npm - @classic-homes/auth - Versions diffs - 0.1.23 → 0.1.24 - Mend

@classic-homes/auth 0.1.23 → 0.1.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/README.md +486 -81
package/dist/config-C-iBNu07.d.ts +86 -0
package/dist/core/index.d.ts +72 -94
package/dist/core/index.js +822 -430
package/dist/index.d.ts +3 -2
package/dist/index.js +867 -718
package/dist/svelte/index.d.ts +12 -1
package/dist/svelte/index.js +840 -193
package/dist/testing/index.d.ts +1082 -0
package/dist/testing/index.js +2033 -0
package/dist/{types-exFUQyBX.d.ts → types-DGN45Uih.d.ts} +9 -1
package/package.json +5 -1

package/dist/testing/index.d.ts ADDED Viewed

@@ -0,0 +1,1082 @@
+import { U as User, a as LoginResponse, b as LogoutResponse, c as RegisterResponse, M as MFASetupResponse, f as MFAStatus, S as Session, D as Device, d as ApiKey, i as LinkedAccount, j as SecurityEvent, h as UserPreferences, A as AuthState } from '../types-DGN45Uih.js';
+import { e as StorageAdapter, A as AuthConfig } from '../config-C-iBNu07.js';
+/**
+ * User Fixtures
+ *
+ * Pre-defined user objects for testing authentication scenarios.
+ */
+/**
+ * Standard authenticated user with basic permissions.
+ */
+declare const mockUser: User;
+/**
+ * Admin user with elevated permissions.
+ */
+declare const mockAdminUser: User;
+/**
+ * SSO-authenticated user.
+ */
+declare const mockSSOUser: User;
+/**
+ * User with MFA enabled.
+ */
+declare const mockMFAUser: User;
+/**
+ * User with unverified email.
+ */
+declare const mockUnverifiedUser: User;
+/**
+ * Inactive/deactivated user.
+ */
+declare const mockInactiveUser: User;
+/**
+ * Create a mock user with custom overrides.
+ * @param overrides - Partial user properties to override
+ */
+declare function createMockUser(overrides?: Partial<User>): User;
+/**
+ * Create a mock user with specific roles and permissions.
+ * @param roles - Array of role strings
+ * @param permissions - Array of permission strings
+ * @param overrides - Additional user property overrides
+ */
+declare function createMockUserWithRoles(roles: string[], permissions: string[], overrides?: Partial<User>): User;
+/**
+ * Create a mock user with specific auth method.
+ * @param authMethod - The authentication method used
+ * @param overrides - Additional user property overrides
+ */
+declare function createMockUserWithAuthMethod(authMethod: 'password' | 'oauth' | 'both', overrides?: Partial<User>): User;
+/**
+ * Token Fixtures
+ *
+ * Pre-defined JWT tokens for testing authentication scenarios.
+ * Note: These are example tokens with fake signatures - not cryptographically valid.
+ */
+/**
+ * Valid access token (1 hour expiry).
+ */
+declare const mockAccessToken: string;
+/**
+ * Valid refresh token (7 days expiry).
+ */
+declare const mockRefreshToken: string;
+/**
+ * Expired access token.
+ */
+declare const mockExpiredToken: string;
+/**
+ * Admin access token with elevated permissions.
+ */
+declare const mockAdminToken: string;
+/**
+ * MFA challenge token (short-lived, used during MFA verification).
+ */
+declare const mockMFAToken: string;
+/**
+ * Session token for trusted device.
+ */
+declare const mockSessionToken: string;
+interface JWTPayloadOptions {
+    sub?: string;
+    username?: string;
+    email?: string;
+    roles?: string[];
+    permissions?: string[];
+    type?: 'access' | 'refresh' | 'mfa_challenge' | 'session';
+    [key: string]: unknown;
+}
+/**
+ * Create a custom mock JWT token.
+ * @param payload - JWT payload claims
+ * @param expiresIn - Expiry time in seconds (default: 3600)
+ */
+declare function createMockJWT(payload?: JWTPayloadOptions, expiresIn?: number): string;
+/**
+ * Create an expired mock JWT token.
+ * @param payload - JWT payload claims
+ * @param expiredSecondsAgo - How many seconds ago the token expired (default: 3600)
+ */
+declare function createExpiredMockJWT(payload?: JWTPayloadOptions, expiredSecondsAgo?: number): string;
+/**
+ * Create a token pair (access + refresh).
+ * @param userId - User ID for the tokens
+ * @param options - Additional token options
+ */
+declare function createMockTokenPair(userId?: string, options?: {
+    accessExpiresIn?: number;
+    refreshExpiresIn?: number;
+    roles?: string[];
+    permissions?: string[];
+}): {
+    accessToken: string;
+    refreshToken: string;
+};
+/**
+ * Create an MFA challenge token.
