verify check, mfa check response

zitadel · Dec 23, 2024 · 2951b61 · 2951b61
1 parent 670ed71
commit 2951b61
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 8 deletions.
diff --git a/apps/login/src/lib/server/idp.ts b/apps/login/src/lib/server/idp.ts
@@ -98,7 +98,10 @@ export async function createNewSessionFromIdpIntent(
   }
 
   // TODO: check if user has MFA methods
-  // checkMFAFactors(session, loginSettings, authMethods, organization, authRequestId);
+  // const mfaFactorCheck = checkMFAFactors(session, loginSettings, authMethods, organization, authRequestId);
+  // if (mfaFactorCheck?.redirect) {
+  //   return mfaFactorCheck;
+  // }
 
   const url = await getNextUrl(
     command.authRequestId && session.id

diff --git a/apps/login/src/lib/server/password.ts b/apps/login/src/lib/server/password.ts
@@ -185,14 +185,18 @@ export async function sendPassword(command: UpdateSessionCommand) {
     return { error: "Could not verify password!" };
   }
 
-  checkMFAFactors(
+  const mfaFactorCheck = checkMFAFactors(
     session,
     loginSettings,
     authMethods,
     command.organization,
     command.authRequestId,
   );
 
+  if (mfaFactorCheck?.redirect) {
+    return mfaFactorCheck;
+  }
+
   if (command.authRequestId && session.id) {
     const nextUrl = await getNextUrl(
       {

diff --git a/apps/login/src/lib/server/register.ts b/apps/login/src/lib/server/register.ts
@@ -1,14 +1,15 @@
 "use server";
 
 import { createSessionAndUpdateCookie } from "@/lib/server/cookie";
-import { addHumanUser, getLoginSettings } from "@/lib/zitadel";
+import { addHumanUser, getLoginSettings, getUserByID } from "@/lib/zitadel";
 import { create } from "@zitadel/client";
 import { Factors } from "@zitadel/proto/zitadel/session/v2/session_pb";
 import {
   ChecksJson,
   ChecksSchema,
 } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
 import { getNextUrl } from "../client";
+import { checkEmailVerification } from "../verify-helper";
 
 type RegisterUserCommand = {
   email: string;
@@ -25,22 +26,22 @@ export type RegisterUserResponse = {
   factors: Factors | undefined;
 };
 export async function registerUser(command: RegisterUserCommand) {
-  const human = await addHumanUser({
+  const addResponse = await addHumanUser({
     email: command.email,
     firstName: command.firstName,
     lastName: command.lastName,
     password: command.password ? command.password : undefined,
     organization: command.organization,
   });
 
-  if (!human) {
+  if (!addResponse) {
     return { error: "Could not create user" };
   }
 
   const loginSettings = await getLoginSettings(command.organization);
 
   let checkPayload: any = {
-    user: { search: { case: "userId", value: human.userId } },
+    user: { search: { case: "userId", value: addResponse.userId } },
   };
 
   if (command.password) {
@@ -75,6 +76,28 @@ export async function registerUser(command: RegisterUserCommand) {
 
     return { redirect: "/passkey/set?" + params };
   } else {
+    const userResponse = await getUserByID(session?.factors?.user?.id);
+
+    if (!userResponse.user) {
+      return { error: "Could not find user" };
+    }
+
+    const humanUser =
+      userResponse.user.type.case === "human"
+        ? userResponse.user.type.value
+        : undefined;
+
+    const emailVerificationCheck = checkEmailVerification(
+      session,
+      humanUser,
+      session.factors.user.organizationId,
+      command.authRequestId,
+    );
+
+    if (emailVerificationCheck?.redirect) {
+      return emailVerificationCheck;
+    }
+
     const url = await getNextUrl(
       command.authRequestId && session.id
         ? {

diff --git a/apps/login/src/lib/server/verify.ts b/apps/login/src/lib/server/verify.ts
@@ -139,14 +139,18 @@ export async function sendVerification(command: VerifyUserByEmailCommand) {
   }
 
   // redirect to mfa factor if user has one, or redirect to set one up
-  checkMFAFactors(
+  const mfaFactorCheck = checkMFAFactors(
     session,
     loginSettings,
     authMethodResponse.authMethodTypes,
     command.organization,
     command.authRequestId,
   );
 
+  if (mfaFactorCheck?.redirect) {
+    return mfaFactorCheck;
+  }
+
   // login user if no additional steps are required
   if (command.authRequestId && session.id) {
     const nextUrl = await getNextUrl(
@@ -299,14 +303,18 @@ export async function sendVerificationRedirectWithoutCheck(
   const loginSettings = await getLoginSettings(user.details?.resourceOwner);
 
   // redirect to mfa factor if user has one, or redirect to set one up
-  checkMFAFactors(
+  const mfaFactorCheck = checkMFAFactors(
     session,
     loginSettings,
     authMethodResponse.authMethodTypes,
     command.organization,
     command.authRequestId,
   );
 
+  if (mfaFactorCheck?.redirect) {
+    return mfaFactorCheck;
+  }
+
   // login user if no additional steps are required
   if (command.authRequestId && session.id) {
     const nextUrl = await getNextUrl(