@ackplus/nest-auth 1.1.18 → 1.1.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/lib/admin-console/static/index.html +697 -177
- package/src/lib/audit/services/audit.service.d.ts +15 -0
- package/src/lib/audit/services/audit.service.d.ts.map +1 -0
- package/src/lib/audit/services/audit.service.js +143 -0
- package/src/lib/auth/controllers/auth.controller.d.ts +1 -1
- package/src/lib/auth/controllers/mfa.controller.js +5 -5
- package/src/lib/auth/dto/responses/mfa-status.response.dto.d.ts +2 -2
- package/src/lib/auth/dto/responses/mfa-status.response.dto.d.ts.map +1 -1
- package/src/lib/auth/dto/responses/mfa-status.response.dto.js +5 -5
- package/src/lib/auth/events/index.d.ts +13 -0
- package/src/lib/auth/events/index.d.ts.map +1 -0
- package/src/lib/auth/events/index.js +15 -0
- package/src/lib/auth/events/user-2fa-disabled.event.d.ts +10 -0
- package/src/lib/auth/events/user-2fa-disabled.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-2fa-disabled.event.js +12 -0
- package/src/lib/auth/events/user-2fa-enabled.event.d.ts +13 -0
- package/src/lib/auth/events/user-2fa-enabled.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-2fa-enabled.event.js +15 -0
- package/src/lib/auth/events/user-password-changed.event.d.ts +12 -0
- package/src/lib/auth/events/user-password-changed.event.d.ts.map +1 -0
- package/src/lib/auth/events/user-password-changed.event.js +15 -0
- package/src/lib/auth/guards/auth.guard.d.ts +19 -1
- package/src/lib/auth/guards/auth.guard.d.ts.map +1 -1
- package/src/lib/auth/guards/auth.guard.js +113 -25
- package/src/lib/auth/services/auth.service.d.ts +10 -6
- package/src/lib/auth/services/auth.service.d.ts.map +1 -1
- package/src/lib/auth/services/auth.service.js +313 -133
- package/src/lib/auth/services/mfa.service.d.ts +1 -1
- package/src/lib/auth/services/mfa.service.d.ts.map +1 -1
- package/src/lib/auth/services/mfa.service.js +46 -10
- package/src/lib/auth.constants.d.ts +181 -8
- package/src/lib/auth.constants.d.ts.map +1 -1
- package/src/lib/auth.constants.js +142 -10
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts +170 -0
- package/src/lib/core/interfaces/auth-module-options.interface.d.ts.map +1 -1
- package/src/lib/core/interfaces/session-options.interface.d.ts +52 -0
- package/src/lib/core/interfaces/session-options.interface.d.ts.map +1 -1
- package/src/lib/core/interfaces/token-payload.interface.d.ts +14 -6
- package/src/lib/core/interfaces/token-payload.interface.d.ts.map +1 -1
- package/src/lib/core/services/auth-config.service.js +1 -1
- package/src/lib/nest-auth.module.d.ts.map +1 -1
- package/src/lib/nest-auth.module.js +5 -2
- package/src/lib/session/services/session-manager.service.d.ts +6 -6
- package/src/lib/session/services/session-manager.service.d.ts.map +1 -1
- package/src/lib/session/services/session-manager.service.js +54 -21
- package/src/lib/user/entities/user.entity.d.ts.map +1 -1
- package/src/lib/user/entities/user.entity.js +19 -0
- package/src/lib/user/services/user.service.d.ts +8 -6
- package/src/lib/user/services/user.service.d.ts.map +1 -1
- package/src/lib/user/services/user.service.js +51 -46
|
@@ -11,8 +11,8 @@ export declare class MfaService {
|
|
|
11
11
|
private otpRepository;
|
|
12
12
|
private trustedDeviceRepository;
|
|
13
13
|
private eventEmitter;
|
|
14
|
-
mfaConfig: MFAOptions;
|
|
15
14
|
constructor(mfaSecretRepository: Repository<NestAuthMFASecret>, userRepository: Repository<NestAuthUser>, otpRepository: Repository<NestAuthOTP>, trustedDeviceRepository: Repository<NestAuthTrustedDevice>, eventEmitter: EventEmitter2);
|
|
15
|
+
get mfaConfig(): MFAOptions;
|
|
16
16
|
requireMfaEnabledForApp(throwError?: boolean): boolean;
|
|
17
17
|
private checkIsMfaEnabledForApp;
|
|
18
18
|
getVerifiedMethods(userId: string): Promise<MFAMethodEnum[]>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/services/mfa.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAY,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAG1E,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,6CAA6C,CAAC;
|
|
1
|
+
{"version":3,"file":"mfa.service.d.ts","sourceRoot":"","sources":["../../../../../../../packages/nest-auth/src/lib/auth/services/mfa.service.ts"],"names":[],"mappings":"AAEA,OAAO,EAAY,UAAU,EAAE,MAAM,SAAS,CAAC;AAC/C,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAG1E,OAAO,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,6CAA6C,CAAC;AAKxF,OAAO,EAAE,YAAY,EAAE,MAAM,iCAAiC,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAK7D,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAEtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mCAAmC,CAAC;AAM1E,qBACa,UAAU;IAIf,OAAO,CAAC,mBAAmB;IAG3B,OAAO,CAAC,cAAc;IAGtB,OAAO,CAAC,aAAa;IAGrB,OAAO,CAAC,uBAAuB;IAE/B,OAAO,CAAC,YAAY;gBAXZ,mBAAmB,EAAE,UAAU,CAAC,iBAAiB,CAAC,EAGlD,cAAc,EAAE,UAAU,CAAC,YAAY,CAAC,EAGxC,aAAa,EAAE,UAAU,CAAC,WAAW,CAAC,EAGtC,uBAAuB,EAAE,UAAU,CAAC,qBAAqB,CAAC,EAE1D,YAAY,EAAE,aAAa;IAGvC,IAAI,SAAS,IAAI,UAAU,CAE1B;IAED,uBAAuB,CAAC,UAAU,GAAE,OAAc;IAalD,OAAO,CAAC,uBAAuB;IAIzB,kBAAkB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAiC5D,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,EAAE,CAAC;IAmC3D,WAAW,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAyDpE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAwDpF,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC;IAqBjG,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA6BnF,cAAc,CAAC,MAAM,EAAE,MAAM;;;;;;;;IAmB7B,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAM7C,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAgB/C,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAW9C,cAAc,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ/D,SAAS,CAAC,MAAM,EAAE,MAAM;IAgCxB,UAAU,CAAC,MAAM,EAAE,MAAM;IAsBzB,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAMjD,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAUrD,QAAQ,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;IA6B1E,mBAAmB,IAAI,aAAa,EAAE;IAOhC,eAAe,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAajD,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkB1F,qBAAqB,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;CAiB/E"}
