@ackplus/nest-auth 1.1.30 → 1.1.31-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +64 -450
- package/dist/index.d.ts +4 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/lib/admin-console/admin-console.module.js +1 -1
- package/dist/lib/admin-console/admin-console.module.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-auth.controller.d.ts +3 -3
- package/dist/lib/admin-console/controllers/admin-auth.controller.d.ts.map +1 -1
- package/dist/lib/admin-console/controllers/admin-auth.controller.js +2 -2
- package/dist/lib/admin-console/controllers/admin-auth.controller.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-console.controller.js +1 -1
- package/dist/lib/admin-console/controllers/admin-console.controller.js.map +1 -1
- package/dist/lib/admin-console/controllers/admin-users.controller.d.ts +2 -2
- package/dist/lib/admin-console/decorators/current-admin.decorator.js.map +1 -1
- package/dist/lib/admin-console/entities/admin-user.entity.d.ts +1 -3
- package/dist/lib/admin-console/entities/admin-user.entity.d.ts.map +1 -1
- package/dist/lib/admin-console/entities/admin-user.entity.js +19 -66
- package/dist/lib/admin-console/entities/admin-user.entity.js.map +1 -1
- package/dist/lib/admin-console/guards/admin-session.guard.d.ts +2 -2
- package/dist/lib/admin-console/guards/admin-session.guard.d.ts.map +1 -1
- package/dist/lib/admin-console/services/admin-auth.service.d.ts +4 -4
- package/dist/lib/admin-console/services/admin-auth.service.d.ts.map +1 -1
- package/dist/lib/admin-console/services/admin-auth.service.js.map +1 -1
- package/dist/lib/admin-console/services/admin-console-config.service.d.ts +4 -4
- package/dist/lib/admin-console/services/admin-console-config.service.d.ts.map +1 -1
- package/dist/lib/admin-console/services/admin-console-config.service.js +22 -14
- package/dist/lib/admin-console/services/admin-console-config.service.js.map +1 -1
- package/dist/lib/admin-console/services/admin-session.service.d.ts +2 -2
- package/dist/lib/admin-console/services/admin-session.service.d.ts.map +1 -1
- package/dist/lib/admin-console/services/admin-session.service.js.map +1 -1
- package/dist/lib/admin-console/services/admin-user.service.d.ts +7 -7
- package/dist/lib/admin-console/services/admin-user.service.d.ts.map +1 -1
- package/dist/lib/admin-console/services/admin-user.service.js +1 -1
- package/dist/lib/admin-console/services/admin-user.service.js.map +1 -1
- package/dist/lib/admin-console/static/index.html +5 -5
- package/dist/lib/admin-console/static/nest-auth.json +281 -140
- package/dist/lib/audit/services/audit.service.d.ts +6 -1
- package/dist/lib/audit/services/audit.service.d.ts.map +1 -1
- package/dist/lib/audit/services/audit.service.js +12 -7
- package/dist/lib/audit/services/audit.service.js.map +1 -1
- package/dist/lib/auth/auth.module.d.ts.map +1 -1
- package/dist/lib/auth/auth.module.js +9 -6
- package/dist/lib/auth/auth.module.js.map +1 -1
- package/dist/lib/auth/controllers/auth.controller.d.ts +37 -45
- package/dist/lib/auth/controllers/auth.controller.d.ts.map +1 -1
- package/dist/lib/auth/controllers/auth.controller.js +125 -132
- package/dist/lib/auth/controllers/auth.controller.js.map +1 -1
- package/dist/lib/auth/controllers/mfa.controller.d.ts +9 -15
- package/dist/lib/auth/controllers/mfa.controller.d.ts.map +1 -1
- package/dist/lib/auth/controllers/mfa.controller.js +23 -20
- package/dist/lib/auth/controllers/mfa.controller.js.map +1 -1
- package/dist/lib/auth/dto/credentials/social-credentials.dto.d.ts +2 -1
- package/dist/lib/auth/dto/credentials/social-credentials.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/credentials/social-credentials.dto.js +9 -2
- package/dist/lib/auth/dto/credentials/social-credentials.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/change-password.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/change-password.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/change-password.request.dto.js +5 -5
- package/dist/lib/auth/dto/requests/change-password.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/forgot-password.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/forgot-password.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/forgot-password.request.dto.js +6 -6
- package/dist/lib/auth/dto/requests/forgot-password.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/initialize-admin.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/initialize-admin.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/initialize-admin.request.dto.js +8 -8
- package/dist/lib/auth/dto/requests/initialize-admin.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/login.request.dto.d.ts +3 -2
- package/dist/lib/auth/dto/requests/login.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/login.request.dto.js +11 -12
- package/dist/lib/auth/dto/requests/login.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/refresh-token.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/refresh-token.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/refresh-token.request.dto.js +4 -4
- package/dist/lib/auth/dto/requests/refresh-token.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/reset-password-with-token.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/reset-password-with-token.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/reset-password-with-token.request.dto.js +5 -5
- package/dist/lib/auth/dto/requests/reset-password-with-token.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/reset-password.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/reset-password.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/reset-password.request.dto.js +8 -8
- package/dist/lib/auth/dto/requests/reset-password.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/send-email-verification.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/send-email-verification.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/send-email-verification.request.dto.js +4 -4
- package/dist/lib/auth/dto/requests/send-email-verification.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts +4 -3
- package/dist/lib/auth/dto/requests/send-mfa-code.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/send-mfa-code.request.dto.js +12 -12
- package/dist/lib/auth/dto/requests/send-mfa-code.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/signup.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/signup.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/signup.request.dto.js +7 -7
