diff --git a/apps/login/app/api/session/route.ts b/apps/login/app/api/session/route.ts index d1d5114fe25..80f873c4d5d 100644 --- a/apps/login/app/api/session/route.ts +++ b/apps/login/app/api/session/route.ts @@ -3,6 +3,7 @@ import { deleteSession, listHumanAuthFactors, getSession, + getUserByID, } from "#/lib/zitadel"; import { SessionCookie, @@ -16,7 +17,7 @@ import { createSessionForIdpAndUpdateCookie, setSessionAndUpdateCookie, } from "#/utils/session"; -import { Checks, RequestChallenges } from "@zitadel/server"; +import { Challenges, Checks, RequestChallenges } from "@zitadel/server"; import { NextRequest, NextResponse } from "next/server"; export async function POST(request: NextRequest) { @@ -91,12 +92,37 @@ export async function PUT(request: NextRequest) { const domain: string = request.nextUrl.hostname; - if (challenges && challenges.webAuthN && !challenges.webAuthN.domain) { - challenges.webAuthN.domain = domain; - } - return recentPromise - .then((recent) => { + .then(async (recent) => { + if ( + challenges && + (challenges.otpEmail === "" || challenges.otpSms === "") + ) { + const sessionResponse = await getSession( + server, + recent.id, + recent.token + ); + if (sessionResponse && sessionResponse.session?.factors?.user?.id) { + const userResponse = await getUserByID( + sessionResponse.session.factors.user.id + ); + if ( + challenges.otpEmail === "" && + userResponse.user?.human?.email?.email + ) { + challenges.otpEmail = userResponse.user?.human?.email?.email; + } + + if ( + challenges.otpSms === "" && + userResponse.user?.human?.phone?.phone + ) { + challenges.otpSms = userResponse.user?.human?.phone?.phone; + } + } + } + return setSessionAndUpdateCookie( recent, checks, @@ -114,6 +140,15 @@ export async function PUT(request: NextRequest) { authFactors = response.result; } } + if (challenges && challenges.o && session.factors?.user?.id) { + const response = await listHumanAuthFactors( + server, + session.factors?.user?.id + ); + if (response.result && response.result.length) { + authFactors = response.result; + } + } return NextResponse.json({ sessionId: session.id, factors: session.factors, diff --git a/apps/login/lib/zitadel.ts b/apps/login/lib/zitadel.ts index 8770298e446..66a39b9860f 100644 --- a/apps/login/lib/zitadel.ts +++ b/apps/login/lib/zitadel.ts @@ -1,4 +1,4 @@ -import { RegisterTOTPResponse } from "@zitadel/server"; +import { GetUserByIDResponse, RegisterTOTPResponse } from "@zitadel/server"; import { LegalAndSupportSettings, PasswordComplexitySettings, @@ -302,6 +302,14 @@ export async function addHumanUser( ); } +export async function getUserByID( + userId: string +): Promise { + const userService = user.getUser(server); + + return userService.getUserByID({ userId }, {}); +} + export async function listHumanAuthFactors( server: ZitadelServer, userId: string diff --git a/apps/login/ui/LoginOTP.tsx b/apps/login/ui/LoginOTP.tsx index 68f0451b04f..03ce3aaafab 100644 --- a/apps/login/ui/LoginOTP.tsx +++ b/apps/login/ui/LoginOTP.tsx @@ -66,7 +66,7 @@ export default function LoginOTP({ const challenges: Challenges = {}; if (method === "email") { - challenges.otpEmail = "peintnerm@gmail.com"; + challenges.otpEmail = ""; } if (method === "sms") {