zitadel/internal/auth/repository/eventsourcing/eventstore
Livio Spring f20539ef8f
fix(login): make sure first email verification is done before MFA check (#9039)
# Which Problems Are Solved

During authentication in the login UI, there is a check if the user's
MFA is already checked or needs to be setup.
In cases where the user was just set up or especially, if the user was
just federated without a verified email address, this can lead to the
problem, where OTP Email cannot be setup as there's no verified email
address.

# How the Problems Are Solved

- Added a check if there's no verified email address on the user and
require a mail verification check before checking for MFA.
Note: that if the user had a verified email address, but changed it and
has not verified it, they will still be prompted with an MFA check
before the email verification. This is make sure, we don't break the
existing behavior and the user's authentication is properly checked.

# Additional Changes

None

# Additional Context

- closes https://github.com/zitadel/zitadel/issues/9035
2024-12-13 11:37:20 +00:00
..
auth_request_test.go fix(login): make sure first email verification is done before MFA check (#9039) 2024-12-13 11:37:20 +00:00
auth_request.go fix(login): make sure first email verification is done before MFA check (#9039) 2024-12-13 11:37:20 +00:00
org.go feat(eventstore): increase parallel write capabilities (#5940) 2023-10-19 12:19:10 +02:00
refresh_token.go fix: reduce eventual consistency (#7075) 2023-12-14 11:07:47 +01:00
token.go chore(oidc): add additional spans to userinfo code paths (#7749) 2024-04-10 17:05:13 +02:00
user_session.go feat(oidc): end session by id_token_hint and without cookie (#8542) 2024-09-04 10:14:50 +00:00
user.go feat(OIDC): add back channel logout (#8837) 2024-10-31 15:57:17 +01:00