mfa set cleanup

2025-12-12 06:42:59 +00:00 · 2024-04-25 15:39:13 +02:00
parent 44bf7ace42
commit a6a5f7268b
2 changed files with 37 additions and 13 deletions
--- a/apps/login/app/(login)/otp/[method]/set/page.tsx
+++ b/apps/login/app/(login)/otp/[method]/set/page.tsx
@@ -26,10 +26,13 @@ export default async function Page({
    ({ session, token }) => {
      if (session && session.factors?.user?.id) {
        if (method === "time-based") {
+          // inconsistency with token: email works with machine token, totp works with session token
          return registerTOTP(session.factors.user.id, token);
        } else if (method === "sms") {
+          // does not work
          return addOTPSMS(session.factors.user.id);
        } else if (method === "email") {
+          // works
          return addOTPEmail(session.factors.user.id);
        } else {
          throw new Error("Invalid method");
@@ -54,16 +57,15 @@ export default async function Page({
  return (
    <DynamicTheme branding={branding}>
      <div className="flex flex-col items-center space-y-4">
-        <h1>Register TOTP</h1>
+        <h1>Register 2-factor</h1>
+        {totpResponse && "uri" in totpResponse && "secret" in totpResponse ? (
+          <>
            <p className="ztdl-p">
              Scan the QR Code or navigate to the URL manually.
            </p>
-
            <div>
              {/* {auth && <div>{auth.to}</div>} */}
-          {totpResponse &&
-            "uri" in totpResponse &&
-            "secret" in totpResponse && (
+
              <TOTPRegister
                uri={totpResponse.uri as string}
                secret={totpResponse.secret as string}
@@ -72,9 +74,18 @@ export default async function Page({
                authRequestId={authRequestId}
                organization={organization}
              ></TOTPRegister>
+            </div>{" "}
+          </>
+        ) : (
+          <p className="ztdl-p">
+            {method === "email"
+              ? "Code via email was successfully added."
+              : method === "sms"
+              ? "Code via SMS was successfully added."
+              : ""}
+          </p>
        )}
      </div>
-      </div>
    </DynamicTheme>
  );
 }
--- a/apps/login/lib/zitadel.ts
+++ b/apps/login/lib/zitadel.ts
@@ -112,9 +112,22 @@ export async function addOTPEmail(
 }

 export async function addOTPSMS(
-  userId: string
+  userId: string,
+  token?: string
 ): Promise<AddOTPSMSResponse | undefined> {
-  const userService = user.getUser(server);
+  let userService;
+  if (token) {
+    const authConfig: ZitadelServerOptions = {
+      name: "zitadel login",
+      apiUrl: process.env.ZITADEL_API_URL ?? "",
+      token: token,
+    };
+
+    const sessionUser = initializeServer(authConfig);
+    userService = user.getUser(sessionUser);
+  } else {
+    userService = user.getUser(server);
+  }
  return userService.addOTPSMS({ userId }, {});
 }