diff --git a/apps/login/src/components/login-passkey.tsx b/apps/login/src/components/login-passkey.tsx index 2f1cd53363..bf1ae01207 100644 --- a/apps/login/src/components/login-passkey.tsx +++ b/apps/login/src/components/login-passkey.tsx @@ -3,7 +3,7 @@ import { coerceToArrayBuffer, coerceToBase64Url } from "@/helpers/base64"; import { getNextUrl } from "@/lib/client"; import { updateSession } from "@/lib/server/session"; -import { create } from "@zitadel/client"; +import { create, JsonObject } from "@zitadel/client"; import { RequestChallengesSchema, UserVerificationRequirement, @@ -118,7 +118,7 @@ export function LoginPasskey({ return session; } - async function submitLogin(data: any) { + async function submitLogin(data: JsonObject) { setLoading(true); const response = await updateSession({ loginName, diff --git a/apps/login/src/lib/server/password.ts b/apps/login/src/lib/server/password.ts index d766b05746..f35f71b6d9 100644 --- a/apps/login/src/lib/server/password.ts +++ b/apps/login/src/lib/server/password.ts @@ -30,7 +30,7 @@ import { import { headers } from "next/headers"; import { getNextUrl } from "../client"; import { getSessionCookieById, getSessionCookieByLoginName } from "../cookies"; -import { checkMFAFactors } from "../verify-helper"; +import { checkEmailVerification, checkMFAFactors } from "../verify-helper"; type ResetPasswordCommand = { loginName: string; @@ -135,21 +135,6 @@ export async function sendPassword(command: UpdateSessionCommand) { return { error: "Could not create session for user" }; } - // if password, check if user has MFA methods - let authMethods; - if (command.checks && command.checks.password && session.factors?.user?.id) { - const response = await listAuthenticationMethodTypes( - session.factors.user.id, - ); - if (response.authMethodTypes && response.authMethodTypes.length) { - authMethods = response.authMethodTypes; - } - } - - if (!authMethods || !session.factors?.user?.loginName) { - return { error: "Could not verify password!" }; - } - const humanUser = user.type.case === "human" ? user.type.value : undefined; // check if the user has to change password first @@ -175,28 +160,28 @@ export async function sendPassword(command: UpdateSessionCommand) { return { error: "Initial User not supported" }; } - // add check to see if user was verified - if ( - !humanUser?.email?.isVerified && - process.env.EMAIL_VERIFICATION === "true" - ) { - const params = new URLSearchParams({ - loginName: session.factors?.user?.loginName as string, - }); + // check to see if user was verified - if (command.authRequestId) { - params.append("authRequestId", command.authRequestId); + checkEmailVerification( + session, + humanUser, + command.organization, + command.authRequestId, + ); + + // if password, check if user has MFA methods + let authMethods; + if (command.checks && command.checks.password && session.factors?.user?.id) { + const response = await listAuthenticationMethodTypes( + session.factors.user.id, + ); + if (response.authMethodTypes && response.authMethodTypes.length) { + authMethods = response.authMethodTypes; } + } - if (command.organization || session.factors?.user?.organizationId) { - params.append( - "organization", - command.organization ?? - (session.factors?.user?.organizationId as string), - ); - } - - return { redirect: `/verify?` + params }; + if (!authMethods) { + return { error: "Could not verify password!" }; } checkMFAFactors( diff --git a/apps/login/src/lib/verify-helper.ts b/apps/login/src/lib/verify-helper.ts index 010ed18362..02a940f160 100644 --- a/apps/login/src/lib/verify-helper.ts +++ b/apps/login/src/lib/verify-helper.ts @@ -1,7 +1,37 @@ import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb"; import { LoginSettings } from "@zitadel/proto/zitadel/settings/v2/login_settings_pb"; +import { HumanUser } from "@zitadel/proto/zitadel/user/v2/user_pb"; import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb"; +export function checkEmailVerification( + session: Session, + humanUser?: HumanUser, + organization?: string, + authRequestId?: string, +) { + if ( + !humanUser?.email?.isVerified && + process.env.EMAIL_VERIFICATION === "true" + ) { + const params = new URLSearchParams({ + loginName: session.factors?.user?.loginName as string, + }); + + if (authRequestId) { + params.append("authRequestId", authRequestId); + } + + if (organization || session.factors?.user?.organizationId) { + params.append( + "organization", + organization ?? (session.factors?.user?.organizationId as string), + ); + } + + return { redirect: `/verify?` + params }; + } +} + export function checkMFAFactors( session: Session, loginSettings: LoginSettings | undefined, diff --git a/packages/zitadel-client/src/index.ts b/packages/zitadel-client/src/index.ts index 7cf14163bf..64c3af5050 100644 --- a/packages/zitadel-client/src/index.ts +++ b/packages/zitadel-client/src/index.ts @@ -3,5 +3,6 @@ export { NewAuthorizationBearerInterceptor } from "./interceptors"; // TODO: Move this to `./protobuf.ts` and export it from there export { create, fromJson, toJson } from "@bufbuild/protobuf"; +export type { JsonObject } from "@bufbuild/protobuf"; export { TimestampSchema, timestampDate, timestampFromDate, timestampFromMs, timestampMs } from "@bufbuild/protobuf/wkt"; export type { Duration, Timestamp } from "@bufbuild/protobuf/wkt";