@acorex/platform 21.0.0-next.1 → 21.0.0-next.11

package/fesm2022/acorex-platform-auth.mjs

@@ -1,6 +1,6 @@
 import * as i0 from '@angular/core';
-import { InjectionToken, Injector, Injectable, signal, inject, Input, Directive, provideAppInitializer, Optional, Inject, NgModule } from '@angular/core';
-import { AXPBroadcastEventService, AXP_MODULE_PROVIDER_LOADER, AXPModuleProviderRegistry, AXP_SESSION_SERVICE } from '@acorex/platform/core';
+import { InjectionToken, Injector, Injectable, signal, inject, Input, Directive, provideAppInitializer, Optional, Inject, NgModule, input, output, Component } from '@angular/core';
+import { AXPBroadcastEventService, AXP_SESSION_SERVICE } from '@acorex/platform/core';
 import { isEmpty } from 'lodash-es';
 import { map, BehaviorSubject, shareReplay, defaultIfEmpty, switchMap, filter, from, first } from 'rxjs';
 
@@ -72,10 +72,10 @@ class AXPAuthStrategyRegistryService {
     get(strategyKey) {
         return this.strategies.get(strategyKey);
     }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPAuthStrategyRegistryService, deps: [{ token: i0.Injector }], target: i0.ɵɵFactoryTarget.Injectable }); }
-    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPAuthStrategyRegistryService, providedIn: 'root' }); }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPAuthStrategyRegistryService, deps: [{ token: i0.Injector }], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPAuthStrategyRegistryService, providedIn: 'root' }); }
 }
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPAuthStrategyRegistryService, decorators: [{
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPAuthStrategyRegistryService, decorators: [{
             type: Injectable,
             args: [{
                     providedIn: 'root'
@@ -132,10 +132,10 @@ class AXPFeatureDirective {
     ngOnDestroy() {
         this.subscription?.unsubscribe();
     }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPFeatureDirective, deps: [{ token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive }); }
-    static { this.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "20.3.12", type: AXPFeatureDirective, isStandalone: false, selector: "[feature]", inputs: { feature: "feature", featureElse: "featureElse" }, ngImport: i0 }); }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPFeatureDirective, deps: [{ token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive }); }
+    static { this.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "20.3.15", type: AXPFeatureDirective, isStandalone: false, selector: "[feature]", inputs: { feature: "feature", featureElse: "featureElse" }, ngImport: i0 }); }
 }
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPFeatureDirective, decorators: [{
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPFeatureDirective, decorators: [{
             type: Directive,
             args: [{
                     selector: '[feature]',
@@ -236,11 +236,11 @@ class AXPSessionService {
     constructor() {
         this.eventService = inject(AXPBroadcastEventService);
         this.authStrategyRegistry = inject(AXPAuthStrategyRegistryService);
+        this.injector = inject(Injector);
         this.permissionLoader = inject(AXP_PERMISSION_LOADER);
         this.featureLoader = inject(AXP_FEATURE_LOADER);
         this.tenantLoader = inject(AXP_TENANT_LOADER);
         this.applicationLoader = inject(AXP_APPLICATION_LOADER);
-        this.moduleProviderLoader = inject(AXP_MODULE_PROVIDER_LOADER);
         this.permissionChecker = inject(AXP_PERMISSION_CHECKER, { optional: true });
         this.featureChecker = inject(AXP_FEATURE_CHECKER, { optional: true });
         this.status = new BehaviorSubject(AXPSessionStatus.Unauthenticated);
@@ -322,10 +322,6 @@ class AXPSessionService {
                         this.currentApplicationSubject.next(sessionData.application);
                     }
                     this.status.next(AXPSessionStatus.Authenticated);
-                    // Load required modules first to ensure entities are available for loaders
-                    // This is critical because loaders (like application.loader) need entities
-                    // from required modules (ApplicationManagement, TenantManagement, SecurityManagement)
-                    await this.moduleProviderLoader.loadRequiredModules();
                     await this.loadPermissions();
                     await this.loadFeatures();
                     await this.signInComplete();
@@ -443,9 +439,6 @@ class AXPSessionService {
             }
             //
             const userId = this.user?.id;
-            // Clear module provider loader cache before clearing session
-            // This ensures modules and providers from previous user are not cached
-            await this.moduleProviderLoader.clear();
             this.clearSession();
             this.eventService.publish(AXPSessionStatus.SignedOut, { id: userId });
             this.isLoading.next(false);
@@ -613,6 +606,22 @@ class AXPSessionService {
         }
         return baseResult;
     }
+    /**
+     * Checks if a module is enabled for the current tenant/application.