+ * @param userId - User ID for the token
+ * @param expiresIn - Expiry time in seconds (default: 300 for 5 minutes)
+ */
+declare function createMockMFAToken(userId?: string, expiresIn?: number): string;
+/**
+ * Response Fixtures
+ *
+ * Pre-defined API response objects for testing authentication flows.
+ */
+/**
+ * Successful login response with tokens and user.
+ */
+declare const mockLoginSuccess: LoginResponse;
+/**
+ * Login response requiring MFA verification.
+ */
+declare const mockMFARequired: LoginResponse;
+/**
+ * Login response with legacy MFA fields.
+ */
+declare const mockMFARequiredLegacy: LoginResponse;
+/**
+ * Admin login success response.
+ */
+declare const mockAdminLoginSuccess: LoginResponse;
+/**
+ * SSO login success response.
+ */
+declare const mockSSOLoginSuccess: LoginResponse;
+/**
+ * Standard logout success response.
+ */
+declare const mockLogoutSuccess: LogoutResponse;
+/**
+ * SSO logout response with redirect URL.
+ */
+declare const mockSSOLogoutResponse: LogoutResponse;
+/**
+ * Standard registration success response.
+ */
+declare const mockRegisterSuccess: RegisterResponse;
+/**
+ * Registration response requiring email verification.
+ */
+declare const mockRegisterRequiresVerification: RegisterResponse;
+/**
+ * MFA setup response with QR code and backup codes.
+ */
+declare const mockMFASetup: MFASetupResponse;
+/**
+ * MFA status - enabled.
+ */
+declare const mockMFAStatusEnabled: MFAStatus;
+/**
+ * MFA status - disabled.
+ */
+declare const mockMFAStatusDisabled: MFAStatus;
+/**
+ * Current session fixture.
+ */
+declare const mockCurrentSession: Session;
+/**
+ * Other session fixture.
+ */
+declare const mockOtherSession: Session;
+/**
+ * Array of session fixtures.
+ */
+declare const mockSessions: Session[];
+/**
+ * Trusted device fixture.
+ */
+declare const mockTrustedDevice: Device;
+/**
+ * Untrusted device fixture.
+ */
+declare const mockUntrustedDevice: Device;
+/**
+ * Array of device fixtures.
+ */
+declare const mockDevices: Device[];
+/**
+ * Active API key fixture.
+ */
+declare const mockApiKey: ApiKey;
+/**
+ * Array of API key fixtures.
+ */
+declare const mockApiKeys: ApiKey[];
+/**
+ * Linked SSO account fixture.
+ */
+declare const mockLinkedAccount: LinkedAccount;
+/**
+ * Login security event fixture.
+ */
+declare const mockSecurityEventLogin: SecurityEvent;
+/**
+ * Password change security event fixture.
+ */
+declare const mockSecurityEventPasswordChange: SecurityEvent;
+/**
+ * Suspicious activity security event fixture.
+ */
+declare const mockSecurityEventSuspicious: SecurityEvent;
+/**
+ * Array of security event fixtures.
+ */
+declare const mockSecurityEvents: SecurityEvent[];
+/**
+ * Default user preferences fixture.
+ */
+declare const mockUserPreferences: UserPreferences;
+/**
+ * Create a login success response with custom options.
+ */
+declare function createMockLoginSuccess(options?: {
+    userId?: string;
+    user?: Partial<typeof mockUser>;
+    expiresIn?: number;
+}): LoginResponse;
+/**
+ * Create an MFA required response with custom options.
+ */
+declare function createMockMFARequired(options?: {
+    availableMethods?: string[];
+    mfaToken?: string;
+}): LoginResponse;
+/**
+ * Create a session fixture with custom options.
+ */
+declare function createMockSession(overrides?: Partial<Session>): Session;
+/**
+ * Create a device fixture with custom options.
+ */
+declare function createMockDevice(overrides?: Partial<Device>): Device;
+/**
+ * Create a security event fixture with custom options.
+ */
+declare function createMockSecurityEvent(overrides?: Partial<SecurityEvent>): SecurityEvent;
+/**
+ * Mock Storage Adapter
+ *
+ * In-memory storage adapter for testing with call tracking.
+ */
+interface StorageCall {
+    method: 'getItem' | 'setItem' | 'removeItem';
+    key: string;
+    value?: string;
+    timestamp: number;
+}
+interface MockStorageOptions {
+    /** Initial data to populate the storage */
+    initialData?: Record<string, string>;
+}
+/**
+ * In-memory storage adapter for testing.
+ * Implements the StorageAdapter interface with additional test utilities.
