Skip to content

fix(login): handle LDAP IDP mapping and nullable SSR settings#12217

Open
axellpadilla wants to merge 5 commits into
zitadel:mainfrom
axellpadilla:fix/login-ldap-idp-mapping-12210
Open

fix(login): handle LDAP IDP mapping and nullable SSR settings#12217
axellpadilla wants to merge 5 commits into
zitadel:mainfrom
axellpadilla:fix/login-ldap-idp-mapping-12210

Conversation

@axellpadilla

@axellpadilla axellpadilla commented May 30, 2026

Copy link
Copy Markdown

Which Problems Are Solved

  • Login V2 could crash in the username-driven login flow when a user had an LDAP IDP link, because idpTypeToIdentityProviderType() did not map IDP_TYPE_LDAP.
  • Login SSR could crash when cached settings helpers returned undefined, because lru-cache treats a raw undefined result from fetchMethod as a fetch failure.
  • SSR language/i18n bootstrap and iframe-origin security settings handling expected nullable/optional results inconsistently.

How the Problems Are Solved

  • Add LDAP mapping from IDP_TYPE_LDAP to IdentityProviderType.LDAP.
  • Box undefined values inside PromiseCache before storing them in lru-cache, then unwrap them on read.
  • Preserve the getIframeOrigins() contract by normalizing cached undefined values to null.
  • Guard login layout and i18n bootstrap against omitted general settings.
  • Normalize omitted settings responses with nullish coalescing in the ZITADEL settings helpers.

Tests

  • Added regression coverage for LDAP IDP type mapping.
  • Added regression coverage for cached undefined values in PromiseCache.
  • Added regression coverage for omitted branding and hosted-login translation settings.

Security Notes

  • No new credential handling, redirect construction, or authorization bypass path is introduced.
  • Iframe-origin behavior remains fail-closed to null when settings are missing, disabled, empty, or cannot be fetched.

Closes #12210, Closes #12221

fix(cache): handle undefined results in PromiseCache
fix(security): ensure proper handling of fetch results in getIframeOrigins
test: add unit tests for Zitadel settings helpers
@vercel

vercel Bot commented May 30, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment May 30, 2026 9:54pm

Request Review

@vercel

vercel Bot commented May 30, 2026

Copy link
Copy Markdown

@axellpadilla is attempting to deploy a commit to the zitadel Team on Vercel.

A member of the Team first needs to authorize it.

@hifabienne hifabienne added the os-contribution This is a contribution from our open-source community label May 30, 2026
@nx-cloud

nx-cloud Bot commented May 30, 2026

Copy link
Copy Markdown

View your CI Pipeline Execution ↗ for commit ed5048b

Command Status Duration Result
nx run @zitadel/docs:build ✅ Succeeded 6m 52s View ↗

☁️ Nx Cloud last updated this comment at 2026-05-30 21:46:50 UTC

@axellpadilla axellpadilla changed the title fix(idp): add LDAP type mapping and update related functions fix(login): handle LDAP IDP mapping and nullable SSR settings May 30, 2026
@axellpadilla axellpadilla marked this pull request as ready for review May 30, 2026 20:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

os-contribution This is a contribution from our open-source community

Projects

Status: Inbox
Status: No status

Development

Successfully merging this pull request may close these issues.

[Bug]: Login V2 uses wrong IDP type when initiating scoped provider flow [Bug]: Login V2 crashes for LDAP-linked users and omitted SSR settings

3 participants