@acmekit/auth-emailpass 2.13.1

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+declare const _default: import("@acmekit/types").ModuleProviderExports;
+export default _default;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAKA,wBAEE"}

package/dist/index.js

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const utils_1 = require("@acmekit/framework/utils");
+const emailpass_1 = require("./services/emailpass");
+const services = [emailpass_1.EmailPassAuthService];
+exports.default = (0, utils_1.ModuleProvider)(utils_1.Modules.AUTH, {
+    services,
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;AAAA,oDAAkE;AAClE,oDAA2D;AAE3D,MAAM,QAAQ,GAAG,CAAC,gCAAoB,CAAC,CAAA;AAEvC,kBAAe,IAAA,sBAAc,EAAC,eAAO,CAAC,IAAI,EAAE;IAC1C,QAAQ;CACT,CAAC,CAAA"}

package/dist/services/emailpass.d.ts

@@ -0,0 +1,36 @@
+import { AuthenticationInput, AuthenticationResponse, AuthIdentityProviderService, EmailPassAuthProviderOptions, Logger } from "@acmekit/framework/types";
+import { AbstractAuthModuleProvider } from "@acmekit/framework/utils";
+type InjectedDependencies = {
+    logger: Logger;
+};
+interface LocalServiceConfig extends EmailPassAuthProviderOptions {
+}
+export declare class EmailPassAuthService extends AbstractAuthModuleProvider {
+    static identifier: string;
+    static DISPLAY_NAME: string;
+    protected config_: LocalServiceConfig;
+    protected logger_: Logger;
+    constructor({ logger }: InjectedDependencies, options: EmailPassAuthProviderOptions);
+    protected hashPassword(password: string): Promise<string>;
+    update(data: {
+        password: string;
+        entity_id: string;
+    }, authIdentityService: AuthIdentityProviderService): Promise<{
+        success: boolean;
+        error?: undefined;
+        authIdentity?: undefined;
+    } | {
+        success: boolean;
+        error: any;
+        authIdentity?: undefined;
+    } | {
+        success: boolean;
+        authIdentity: any;
+        error?: undefined;
+    }>;
+    authenticate(userData: AuthenticationInput, authIdentityService: AuthIdentityProviderService): Promise<AuthenticationResponse>;
+    register(userData: AuthenticationInput, authIdentityService: AuthIdentityProviderService): Promise<AuthenticationResponse>;
+    private upsertAuthIdentity;
+}
+export {};
+//# sourceMappingURL=emailpass.d.ts.map

package/dist/services/emailpass.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"emailpass.d.ts","sourceRoot":"","sources":["../../src/services/emailpass.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,mBAAmB,EACnB,sBAAsB,EAEtB,2BAA2B,EAC3B,4BAA4B,EAC5B,MAAM,EACP,MAAM,0BAA0B,CAAA;AACjC,OAAO,EAAE,0BAA0B,EAA2B,MAAM,0BAA0B,CAAA;AAI9F,KAAK,oBAAoB,GAAG;IAC1B,MAAM,EAAE,MAAM,CAAA;CACf,CAAA;AAQD,UAAU,kBAAmB,SAAQ,4BAA4B;CAAG;AAEpE,qBAAa,oBAAqB,SAAQ,0BAA0B;IAClE,MAAM,CAAC,UAAU,SAAc;IAC/B,MAAM,CAAC,YAAY,SAAkC;IAErD,SAAS,CAAC,OAAO,EAAE,kBAAkB,CAAA;IACrC,SAAS,CAAC,OAAO,EAAE,MAAM,CAAA;gBAGvB,EAAE,MAAM,EAAE,EAAE,oBAAoB,EAChC,OAAO,EAAE,4BAA4B;cAQvB,YAAY,CAAC,QAAQ,EAAE,MAAM;IAMvC,MAAM,CACV,IAAI,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,EAC7C,mBAAmB,EAAE,2BAA2B;;;;;;;;;;;;;IAmC5C,YAAY,CAChB,QAAQ,EAAE,mBAAmB,EAC7B,mBAAmB,EAAE,2BAA2B,GAC/C,OAAO,CAAC,sBAAsB,CAAC;IA+D5B,QAAQ,CACZ,QAAQ,EAAE,mBAAmB,EAC7B,mBAAmB,EAAE,2BAA2B,GAC/C,OAAO,CAAC,sBAAsB,CAAC;YA0DpB,kBAAkB;CAsBjC"}