+ */
+declare class MockStorageAdapter implements StorageAdapter {
+    private data;
+    private callHistory;
+    constructor(options?: MockStorageOptions);
+    /**
+     * Get an item from storage.
+     */
+    getItem(key: string): string | null;
+    /**
+     * Set an item in storage.
+     */
+    setItem(key: string, value: string): void;
+    /**
+     * Remove an item from storage.
+     */
+    removeItem(key: string): void;
+    /**
+     * Clear all data from storage.
+     */
+    clear(): void;
+    /**
+     * Reset the call history.
+     */
+    resetHistory(): void;
+    /**
+     * Reset both data and history.
+     */
+    reset(): void;
+    /**
+     * Get all storage keys.
+     */
+    keys(): string[];
+    /**
+     * Check if a key exists in storage.
+     */
+    has(key: string): boolean;
+    /**
+     * Get the number of items in storage.
+     */
+    get size(): number;
+    /**
+     * Get all data as a plain object.
+     */
+    getData(): Record<string, string>;
+    /**
+     * Set multiple items at once.
+     */
+    setData(data: Record<string, string>): void;
+    /**
+     * Get the full call history.
+     */
+    getHistory(): StorageCall[];
+    /**
+     * Get calls for a specific method.
+     */
+    getCallsFor(method: 'getItem' | 'setItem' | 'removeItem'): StorageCall[];
+    /**
+     * Get calls for a specific key.
+     */
+    getCallsForKey(key: string): StorageCall[];
+    /**
+     * Check if a method was called.
+     */
+    wasCalled(method: 'getItem' | 'setItem' | 'removeItem'): boolean;
+    /**
+     * Check if a method was called with a specific key.
+     */
+    wasCalledWith(method: 'getItem' | 'setItem' | 'removeItem', key: string): boolean;
+    /**
+     * Get the last call made.
+     */
+    getLastCall(): StorageCall | undefined;
+    /**
+     * Get the total number of calls made.
+     */
+    get callCount(): number;
+}
+/**
+ * Create a mock storage adapter.
+ */
+declare function createMockStorage(options?: MockStorageOptions): MockStorageAdapter;
+/**
+ * Create a mock storage with auth data pre-populated.
+ */
+declare function createMockStorageWithAuth(accessToken: string, refreshToken: string, user: object, storageKey?: string): MockStorageAdapter;
+/**
+ * Mock Fetch Instance
+ *
+ * Configurable mock fetch for testing API interactions.
+ */
+interface MockRoute {
+    /** HTTP method to match */
+    method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH';
+    /** URL pattern to match (can use wildcards like /auth/sessions/*) */
+    path: string | RegExp;
+    /** Response status code */
+    status?: number;
+    /** Response body */
+    response?: unknown;
+    /** Response headers */
+    headers?: Record<string, string>;
+    /** Delay in ms before responding */
+    delay?: number;
+    /** Function to generate dynamic response */
+    handler?: (request: MockRequest) => MockRouteResponse | Promise<MockRouteResponse>;
+}
+interface MockRouteResponse {
+    status?: number;
+    response?: unknown;
+    headers?: Record<string, string>;
+}
+interface MockRequest {
+    method: string;
+    url: string;
+    path: string;
+    body: unknown;
+    headers: Headers;
+}
+interface FetchCall {
+    url: string;
+    options: RequestInit;
+    timestamp: number;
+}
+interface MockFetchOptions {
+    /** Base URL to strip from paths */
+    baseUrl?: string;
+    /** Default response for unmatched routes */
+    defaultResponse?: MockRouteResponse;
+}
+/**
+ * Mock fetch implementation for testing.
+ * Provides configurable routes and call tracking.
+ */
+declare class MockFetchInstance {
+    private routes;
+    private callHistory;
+    private baseUrl;
+    private defaultResponse;
+    constructor(options?: MockFetchOptions);
+    /**
+     * Add a route to the mock.
+     */
+    addRoute(route: MockRoute): this;
+    /**
+     * Add multiple routes at once.
+     */
+    addRoutes(routes: MockRoute[]): this;
+    /**
+     * Remove a route by path and method.
+     */
+    removeRoute(method: string, path: string | RegExp): this;
+    /**
+     * Clear all routes.
+     */
+    clearRoutes(): this;
+    /**
+     * Reset to default routes.
+     */
+    reset(): this;
+    /**
+     * The mock fetch function.
+     */
+    fetch: (input: RequestInfo | URL, init?: RequestInit) => Promise<Response>;
+    private createResponse;
+    private extractPath;
+    private pathMatches;
+    /**
+     * Get all recorded calls.
+     */
+    getCalls(): FetchCall[];
+    /**
+     * Get calls to a specific path.
