From c7c054da4803e996657ce707c61dfc398f607742 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Wed, 5 Feb 2025 09:13:43 +0100 Subject: [PATCH] request id param --- apps/login/src/app/(login)/accounts/page.tsx | 8 ++-- .../app/(login)/authenticator/set/page.tsx | 8 ++-- .../(login)/idp/[provider]/success/page.tsx | 10 ++--- apps/login/src/app/(login)/idp/page.tsx | 4 +- apps/login/src/app/(login)/loginname/page.tsx | 6 +-- apps/login/src/app/(login)/mfa/page.tsx | 4 +- apps/login/src/app/(login)/mfa/set/page.tsx | 12 ++---- .../src/app/(login)/otp/[method]/page.tsx | 4 +- .../src/app/(login)/otp/[method]/set/page.tsx | 18 ++++---- apps/login/src/app/(login)/passkey/page.tsx | 4 +- .../src/app/(login)/passkey/set/page.tsx | 5 +-- .../src/app/(login)/password/change/page.tsx | 4 +- apps/login/src/app/(login)/password/page.tsx | 4 +- .../src/app/(login)/password/set/page.tsx | 4 +- apps/login/src/app/(login)/register/page.tsx | 5 +-- .../app/(login)/register/password/page.tsx | 5 +-- apps/login/src/app/(login)/signedin/page.tsx | 32 +++++++++++--- apps/login/src/app/(login)/u2f/page.tsx | 4 +- apps/login/src/app/(login)/u2f/set/page.tsx | 4 +- apps/login/src/app/(login)/verify/page.tsx | 14 +++---- apps/login/src/app/login/route.ts | 8 ++-- .../src/components/change-password-form.tsx | 6 +-- .../choose-second-factor-to-setup.tsx | 8 ++-- .../src/components/choose-second-factor.tsx | 8 ++-- apps/login/src/components/idp-signin.tsx | 6 +-- .../components/idps/pages/linking-success.tsx | 4 +- .../components/idps/pages/login-success.tsx | 4 +- apps/login/src/components/login-otp.tsx | 18 ++++---- apps/login/src/components/login-passkey.tsx | 12 +++--- apps/login/src/components/password-form.tsx | 12 +++--- apps/login/src/components/register-form.tsx | 10 ++--- .../login/src/components/register-passkey.tsx | 8 ++-- apps/login/src/components/register-u2f.tsx | 12 +++--- apps/login/src/components/session-item.tsx | 8 ++-- apps/login/src/components/sessions-list.tsx | 6 +-- .../src/components/set-password-form.tsx | 8 ++-- .../components/set-register-password-form.tsx | 6 +-- .../login/src/components/sign-in-with-idp.tsx | 8 ++-- apps/login/src/components/totp-register.tsx | 12 +++--- apps/login/src/components/user-avatar.tsx | 4 +- apps/login/src/components/username-form.tsx | 10 ++--- apps/login/src/components/verify-form.tsx | 6 +-- .../src/components/verify-redirect-button.tsx | 6 +-- apps/login/src/lib/client.ts | 8 ++-- apps/login/src/lib/cookies.ts | 2 +- apps/login/src/lib/oidc.ts | 2 +- apps/login/src/lib/saml.ts | 2 +- apps/login/src/lib/server/cookie.ts | 24 +++++------ apps/login/src/lib/server/idp.ts | 12 +++--- apps/login/src/lib/server/invite.ts | 2 +- apps/login/src/lib/server/loginname.ts | 42 +++++++++---------- apps/login/src/lib/server/otp.ts | 4 +- apps/login/src/lib/server/passkeys.ts | 12 +++--- apps/login/src/lib/server/password.ts | 20 ++++----- apps/login/src/lib/server/register.ts | 14 +++---- apps/login/src/lib/server/session.ts | 22 ++++------ apps/login/src/lib/server/verify.ts | 26 ++++++------ apps/login/src/lib/verify-helper.ts | 36 ++++++++-------- 58 files changed, 291 insertions(+), 286 deletions(-) diff --git a/apps/login/src/app/(login)/accounts/page.tsx b/apps/login/src/app/(login)/accounts/page.tsx index bc63d990c9c..f0156aab8c0 100644 --- a/apps/login/src/app/(login)/accounts/page.tsx +++ b/apps/login/src/app/(login)/accounts/page.tsx @@ -42,7 +42,7 @@ export default async function Page(props: { const locale = getLocale(); const t = await getTranslations({ locale, namespace: "accounts" }); - const authRequestId = searchParams?.authRequestId; + const requestId = searchParams?.requestId; const organization = searchParams?.organization; const _headers = await headers(); @@ -69,8 +69,8 @@ export default async function Page(props: { const params = new URLSearchParams(); - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } if (organization) { @@ -84,7 +84,7 @@ export default async function Page(props: {

{t("description")}

- +
diff --git a/apps/login/src/app/(login)/authenticator/set/page.tsx b/apps/login/src/app/(login)/authenticator/set/page.tsx index 634b1168158..3977b8dbb0a 100644 --- a/apps/login/src/app/(login)/authenticator/set/page.tsx +++ b/apps/login/src/app/(login)/authenticator/set/page.tsx @@ -27,7 +27,7 @@ export default async function Page(props: { const t = await getTranslations({ locale, namespace: "authenticator" }); const tError = await getTranslations({ locale, namespace: "error" }); - const { loginName, authRequestId, organization, sessionId } = searchParams; + const { loginName, requestId, organization, sessionId } = searchParams; const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); @@ -141,8 +141,8 @@ export default async function Page(props: { params.set("organization", sessionWithData.factors?.user?.organizationId); } - if (authRequestId) { - params.set("authRequestId", authRequestId); + if (requestId) { + params.set("requestId", requestId); } return ( @@ -174,7 +174,7 @@ export default async function Page(props: { {loginSettings?.allowExternalIdp && identityProviders && ( diff --git a/apps/login/src/app/(login)/idp/[provider]/success/page.tsx b/apps/login/src/app/(login)/idp/[provider]/success/page.tsx index 425e9f0caf8..4522733ecff 100644 --- a/apps/login/src/app/(login)/idp/[provider]/success/page.tsx +++ b/apps/login/src/app/(login)/idp/[provider]/success/page.tsx @@ -36,7 +36,7 @@ export default async function Page(props: { const searchParams = await props.searchParams; const locale = getLocale(); const t = await getTranslations({ locale, namespace: "idp" }); - const { id, token, authRequestId, organization, link } = searchParams; + const { id, token, requestId, organization, link } = searchParams; const { provider } = params; const _headers = await headers(); @@ -68,7 +68,7 @@ export default async function Page(props: { return loginSuccess( userId, { idpIntentId: id, idpIntentToken: token }, - authRequestId, + requestId, branding, ); } @@ -119,7 +119,7 @@ export default async function Page(props: { return linkingSuccess( userId, { idpIntentId: id, idpIntentToken: token }, - authRequestId, + requestId, branding, ); } @@ -179,7 +179,7 @@ export default async function Page(props: { return linkingSuccess( foundUser.userId, { idpIntentId: id, idpIntentToken: token }, - authRequestId, + requestId, branding, ); } @@ -245,7 +245,7 @@ export default async function Page(props: {
diff --git a/apps/login/src/app/(login)/idp/page.tsx b/apps/login/src/app/(login)/idp/page.tsx index 80829557ecd..055e79cc07f 100644 --- a/apps/login/src/app/(login)/idp/page.tsx +++ b/apps/login/src/app/(login)/idp/page.tsx @@ -12,7 +12,7 @@ export default async function Page(props: { const locale = getLocale(); const t = await getTranslations({ locale, namespace: "idp" }); - const authRequestId = searchParams?.authRequestId; + const requestId = searchParams?.requestId; const organization = searchParams?.organization; const _headers = await headers(); @@ -41,7 +41,7 @@ export default async function Page(props: { {identityProviders && ( )} diff --git a/apps/login/src/app/(login)/loginname/page.tsx b/apps/login/src/app/(login)/loginname/page.tsx index 7f8cb928128..ed9ec594906 100644 --- a/apps/login/src/app/(login)/loginname/page.tsx +++ b/apps/login/src/app/(login)/loginname/page.tsx @@ -20,7 +20,7 @@ export default async function Page(props: { const t = await getTranslations({ locale, namespace: "loginname" }); const loginName = searchParams?.loginName; - const authRequestId = searchParams?.authRequestId; + const requestId = searchParams?.requestId; const organization = searchParams?.organization; const suffix = searchParams?.suffix; const submit: boolean = searchParams?.submit === "true"; @@ -73,7 +73,7 @@ export default async function Page(props: { )} diff --git a/apps/login/src/app/(login)/mfa/page.tsx b/apps/login/src/app/(login)/mfa/page.tsx index 53fc650788c..42d9707aae2 100644 --- a/apps/login/src/app/(login)/mfa/page.tsx +++ b/apps/login/src/app/(login)/mfa/page.tsx @@ -22,7 +22,7 @@ export default async function Page(props: { const t = await getTranslations({ locale, namespace: "mfa" }); const tError = await getTranslations({ locale, namespace: "error" }); - const { loginName, authRequestId, organization, sessionId } = searchParams; + const { loginName, requestId, organization, sessionId } = searchParams; const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); @@ -114,7 +114,7 @@ export default async function Page(props: { diff --git a/apps/login/src/app/(login)/mfa/set/page.tsx b/apps/login/src/app/(login)/mfa/set/page.tsx index 64e9cd7605b..e37d24e55d4 100644 --- a/apps/login/src/app/(login)/mfa/set/page.tsx +++ b/apps/login/src/app/(login)/mfa/set/page.tsx @@ -42,14 +42,8 @@ export default async function Page(props: { const t = await getTranslations({ locale, namespace: "mfa" }); const tError = await getTranslations({ locale, namespace: "error" }); - const { - loginName, - checkAfter, - force, - authRequestId, - organization, - sessionId, - } = searchParams; + const { loginName, checkAfter, force, requestId, organization, sessionId } = + searchParams; const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); @@ -157,7 +151,7 @@ export default async function Page(props: { diff --git a/apps/login/src/app/(login)/passkey/set/page.tsx b/apps/login/src/app/(login)/passkey/set/page.tsx index e2f34ae830a..ab9dcf102b8 100644 --- a/apps/login/src/app/(login)/passkey/set/page.tsx +++ b/apps/login/src/app/(login)/passkey/set/page.tsx @@ -16,8 +16,7 @@ export default async function Page(props: { const t = await getTranslations({ locale, namespace: "passkey" }); const tError = await getTranslations({ locale, namespace: "error" }); - const { loginName, prompt, organization, authRequestId, userId } = - searchParams; + const { loginName, prompt, organization, requestId, userId } = searchParams; const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); @@ -76,7 +75,7 @@ export default async function Page(props: { sessionId={session.id} isPrompt={!!prompt} organization={organization} - authRequestId={authRequestId} + requestId={requestId} /> )}
diff --git a/apps/login/src/app/(login)/password/change/page.tsx b/apps/login/src/app/(login)/password/change/page.tsx index 28f77a4b6d8..35409cecc6e 100644 --- a/apps/login/src/app/(login)/password/change/page.tsx +++ b/apps/login/src/app/(login)/password/change/page.tsx @@ -23,7 +23,7 @@ export default async function Page(props: { const t = await getTranslations({ locale, namespace: "password" }); const tError = await getTranslations({ locale, namespace: "error" }); - const { loginName, organization, authRequestId } = searchParams; + const { loginName, organization, requestId } = searchParams; // also allow no session to be found (ignoreUnkownUsername) const sessionFactors = await loadMostRecentSession({ @@ -84,7 +84,7 @@ export default async function Page(props: { diff --git a/apps/login/src/app/(login)/password/page.tsx b/apps/login/src/app/(login)/password/page.tsx index b9b17568132..c5136e941c7 100644 --- a/apps/login/src/app/(login)/password/page.tsx +++ b/apps/login/src/app/(login)/password/page.tsx @@ -22,7 +22,7 @@ export default async function Page(props: { const t = await getTranslations({ locale, namespace: "password" }); const tError = await getTranslations({ locale, namespace: "error" }); - let { loginName, organization, authRequestId, alt } = searchParams; + let { loginName, organization, requestId, alt } = searchParams; const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); @@ -94,7 +94,7 @@ export default async function Page(props: { {loginName && ( )} diff --git a/apps/login/src/app/(login)/register/password/page.tsx b/apps/login/src/app/(login)/register/password/page.tsx index aeda4d56f68..a588cd2e2e0 100644 --- a/apps/login/src/app/(login)/register/password/page.tsx +++ b/apps/login/src/app/(login)/register/password/page.tsx @@ -19,8 +19,7 @@ export default async function Page(props: { const locale = getLocale(); const t = await getTranslations({ locale, namespace: "register" }); - let { firstname, lastname, email, organization, authRequestId } = - searchParams; + let { firstname, lastname, email, organization, requestId } = searchParams; const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); @@ -80,7 +79,7 @@ export default async function Page(props: { firstname={firstname} lastname={lastname} organization={organization} - authRequestId={authRequestId} + requestId={requestId} > )}
diff --git a/apps/login/src/app/(login)/signedin/page.tsx b/apps/login/src/app/(login)/signedin/page.tsx index f6897134798..8308ddd210a 100644 --- a/apps/login/src/app/(login)/signedin/page.tsx +++ b/apps/login/src/app/(login)/signedin/page.tsx @@ -6,6 +6,7 @@ import { getMostRecentCookieWithLoginname } from "@/lib/cookies"; import { getServiceUrlFromHeaders } from "@/lib/service"; import { createCallback, + createResponse, getBrandingSettings, getLoginSettings, getSession, @@ -15,6 +16,7 @@ import { CreateCallbackRequestSchema, SessionSchema, } from "@zitadel/proto/zitadel/oidc/v2/oidc_service_pb"; +import { CreateResponseRequestSchema } from "@zitadel/proto/zitadel/saml/v2/saml_service_pb"; import { getLocale, getTranslations } from "next-intl/server"; import { headers } from "next/headers"; import Link from "next/link"; @@ -24,16 +26,16 @@ async function loadSession( serviceUrl: string, serviceRegion: string, loginName: string, - authRequestId?: string, + requestId?: string, ) { const recent = await getMostRecentCookieWithLoginname({ loginName }); - if (authRequestId) { + if (requestId && requestId.startsWith("oidc_")) { return createCallback({ serviceUrl, serviceRegion, req: create(CreateCallbackRequestSchema, { - authRequestId, + authRequestId: requestId, callbackKind: { case: "session", value: create(SessionSchema, { @@ -45,7 +47,25 @@ async function loadSession( }).then(({ callbackUrl }) => { return redirect(callbackUrl); }); + } else if (requestId && requestId.startsWith("saml_")) { + return createResponse({ + serviceUrl, + serviceRegion, + req: create(CreateResponseRequestSchema, { + samlRequestId: requestId.replace("saml_", ""), + responseKind: { + case: "session", + value: { + sessionId: recent.id, + sessionToken: recent.token, + }, + }, + }), + }).then(({ url }) => { + return redirect(url); + }); } + return getSession({ serviceUrl, serviceRegion, @@ -66,12 +86,12 @@ export default async function Page(props: { searchParams: Promise }) { const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); - const { loginName, authRequestId, organization } = searchParams; + const { loginName, requestId, organization } = searchParams; const sessionFactors = await loadSession( serviceUrl, serviceRegion, loginName, - authRequestId, + requestId, ); const branding = await getBrandingSettings({ @@ -81,7 +101,7 @@ export default async function Page(props: { searchParams: Promise }) { }); let loginSettings; - if (!authRequestId) { + if (!requestId) { loginSettings = await getLoginSettings({ serviceUrl, serviceRegion, diff --git a/apps/login/src/app/(login)/u2f/page.tsx b/apps/login/src/app/(login)/u2f/page.tsx index e0a21103a87..930538c8345 100644 --- a/apps/login/src/app/(login)/u2f/page.tsx +++ b/apps/login/src/app/(login)/u2f/page.tsx @@ -17,7 +17,7 @@ export default async function Page(props: { const t = await getTranslations({ locale, namespace: "u2f" }); const tError = await getTranslations({ locale, namespace: "error" }); - const { loginName, authRequestId, sessionId, organization } = searchParams; + const { loginName, requestId, sessionId, organization } = searchParams; const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); @@ -80,7 +80,7 @@ export default async function Page(props: { )} diff --git a/apps/login/src/app/(login)/verify/page.tsx b/apps/login/src/app/(login)/verify/page.tsx index 628d07f36fe..e55d589ec8a 100644 --- a/apps/login/src/app/(login)/verify/page.tsx +++ b/apps/login/src/app/(login)/verify/page.tsx @@ -22,7 +22,7 @@ export default async function Page(props: { searchParams: Promise }) { const t = await getTranslations({ locale, namespace: "verify" }); const tError = await getTranslations({ locale, namespace: "error" }); - const { userId, loginName, code, organization, authRequestId, invite } = + const { userId, loginName, code, organization, requestId, invite } = searchParams; const _headers = await headers(); @@ -63,7 +63,7 @@ export default async function Page(props: { searchParams: Promise }) { userId: sessionFactors?.factors?.user?.id, urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` + - (authRequestId ? `&authRequestId=${authRequestId}` : ""), + (requestId ? `&requestId=${requestId}` : ""), }).catch((error) => { console.error("Could not resend verification email", error); throw Error("Failed to send verification email"); @@ -77,7 +77,7 @@ export default async function Page(props: { searchParams: Promise }) { userId, urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}/verify?