package/dist/services/emailpass.js

@@ -0,0 +1,170 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EmailPassAuthService = void 0;
+const utils_1 = require("@acmekit/framework/utils");
+const scrypt_kdf_1 = __importDefault(require("scrypt-kdf"));
+const utils_2 = require("@acmekit/utils");
+class EmailPassAuthService extends utils_1.AbstractAuthModuleProvider {
+    constructor({ logger }, options) {
+        // @ts-ignore
+        super(...arguments);
+        this.config_ = options;
+        this.logger_ = logger;
+    }
+    async hashPassword(password) {
+        const hashConfig = this.config_.hashConfig ?? { logN: 15, r: 8, p: 1 };
+        const passwordHash = await scrypt_kdf_1.default.kdf(password, hashConfig);
+        return passwordHash.toString("base64");
+    }
+    async update(data, authIdentityService) {
+        const { password, entity_id } = data ?? {};
+        if (!entity_id) {
+            return {
+                success: false,
+                error: `Cannot update ${this.provider} provider identity without entity_id`,
+            };
+        }
+        if (!password || !(0, utils_1.isString)(password)) {
+            return { success: true };
+        }
+        let authIdentity;
+        try {
+            const passwordHash = await this.hashPassword(password);
+            authIdentity = await authIdentityService.update(entity_id, {
+                provider_metadata: {
+                    password: passwordHash,
+                },
+            });
+        }
+        catch (error) {
+            return { success: false, error: error.message };
+        }
+        return {
+            success: true,
+            authIdentity,
+        };
+    }
+    async authenticate(userData, authIdentityService) {
+        const { email, password } = userData.body ?? {};
+        if (!password || !(0, utils_1.isString)(password)) {
+            return {
+                success: false,
+                error: "Password should be a string",
+            };
+        }
+        if (!email || !(0, utils_1.isString)(email)) {
+            return {
+                success: false,
+                error: "Email should be a string",
+            };
+        }
+        let authIdentity;
+        try {
+            authIdentity = await authIdentityService.retrieve({
+                entity_id: email,
+            });
+        }
+        catch (error) {
+            if (error.type === utils_1.AcmeKitError.Types.NOT_FOUND) {
+                return {
+                    success: false,
+                    error: "Invalid email or password",
+                };
+            }
+            return { success: false, error: error.message };
+        }
+        const providerIdentity = authIdentity.provider_identities?.find((pi) => pi.provider === this.provider);
+        const passwordHash = providerIdentity.provider_metadata?.password;
+        if ((0, utils_1.isString)(passwordHash)) {
+            const buf = Buffer.from(passwordHash, "base64");
+            const success = await scrypt_kdf_1.default.verify(buf, password);
+            if (success) {
+                const copy = JSON.parse(JSON.stringify(authIdentity));
+                const providerIdentity = copy.provider_identities?.find((pi) => pi.provider === this.provider);
+                delete providerIdentity.provider_metadata?.password;
+                return {
+                    success,
+                    authIdentity: copy,
+                };
+            }
+        }
+        return {
+            success: false,
+            error: "Invalid email or password",
+        };
+    }
+    async register(userData, authIdentityService) {
+        const { email, password } = userData.body ?? {};
+        if (!password || !(0, utils_1.isString)(password)) {
+            return {
+                success: false,
+                error: "Password should be a string",
+            };
+        }
+        if (!email || !(0, utils_1.isString)(email)) {
+            return {
+                success: false,
+                error: "Email should be a string",
+            };
+        }
+        try {
+            const identity = await authIdentityService.retrieve({
+                entity_id: email,
+            });
+            // If app_metadata is not defined or empty, it means no actor was assigned to the auth_identity yet (still "claimable")
+            if (!(0, utils_2.isPresent)(identity.app_metadata)) {
+                const updatedAuthIdentity = await this.upsertAuthIdentity('update', {
+                    email,
+                    password,
+                    authIdentityService,
+                });
+                return {
+                    success: true,
+                    authIdentity: updatedAuthIdentity,
+                };
+            }
+            return {
+                success: false,
+                error: "Identity with email already exists",
+            };
+        }
+        catch (error) {
+            if (error.type === utils_1.AcmeKitError.Types.NOT_FOUND) {
+                const createdAuthIdentity = await this.upsertAuthIdentity('create', {
+                    email,
+                    password,
+                    authIdentityService,
+                });
+                return {
+                    success: true,
+                    authIdentity: createdAuthIdentity,
+                };
+            }
+            return { success: false, error: error.message };
+        }
+    }
+    async upsertAuthIdentity(type, { email, password, authIdentityService }) {
+        const passwordHash = await this.hashPassword(password);
+        const authIdentity = type === 'create' ? await authIdentityService.create({
+            entity_id: email,
+            provider_metadata: {
+                password: passwordHash,
+            },
+        }) : await authIdentityService.update(email, {
+            provider_metadata: {
+                password: passwordHash,
+            },
+        });
+        const copy = JSON.parse(JSON.stringify(authIdentity));
+        const providerIdentity = copy.provider_identities?.find((pi) => pi.provider === this.provider);
+        delete providerIdentity.provider_metadata?.password;
+        return copy;
+    }
+}
+exports.EmailPassAuthService = EmailPassAuthService;
+EmailPassAuthService.identifier = "emailpass";
+EmailPassAuthService.DISPLAY_NAME = "Email/Password Authentication";
+//# sourceMappingURL=emailpass.js.map

