@checkstack/auth-common 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +24 -0
  2. package/package.json +1 -1
  3. package/src/routes.ts +2 -0
  4. package/src/rpc-contract.ts +74 -24
package/CHANGELOG.md CHANGED
@@ -1,5 +1,29 @@
1
1
  # @checkstack/auth-common
2
2
 
3
+ ## 0.5.0
4
+
5
+ ### Minor Changes
6
+
7
+ - d94121b: Add group-to-role mapping for SAML and LDAP authentication
8
+
9
+ **Features:**
10
+
11
+ - SAML and LDAP users can now be automatically assigned Checkstack roles based on their directory group memberships
12
+ - Configure group mappings in the authentication strategy settings with dynamic role dropdowns
13
+ - Managed role sync: roles configured in mappings are fully synchronized (added when user gains group, removed when user leaves group)
14
+ - Unmanaged roles (manually assigned, not in any mapping) are preserved during sync
15
+ - Optional default role for all users from a directory
16
+
17
+ **Bug Fix:**
18
+
19
+ - Fixed `x-options-resolver` not working for fields inside arrays with `.default([])` in DynamicForm schemas
20
+
21
+ ## 0.4.0
22
+
23
+ ### Minor Changes
24
+
25
+ - df6ac7b: Added onboarding flow and user profile
26
+
3
27
  ## 0.3.0
4
28
 
5
29
  ### Minor Changes
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@checkstack/auth-common",
3
- "version": "0.3.0",
3
+ "version": "0.5.0",
4
4
  "type": "module",
5
5
  "exports": {
6
6
  ".": {
package/src/routes.ts CHANGED
@@ -11,4 +11,6 @@ export const authRoutes = createRoutes("auth", {
11
11
  forgotPassword: "/forgot-password",
12
12
  resetPassword: "/reset-password",
13
13
  changePassword: "/change-password",
14
+ profile: "/profile",
15
+ onboarding: "/onboarding",
14
16
  });
package/src/rpc-contract.ts CHANGED
@@ -68,6 +68,10 @@ const UpsertExternalUserInputSchema = z.object({
68
68
  accountId: z.string(),
69
69
  password: z.string(),
70
70
  autoUpdateUser: z.boolean().optional(),
71
+ /** Role IDs to assign based on current directory group membership */
72
+ syncRoles: z.array(z.string()).optional(),
73
+ /** All role IDs that are managed by directory mappings (used to remove roles when user leaves groups) */
74
+ managedRoleIds: z.array(z.string()).optional(),
71
75
  });
72
76
 
73
77
  const UpsertExternalUserOutputSchema = z.object({
@@ -109,6 +113,26 @@ export const authContract = {
109
113
  access: [],
110
114
  }).output(RegistrationStatusSchema),
111
115
 
116
+ getOnboardingStatus: proc({
117
+ operationType: "query",
118
+ userType: "anonymous",
119
+ access: [],
120
+ }).output(z.object({ needsOnboarding: z.boolean() })),
121
+
122
+ completeOnboarding: proc({
123
+ operationType: "mutation",
124
+ userType: "anonymous",
125
+ access: [],
126
+ })
127
+ .input(
128
+ z.object({
129
+ name: z.string().min(1),
130
+ email: z.string().email(),
131
+ password: z.string(),
132
+ }),
133
+ )
134
+ .output(z.object({ success: z.boolean() })),
135
+
112
136
  // ==========================================================================
113
137
  // AUTHENTICATED ENDPOINTS (userType: "authenticated")
114
138
  // ==========================================================================
@@ -119,6 +143,32 @@ export const authContract = {
119
143
  access: [],
120
144
  }).output(z.object({ accessRules: z.array(z.string()) })),
121
145
 
146
+ getCurrentUserProfile: proc({
147
+ operationType: "query",
148
+ userType: "user",
149
+ access: [],
150
+ }).output(
151
+ z.object({
152
+ id: z.string(),
153
+ name: z.string(),
154
+ email: z.string(),
155
+ hasCredentialAccount: z.boolean(),
156
+ }),
157
+ ),
158
+
159
+ updateCurrentUser: proc({
160
+ operationType: "mutation",
161
+ userType: "user",
162
+ access: [],
163
+ })
164
+ .input(
165
+ z.object({
166
+ name: z.string().min(1).optional(),
167
+ email: z.string().email().optional(),
168
+ }),
169
+ )
170
+ .output(z.void()),
171
+
122
172
  // ==========================================================================
123
173
  // USER MANAGEMENT (userType: "user" with access)
124
174
  // ==========================================================================
@@ -179,7 +229,7 @@ export const authContract = {
179
229
  name: z.string(),
180
230
  description: z.string().optional(),
181
231
  accessRules: z.array(z.string()),
182
- })
232
+ }),
183
233
  )
184
234
  .output(z.void()),
185
235
 
@@ -194,7 +244,7 @@ export const authContract = {
194
244
  name: z.string().optional(),
195
245
  description: z.string().optional(),
196
246
  accessRules: z.array(z.string()),
197
- })
247
+ }),
198
248
  )
199
249
  .output(z.void()),
200
250
 
@@ -226,7 +276,7 @@ export const authContract = {
226
276
  id: z.string(),
227
277
  enabled: z.boolean(),
228
278
  config: z.record(z.string(), z.unknown()).optional(),
229
- })
279
+ }),
230
280
  )
231
281
  .output(z.object({ success: z.boolean() })),
232
282
 