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}&invite=true` + - (authRequestId ? `&authRequestId=${authRequestId}` : ""), + (requestId ? `&requestId=${requestId}` : ""), }).catch((error) => { console.error("Could not resend verification email", error); throw Error("Failed to send verification email"); @@ -120,8 +120,8 @@ export default async function Page(props: { searchParams: Promise }) { params.set("organization", organization); } - if (authRequestId) { - params.set("authRequestId", authRequestId); + if (requestId) { + params.set("requestId", requestId); } return ( @@ -165,7 +165,7 @@ export default async function Page(props: { searchParams: Promise }) { userId={id} loginName={loginName} organization={organization} - authRequestId={authRequestId} + requestId={requestId} authMethods={authMethods} /> ) : ( @@ -176,7 +176,7 @@ export default async function Page(props: { searchParams: Promise }) { userId={id} code={code} isInvite={invite === "true"} - authRequestId={authRequestId} + requestId={requestId} /> ))} diff --git a/apps/login/src/app/login/route.ts b/apps/login/src/app/login/route.ts index ad89312fcf1..adf76587236 100644 --- a/apps/login/src/app/login/route.ts +++ b/apps/login/src/app/login/route.ts @@ -126,11 +126,11 @@ export async function GET(request: NextRequest) { }); } - if (requestId) { + if (requestId && requestId.startsWith("oidc_")) { const { authRequest } = await getAuthRequest({ serviceUrl, serviceRegion, - authRequestId: requestId, + authRequestId: requestId.replace("oidc_", ""), }); let organization = ""; @@ -257,7 +257,7 @@ export async function GET(request: NextRequest) { try { let command: SendLoginnameCommand = { loginName: authRequest.loginHint, - authRequestId: authRequest.id, + requestId: authRequest.id, }; if (organization) { @@ -426,6 +426,8 @@ export async function GET(request: NextRequest) { return NextResponse.redirect(loginNameUrl); } + } else if (requestId && requestId.startsWith("saml_")) { + // handle saml request } else { return NextResponse.json( { error: "No authRequest nor samlRequest provided" }, diff --git a/apps/login/src/components/change-password-form.tsx b/apps/login/src/components/change-password-form.tsx index c581a40b8dd..54aab7b3ca2 100644 --- a/apps/login/src/components/change-password-form.tsx +++ b/apps/login/src/components/change-password-form.tsx @@ -35,7 +35,7 @@ type Props = { passwordComplexitySettings: PasswordComplexitySettings; sessionId: string; loginName: string; - authRequestId?: string; + requestId?: string; organization?: string; }; @@ -43,7 +43,7 @@ export function ChangePasswordForm({ passwordComplexitySettings, sessionId, loginName, - authRequestId, + requestId, organization, }: Props) { const t = useTranslations("password"); @@ -97,7 +97,7 @@ export function ChangePasswordForm({ checks: create(ChecksSchema, { password: { password: values.password }, }), - authRequestId, + requestId, }) .catch(() => { setError("Could not verify password"); diff --git a/apps/login/src/components/choose-second-factor-to-setup.tsx b/apps/login/src/components/choose-second-factor-to-setup.tsx index 1502d555a77..21f7aff8a67 100644 --- a/apps/login/src/components/choose-second-factor-to-setup.tsx +++ b/apps/login/src/components/choose-second-factor-to-setup.tsx @@ -10,7 +10,7 @@ import { EMAIL, SMS, TOTP, U2F } from "./auth-methods"; type Props = { loginName?: string; sessionId?: string; - authRequestId?: string; + requestId?: string; organization?: string; loginSettings: LoginSettings; userMethods: AuthenticationMethodType[]; @@ -22,7 +22,7 @@ type Props = { export function ChooseSecondFactorToSetup({ loginName, sessionId, - authRequestId, + requestId, organization, loginSettings, userMethods, @@ -38,8 +38,8 @@ export function ChooseSecondFactorToSetup({ if (sessionId) { params.append("sessionId", sessionId); } - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } if (organization) { params.append("organization", organization); diff --git a/apps/login/src/components/choose-second-factor.tsx b/apps/login/src/components/choose-second-factor.tsx index 3acf3e2214c..6cd890f11d6 100644 --- a/apps/login/src/components/choose-second-factor.tsx +++ b/apps/login/src/components/choose-second-factor.tsx @@ -6,7 +6,7 @@ import { EMAIL, SMS, TOTP, U2F } from "./auth-methods"; type Props = { loginName?: string; sessionId?: string; - authRequestId?: string; + requestId?: string; organization?: string; userMethods: AuthenticationMethodType[]; }; @@ -14,7 +14,7 @@ type Props = { export function ChooseSecondFactor({ loginName, sessionId, - authRequestId, + requestId, organization, userMethods, }: Props) { @@ -26,8 +26,8 @@ export function ChooseSecondFactor({ if (sessionId) { params.append("sessionId", sessionId); } - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } if (organization) { params.append("organization", organization); diff --git a/apps/login/src/components/idp-signin.tsx b/apps/login/src/components/idp-signin.tsx index c2f3fe40b3a..a7c938e90ce 100644 --- a/apps/login/src/components/idp-signin.tsx +++ b/apps/login/src/components/idp-signin.tsx @@ -13,13 +13,13 @@ type Props = { idpIntentId: string; idpIntentToken: string; }; - authRequestId?: string; + requestId?: string; }; export function IdpSignin({ userId, idpIntent: { idpIntentId, idpIntentToken }, - authRequestId, + requestId, }: Props) { const [loading, setLoading] = useState(true); const [error, setError] = useState(null); @@ -33,7 +33,7 @@ export function IdpSignin({ idpIntentId, idpIntentToken, }, - authRequestId, + requestId, }) .then((response) => { if (response && "error" in response && response?.error) { diff --git a/apps/login/src/components/idps/pages/linking-success.tsx b/apps/login/src/components/idps/pages/linking-success.tsx index 66098ed6ff0..f4faa8e1bfa 100644 --- a/apps/login/src/components/idps/pages/linking-success.tsx +++ b/apps/login/src/components/idps/pages/linking-success.tsx @@ -6,7 +6,7 @@ import { IdpSignin } from "../../idp-signin"; export async function linkingSuccess( userId: string, idpIntent: { idpIntentId: string; idpIntentToken: string }, - authRequestId?: string, + requestId?: string, branding?: BrandingSettings, ) { const locale = getLocale(); @@ -21,7 +21,7 @@ export async function linkingSuccess( diff --git a/apps/login/src/components/idps/pages/login-success.tsx b/apps/login/src/components/idps/pages/login-success.tsx index 3a9a371995c..6c884873f18 100644 --- a/apps/login/src/components/idps/pages/login-success.tsx +++ b/apps/login/src/components/idps/pages/login-success.tsx @@ -6,7 +6,7 @@ import { IdpSignin } from "../../idp-signin"; export async function loginSuccess( userId: string, idpIntent: { idpIntentId: string; idpIntentToken: string }, - authRequestId?: string, + requestId?: string, branding?: BrandingSettings, ) { const locale = getLocale(); @@ -21,7 +21,7 @@ export async function loginSuccess( diff --git a/apps/login/src/components/login-otp.tsx b/apps/login/src/components/login-otp.tsx index c5be74d2524..0829f003918 100644 --- a/apps/login/src/components/login-otp.tsx +++ b/apps/login/src/components/login-otp.tsx @@ -21,7 +21,7 @@ type Props = { host: string | null; loginName?: string; sessionId?: string; - authRequestId?: string; + requestId?: string; organization?: string; method: string; code?: string; @@ -36,7 +36,7 @@ export function LoginOTP({ host, loginName, sessionId, - authRequestId, + requestId, organization, method, code, @@ -85,7 +85,7 @@ export function LoginOTP({ ? { urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}/otp/${method}?code={{.Code}}&userId={{.UserID}}&sessionId={{.SessionID}}` + - (authRequestId ? `&authRequestId=${authRequestId}` : ""), + (requestId ? `&requestId=${requestId}` : ""), } : {}, }, @@ -105,7 +105,7 @@ export function LoginOTP({ sessionId, organization, challenges, - authRequestId, + requestId, }) .catch(() => { setError("Could not request OTP challenge"); @@ -135,8 +135,8 @@ export function LoginOTP({ body.organization = organization; } - if (authRequestId) { - body.authRequestId = authRequestId; + if (requestId) { + body.requestId = requestId; } let checks; @@ -162,7 +162,7 @@ export function LoginOTP({ sessionId, organization, checks, - authRequestId, + requestId, }) .catch(() => { setError("Could not verify OTP code"); @@ -188,11 +188,11 @@ export function LoginOTP({ await new Promise((resolve) => setTimeout(resolve, 2000)); const url = - authRequestId && response.sessionId + requestId && response.sessionId ? await getNextUrl( { sessionId: response.sessionId, - authRequestId: authRequestId, + requestId: requestId, organization: response.factors?.user?.organizationId, }, loginSettings?.defaultRedirectUri, diff --git a/apps/login/src/components/login-passkey.tsx b/apps/login/src/components/login-passkey.tsx index a5beae73967..b3f0b1212fc 100644 --- a/apps/login/src/components/login-passkey.tsx +++ b/apps/login/src/components/login-passkey.tsx @@ -21,7 +21,7 @@ import { Spinner } from "./spinner"; type Props = { loginName?: string; sessionId?: string; - authRequestId?: string; + requestId?: string; altPassword: boolean; login?: boolean; organization?: string; @@ -30,7 +30,7 @@ type Props = { export function LoginPasskey({ loginName, sessionId, - authRequestId, + requestId, altPassword, organization, login = true, @@ -96,7 +96,7 @@ export function LoginPasskey({ userVerificationRequirement, }, }), - authRequestId, + requestId, }) .catch(() => { setError("Could not request passkey challenge"); @@ -123,7 +123,7 @@ export function LoginPasskey({ checks: { webAuthN: { credentialAssertionData: data }, } as Checks, - authRequestId, + requestId, }) .catch(() => { setError("Could not verify passkey"); @@ -220,8 +220,8 @@ export function LoginPasskey({ params.sessionId = sessionId; } - if (authRequestId) { - params.authRequestId = authRequestId; + if (requestId) { + params.requestId = requestId; } if (organization) { diff --git a/apps/login/src/components/password-form.tsx b/apps/login/src/components/password-form.tsx index 2d623aa09e7..17461644d84 100644 --- a/apps/login/src/components/password-form.tsx +++ b/apps/login/src/components/password-form.tsx @@ -22,7 +22,7 @@ type Props = { loginSettings: LoginSettings | undefined; loginName: string; organization?: string; - authRequestId?: string; + requestId?: string; isAlternative?: boolean; // whether password was requested as alternative auth method promptPasswordless?: boolean; }; @@ -31,7 +31,7 @@ export function PasswordForm({ loginSettings, loginName, organization, - authRequestId, + requestId, promptPasswordless, isAlternative, }: Props) { @@ -58,7 +58,7 @@ export function PasswordForm({ checks: create(ChecksSchema, { password: { password: values.password }, }), - authRequestId, + requestId, }) .catch(() => { setError("Could not verify password"); @@ -86,7 +86,7 @@ export function PasswordForm({ const response = await resetPassword({ loginName, organization, - authRequestId, + requestId, }) .catch(() => { setError("Could not reset password"); @@ -111,8 +111,8 @@ export function PasswordForm({ params.append("organization", organization); } - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } return router.push("/password/set?" + params); diff --git a/apps/login/src/components/register-form.tsx b/apps/login/src/components/register-form.tsx index c336b836c4d..09e3f0b89b7 100644 --- a/apps/login/src/components/register-form.tsx +++ b/apps/login/src/components/register-form.tsx @@ -36,7 +36,7 @@ type Props = { lastname?: string; email?: string; organization?: string; - authRequestId?: string; + requestId?: string; loginSettings?: LoginSettings; }; @@ -46,7 +46,7 @@ export function RegisterForm({ firstname, lastname, organization, - authRequestId, + requestId, loginSettings, }: Props) { const t = useTranslations("register"); @@ -73,7 +73,7 @@ export function RegisterForm({ firstName: values.firstname, lastName: values.lastname, organization: organization, - authRequestId: authRequestId, + requestId: requestId, }) .catch(() => { setError("Could not register user"); @@ -105,8 +105,8 @@ export function RegisterForm({ registerParams.organization = organization; } - if (authRequestId) { - registerParams.authRequestId = authRequestId; + if (requestId) { + registerParams.requestId = requestId; } // redirect user to /register/password if password is chosen diff --git a/apps/login/src/components/register-passkey.tsx b/apps/login/src/components/register-passkey.tsx index e7371686783..163ab507b89 100644 --- a/apps/login/src/components/register-passkey.tsx +++ b/apps/login/src/components/register-passkey.tsx @@ -19,7 +19,7 @@ type Inputs = {}; type Props = { sessionId: string; isPrompt: boolean; - authRequestId?: string; + requestId?: string; organization?: string; }; @@ -27,7 +27,7 @@ export function RegisterPasskey({ sessionId, isPrompt, organization, - authRequestId, + requestId, }: Props) { const t = useTranslations("passkey"); @@ -161,8 +161,8 @@ export function RegisterPasskey({ params.set("organization", organization); } - if (authRequestId) { - params.set("authRequestId", authRequestId); + if (requestId) { + params.set("requestId", requestId); } params.set("sessionId", sessionId); diff --git a/apps/login/src/components/register-u2f.tsx b/apps/login/src/components/register-u2f.tsx index ba83de3627a..753eae017df 100644 --- a/apps/login/src/components/register-u2f.tsx +++ b/apps/login/src/components/register-u2f.tsx @@ -16,7 +16,7 @@ import { Spinner } from "./spinner"; type Props = { loginName?: string; sessionId: string; - authRequestId?: string; + requestId?: string; organization?: string; checkAfter: boolean; loginSettings?: LoginSettings; @@ -26,7 +26,7 @@ export function RegisterU2f({ loginName, sessionId, organization, - authRequestId, + requestId, checkAfter, loginSettings, }: Props) { @@ -166,18 +166,18 @@ export function RegisterU2f({ if (organization) { paramsToContinue.append("organization", organization); } - if (authRequestId) { - paramsToContinue.append("authRequestId", authRequestId); + if (requestId) { + paramsToContinue.append("requestId", requestId); } return router.push(`/u2f?` + paramsToContinue); } else { const url = - authRequestId && sessionId + requestId && sessionId ? await getNextUrl( { sessionId: sessionId, - authRequestId: authRequestId, + requestId: requestId, organization: organization, }, loginSettings?.defaultRedirectUri, diff --git a/apps/login/src/components/session-item.tsx b/apps/login/src/components/session-item.tsx index c3c28a03fd7..1274469f019 100644 --- a/apps/login/src/components/session-item.tsx +++ b/apps/login/src/components/session-item.tsx @@ -31,11 +31,11 @@ export function isSessionValid(session: Partial): { export function SessionItem({ session, reload, - authRequestId, + requestId, }: { session: Session; reload: () => void; - authRequestId?: string; + requestId?: string; }) { const [loading, setLoading] = useState(false); @@ -67,7 +67,7 @@ export function SessionItem({ if (valid && session?.factors?.user) { const resp = await continueWithSession({ ...session, - authRequestId: authRequestId, + requestId: requestId, }); if (resp?.redirect) { @@ -78,7 +78,7 @@ export function SessionItem({ const res = await sendLoginname({ loginName: session.factors?.user?.loginName, organization: session.factors.user.organizationId, - authRequestId: authRequestId, + requestId: requestId, }) .catch(() => { setError("An internal error occurred"); diff --git a/apps/login/src/components/sessions-list.tsx b/apps/login/src/components/sessions-list.tsx index 09393bae721..50f621a62dd 100644 --- a/apps/login/src/components/sessions-list.tsx +++ b/apps/login/src/components/sessions-list.tsx @@ -9,10 +9,10 @@ import { SessionItem } from "./session-item"; type Props = { sessions: Session[]; - authRequestId?: string; + requestId?: string; }; -export function SessionsList({ sessions, authRequestId }: Props) { +export function SessionsList({ sessions, requestId }: Props) { const t = useTranslations("accounts"); const [list, setList] = useState(sessions); return sessions ? ( @@ -34,7 +34,7 @@ export function SessionsList({ sessions, authRequestId }: Props) { return ( { setList(list.filter((s) => s.id !