paramsVerify };
+  }
+}
+
 export function checkEmailVerification(
  session: Session,
  humanUser?: HumanUser,
  organization?: string,
  authRequestId?: string,
 ) {
-  console.log(
-    humanUser?.email,
-    process.env.EMAIL_VERIFICATION,
-    process.env.EMAIL_VERIFICATION === "true",
-  );
  if (
    !humanUser?.email?.isVerified &&
    process.env.EMAIL_VERIFICATION === "true"