TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-12 10:15:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

check for outdated password

Browse Source
This commit is contained in:
Max Peintner
2025-01-27 13:26:20 +01:00
parent c003ea2b22
commit b93035eeb1
3 changed files with 29 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/login/src/lib/server/password.ts
View File

@@ -6,6 +6,7 @@ import {
} from "@/lib/server/cookie"; } from "@/lib/server/cookie";
import { import {
getLoginSettings, getLoginSettings,
getPasswordExpirySettings,
getSession, getSession,
getUserByID, getUserByID,
listAuthenticationMethodTypes, listAuthenticationMethodTypes,
@@ -141,8 +142,13 @@ export async function sendPassword(command: UpdateSessionCommand) {
const humanUser = user.type.case === "human" ? user.type.value : undefined; const humanUser = user.type.case === "human" ? user.type.value : undefined;
const expirySettings = await getPasswordExpirySettings(
command.organization ?? session.factors?.user?.organizationId,
);
// check if the user has to change password first // check if the user has to change password first
const passwordChangedCheck = checkPasswordChangeRequired( const passwordChangedCheck = checkPasswordChangeRequired(
expirySettings,
session, session,
humanUser, humanUser,
command.organization, command.organization,

16
apps/login/src/lib/verify-helper.ts
View File

@@ -1,15 +1,29 @@
import { timestampDate } from "@zitadel/client";
import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb"; import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb"; import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb";
import { PasswordExpirySettings } from "@zitadel/proto/zitadel/settings/v2/password_settings_pb";
import { HumanUser } from "@zitadel/proto/zitadel/user/v2/user_pb"; import { HumanUser } from "@zitadel/proto/zitadel/user/v2/user_pb";
import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb"; import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
import moment from "moment";
export function checkPasswordChangeRequired( export function checkPasswordChangeRequired(
expirySettings: PasswordExpirySettings | undefined,
session: Session, session: Session,
humanUser: HumanUser | undefined, humanUser: HumanUser | undefined,
organization?: string, organization?: string,
authRequestId?: string, authRequestId?: string,
) { ) {
if (humanUser?.passwordChangeRequired) { let isOutdated = false;
if (expirySettings?.maxAgeDays && humanUser?.passwordChanged) {
const maxAgeDays = Number(expirySettings.maxAgeDays); // Convert bigint to number
const passwordChangedDate = moment(
timestampDate(humanUser.passwordChanged),
);
const outdatedPassword = passwordChangedDate.add(maxAgeDays, "days");
isOutdated = moment().isAfter(outdatedPassword);
}
if (humanUser?.passwordChangeRequired || isOutdated) {
const params = new URLSearchParams({ const params = new URLSearchParams({
loginName: session.factors?.user?.loginName as string, loginName: session.factors?.user?.loginName as string,
}); });

8
apps/login/src/lib/zitadel.ts
View File

@@ -81,6 +81,14 @@ export async function getLoginSettings(orgId?: string) {
return useCache ? cacheWrapper(callback) : callback; return useCache ? cacheWrapper(callback) : callback;
} }
export async function getPasswordExpirySettings(orgId?: string) {
const callback = settingsService
.getPasswordExpirySettings({ ctx: makeReqCtx(orgId) }, {})
.then((resp) => (resp.settings ? resp.settings : undefined));
return useCache ? cacheWrapper(callback) : callback;
}
export async function listIDPLinks(userId: string) { export async function listIDPLinks(userId: string) {
return userService.listIDPLinks( return userService.listIDPLinks(
{ {