npm - @ciscode/authentication-kit - Versions diffs - 1.1.3 → 1.1.5 - Mend

@ciscode/authentication-kit 1.1.3 → 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +2 -0
package/dist/config/passport.config.js +12 -6
package/dist/controllers/auth.controller.js +18 -13
package/dist/models/client.model.d.ts +3 -3
package/dist/models/client.model.js +5 -2
package/dist/models/user.model.d.ts +3 -3
package/dist/models/user.model.js +5 -2
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -74,10 +74,12 @@ POST /api/auth/refresh-token - New access token from a valid refresh token (cook
 POST /api/auth/request-password-reset - Sends a reset token (e.g., by email).
 POST /api/auth/reset-password - Consumes the reset token and sets a new password.
 GET /api/auth/microsoft - GET /api/auth/microsoft/callback - Optional Microsoft Entra OAuth; issues first-party tokens.
+Note: If the Microsoft ID token does not include an email, the response includes `profileIncomplete: true`.
 Users
 GET /api/users - List users (paginated).
 POST /api/users - Create a user.
 Additional CRUD endpoints as exposed by controllers.
+If `profileIncomplete: true`, update the user profile (e.g., set `email`) via `PUT /api/users/:id`.
 Roles and Permissions
 GET/POST /api/auth/roles - Manage roles (name, permissions: string[]).
 GET /api/auth/permissions - List permission strings and metadata.

package/dist/config/passport.config.js CHANGED Viewed

@@ -48,10 +48,13 @@ passport_1.default.use(new passport_azure_ad_oauth2_1.Strategy({
 }, async (_at, _rt, params, _profile, done) => {
     try {
         const decoded = (0, jsonwebtoken_1.decode)(params.id_token);
-        const microsoftId = decoded.oid;
-        const email = decoded.preferred_username;
+        const microsoftId = decoded.oid || decoded.sub;
+        const email = decoded.preferred_username || decoded.upn || decoded.email;
         const name = decoded.name;
-        let user = await user_model_1.default.findOne({ $or: [{ microsoftId }, { email }] });
+        const match = [{ microsoftId }];
+        if (email)
+            match.push({ email });
+        let user = await user_model_1.default.findOne({ $or: match });
         if (!user) {
             user = new user_model_1.default({ email, name, microsoftId, roles: [], status: 'active' });
             await user.save();
@@ -78,10 +81,13 @@ passport_1.default.use('azure_ad_oauth2_client', new passport_azure_ad_oauth2_1.
 }, async (_at, _rt, params, _profile, done) => {
     try {
         const decoded = (0, jsonwebtoken_1.decode)(params.id_token);
-        const microsoftId = decoded.oid;
-        const email = decoded.preferred_username;
+        const microsoftId = decoded.oid || decoded.sub;
+        const email = decoded.preferred_username || decoded.upn || decoded.email;
         const name = decoded.name;
-        let client = await client_model_1.default.findOne({ $or: [{ microsoftId }, { email }] });
+        const match = [{ microsoftId }];
+        if (email)
+            match.push({ email });
+        let client = await client_model_1.default.findOne({ $or: match });
         if (!client) {
             client = new client_model_1.default({ email, name, microsoftId, roles: [] });
             await client.save();

package/dist/controllers/auth.controller.js CHANGED Viewed

@@ -77,7 +77,7 @@ let AuthController = class AuthController {
             path: '/',
             maxAge: (0, helper_1.getMillisecondsFromExpiry)(refreshTTL),
         });
-        return res.status(200).json({ accessToken, refreshToken });
+        return res.status(200).json({ accessToken, refreshToken, profileIncomplete: !principal.email });
     }
     async respondWebOrMobile(req, res, principal) {
         const roleDocs = await role_model_1.default.find({ _id: { $in: principal.roles } })
@@ -116,6 +116,7 @@ let AuthController = class AuthController {
             const url = new URL(mobileRedirect);
             url.searchParams.set('accessToken', accessToken);
             url.searchParams.set('refreshToken', refreshToken);
+            url.searchParams.set('profileIncomplete', (!principal.email).toString());
             return res.redirect(302, url.toString());
         }
         const isProd = process.env.NODE_ENV === 'production';
@@ -126,7 +127,7 @@ let AuthController = class AuthController {
             path: '/',
             maxAge: (0, helper_1.getMillisecondsFromExpiry)(refreshTTL),
         });
-        return res.status(200).json({ accessToken, refreshToken });
+        return res.status(200).json({ accessToken, refreshToken, profileIncomplete: !principal.email });
     }
     async registerClient(req, res) {
         try {
@@ -201,8 +202,10 @@ let AuthController = class AuthController {
     }
     microsoftCallback(req, res, next) {
         passport_config_1.default.authenticate('azure_ad_oauth2', { session: false }, async (err, user) => {
-            if (err)
-                return next(err);
+            if (err) {
+                console.error('Microsoft OAuth error:', err);
+                return res.status(500).json({ message: 'Microsoft auth failed', error: (err === null || err === void 0 ? void 0 : err.message) || err });
+            }
             if (!user)
                 return res.status(400).json({ message: 'Microsoft authentication failed.' });
             return this.respondWebOrMobile(req, res, user);
@@ -226,13 +229,13 @@ let AuthController = class AuthController {
                 console.error('ID token verify failed:', e.message || e);
                 return res.status(401).json({ message: 'Invalid Microsoft ID token.' });
             }
-            const email = ms.preferred_username || ms.email;
-            const name = ms.name;
-            if (!email) {
-                return res.status(400).json({ message: 'Email claim missing in Microsoft ID token.' });
-            }
             const microsoftId = ms.oid || ms.sub;
-            let user = await user_model_1.default.findOne({ email });
+            const email = ms.preferred_username || ms.upn || ms.email;
+            const name = ms.name;
+            const match = [{ microsoftId }];
+            if (email)
+                match.push({ email });
+            let user = await user_model_1.default.findOne({ $or: match });
             if (!user) {
                 user = new user_model_1.default({
                     email,
@@ -365,7 +368,7 @@ let AuthController = class AuthController {
                 path: '/',
                 maxAge: (0, helper_1.getMillisecondsFromExpiry)(refreshTTL),
             });
-            return res.status(200).json({ accessToken, refreshToken });
+            return res.status(200).json({ accessToken, refreshToken, profileIncomplete: !principal.email });
         }
         catch (err) {
             console.error('googleExchange error:', ((_h = err === null || err === void 0 ? void 0 : err.response) === null || _h === void 0 ? void 0 : _h.data) || err.message || err);
@@ -407,8 +410,10 @@ let AuthController = class AuthController {
     }
     microsoftClientCallback(req, res, next) {
         passport_config_1.default.authenticate('azure_ad_oauth2_client', { session: false }, async (err, client) => {
-            if (err)
-                return next(err);
+            if (err) {
+                console.error('Microsoft Client OAuth error:', err);
+                return res.status(500).json({ message: 'Microsoft auth failed', error: (err === null || err === void 0 ? void 0 : err.message) || err });
+            }
             if (!client)
                 return res.status(400).json({ message: 'Microsoft authentication failed.' });
             return this.respondWebOrMobile(req, res, client);