|
|
@@ -17,10 +17,11 @@ const otp_1 = require("../../utils/otp");
|
|
|
17
17
|
const ms_1 = tslib_1.__importDefault(require("ms"));
|
|
18
18
|
const auth_config_service_1 = require("../../core/services/auth-config.service");
|
|
19
19
|
const event_emitter_1 = require("@nestjs/event-emitter");
|
|
20
|
-
const auth_constants_2 = require("../../auth.constants");
|
|
21
20
|
const two_factor_code_sent_event_1 = require("../events/two-factor-code-sent.event");
|
|
22
21
|
const trusted_device_entity_1 = require("../entities/trusted-device.entity");
|
|
23
22
|
const crypto_1 = require("crypto");
|
|
23
|
+
const user_2fa_enabled_event_1 = require("../events/user-2fa-enabled.event");
|
|
24
|
+
const user_2fa_disabled_event_1 = require("../events/user-2fa-disabled.event");
|
|
24
25
|
let MfaService = class MfaService {
|
|
25
26
|
constructor(mfaSecretRepository, userRepository, otpRepository, trustedDeviceRepository, eventEmitter) {
|
|
26
27
|
this.mfaSecretRepository = mfaSecretRepository;
|
|
@@ -28,12 +29,17 @@ let MfaService = class MfaService {
|
|
|
28
29
|
this.otpRepository = otpRepository;
|
|
29
30
|
this.trustedDeviceRepository = trustedDeviceRepository;
|
|
30
31
|
this.eventEmitter = eventEmitter;
|
|
31
|
-
|
|
32
|
+
}
|
|
33
|
+
get mfaConfig() {
|
|
34
|
+
return auth_config_service_1.AuthConfigService.getOptions().mfa || {};
|
|
32
35
|
}
|
|
33
36
|
requireMfaEnabledForApp(throwError = true) {
|
|
34
37
|
if (!this.mfaConfig.enabled) {
|
|
35
38
|
if (throwError) {
|
|
36
|
-
throw new common_1.ForbiddenException(
|
|
39
|
+
throw new common_1.ForbiddenException({
|
|
40
|
+
message: 'MFA is not enabled for the application',
|
|
41
|
+
code: auth_constants_1.ERROR_CODES.MFA_NOT_ENABLED,
|
|
42
|
+
});
|
|
37
43
|
}
|
|
38
44
|
return false;
|
|
39
45
|
}
|
|
@@ -96,7 +102,15 @@ let MfaService = class MfaService {
|
|
|
96
102
|
}
|
|
97
103
|
async sendMfaCode(userId, method) {
|
|
98
104
|
this.requireMfaEnabledForApp(true);
|
|
99
|
-
const
|
|
105
|
+
const options = auth_config_service_1.AuthConfigService.getOptions();
|
|
106
|
+
let code;
|
|
107
|
+
// Apply otp.generate hook if configured
|
|
108
|
+
if (options.otp?.generate) {
|
|
109
|
+
code = await options.otp.generate(this.mfaConfig.otpLength);
|
|
110
|
+
}
|
|
111
|
+
else {
|
|
112
|
+
code = (0, otp_1.generateOtp)(this.mfaConfig.otpLength);
|
|
113
|
+
}
|
|
100
114
|
let expiresAtMs;
|
|
101
115
|
if (typeof this.mfaConfig.otpExpiresIn === 'string') {
|
|
102
116
|
expiresAtMs = (0, ms_1.default)(this.mfaConfig.otpExpiresIn); // example: '15m', '1h', '1d'
|
|
@@ -122,7 +136,7 @@ let MfaService = class MfaService {
|
|
|
122
136
|
if (method === mfa_options_interface_1.MFAMethodEnum.EMAIL || method === mfa_options_interface_1.MFAMethodEnum.SMS) {
|
|
123
137
|
const user = await this.userRepository.findOne({ where: { id: userId } });
|
|
124
138
|
if (user) {
|
|
125
|
-
await this.eventEmitter.emitAsync(
|
|
139
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_CODE_SENT, new two_factor_code_sent_event_1.TwoFactorCodeSentEvent({
|
|
126
140
|
user,
|
|
127
141
|
tenantId: user.tenantId,
|
|
128
142
|
method,
|
|
@@ -263,20 +277,42 @@ let MfaService = class MfaService {
|
|
|
263
277
|
async enableMFA(userId) {
|
|
264
278
|
this.requireMfaEnabledForApp(true);
|
|
265
279
|
if (!this.mfaConfig.allowUserToggle) {
|
|
266
|
-
throw new
|
|
280
|
+
throw new common_1.ForbiddenException({
|
|
281
|
+
message: 'MFA toggling is not allowed',
|
|
282
|
+
code: auth_constants_1.ERROR_CODES.MFA_TOGGLING_NOT_ALLOWED,
|
|
283
|
+
});
|
|
267
284
|
}
|
|
268
285
|
const verifiedMethods = await this.getVerifiedMethods(userId);
|
|
269
286
|
if (verifiedMethods.length === 0) {
|
|
270
|
-
throw new common_1.ForbiddenException(
|
|
287
|
+
throw new common_1.ForbiddenException({
|
|
288
|
+
message: 'Cannot enable MFA without at least one verified method',
|
|
289
|
+
code: auth_constants_1.ERROR_CODES.MFA_CANNOT_ENABLE_WITHOUT_METHOD,
|
|
290
|
+
});
|
|
271
291
|
}
|
|
272
292
|
await this.userRepository.update(userId, { isMfaEnabled: true });
|
|
293
|
+
const user = await this.userRepository.findOne({ where: { id: userId } });
|
|
294
|
+
if (user) {
|
|
295
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_ENABLED, new user_2fa_enabled_event_1.User2faEnabledEvent({
|
|
296
|
+
user,
|
|
297
|
+
method: verifiedMethods[0] // Default to first verified method
|
|
298
|
+
}));
|
|
299
|
+
}
|
|
273
300
|
}
|
|
274
301
|
async disableMFA(userId) {
|
|
275
302
|
this.checkIsMfaEnabledForApp(true);
|
|
276
303
|
if (!this.mfaConfig.allowUserToggle) {
|
|
277
|
-
throw new
|
|
304
|
+
throw new common_1.ForbiddenException({
|
|
305
|
+
message: 'MFA toggling is not allowed',
|
|
306
|
+
code: auth_constants_1.ERROR_CODES.MFA_TOGGLING_NOT_ALLOWED,
|
|
307
|
+
});
|
|
278
308
|
}
|
|
279
309
|
await this.userRepository.update(userId, { isMfaEnabled: false });
|
|
310
|
+
const user = await this.userRepository.findOne({ where: { id: userId } });
|
|
311
|
+
if (user) {
|
|
312
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_DISABLED, new user_2fa_disabled_event_1.User2faDisabledEvent({
|
|
313
|
+
user
|
|
314
|
+
}));
|
|
315
|
+
}
|
|
280
316
|
}
|
|
281
317
|
async removeTotpDevice(deviceId) {
|
|
282
318
|
this.checkIsMfaEnabledForApp(true);
|
|
@@ -296,7 +332,7 @@ let MfaService = class MfaService {
|
|
|
296
332
|
if (!user) {
|
|
297
333
|
throw new common_1.UnauthorizedException({
|
|
298
334
|
message: 'User not found',
|
|
299
|
-
code: auth_constants_1.
