skipsend, checkinvite

apps/login/src/app/(login)/verify/page.tsx

@@ -3,6 +3,7 @@ import { DynamicTheme } from "@/components/dynamic-theme";
 import { UserAvatar } from "@/components/user-avatar";
 import { VerifyForm } from "@/components/verify-form";
 import { VerifyRedirectButton } from "@/components/verify-redirect-button";
+import { resendVerification } from "@/lib/server/verify";
 import { loadMostRecentSession } from "@/lib/session";
 import {
   getBrandingSettings,
@@ -19,8 +20,15 @@ export default async function Page(props: { searchParams: Promise<any> }) {
   const t = await getTranslations({ locale, namespace: "verify" });
   const tError = await getTranslations({ locale, namespace: "error" });
 
-  const { userId, loginName, code, organization, authRequestId, invite } =
+  const {
-    searchParams;
+    userId,
+    loginName,
+    code,
+    organization,
+    authRequestId,
+    invite,
+    skipsend,
+  } = searchParams;
 
   const branding = await getBrandingSettings(organization);
 
@@ -34,7 +42,21 @@ export default async function Page(props: { searchParams: Promise<any> }) {
       loginName,
       organization,
     });
+
+    if (!skipsend && sessionFactors?.factors?.user?.id) {
+      await resendVerification({
+        userId: sessionFactors?.factors?.user?.id,
+        isInvite: invite === "true",
+      });
+    }
   } else if ("userId" in searchParams && userId) {
+    if (!skipsend) {
+      await resendVerification({
+        userId,
+        isInvite: invite === "true",
+      });
+    }
+
     const userResponse = await getUserByID(userId);
     if (userResponse) {
       user = userResponse.user;

apps/login/src/components/verify-form.tsx

@@ -88,12 +88,12 @@ export function VerifyForm({
           setLoading(false);
         });
 
-      if (response?.error) {
+      if (response && "error" in response && response?.error) {
         setError(response.error);
         return;
       }
 
-      if (response?.redirect) {
+      if (response && "redirect" in response && response?.redirect) {
         return router.push(response?.redirect);
       }
     },

apps/login/src/lib/server/loginname.ts

@@ -8,6 +8,7 @@ import { idpTypeToIdentityProviderType, idpTypeToSlug } from "../idp";
 
 import { PasskeysType } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
 import { UserState } from "@zitadel/proto/zitadel/user/v2/user_pb";
+import { checkInvite } from "../verify-helper";
 import {
   getActiveIdentityProviders,
   getIDPByID,
@@ -171,29 +172,21 @@ export async function sendLoginname(command: SendLoginnameCommand) {
     );
 
     if (!methods.authMethodTypes || !methods.authMethodTypes.length) {
-      if (
+      const humanUser =
-        potentialUsers[0].type.case === "human" &&
+        potentialUsers[0].type.case === "human"
-        potentialUsers[0].type.value.email &&
+          ? potentialUsers[0].type.value
-        !potentialUsers[0].type.value.email.isVerified
+          : undefined;
-      ) {
-        const paramsVerify = new URLSearchParams({
-          loginName: session.factors?.user?.loginName,
-          userId: session.factors?.user?.id, // verify needs user id
-          invite: "true", // TODO: check - set this to true as we dont expect old email verification method here
-        });
 
-        if (command.organization || session.factors?.user?.organizationId) {
+      // redirect to /verify invite if no auth method is set and email is not verified
-          paramsVerify.append(
+      const inviteCheck = checkInvite(
-            "organization",
+        session,
-            command.organization ?? session.factors?.user?.organizationId,
+        humanUser,
-          );
+        session.factors.user.organizationId,
-        }
+        command.authRequestId,
+      );
 
-        if (command.authRequestId) {
+      if (inviteCheck?.redirect) {
-          paramsVerify.append("authRequestId", command.authRequestId);
+        return inviteCheck;
-        }
-
-        return { redirect: "/verify?" + paramsVerify };
       }
 
       const paramsAuthenticatorSetup = new URLSearchParams({

apps/login/src/lib/verify-helper.ts

@@ -29,17 +29,40 @@ export function checkPasswordChangeRequired(
   }
 }
 
+export function checkInvite(
+  session: Session,
+  humanUser?: HumanUser,
+  organization?: string,
+  authRequestId?: string,
+) {
+  if (humanUser?.email && humanUser.email.isVerified) {
+    const paramsVerify = new URLSearchParams({
+      loginName: session.factors?.user?.loginName as string,
+      userId: session.factors?.user?.id as string, // verify needs user id
+      invite: "true", // TODO: check - set this to true as we dont expect old email verification method here
+    });
+
+    if (organization || session.factors?.user?.organizationId) {
+      paramsVerify.append(
+        "organization",
+        organization ?? (session.factors?.user?.organizationId as string),
+      );
+    }
+
+    if (authRequestId) {
+      paramsVerify.append("authRequestId", authRequestId);
+    }
+
+    return { redirect: "/verify?" + paramsVerify };
+  }
+}
+
 export function checkEmailVerification(
   session: Session,
   humanUser?: HumanUser,
   organization?: string,
   authRequestId?: string,
 ) {
-  console.log(
-    humanUser?.email,
-    process.env.EMAIL_VERIFICATION,
-    process.env.EMAIL_VERIFICATION === "true",
-  );
   if (
     !humanUser?.email?.isVerified &&
     process.env.EMAIL_VERIFICATION === "true"