- package/dist/lib/auth/dto/requests/signup.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/toggle-mfa.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/toggle-mfa.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/toggle-mfa.request.dto.js +4 -4
- package/dist/lib/auth/dto/requests/toggle-mfa.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/verify-2fa.request.dto.d.ts +4 -3
- package/dist/lib/auth/dto/requests/verify-2fa.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/verify-2fa.request.dto.js +11 -11
- package/dist/lib/auth/dto/requests/verify-2fa.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/verify-email.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/verify-email.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/verify-email.request.dto.js +5 -5
- package/dist/lib/auth/dto/requests/verify-email.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js +7 -7
- package/dist/lib/auth/dto/requests/verify-forgot-password-otp-request-dto.js.map +1 -1
- package/dist/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts +2 -1
- package/dist/lib/auth/dto/requests/verify-totp-setup.request.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/requests/verify-totp-setup.request.dto.js +5 -5
- package/dist/lib/auth/dto/requests/verify-totp-setup.request.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/auth-cookie.response.dto.d.ts +2 -1
- package/dist/lib/auth/dto/responses/auth-cookie.response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/auth-cookie.response.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/auth-messages.response.dto.d.ts +38 -0
- package/dist/lib/auth/dto/responses/auth-messages.response.dto.d.ts.map +1 -0
- package/dist/lib/auth/dto/responses/auth-messages.response.dto.js +110 -0
- package/dist/lib/auth/dto/responses/auth-messages.response.dto.js.map +1 -0
- package/dist/lib/auth/dto/responses/auth-success.response.dto.d.ts +2 -1
- package/dist/lib/auth/dto/responses/auth-success.response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/auth-success.response.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/auth.response.dto.d.ts +7 -4
- package/dist/lib/auth/dto/responses/auth.response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/auth.response.dto.js +20 -0
- package/dist/lib/auth/dto/responses/auth.response.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/client-config.response.dto.d.ts +14 -13
- package/dist/lib/auth/dto/responses/client-config.response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/client-config.response.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/initialize-admin.response.dto.d.ts +2 -1
- package/dist/lib/auth/dto/responses/initialize-admin.response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/initialize-admin.response.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/mfa-code-response.dto.d.ts +2 -1
- package/dist/lib/auth/dto/responses/mfa-code-response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/mfa-code-response.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/mfa-status.response.dto.d.ts +7 -6
- package/dist/lib/auth/dto/responses/mfa-status.response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/mfa-status.response.dto.js +7 -7
- package/dist/lib/auth/dto/responses/mfa-status.response.dto.js.map +1 -1
- package/dist/lib/auth/dto/responses/verify-otp.response.dto.d.ts +2 -1
- package/dist/lib/auth/dto/responses/verify-otp.response.dto.d.ts.map +1 -1
- package/dist/lib/auth/dto/responses/verify-otp.response.dto.js.map +1 -1
- package/dist/lib/auth/entities/otp.entity.d.ts +2 -2
- package/dist/lib/auth/entities/otp.entity.d.ts.map +1 -1
- package/dist/lib/auth/entities/otp.entity.js +1 -1
- package/dist/lib/auth/entities/otp.entity.js.map +1 -1
- package/dist/lib/auth/events/password-reset-requested.event.d.ts +2 -2
- package/dist/lib/auth/events/password-reset-requested.event.d.ts.map +1 -1
- package/dist/lib/auth/events/password-reset.event.d.ts +2 -2
- package/dist/lib/auth/events/password-reset.event.d.ts.map +1 -1
- package/dist/lib/auth/events/password-reset.event.js.map +1 -1
- package/dist/lib/auth/events/two-factor-code-sent.event.d.ts +2 -2
- package/dist/lib/auth/events/two-factor-code-sent.event.d.ts.map +1 -1
- package/dist/lib/auth/events/user-2fa-enabled.event.d.ts +3 -3
- package/dist/lib/auth/events/user-2fa-enabled.event.d.ts.map +1 -1
- package/dist/lib/auth/events/user-2fa-verified.event.d.ts +2 -2
- package/dist/lib/auth/events/user-2fa-verified.event.d.ts.map +1 -1
- package/dist/lib/auth/events/user-logged-in.event.d.ts +2 -2
- package/dist/lib/auth/events/user-logged-in.event.d.ts.map +1 -1
- package/dist/lib/auth/events/user-registered.event.d.ts +2 -2
- package/dist/lib/auth/events/user-registered.event.d.ts.map +1 -1
- package/dist/lib/auth/events/user-registered.event.js.map +1 -1
- package/dist/lib/auth/filters/auth-exception.filter.d.ts +6 -0
- package/dist/lib/auth/filters/auth-exception.filter.d.ts.map +1 -0
- package/dist/lib/auth/filters/auth-exception.filter.js +29 -0
- package/dist/lib/auth/filters/auth-exception.filter.js.map +1 -0
- package/dist/lib/auth/filters/index.d.ts +2 -0
- package/dist/lib/auth/filters/index.d.ts.map +1 -0
- package/dist/lib/auth/filters/index.js +18 -0
- package/dist/lib/auth/filters/index.js.map +1 -0
- package/dist/lib/auth/index.d.ts +1 -2
- package/dist/lib/auth/index.d.ts.map +1 -1
- package/dist/lib/auth/index.js +1 -2
- package/dist/lib/auth/index.js.map +1 -1
- package/dist/lib/auth/interceptors/token-response.interceptor.d.ts +16 -0
- package/dist/lib/auth/interceptors/token-response.interceptor.d.ts.map +1 -0
- package/dist/lib/auth/interceptors/token-response.interceptor.js +83 -0
- package/dist/lib/auth/interceptors/token-response.interceptor.js.map +1 -0
- package/dist/lib/auth/services/auth.service.d.ts +11 -33
- package/dist/lib/auth/services/auth.service.d.ts.map +1 -1
- package/dist/lib/auth/services/auth.service.js +65 -505
- package/dist/lib/auth/services/auth.service.js.map +1 -1
- package/dist/lib/auth/services/client-config.service.d.ts.map +1 -1
- package/dist/lib/auth/services/client-config.service.js +2 -4
- package/dist/lib/auth/services/client-config.service.js.map +1 -1
- package/dist/lib/auth/services/mfa.service.d.ts +8 -7
- package/dist/lib/auth/services/mfa.service.d.ts.map +1 -1