|
|
335
|
+
code: auth_constants_1.ERROR_CODES.USER_NOT_FOUND
|
|
300
336
|
});
|
|
301
337
|
}
|
|
302
338
|
if (user.mfaRecoveryCode === code) {
|
|
@@ -310,7 +346,7 @@ let MfaService = class MfaService {
|
|
|
310
346
|
}
|
|
311
347
|
throw new common_1.UnauthorizedException({
|
|
312
348
|
message: 'Invalid recovery code',
|
|
313
|
-
code: auth_constants_1.
|
|
349
|
+
code: auth_constants_1.ERROR_CODES.MFA_RECOVERY_CODE_INVALID
|
|
314
350
|
});
|
|
315
351
|
}
|
|
316
352
|
getAvailableMethods() {
|
|
@@ -7,14 +7,184 @@ export declare const APPLE_AUTH_PROVIDER = "apple";
|
|
|
7
7
|
export declare const GITHUB_AUTH_PROVIDER = "github";
|
|
8
8
|
export declare const EMAIL_AUTH_PROVIDER = "email";
|
|
9
9
|
export declare const PHONE_AUTH_PROVIDER = "phone";
|
|
10
|
-
export declare const
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
10
|
+
export declare const AUTH_ERROR_CODES: {
|
|
11
|
+
readonly REGISTRATION_DISABLED: "REGISTRATION_DISABLED";
|
|
12
|
+
readonly EMAIL_ALREADY_EXISTS: "EMAIL_ALREADY_EXISTS";
|
|
13
|
+
readonly PHONE_ALREADY_EXISTS: "PHONE_ALREADY_EXISTS";
|
|
14
|
+
readonly PROVIDER_NOT_FOUND: "PROVIDER_NOT_FOUND";
|
|
15
|
+
readonly INVALID_CREDENTIALS: "INVALID_CREDENTIALS";
|
|
16
|
+
readonly INVALID_PROVIDER: "INVALID_PROVIDER";
|
|
17
|
+
readonly MISSING_REQUIRED_FIELDS: "MISSING_REQUIRED_FIELDS";
|
|
18
|
+
readonly USER_NOT_FOUND: "USER_NOT_FOUND";
|
|
19
|
+
readonly ACCOUNT_SUSPENDED: "ACCOUNT_SUSPENDED";
|
|
20
|
+
readonly ACCOUNT_INACTIVE: "ACCOUNT_INACTIVE";
|
|
21
|
+
readonly EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED";
|
|
22
|
+
readonly CURRENT_PASSWORD_INCORRECT: "CURRENT_PASSWORD_INCORRECT";
|
|
23
|
+
readonly NEW_PASSWORD_SAME_AS_CURRENT: "NEW_PASSWORD_SAME_AS_CURRENT";
|
|
24
|
+
readonly PASSWORD_RESET_INVALID_REQUEST: "PASSWORD_RESET_INVALID_REQUEST";
|
|
25
|
+
readonly PASSWORD_RESET_TOKEN_INVALID: "PASSWORD_RESET_TOKEN_INVALID";
|
|
26
|
+
readonly PASSWORD_RESET_TOKEN_EXPIRED: "PASSWORD_RESET_TOKEN_EXPIRED";
|
|
27
|
+
readonly REFRESH_TOKEN_INVALID: "REFRESH_TOKEN_INVALID";
|
|
28
|
+
readonly REFRESH_TOKEN_EXPIRED: "REFRESH_TOKEN_EXPIRED";
|
|
29
|
+
readonly INVALID_TOKEN: "INVALID_TOKEN";
|
|
30
|
+
readonly TOKEN_EXPIRED: "TOKEN_EXPIRED";
|
|
31
|
+
readonly EMAIL_ALREADY_VERIFIED: "EMAIL_ALREADY_VERIFIED";
|
|
32
|
+
readonly VERIFICATION_CODE_INVALID: "VERIFICATION_CODE_INVALID";
|
|
33
|
+
readonly VERIFICATION_CODE_EXPIRED: "VERIFICATION_CODE_EXPIRED";
|
|
34
|
+
readonly NO_EMAIL_ADDRESS: "NO_EMAIL_ADDRESS";
|
|
35
|
+
readonly NO_PHONE_NUMBER: "NO_PHONE_NUMBER";
|
|
36
|
+
};
|
|
37
|
+
export declare const MFA_ERROR_CODES: {
|
|
38
|
+
readonly MFA_NOT_ENABLED: "MFA_NOT_ENABLED";
|
|
39
|
+
readonly MFA_REQUIRED: "MFA_REQUIRED";
|
|
40
|
+
readonly MFA_CODE_INVALID: "MFA_CODE_INVALID";
|
|
41
|
+
readonly MFA_CODE_EXPIRED: "MFA_CODE_EXPIRED";
|
|
42
|
+
readonly MFA_METHOD_NOT_AVAILABLE: "MFA_METHOD_NOT_AVAILABLE";
|
|
43
|
+
readonly MFA_TOGGLING_NOT_ALLOWED: "MFA_TOGGLING_NOT_ALLOWED";
|
|
44
|
+
readonly MFA_CANNOT_ENABLE_WITHOUT_METHOD: "MFA_CANNOT_ENABLE_WITHOUT_METHOD";
|
|
45
|
+
readonly MFA_RECOVERY_CODE_INVALID: "MFA_RECOVERY_CODE_INVALID";
|
|
46
|
+
readonly TOTP_SETUP_FAILED: "TOTP_SETUP_FAILED";
|
|
47
|
+
readonly TOTP_VERIFICATION_FAILED: "TOTP_VERIFICATION_FAILED";
|
|
48
|
+
};
|
|
49
|
+
export declare const SESSION_ERROR_CODES: {
|
|
50
|
+
readonly SESSION_NOT_FOUND: "SESSION_NOT_FOUND";
|
|
51
|
+
readonly SESSION_EXPIRED: "SESSION_EXPIRED";
|
|
52
|
+
readonly SESSION_INVALID: "SESSION_INVALID";
|
|
53
|
+
readonly MAX_SESSIONS_REACHED: "MAX_SESSIONS_REACHED";
|
|
54
|
+
};
|
|
55
|
+
export declare const GUARD_ERROR_CODES: {
|
|
56
|
+
readonly NO_AUTH_PROVIDED: "NO_AUTH_PROVIDED";
|
|
57
|
+
readonly INVALID_AUTH_FORMAT: "INVALID_AUTH_FORMAT";
|
|
58
|
+
readonly INVALID_AUTH_TYPE: "INVALID_AUTH_TYPE";
|
|
59
|
+
readonly UNAUTHORIZED: "UNAUTHORIZED";
|
|
60
|
+
readonly ACCESS_DENIED: "ACCESS_DENIED";
|
|
61
|
+
readonly FORBIDDEN: "FORBIDDEN";
|
|
62
|
+
readonly NO_ROLES_ASSIGNED: "NO_ROLES_ASSIGNED";
|
|
63
|
+
readonly MISSING_REQUIRED_ROLES: "MISSING_REQUIRED_ROLES";
|
|
64
|
+
readonly MISSING_REQUIRED_PERMISSIONS: "MISSING_REQUIRED_PERMISSIONS";
|
|
65
|
+
};
|
|
66
|
+
