@crossauth/fastify 0.0.35 → 0.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/fastifysession.d.ts +14 -2
  2. package/dist/index.cjs +2 -2
  3. package/dist/index.js +944 -941
  4. package/package.json +3 -3
package/dist/index.js CHANGED
@@ -93,23 +93,23 @@ class De {
93
93
  return await this.updateUser(
94
94
  e,
95
95
  o,
96
- (s, i, n) => {
97
- const t = n ? "Please click on the link in your email to verify your email address." : "Your details have been updated";
96
+ (s, t, n) => {
97
+ const i = n ? "Please click on the link in your email to verify your email address." : "Your details have been updated";
98
98
  return s.view(this.updateUserPage, {
99
99
  csrfToken: e.csrfToken,
100
- message: t,
100
+ message: i,
101
101
  urlPrefix: this.prefix,
102
102
  allowedFactor2: this.sessionServer.allowedFactor2Details()
103
103
  });
104
104
  }
105
105
  );
106
106
  } catch (s) {
107
- const i = l.asCrossauthError(s);
108
- d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: i.codeName, errorCode: i.code })), d.logger.debug(c({ err: s }));
107
+ const t = l.asCrossauthError(s);
108
+ d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: t.codeName, errorCode: t.code })), d.logger.debug(c({ err: s }));
109
109
  let n = {};
110
- for (let t in e.body)
111
- t.startsWith("user_") && (n[t] = e.body[t]);
112
- return this.sessionServer.handleError(s, e, o, (t, a) => t.view(this.updateUserPage, {
110
+ for (let i in e.body)
111
+ i.startsWith("user_") && (n[i] = e.body[i]);
112
+ return this.sessionServer.handleError(s, e, o, (i, a) => i.view(this.updateUserPage, {
113
113
  user: e.user,
114
114
  errorMessage: a.message,
115
115
  errorMessages: a.messages,
@@ -144,20 +144,20 @@ class De {
144
144
  return await this.updateUser(
145
145
  e,
146
146
  o,
147
- (i, n, t) => i.header(...U).send({
147
+ (t, n, i) => t.header(...U).send({
148
148
  ok: !0,
149
- emailVerificationRequired: t
149
+ emailVerificationRequired: i
150
150
  })
151
151
  );
152
- } catch (i) {
153
- const n = l.asCrossauthError(i);
152
+ } catch (t) {
153
+ const n = l.asCrossauthError(t);
154
154
  return d.logger.error(c({
155
155
  msg: "Update user failure",
156
156
  user: (s = e.user) == null ? void 0 : s.username,
157
157
  errorCodeName: n.codeName,
158
158
  errorCode: n.code
159
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
160
- t.status(this.sessionServer.errorStatus(i)).header(...U).send({
159
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
160
+ i.status(this.sessionServer.errorStatus(t)).header(...U).send({
161
161
  ok: !1,
162
162
  errorMessage: a.message,
163
163
  errorMessages: a.messages,
@@ -176,7 +176,7 @@ class De {
176
176
  this.sessionServer.app.get(
177
177
  this.prefix + "changefactor2",
178
178
  async (e, o) => {
179
- var s, i;
179
+ var s, t;
180
180
  if (d.logger.info(c({
181
181
  msg: "Page visit",
182
182
  method: "GET",
@@ -197,7 +197,7 @@ class De {
197
197
  csrfToken: e.csrfToken,
198
198
  next: e.query.next ?? this.sessionServer.loginRedirect,
199
199
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
200
- factor2: ((i = e.user) == null ? void 0 : i.factor2) ?? "none",
200
+ factor2: ((t = e.user) == null ? void 0 : t.factor2) ?? "none",
201
201
  required: e.query.required ?? !1
202
202
  };
203
203
  return o.view(this.changeFactor2Page, r);
@@ -213,8 +213,8 @@ class De {
213
213
  ip: e.ip,
214
214
  user: (r = e.user) == null ? void 0 : r.username
215
215
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
216
- const i = await this.sessionServer.getSessionData(e, "factor2change");
217
- if (!(i != null && i.username) && !this.sessionServer.isSessionUser(e))
216
+ const t = await this.sessionServer.getSessionData(e, "factor2change");
217
+ if (!(t != null && t.username) && !this.sessionServer.isSessionUser(e))
218
218
  return b.sendPageError(
219
219
  o,
220
220
  401,
@@ -225,26 +225,26 @@ class De {
225
225
  return await this.changeFactor2(
226
226
  e,
227
227
  o,
228
- (i, n, t) => n.factor2 ? i.view(this.configureFactor2Page, {
228
+ (t, n, i) => n.factor2 ? t.view(this.configureFactor2Page, {
229
229
  csrfToken: n.csrfToken,
230
230
  next: e.body.next ?? this.sessionServer.loginRedirect,
231
231
  ...n.userData
232
- }) : i.view(this.configureFactor2Page, {
232
+ }) : t.view(this.configureFactor2Page, {
233
233
  message: "Two factor authentication has been updated",
234
234
  next: e.body.next ?? this.sessionServer.loginRedirect,
235
235
  csrfToken: n.csrfToken
236
236
  })
237
237
  );
238
- } catch (i) {
239
- const n = l.asCrossauthError(i);
238
+ } catch (t) {
239
+ const n = l.asCrossauthError(t);
240
240
  return d.logger.error(c({
241
241