- package/dist/lib/auth/services/mfa.service.js +21 -21
- package/dist/lib/auth/services/mfa.service.js.map +1 -1
- package/dist/lib/auth/services/password.service.d.ts +44 -0
- package/dist/lib/auth/services/password.service.d.ts.map +1 -0
- package/dist/lib/auth/services/password.service.js +447 -0
- package/dist/lib/auth/services/password.service.js.map +1 -0
- package/dist/lib/auth/services/verification.service.d.ts +24 -0
- package/dist/lib/auth/services/verification.service.d.ts.map +1 -0
- package/dist/lib/auth/services/verification.service.js +191 -0
- package/dist/lib/auth/services/verification.service.js.map +1 -0
- package/dist/lib/auth.constants.d.ts +0 -8
- package/dist/lib/auth.constants.d.ts.map +1 -1
- package/dist/lib/auth.constants.js +1 -9
- package/dist/lib/auth.constants.js.map +1 -1
- package/dist/lib/core/core.module.d.ts.map +1 -1
- package/dist/lib/core/core.module.js +3 -0
- package/dist/lib/core/core.module.js.map +1 -1
- package/dist/lib/core/entities.d.ts +2 -3
- package/dist/lib/core/entities.d.ts.map +1 -1
- package/dist/lib/core/entities.js +2 -4
- package/dist/lib/core/entities.js.map +1 -1
- package/dist/lib/core/index.d.ts +0 -5
- package/dist/lib/core/index.d.ts.map +1 -1
- package/dist/lib/core/index.js +0 -5
- package/dist/lib/core/index.js.map +1 -1
- package/dist/lib/core/interfaces/auth-module-options.interface.d.ts +31 -32
- package/dist/lib/core/interfaces/auth-module-options.interface.d.ts.map +1 -1
- package/dist/lib/core/interfaces/mfa-options.interface.d.ts +3 -6
- package/dist/lib/core/interfaces/mfa-options.interface.d.ts.map +1 -1
- package/dist/lib/core/interfaces/mfa-options.interface.js +0 -7
- package/dist/lib/core/interfaces/mfa-options.interface.js.map +1 -1
- package/dist/lib/core/interfaces/session-options.interface.d.ts.map +1 -1
- package/dist/lib/core/providers/apple-auth.provider.d.ts +6 -3
- package/dist/lib/core/providers/apple-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/apple-auth.provider.js +14 -7
- package/dist/lib/core/providers/apple-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/base-auth.provider.d.ts +4 -3
- package/dist/lib/core/providers/base-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/base-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/email-auth.provider.d.ts +7 -7
- package/dist/lib/core/providers/email-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/email-auth.provider.js +19 -8
- package/dist/lib/core/providers/email-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/facebook-auth.provider.d.ts +8 -6
- package/dist/lib/core/providers/facebook-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/facebook-auth.provider.js +31 -18
- package/dist/lib/core/providers/facebook-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/github-auth.provider.d.ts +8 -6
- package/dist/lib/core/providers/github-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/github-auth.provider.js +18 -11
- package/dist/lib/core/providers/github-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/google-auth.provider.d.ts +14 -13
- package/dist/lib/core/providers/google-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/google-auth.provider.js +36 -18
- package/dist/lib/core/providers/google-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/jwt-auth.provider.d.ts +8 -6
- package/dist/lib/core/providers/jwt-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/jwt-auth.provider.js +17 -11
- package/dist/lib/core/providers/jwt-auth.provider.js.map +1 -1
- package/dist/lib/core/providers/phone-auth.provider.d.ts +7 -7
- package/dist/lib/core/providers/phone-auth.provider.d.ts.map +1 -1
- package/dist/lib/core/providers/phone-auth.provider.js +14 -7
- package/dist/lib/core/providers/phone-auth.provider.js.map +1 -1
- package/dist/lib/core/services/auth-config.service.d.ts +9 -9
- package/dist/lib/core/services/auth-config.service.d.ts.map +1 -1
- package/dist/lib/core/services/auth-config.service.js +22 -20
- package/dist/lib/core/services/auth-config.service.js.map +1 -1
- package/dist/lib/core/services/auth-provider-registry.service.d.ts.map +1 -1
- package/dist/lib/core/services/auth-provider-registry.service.js +5 -0
- package/dist/lib/core/services/auth-provider-registry.service.js.map +1 -1
- package/dist/lib/core/services/jwt.service.d.ts +3 -3
- package/dist/lib/core/services/jwt.service.d.ts.map +1 -1
- package/dist/lib/core/services/jwt.service.js +41 -8
- package/dist/lib/core/services/jwt.service.js.map +1 -1
- package/dist/lib/nest-auth.module.d.ts +3 -3
- package/dist/lib/nest-auth.module.d.ts.map +1 -1
- package/dist/lib/nest-auth.module.js +5 -16
- package/dist/lib/nest-auth.module.js.map +1 -1
- package/dist/lib/session/services/session-manager.service.js.map +1 -1
- package/dist/lib/tenant/services/tenant.service.d.ts +0 -1
- package/dist/lib/tenant/services/tenant.service.d.ts.map +1 -1
- package/dist/lib/tenant/services/tenant.service.js +8 -25
- package/dist/lib/tenant/services/tenant.service.js.map +1 -1
- package/dist/lib/user/entities/user.entity.d.ts +0 -2
- package/dist/lib/user/entities/user.entity.d.ts.map +1 -1
- package/dist/lib/user/entities/user.entity.js +5 -52
- package/dist/lib/user/entities/user.entity.js.map +1 -1
- package/dist/lib/user/services/user.service.d.ts.map +1 -1
- package/dist/lib/user/services/user.service.js.map +1 -1
- package/package.json +53 -44
- package/dist/lib/auth/dto/index.d.ts +0 -1
- package/dist/lib/auth/dto/index.d.ts.map +0 -1
- package/dist/lib/auth/dto/index.js +0 -1
- package/dist/lib/auth/dto/index.js.map +0 -1
- package/dist/lib/auth/events/index.d.ts +0 -13
- package/dist/lib/auth/events/index.d.ts.map +0 -1
- package/dist/lib/auth/events/index.js +0 -29
- package/dist/lib/auth/events/index.js.map +0 -1
- package/dist/lib/auth/interceptors/refresh-token.interceptor.d.ts +0 -16
- package/dist/lib/auth/interceptors/refresh-token.interceptor.d.ts.map +0 -1
- package/dist/lib/auth/interceptors/refresh-token.interceptor.js +0 -87
- package/dist/lib/auth/interceptors/refresh-token.interceptor.js.map +0 -1
- package/dist/lib/auth/services/cookie.service.d.ts +0 -10
- package/dist/lib/auth/services/cookie.service.d.ts.map +0 -1
- package/dist/lib/auth/services/cookie.service.js +0 -55
- package/dist/lib/auth/services/cookie.service.js.map +0 -1
- package/dist/lib/core/interfaces/otp.interface.d.ts +0 -6