export declare const API_KEY_ERROR_CODES: {
|
|
67
|
+
readonly INVALID_API_KEY_FORMAT: "INVALID_API_KEY_FORMAT";
|
|
68
|
+
readonly INVALID_API_KEY: "INVALID_API_KEY";
|
|
69
|
+
readonly API_KEY_EXPIRED: "API_KEY_EXPIRED";
|
|
70
|
+
readonly API_KEY_DEACTIVATED: "API_KEY_DEACTIVATED";
|
|
71
|
+
readonly API_KEY_NOT_FOUND: "API_KEY_NOT_FOUND";
|
|
72
|
+
};
|
|
73
|
+
export declare const VALIDATION_ERROR_CODES: {
|
|
74
|
+
readonly EMAIL_OR_PHONE_REQUIRED: "EMAIL_OR_PHONE_REQUIRED";
|
|
75
|
+
readonly TENANT_ID_REQUIRED: "TENANT_ID_REQUIRED";
|
|
76
|
+
readonly INVALID_INPUT: "INVALID_INPUT";
|
|
77
|
+
readonly MISSING_REQUIRED_FIELD: "MISSING_REQUIRED_FIELD";
|
|
78
|
+
readonly INVALID_EMAIL_FORMAT: "INVALID_EMAIL_FORMAT";
|
|
79
|
+
readonly INVALID_PHONE_FORMAT: "INVALID_PHONE_FORMAT";
|
|
80
|
+
};
|
|
81
|
+
export declare const OTP_ERROR_CODES: {
|
|
82
|
+
readonly OTP_INVALID: "OTP_INVALID";
|
|
83
|
+
readonly OTP_EXPIRED: "OTP_EXPIRED";
|
|
84
|
+
readonly OTP_ALREADY_USED: "OTP_ALREADY_USED";
|
|
85
|
+
readonly OTP_NOT_FOUND: "OTP_NOT_FOUND";
|
|
86
|
+
};
|
|
87
|
+
export declare const USER_ERROR_CODES: {
|
|
88
|
+
readonly USER_NOT_FOUND: "USER_NOT_FOUND";
|
|
89
|
+
readonly USER_ALREADY_EXISTS: "USER_ALREADY_EXISTS";
|
|
90
|
+
readonly USER_CREATION_FAILED: "USER_CREATION_FAILED";
|
|
91
|
+
readonly USER_UPDATE_FAILED: "USER_UPDATE_FAILED";
|
|
92
|
+
readonly USER_DELETION_FAILED: "USER_DELETION_FAILED";
|
|
93
|
+
};
|
|
94
|
+
export declare const TENANT_ERROR_CODES: {
|
|
95
|
+
readonly TENANT_NOT_FOUND: "TENANT_NOT_FOUND";
|
|
96
|
+
readonly TENANT_ALREADY_EXISTS: "TENANT_ALREADY_EXISTS";
|
|
97
|
+
readonly INVALID_TENANT: "INVALID_TENANT";
|
|
98
|
+
};
|
|
99
|
+
export declare const ERROR_CODES: {
|
|
100
|
+
readonly TENANT_NOT_FOUND: "TENANT_NOT_FOUND";
|
|
101
|
+
readonly TENANT_ALREADY_EXISTS: "TENANT_ALREADY_EXISTS";
|
|
102
|
+
readonly INVALID_TENANT: "INVALID_TENANT";
|
|
103
|
+
readonly USER_NOT_FOUND: "USER_NOT_FOUND";
|
|
104
|
+
readonly USER_ALREADY_EXISTS: "USER_ALREADY_EXISTS";
|
|
105
|
+
readonly USER_CREATION_FAILED: "USER_CREATION_FAILED";
|
|
106
|
+
readonly USER_UPDATE_FAILED: "USER_UPDATE_FAILED";
|
|
107
|
+
readonly USER_DELETION_FAILED: "USER_DELETION_FAILED";
|
|
108
|
+
readonly OTP_INVALID: "OTP_INVALID";
|
|
109
|
+
readonly OTP_EXPIRED: "OTP_EXPIRED";
|
|
110
|
+
readonly OTP_ALREADY_USED: "OTP_ALREADY_USED";
|
|
111
|
+
readonly OTP_NOT_FOUND: "OTP_NOT_FOUND";
|
|
112
|
+
readonly EMAIL_OR_PHONE_REQUIRED: "EMAIL_OR_PHONE_REQUIRED";
|
|
113
|
+
readonly TENANT_ID_REQUIRED: "TENANT_ID_REQUIRED";
|
|
114
|
+
readonly INVALID_INPUT: "INVALID_INPUT";
|
|
115
|
+
readonly MISSING_REQUIRED_FIELD: "MISSING_REQUIRED_FIELD";
|
|
116
|
+
readonly INVALID_EMAIL_FORMAT: "INVALID_EMAIL_FORMAT";
|
|
117
|
+
readonly INVALID_PHONE_FORMAT: "INVALID_PHONE_FORMAT";
|
|
118
|
+
readonly INVALID_API_KEY_FORMAT: "INVALID_API_KEY_FORMAT";
|
|
119
|
+
readonly INVALID_API_KEY: "INVALID_API_KEY";
|
|
120
|
+
readonly API_KEY_EXPIRED: "API_KEY_EXPIRED";
|
|
121
|
+
readonly API_KEY_DEACTIVATED: "API_KEY_DEACTIVATED";
|
|
122
|
+
readonly API_KEY_NOT_FOUND: "API_KEY_NOT_FOUND";
|
|
123
|
+
readonly NO_AUTH_PROVIDED: "NO_AUTH_PROVIDED";
|
|
124
|
+
readonly INVALID_AUTH_FORMAT: "INVALID_AUTH_FORMAT";
|
|
125
|
+
readonly INVALID_AUTH_TYPE: "INVALID_AUTH_TYPE";
|
|
126
|
+
readonly UNAUTHORIZED: "UNAUTHORIZED";
|
|
127
|
+
readonly ACCESS_DENIED: "ACCESS_DENIED";
|
|
128
|
+
readonly FORBIDDEN: "FORBIDDEN";
|
|
129
|
+
readonly NO_ROLES_ASSIGNED: "NO_ROLES_ASSIGNED";
|
|
130
|
+
readonly MISSING_REQUIRED_ROLES: "MISSING_REQUIRED_ROLES";
|
|
131
|
+
readonly MISSING_REQUIRED_PERMISSIONS: "MISSING_REQUIRED_PERMISSIONS";
|
|
132
|
+
readonly SESSION_NOT_FOUND: "SESSION_NOT_FOUND";
|
|
133
|
+
readonly SESSION_EXPIRED: "SESSION_EXPIRED";
|
|
134
|
+
readonly SESSION_INVALID: "SESSION_INVALID";
|
|
135
|
+
readonly MAX_SESSIONS_REACHED: "MAX_SESSIONS_REACHED";
|
|
136
|
+
readonly MFA_NOT_ENABLED: "MFA_NOT_ENABLED";
|
|
137
|
+
readonly MFA_REQUIRED: "MFA_REQUIRED";
|
|
138
|
+
readonly MFA_CODE_INVALID: "MFA_CODE_INVALID";
|
|
139
|
+
readonly MFA_CODE_EXPIRED: "MFA_CODE_EXPIRED";
|
|
140
|
+
readonly MFA_METHOD_NOT_AVAILABLE: "MFA_METHOD_NOT_AVAILABLE";
|
|
141
|
+