+     */
+    getCallsTo(path: string): FetchCall[];
+    /**
+     * Get calls with a specific method.
+     */
+    getCallsWithMethod(method: string): FetchCall[];
+    /**
+     * Check if a path was called.
+     */
+    wasCalled(path: string): boolean;
+    /**
+     * Check if a path was called with a specific method.
+     */
+    wasCalledWith(method: string, path: string): boolean;
+    /**
+     * Assert that a path was called.
+     */
+    assertCalled(path: string, message?: string): void;
+    /**
+     * Assert that a path was not called.
+     */
+    assertNotCalled(path: string, message?: string): void;
+    /**
+     * Get the last call made.
+     */
+    getLastCall(): FetchCall | undefined;
+    /**
+     * Clear call history.
+     */
+    clearHistory(): this;
+    /**
+     * Get total call count.
+     */
+    get callCount(): number;
+    /**
+     * Configure login to require MFA.
+     */
+    requireMFA(): this;
+    /**
+     * Configure login to fail.
+     */
+    failLogin(error?: string): this;
+    /**
+     * Configure an endpoint to fail.
+     */
+    failEndpoint(method: 'GET' | 'POST' | 'PUT' | 'DELETE' | 'PATCH', path: string, status?: number, error?: string): this;
+    /**
+     * Configure logout to return SSO redirect URL.
+     */
+    enableSSOLogout(logoutUrl?: string): this;
+    /**
+     * Add response delay to all routes.
+     */
+    setDelay(delay: number): this;
+    private setupDefaultRoutes;
+}
+/**
+ * Create a mock fetch instance.
+ */
+declare function createMockFetch(options?: MockFetchOptions): MockFetchInstance;
+/**
+ * Create a mock fetch with custom routes only (no defaults).
+ */
+declare function createMockFetchWithRoutes(routes: MockRoute[]): MockFetchInstance;
+/**
+ * Mock Auth Store
+ *
+ * Mock implementation of the Svelte auth store for testing.
+ */
+type Subscriber<T> = (value: T) => void;
+type Unsubscriber = () => void;
+interface StoreCall {
+    method: string;
+    args: unknown[];
+    timestamp: number;
+}
+interface MockAuthStoreOptions {
+    /** Initial auth state */
+    initialState?: Partial<AuthState>;
+}
+/**
+ * Mock implementation of the auth store.
+ * Implements the same interface as the real store with additional test utilities.
+ */
+declare class MockAuthStore {
+    private state;
+    private subscribers;
+    private callHistory;
+    constructor(options?: MockAuthStoreOptions);
+    /**
+     * Subscribe to state changes (Svelte store contract).
+     */
+    subscribe(subscriber: Subscriber<AuthState>): Unsubscriber;
+    private notify;
+    private recordCall;
+    get accessToken(): string | null;
+    get refreshToken(): string | null;
+    get user(): User | null;
+    get isAuthenticated(): boolean;
+    /**
+     * Get the current auth state snapshot.
+     */
+    getState(): AuthState;
+    /**
+     * Set auth data after successful login.
+     */
+    setAuth(accessToken: string, refreshToken: string, user: User, sessionToken?: string): void;
+    /**
+     * Update tokens (e.g., after refresh).
+     */
+    updateTokens(accessToken: string, refreshToken: string): void;
+    /**
+     * Update user data.
+     */
+    updateUser(user: User): void;
+    /**
+     * Clear auth state (logout).
+     */
+    logout(): void;
+    /**
+     * Logout with SSO support.
+     */
+    logoutWithSSO(): Promise<{
+        ssoLogoutUrl?: string;
+    }>;
+    /**
+     * Re-hydrate state from storage.
+     */
+    rehydrate(): void;
+    /**
+     * Check if user has a specific permission.
+     */
+    hasPermission(permission: string): boolean;
+    /**
+     * Check if user has a specific role.
+     */
+    hasRole(role: string): boolean;
+    /**
+     * Check if user has any of the specified roles.
+     */
+    hasAnyRole(roles: string[]): boolean;
+    /**
+     * Check if user has all of the specified roles.
+     */
+    hasAllRoles(roles: string[]): boolean;
+    /**
+     * Check if user has any of the specified permissions.
+     */
+    hasAnyPermission(permissions: string[]): boolean;
+    /**
+     * Check if user has all of the specified permissions.
+     */
+    hasAllPermissions(permissions: string[]): boolean;
+    /**
+     * Reset the store to initial state.
+     */
+    reset(): void;
+    /**
+     * Simulate an authenticated state.
+     */
+    simulateAuthenticated(user?: User): void;
+    /**
+     * Simulate an unauthenticated state.
