TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 15:07:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

recheck for valid user verification on /authenticator/set remove check on the /verify page itself

Browse Source
This commit is contained in:
Max Peintner
2025-05-23 10:55:53 +02:00
parent b393f36b6f
commit eea139eca6
4 changed files with 52 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
apps/login/src/app/(login)/authenticator/set/page.tsx
View File

@@ -7,6 +7,7 @@ import { UserAvatar } from "@/components/user-avatar";
import { getSessionCookieById } from "@/lib/cookies"; import { getSessionCookieById } from "@/lib/cookies";
import { getServiceUrlFromHeaders } from "@/lib/service-url"; import { getServiceUrlFromHeaders } from "@/lib/service-url";
import { loadMostRecentSession } from "@/lib/session"; import { loadMostRecentSession } from "@/lib/session";
import { checkUserVerification } from "@/lib/verify-helper";
import { import {
getActiveIdentityProviders, getActiveIdentityProviders,
getBrandingSettings, getBrandingSettings,
@@ -18,6 +19,7 @@ import {
import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb"; import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
import { getLocale, getTranslations } from "next-intl/server"; import { getLocale, getTranslations } from "next-intl/server";
import { headers } from "next/headers"; import { headers } from "next/headers";
import { redirect } from "next/navigation";
export default async function Page(props: { export default async function Page(props: {
searchParams: Promise<Record<string | number | symbol, string | undefined>>; searchParams: Promise<Record<string | number | symbol, string | undefined>>;
@@ -92,20 +94,49 @@ export default async function Page(props: {
}); });
} }
if (!sessionWithData) { if (
!sessionWithData ||
!sessionWithData.factors ||
!sessionWithData.factors.user
) {
return <Alert>{tError("unknownContext")}</Alert>; return <Alert>{tError("unknownContext")}</Alert>;
} }
const branding = await getBrandingSettings({ const branding = await getBrandingSettings({
serviceUrl, serviceUrl,
organization: sessionWithData.factors?.user?.organizationId, organization: sessionWithData.factors.user?.organizationId,
}); });
const loginSettings = await getLoginSettings({ const loginSettings = await getLoginSettings({
serviceUrl, serviceUrl,
organization: sessionWithData.factors?.user?.organizationId, organization: sessionWithData.factors.user?.organizationId,
}); });
// check if user was verified recently
const isUserVerified = await checkUserVerification(
sessionWithData.factors.user?.id,
);
if (!isUserVerified) {
const params = new URLSearchParams({
loginName: sessionWithData.factors.user.loginName as string,
send: "true", // set this to true to request a new code immediately
});
if (requestId) {
params.append("requestId", requestId);
}
if (organization || sessionWithData.factors.user.organizationId) {
params.append(
"organization",
organization ?? (sessionWithData.factors.user.organizationId as string),
);
}
redirect(`/verify?` + params);
}
const identityProviders = await getActiveIdentityProviders({ const identityProviders = await getActiveIdentityProviders({
serviceUrl, serviceUrl,
orgId: sessionWithData.factors?.user?.organizationId, orgId: sessionWithData.factors?.user?.organizationId,

5
apps/login/src/app/(login)/verify/page.tsx
View File

@@ -6,7 +6,6 @@ import { VerifyRedirectButton } from "@/components/verify-redirect-button";
import { sendEmailCode } from "@/lib/server/verify"; import { sendEmailCode } from "@/lib/server/verify";
import { getServiceUrlFromHeaders } from "@/lib/service-url"; import { getServiceUrlFromHeaders } from "@/lib/service-url";
import { loadMostRecentSession } from "@/lib/session"; import { loadMostRecentSession } from "@/lib/session";
import { checkUserVerification } from "@/lib/verify-helper";
import { import {
getBrandingSettings, getBrandingSettings,
getUserByID, getUserByID,
@@ -112,8 +111,6 @@ export default async function Page(props: { searchParams: Promise<any> }) {
} }
} }
const hasValidUserVerificationCheck = await checkUserVerification(id);
const params = new URLSearchParams({ const params = new URLSearchParams({
userId: userId, userId: userId,
initial: "true", // defines that a code is not required and is therefore not shown in the UI initial: "true", // defines that a code is not required and is therefore not shown in the UI
@@ -172,7 +169,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
)} )}
{/* show a button to setup auth method for the user otherwise show the UI for reverifying */} {/* show a button to setup auth method for the user otherwise show the UI for reverifying */}
{human?.email?.isVerified && hasValidUserVerificationCheck ? ( {human?.email?.isVerified ? (
// show page for already verified users // show page for already verified users
<VerifyRedirectButton <VerifyRedirectButton
userId={id} userId={id}

14
apps/login/src/components/verify-redirect-button.tsx
View File

@@ -6,6 +6,7 @@ import {
} from "@/lib/server/verify"; } from "@/lib/server/verify";
import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb"; import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
import { useTranslations } from "next-intl"; import { useTranslations } from "next-intl";
import { useRouter } from "next/navigation";
import { useState } from "react"; import { useState } from "react";
import { Alert, AlertType } from "./alert"; import { Alert, AlertType } from "./alert";
import { BackButton } from "./back-button"; import { BackButton } from "./back-button";
@@ -29,6 +30,7 @@ export function VerifyRedirectButton({
const [error, setError] = useState<string>(""); const [error, setError] = useState<string>("");
const [loading, setLoading] = useState<boolean>(false); const [loading, setLoading] = useState<boolean>(false);
const router = useRouter();
async function submitAndContinue(): Promise<boolean | void> { async function submitAndContinue(): Promise<boolean | void> {
setLoading(true); setLoading(true);
@@ -50,7 +52,7 @@ export function VerifyRedirectButton({
} as SendVerificationRedirectWithoutCheckCommand; } as SendVerificationRedirectWithoutCheckCommand;
} }
await sendVerificationRedirectWithoutCheck(command) const response = await sendVerificationRedirectWithoutCheck(command)
.catch(() => { .catch(() => {
setError("Could not verify"); setError("Could not verify");
return; return;
@@ -58,6 +60,16 @@ export function VerifyRedirectButton({
.finally(() => { .finally(() => {
setLoading(false); setLoading(false);
}); });
if (response && "error" in response && response.error) {
setError(response.error);
return;
}
if (response && "redirect" in response && response.redirect) {
router.push(response.redirect);
return true;
}
} }
return ( return (

6
apps/login/src/lib/server/verify.ts
View File

@@ -71,14 +71,16 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
serviceUrl, serviceUrl,
userId: command.userId, userId: command.userId,
verificationCode: command.code, verificationCode: command.code,
}).catch(() => { }).catch((error) => {
console.warn(error);
return { error: "Could not verify invite" }; return { error: "Could not verify invite" };
}) })
: await verifyEmail({ : await verifyEmail({
serviceUrl, serviceUrl,
userId: command.userId, userId: command.userId,
verificationCode: command.code, verificationCode: command.code,
}).catch(() => { }).catch((error) => {
console.warn(error);
return { error: "Could not verify email" }; return { error: "Could not verify email" };
}); });