readonly MFA_TOGGLING_NOT_ALLOWED: "MFA_TOGGLING_NOT_ALLOWED";
|
|
142
|
+
readonly MFA_CANNOT_ENABLE_WITHOUT_METHOD: "MFA_CANNOT_ENABLE_WITHOUT_METHOD";
|
|
143
|
+
readonly MFA_RECOVERY_CODE_INVALID: "MFA_RECOVERY_CODE_INVALID";
|
|
144
|
+
readonly TOTP_SETUP_FAILED: "TOTP_SETUP_FAILED";
|
|
145
|
+
readonly TOTP_VERIFICATION_FAILED: "TOTP_VERIFICATION_FAILED";
|
|
146
|
+
readonly REGISTRATION_DISABLED: "REGISTRATION_DISABLED";
|
|
147
|
+
readonly EMAIL_ALREADY_EXISTS: "EMAIL_ALREADY_EXISTS";
|
|
148
|
+
readonly PHONE_ALREADY_EXISTS: "PHONE_ALREADY_EXISTS";
|
|
149
|
+
readonly PROVIDER_NOT_FOUND: "PROVIDER_NOT_FOUND";
|
|
150
|
+
readonly INVALID_CREDENTIALS: "INVALID_CREDENTIALS";
|
|
151
|
+
readonly INVALID_PROVIDER: "INVALID_PROVIDER";
|
|
152
|
+
readonly MISSING_REQUIRED_FIELDS: "MISSING_REQUIRED_FIELDS";
|
|
153
|
+
readonly ACCOUNT_SUSPENDED: "ACCOUNT_SUSPENDED";
|
|
154
|
+
readonly ACCOUNT_INACTIVE: "ACCOUNT_INACTIVE";
|
|
155
|
+
readonly EMAIL_NOT_VERIFIED: "EMAIL_NOT_VERIFIED";
|
|
156
|
+
readonly CURRENT_PASSWORD_INCORRECT: "CURRENT_PASSWORD_INCORRECT";
|
|
157
|
+
readonly NEW_PASSWORD_SAME_AS_CURRENT: "NEW_PASSWORD_SAME_AS_CURRENT";
|
|
158
|
+
readonly PASSWORD_RESET_INVALID_REQUEST: "PASSWORD_RESET_INVALID_REQUEST";
|
|
159
|
+
readonly PASSWORD_RESET_TOKEN_INVALID: "PASSWORD_RESET_TOKEN_INVALID";
|
|
160
|
+
readonly PASSWORD_RESET_TOKEN_EXPIRED: "PASSWORD_RESET_TOKEN_EXPIRED";
|
|
161
|
+
readonly REFRESH_TOKEN_INVALID: "REFRESH_TOKEN_INVALID";
|
|
162
|
+
readonly REFRESH_TOKEN_EXPIRED: "REFRESH_TOKEN_EXPIRED";
|
|
163
|
+
readonly INVALID_TOKEN: "INVALID_TOKEN";
|
|
164
|
+
readonly TOKEN_EXPIRED: "TOKEN_EXPIRED";
|
|
165
|
+
readonly EMAIL_ALREADY_VERIFIED: "EMAIL_ALREADY_VERIFIED";
|
|
166
|
+
readonly VERIFICATION_CODE_INVALID: "VERIFICATION_CODE_INVALID";
|
|
167
|
+
readonly VERIFICATION_CODE_EXPIRED: "VERIFICATION_CODE_EXPIRED";
|
|
168
|
+
readonly NO_EMAIL_ADDRESS: "NO_EMAIL_ADDRESS";
|
|
169
|
+
readonly NO_PHONE_NUMBER: "NO_PHONE_NUMBER";
|
|
170
|
+
};
|
|
171
|
+
export type ErrorCode = typeof ERROR_CODES[keyof typeof ERROR_CODES];
|
|
172
|
+
/** @deprecated Use ERROR_CODES.USER_NOT_FOUND instead */
|
|
173
|
+
export declare const USER_NOT_FOUND_EXCEPTION_CODE: "USER_NOT_FOUND";
|
|
174
|
+
/** @deprecated Use ERROR_CODES.UNAUTHORIZED instead */
|
|
175
|
+
export declare const UNAUTHORIZED_EXCEPTION_CODE: "UNAUTHORIZED";
|
|
176
|
+
/** @deprecated Use ERROR_CODES.MFA_CODE_INVALID instead */
|
|
177
|
+
export declare const INVALID_MFA_EXCEPTION_CODE: "MFA_CODE_INVALID";
|
|
178
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_INVALID instead */
|
|
179
|
+
export declare const INVALID_REFRESH_TOKEN_EXCEPTION_CODE: "REFRESH_TOKEN_INVALID";
|
|
180
|
+
/** @deprecated Use ERROR_CODES.SESSION_NOT_FOUND instead */
|
|
181
|
+
export declare const SESSION_NOT_FOUND_ERROR: "SESSION_NOT_FOUND";
|
|
182
|
+
/** @deprecated Use ERROR_CODES.ACCOUNT_INACTIVE instead */
|
|
183
|
+
export declare const USER_NOT_ACTIVE_ERROR: "ACCOUNT_INACTIVE";
|
|
184
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_INVALID instead */
|
|
185
|
+
export declare const REFRESH_TOKEN_INVALID: "REFRESH_TOKEN_INVALID";
|
|
186
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_EXPIRED instead */
|
|
187
|
+
export declare const REFRESH_TOKEN_EXPIRED: "REFRESH_TOKEN_EXPIRED";
|
|
18
188
|
export declare const ACCESS_TOKEN_COOKIE_NAME = "accessToken";
|
|
19
189
|
export declare const REFRESH_TOKEN_COOKIE_NAME = "refreshToken";
|
|
20
190
|
export declare const NEST_AUTH_TRUST_DEVICE_KEY = "nest_auth_device_trust";
|
|
@@ -31,6 +201,9 @@ export declare const NestAuthEvents: {
|
|
|
31
201
|
readonly PASSWORD_RESET: "nest_auth.password_reset";
|
|
32
202
|
readonly LOGGED_OUT: "nest_auth.logged_out";
|
|
33
203
|
readonly LOGGED_OUT_ALL: "nest_auth.logged_out_all";
|
|
204
|
+
readonly PASSWORD_CHANGED: "nest_auth.password_changed";
|
|
205
|
+
readonly TWO_FACTOR_ENABLED: "nest_auth.two_factor_enabled";
|
|
206
|
+
readonly TWO_FACTOR_DISABLED: "nest_auth.two_factor_disabled";
|
|
34
207
|
readonly USER_CREATED: "nest_auth.user.created";
|
|
35
208
|
readonly USER_UPDATED: "nest_auth.user.updated";
|
|
36
209
|