== session.id)); }} diff --git a/apps/login/src/components/set-password-form.tsx b/apps/login/src/components/set-password-form.tsx index ec6cf3cc6bd..08f5c7c4efc 100644 --- a/apps/login/src/components/set-password-form.tsx +++ b/apps/login/src/components/set-password-form.tsx @@ -39,14 +39,14 @@ type Props = { loginName: string; userId: string; organization?: string; - authRequestId?: string; + requestId?: string; codeRequired: boolean; }; export function SetPasswordForm({ passwordComplexitySettings, organization, - authRequestId, + requestId, loginName, userId, code, @@ -73,7 +73,7 @@ export function SetPasswordForm({ const response = await resetPassword({ loginName, organization, - authRequestId, + requestId, }) .catch(() => { setError("Could not reset password"); @@ -137,7 +137,7 @@ export function SetPasswordForm({ checks: create(ChecksSchema, { password: { password: values.password }, }), - authRequestId, + requestId, }) .catch(() => { setError("Could not verify password"); diff --git a/apps/login/src/components/set-register-password-form.tsx b/apps/login/src/components/set-register-password-form.tsx index 19bab38e10b..3f38a408d0c 100644 --- a/apps/login/src/components/set-register-password-form.tsx +++ b/apps/login/src/components/set-register-password-form.tsx @@ -32,7 +32,7 @@ type Props = { firstname: string; lastname: string; organization?: string; - authRequestId?: string; + requestId?: string; }; export function SetRegisterPasswordForm({ @@ -41,7 +41,7 @@ export function SetRegisterPasswordForm({ firstname, lastname, organization, - authRequestId, + requestId, }: Props) { const t = useTranslations("register"); @@ -66,7 +66,7 @@ export function SetRegisterPasswordForm({ firstName: firstname, lastName: lastname, organization: organization, - authRequestId: authRequestId, + requestId: requestId, password: values.password, }) .catch(() => { diff --git a/apps/login/src/components/sign-in-with-idp.tsx b/apps/login/src/components/sign-in-with-idp.tsx index 972f501cb11..5af58787599 100644 --- a/apps/login/src/components/sign-in-with-idp.tsx +++ b/apps/login/src/components/sign-in-with-idp.tsx @@ -20,14 +20,14 @@ import { SignInWithGoogle } from "./idps/sign-in-with-google"; export interface SignInWithIDPProps { children?: ReactNode; identityProviders: IdentityProvider[]; - authRequestId?: string; + requestId?: string; organization?: string; linkOnly?: boolean; } export function SignInWithIdp({ identityProviders, - authRequestId, + requestId, organization, linkOnly, }: Readonly) { @@ -40,7 +40,7 @@ export function SignInWithIdp({ setLoading(true); const params = new URLSearchParams(); if (linkOnly) params.set("link", "true"); - if (authRequestId) params.set("authRequestId", authRequestId); + if (requestId) params.set("requestId", requestId); if (organization) params.set("organization", organization); try { @@ -64,7 +64,7 @@ export function SignInWithIdp({ setLoading(false); } }, - [authRequestId, organization, linkOnly, router], + [requestId, organization, linkOnly, router], ); const renderIDPButton = (idp: IdentityProvider) => { diff --git a/apps/login/src/components/totp-register.tsx b/apps/login/src/components/totp-register.tsx index 40aa94a165a..b5c81d8645c 100644 --- a/apps/login/src/components/totp-register.tsx +++ b/apps/login/src/components/totp-register.tsx @@ -24,7 +24,7 @@ type Props = { secret: string; loginName?: string; sessionId?: string; - authRequestId?: string; + requestId?: string; organization?: string; checkAfter?: boolean; loginSettings?: LoginSettings; @@ -34,7 +34,7 @@ export function TotpRegister({ secret, loginName, sessionId, - authRequestId, + requestId, organization, checkAfter, loginSettings, @@ -63,8 +63,8 @@ export function TotpRegister({ if (loginName) { params.append("loginName", loginName); } - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } if (organization) { params.append("organization", organization); @@ -73,11 +73,11 @@ export function TotpRegister({ return router.push(`/otp/time-based?` + params); } else { const url = - authRequestId && sessionId + requestId && sessionId ? await getNextUrl( { sessionId: sessionId, - authRequestId: authRequestId, + requestId: requestId, organization: organization, }, loginSettings?.defaultRedirectUri, diff --git a/apps/login/src/components/user-avatar.tsx b/apps/login/src/components/user-avatar.tsx index b7644310eb3..f2aa0bfed7c 100644 --- a/apps/login/src/components/user-avatar.tsx +++ b/apps/login/src/components/user-avatar.tsx @@ -25,8 +25,8 @@ export function UserAvatar({ params.set("organization", searchParams.organization); } - if (searchParams?.authRequestId) { - params.set("authRequestId", searchParams.authRequestId); + if (searchParams?.requestId) { + params.set("requestId", searchParams.requestId); } if (searchParams?.loginName) { diff --git a/apps/login/src/components/username-form.tsx b/apps/login/src/components/username-form.tsx index 28193b451cb..6801f6b274c 100644 --- a/apps/login/src/components/username-form.tsx +++ b/apps/login/src/components/username-form.tsx @@ -18,7 +18,7 @@ type Inputs = { type Props = { loginName: string | undefined; - authRequestId: string | undefined; + requestId: string | undefined; loginSettings: LoginSettings | undefined; organization?: string; suffix?: string; @@ -29,7 +29,7 @@ type Props = { export function UsernameForm({ loginName, - authRequestId, + requestId, organization, suffix, loginSettings, @@ -56,7 +56,7 @@ export function UsernameForm({ const res = await sendLoginname({ loginName: values.loginName, organization, - authRequestId, + requestId, suffix, }) .catch(() => { @@ -117,8 +117,8 @@ export function UsernameForm({ if (organization) { registerParams.append("organization", organization); } - if (authRequestId) { - registerParams.append("authRequestId", authRequestId); + if (requestId) { + registerParams.append("requestId", requestId); } router.push("/register?" + registerParams); diff --git a/apps/login/src/components/verify-form.tsx b/apps/login/src/components/verify-form.tsx index 1982375ba16..e09642eecff 100644 --- a/apps/login/src/components/verify-form.tsx +++ b/apps/login/src/components/verify-form.tsx @@ -21,14 +21,14 @@ type Props = { organization?: string; code?: string; isInvite: boolean; - authRequestId?: string; + requestId?: string; }; export function VerifyForm({ userId, loginName, organization, - authRequestId, + requestId, code, isInvite, }: Props) { @@ -78,7 +78,7 @@ export function VerifyForm({ isInvite: isInvite, loginName: loginName, organization: organization, - authRequestId: authRequestId, + requestId: requestId, }) .catch(() => { setError("Could not verify user"); diff --git a/apps/login/src/components/verify-redirect-button.tsx b/apps/login/src/components/verify-redirect-button.tsx index 552e787ebc8..009dda3ffd8 100644 --- a/apps/login/src/components/verify-redirect-button.tsx +++ b/apps/login/src/components/verify-redirect-button.tsx @@ -15,13 +15,13 @@ import { Spinner } from "./spinner"; export function VerifyRedirectButton({ userId, loginName, - authRequestId, + requestId, authMethods, organization, }: { userId?: string; loginName?: string; - authRequestId: string; + requestId: string; authMethods: AuthenticationMethodType[] | null; organization?: string; }) { @@ -35,7 +35,7 @@ export function VerifyRedirectButton({ let command = { organization, - authRequestId, + requestId, } as SendVerificationRedirectWithoutCheckCommand; if (userId) { diff --git a/apps/login/src/lib/client.ts b/apps/login/src/lib/client.ts index 37d22dc83d7..953d66e7ee8 100644 --- a/apps/login/src/lib/client.ts +++ b/apps/login/src/lib/client.ts @@ -1,12 +1,12 @@ type FinishFlowCommand = | { sessionId: string; - authRequestId: string; + requestId: string; } | { loginName: string }; /** - * for client: redirects user back to OIDC application or to a success page when using authRequestId, check if a default redirect and redirect to it, or just redirect to a