- package/dist/lib/core/interfaces/otp.interface.d.ts.map +0 -1
- package/dist/lib/core/interfaces/otp.interface.js +0 -10
- package/dist/lib/core/interfaces/otp.interface.js.map +0 -1
|
@@ -11,45 +11,32 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
11
|
var __param = (this && this.__param) || function (paramIndex, decorator) {
|
|
12
12
|
return function (target, key) { decorator(target, key, paramIndex); }
|
|
13
13
|
};
|
|
14
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
15
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
16
|
-
};
|
|
17
14
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
18
15
|
exports.AuthService = void 0;
|
|
19
16
|
const common_1 = require("@nestjs/common");
|
|
20
17
|
const typeorm_1 = require("@nestjs/typeorm");
|
|
21
18
|
const typeorm_2 = require("typeorm");
|
|
22
19
|
const user_entity_1 = require("../../user/entities/user.entity");
|
|
23
|
-
const otp_entity_1 = require("../../auth/entities/otp.entity");
|
|
24
|
-
const otp_interface_1 = require("../../core/interfaces/otp.interface");
|
|
25
20
|
const auth_constants_1 = require("../../auth.constants");
|
|
26
|
-
const typeorm_3 = require("typeorm");
|
|
27
21
|
const mfa_service_1 = require("./mfa.service");
|
|
28
22
|
const jwt_service_1 = require("../../core/services/jwt.service");
|
|
29
23
|
const event_emitter_1 = require("@nestjs/event-emitter");
|
|
30
24
|
const session_manager_service_1 = require("../../session/services/session-manager.service");
|
|
31
25
|
const request_context_1 = require("../../request-context/request-context");
|
|
32
|
-
const otp_1 = require("../../utils/otp");
|
|
33
26
|
const user_registered_event_1 = require("../events/user-registered.event");
|
|
34
27
|
const user_logged_in_event_1 = require("../events/user-logged-in.event");
|
|
35
28
|
const user_2fa_verified_event_1 = require("../events/user-2fa-verified.event");
|
|
36
29
|
const user_refresh_token_event_1 = require("../events/user-refresh-token.event");
|
|
37
30
|
const logged_out_event_1 = require("../events/logged-out.event");
|
|
38
31
|
const logged_out_all_event_1 = require("../events/logged-out-all.event");
|
|
39
|
-
const password_reset_requested_event_1 = require("../events/password-reset-requested.event");
|
|
40
|
-
const password_reset_event_1 = require("../events/password-reset.event");
|
|
41
32
|
const auth_provider_registry_service_1 = require("../../core/services/auth-provider-registry.service");
|
|
42
33
|
const tenant_service_1 = require("../../tenant/services/tenant.service");
|
|
43
34
|
const debug_logger_service_1 = require("../../core/services/debug-logger.service");
|
|
44
|
-
const moment_1 = __importDefault(require("moment"));
|
|
45
35
|
const auth_config_service_1 = require("../../core/services/auth-config.service");
|
|
46
36
|
const cookie_helper_1 = require("../../utils/cookie.helper");
|
|
47
|
-
const user_password_changed_event_1 = require("../events/user-password-changed.event");
|
|
48
37
|
const user_service_1 = require("../../user/services/user.service");
|
|
49
|
-
const ms_1 = __importDefault(require("ms"));
|
|
50
38
|
let AuthService = class AuthService {
|
|
51
39
|
userRepository;
|
|
52
|
-
otpRepository;
|
|
53
40
|
authProviderRegistry;
|
|
54
41
|
mfaService;
|
|
55
42
|
sessionManager;
|
|
@@ -59,9 +46,8 @@ let AuthService = class AuthService {
|
|
|
59
46
|
debugLogger;
|
|
60
47
|
authConfigService;
|
|
61
48
|
userService;
|
|
62
|
-
constructor(userRepository,
|
|
49
|
+
constructor(userRepository, authProviderRegistry, mfaService, sessionManager, jwtService, eventEmitter, tenantService, debugLogger, authConfigService, userService) {
|
|
63
50
|
this.userRepository = userRepository;
|
|
64
|
-
this.otpRepository = otpRepository;
|
|
65
51
|
this.authProviderRegistry = authProviderRegistry;
|
|
66
52
|
this.mfaService = mfaService;
|
|
67
53
|
this.sessionManager = sessionManager;
|
|
@@ -72,9 +58,6 @@ let AuthService = class AuthService {
|
|
|
72
58
|
this.authConfigService = authConfigService;
|
|
73
59
|
this.userService = userService;
|
|
74
60
|
}
|
|
75
|
-
get mfaConfig() {
|
|
76
|
-
return auth_config_service_1.AuthConfigService.getOptions().mfa || {};
|
|
77
|
-
}
|
|
78
61
|
getUserWithRolesAndPermissions(userId, relations = []) {
|
|
79
62
|
return this.userRepository.findOne({
|
|
80
63
|
where: { id: userId },
|
|
@@ -187,15 +170,16 @@ let AuthService = class AuthService {
|
|
|
187
170
|
isRequiresMfa
|
|
188
171
|
}));
|
|
189
172
|
this.debugLogger.logFunctionExit('signup', 'AuthService', { userId: user.id, isRequiresMfa });
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
173
|
+
const autoLoginAfterSignup = config.registration?.autoLoginAfterSignup !== false;
|
|
174
|
+
if (!autoLoginAfterSignup) {
|
|
175
|
+
return {
|
|
176
|
+
message: 'Account created successfully. Please login.',
|
|
177
|
+
accessToken: '',
|
|
178
|
+
refreshToken: '',
|
|
179
|
+
isRequiresMfa: false,
|
|
180
|
+
};
|
|
197
181
|
}
|
|
198
|
-
return
|
|
182
|
+
return this.generateAuthResponse(user, session, tokens, isRequiresMfa);
|
|
199
183
|
}
|
|
200
184
|
catch (error) {
|
|
201
185
|
this.debugLogger.logError(error, 'signup', { email: input.email, phone: input.phone });
|
|
@@ -244,27 +228,16 @@ let AuthService = class AuthService {
|
|
|
244
228
|
}
|
|
245
229
|
user = await this.getUserWithRolesAndPermissions(user.id);
|
|
246
230
|
let isRequiresMfa = false;
|
|
231
|
+
let isTrusted = false;
|
|
247
232
|
if (!provider.skipMfa) {
|
|
248
233
|
isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
|
|
249
234
|
}
|
|
250
235
|
user.isMfaEnabled = isRequiresMfa;
|
|
251
236
|
let session = await this.sessionManager.createSessionFromUser(user);
|
|
252
237
|
if (isRequiresMfa) {
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
if (!trustToken) {
|
|
257
|
-
trustToken = req.headers[trustCookieName];
|
|
258
|
-
}
|
|
259
|
-
let isTrusted = false;
|
|
260
|
-
if (trustToken) {
|
|
261
|
-
isTrusted = await this.mfaService.validateTrustedDevice(user.id, trustToken);
|
|
262
|
-
if (isTrusted) {
|
|
263
|
-
isRequiresMfa = false;
|
|
264
|
-
session = await this.sessionManager.updateSession(session.id, {
|
|
265
|
-
data: { ...session.data, isMfaVerified: true }
|
|
266
|
-
});
|
|
267
|
-
}
|
|
238
|
+
isTrusted = await this.checkTrustedDevice(user);
|
|
239
|
+
if (isTrusted) {
|
|
240
|
+
isRequiresMfa = false;
|
|
268