package/dist/services/emailpass.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"emailpass.js","sourceRoot":"","sources":["../../src/services/emailpass.ts"],"names":[],"mappings":";;;;;;AAQA,oDAA8F;AAC9F,4DAA+B;AAC/B,0CAA0C;AAc1C,MAAa,oBAAqB,SAAQ,kCAA0B;IAOlE,YACE,EAAE,MAAM,EAAwB,EAChC,OAAqC;QAErC,aAAa;QACb,KAAK,CAAC,GAAG,SAAS,CAAC,CAAA;QACnB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAA;IACvB,CAAC;IAES,KAAK,CAAC,YAAY,CAAC,QAAgB;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAA;QACtE,MAAM,YAAY,GAAG,MAAM,oBAAM,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;QAC3D,OAAO,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACxC,CAAC;IAED,KAAK,CAAC,MAAM,CACV,IAA6C,EAC7C,mBAAgD;QAEhD,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,IAAI,IAAI,EAAE,CAAA;QAE1C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,iBAAiB,IAAI,CAAC,QAAQ,sCAAsC;aAC5E,CAAA;QACH,CAAC;QAED,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;QAC1B,CAAC;QAED,IAAI,YAAY,CAAA;QAEhB,IAAI,CAAC;YACH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;YAEtD,YAAY,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,SAAS,EAAE;gBACzD,iBAAiB,EAAE;oBACjB,QAAQ,EAAE,YAAY;iBACvB;aACF,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAA;QACjD,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,YAAY;SACb,CAAA;IACH,CAAC;IAED,KAAK,CAAC,YAAY,CAChB,QAA6B,EAC7B,mBAAgD;QAEhD,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAA;QAE/C,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,6BAA6B;aACrC,CAAA;QACH,CAAC;QAED,IAAI,CAAC,KAAK,IAAI,CAAC,IAAA,gBAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,0BAA0B;aAClC,CAAA;QACH,CAAC;QAED,IAAI,YAAyC,CAAA;QAE7C,IAAI,CAAC;YACH,YAAY,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC;gBAChD,SAAS,EAAE,KAAK;aACjB,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAY,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;gBAChD,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,2BAA2B;iBACnC,CAAA;YACH,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAA;QACjD,CAAC;QAED,MAAM,gBAAgB,GAAG,YAAY,CAAC,mBAAmB,EAAE,IAAI,CAC7D,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CACrC,CAAA;QACF,MAAM,YAAY,GAAG,gBAAgB,CAAC,iBAAiB,EAAE,QAAQ,CAAA;QAEjE,IAAI,IAAA,gBAAQ,EAAC,YAAY,CAAC,EAAE,CAAC;YAC3B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,YAAsB,EAAE,QAAQ,CAAC,CAAA;YACzD,MAAM,OAAO,GAAG,MAAM,oBAAM,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAA;YAElD,IAAI,OAAO,EAAE,CAAC;gBACZ,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAA;gBACrD,MAAM,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,EAAE,IAAI,CACrD,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CACrC,CAAA;gBACF,OAAO,gBAAgB,CAAC,iBAAiB,EAAE,QAAQ,CAAA;gBAEnD,OAAO;oBACL,OAAO;oBACP,YAAY,EAAE,IAAI;iBACnB,CAAA;YACH,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,2BAA2B;SACnC,CAAA;IACH,CAAC;IAED,KAAK,CAAC,QAAQ,CACZ,QAA6B,EAC7B,mBAAgD;QAEhD,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,QAAQ,CAAC,IAAI,IAAI,EAAE,CAAA;QAE/C,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAA,gBAAQ,EAAC,QAAQ,CAAC,EAAE,CAAC;YACrC,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,6BAA6B;aACrC,CAAA;QACH,CAAC;QAED,IAAI,CAAC,KAAK,IAAI,CAAC,IAAA,gBAAQ,EAAC,KAAK,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,0BAA0B;aAClC,CAAA;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,mBAAmB,CAAC,QAAQ,CAAC;gBAClD,SAAS,EAAE,KAAK;aACjB,CAAC,CAAA;YAEF,uHAAuH;YACvH,IAAI,CAAC,IAAA,iBAAS,EAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBACtC,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE;oBAClE,KAAK;oBACL,QAAQ;oBACR,mBAAmB;iBACpB,CAAC,CAAA;gBAEF,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,YAAY,EAAE,mBAAmB;iBAClC,CAAA;YACH,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,oCAAoC;aAC5C,CAAA;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,CAAC,IAAI,KAAK,oBAAY,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;gBAChD,MAAM,mBAAmB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,EAAE;oBAClE,KAAK;oBACL,QAAQ;oBACR,mBAAmB;iBACpB,CAAC,CAAA;gBAEF,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,YAAY,EAAE,mBAAmB;iBAClC,CAAA;YACH,CAAC;YAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,CAAA;QACjD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,kBAAkB,CAAC,IAAyB,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,mBAAmB,EAAsB;QACtH,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAA;QAEtD,MAAM,YAAY,GAAG,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,mBAAmB,CAAC,MAAM,CAAC;YACtE,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE;gBACjB,QAAQ,EAAE,YAAY;aACvB;SACF,CAAC,CAAC,CAAC,CAAC,MAAM,mBAAmB,CAAC,MAAM,CAAC,KAAK,EAAE;YAC7C,iBAAiB,EAAE;gBACjB,QAAQ,EAAE,YAAY;aACvB;SACF,CAAC,CAAA;QAEF,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAA;QACrD,MAAM,gBAAgB,GAAG,IAAI,CAAC,mBAAmB,EAAE,IAAI,CACrD,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CACrC,CAAA;QACF,OAAO,gBAAgB,CAAC,iBAAiB,EAAE,QAAQ,CAAA;QAEnD,OAAO,IAAI,CAAA;IACb,CAAC;;AAhNH,oDAiNC;AAhNQ,+BAAU,GAAG,WAAW,CAAA;AACxB,iCAAY,GAAG,+BAA+B,CAAA"}