@@ -301,7 +351,7 @@ export const authContract = {
301
351
  email: z.string(),
302
352
  name: z.string().nullable(),
303
353
  })
304
- .optional()
354
+ .optional(),
305
355
  ),
306
356
 
307
357
  filterUsersByAccessRule: proc({
@@ -313,7 +363,7 @@ export const authContract = {
313
363
  z.object({
314
364
  userIds: z.array(z.string()),
315
365
  accessRule: z.string(),
316
- })
366
+ }),
317
367
  )
318
368
  .output(z.array(z.string())),
319
369
 
@@ -335,8 +385,8 @@ export const authContract = {
335
385
  createdById: z.string(),
336
386
  createdAt: z.coerce.date(),
337
387
  lastUsedAt: z.coerce.date().optional().nullable(),
338
- })
339
- )
388
+ }),
389
+ ),
340
390
  ),
341
391
 
342
392
  createApplication: proc({
@@ -348,7 +398,7 @@ export const authContract = {
348
398
  z.object({
349
399
  name: z.string().min(1).max(100),
350
400
  description: z.string().max(500).optional(),
351
- })
401
+ }),
352
402
  )
353
403
  .output(
354
404
  z.object({
@@ -361,7 +411,7 @@ export const authContract = {
361
411
  createdAt: z.coerce.date(),
362
412
  }),
363
413
  secret: z.string(),
364
- })
414
+ }),
365
415
  ),
366
416
 
367
417
  updateApplication: proc({
@@ -375,7 +425,7 @@ export const authContract = {
375
425
  name: z.string().optional(),
376
426
  description: z.string().optional().nullable(),
377
427
  roles: z.array(z.string()).optional(),
378
- })
428
+ }),
379
429
  )
380
430
  .output(z.void()),
381
431
 
@@ -411,8 +461,8 @@ export const authContract = {
411
461
  description: z.string().optional().nullable(),
412
462
  memberCount: z.number(),
413
463
  isManager: z.boolean(),
414
- })
415
- )
464
+ }),
465
+ ),
416
466
  ),
417
467
 
418
468
  getTeam: proc({
@@ -428,13 +478,13 @@ export const authContract = {
428
478
  name: z.string(),
429
479
  description: z.string().optional().nullable(),
430
480
  members: z.array(
431
- z.object({ id: z.string(), name: z.string(), email: z.string() })
481
+ z.object({ id: z.string(), name: z.string(), email: z.string() }),
432
482
  ),
433
483
  managers: z.array(
434
- z.object({ id: z.string(), name: z.string(), email: z.string() })
484
+ z.object({ id: z.string(), name: z.string(), email: z.string() }),
435
485
  ),
436
486
  })
437
- .optional()
487
+ .optional(),
438
488
  ),
439
489
 
440
490
  createTeam: proc({
@@ -446,7 +496,7 @@ export const authContract = {
446
496
  z.object({
447
497
  name: z.string().min(1).max(100),
448
498
  description: z.string().max(500).optional(),
449
- })
499
+ }),
450
500
  )
451
501
  .output(z.object({ id: z.string() })),
452
502
 
@@ -460,7 +510,7 @@ export const authContract = {
460
510
  id: z.string(),
461
511
  name: z.string().optional(),
462
512
  description: z.string().optional().nullable(),
463
- })
513
+ }),
464
514
  )
465
515
  .output(z.void()),
466
516
 
@@ -517,8 +567,8 @@ export const authContract = {
517
567
  teamName: z.string(),
518
568
  canRead: z.boolean(),
519
569
  canManage: z.boolean(),
520
- })
521
- )
570
+ }),
571
+ ),
522
572
  ),
523
573
 
524
574
  setResourceTeamAccess: proc({
@@ -533,7 +583,7 @@ export const authContract = {
533
583
  teamId: z.string(),
534
584
  canRead: z.boolean().optional(),
535
585
  canManage: z.boolean().optional(),
536
- })
586
+ }),
537
587
  )
538
588
  .output(z.void()),
539
589
 
@@ -547,7 +597,7 @@ export const authContract = {
547
597
  resourceType: z.string(),
548
598
  resourceId: z.string(),
549
599
  teamId: z.string(),
550
- })
600
+ }),
551
601
  )
552
602
  .output(z.void()),
553
603
 
@@ -569,7 +619,7 @@ export const authContract = {
569
619
  resourceType: z.string(),
570
620
  resourceId: z.string(),
571
621
  teamOnly: z.boolean(),
572
- })
622
+ }),
573
623
  )
574
624
  .output(z.void()),
575
625
 
@@ -590,7 +640,7 @@ export const authContract = {
590
640
  resourceId: z.string(),
591
641
  action: z.enum(["read", "manage"]),
592
642
  hasGlobalAccess: z.boolean(),
593
- })
643
+ }),
594
644
  )
595
645
  .output(z.object({ hasAccess: z.boolean() })),
596
646
 
@@ -607,7 +657,7 @@ export const authContract = {
607
657
  resourceIds: z.array(z.string()),
608
658
  action: z.enum(["read", "manage"]),
609
659
  hasGlobalAccess: z.boolean(),
610
- })
660
+ }),
611
661
  )
612
662
  .output(z.array(z.string())),
613
663