readonly USER_DELETED: "nest_auth.user.deleted";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.constants.d.ts","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/auth.constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,kCAAkC,CAAC;AACnE,eAAO,MAAM,gCAAgC,qCAAqC,CAAC;AAInF,eAAO,MAAM,iBAAiB,QAAQ,CAAC;AACvC,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,mBAAmB,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"auth.constants.d.ts","sourceRoot":"","sources":["../../../../../packages/nest-auth/src/lib/auth.constants.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB,kCAAkC,CAAC;AACnE,eAAO,MAAM,gCAAgC,qCAAqC,CAAC;AAInF,eAAO,MAAM,iBAAiB,QAAQ,CAAC;AACvC,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,sBAAsB,aAAa,CAAC;AACjD,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,oBAAoB,WAAW,CAAC;AAC7C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAC3C,eAAO,MAAM,mBAAmB,UAAU,CAAC;AAQ3C,eAAO,MAAM,gBAAgB;;;;;;;;;;;;;;;;;;;;;;;;;;CAqCnB,CAAC;AAGX,eAAO,MAAM,eAAe;;;;;;;;;;;CAWlB,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;CAKtB,CAAC;AAGX,eAAO,MAAM,iBAAiB;;;;;;;;;;CAUpB,CAAC;AAGX,eAAO,MAAM,mBAAmB;;;;;;CAMtB,CAAC;AAGX,eAAO,MAAM,sBAAsB;;;;;;;CAOzB,CAAC;AAGX,eAAO,MAAM,eAAe;;;;;CAKlB,CAAC;AAGX,eAAO,MAAM,gBAAgB;;;;;;CAMnB,CAAC;AAGX,eAAO,MAAM,kBAAkB;;;;CAIrB,CAAC;AAGX,eAAO,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAUd,CAAC;AAGX,MAAM,MAAM,SAAS,GAAG,OAAO,WAAW,CAAC,MAAM,OAAO,WAAW,CAAC,CAAC;AAKrE,yDAAyD;AACzD,eAAO,MAAM,6BAA6B,kBAAkC,CAAC;AAC7E,uDAAuD;AACvD,eAAO,MAAM,2BAA2B,gBAAiC,CAAC;AAC1E,2DAA2D;AAC3D,eAAO,MAAM,0BAA0B,oBAAmC,CAAC;AAC3E,gEAAgE;AAChE,eAAO,MAAM,oCAAoC,yBAAyC,CAAC;AAC3F,4DAA4D;AAC5D,eAAO,MAAM,uBAAuB,qBAAwC,CAAC;AAC7E,2DAA2D;AAC3D,eAAO,MAAM,qBAAqB,oBAAoC,CAAC;AACvE,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,yBAAyC,CAAC;AAC5E,gEAAgE;AAChE,eAAO,MAAM,qBAAqB,yBAAyC,CAAC;AAI5E,eAAO,MAAM,wBAAwB,gBAAgB,CAAC;AACtD,eAAO,MAAM,yBAAyB,iBAAiB,CAAC;AAExD,eAAO,MAAM,0BAA0B,2BAA2B,CAAC;AAGnE,eAAO,MAAM,kBAAkB,QAAQ,CAAC;AAGxC,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;CAgCjB,CAAC"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.NestAuthEvents = exports.DEFAULT_GUARD_NAME = exports.NEST_AUTH_TRUST_DEVICE_KEY = exports.REFRESH_TOKEN_COOKIE_NAME = exports.ACCESS_TOKEN_COOKIE_NAME = exports.REFRESH_TOKEN_EXPIRED = exports.REFRESH_TOKEN_INVALID = exports.USER_NOT_ACTIVE_ERROR = exports.SESSION_NOT_FOUND_ERROR = exports.INVALID_REFRESH_TOKEN_EXCEPTION_CODE = exports.INVALID_MFA_EXCEPTION_CODE = exports.UNAUTHORIZED_EXCEPTION_CODE = exports.USER_NOT_FOUND_EXCEPTION_CODE = exports.PHONE_AUTH_PROVIDER = exports.EMAIL_AUTH_PROVIDER = exports.GITHUB_AUTH_PROVIDER = exports.APPLE_AUTH_PROVIDER = exports.FACEBOOK_AUTH_PROVIDER = exports.GOOGLE_AUTH_PROVIDER = exports.JWT_AUTH_PROVIDER = exports.NEST_AUTH_ASYNC_OPTIONS_PROVIDER = exports.AUTH_MODULE_OPTIONS = void 0;
|
|
3
|
+
exports.NestAuthEvents = exports.DEFAULT_GUARD_NAME = exports.NEST_AUTH_TRUST_DEVICE_KEY = exports.REFRESH_TOKEN_COOKIE_NAME = exports.ACCESS_TOKEN_COOKIE_NAME = exports.REFRESH_TOKEN_EXPIRED = exports.REFRESH_TOKEN_INVALID = exports.USER_NOT_ACTIVE_ERROR = exports.SESSION_NOT_FOUND_ERROR = exports.INVALID_REFRESH_TOKEN_EXCEPTION_CODE = exports.INVALID_MFA_EXCEPTION_CODE = exports.UNAUTHORIZED_EXCEPTION_CODE = exports.USER_NOT_FOUND_EXCEPTION_CODE = exports.ERROR_CODES = exports.TENANT_ERROR_CODES = exports.USER_ERROR_CODES = exports.OTP_ERROR_CODES = exports.VALIDATION_ERROR_CODES = exports.API_KEY_ERROR_CODES = exports.GUARD_ERROR_CODES = exports.SESSION_ERROR_CODES = exports.MFA_ERROR_CODES = exports.AUTH_ERROR_CODES = exports.PHONE_AUTH_PROVIDER = exports.EMAIL_AUTH_PROVIDER = exports.GITHUB_AUTH_PROVIDER = exports.APPLE_AUTH_PROVIDER = exports.FACEBOOK_AUTH_PROVIDER = exports.GOOGLE_AUTH_PROVIDER = exports.JWT_AUTH_PROVIDER = exports.NEST_AUTH_ASYNC_OPTIONS_PROVIDER = exports.AUTH_MODULE_OPTIONS = void 0;
|
|
4
4
|
exports.AUTH_MODULE_OPTIONS = 'NEST_AUTH_AUTH_MODULE_OPTIONS';
|
|
5
5
|
exports.NEST_AUTH_ASYNC_OPTIONS_PROVIDER = 'NEST_AUTH_ASYNC_OPTIONS_PROVIDER';
|
|
6
6
|
// Provider tokens
|
|
@@ -11,15 +11,144 @@ exports.APPLE_AUTH_PROVIDER = 'apple';
|
|
|
11
11
|
exports.GITHUB_AUTH_PROVIDER = 'github';
|
|
12
12
|
exports.EMAIL_AUTH_PROVIDER = 'email';
|
|
13
13
|
exports.PHONE_AUTH_PROVIDER = 'phone';
|
|
14
|
-
//
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
exports.