241
|
}
|
|
269
242
|
session = await this.sessionManager.updateSession(session.id, {
|
|
270
243
|
data: { ...session.data, isMfaEnabled: true, isMfaVerified: isTrusted }
|
|
@@ -280,16 +253,7 @@ let AuthService = class AuthService {
|
|
|
280
253
|
tokens,
|
|
281
254
|
isRequiresMfa
|
|
282
255
|
}));
|
|
283
|
-
|
|
284
|
-
accessToken: tokens.accessToken,
|
|
285
|
-
refreshToken: tokens.refreshToken,
|
|
286
|
-
isRequiresMfa: isRequiresMfa,
|
|
287
|
-
};
|
|
288
|
-
const config = this.authConfigService.getConfig();
|
|
289
|
-
if (config.auth?.transformResponse) {
|
|
290
|
-
response = await config.auth.transformResponse(response, user, session);
|
|
291
|
-
}
|
|
292
|
-
return response;
|
|
256
|
+
return this.generateAuthResponse(user, session, tokens, isRequiresMfa);
|
|
293
257
|
}
|
|
294
258
|
catch (error) {
|
|
295
259
|
this.debugLogger.logError(error, 'login', { providerName, createUserIfNotExists });
|
|
@@ -328,15 +292,17 @@ let AuthService = class AuthService {
|
|
|
328
292
|
let trustToken;
|
|
329
293
|
if (input.rememberDevice) {
|
|
330
294
|
const req = request_context_1.RequestContext.currentRequest();
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
295
|
+
if (req) {
|
|
296
|
+
const userAgent = (req.headers['user-agent'] || '');
|
|
297
|
+
const ip = (req.ip || req.socket.remoteAddress || '');
|
|
298
|
+
trustToken = await this.mfaService.createTrustedDevice(session.userId, userAgent, ip);
|
|
299
|
+
}
|
|
334
300
|
}
|
|
335
301
|
const user = await this.getUser();
|
|
336
302
|
this.debugLogger.debug('Emitting 2FA verified event', 'AuthService', { userId: user.id });
|
|
337
303
|
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.TWO_FACTOR_VERIFIED, new user_2fa_verified_event_1.User2faVerifiedEvent({
|
|
338
304
|
user: user,
|
|
339
|
-
tenantId: user
|
|
305
|
+
tenantId: user?.tenantId,
|
|
340
306
|
input,
|
|
341
307
|
session,
|
|
342
308
|
tokens
|
|
@@ -426,6 +392,12 @@ let AuthService = class AuthService {
|
|
|
426
392
|
code: auth_constants_1.ERROR_CODES.REFRESH_TOKEN_EXPIRED,
|
|
427
393
|
});
|
|
428
394
|
}
|
|
395
|
+
if (!payload.sessionId) {
|
|
396
|
+
throw new common_1.UnauthorizedException({
|
|
397
|
+
message: 'Invalid refresh token payload',
|
|
398
|
+
code: auth_constants_1.ERROR_CODES.REFRESH_TOKEN_INVALID,
|
|
399
|
+
});
|
|
400
|
+
}
|
|
429
401
|
const session = await this.sessionManager.getSession(payload.sessionId);
|
|
430
402
|
if (!session) {
|
|
431
403
|
throw new common_1.UnauthorizedException({
|
|
@@ -451,355 +423,22 @@ let AuthService = class AuthService {
|
|
|
451
423
|
throw error;
|
|
452
424
|
}
|
|
453
425
|
}
|
|
454
|
-
async changePassword(input) {
|
|
455
|
-
this.debugLogger.logFunctionEntry('changePassword', 'AuthService');
|
|
456
|
-
try {
|
|
457
|
-
const currentUser = request_context_1.RequestContext.currentUser();
|
|
458
|
-
if (!currentUser?.id) {
|
|
459
|
-
throw new common_1.UnauthorizedException({
|
|
460
|
-
message: 'User not found',
|
|
461
|
-
code: auth_constants_1.ERROR_CODES.USER_NOT_FOUND,
|
|
462
|
-
});
|
|
463
|
-
}
|
|
464
|
-
const user = await this.userRepository.findOne({
|
|
465
|
-
where: { id: currentUser.id },
|
|
466
|
-
});
|
|
467
|
-
if (!user) {
|
|
468
|
-
throw new common_1.UnauthorizedException({
|
|
469
|
-
message: 'User not found',
|
|
470
|
-
code: auth_constants_1.ERROR_CODES.USER_NOT_FOUND,
|
|
471
|
-
});
|
|
472
|
-
}
|
|
473
|
-
const isValid = await user.validatePassword(input.currentPassword);
|
|
474
|
-
if (!isValid) {
|
|
475
|
-
throw new common_1.BadRequestException({
|
|
476
|
-
message: 'Current password is incorrect',
|
|
477
|
-
code: auth_constants_1.ERROR_CODES.CURRENT_PASSWORD_INCORRECT,
|
|
478
|
-
});
|
|
479
|
-
}
|
|
480
|
-
if (input.currentPassword === input.newPassword) {
|
|
481
|
-
throw new common_1.BadRequestException({
|
|
482
|
-
message: 'New password must be different from the current password',
|
|
483
|
-
code: auth_constants_1.ERROR_CODES.NEW_PASSWORD_SAME_AS_CURRENT,
|
|
484
|
-
});
|
|
485
|
-
}
|
|
486
|
-
await user.setPassword(input.newPassword);
|
|
487
|
-
await this.userRepository.save(user);
|
|
488
|
-
await this.sessionManager.revokeAllUserSessions(user.id);
|
|
489
|
-
const hydratedUser = await this.getUserWithRolesAndPermissions(user.id);
|
|
490
|
-
const session = await this.sessionManager.createSessionFromUser(hydratedUser);
|
|
491
|
-
const tokens = await this.generateTokensFromSession(session);
|
|
492
|
-
const isRequiresMfa = await this.mfaService.isRequiresMfa(user.id);
|
|
493
|
-
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.PASSWORD_CHANGED, new user_password_changed_event_1.UserPasswordChangedEvent({
|
|
494
|
-
user,
|
|
495
|
-
initiatedBy: 'user'
|
|
496
|
-
}));
|
|
497
|
-
this.debugLogger.logFunctionExit('changePassword', 'AuthService', { userId: user.id });
|
|
498
|
-
return {
|
|
499
|
-
accessToken: tokens.accessToken,
|
|
500
|
-
refreshToken: tokens.refreshToken,
|
|
501
|
-
isRequiresMfa,
|
|
502
|
-
};
|
|
503
|
-
}
|
|
504
|
-
catch (error) {
|
|
505
|
-
this.debugLogger.logError(error, 'changePassword');
|
|
506
|
-
this.handleError(error, 'password_change');
|
|
507
|
-
throw error;
|
|
508
|
-
}
|
|
509
|
-
}
|
|
510
|
-
async forgotPassword(input) {
|
|
511
|
-
this.debugLogger.logFunctionEntry('forgotPassword', 'AuthService', { email: input.email, phone: input.phone });
|
|
512
|
-
try {
|
|
513
|
-
const { email, phone } = input;
|
|
514
|
-
let { tenantId = null } = input;
|
|
515
|
-
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
516
|
-
let provider = null;
|
|
517
|
-
if (phone) {
|
|
518
|
-
provider = this.authProviderRegistry.getProvider(auth_constants_1.PHONE_AUTH_PROVIDER);
|
|
519
|
-
}
|
|
520
|
-
else if (email) {
|
|
521
|
-
provider = this.authProviderRegistry.getProvider(auth_constants_1.EMAIL_AUTH_PROVIDER);
|
|
522
|
-
}
|
|
523
|
-
else {
|
|
524
|
-
throw new common_1.BadRequestException({
|
|
525
|
-
message: 'Either email or phone must be provided',
|
|
526
|
-
code: auth_constants_1.ERROR_CODES.EMAIL_OR_PHONE_REQUIRED,
|
|
527
|
-
});
|
|
528
|
-
}
|
|
529
|
-
if (!provider) {
|
|
530
|
-
throw new common_1.BadRequestException({
|
|
531
|
-
message: 'Phone or email authentication is not enabled',
|
|
532
|
-
code: auth_constants_1.ERROR_CODES.PROVIDER_NOT_FOUND,
|
|
533
|
-
});
|
|
534
|
-
}
|
|
535
|
-
if (!provider.enabled) {
|
|
