let them reauthenticate with a bad session

2025-12-12 10:36:44 +00:00 · 2024-12-09 14:57:39 +01:00
parent 40b474821f
commit a749c76f4f
1 changed files with 71 additions and 57 deletions
--- a/apps/login/src/app/login/route.ts
+++ b/apps/login/src/app/login/route.ts
@@ -170,71 +170,85 @@ export async function GET(request: NextRequest) {

      const isValid = await isSessionValid(selectedSession);

-      if (isValid) {
-        const cookie = sessionCookies.find(
-          (cookie) => cookie.id === selectedSession?.id,
-        );
+      if (!isValid && selectedSession.factors?.user) {
+        // if the session is not valid anymore, we need to redirect the user to re-authenticate
+        const command: SendLoginnameCommand = {
+          loginName: selectedSession.factors.user?.loginName,
+          organization: selectedSession.factors?.user?.organizationId,
+          authRequestId: authRequestId,
+        };

-        if (cookie && cookie.id && cookie.token) {
-          const session = {
-            sessionId: cookie?.id,
-            sessionToken: cookie?.token,
-          };
+        const res = await sendLoginname(command);

-          // works not with _rsc request
-          try {
-            const { callbackUrl } = await createCallback(
-              create(CreateCallbackRequestSchema, {
-                authRequestId,
-                callbackKind: {
-                  case: "session",
-                  value: create(SessionSchema, session),
-                },
-              }),
+        if (res?.redirect) {
+          const absoluteUrl = new URL(res.redirect, request.url);
+          return NextResponse.redirect(absoluteUrl.toString());
+        }
+      }
+
+      const cookie = sessionCookies.find(
+        (cookie) => cookie.id === selectedSession?.id,
+      );
+
+      if (cookie && cookie.id && cookie.token) {
+        const session = {
+          sessionId: cookie?.id,
+          sessionToken: cookie?.token,
+        };
+
+        // works not with _rsc request
+        try {
+          const { callbackUrl } = await createCallback(
+            create(CreateCallbackRequestSchema, {
+              authRequestId,
+              callbackKind: {
+                case: "session",
+                value: create(SessionSchema, session),
+              },
+            }),
+          );
+          if (callbackUrl) {
+            return NextResponse.redirect(callbackUrl);
+          } else {
+            return NextResponse.json(
+              { error: "An error occurred!" },
+              { status: 500 },
            );
-            if (callbackUrl) {
-              return NextResponse.redirect(callbackUrl);
-            } else {
-              return NextResponse.json(
-                { error: "An error occurred!" },
-                { status: 500 },
+          }
+        } catch (error: unknown) {
+          // handle already handled gracefully as these could come up if old emails with authRequestId are used (reset password, register emails etc.)
+          console.error(error);
+          if (
+            error &&
+            typeof error === "object" &&
+            "code" in error &&
+            error?.code === 9
+          ) {
+            const loginSettings = await getLoginSettings(
+              selectedSession.factors?.user?.organizationId,
+            );
+
+            if (loginSettings?.defaultRedirectUri) {
+              return NextResponse.redirect(loginSettings.defaultRedirectUri);
+            }
+
+            const signedinUrl = new URL("/signedin", request.url);
+
+            if (selectedSession.factors?.user?.loginName) {
+              signedinUrl.searchParams.set(
+                "loginName",
+                selectedSession.factors?.user?.loginName,
              );
            }
-          } catch (error: unknown) {
-            // handle already handled gracefully as these could come up if old emails with authRequestId are used (reset password, register emails etc.)
-            console.error(error);
-            if (
-              error &&
-              typeof error === "object" &&
-              "code" in error &&
-              error?.code === 9
-            ) {
-              const loginSettings = await getLoginSettings(
+            if (selectedSession.factors?.user?.organizationId) {
+              signedinUrl.searchParams.set(
+                "organization",
                selectedSession.factors?.user?.organizationId,
              );
-
-              if (loginSettings?.defaultRedirectUri) {
-                return NextResponse.redirect(loginSettings.defaultRedirectUri);
-              }
-
-              const signedinUrl = new URL("/signedin", request.url);
-
-              if (selectedSession.factors?.user?.loginName) {
-                signedinUrl.searchParams.set(
-                  "loginName",
-                  selectedSession.factors?.user?.loginName,
-                );
-              }
-              if (selectedSession.factors?.user?.organizationId) {
-                signedinUrl.searchParams.set(
-                  "organization",
-                  selectedSession.factors?.user?.organizationId,
-                );
-              }
-              return NextResponse.redirect(signedinUrl);
-            } else {
-              return NextResponse.json({ error }, { status: 500 });
            }
+            return NextResponse.redirect(signedinUrl);
+          } else {
+            return NextResponse.json({ error }, { status: 500 });
          }
        }
      }