+     */
+    simulateUnauthenticated(): void;
+    /**
+     * Set the state directly for testing.
+     */
+    setState(state: Partial<AuthState>): void;
+    /**
+     * Get all recorded method calls.
+     */
+    getCalls(): StoreCall[];
+    /**
+     * Get calls for a specific method.
+     */
+    getCallsFor(method: string): StoreCall[];
+    /**
+     * Check if a method was called.
+     */
+    wasCalled(method: string): boolean;
+    /**
+     * Assert that a method was called.
+     */
+    assertMethodCalled(method: string, message?: string): void;
+    /**
+     * Assert that a method was not called.
+     */
+    assertMethodNotCalled(method: string, message?: string): void;
+    /**
+     * Get the last call made.
+     */
+    getLastCall(): StoreCall | undefined;
+    /**
+     * Get the last call to a specific method.
+     */
+    getLastCallTo(method: string): StoreCall | undefined;
+    /**
+     * Get total call count.
+     */
+    get callCount(): number;
+    /**
+     * Clear call history.
+     */
+    clearHistory(): void;
+}
+/**
+ * Create a mock auth store.
+ */
+declare function createMockAuthStore(options?: MockAuthStoreOptions): MockAuthStore;
+/**
+ * Create a mock auth store in authenticated state.
+ */
+declare function createAuthenticatedMockStore(user?: User): MockAuthStore;
+/**
+ * Create mock auth actions that delegate to a store.
+ */
+declare function createMockAuthActions(store: MockAuthStore): {
+    setAuth: (accessToken: string, refreshToken: string, user: User, sessionToken?: string) => void;
+    updateTokens: (accessToken: string, refreshToken: string) => void;
+    updateUser: (user: User) => void;
+    logout: () => void;
+    logoutWithSSO: () => Promise<{
+        ssoLogoutUrl?: string;
+    }>;
+    hasPermission: (permission: string) => boolean;
+    hasRole: (role: string) => boolean;
+    hasAnyRole: (roles: string[]) => boolean;
+    hasAllRoles: (roles: string[]) => boolean;
+    hasAnyPermission: (permissions: string[]) => boolean;
+    hasAllPermissions: (permissions: string[]) => boolean;
+    rehydrate: () => void;
+};
+/**
+ * Create a mock isAuthenticated derived store.
+ */
+declare function createMockIsAuthenticated(store: MockAuthStore): {
+    subscribe: (subscriber: Subscriber<boolean>) => Unsubscriber;
+};
+/**
+ * Create a mock currentUser derived store.
+ */
+declare function createMockCurrentUser(store: MockAuthStore): {
+    subscribe: (subscriber: Subscriber<User | null>) => Unsubscriber;
+};
+/**
+ * Test Setup Utilities
+ *
+ * Helpers for setting up and tearing down test environments.
+ */
+interface TestAuthContext {
+    /** Mock fetch instance */
+    mockFetch: MockFetchInstance;
+    /** Mock storage adapter */
+    mockStorage: MockStorageAdapter;
+    /** Mock auth store */
+    mockStore: MockAuthStore;
+    /** Cleanup function to call in afterEach */
+    cleanup: () => void;
+}
+interface SetupTestAuthOptions {
+    /** Base URL for the mock API */
+    baseUrl?: string;
+    /** Storage key for auth data */
+    storageKey?: string;
+    /** Initial storage data */
+    initialStorage?: Record<string, string>;
+    /** Initial auth store state */
+    initialAuthState?: MockAuthStoreOptions['initialState'];
+    /** Mock fetch options */
+    fetchOptions?: MockFetchOptions;
+    /** Whether to initialize auth config (default: true) */
+    initConfig?: boolean;
+}
+/**
+ * Complete test setup for auth.
+ * Creates mock fetch, storage, and store, initializes auth config, and returns cleanup function.
+ *
+ * @example
+ * ```ts
+ * describe('Login', () => {
+ *   let ctx: TestAuthContext;
+ *
+ *   beforeEach(() => {
+ *     ctx = setupTestAuth();
+ *   });
+ *
+ *   afterEach(() => {
+ *     ctx.cleanup();
+ *   });
+ *
+ *   it('handles login', async () => {
+ *     const response = await authService.login({ username: 'test', password: 'pass' });
+ *     expect(ctx.mockFetch.wasCalled('/auth/login')).toBe(true);
+ *   });
+ * });
+ * ```
+ */
+declare function setupTestAuth(options?: SetupTestAuthOptions): TestAuthContext;
+/**
+ * Create test auth helpers for Vitest/Jest.
+ * Returns beforeEach and afterEach compatible setup/cleanup functions.