+     * Module names are stored as features with value: true when enabled.
+     * Module names can be provided in PascalCase (e.g., 'SecurityManagement') or kebab-case (e.g., 'security-management').
+     */
+    isModuleEnabled(moduleName) {
+        if (!moduleName) {
+            return false;
+        }
+        // Normalize module name: convert kebab-case to PascalCase if needed
+        const normalizedModuleName = moduleName.includes('-')
+            ? moduleName.split('-').map(word => word.charAt(0).toUpperCase() + word.slice(1)).join('')
+            : moduleName;
+        // Module names are stored as features with value: true when enabled
+        return this.features.some(f => f.name === normalizedModuleName && f.value === true);
+    }
     getToken() {
         const sessionData = this.getSessionData();
         return sessionData?.accessToken;
@@ -624,10 +633,10 @@ class AXPSessionService {
             application: this.application,
         });
     }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPSessionService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
-    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPSessionService, providedIn: 'root' }); }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPSessionService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPSessionService, providedIn: 'root' }); }
 }
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPSessionService, decorators: [{
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPSessionService, decorators: [{
             type: Injectable,
             args: [{
                     providedIn: 'root',
@@ -671,10 +680,10 @@ class AXPPermissionDirective {
     ngOnDestroy() {
         this.subscription?.unsubscribe();
     }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPPermissionDirective, deps: [{ token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive }); }
-    static { this.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "20.3.12", type: AXPPermissionDirective, isStandalone: false, selector: "[permission]", inputs: { permission: "permission", permissionElse: "permissionElse" }, ngImport: i0 }); }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPPermissionDirective, deps: [{ token: i0.TemplateRef }, { token: i0.ViewContainerRef }], target: i0.ɵɵFactoryTarget.Directive }); }
+    static { this.ɵdir = i0.ɵɵngDeclareDirective({ minVersion: "14.0.0", version: "20.3.15", type: AXPPermissionDirective, isStandalone: false, selector: "[permission]", inputs: { permission: "permission", permissionElse: "permissionElse" }, ngImport: i0 }); }
 }
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPPermissionDirective, decorators: [{
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPPermissionDirective, decorators: [{
             type: Directive,
             args: [{
                     selector: '[permission]',
@@ -796,7 +805,6 @@ const AXP_PERMISSION_DEFINITION_PROVIDER = new InjectionToken('AXP_PERMISSION_DE
 class AXPPermissionDefinitionService {
     constructor() {
         this.providers = inject(AXP_PERMISSION_DEFINITION_PROVIDER, { optional: true });
-        this.providerRegistry = inject(AXPModuleProviderRegistry);
         this.sessionService = inject(AXPSessionService);
         this.cache = null;
     }
@@ -805,7 +813,7 @@ class AXPPermissionDefinitionService {
             return;
         }
         const context = new AXPPermissionDefinitionProviderContext();
-        // Load providers from DI tokens (backward compatibility)
+        // Load providers from DI tokens
         if (Array.isArray(this.providers)) {
             for (const provider of this.providers) {
                 if (provider instanceof Promise) {
@@ -819,11 +827,6 @@ class AXPPermissionDefinitionService {
                 }
             }
         }
-        // Load providers from registry (manifest-based, conditionally loaded)
-        const registryProviders = this.providerRegistry.getPermissionProviders();
-        for (const provider of registryProviders) {
-            await provider.define(context);
-        }
         // Filter permissions based on required features
         const allGroups = context.getGroupDefinitions();
         this.cache = this.filterByFeatures(allGroups);
@@ -883,10 +886,10 @@ class AXPPermissionDefinitionService {
         await this.load();
         return this.cache?.find(g => g.permissions.find(p => p.name === name))?.permissions.find(p => p.name === name) ?? null;
     }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPPermissionDefinitionService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
-    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPPermissionDefinitionService, providedIn: 'root' }); }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPPermissionDefinitionService, deps: [], target: i0.ɵɵFactoryTarget.Injectable }); }
