Merge pull request #381 from zitadel/mfaprompt

fix: basepath for absolute urls
2025-08-12 10:37:32 +00:00 · 2025-02-28 17:05:53 +01:00
parent 1553b76d74 5a6ae7fb67
commit bae987e2e7
7 changed files with 28 additions and 20 deletions
--- a/apps/login/src/app/(login)/verify/page.tsx
+++ b/apps/login/src/app/(login)/verify/page.tsx
@@ -46,6 +46,8 @@ export default async function Page(props: { searchParams: Promise<any> }) {

  const doSend = invite !== "true";

+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
  if ("loginName" in searchParams) {
    sessionFactors = await loadMostRecentSession({
      serviceUrl,
@@ -59,10 +61,9 @@ export default async function Page(props: { searchParams: Promise<any> }) {
    if (doSend && sessionFactors?.factors?.user?.id) {
      await sendEmailCode({
        serviceUrl,
-
        userId: sessionFactors?.factors?.user?.id,
        urlTemplate:
-          `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
+          `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
          (authRequestId ? `&authRequestId=${authRequestId}` : ""),
      }).catch((error) => {
        console.error("Could not resend verification email", error);
@@ -73,10 +74,9 @@ export default async function Page(props: { searchParams: Promise<any> }) {
    if (doSend) {
      await sendEmailCode({
        serviceUrl,
-
        userId,
        urlTemplate:
-          `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
+          `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` +
          (authRequestId ? `&authRequestId=${authRequestId}` : ""),
      }).catch((error) => {
        console.error("Could not resend verification email", error);
--- a/apps/login/src/components/login-otp.tsx
+++ b/apps/login/src/components/login-otp.tsx
@@ -76,6 +76,8 @@ export function LoginOTP({
  async function updateSessionForOTPChallenge() {
    let challenges;

+    const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
    if (method === "email") {
      challenges = create(RequestChallengesSchema, {
        otpEmail: {
@@ -84,7 +86,7 @@ export function LoginOTP({
            value: host
              ? {
                  urlTemplate:
-                    `${host.includes("localhost") ? "http://" : "https://"}${host}/otp/${method}?code={{.Code}}&userId={{.UserID}}&sessionId={{.SessionID}}` +
+                    `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/otp/${method}?code={{.Code}}&userId={{.UserID}}&sessionId={{.SessionID}}` +
                    (authRequestId ? `&authRequestId=${authRequestId}` : ""),
                }
              : {},
--- a/apps/login/src/lib/server/idp.ts
+++ b/apps/login/src/lib/server/idp.ts
@@ -26,13 +26,14 @@ export async function startIDPFlow(command: StartIDPFlowCommand) {
    return { error: "Could not get host" };
  }

+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
  return startIdentityProviderFlow({
    serviceUrl,
-
    idpId: command.idpId,
    urls: {
-      successUrl: `${host.includes("localhost") ? "http://" : "https://"}${host}${command.successUrl}`,
-      failureUrl: `${host.includes("localhost") ? "http://" : "https://"}${host}${command.failureUrl}`,
+      successUrl: `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}${command.successUrl}`,
+      failureUrl: `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}${command.failureUrl}`,
    },
  }).then((response) => {
    if (
--- a/apps/login/src/lib/server/invite.ts
+++ b/apps/login/src/lib/server/invite.ts
@@ -43,10 +43,11 @@ export async function inviteUser(command: InviteUserCommand) {
    return { error: "Could not create user" };
  }

+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
  const codeResponse = await createInviteCode({
    serviceUrl,
-
-    urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true`,
+    urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true`,
    userId: human.userId,
  });

--- a/apps/login/src/lib/server/loginname.ts
+++ b/apps/login/src/lib/server/loginname.ts
@@ -104,16 +104,17 @@ export async function sendLoginname(command: SendLoginnameCommand) {
        params.set("organization", command.organization);
      }

+      const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
      const resp = await startIdentityProviderFlow({
        serviceUrl,
-
        idpId: identityProviders[0].id,
        urls: {
          successUrl:
-            `${host.includes("localhost") ? "http://" : "https://"}${host}/idp/${provider}/success?` +
+            `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/idp/${provider}/success?` +
            new URLSearchParams(params),
          failureUrl:
-            `${host.includes("localhost") ? "http://" : "https://"}${host}/idp/${provider}/failure?` +
+            `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/idp/${provider}/failure?` +
            new URLSearchParams(params),
        },
      });
@@ -169,16 +170,17 @@ export async function sendLoginname(command: SendLoginnameCommand) {
        params.set("organization", command.organization);
      }

+      const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
      const resp = await startIdentityProviderFlow({
        serviceUrl,
-
        idpId: idp.id,
        urls: {
          successUrl:
-            `${host.includes("localhost") ? "http://" : "https://"}${host}/idp/${provider}/success?` +
+            `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/idp/${provider}/success?` +
            new URLSearchParams(params),
          failureUrl:
-            `${host.includes("localhost") ? "http://" : "https://"}${host}/idp/${provider}/failure?` +
+            `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/idp/${provider}/failure?` +
            new URLSearchParams(params),
        },
      });
--- a/apps/login/src/lib/server/password.ts
+++ b/apps/login/src/lib/server/password.ts
@@ -70,12 +70,13 @@ export async function resetPassword(command: ResetPasswordCommand) {
  }
  const userId = users.result[0].userId;

+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
  return passwordReset({
    serviceUrl,
-
    userId,
    urlTemplate:
-      `${host.includes("localhost") ? "http://" : "https://"}${host}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
+      `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
      (command.authRequestId ? `&authRequestId=${command.authRequestId}` : ""),
  });
 }
--- a/apps/login/src/lib/server/verify.ts
+++ b/apps/login/src/lib/server/verify.ts
@@ -260,14 +260,15 @@ export async function resendVerification(command: resendVerifyEmailCommand) {
    return { error: "No host found" };
  }

+  const basePath = process.env.NEXT_PUBLIC_BASE_PATH ?? "";
+
  return command.isInvite
    ? resendInviteCode({ serviceUrl, userId: command.userId })
    : resendEmailCode({
        userId: command.userId,
        serviceUrl,
-
        urlTemplate:
-          `${host.includes("localhost") ? "http://" : "https://"}${host}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
+          `${host.includes("localhost") ? "http://" : "https://"}${host}${basePath}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` +
          (command.authRequestId
            ? `&authRequestId=${command.authRequestId}`
            : ""),