recheck for valid user verification on /authenticator/set remove check on the /verify page itself

2025-08-12 15:07:32 +00:00 · 2025-05-23 10:55:53 +02:00
parent b393f36b6f
commit eea139eca6
4 changed files with 52 additions and 10 deletions
--- a/apps/login/src/app/(login)/authenticator/set/page.tsx
+++ b/apps/login/src/app/(login)/authenticator/set/page.tsx
@@ -7,6 +7,7 @@ import { UserAvatar } from "@/components/user-avatar";
 import { getSessionCookieById } from "@/lib/cookies";
 import { getServiceUrlFromHeaders } from "@/lib/service-url";
 import { loadMostRecentSession } from "@/lib/session";
+import { checkUserVerification } from "@/lib/verify-helper";
 import {
  getActiveIdentityProviders,
  getBrandingSettings,
@@ -18,6 +19,7 @@ import {
 import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
 import { getLocale, getTranslations } from "next-intl/server";
 import { headers } from "next/headers";
+import { redirect } from "next/navigation";

 export default async function Page(props: {
  searchParams: Promise<Record<string | number | symbol, string | undefined>>;
@@ -92,20 +94,49 @@ export default async function Page(props: {
    });
  }

-  if (!sessionWithData) {
+  if (
+    !sessionWithData ||
+    !sessionWithData.factors ||
+    !sessionWithData.factors.user
+  ) {
    return <Alert>{tError("unknownContext")}</Alert>;
  }

  const branding = await getBrandingSettings({
    serviceUrl,
-    organization: sessionWithData.factors?.user?.organizationId,
+    organization: sessionWithData.factors.user?.organizationId,
  });

  const loginSettings = await getLoginSettings({
    serviceUrl,
-    organization: sessionWithData.factors?.user?.organizationId,
+    organization: sessionWithData.factors.user?.organizationId,
  });

+  // check if user was verified recently
+  const isUserVerified = await checkUserVerification(
+    sessionWithData.factors.user?.id,
+  );
+
+  if (!isUserVerified) {
+    const params = new URLSearchParams({
+      loginName: sessionWithData.factors.user.loginName as string,
+      send: "true", // set this to true to request a new code immediately
+    });
+
+    if (requestId) {
+      params.append("requestId", requestId);
+    }
+
+    if (organization || sessionWithData.factors.user.organizationId) {
+      params.append(
+        "organization",
+        organization ?? (sessionWithData.factors.user.organizationId as string),
+      );
+    }
+
+    redirect(`/verify?` + params);
+  }
+
  const identityProviders = await getActiveIdentityProviders({
    serviceUrl,
    orgId: sessionWithData.factors?.user?.organizationId,
--- a/apps/login/src/app/(login)/verify/page.tsx
+++ b/apps/login/src/app/(login)/verify/page.tsx
@@ -6,7 +6,6 @@ import { VerifyRedirectButton } from "@/components/verify-redirect-button";
 import { sendEmailCode } from "@/lib/server/verify";
 import { getServiceUrlFromHeaders } from "@/lib/service-url";
 import { loadMostRecentSession } from "@/lib/session";
-import { checkUserVerification } from "@/lib/verify-helper";
 import {
  getBrandingSettings,
  getUserByID,
@@ -112,8 +111,6 @@ export default async function Page(props: { searchParams: Promise<any> }) {
    }
  }

-  const hasValidUserVerificationCheck = await checkUserVerification(id);
-
  const params = new URLSearchParams({
    userId: userId,
    initial: "true", // defines that a code is not required and is therefore not shown in the UI
@@ -172,7 +169,7 @@ export default async function Page(props: { searchParams: Promise<any> }) {
        )}

        {/* show a button to setup auth method for the user otherwise show the UI for reverifying */}
-        {human?.email?.isVerified && hasValidUserVerificationCheck ? (
+        {human?.email?.isVerified ? (
          // show page for already verified users
          <VerifyRedirectButton
            userId={id}
--- a/apps/login/src/components/verify-redirect-button.tsx
+++ b/apps/login/src/components/verify-redirect-button.tsx
@@ -6,6 +6,7 @@ import {
 } from "@/lib/server/verify";
 import { AuthenticationMethodType } from "@zitadel/proto/zitadel/user/v2/user_service_pb";
 import { useTranslations } from "next-intl";
+import { useRouter } from "next/navigation";
 import { useState } from "react";
 import { Alert, AlertType } from "./alert";
 import { BackButton } from "./back-button";
@@ -29,6 +30,7 @@ export function VerifyRedirectButton({
  const [error, setError] = useState<string>("");

  const [loading, setLoading] = useState<boolean>(false);
+  const router = useRouter();

  async function submitAndContinue(): Promise<boolean | void> {
    setLoading(true);
@@ -50,7 +52,7 @@ export function VerifyRedirectButton({
      } as SendVerificationRedirectWithoutCheckCommand;
    }

-    await sendVerificationRedirectWithoutCheck(command)
+    const response = await sendVerificationRedirectWithoutCheck(command)
      .catch(() => {
        setError("Could not verify");
        return;
@@ -58,6 +60,16 @@ export function VerifyRedirectButton({
      .finally(() => {
        setLoading(false);
      });
+
+    if (response && "error" in response && response.error) {
+      setError(response.error);
+      return;
+    }
+
+    if (response && "redirect" in response && response.redirect) {
+      router.push(response.redirect);
+      return true;
+    }
  }

  return (
--- a/apps/login/src/lib/server/verify.ts
+++ b/apps/login/src/lib/server/verify.ts
@@ -71,14 +71,16 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
        serviceUrl,
        userId: command.userId,
        verificationCode: command.code,
-      }).catch(() => {
+      }).catch((error) => {
+        console.warn(error);
        return { error: "Could not verify invite" };
      })
    : await verifyEmail({
        serviceUrl,
        userId: command.userId,
        verificationCode: command.code,
-      }).catch(() => {
+      }).catch((error) => {
+        console.warn(error);
        return { error: "Could not verify email" };
      });