536
|
-
if (email) {
|
|
537
|
-
throw new common_1.BadRequestException({
|
|
538
|
-
message: 'Email authentication is not enabled',
|
|
539
|
-
code: auth_constants_1.ERROR_CODES.PROVIDER_NOT_FOUND,
|
|
540
|
-
});
|
|
541
|
-
}
|
|
542
|
-
else if (phone) {
|
|
543
|
-
throw new common_1.BadRequestException({
|
|
544
|
-
message: 'Phone authentication is not enabled',
|
|
545
|
-
code: auth_constants_1.ERROR_CODES.PROVIDER_NOT_FOUND,
|
|
546
|
-
});
|
|
547
|
-
}
|
|
548
|
-
}
|
|
549
|
-
const identity = await provider.findIdentity(email || phone);
|
|
550
|
-
if (!identity) {
|
|
551
|
-
return { message: 'If the account exists, a password reset code has been sent' };
|
|
552
|
-
}
|
|
553
|
-
const options = auth_config_service_1.AuthConfigService.getOptions();
|
|
554
|
-
let code;
|
|
555
|
-
if (options.otp?.generate) {
|
|
556
|
-
code = await options.otp.generate(this.mfaConfig.otpLength);
|
|
557
|
-
}
|
|
558
|
-
else {
|
|
559
|
-
code = (0, otp_1.generateOtp)(this.mfaConfig.otpLength);
|
|
560
|
-
}
|
|
561
|
-
let expiresAtMs;
|
|
562
|
-
if (typeof this.mfaConfig.otpExpiresIn === 'string') {
|
|
563
|
-
expiresAtMs = (0, ms_1.default)(this.mfaConfig.otpExpiresIn);
|
|
564
|
-
}
|
|
565
|
-
else {
|
|
566
|
-
expiresAtMs = this.mfaConfig.otpExpiresIn || 900000;
|
|
567
|
-
}
|
|
568
|
-
if (!expiresAtMs || isNaN(expiresAtMs) || expiresAtMs <= 0) {
|
|
569
|
-
throw new Error(`Invalid MFA configuration: otpExpiresIn '${this.mfaConfig.otpExpiresIn}' results in invalid duration`);
|
|
570
|
-
}
|
|
571
|
-
await this.otpRepository.delete({
|
|
572
|
-
userId: identity.user?.id,
|
|
573
|
-
type: otp_interface_1.OTPTypeEnum.PASSWORD_RESET
|
|
574
|
-
});
|
|
575
|
-
const otpEntity = await this.otpRepository.create({
|
|
576
|
-
userId: identity.user?.id,
|
|
577
|
-
type: otp_interface_1.OTPTypeEnum.PASSWORD_RESET,
|
|
578
|
-
expiresAt: new Date(Date.now() + expiresAtMs),
|
|
579
|
-
code,
|
|
580
|
-
});
|
|
581
|
-
await this.otpRepository.save(otpEntity);
|
|
582
|
-
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.PASSWORD_RESET_REQUESTED, new password_reset_requested_event_1.PasswordResetRequestedEvent({
|
|
583
|
-
user: identity.user,
|
|
584
|
-
tenantId: identity.user?.tenantId,
|
|
585
|
-
input,
|
|
586
|
-
otp: otpEntity,
|
|
587
|
-
provider,
|
|
588
|
-
}));
|
|
589
|
-
this.debugLogger.logFunctionExit('forgotPassword', 'AuthService', { email: !!email, phone: !!phone });
|
|
590
|
-
return true;
|
|
591
|
-
}
|
|
592
|
-
catch (error) {
|
|
593
|
-
this.debugLogger.logError(error, 'forgotPassword', { email: input.email, phone: input.phone });
|
|
594
|
-
this.handleError(error, 'password_reset');
|
|
595
|
-
throw error;
|
|
596
|
-
}
|
|
597
|
-
}
|
|
598
|
-
async verifyForgotPasswordOtp(input) {
|
|
599
|
-
this.debugLogger.logFunctionEntry('verifyForgotPasswordOtp', 'AuthService', { email: input.email, phone: input.phone });
|
|
600
|
-
try {
|
|
601
|
-
const { email, phone, otp } = input;
|
|
602
|
-
let { tenantId = null } = input;
|
|
603
|
-
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
604
|
-
if (!email && !phone) {
|
|
605
|
-
throw new common_1.BadRequestException({
|
|
606
|
-
message: 'Either email or phone must be provided',
|
|
607
|
-
code: auth_constants_1.ERROR_CODES.EMAIL_OR_PHONE_REQUIRED,
|
|
608
|
-
});
|
|
609
|
-
}
|
|
610
|
-
let provider = null;
|
|
611
|
-
if (phone) {
|
|
612
|
-
provider = this.authProviderRegistry.getProvider(auth_constants_1.PHONE_AUTH_PROVIDER);
|
|
613
|
-
}
|
|
614
|
-
else if (email) {
|
|
615
|
-
provider = this.authProviderRegistry.getProvider(auth_constants_1.EMAIL_AUTH_PROVIDER);
|
|
616
|
-
}
|
|
617
|
-
if (!provider) {
|
|
618
|
-
throw new common_1.BadRequestException({
|
|
619
|
-
message: 'Phone or email authentication is not enabled',
|
|
620
|
-
code: auth_constants_1.ERROR_CODES.PROVIDER_NOT_FOUND,
|
|
621
|
-
});
|
|
622
|
-
}
|
|
623
|
-
const identity = await provider.findIdentity(email || phone);
|
|
624
|
-
if (!identity) {
|
|
625
|
-
throw new common_1.BadRequestException({
|
|
626
|
-
message: 'Invalid reset request',
|
|
627
|
-
code: auth_constants_1.ERROR_CODES.PASSWORD_RESET_INVALID_REQUEST,
|
|
628
|
-
});
|
|
629
|
-
}
|
|
630
|
-
const validOtp = await this.otpRepository.findOne({
|
|
631
|
-
where: {
|
|
632
|
-
userId: identity.user?.id,
|
|
633
|
-
code: otp,
|
|
634
|
-
type: otp_interface_1.OTPTypeEnum.PASSWORD_RESET,
|
|
635
|
-
used: false
|
|
636
|
-
},
|
|
637
|
-
relations: ['user']
|
|
638
|
-
});
|
|
639
|
-
if (!validOtp) {
|
|
640
|
-
throw new common_1.BadRequestException({
|
|
641
|
-
message: 'Invalid OTP code',
|
|
642
|
-
code: auth_constants_1.ERROR_CODES.OTP_INVALID,
|
|
643
|
-
});
|
|
644
|
-
}
|
|
645
|
-
if ((0, moment_1.default)(validOtp.expiresAt).isBefore(new Date())) {
|
|
646
|
-
throw new common_1.BadRequestException({
|
|
647
|
-
message: 'OTP code expired',
|
|
648
|
-
code: auth_constants_1.ERROR_CODES.OTP_EXPIRED,
|
|
649
|
-
});
|
|
650
|
-
}
|
|
651
|
-
const user = validOtp.user;
|
|
652
|
-
const passwordHashPrefix = user.passwordHash ? user.passwordHash.substring(0, 10) : '';
|
|
653
|
-
const resetToken = await this.jwtService.generatePasswordResetToken({
|
|
654
|
-
userId: user.id,
|
|
655
|
-
passwordHashPrefix,
|
|
656
|
-
type: 'password-reset'
|
|
657
|
-
});
|
|
658
|
-
await this.otpRepository.remove(validOtp);
|
|
659
|
-
this.debugLogger.logFunctionExit('verifyForgotPasswordOtp', 'AuthService', { email: input.email, phone: input.phone });
|
|
660
|
-
return {
|
|
661
|
-
message: 'OTP verified successfully',
|
|
662
|
-
resetToken
|
|
663
|
-
};
|
|
664
|
-
}
|
|
665
|
-
catch (error) {
|
|
666
|
-
this.debugLogger.logError(error, 'verifyForgotPasswordOtp', { email: input.email, phone: input.phone });
|
|
667
|
-
this.handleError(error, 'password_reset');
|
|
668
|
-
throw error;
|
|
669
|
-
}
|
|
670
|
-
}
|
|
671
|
-
async resetPassword(input) {
|
|
672
|
-
this.debugLogger.logFunctionEntry('resetPassword', 'AuthService', { email: input.email, phone: input.phone });
|
|
673
|
-
try {
|
|
674
|
-
const { email, phone, otp, newPassword } = input;
|
|
675
|
-
let { tenantId = null } = input;
|
|
676
|
-
tenantId = await this.tenantService.resolveTenantId(tenantId);
|
|
677
|
-
if (!email && !phone) {
|
|
678
|
-
throw new common_1.BadRequestException({
|
|
679
|
-
message: 'Either email or phone must be provided',
|
|
680
|
-