+ *
+ * @example
+ * ```ts
+ * import { describe, beforeEach, afterEach } from 'vitest';
+ *
+ * const { setup, cleanup, getContext } = createTestAuthHelpers();
+ *
+ * describe('Login', () => {
+ *   beforeEach(setup);
+ *   afterEach(cleanup);
+ *
+ *   it('handles login', async () => {
+ *     const { mockFetch } = getContext();
+ *     // ... test code
+ *   });
+ * });
+ * ```
+ */
+declare function createTestAuthHelpers(options?: SetupTestAuthOptions): {
+    /**
+     * Setup function to call in beforeEach.
+     */
+    setup: () => TestAuthContext;
+    /**
+     * Cleanup function to call in afterEach.
+     */
+    cleanup: () => void;
+    /**
+     * Get the current test context.
+     */
+    getContext: () => TestAuthContext;
+    /**
+     * Get mocks directly (convenience accessors).
+     */
+    getMockFetch: () => MockFetchInstance | null;
+    getMockStorage: () => MockStorageAdapter | null;
+    getMockStore: () => MockAuthStore | null;
+};
+/**
+ * Quick setup that returns only the cleanup function.
+ * Useful for simple test cases.
+ *
+ * @example
+ * ```ts
+ * let cleanup: () => void;
+ *
+ * beforeEach(() => {
+ *   cleanup = quickSetupAuth();
+ * });
+ *
+ * afterEach(() => cleanup());
+ * ```
+ */
+declare function quickSetupAuth(options?: SetupTestAuthOptions): () => void;
+/**
+ * Initialize auth with mock dependencies.
+ * Lower-level function for custom setups.
+ */
+declare function initAuthWithMocks(mockFetch: MockFetchInstance, mockStorage: MockStorageAdapter, options?: Partial<AuthConfig>): void;
+/**
+ * Reset auth config and all mocks.
+ */
+declare function resetTestAuth(mockFetch?: MockFetchInstance, mockStorage?: MockStorageAdapter, mockStore?: MockAuthStore): void;
+/**
+ * Run a test in an isolated auth context.
+ * Automatically sets up and tears down the context.
+ *
+ * @example
+ * ```ts
+ * await withTestAuth(async ({ mockFetch, mockStore }) => {
+ *   mockFetch.requireMFA();
+ *   const response = await authService.login({ username: 'test', password: 'pass' });
+ *   expect(response.requiresMFA).toBe(true);
+ * });
+ * ```
+ */
+declare function withTestAuth<T>(fn: (context: TestAuthContext) => T | Promise<T>, options?: SetupTestAuthOptions): Promise<T>;
+/**
+ * Run multiple tests in isolated contexts.
+ * Each test gets its own fresh context.
+ */
+declare function withTestAuthEach<T>(tests: Array<(context: TestAuthContext) => T | Promise<T>>, options?: SetupTestAuthOptions): Promise<T[]>;
+/**
+ * Auth State Simulation Helpers
+ *
+ * Utilities for simulating various authentication states and scenarios.
+ */
+type AuthScenario = 'unauthenticated' | 'authenticated' | 'admin' | 'ssoUser' | 'mfaEnabled' | 'unverifiedEmail' | 'inactive' | 'expiredToken';
+interface ScenarioState {
+    state: AuthState;
+    user: User | null;
+    description: string;
+}
+/**
+ * Pre-defined authentication scenarios for testing.
+ */
+declare const authScenarios: Record<AuthScenario, ScenarioState>;
+/**
+ * Apply a pre-defined scenario to a mock store.
+ */
+declare function applyScenario(store: MockAuthStore, scenario: AuthScenario): void;
+/**
+ * Apply multiple scenarios in sequence (useful for testing state transitions).
+ */
+declare function applyScenarios(store: MockAuthStore, scenarios: AuthScenario[]): void;
+/**
+ * Get scenario state for assertions.
+ */
+declare function getScenarioState(scenario: AuthScenario): ScenarioState;
+/**
+ * Configure mock fetch for MFA login flow.
+ * First login returns MFA required, subsequent verify completes login.
+ */
+declare function configureMFAFlow(mockFetch: MockFetchInstance): void;
+/**
+ * Configure mock fetch for token refresh scenarios.
+ */
+declare function configureTokenRefresh(mockFetch: MockFetchInstance, options?: {
+    /** Whether refresh should succeed */
+    success?: boolean;
+    /** New tokens to return on success */
+    newTokens?: {
+        accessToken: string;
+        refreshToken: string;
+    };
+    /** Error message on failure */
+    errorMessage?: string;
+}): void;
+/**
+ * Configure mock fetch for SSO logout flow.
+ */
+declare function configureSSOLogout(mockFetch: MockFetchInstance, logoutUrl?: string): void;
+/**
+ * Configure mock fetch for failed authentication.
