From 6c27c447ec888032c73adc1c89645eed04785f69 Mon Sep 17 00:00:00 2001 From: peintnermax Date: Tue, 7 May 2024 09:52:46 +0200 Subject: [PATCH] u2f registration endpoint --- apps/login/app/api/u2f/set/route.ts | 70 -------------------------- apps/login/app/api/u2f/verify/route.ts | 50 ++++++++++++++++++ 2 files changed, 50 insertions(+), 70 deletions(-) delete mode 100644 apps/login/app/api/u2f/set/route.ts create mode 100644 apps/login/app/api/u2f/verify/route.ts diff --git a/apps/login/app/api/u2f/set/route.ts b/apps/login/app/api/u2f/set/route.ts deleted file mode 100644 index 38be7023ad2..00000000000 --- a/apps/login/app/api/u2f/set/route.ts +++ /dev/null @@ -1,70 +0,0 @@ -import { - SessionCookie, - getMostRecentSessionCookie, - getSessionCookieById, - getSessionCookieByLoginName, -} from "#/utils/cookies"; -import { setSessionAndUpdateCookie } from "#/utils/session"; -import { Checks } from "@zitadel/server"; -import { NextRequest, NextResponse, userAgent } from "next/server"; - -export async function POST(request: NextRequest) { - const body = await request.json(); - - if (body) { - const { loginName, sessionId, organization, authRequestId, code, method } = - body; - - const recentPromise: Promise = sessionId - ? getSessionCookieById(sessionId).catch((error) => { - return Promise.reject(error); - }) - : loginName - ? getSessionCookieByLoginName(loginName, organization).catch((error) => { - return Promise.reject(error); - }) - : getMostRecentSessionCookie().catch((error) => { - return Promise.reject(error); - }); - - return recentPromise - .then((recent) => { - const checks: Checks = {}; - - if (method === "time-based") { - checks.totp = { - code, - }; - } else if (method === "sms") { - checks.otpSms = { - code, - }; - } else if (method === "email") { - checks.otpEmail = { - code, - }; - } - - return setSessionAndUpdateCookie( - recent, - checks, - undefined, - authRequestId - ).then((session) => { - return NextResponse.json({ - sessionId: session.id, - factors: session.factors, - challenges: session.challenges, - }); - }); - }) - .catch((error) => { - return NextResponse.json({ details: error }, { status: 500 }); - }); - } else { - return NextResponse.json( - { details: "Request body is missing" }, - { status: 400 } - ); - } -} diff --git a/apps/login/app/api/u2f/verify/route.ts b/apps/login/app/api/u2f/verify/route.ts new file mode 100644 index 00000000000..a784fc79071 --- /dev/null +++ b/apps/login/app/api/u2f/verify/route.ts @@ -0,0 +1,50 @@ +import { getSession, server, verifyU2FRegistration } from "#/lib/zitadel"; +import { getSessionCookieById } from "#/utils/cookies"; +import { VerifyU2FRegistrationRequest } from "@zitadel/server"; +import { NextRequest, NextResponse, userAgent } from "next/server"; + +export async function POST(request: NextRequest) { + const body = await request.json(); + if (body) { + let { passkeyId, passkeyName, publicKeyCredential, sessionId } = body; + + if (!!!passkeyName) { + const { browser, device, os } = userAgent(request); + passkeyName = `${device.vendor ?? ""} ${device.model ?? ""}${ + device.vendor || device.model ? ", " : "" + }${os.name}${os.name ? ", " : ""}${browser.name}`; + } + const sessionCookie = await getSessionCookieById(sessionId); + + const session = await getSession( + server, + sessionCookie.id, + sessionCookie.token + ); + + const userId = session?.session?.factors?.user?.id; + + if (userId) { + const req: VerifyU2FRegistrationRequest = { + publicKeyCredential, + u2fId: passkeyId, + userId, + tokenName: passkeyName, + }; + return verifyU2FRegistration(req) + .then((resp) => { + return NextResponse.json(resp); + }) + .catch((error) => { + return NextResponse.json(error, { status: 500 }); + }); + } else { + return NextResponse.json( + { details: "could not get session" }, + { status: 500 } + ); + } + } else { + return NextResponse.json({}, { status: 400 }); + } +}