success page with the loginName + * for client: redirects user back to an OIDC or SAML application or to a success page when using requestId, check if a default redirect and redirect to it, or just redirect to a success page with the loginName * @param command * @returns */ @@ -14,10 +14,10 @@ export async function getNextUrl( command: FinishFlowCommand & { organization?: string }, defaultRedirectUri?: string, ): Promise { - if ("sessionId" in command && "authRequestId" in command) { + if ("sessionId" in command && "requestId" in command) { const params = new URLSearchParams({ sessionId: command.sessionId, - authRequest: command.authRequestId, + requestId: command.requestId, }); if (command.organization) { diff --git a/apps/login/src/lib/cookies.ts b/apps/login/src/lib/cookies.ts index 4d29b9e7d45..cf762b904f4 100644 --- a/apps/login/src/lib/cookies.ts +++ b/apps/login/src/lib/cookies.ts @@ -15,7 +15,7 @@ export type Cookie = { creationTs: string; expirationTs: string; changeTs: string; - authRequestId?: string; // if its linked to an OIDC flow + requestId?: string; // if its linked to an OIDC flow }; type SessionCookie = Cookie & T; diff --git a/apps/login/src/lib/oidc.ts b/apps/login/src/lib/oidc.ts index b7cca43d8c1..221c3549b8a 100644 --- a/apps/login/src/lib/oidc.ts +++ b/apps/login/src/lib/oidc.ts @@ -51,7 +51,7 @@ export async function loginWithOIDCandSession({ const command: SendLoginnameCommand = { loginName: selectedSession.factors.user?.loginName, organization: selectedSession.factors?.user?.organizationId, - authRequestId: authRequest, + requestId: `oidc_${authRequest}`, }; const res = await sendLoginname(command); diff --git a/apps/login/src/lib/saml.ts b/apps/login/src/lib/saml.ts index d06dd59ef1f..67e34c57b68 100644 --- a/apps/login/src/lib/saml.ts +++ b/apps/login/src/lib/saml.ts @@ -49,7 +49,7 @@ export async function loginWithSAMLandSession({ const command: SendLoginnameCommand = { loginName: selectedSession.factors.user?.loginName, organization: selectedSession.factors?.user?.organizationId, - authRequestId: samlRequest, + requestId: `saml_${samlRequest}`, }; const res = await sendLoginname(command); diff --git a/apps/login/src/lib/server/cookie.ts b/apps/login/src/lib/server/cookie.ts index 03a421674d1..b4d65723758 100644 --- a/apps/login/src/lib/server/cookie.ts +++ b/apps/login/src/lib/server/cookie.ts @@ -30,7 +30,7 @@ type CustomCookieData = { creationTs: string; expirationTs: string; changeTs: string; - authRequestId?: string; // if its linked to an OIDC flow + requestId?: string; // if its linked to an OIDC flow }; const passwordAttemptsHandler = (error: ConnectError) => { @@ -49,7 +49,7 @@ const passwordAttemptsHandler = (error: ConnectError) => { export async function createSessionAndUpdateCookie( checks: Checks, challenges: RequestChallenges | undefined, - authRequestId: string | undefined, + requestId: string | undefined, lifetime?: Duration, ): Promise { const _headers = await headers(); @@ -86,8 +86,8 @@ export async function createSessionAndUpdateCookie( loginName: response.session.factors.user.loginName ?? "", }; - if (authRequestId) { - sessionCookie.authRequestId = authRequestId; + if (requestId) { + sessionCookie.requestId = requestId; } if (response.session.factors.user.organizationId) { @@ -113,7 +113,7 @@ export async function createSessionForIdpAndUpdateCookie( idpIntentId?: string | undefined; idpIntentToken?: string | undefined; }, - authRequestId: string | undefined, + requestId: string | undefined, lifetime?: Duration, ): Promise { const _headers = await headers(); @@ -165,8 +165,8 @@ export async function createSessionForIdpAndUpdateCookie( organization: session.factors.user.organizationId ?? "", }; - if (authRequestId) { - sessionCookie.authRequestId = authRequestId; + if (requestId) { + sessionCookie.requestId = requestId; } if (session.factors.user.organizationId) { @@ -186,7 +186,7 @@ export async function setSessionAndUpdateCookie( recentCookie: CustomCookieData, checks?: Checks, challenges?: RequestChallenges, - authRequestId?: string, + requestId?: string, lifetime?: Duration, ) { const _headers = await headers(); @@ -216,8 +216,8 @@ export async function setSessionAndUpdateCookie( organization: recentCookie.organization, }; - if (authRequestId) { - sessionCookie.authRequestId = authRequestId; + if (requestId) { + sessionCookie.requestId = requestId; } return getSession({ @@ -241,8 +241,8 @@ export async function setSessionAndUpdateCookie( organization: session.factors?.user?.organizationId ?? "", }; - if (sessionCookie.authRequestId) { - newCookie.authRequestId = sessionCookie.authRequestId; + if (sessionCookie.requestId) { + newCookie.requestId = sessionCookie.requestId; } return updateSessionCookie(sessionCookie.id, newCookie).then(() => { diff --git a/apps/login/src/lib/server/idp.ts b/apps/login/src/lib/server/idp.ts index c12f518fd38..299da47681e 100644 --- a/apps/login/src/lib/server/idp.ts +++ b/apps/login/src/lib/server/idp.ts @@ -54,7 +54,7 @@ type CreateNewSessionCommand = { loginName?: string; password?: string; organization?: string; - authRequestId?: string; + requestId?: string; }; export async function createNewSessionFromIdpIntent( @@ -91,7 +91,7 @@ export async function createNewSessionFromIdpIntent( const session = await createSessionForIdpAndUpdateCookie( command.userId, command.idpIntent, - command.authRequestId, + command.requestId, loginSettings?.externalLoginCheckLifetime, ); @@ -109,7 +109,7 @@ export async function createNewSessionFromIdpIntent( session, humanUser, command.organization, - command.authRequestId, + command.requestId, ); if (emailVerificationCheck?.redirect) { @@ -117,16 +117,16 @@ export async function createNewSessionFromIdpIntent( } // TODO: check if user has MFA methods - // const mfaFactorCheck = checkMFAFactors(session, loginSettings, authMethods, organization, authRequestId); + // const mfaFactorCheck = checkMFAFactors(session, loginSettings, authMethods, organization, requestId); // if (mfaFactorCheck?.redirect) { // return mfaFactorCheck; // } const url = await getNextUrl( - command.authRequestId && session.id + command.requestId && session.id ? { sessionId: session.id, - authRequestId: command.authRequestId, + requestId: command.requestId, organization: session.factors.user.organizationId, } : { diff --git a/apps/login/src/lib/server/invite.ts b/apps/login/src/lib/server/invite.ts index 864c91540e4..e11858ce15b 100644 --- a/apps/login/src/lib/server/invite.ts +++ b/apps/login/src/lib/server/invite.ts @@ -11,7 +11,7 @@ type InviteUserCommand = { lastName: string; password?: string; organization?: string; - authRequestId?: string; + requestId?: string; }; export type RegisterUserResponse = { diff --git a/apps/login/src/lib/server/loginname.ts b/apps/login/src/lib/server/loginname.ts index 18070ab76cd..7d04f6e6a9b 100644 --- a/apps/login/src/lib/server/loginname.ts +++ b/apps/login/src/lib/server/loginname.ts @@ -25,7 +25,7 @@ import { createSessionAndUpdateCookie } from "./cookie"; export type SendLoginnameCommand = { loginName: string; - authRequestId?: string; + requestId?: string; organization?: string; suffix?: string; }; @@ -96,8 +96,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { const params = new URLSearchParams(); - if (command.authRequestId) { - params.set("authRequestId", command.authRequestId); + if (command.requestId) { + params.set("requestId", command.requestId); } if (command.organization) { @@ -161,8 +161,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { const params = new URLSearchParams(); - if (command.authRequestId) { - params.set("authRequestId", command.authRequestId); + if (command.requestId) { + params.set("requestId", command.requestId); } if (command.organization) { @@ -242,7 +242,7 @@ export async function sendLoginname(command: SendLoginnameCommand) { const session = await createSessionAndUpdateCookie( checks, undefined, - command.authRequestId, + command.requestId, ); if (!session.factors?.user?.id) { @@ -267,7 +267,7 @@ export async function sendLoginname(command: SendLoginnameCommand) { session, humanUser, session.factors.user.organizationId, - command.authRequestId, + command.requestId, ); if (inviteCheck?.redirect) { @@ -286,8 +286,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { ); } - if (command.authRequestId) { - paramsAuthenticatorSetup.append("authRequestId", command.authRequestId); + if (command.requestId) { + paramsAuthenticatorSetup.append("requestId", command.requestId); } return { redirect: "/authenticator/set?" + paramsAuthenticatorSetup }; @@ -315,8 +315,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { command.organization ?? session.factors?.user?.organizationId; } - if (command.authRequestId) { - paramsPassword.authRequestId = command.authRequestId; + if (command.requestId) { + paramsPassword.requestId = command.requestId; } return { @@ -332,8 +332,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { } const paramsPasskey: any = { loginName: command.loginName }; - if (command.authRequestId) { - paramsPasskey.authRequestId = command.authRequestId; + if (command.requestId) { + paramsPasskey.requestId = command.requestId; } if (command.organization || session.factors?.user?.organizationId) { @@ -351,8 +351,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { altPassword: `${methods.authMethodTypes.includes(1)}`, // show alternative password option }; - if (command.authRequestId) { - passkeyParams.authRequestId = command.authRequestId; + if (command.requestId) { + passkeyParams.requestId = command.requestId; } if (command.organization || session.factors?.user?.organizationId) { @@ -371,8 +371,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { // user has no passkey setup and login settings allow passkeys const paramsPasswordDefault: any = { loginName: command.loginName }; - if (command.authRequestId) { - paramsPasswordDefault.authRequestId = command.authRequestId; + if (command.requestId) { + paramsPasswordDefault.requestId = command.requestId; } if (command.organization || session.factors?.user?.organizationId) { @@ -435,8 +435,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { if (orgToRegisterOn && !loginSettingsByContext?.ignoreUnknownUsernames) { const params = new URLSearchParams({ organization: orgToRegisterOn }); - if (command.authRequestId) { - params.set("authRequestId", command.authRequestId); + if (command.requestId) { + params.set("requestId", command.requestId); } if (command.loginName) { @@ -452,8 +452,8 @@ export async function sendLoginname(command: SendLoginnameCommand) { loginName: command.loginName, }); - if (command.authRequestId) { - paramsPasswordDefault.append("authRequestId", command.authRequestId); + if (command.requestId) { + paramsPasswordDefault.append("requestId", command.requestId); } if (command.organization) { diff --git a/apps/login/src/lib/server/otp.ts b/apps/login/src/lib/server/otp.ts index 6d56d0c5385..323ea7f9073 100644 --- a/apps/login/src/lib/server/otp.ts +++ b/apps/login/src/lib/server/otp.ts @@ -20,7 +20,7 @@ export type SetOTPCommand = { loginName?: string; sessionId?: string; organization?: string; - authRequestId?: string; + requestId?: string; code: string; method: string; }; @@ -72,7 +72,7 @@ export async function setOTP(command: SetOTPCommand) { recentSession, checks, undefined, - command.authRequestId, + command.requestId, loginSettings?.secondFactorCheckLifetime, ).then((session) => { return { diff --git a/apps/login/src/lib/server/passkeys.ts b/apps/login/src/lib/server/passkeys.ts index 819f319bd47..87f15e6d6d2 100644 --- a/apps/login/src/lib/server/passkeys.ts +++ b/apps/login/src/lib/server/passkeys.ts @@ -139,12 +139,12 @@ type SendPasskeyCommand = { sessionId?: string; organization?: string; checks?: Checks; - authRequestId?: string; + requestId?: string; lifetime?: Duration; }; export async function sendPasskey(command: SendPasskeyCommand) { - let { loginName, sessionId, organization, checks, authRequestId } = command; + let { loginName, sessionId, organization, checks, requestId } = command; const recentSession = sessionId ? await getSessionCookieById({ sessionId }) : loginName @@ -176,7 +176,7 @@ export async function sendPasskey(command: SendPasskeyCommand) { recentSession, checks, undefined, - authRequestId, + requestId, lifetime, ); @@ -203,7 +203,7 @@ export async function sendPasskey(command: SendPasskeyCommand) { session, humanUser, organization, - authRequestId, + requestId, ); if (emailVerificationCheck?.redirect) { @@ -211,11 +211,11 @@ export async function sendPasskey(command: SendPasskeyCommand) { } const url = - authRequestId && session.id + requestId && session.id ? await getNextUrl( { sessionId: session.id, - authRequestId: authRequestId, + requestId: requestId, organization: organization, }, loginSettings?.defaultRedirectUri, diff --git a/apps/login/src/lib/server/password.ts b/apps/login/src/lib/server/password.ts index 9a464e22d89..23efc126f8d 100644 --- a/apps/login/src/lib/server/password.ts +++ b/apps/login/src/lib/server/password.ts @@ -42,7 +42,7 @@ import { type ResetPasswordCommand = { loginName: string; organization?: string; - authRequestId?: string; + requestId?: string; }; export async function resetPassword(command: ResetPasswordCommand) { @@ -76,7 +76,7 @@ export async function resetPassword(command: ResetPasswordCommand) { userId, urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` + - (command.authRequestId ? `&authRequestId=${command.authRequestId}` : ""), + (command.requestId ? `&requestId=${command.requestId}` : ""), }); } @@ -84,7 +84,7 @@ export type UpdateSessionCommand = { loginName: string; organization?: string; checks: Checks; - authRequestId?: string; + requestId?: string; }; export async function sendPassword(command: UpdateSessionCommand) { @@ -128,7 +128,7 @@ export async function sendPassword(command: UpdateSessionCommand) { session = await createSessionAndUpdateCookie( checks, undefined, - command.authRequestId, + command.requestId, loginSettings?.passwordCheckLifetime, ); } catch (error: any) { @@ -160,7 +160,7 @@ export async function sendPassword(command: UpdateSessionCommand) { sessionCookie, command.checks, undefined, - command.authRequestId, + command.requestId, loginSettings?.passwordCheckLifetime, ); } catch (error: any) { @@ -227,7 +227,7 @@ export async function sendPassword(command: UpdateSessionCommand) { session, humanUser, command.organization, - command.authRequestId, + command.requestId, ); if (passwordChangedCheck?.redirect) { @@ -244,7 +244,7 @@ export async function sendPassword(command: UpdateSessionCommand) { session, humanUser, command.organization, - command.authRequestId, + command.requestId, ); if (emailVerificationCheck?.redirect) { @@ -273,18 +273,18 @@ export async function sendPassword(command: UpdateSessionCommand) { loginSettings, authMethods, command.organization, - command.authRequestId, + command.requestId, ); if (mfaFactorCheck?.redirect) { return mfaFactorCheck; } - if (command.authRequestId && session.id) { + if (command.requestId && session.id) { const nextUrl = await getNextUrl( { sessionId: session.id, - authRequestId: command.authRequestId, + requestId: command.requestId, organization: command.organization ?? session.factors?.user?.organizationId, }, diff --git a/apps/login/src/lib/server/register.ts b/apps/login/src/lib/server/register.ts index 2a23af3073b..3adf3c5a0a0 100644 --- a/apps/login/src/lib/server/register.ts +++ b/apps/login/src/lib/server/register.ts @@ -19,7 +19,7 @@ type RegisterUserCommand = { lastName: string; password?: string; organization?: string; - authRequestId?: string; + requestId?: string; }; export type RegisterUserResponse = { @@ -72,7 +72,7 @@ export async function registerUser(command: RegisterUserCommand) { const session = await createSessionAndUpdateCookie( checks, undefined, - command.authRequestId, + command.requestId, command.password ? loginSettings?.passwordCheckLifetime : undefined, ); @@ -86,8 +86,8 @@ export async function registerUser(command: RegisterUserCommand) { organization: session.factors.user.organizationId, }); - if (command.authRequestId) { - params.append("authRequestId", command.authRequestId); + if (command.requestId) { + params.append("requestId", command.requestId); } return { redirect: "/passkey/set?" + params }; @@ -111,7 +111,7 @@ export async function registerUser(command: RegisterUserCommand) { session, humanUser, session.factors.user.organizationId, - command.authRequestId, + command.requestId, ); if (emailVerificationCheck?.redirect) { @@ -119,10 +119,10 @@ export async function registerUser(command: RegisterUserCommand) { } const url = await getNextUrl( - command.authRequestId && session.id + command.requestId && session.id ? { sessionId: session.id, - authRequestId: command.authRequestId, + requestId: command.requestId, organization: session.factors.user.organizationId, } : { diff --git a/apps/login/src/lib/server/session.ts b/apps/login/src/lib/server/session.ts index 7f71ec8f14d..f1c40e94bd5 100644 --- a/apps/login/src/lib/server/session.ts +++ b/apps/login/src/lib/server/session.ts @@ -21,9 +21,9 @@ import { import { getServiceUrlFromHeaders } from "../service"; export async function continueWithSession({ - authRequestId, + requestId, ...session -}: Session & { authRequestId?: string }) { +}: Session & { requestId?: string }) { const _headers = await headers(); const { serviceUrl, serviceRegion } = getServiceUrlFromHeaders(_headers); @@ -34,11 +34,11 @@ export async function continueWithSession({ }); const url = - authRequestId && session.id && session.factors?.user + requestId && session.id && session.factors?.user ? await getNextUrl( { sessionId: session.id, - authRequestId: authRequestId, + requestId: requestId, organization: session.factors.user.organizationId, }, loginSettings?.defaultRedirectUri, @@ -62,20 +62,14 @@ export type UpdateSessionCommand = { sessionId?: string; organization?: string; checks?: Checks; - authRequestId?: string; + requestId?: string; challenges?: RequestChallenges; lifetime?: Duration; }; export async function updateSession(options: UpdateSessionCommand) { - let { - loginName, - sessionId, - organization, - checks, - authRequestId, - challenges, - } = options; + let { loginName, sessionId, organization, checks, requestId, challenges } = + options; const recentSession = sessionId ? await getSessionCookieById({ sessionId }) : loginName @@ -123,7 +117,7 @@ export async function updateSession(options: UpdateSessionCommand) { recentSession, checks, challenges, - authRequestId, + requestId, lifetime, ); diff --git a/apps/login/src/lib/server/verify.ts b/apps/login/src/lib/server/verify.ts index 2ab94a92526..5a62a3948e4 100644 --- a/apps/login/src/lib/server/verify.ts +++ b/apps/login/src/lib/server/verify.ts @@ -59,7 +59,7 @@ type VerifyUserByEmailCommand = { organization?: string; code: string; isInvite: boolean; - authRequestId?: string; + requestId?: string; }; export async function sendVerification(command: VerifyUserByEmailCommand) { @@ -158,7 +158,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) { session = await createSessionAndUpdateCookie( checks, undefined, - command.authRequestId, + command.requestId, ); } @@ -212,7 +212,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) { loginSettings, authMethodResponse.authMethodTypes, command.organization, - command.authRequestId, + command.requestId, ); if (mfaFactorCheck?.redirect) { @@ -220,11 +220,11 @@ export async function sendVerification(command: VerifyUserByEmailCommand) { } // login user if no additional steps are required - if (command.authRequestId && session.id) { + if (command.requestId && session.id) { const nextUrl = await getNextUrl( { sessionId: session.id, - authRequestId: command.authRequestId, + requestId: command.requestId, organization: command.organization ?? session.factors?.user?.organizationId, }, @@ -248,7 +248,7 @@ export async function sendVerification(command: VerifyUserByEmailCommand) { type resendVerifyEmailCommand = { userId: string; isInvite: boolean; - authRequestId?: string; + requestId?: string; }; export async function resendVerification(command: resendVerifyEmailCommand) { @@ -268,9 +268,7 @@ export async function resendVerification(command: resendVerifyEmailCommand) { serviceRegion, urlTemplate: `${host.includes("localhost") ? "http://" : "https://"}${host}/password/set?code={{.Code}}&userId={{.UserID}}&organization={{.OrgID}}` + - (command.authRequestId - ? `&authRequestId=${command.authRequestId}` - : ""), + (command.requestId ? `&requestId=${command.requestId}` : ""), }); } @@ -292,7 +290,7 @@ export async function sendEmailCode(command: sendEmailCommand) { export type SendVerificationRedirectWithoutCheckCommand = { organization?: string; - authRequestId?: string; + requestId?: string; } & ( | { userId: string; loginName?: never } | { userId?: never; loginName: string } @@ -374,7 +372,7 @@ export async function sendVerificationRedirectWithoutCheck( session = await createSessionAndUpdateCookie( checks, undefined, - command.authRequestId, + command.requestId, ); } @@ -428,7 +426,7 @@ export async function sendVerificationRedirectWithoutCheck( loginSettings, authMethodResponse.authMethodTypes, command.organization, - command.authRequestId, + command.requestId, ); if (mfaFactorCheck?.redirect) { @@ -436,11 +434,11 @@ export async function sendVerificationRedirectWithoutCheck( } // login user if no additional steps are required - if (command.authRequestId && session.id) { + if (command.requestId && session.id) { const nextUrl = await getNextUrl( { sessionId: session.id, - authRequestId: command.authRequestId, + requestId: command.requestId, organization: command.organization ?? session.factors?.user?.organizationId, }, diff --git a/apps/login/src/lib/verify-helper.ts b/apps/login/src/lib/verify-helper.ts index 053d1cc71f4..e8afef6890f 100644 --- a/apps/login/src/lib/verify-helper.ts +++ b/apps/login/src/lib/verify-helper.ts @@ -11,7 +11,7 @@ export function checkPasswordChangeRequired( session: Session, humanUser: HumanUser | undefined, organization?: string, - authRequestId?: string, + requestId?: string, ) { let isOutdated = false; if (expirySettings?.maxAgeDays && humanUser?.passwordChanged) { @@ -35,8 +35,8 @@ export function checkPasswordChangeRequired( ); } - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } return { redirect: "/password/change?" + params }; @@ -47,7 +47,7 @@ export function checkInvite( session: Session, humanUser?: HumanUser, organization?: string, - authRequestId?: string, + requestId?: string, ) { if (!humanUser?.email?.isVerified) { const paramsVerify = new URLSearchParams({ @@ -63,8 +63,8 @@ export function checkInvite( ); } - if (authRequestId) { - paramsVerify.append("authRequestId", authRequestId); + if (requestId) { + paramsVerify.append("requestId", requestId); } return { redirect: "/verify?" + paramsVerify }; @@ -75,7 +75,7 @@ export function checkEmailVerification( session: Session, humanUser?: HumanUser, organization?: string, - authRequestId?: string, + requestId?: string, ) { if ( !humanUser?.email?.isVerified && @@ -85,8 +85,8 @@ export function checkEmailVerification( loginName: session.factors?.user?.loginName as string, }); - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } if (organization || session.factors?.user?.organizationId) { @@ -105,7 +105,7 @@ export function checkMFAFactors( loginSettings: LoginSettings | undefined, authMethods: AuthenticationMethodType[], organization?: string, - authRequestId?: string, + requestId?: string, ) { const availableMultiFactors = authMethods?.filter( (m: AuthenticationMethodType) => @@ -128,8 +128,8 @@ export function checkMFAFactors( loginName: session.factors?.user?.loginName as string, }); - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } if (organization || session.factors?.user?.organizationId) { @@ -155,8 +155,8 @@ export function checkMFAFactors( loginName: session.factors?.user?.loginName as string, }); - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } if (organization || session.factors?.user?.organizationId) { @@ -177,8 +177,8 @@ export function checkMFAFactors( checkAfter: "true", // this defines if the check is directly made after the setup }); - if (authRequestId) { - params.append("authRequestId", authRequestId); + if (requestId) { + params.append("requestId", requestId); } if (organization || session.factors?.user?.organizationId) { @@ -205,8 +205,8 @@ export function checkMFAFactors( // prompt: "true", // }); - // if (authRequestId) { - // params.append("authRequestId", authRequestId); + // if (requestId) { + // params.append("requestId", requestId); // } // if (organization) {