code: auth_constants_1.ERROR_CODES.EMAIL_OR_PHONE_REQUIRED,
|
|
681
|
-
});
|
|
682
|
-
}
|
|
683
|
-
const user = await this.userRepository.findOne({
|
|
684
|
-
where: [
|
|
685
|
-
...(email ? [{ email, tenantId }] : []),
|
|
686
|
-
...(phone ? [{ phone, tenantId }] : [])
|
|
687
|
-
]
|
|
688
|
-
});
|
|
689
|
-
if (!user) {
|
|
690
|
-
throw new common_1.BadRequestException({
|
|
691
|
-
message: 'Invalid reset request',
|
|
692
|
-
code: auth_constants_1.ERROR_CODES.PASSWORD_RESET_INVALID_REQUEST,
|
|
693
|
-
});
|
|
694
|
-
}
|
|
695
|
-
const validOtp = await this.otpRepository.findOne({
|
|
696
|
-
where: {
|
|
697
|
-
userId: user.id,
|
|
698
|
-
code: otp,
|
|
699
|
-
type: otp_interface_1.OTPTypeEnum.PASSWORD_RESET,
|
|
700
|
-
expiresAt: (0, typeorm_3.MoreThan)(new Date()),
|
|
701
|
-
used: false
|
|
702
|
-
}
|
|
703
|
-
});
|
|
704
|
-
if (!validOtp) {
|
|
705
|
-
throw new common_1.BadRequestException({
|
|
706
|
-
message: 'Invalid or expired OTP',
|
|
707
|
-
code: auth_constants_1.ERROR_CODES.OTP_INVALID,
|
|
708
|
-
});
|
|
709
|
-
}
|
|
710
|
-
await user.setPassword(newPassword);
|
|
711
|
-
await this.userRepository.save(user);
|
|
712
|
-
validOtp.used = true;
|
|
713
|
-
await this.otpRepository.save(validOtp);
|
|
714
|
-
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.PASSWORD_RESET, new password_reset_event_1.PasswordResetEvent({
|
|
715
|
-
user,
|
|
716
|
-
tenantId: user.tenantId,
|
|
717
|
-
input,
|
|
718
|
-
}));
|
|
719
|
-
this.debugLogger.logFunctionExit('resetPassword', 'AuthService', { email: !!email, phone: !!phone });
|
|
720
|
-
return true;
|
|
721
|
-
}
|
|
722
|
-
catch (error) {
|
|
723
|
-
this.debugLogger.logError(error, 'resetPassword', { email: input.email, phone: input.phone });
|
|
724
|
-
this.handleError(error, 'password_reset');
|
|
725
|
-
throw error;
|
|
726
|
-
}
|
|
727
|
-
}
|
|
728
|
-
async resetPasswordWithToken(input) {
|
|
729
|
-
this.debugLogger.logFunctionEntry('resetPasswordWithToken', 'AuthService', { token: '***' });
|
|
730
|
-
try {
|
|
731
|
-
const { token, newPassword } = input;
|
|
732
|
-
let decoded;
|
|
733
|
-
try {
|
|
734
|
-
decoded = await this.jwtService.verifyPasswordResetToken(token);
|
|
735
|
-
}
|
|
736
|
-
catch (error) {
|
|
737
|
-
throw new common_1.BadRequestException({
|
|
738
|
-
message: 'Invalid or expired reset token',
|
|
739
|
-
code: auth_constants_1.ERROR_CODES.PASSWORD_RESET_TOKEN_INVALID,
|
|
740
|
-
});
|
|
741
|
-
}
|
|
742
|
-
if (decoded.type !== 'password-reset') {
|
|
743
|
-
throw new common_1.BadRequestException({
|
|
744
|
-
message: 'Invalid token type',
|
|
745
|
-
code: auth_constants_1.ERROR_CODES.PASSWORD_RESET_TOKEN_INVALID,
|
|
746
|
-
});
|
|
747
|
-
}
|
|
748
|
-
const user = await this.userRepository.findOne({
|
|
749
|
-
where: { id: decoded.userId }
|
|
750
|
-
});
|
|
751
|
-
if (!user) {
|
|
752
|
-
throw new common_1.BadRequestException({
|
|
753
|
-
message: 'User not found',
|
|
754
|
-
code: auth_constants_1.ERROR_CODES.USER_NOT_FOUND,
|
|
755
|
-
});
|
|
756
|
-
}
|
|
757
|
-
const currentPasswordHashPrefix = user.passwordHash ? user.passwordHash.substring(0, 10) : '';
|
|
758
|
-
if (decoded.passwordHashPrefix !== currentPasswordHashPrefix) {
|
|
759
|
-
throw new common_1.BadRequestException({
|
|
760
|
-
message: 'Reset token is no longer valid',
|
|
761
|
-
code: auth_constants_1.ERROR_CODES.PASSWORD_RESET_TOKEN_INVALID,
|
|
762
|
-
});
|
|
763
|
-
}
|
|
764
|
-
await user.setPassword(newPassword);
|
|
765
|
-
await this.userRepository.save(user);
|
|
766
|
-
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.PASSWORD_RESET, new password_reset_event_1.PasswordResetEvent({
|
|
767
|
-
user,
|
|
768
|
-
tenantId: user.tenantId,
|
|
769
|
-
input: { token, newPassword },
|
|
770
|
-
}));
|
|
771
|
-
this.debugLogger.logFunctionExit('resetPasswordWithToken', 'AuthService');
|
|
772
|
-
return true;
|
|
773
|
-
}
|
|
774
|
-
catch (error) {
|
|
775
|
-
this.debugLogger.logError(error, 'resetPasswordWithToken');
|
|
776
|
-
this.handleError(error, 'password_reset');
|
|
777
|
-
throw error;
|
|
778
|
-
}
|
|
779
|
-
}
|
|
780
426
|
async logout(logoutType = 'user', reason) {
|
|
781
427
|
const session = request_context_1.RequestContext.currentSession();
|
|
782
428
|
const user = await this.getUser();
|
|
783
|
-
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_OUT, new logged_out_event_1.LoggedOutEvent({
|
|
784
|
-
user: user,
|
|
785
|
-
tenantId: user?.tenantId,
|
|
786
|
-
session,
|
|
787
|
-
logoutType,
|
|
788
|
-
reason,
|
|
789
|
-
}));
|
|
790
429
|
if (session) {
|
|
430
|
+
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.LOGGED_OUT, new logged_out_event_1.LoggedOutEvent({
|
|
431
|
+
user: user,
|
|
432
|
+
tenantId: user?.tenantId,
|
|
433
|
+
session,
|
|
434
|
+
logoutType,
|
|
435
|
+
reason,
|
|
436
|
+
}));
|
|
791
437
|
await this.sessionManager.revokeSession(session.id);
|
|
792
438
|
}
|
|
793
439
|
return true;
|
|
794
440
|
}
|
|
795
441
|
async logoutAll(userId, logoutType = 'user', reason) {
|
|
796
|
-
const session = request_context_1.RequestContext.currentSession();
|
|
797
|
-
if (!session) {
|
|
798
|
-
throw new common_1.UnauthorizedException({
|
|
799
|
-
message: 'Session not found',
|
|
800
|
-
code: auth_constants_1.ERROR_CODES.SESSION_NOT_FOUND,
|
|
801
|
-
});
|
|
802
|
-
}
|
|
803
442
|
const sessions = await this.sessionManager.getUserSessions(userId);
|
|
804
443
|
await this.sessionManager.revokeAllUserSessions(userId);
|
|
805
444
|
const user = await this.userRepository.findOne({ where: { id: userId } });
|
|
@@ -809,119 +448,11 @@ let AuthService = class AuthService {
|
|
|
809
448
|
tenantId: user.tenantId,
|
|
810
449
|
logoutType,
|
|
811
450
|
reason,
|
|
812
|
-
currentSessionId: session.id,
|
|
813
451
|
sessions,
|
|
814
452
|
}));
|
|
815
453
|
}
|
|
816
454
|
return true;
|
|
817
455
|
}
|
|
818
|
-
async sendEmailVerification(input) {
|
|
819
|
-
this.debugLogger.logFunctionEntry('sendEmailVerification', 'AuthService');
|
|
820
|
-
try {
|
|
821
|
-
const user = request_context_1.RequestContext.currentUser();
|
|
822
|
-
if (!user) {
|
|
823
|
-
throw new common_1.UnauthorizedException({
|
|
824
|
-
message: 'User not authenticated',
|
|
825
|
-
code: auth_constants_1.ERROR_CODES.UNAUTHORIZED,
|
|
826
|
-
});
|
|
827
|
-
}
|
|
828
|
-
const fullUser = await this.getUserWithRolesAndPermissions(user.id);
