fix: session callback on otp register

2025-12-12 14:32:34 +00:00 · 2024-04-29 14:55:49 +02:00
parent 1e7bbc4aca
commit b75183868a
2 changed files with 39 additions and 19 deletions
--- a/apps/login/app/(login)/otp/[method]/set/page.tsx
+++ b/apps/login/app/(login)/otp/[method]/set/page.tsx
@@ -6,8 +6,10 @@ import {
  registerTOTP,
  server,
 } from "#/lib/zitadel";
+import Alert from "#/ui/Alert";
 import DynamicTheme from "#/ui/DynamicTheme";
 import TOTPRegister from "#/ui/TOTPRegister";
+import UserAvatar from "#/ui/UserAvatar";
 import { getMostRecentCookieWithLoginname } from "#/utils/cookies";

 export default async function Page({
@@ -21,27 +23,25 @@ export default async function Page({
  const { method } = params;

  const branding = await getBrandingSettings(server, organization);
+  const { session, token } = await loadSession(loginName, organization);

-  const totpResponse = await loadSession(loginName, organization).then(
-    ({ session, token }) => {
-      if (session && session.factors?.user?.id) {
-        if (method === "time-based") {
-          // inconsistency with token: email works with machine token, totp works with session token
-          return registerTOTP(session.factors.user.id, token);
-        } else if (method === "sms") {
-          // does not work
-          return addOTPSMS(session.factors.user.id);
-        } else if (method === "email") {
-          // works
-          return addOTPEmail(session.factors.user.id);
-        } else {
-          throw new Error("Invalid method");
-        }
-      } else {
-        throw new Error("No session found");
-      }
+  let totpResponse;
+  if (session && session.factors?.user?.id) {
+    if (method === "time-based") {
+      // inconsistency with token: email works with machine token, totp works with session token
+      totpResponse = await registerTOTP(session.factors.user.id, token);
+    } else if (method === "sms") {
+      // does not work
+      await addOTPSMS(session.factors.user.id);
+    } else if (method === "email") {
+      // works
+      await addOTPEmail(session.factors.user.id);
+    } else {
+      throw new Error("Invalid method");
    }
-  );
+  } else {
+    throw new Error("No session found");
+  }

  async function loadSession(loginName?: string, organization?: string) {
    const recent = await getMostRecentCookieWithLoginname(
@@ -58,6 +58,23 @@ export default async function Page({
    <DynamicTheme branding={branding}>
      <div className="flex flex-col items-center space-y-4">
        <h1>Register 2-factor</h1>
+        {!session && (
+          <div className="py-4">
+            <Alert>
+              Could not get the context of the user. Make sure to enter the
+              username first or provide a loginName as searchParam.
+            </Alert>
+          </div>
+        )}
+
+        {session && (
+          <UserAvatar
+            loginName={loginName ?? session.factors?.user?.loginName}
+            displayName={session.factors?.user?.displayName}
+            showDropdown
+          ></UserAvatar>
+        )}
+
        {totpResponse && "uri" in totpResponse && "secret" in totpResponse ? (
          <>
            <p className="ztdl-p">