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
14
|
+
// ==========================================
|
|
15
|
+
// ERROR CODES - Categorized for better organization
|
|
16
|
+
// ==========================================
|
|
17
|
+
// Authentication Error Codes
|
|
18
|
+
exports.AUTH_ERROR_CODES = {
|
|
19
|
+
// Signup/Registration
|
|
20
|
+
REGISTRATION_DISABLED: 'REGISTRATION_DISABLED',
|
|
21
|
+
EMAIL_ALREADY_EXISTS: 'EMAIL_ALREADY_EXISTS',
|
|
22
|
+
PHONE_ALREADY_EXISTS: 'PHONE_ALREADY_EXISTS',
|
|
23
|
+
PROVIDER_NOT_FOUND: 'PROVIDER_NOT_FOUND',
|
|
24
|
+
// Login
|
|
25
|
+
INVALID_CREDENTIALS: 'INVALID_CREDENTIALS',
|
|
26
|
+
INVALID_PROVIDER: 'INVALID_PROVIDER',
|
|
27
|
+
MISSING_REQUIRED_FIELDS: 'MISSING_REQUIRED_FIELDS',
|
|
28
|
+
// Account Status
|
|
29
|
+
USER_NOT_FOUND: 'USER_NOT_FOUND',
|
|
30
|
+
ACCOUNT_SUSPENDED: 'ACCOUNT_SUSPENDED',
|
|
31
|
+
ACCOUNT_INACTIVE: 'ACCOUNT_INACTIVE',
|
|
32
|
+
EMAIL_NOT_VERIFIED: 'EMAIL_NOT_VERIFIED',
|
|
33
|
+
// Password
|
|
34
|
+
CURRENT_PASSWORD_INCORRECT: 'CURRENT_PASSWORD_INCORRECT',
|
|
35
|
+
NEW_PASSWORD_SAME_AS_CURRENT: 'NEW_PASSWORD_SAME_AS_CURRENT',
|
|
36
|
+
PASSWORD_RESET_INVALID_REQUEST: 'PASSWORD_RESET_INVALID_REQUEST',
|
|
37
|
+
PASSWORD_RESET_TOKEN_INVALID: 'PASSWORD_RESET_TOKEN_INVALID',
|
|
38
|
+
PASSWORD_RESET_TOKEN_EXPIRED: 'PASSWORD_RESET_TOKEN_EXPIRED',
|
|
39
|
+
// Tokens
|
|
40
|
+
REFRESH_TOKEN_INVALID: 'REFRESH_TOKEN_INVALID',
|
|
41
|
+
REFRESH_TOKEN_EXPIRED: 'REFRESH_TOKEN_EXPIRED',
|
|
42
|
+
INVALID_TOKEN: 'INVALID_TOKEN',
|
|
43
|
+
TOKEN_EXPIRED: 'TOKEN_EXPIRED',
|
|
44
|
+
// Email Verification
|
|
45
|
+
EMAIL_ALREADY_VERIFIED: 'EMAIL_ALREADY_VERIFIED',
|
|
46
|
+
VERIFICATION_CODE_INVALID: 'VERIFICATION_CODE_INVALID',
|
|
47
|
+
VERIFICATION_CODE_EXPIRED: 'VERIFICATION_CODE_EXPIRED',
|
|
48
|
+
NO_EMAIL_ADDRESS: 'NO_EMAIL_ADDRESS',
|
|
49
|
+
NO_PHONE_NUMBER: 'NO_PHONE_NUMBER',
|
|
50
|
+
};
|
|
51
|
+
// MFA Error Codes
|
|
52
|
+
exports.MFA_ERROR_CODES = {
|
|
53
|
+
MFA_NOT_ENABLED: 'MFA_NOT_ENABLED',
|
|
54
|
+
MFA_REQUIRED: 'MFA_REQUIRED',
|
|
55
|
+
MFA_CODE_INVALID: 'MFA_CODE_INVALID',
|
|
56
|
+
MFA_CODE_EXPIRED: 'MFA_CODE_EXPIRED',
|
|
57
|
+
MFA_METHOD_NOT_AVAILABLE: 'MFA_METHOD_NOT_AVAILABLE',
|
|
58
|
+
MFA_TOGGLING_NOT_ALLOWED: 'MFA_TOGGLING_NOT_ALLOWED',
|
|
59
|
+
MFA_CANNOT_ENABLE_WITHOUT_METHOD: 'MFA_CANNOT_ENABLE_WITHOUT_METHOD',
|
|
60
|
+
MFA_RECOVERY_CODE_INVALID: 'MFA_RECOVERY_CODE_INVALID',
|
|
61
|
+
TOTP_SETUP_FAILED: 'TOTP_SETUP_FAILED',
|
|
62
|
+
TOTP_VERIFICATION_FAILED: 'TOTP_VERIFICATION_FAILED',
|
|
63
|
+
};
|
|
64
|
+
// Session Error Codes
|
|
65
|
+
exports.SESSION_ERROR_CODES = {
|
|
66
|
+
SESSION_NOT_FOUND: 'SESSION_NOT_FOUND',
|
|
67
|
+
SESSION_EXPIRED: 'SESSION_EXPIRED',
|
|
68
|
+
SESSION_INVALID: 'SESSION_INVALID',
|
|
69
|
+
MAX_SESSIONS_REACHED: 'MAX_SESSIONS_REACHED',
|
|
70
|
+
};
|
|
71
|
+
// Guard Error Codes
|
|
72
|
+
exports.GUARD_ERROR_CODES = {
|
|
73
|
+
NO_AUTH_PROVIDED: 'NO_AUTH_PROVIDED',
|
|
74
|
+
INVALID_AUTH_FORMAT: 'INVALID_AUTH_FORMAT',
|
|
75
|
+
INVALID_AUTH_TYPE: 'INVALID_AUTH_TYPE',
|
|
76
|
+
UNAUTHORIZED: 'UNAUTHORIZED',
|
|
77
|
+
ACCESS_DENIED: 'ACCESS_DENIED',
|
|
78
|
+
FORBIDDEN: 'FORBIDDEN',
|
|
79
|
+
NO_ROLES_ASSIGNED: 'NO_ROLES_ASSIGNED',
|
|
80
|
+
MISSING_REQUIRED_ROLES: 'MISSING_REQUIRED_ROLES',
|
|
81
|
+
MISSING_REQUIRED_PERMISSIONS: 'MISSING_REQUIRED_PERMISSIONS',
|
|
82
|
+
};
|
|
83
|
+
// API Key Error Codes
|
|
84
|
+
exports.API_KEY_ERROR_CODES = {
|
|
85
|
+
INVALID_API_KEY_FORMAT: 'INVALID_API_KEY_FORMAT',
|
|
86
|
+
INVALID_API_KEY: 'INVALID_API_KEY',
|
|
87
|
+
API_KEY_EXPIRED: 'API_KEY_EXPIRED',
|
|
88
|
+
API_KEY_DEACTIVATED: 'API_KEY_DEACTIVATED',
|
|
89
|
+
API_KEY_NOT_FOUND: 'API_KEY_NOT_FOUND',
|
|
90
|
+
};
|
|
91
|
+
// Validation Error Codes
|
|
92
|
+
exports.VALIDATION_ERROR_CODES = {
|
|
93
|
+