+    static { this.ɵprov = i0.ɵɵngDeclareInjectable({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPPermissionDefinitionService, providedIn: 'root' }); }
 }
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPPermissionDefinitionService, decorators: [{
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPPermissionDefinitionService, decorators: [{
             type: Injectable,
             args: [{ providedIn: 'root' }]
         }] });
@@ -980,9 +983,9 @@ class AXPAuthModule {
             f();
         });
     }
-    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPAuthModule, deps: [{ token: 'AXPAuthModuleFactory', optional: true }], target: i0.ɵɵFactoryTarget.NgModule }); }
-    static { this.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "20.3.12", ngImport: i0, type: AXPAuthModule, declarations: [AXPPermissionDirective, AXPFeatureDirective], exports: [AXPPermissionDirective, AXPFeatureDirective] }); }
-    static { this.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPAuthModule, providers: [
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPAuthModule, deps: [{ token: 'AXPAuthModuleFactory', optional: true }], target: i0.ɵɵFactoryTarget.NgModule }); }
+    static { this.ɵmod = i0.ɵɵngDeclareNgModule({ minVersion: "14.0.0", version: "20.3.15", ngImport: i0, type: AXPAuthModule, declarations: [AXPPermissionDirective, AXPFeatureDirective], exports: [AXPPermissionDirective, AXPFeatureDirective] }); }
+    static { this.ɵinj = i0.ɵɵngDeclareInjector({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPAuthModule, providers: [
             provideAppInitializer(() => {
                 const initializerFn = initializeAppState(inject(AXPSessionService));
                 return initializerFn();
@@ -993,7 +996,7 @@ class AXPAuthModule {
             },
         ] }); }
 }
-i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.12", ngImport: i0, type: AXPAuthModule, decorators: [{
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPAuthModule, decorators: [{
             type: NgModule,
             args: [{
                     imports: [],
@@ -1097,9 +1100,169 @@ class TimeUtil {
 }
 //#endregion
 
+//#region ----   Challenge Data Types   ----
+//#endregion
+
+//#region ----   Abstract Challenge Provider   ----
+/**
+ * Abstract base class for login challenge providers
+ *
+ * Implement this class to create custom challenge mechanisms like:
+ * - Image CAPTCHA
+ * - reCAPTCHA
+ * - SMS verification
+ * - Email verification
+ *
+ * @example
+ * ```typescript
+ * @Injectable()
+ * export class MyImageCaptchaProvider extends AXPLoginChallengeProvider {
+ *   readonly name = 'image-captcha';
+ *
+ *   checkResponse(error: unknown): AXPChallengeCheckResult | null {
+ *     if (error instanceof HttpErrorResponse) {
+ *       if (error.error?.requiresCaptcha) {
+ *         return { required: true };
+ *       }
+ *     }
+ *     return null;
+ *   }
+ *
+ *   async getChallenge(): Promise<AXPLoginChallengeData> {
+ *     const response = await this.http.get('/api/captcha').toPromise();
+ *     return {
+ *       id: response.id,
+ *       content: response.image,
+ *       contentType: 'image-base64'
+ *     };
+ *   }
+ *
+ *   async refreshChallenge(): Promise<AXPLoginChallengeData> {
+ *     return this.getChallenge();
+ *   }
+ *
+ *   getChallengeComponent(): Type<AXPLoginChallengeComponentBase> {
+ *     return MyCaptchaChallengeComponent;
+ *   }
+ * }
+ * ```
+ */
+class AXPLoginChallengeProvider {
+    /**
+     * Returns the component type for rendering the challenge UI
+     *
+     * Override this method to provide a custom challenge UI component.
+     * If not overridden (returns null), the login component will use
+     * a default built-in UI.
+     *
+     * @returns Component type extending AXPLoginChallengeComponentBase, or null for default UI
+     */
+    getChallengeComponent() {
+        return null;
+    }
+}
+//#endregion
+
+//#region ----   Injection Token   ----
+/**
+ * Injection token for the login challenge provider
+ *
+ * This token is optional - if not provided, no challenge mechanism will be used.
+ *
+ * @example
+ * ```typescript
+ * // In your app module or provider configuration:
+ * providers: [
+ *   {
+ *     provide: AXP_LOGIN_CHALLENGE_PROVIDER,
+ *     useClass: MyImageCaptchaProvider
+ *   }
+ * ]
+ *
+ * // In a component:
+ * private challengeProvider = inject(AXP_LOGIN_CHALLENGE_PROVIDER, { optional: true });
+ * ```
+ */
+const AXP_LOGIN_CHALLENGE_PROVIDER = new InjectionToken('AXP_LOGIN_CHALLENGE_PROVIDER');
+//#endregion
+
+//#region ----   Base Challenge Component   ----
+/**
+ * Base class for login challenge UI components
+ *
+ * Providers can extend this class to create custom challenge UIs.
+ * The login component will render this component and listen to its outputs.
