fix time check

2025-08-14 01:57:39 +00:00 · 2025-02-26 16:37:52 +01:00
parent 2e5e4f87d5
commit 546edee64f
1 changed files with 32 additions and 18 deletions
--- a/apps/login/src/lib/verify-helper.ts
+++ b/apps/login/src/lib/verify-helper.ts
@@ -203,29 +203,43 @@ export async function checkMFAFactors(
      serviceUrl,
      userId: session.factors?.user?.id,
    });
+
    if (
      user.user?.type?.case === "human" &&
      user.user?.type?.value.mfaInitSkipped
    ) {
-    }
-    const params = new URLSearchParams({
-      loginName: session.factors?.user?.loginName as string,
-      force: "false", // this defines if the mfa is not forced in the settings and can be skipped
-      checkAfter: "true", // this defines if the check is directly made after the setup
-    });
-
-    if (requestId) {
-      params.append("requestId", requestId);
-    }
-
-    if (organization || session.factors?.user?.organizationId) {
-      params.append(
-        "organization",
-        organization ?? (session.factors?.user?.organizationId as string),
+      const mfaInitSkippedTimestamp = timestampDate(
+        user.user.type.value.mfaInitSkipped,
      );
-    }

-    // TODO: provide a way to setup passkeys on mfa page?
-    return { redirect: `/mfa/set?` + params };
+      const mfaInitSkipLifetimeMillis =
+        Number(loginSettings.mfaInitSkipLifetime.seconds) * 1000 +
+        loginSettings.mfaInitSkipLifetime.nanos / 1000000;
+      const currentTime = Date.now();
+      const mfaInitSkippedTime = mfaInitSkippedTimestamp.getTime();
+      const timeDifference = currentTime - mfaInitSkippedTime;
+
+      if (timeDifference > mfaInitSkipLifetimeMillis) {
+        const params = new URLSearchParams({
+          loginName: session.factors?.user?.loginName as string,
+          force: "false", // this defines if the mfa is not forced in the settings and can be skipped
+          checkAfter: "true", // this defines if the check is directly made after the setup
+        });
+
+        if (requestId) {
+          params.append("requestId", requestId);
+        }
+
+        if (organization || session.factors?.user?.organizationId) {
+          params.append(
+            "organization",
+            organization ?? (session.factors?.user?.organizationId as string),
+          );
+        }
+
+        // TODO: provide a way to setup passkeys on mfa page?
+        return { redirect: `/mfa/set?` + params };
+      }
+    }
  }
 }