@aooth/user 0.1.2 → 0.1.3

package/dist/index.cjs

@@ -339,6 +339,14 @@ var UserService = class {
 		this.hasher = new PasswordHasher(this.config.password);
 	}
 	/**
+	* Creates a user with `account.active: false`. The invite workflow relies
+	* on this default (see `InviteWorkflow.acceptInvite` — pending invitees stay
+	* inactive until they accept). For setup scripts / seeders / tests that
+	* don't go through invite, follow up with `activateAccount(username)` or
+	* `login()` will throw `UserAuthError("INACTIVE")` — which the login
+	* workflow deliberately re-maps to `"Invalid credentials"` to avoid account
+	* enumeration, so the failure is silent client-side.
+	*
 	* @param extras Optional partial user fields merged AFTER the base
 	*   `UserCredentials` shape, so callers can populate consumer-specific
 	*   required fields (e.g. `tenantId`) without subclassing the store.

package/dist/index.d.cts

@@ -50,6 +50,14 @@ declare class UserService<T extends object = object> {
   protected readonly hasher: PasswordHasher;
   constructor(store: UserStore<T>, config?: UserServiceConfig);
   /**
+   * Creates a user with `account.active: false`. The invite workflow relies
+   * on this default (see `InviteWorkflow.acceptInvite` — pending invitees stay
+   * inactive until they accept). For setup scripts / seeders / tests that
+   * don't go through invite, follow up with `activateAccount(username)` or
+   * `login()` will throw `UserAuthError("INACTIVE")` — which the login
+   * workflow deliberately re-maps to `"Invalid credentials"` to avoid account
+   * enumeration, so the failure is silent client-side.
+   *
    * @param extras Optional partial user fields merged AFTER the base
    *   `UserCredentials` shape, so callers can populate consumer-specific
    *   required fields (e.g. `tenantId`) without subclassing the store.

package/dist/index.d.mts

@@ -50,6 +50,14 @@ declare class UserService<T extends object = object> {
   protected readonly hasher: PasswordHasher;
   constructor(store: UserStore<T>, config?: UserServiceConfig);
   /**
+   * Creates a user with `account.active: false`. The invite workflow relies
+   * on this default (see `InviteWorkflow.acceptInvite` — pending invitees stay
+   * inactive until they accept). For setup scripts / seeders / tests that
+   * don't go through invite, follow up with `activateAccount(username)` or
+   * `login()` will throw `UserAuthError("INACTIVE")` — which the login
+   * workflow deliberately re-maps to `"Invalid credentials"` to avoid account
+   * enumeration, so the failure is silent client-side.
+   *
    * @param extras Optional partial user fields merged AFTER the base
    *   `UserCredentials` shape, so callers can populate consumer-specific
    *   required fields (e.g. `tenantId`) without subclassing the store.

package/dist/index.mjs

@@ -338,6 +338,14 @@ var UserService = class {
 		this.hasher = new PasswordHasher(this.config.password);
 	}
 	/**
+	* Creates a user with `account.active: false`. The invite workflow relies
+	* on this default (see `InviteWorkflow.acceptInvite` — pending invitees stay
+	* inactive until they accept). For setup scripts / seeders / tests that
+	* don't go through invite, follow up with `activateAccount(username)` or
+	* `login()` will throw `UserAuthError("INACTIVE")` — which the login
+	* workflow deliberately re-maps to `"Invalid credentials"` to avoid account
+	* enumeration, so the failure is silent client-side.
+	*
 	* @param extras Optional partial user fields merged AFTER the base
 	*   `UserCredentials` shape, so callers can populate consumer-specific
 	*   required fields (e.g. `tenantId`) without subclassing the store.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aooth/user",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "User credential primitives for aoothjs",
   "keywords": [
     "aoothjs",