package/dist/models/client.model.d.ts CHANGED Viewed

@@ -5,9 +5,9 @@ declare const ClientSchema: mongoose.Schema<any, mongoose.Model<any, any, any, a
     createdAt: NativeDate;
     updatedAt: NativeDate;
 } & {
-    email: string;
     roles: mongoose.Types.ObjectId[];
     createdAt: Date;
+    email?: string;
     name?: string;
     password?: string;
     microsoftId?: string;
@@ -20,9 +20,9 @@ declare const ClientSchema: mongoose.Schema<any, mongoose.Model<any, any, any, a
     createdAt: NativeDate;
     updatedAt: NativeDate;
 } & {
-    email: string;
     roles: mongoose.Types.ObjectId[];
     createdAt: Date;
+    email?: string;
     name?: string;
     password?: string;
     microsoftId?: string;
@@ -35,9 +35,9 @@ declare const ClientSchema: mongoose.Schema<any, mongoose.Model<any, any, any, a
     createdAt: NativeDate;
     updatedAt: NativeDate;
 } & {
-    email: string;
     roles: mongoose.Types.ObjectId[];
     createdAt: Date;
+    email?: string;
     name?: string;
     password?: string;
     microsoftId?: string;

package/dist/models/client.model.js CHANGED Viewed

@@ -9,8 +9,11 @@ const mongoose_paginate_v2_1 = __importDefault(require("mongoose-paginate-v2"));
 const ClientSchema = new mongoose_1.default.Schema({
     email: {
         type: String,
-        required: true,
-        unique: true
+        required: function () {
+            return !this.microsoftId && !this.googleId && !this.facebookId;
+        },
+        unique: true,
+        sparse: true
     },
     password: {
         type: String,

package/dist/models/user.model.d.ts CHANGED Viewed

@@ -5,10 +5,10 @@ declare const UserSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any
     createdAt: NativeDate;
     updatedAt: NativeDate;
 } & {
-    email: string;
     roles: mongoose.Types.ObjectId[];
     status: "pending" | "active" | "suspended" | "deactivated";
     failedLoginAttempts: number;
+    email?: string;
     name?: string;
     password?: string;
     jobTitle?: string;
@@ -24,10 +24,10 @@ declare const UserSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any
     createdAt: NativeDate;
     updatedAt: NativeDate;
 } & {
-    email: string;
     roles: mongoose.Types.ObjectId[];
     status: "pending" | "active" | "suspended" | "deactivated";
     failedLoginAttempts: number;
+    email?: string;
     name?: string;
     password?: string;
     jobTitle?: string;
@@ -43,10 +43,10 @@ declare const UserSchema: mongoose.Schema<any, mongoose.Model<any, any, any, any
     createdAt: NativeDate;
     updatedAt: NativeDate;
 } & {
-    email: string;
     roles: mongoose.Types.ObjectId[];
     status: "pending" | "active" | "suspended" | "deactivated";
     failedLoginAttempts: number;
+    email?: string;
     name?: string;
     password?: string;
     jobTitle?: string;

package/dist/models/user.model.js CHANGED Viewed

@@ -9,8 +9,11 @@ const mongoose_paginate_v2_1 = __importDefault(require("mongoose-paginate-v2"));
 const UserSchema = new mongoose_1.default.Schema({
     email: {
         type: String,
-        required: true,
-        unique: true
+        required: function () {
+            return !this.microsoftId && !this.googleId && !this.facebookId;
+        },
+        unique: true,
+        sparse: true
     },
     password: {
         type: String,

package/package.json CHANGED Viewed

@@ -7,7 +7,7 @@
     "type": "git",
     "url": "git+https://github.com/CISCODE-MA/AuthKit.git"
   },
-  "version": "1.1.3",
+  "version": "1.1.5",
   "description": "A login library with local login, Microsoft Entra ID authentication, password reset, and roles/permissions.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",