+ */
+declare function configureAuthFailure(mockFetch: MockFetchInstance, options?: {
+    /** Specific endpoint to fail (default: all auth endpoints) */
+    endpoint?: string;
+    /** Error status code */
+    status?: number;
+    /** Error message */
+    message?: string;
+}): void;
+/**
+ * Configure mock fetch for rate limiting.
+ */
+declare function configureRateLimiting(mockFetch: MockFetchInstance, endpoint: string): void;
+/**
+ * Create a test user with specific permissions and roles.
+ */
+declare function createTestUserWithPermissions(permissions: string[], roles?: string[], overrides?: Partial<User>): User;
+/**
+ * Create a test user for admin testing.
+ */
+declare function createTestAdminUser(overrides?: Partial<User>): User;
+/**
+ * Create a test user for SSO testing.
+ */
+declare function createTestSSOUser(provider?: string, overrides?: Partial<User>): User;
+/**
+ * Simulate a login flow on the mock store.
+ */
+declare function simulateLogin(store: MockAuthStore, user?: User, tokens?: {
+    accessToken: string;
+    refreshToken: string;
+}): void;
+/**
+ * Simulate a logout flow on the mock store.
+ */
+declare function simulateLogout(store: MockAuthStore): void;
+/**
+ * Simulate a token refresh on the mock store.
+ */
+declare function simulateTokenRefresh(store: MockAuthStore, newTokens?: {
+    accessToken: string;
+    refreshToken: string;
+}): void;
+/**
+ * Simulate a profile update on the mock store.
+ */
+declare function simulateProfileUpdate(store: MockAuthStore, updates: Partial<User>): void;
+/**
+ * Configure a complete MFA enrollment flow.
+ */
+declare function configureMFAEnrollmentFlow(mockFetch: MockFetchInstance): void;
+/**
+ * Configure a complete password reset flow.
+ */
+declare function configurePasswordResetFlow(mockFetch: MockFetchInstance): void;
+/**
+ * Configure a session management test scenario.
+ */
+declare function configureSessionManagementFlow(mockFetch: MockFetchInstance, sessionCount?: number): void;
+/**
+ * Auth Test Assertions
+ *
+ * Custom assertions for testing authentication functionality.
+ */
+interface AssertApiCalledOptions {
+    /** Expected number of calls (if specified) */
+    times?: number;
+    /** Expected request body */
+    body?: unknown;
+    /** Expected headers */
+    headers?: Record<string, string>;
+}
+interface AssertStoreMethodCalledOptions {
+    /** Expected number of calls */
+    times?: number;
+    /** Expected arguments */
+    args?: unknown[];
+}
+/**
+ * Assert that the auth state is authenticated.
+ */
+declare function assertAuthenticated(state: AuthState, message?: string): void;
+/**
+ * Assert that the auth state is unauthenticated.
+ */
+declare function assertUnauthenticated(state: AuthState, message?: string): void;
+/**
+ * Assert that the auth state has specific user.
+ */
+declare function assertHasUser(state: AuthState, userId: string, message?: string): void;
+/**
+ * Assert that a user has specific permissions.
+ */
+declare function assertHasPermissions(user: User, permissions: string[], message?: string): void;
+/**
+ * Assert that a user does not have specific permissions.
+ */
+declare function assertLacksPermissions(user: User, permissions: string[], message?: string): void;
+/**
+ * Assert that a user has specific roles.
+ */
+declare function assertHasRoles(user: User, roles: string[], message?: string): void;
+/**
+ * Assert that a user does not have specific roles.
+ */
+declare function assertLacksRoles(user: User, roles: string[], message?: string): void;
+/**
+ * Assert that a token is valid (not expired).
+ */
+declare function assertTokenValid(token: string, message?: string): void;
+/**
+ * Assert that a token is expired.
+ */
+declare function assertTokenExpired(token: string, message?: string): void;
+/**
+ * Assert that a token contains specific claims.
+ */
+declare function assertTokenHasClaims(token: string, claims: Record<string, unknown>, message?: string): void;
+/**
+ * Assert that a token has specific subject (user ID).
+ */
+declare function assertTokenSubject(token: string, subject: string, message?: string): void;
+/**
+ * Assert that an API endpoint was called.
+ */
+declare function assertApiCalled(mockFetch: MockFetchInstance, method: string, path: string, options?: AssertApiCalledOptions): void;
+/**
+ * Assert that an API endpoint was not called.
+ */
+declare function assertApiNotCalled(mockFetch: MockFetchInstance, method: string, path: string, message?: string): void;
+/**
+ * Assert the order of API calls.
