initial param for password set page, fix cookie overflow

apps/login/src/lib/cookies.ts

@@ -3,6 +3,9 @@
 import { cookies } from "next/headers";
 import { LANGUAGE_COOKIE_NAME } from "./i18n";
 
+// TODO: improve this to handle overflow
+export const MAX_COOKIE_SIZE = 4096;
+
 export type Cookie = {
   id: string;
   token: string;
@@ -56,7 +59,13 @@ export async function addSessionToCookie<T>(
   if (index > -1) {
     currentSessions[index] = session;
   } else {
-    currentSessions = [...currentSessions, session];
+    const temp = [...currentSessions, session];
+
+    if (temp.length > MAX_COOKIE_SIZE) {
+      // TODO: improve cookie handling
+      // this replaces the first session (oldest) with the new one
+      currentSessions = [session].concat(currentSessions.slice(1));
+    }
   }
 
   if (cleanup) {

apps/login/src/lib/idp.ts

@@ -169,7 +169,6 @@ export const PROVIDER_MAPPING: {
 } = {
   [IdentityProviderType.GOOGLE]: (idp: IDPInformation) => {
     const rawInfo = idp.rawInformation as OIDC_USER;
-    console.log(rawInfo);
 
     return create(AddHumanUserRequestSchema, {
       username: idp.userName,

apps/login/src/lib/server/password.ts

@@ -71,8 +71,6 @@ export async function sendPassword(command: UpdateSessionCommand) {
       organizationId: command.organization,
     });
 
-    console.log(users);
-
     if (users.details?.totalResult == BigInt(1) && users.result[0].userId) {
       user = users.result[0];
 
@@ -89,7 +87,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
     }
 
     // this is a fake error message to hide that the user does not even exist
-    return { error: "Could not verify password!" };
+    return { error: "Could not verify password" };
   } else {
     session = await setSessionAndUpdateCookie(
       sessionCookie,
@@ -274,7 +272,7 @@ export async function sendPassword(command: UpdateSessionCommand) {
 }
 
 export async function changePassword(command: {
-  code: string;
+  code?: string;
   userId: string;
   password: string;
 }) {

apps/login/src/lib/zitadel.ts

@@ -13,6 +13,7 @@ import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
 import { IDPInformation } from "@zitadel/proto/zitadel/user/v2/idp_pb";
 import {
   RetrieveIdentityProviderIntentRequest,
+  SetPasswordRequestSchema,
   VerifyPasskeyRegistrationRequest,
   VerifyU2FRegistrationRequest,
 } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
@@ -315,7 +316,6 @@ export async function verifyInviteCode(
 }
 
 export async function resendInviteCode(userId: string) {
-  console.log("resetInit");
   return userService.resendInviteCode({ userId }, {});
 }
 
@@ -580,24 +580,50 @@ export async function passwordReset(userId: string, host: string | null) {
   );
 }
 
+/**
+ *
+ * @param userId userId of the user to set the password for
+ * @param password the new password
+ * @param code optional if the password should be set with a code (reset), no code for initial setup of password
+ * @returns
+ */
 export async function setPassword(
   userId: string,
   password: string,
-  code: string,
+  code?: string,
 ) {
-  return userService.setPassword(
-    {
-      userId,
-      newPassword: {
-        password,
-      },
+  let payload = create(SetPasswordRequestSchema, {
+    userId,
+    newPassword: {
+      password,
+    },
+  });
+
+  // check if the user has no password set in order to set a password
+  if (!code) {
+    const authmethods = await listAuthenticationMethodTypes(userId);
+
+    // if the user has no authmethods set, we can set a password otherwise we need a code
+    if (
+      !authmethods ||
+      !authmethods.authMethodTypes ||
+      authmethods.authMethodTypes.length === 0
+    ) {
+      return { error: "Provide a code to set a password" };
+    }
+  }
+
+  if (code) {
+    payload = {
+      ...payload,
       verification: {
         case: "verificationCode",
         value: code,
       },
-    },
-    {},
-  );
+    };
+  }
+
+  return userService.setPassword(payload, {});
 }
 
 /**