TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 17:37:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

set cookie

Browse Source
This commit is contained in:
Max Peintner
2025-05-19 14:36:26 +02:00
parent a4d703362f
commit 575831f252
2 changed files with 46 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
apps/login/src/lib/server/verify.ts
View File

@@ -12,13 +12,16 @@ import {
verifyTOTPRegistration,
sendEmailCode as zitadelSendEmailCode,
} from "@/lib/zitadel";
import crypto from "crypto";
import { create } from "@zitadel/client";
import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
import { ChecksSchema } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
import { User } from "@zitadel/proto/zitadel/user/v2/user_pb";
import { headers } from "next/headers";
import { cookies, headers } from "next/headers";
import { getNextUrl } from "../client";
import { getSessionCookieByLoginName } from "../cookies";
import { getFingerprintId } from "../fingerprint";
import { getServiceUrlFromHeaders } from "../service-url";
import { loadMostRecentSession } from "../session";
import { checkMFAFactors } from "../verify-helper";
@@ -193,6 +196,26 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
if (session.factors?.user?.loginName) {
params.set("loginName", session.factors?.user?.loginName);
}
// set hash of userId and userAgentId to prevent replay attacks, TODO: check on the /authenticator/set page
const cookiesList = await cookies();
const userAgentId = await getFingerprintId();
const verificationCheck = crypto
.createHash("sha256")
.update(`${user.userId}:${userAgentId}`)
.digest("hex");
await cookiesList.set({
name: "verificationCheck",
value: verificationCheck,
httpOnly: true,
path: "/",
maxAge: 300, // 5 minutes
});
return { redirect: `/authenticator/set?${params}` };
}

23
apps/login/src/lib/zitadel.ts
View File

@@ -45,8 +45,10 @@ import {
VerifyPasskeyRegistrationRequest,
VerifyU2FRegistrationRequest,
} from "@zitadel/proto/zitadel/user/v2/user_service_pb";
import crypto from "crypto";
import { unstable_cacheLife as cacheLife } from "next/cache";
import { getUserAgent } from "./fingerprint";
import { cookies } from "next/headers";
import { getFingerprintId, getUserAgent } from "./fingerprint";
import { createServiceForHost } from "./service";
const useCache = process.env.DEBUG !== "true";
@@ -1198,6 +1200,25 @@ export async function setUserPassword({
!(authmethods.authMethodTypes.length === 0) &&
user.state !== UserState.INITIAL
) {
// check if a verification was done earlier
const cookiesList = await cookies();
const userAgentId = await getFingerprintId();
const verificationCheck = crypto
.createHash("sha256")
.update(`${user.userId}:${userAgentId}`)
.digest("hex");
await cookiesList.set({
name: "verificationCheck",
value: verificationCheck,
httpOnly: true,
path: "/",
maxAge: 300, // 5 minutes
});
return { error: "Provide a code to set a password" };
}
}