EMAIL_OR_PHONE_REQUIRED: 'EMAIL_OR_PHONE_REQUIRED',
|
|
94
|
+
TENANT_ID_REQUIRED: 'TENANT_ID_REQUIRED',
|
|
95
|
+
INVALID_INPUT: 'INVALID_INPUT',
|
|
96
|
+
MISSING_REQUIRED_FIELD: 'MISSING_REQUIRED_FIELD',
|
|
97
|
+
INVALID_EMAIL_FORMAT: 'INVALID_EMAIL_FORMAT',
|
|
98
|
+
INVALID_PHONE_FORMAT: 'INVALID_PHONE_FORMAT',
|
|
99
|
+
};
|
|
100
|
+
// OTP Error Codes
|
|
101
|
+
exports.OTP_ERROR_CODES = {
|
|
102
|
+
OTP_INVALID: 'OTP_INVALID',
|
|
103
|
+
OTP_EXPIRED: 'OTP_EXPIRED',
|
|
104
|
+
OTP_ALREADY_USED: 'OTP_ALREADY_USED',
|
|
105
|
+
OTP_NOT_FOUND: 'OTP_NOT_FOUND',
|
|
106
|
+
};
|
|
107
|
+
// User Management Error Codes
|
|
108
|
+
exports.USER_ERROR_CODES = {
|
|
109
|
+
USER_NOT_FOUND: 'USER_NOT_FOUND',
|
|
110
|
+
USER_ALREADY_EXISTS: 'USER_ALREADY_EXISTS',
|
|
111
|
+
USER_CREATION_FAILED: 'USER_CREATION_FAILED',
|
|
112
|
+
USER_UPDATE_FAILED: 'USER_UPDATE_FAILED',
|
|
113
|
+
USER_DELETION_FAILED: 'USER_DELETION_FAILED',
|
|
114
|
+
};
|
|
115
|
+
// Tenant Error Codes
|
|
116
|
+
exports.TENANT_ERROR_CODES = {
|
|
117
|
+
TENANT_NOT_FOUND: 'TENANT_NOT_FOUND',
|
|
118
|
+
TENANT_ALREADY_EXISTS: 'TENANT_ALREADY_EXISTS',
|
|
119
|
+
INVALID_TENANT: 'INVALID_TENANT',
|
|
120
|
+
};
|
|
121
|
+
// Consolidated Error Codes (for easy access)
|
|
122
|
+
exports.ERROR_CODES = {
|
|
123
|
+
...exports.AUTH_ERROR_CODES,
|
|
124
|
+
...exports.MFA_ERROR_CODES,
|
|
125
|
+
...exports.SESSION_ERROR_CODES,
|
|
126
|
+
...exports.GUARD_ERROR_CODES,
|
|
127
|
+
...exports.API_KEY_ERROR_CODES,
|
|
128
|
+
...exports.VALIDATION_ERROR_CODES,
|
|
129
|
+
...exports.OTP_ERROR_CODES,
|
|
130
|
+
...exports.USER_ERROR_CODES,
|
|
131
|
+
...exports.TENANT_ERROR_CODES,
|
|
132
|
+
};
|
|
133
|
+
// ==========================================
|
|
134
|
+
// LEGACY ERROR CODES (For backward compatibility)
|
|
135
|
+
// ==========================================
|
|
136
|
+
/** @deprecated Use ERROR_CODES.USER_NOT_FOUND instead */
|
|
137
|
+
exports.USER_NOT_FOUND_EXCEPTION_CODE = exports.AUTH_ERROR_CODES.USER_NOT_FOUND;
|
|
138
|
+
/** @deprecated Use ERROR_CODES.UNAUTHORIZED instead */
|
|
139
|
+
exports.UNAUTHORIZED_EXCEPTION_CODE = exports.GUARD_ERROR_CODES.UNAUTHORIZED;
|
|
140
|
+
/** @deprecated Use ERROR_CODES.MFA_CODE_INVALID instead */
|
|
141
|
+
exports.INVALID_MFA_EXCEPTION_CODE = exports.MFA_ERROR_CODES.MFA_CODE_INVALID;
|
|
142
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_INVALID instead */
|
|
143
|
+
exports.INVALID_REFRESH_TOKEN_EXCEPTION_CODE = exports.AUTH_ERROR_CODES.REFRESH_TOKEN_INVALID;
|
|
144
|
+
/** @deprecated Use ERROR_CODES.SESSION_NOT_FOUND instead */
|
|
145
|
+
exports.SESSION_NOT_FOUND_ERROR = exports.SESSION_ERROR_CODES.SESSION_NOT_FOUND;
|
|
146
|
+
/** @deprecated Use ERROR_CODES.ACCOUNT_INACTIVE instead */
|
|
147
|
+
exports.USER_NOT_ACTIVE_ERROR = exports.AUTH_ERROR_CODES.ACCOUNT_INACTIVE;
|
|
148
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_INVALID instead */
|
|
149
|
+
exports.REFRESH_TOKEN_INVALID = exports.AUTH_ERROR_CODES.REFRESH_TOKEN_INVALID;
|
|
150
|
+
/** @deprecated Use ERROR_CODES.REFRESH_TOKEN_EXPIRED instead */
|
|
151
|
+
exports.REFRESH_TOKEN_EXPIRED = exports.AUTH_ERROR_CODES.REFRESH_TOKEN_EXPIRED;
|
|
23
152
|
// Auth Cookie Names
|
|
24
153
|
exports.ACCESS_TOKEN_COOKIE_NAME = 'accessToken';
|
|
25
154
|
exports.REFRESH_TOKEN_COOKIE_NAME = 'refreshToken';
|
|
@@ -40,6 +169,9 @@ exports.NestAuthEvents = {
|
|
|
40
169
|
PASSWORD_RESET: 'nest_auth.password_reset',
|
|
41
170
|
LOGGED_OUT: 'nest_auth.logged_out',
|
|
42
171
|
LOGGED_OUT_ALL: 'nest_auth.logged_out_all',
|
|
172
|
+
PASSWORD_CHANGED: 'nest_auth.password_changed',
|
|
173
|
+
TWO_FACTOR_ENABLED: 'nest_auth.two_factor_enabled',
|
|
174
|
+
TWO_FACTOR_DISABLED: 'nest_auth.two_factor_disabled',
|
|
43
175
|
// User events
|
|
44
176
|
USER_CREATED: 'nest_auth.user.created',
|
|
45
177
|
USER_UPDATED: 'nest_auth.user.updated',
|