From 57e458512001f7f6e5447adff869ad358eed13a3 Mon Sep 17 00:00:00 2001
From: peintnermax <max@caos.ch>
Date: Thu, 4 Apr 2024 15:44:02 +0200
Subject: [PATCH] redirect to totp from password form

---
 apps/login/app/api/session/route.ts |  2 ++
 apps/login/ui/PasswordForm.tsx      | 17 +++++++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/apps/login/app/api/session/route.ts b/apps/login/app/api/session/route.ts
index 63f1f08e229..36537d2a7b5 100644
--- a/apps/login/app/api/session/route.ts
+++ b/apps/login/app/api/session/route.ts
@@ -98,8 +98,10 @@ export async function PUT(request: NextRequest) {
           password,
           webAuthN,
           challenges,
+          undefined,
           authRequestId
         ).then((session) => {
+          console.log(session);
           return NextResponse.json({
             sessionId: session.id,
             factors: session.factors,
diff --git a/apps/login/ui/PasswordForm.tsx b/apps/login/ui/PasswordForm.tsx
index ebdb9ed7659..7c53240f0b8 100644
--- a/apps/login/ui/PasswordForm.tsx
+++ b/apps/login/ui/PasswordForm.tsx
@@ -7,12 +7,14 @@ import { useForm } from "react-hook-form";
 import { useRouter } from "next/navigation";
 import { Spinner } from "./Spinner";
 import Alert from "./Alert";
+import { LoginSettings } from "@zitadel/server";
 
 type Inputs = {
   password: string;
 };
 
 type Props = {
+  loginSettings: LoginSettings | undefined;
   loginName?: string;
   organization?: string;
   authRequestId?: string;
@@ -21,6 +23,7 @@ type Props = {
 };
 
 export default function PasswordForm({
+  loginSettings,
   loginName,
   organization,
   authRequestId,
@@ -83,6 +86,19 @@ export default function PasswordForm({
 
         return router.push(`/passkey/add?` + params);
       } else {
+        let continueWithMfa = undefined;
+        if (
+          loginSettings?.forceMfa &&
+          loginSettings.secondFactors?.length >= 1 // TODO replace with user methods - if forceMFA is set and no user methods prompt to add method (/mfa/add)
+        ) {
+          if (loginSettings.secondFactors?.length === 1) {
+            continueWithMfa = loginSettings.secondFactors[0];
+          } else {
+            // continueWithMfa = loginSettings.secondFactors[0];
+            // render selection page for mfa (/mfa/select)
+          }
+        }
+        // OIDC flows
         if (authRequestId && resp && resp.sessionId) {
           const params = new URLSearchParams({
             sessionId: resp.sessionId,
@@ -95,6 +111,7 @@ export default function PasswordForm({
 
           return router.push(`/login?` + params);
         } else {
+          // without OIDC flow
           const params = new URLSearchParams(
             authRequestId
               ? {