+ *
+ * @example
+ * ```typescript
+ * @Component({
+ *   selector: 'my-captcha-challenge',
+ *   template: `
+ *     <div class="captcha-container">
+ *       <img [src]="'data:image/png;base64,' + challengeData().content" />
+ *       <input
+ *         type="text"
+ *         [value]="response()"
+ *         (input)="onResponseChange($event)"
+ *       />
+ *       <button (click)="onRefreshClick()">Refresh</button>
+ *     </div>
+ *   `
+ * })
+ * export class MyCaptchaChallengeComponent extends AXPLoginChallengeComponentBase {
+ *   response = signal('');
+ *
+ *   onResponseChange(event: Event) {
+ *     const value = (event.target as HTMLInputElement).value;
+ *     this.response.set(value);
+ *     this.responseChange.emit(value);
+ *   }
+ *
+ *   onRefreshClick() {
+ *     this.refreshRequest.emit();
+ *   }
+ * }
+ * ```
+ */
+class AXPLoginChallengeComponentBase {
+    constructor() {
+        //#region ----   Inputs   ----
+        /**
+         * Challenge data to display
+         * Contains the image/content and metadata from the server
+         */
+        this.challengeData = input.required(...(ngDevMode ? [{ debugName: "challengeData" }] : []));
+        /**
+         * Whether the challenge is currently loading (e.g., refreshing)
+         */
+        this.isLoading = input(false, ...(ngDevMode ? [{ debugName: "isLoading" }] : []));
+        //#endregion
+        //#region ----   Outputs   ----
+        /**
+         * Emits when the user enters or changes their response
+         * The login component will capture this value and include it in credentials
+         */
+        this.responseChange = output();
+        /**
+         * Emits when the user requests a new challenge (e.g., clicks refresh button)
+         * The login component will call provider.refreshChallenge()
+         */
+        this.refreshRequest = output();
+    }
+    static { this.ɵfac = i0.ɵɵngDeclareFactory({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPLoginChallengeComponentBase, deps: [], target: i0.ɵɵFactoryTarget.Component }); }
+    static { this.ɵcmp = i0.ɵɵngDeclareComponent({ minVersion: "17.1.0", version: "20.3.15", type: AXPLoginChallengeComponentBase, isStandalone: true, selector: "ng-component", inputs: { challengeData: { classPropertyName: "challengeData", publicName: "challengeData", isSignal: true, isRequired: true, transformFunction: null }, isLoading: { classPropertyName: "isLoading", publicName: "isLoading", isSignal: true, isRequired: false, transformFunction: null } }, outputs: { responseChange: "responseChange", refreshRequest: "refreshRequest" }, ngImport: i0, template: '', isInline: true }); }
+}
+i0.ɵɵngDeclareClassMetadata({ minVersion: "12.0.0", version: "20.3.15", ngImport: i0, type: AXPLoginChallengeComponentBase, decorators: [{
+            type: Component,
+            args: [{
+                    template: '',
+                    standalone: true,
+                }]
+        }], propDecorators: { challengeData: [{ type: i0.Input, args: [{ isSignal: true, alias: "challengeData", required: true }] }], isLoading: [{ type: i0.Input, args: [{ isSignal: true, alias: "isLoading", required: false }] }], responseChange: [{ type: i0.Output, args: ["responseChange"] }], refreshRequest: [{ type: i0.Output, args: ["refreshRequest"] }] } });
+
 /**
  * Generated bundle index. Do not edit.
  */
 
-export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_CHECKER, AXP_FEATURE_LOADER, AXP_PERMISSION_CHECKER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
+export { AXPAuthGuard, AXPAuthModule, AXPAuthStrategy, AXPAuthStrategyRegistryService, AXPFeatureDirective, AXPFeatureGuard, AXPLoginChallengeComponentBase, AXPLoginChallengeProvider, AXPPermissionDefinitionBuilder, AXPPermissionDefinitionGroupBuilder, AXPPermissionDefinitionProviderContext, AXPPermissionDefinitionService, AXPPermissionDirective, AXPPermissionEvaluatorScopeProvider, AXPPermissionGuard, AXPSessionContext, AXPSessionService, AXPSessionStatus, AXPUnauthenticatedError, AXPUnauthorizedError, AXP_APPLICATION_LOADER, AXP_FEATURE_CHECKER, AXP_FEATURE_LOADER, AXP_LOGIN_CHALLENGE_PROVIDER, AXP_PERMISSION_CHECKER, AXP_PERMISSION_DEFINITION_PROVIDER, AXP_PERMISSION_LOADER, AXP_TENANT_LOADER, JwtUtil, PkceUtil, TimeUtil, initializeAppState };
 //# sourceMappingURL=acorex-platform-auth.mjs.map