package/dist/tsconfig.tsbuildinfo

@@ -0,0 +1 @@
+{"root":["../src/index.ts","../src/services/emailpass.ts"],"version":"5.9.3"}

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@acmekit/auth-emailpass",
+  "version": "2.13.1",
+  "description": "Email and password credential authentication provider for AcmeKit",
+  "main": "dist/index.js",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/acmekit/acmekit",
+    "directory": "packages/modules/providers/auth-emailpass"
+  },
+  "files": [
+    "dist",
+    "!dist/**/__tests__",
+    "!dist/**/__mocks__",
+    "!dist/**/__fixtures__"
+  ],
+  "engines": {
+    "node": ">=20"
+  },
+  "author": "AcmeKit",
+  "license": "MIT",
+  "scripts": {
+    "test": "../../../../node_modules/.bin/jest --passWithNoTests src",
+    "test:integration": "../../../../node_modules/.bin/jest --passWithNoTests --forceExit --testPathPattern=\"integration-tests/__tests__/.*\\.spec\\.ts\"",
+    "build": "yarn run -T rimraf dist && yarn run -T tsc --build",
+    "watch": "yarn run -T tsc --watch"
+  },
+  "devDependencies": {
+    "@acmekit/framework": "2.13.1"
+  },
+  "dependencies": {
+    "scrypt-kdf": "^2.0.1"
+  },
+  "peerDependencies": {
+    "@acmekit/framework": "2.13.1"
+  },
+  "keywords": [
+    "acmekit-provider",
+    "acmekit-provider-auth-userpass"
+  ]
+}