|
|
829
|
-
if (!fullUser.email) {
|
|
830
|
-
throw new common_1.BadRequestException({
|
|
831
|
-
message: 'User does not have an email address',
|
|
832
|
-
code: auth_constants_1.ERROR_CODES.NO_EMAIL_ADDRESS,
|
|
833
|
-
});
|
|
834
|
-
}
|
|
835
|
-
if (fullUser.emailVerifiedAt) {
|
|
836
|
-
throw new common_1.BadRequestException({
|
|
837
|
-
message: 'Email is already verified',
|
|
838
|
-
code: auth_constants_1.ERROR_CODES.EMAIL_ALREADY_VERIFIED,
|
|
839
|
-
});
|
|
840
|
-
}
|
|
841
|
-
const otp = (0, otp_1.generateOtp)();
|
|
842
|
-
const expiresAt = new Date();
|
|
843
|
-
expiresAt.setMinutes(expiresAt.getMinutes() + 30);
|
|
844
|
-
const otpEntity = await this.otpRepository.save({
|
|
845
|
-
userId: fullUser.id,
|
|
846
|
-
code: otp,
|
|
847
|
-
expiresAt,
|
|
848
|
-
type: otp_interface_1.OTPTypeEnum.VERIFICATION
|
|
849
|
-
});
|
|
850
|
-
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.EMAIL_VERIFICATION_REQUESTED, {
|
|
851
|
-
user: fullUser,
|
|
852
|
-
tenantId: fullUser.tenantId,
|
|
853
|
-
otp: otpEntity,
|
|
854
|
-
});
|
|
855
|
-
this.debugLogger.logFunctionExit('sendEmailVerification', 'AuthService');
|
|
856
|
-
return { message: 'Verification email sent successfully' };
|
|
857
|
-
}
|
|
858
|
-
catch (error) {
|
|
859
|
-
this.debugLogger.logError(error, 'sendEmailVerification');
|
|
860
|
-
this.handleError(error, 'signup');
|
|
861
|
-
throw error;
|
|
862
|
-
}
|
|
863
|
-
}
|
|
864
|
-
async verifyEmail(input) {
|
|
865
|
-
this.debugLogger.logFunctionEntry('verifyEmail', 'AuthService');
|
|
866
|
-
try {
|
|
867
|
-
const user = request_context_1.RequestContext.currentUser();
|
|
868
|
-
if (!user) {
|
|
869
|
-
throw new common_1.UnauthorizedException({
|
|
870
|
-
message: 'User not authenticated',
|
|
871
|
-
code: auth_constants_1.ERROR_CODES.UNAUTHORIZED,
|
|
872
|
-
});
|
|
873
|
-
}
|
|
874
|
-
const fullUser = await this.getUserWithRolesAndPermissions(user.id);
|
|
875
|
-
if (!fullUser.email) {
|
|
876
|
-
throw new common_1.BadRequestException({
|
|
877
|
-
message: 'User does not have an email address',
|
|
878
|
-
code: auth_constants_1.ERROR_CODES.NO_EMAIL_ADDRESS,
|
|
879
|
-
});
|
|
880
|
-
}
|
|
881
|
-
if (fullUser.emailVerifiedAt) {
|
|
882
|
-
throw new common_1.BadRequestException({
|
|
883
|
-
message: 'Email is already verified',
|
|
884
|
-
code: auth_constants_1.ERROR_CODES.EMAIL_ALREADY_VERIFIED,
|
|
885
|
-
});
|
|
886
|
-
}
|
|
887
|
-
const validOtp = await this.otpRepository.findOne({
|
|
888
|
-
where: {
|
|
889
|
-
userId: fullUser.id,
|
|
890
|
-
code: input.otp,
|
|
891
|
-
type: otp_interface_1.OTPTypeEnum.VERIFICATION,
|
|
892
|
-
used: false
|
|
893
|
-
}
|
|
894
|
-
});
|
|
895
|
-
if (!validOtp) {
|
|
896
|
-
throw new common_1.BadRequestException({
|
|
897
|
-
message: 'Invalid verification code',
|
|
898
|
-
code: auth_constants_1.ERROR_CODES.VERIFICATION_CODE_INVALID,
|
|
899
|
-
});
|
|
900
|
-
}
|
|
901
|
-
if ((0, moment_1.default)(validOtp.expiresAt).isBefore(new Date())) {
|
|
902
|
-
throw new common_1.BadRequestException({
|
|
903
|
-
message: 'Verification code has expired',
|
|
904
|
-
code: auth_constants_1.ERROR_CODES.VERIFICATION_CODE_EXPIRED,
|
|
905
|
-
});
|
|
906
|
-
}
|
|
907
|
-
validOtp.used = true;
|
|
908
|
-
await this.otpRepository.save(validOtp);
|
|
909
|
-
fullUser.emailVerifiedAt = new Date();
|
|
910
|
-
fullUser.isVerified = true;
|
|
911
|
-
await this.userRepository.save(fullUser);
|
|
912
|
-
await this.eventEmitter.emitAsync(auth_constants_1.NestAuthEvents.EMAIL_VERIFIED, {
|
|
913
|
-
user: fullUser,
|
|
914
|
-
tenantId: fullUser.tenantId,
|
|
915
|
-
});
|
|
916
|
-
this.debugLogger.logFunctionExit('verifyEmail', 'AuthService');
|
|
917
|
-
return { message: 'Email verified successfully' };
|
|
918
|
-
}
|
|
919
|
-
catch (error) {
|
|
920
|
-
this.debugLogger.logError(error, 'verifyEmail');
|
|
921
|
-
this.handleError(error, 'signup');
|
|
922
|
-
throw error;
|
|
923
|
-
}
|
|
924
|
-
}
|
|
925
456
|
async generateTokensPayload(session, otherPayload = {}) {
|
|
926
457
|
let payload = {
|
|
927
458
|
id: session.userId,
|
|
@@ -956,14 +487,43 @@ let AuthService = class AuthService {
|
|
|
956
487
|
const tokens = await this.jwtService.generateTokens(payload);
|
|
957
488
|
return tokens;
|
|
958
489
|
}
|
|
490
|
+
async generateAuthResponse(user, session, tokens, isRequiresMfa) {
|
|
491
|
+
let response = {
|
|
492
|
+
accessToken: tokens.accessToken,
|
|
493
|
+
refreshToken: tokens.refreshToken,
|
|
494
|
+
isRequiresMfa: isRequiresMfa,
|
|
495
|
+
};
|
|
496
|
+
if (isRequiresMfa) {
|
|
497
|
+
const enabledMethods = await this.mfaService.getEnabledMethods(user.id);
|
|
498
|
+
response.mfaMethods = enabledMethods;
|
|
499
|
+
response.defaultMfaMethod = this.mfaService.mfaConfig?.defaultMethod || enabledMethods[0];
|
|
500
|
+
}
|
|
501
|
+
const config = this.authConfigService.getConfig();
|
|
502
|
+
if (config.auth?.transformResponse) {
|
|
503
|
+
response = await config.auth.transformResponse(response, user, session);
|
|
504
|
+
}
|
|
505
|
+
return response;
|
|
506
|
+
}
|
|
507
|
+
async checkTrustedDevice(user) {
|
|
508
|
+
const trustCookieName = auth_config_service_1.AuthConfigService.getOptions().mfa?.trustDeviceStorageName || auth_constants_1.NEST_AUTH_TRUST_DEVICE_KEY;
|
|
509
|
+
const req = request_context_1.RequestContext.currentRequest();
|
|
510
|
+
if (req) {
|
|
511
|
+
let trustToken = cookie_helper_1.CookieHelper.get(req, trustCookieName);
|
|
512
|
+
if (!trustToken) {
|
|
513
|
+
trustToken = req.headers[trustCookieName];
|
|
514
|
+
}
|
|
515
|
+
if (trustToken) {
|
|
516
|
+
return await this.mfaService.validateTrustedDevice(user.id, trustToken);
|
|
517
|
+
}
|
|
518
|
+
}
|
|
519
|
+
return false;
|
|
520
|
+
}
|
|
959
521
|
};
|
|
960
522
|
exports.AuthService = AuthService;
|
|
961
523
|
exports.AuthService = AuthService = __decorate([
|
|
962
524
|
(0, common_1.Injectable)(),
|
|
963
525
|
__param(0, (0, typeorm_1.InjectRepository)(user_entity_1.NestAuthUser)),
|
|
964
|
-
__param(1, (0, typeorm_1.InjectRepository)(otp_entity_1.NestAuthOTP)),
|
|
965
526
|
__metadata("design:paramtypes", [typeorm_2.Repository,
|
|
966
|
-
typeorm_2.Repository,
|
|
967
527
|
auth_provider_registry_service_1.AuthProviderRegistryService,
|
|
968
528
|
mfa_service_1.MfaService,
|
|
969
529
|
session_manager_service_1.SessionManagerService,
|