+ */
+declare function assertApiCallOrder(mockFetch: MockFetchInstance, expectedOrder: Array<{
+    method: string;
+    path: string;
+}>): void;
+/**
+ * Assert that a store method was called.
+ */
+declare function assertStoreMethodCalled(store: MockAuthStore, method: string, options?: AssertStoreMethodCalledOptions): void;
+/**
+ * Assert that a store method was not called.
+ */
+declare function assertStoreMethodNotCalled(store: MockAuthStore, method: string, message?: string): void;
+/**
+ * Assert that a login response requires MFA.
+ */
+declare function assertRequiresMFA(response: {
+    requiresMFA?: boolean;
+    mfaRequired?: boolean;
+    mfaToken?: string;
+}, message?: string): void;
+/**
+ * Assert that a login response does not require MFA.
+ */
+declare function assertNoMFARequired(response: {
+    requiresMFA?: boolean;
+    mfaRequired?: boolean;
+    accessToken?: string;
+}, message?: string): void;
+/**
+ * Assert that a user's email is verified.
+ */
+declare function assertEmailVerified(user: User, message?: string): void;
+/**
+ * Assert that a user's email is not verified.
+ */
+declare function assertEmailNotVerified(user: User, message?: string): void;
+/**
+ * Assert that a user is active.
+ */
+declare function assertUserActive(user: User, message?: string): void;
+/**
+ * Assert that a user is inactive.
+ */
+declare function assertUserInactive(user: User, message?: string): void;
+/**
+ * Assert that a user uses a specific auth method.
+ */
+declare function assertAuthMethod(user: User, method: 'password' | 'oauth' | 'both', message?: string): void;
+export { type AssertApiCalledOptions, type AssertStoreMethodCalledOptions, type AuthScenario, type FetchCall, type JWTPayloadOptions, MockAuthStore, type MockAuthStoreOptions, MockFetchInstance, type MockFetchOptions, type MockRequest, type MockRoute, type MockRouteResponse, MockStorageAdapter, type MockStorageOptions, type ScenarioState, type SetupTestAuthOptions, type StorageCall, type StoreCall, type TestAuthContext, applyScenario, applyScenarios, assertApiCallOrder, assertApiCalled, assertApiNotCalled, assertAuthMethod, assertAuthenticated, assertEmailNotVerified, assertEmailVerified, assertHasPermissions, assertHasRoles, assertHasUser, assertLacksPermissions, assertLacksRoles, assertNoMFARequired, assertRequiresMFA, assertStoreMethodCalled, assertStoreMethodNotCalled, assertTokenExpired, assertTokenHasClaims, assertTokenSubject, assertTokenValid, assertUnauthenticated, assertUserActive, assertUserInactive, authScenarios, configureAuthFailure, configureMFAEnrollmentFlow, configureMFAFlow, configurePasswordResetFlow, configureRateLimiting, configureSSOLogout, configureSessionManagementFlow, configureTokenRefresh, createAuthenticatedMockStore, createExpiredMockJWT, createMockAuthActions, createMockAuthStore, createMockCurrentUser, createMockDevice, createMockFetch, createMockFetchWithRoutes, createMockIsAuthenticated, createMockJWT, createMockLoginSuccess, createMockMFARequired, createMockMFAToken, createMockSecurityEvent, createMockSession, createMockStorage, createMockStorageWithAuth, createMockTokenPair, createMockUser, createMockUserWithAuthMethod, createMockUserWithRoles, createTestAdminUser, createTestAuthHelpers, createTestSSOUser, createTestUserWithPermissions, getScenarioState, initAuthWithMocks, mockAccessToken, mockAdminLoginSuccess, mockAdminToken, mockAdminUser, mockApiKey, mockApiKeys, mockCurrentSession, mockDevices, mockExpiredToken, mockInactiveUser, mockLinkedAccount, mockLoginSuccess, mockLogoutSuccess, mockMFARequired, mockMFARequiredLegacy, mockMFASetup, mockMFAStatusDisabled, mockMFAStatusEnabled, mockMFAToken, mockMFAUser, mockOtherSession, mockRefreshToken, mockRegisterRequiresVerification, mockRegisterSuccess, mockSSOLoginSuccess, mockSSOLogoutResponse, mockSSOUser, mockSecurityEventLogin, mockSecurityEventPasswordChange, mockSecurityEventSuspicious, mockSecurityEvents, mockSessionToken, mockSessions, mockTrustedDevice, mockUntrustedDevice, mockUnverifiedUser, mockUser, mockUserPreferences, quickSetupAuth, resetTestAuth, setupTestAuth, simulateLogin, simulateLogout, simulateProfileUpdate, simulateTokenRefresh, withTestAuth, withTestAuthEach };