  msg: "Change two factor authentication failure",
242
242
  user: (s = e.user) == null ? void 0 : s.username,
243
243
  errorCodeName: n.codeName,
244
244
  errorCode: n.code
245
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
245
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
246
246
  var h;
247
- return t.view(this.changeFactor2Page, {
247
+ return i.view(this.changeFactor2Page, {
248
248
  errorMessage: a.message,
249
249
  errorMessages: a.messages,
250
250
  errorCode: a.code,
@@ -280,19 +280,19 @@ class De {
280
280
  return await this.changeFactor2(
281
281
  e,
282
282
  o,
283
- (i, n, t) => i.header(...U).send({
283
+ (t, n, i) => t.header(...U).send({
284
284
  ok: !0,
285
285
  ...n.userData
286
286
  })
287
287
  );
288
- } catch (i) {
289
- const n = l.asCrossauthError(i);
288
+ } catch (t) {
289
+ const n = l.asCrossauthError(t);
290
290
  return d.logger.error(c({
291
291
  msg: "Change factor2 failure",
292
292
  user: (s = e.user) == null ? void 0 : s.username,
293
293
  errorCodeName: n.codeName,
294
294
  errorCode: n.code
295
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.status(this.sessionServer.errorStatus(i)).header(...U).send({
295
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.status(this.sessionServer.errorStatus(t)).header(...U).send({
296
296
  ok: !1,
297
297
  errorMessage: a.message,
298
298
  errorMessages: a.messages,
@@ -318,8 +318,8 @@ class De {
318
318
  ip: e.ip,
319
319
  user: (s = e.user) == null ? void 0 : s.username
320
320
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
321
- const i = await this.sessionServer.getSessionData(e, "passwordchange");
322
- if ((i == null ? void 0 : i.username) == null && !this.sessionServer.isSessionUser(e))
321
+ const t = await this.sessionServer.getSessionData(e, "passwordchange");
322
+ if ((t == null ? void 0 : t.username) == null && !this.sessionServer.isSessionUser(e))
323
323
  return b.sendPageError(
324
324
  o,
325
325
  401,
@@ -349,7 +349,7 @@ class De {
349
349
  return await this.changePassword(
350
350
  e,
351
351
  o,
352
- (i, n) => e.body.next ? i.redirect(e.body.next) : i.view(this.changePasswordPage, {
352
+ (t, n) => e.body.next ? t.redirect(e.body.next) : t.view(this.changePasswordPage, {
353
353
  csrfToken: e.csrfToken,
354
354
  message: "Your password has been changed.",
355
355
  urlPrefix: this.prefix,
@@ -357,14 +357,14 @@ class De {
357
357
  required: e.body.required
358
358
  })
359
359
  );
360
- } catch (i) {
361
- const n = l.asCrossauthError(i);
360
+ } catch (t) {
361
+ const n = l.asCrossauthError(t);
362
362
  return d.logger.error(c({
363
363
  msg: "Change password failure",
364
364
  user: (s = e.user) == null ? void 0 : s.username,
365
365
  errorCodeName: n.codeName,
366
366
  errorCode: n.code
367
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.view(this.changePasswordPage, {
367
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.view(this.changePasswordPage, {
368
368
  errorMessage: a.message,
369
369
  errorMessages: a.messages,
370
370
  errorCode: a.code,
@@ -397,18 +397,18 @@ class De {
397
397
  return await this.changePassword(
398
398
  e,
399
399
  o,
400
- (i, n) => i.header(...U).send({
400
+ (t, n) => t.header(...U).send({
401
401
  ok: !0
402
402
  })
403
403
  );
404
- } catch (i) {
405
- const n = l.asCrossauthError(i);
404
+ } catch (t) {
405
+ const n = l.asCrossauthError(t);
406
406
  return d.logger.error(c({
407
407
  msg: "Change password failure",
408
408
  user: (s = e.user) == null ? void 0 : s.username,
409
409
  errorCodeName: n.codeName,
410
410
  errorCode: n.code
411
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.status(this.sessionServer.errorStatus(i)).header(...U).send({
411
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.status(this.sessionServer.errorStatus(t)).header(...U).send({
412
412
  ok: !1,
413
413
  errorMessage: a.message,
414
414
  errorMessages: a.messages,
@@ -437,23 +437,23 @@ class De {
437
437
  return await this.reconfigureFactor2(
438
438
  e,
439
439
  o,
440
- (s, i, n) => s.view(this.configureFactor2Page, {
441
- ...i,
440
+ (s, t, n) => s.view(this.configureFactor2Page, {
441
+ ...t,
442
442
  next: e.query.next ?? this.sessionServer.loginRedirect
443
443
  })
444
444
  );
445
445
  } catch (s) {
446
- const i = l.asCrossauthError(s);
446
+ const t = l.asCrossauthError(s);
447
447
  return d.logger.error(c({
448
448
  msg: "Configure factor2 failure",
449
449
  user: (r = e.user) == null ? void 0 : r.username,
450
- errorCodeName: i.codeName,
451
- errorCode: i.code
452
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (n, t) => n.view(this.configureFactor2Page, {
453
- errorMessage: t.message,
454
- errorMessages: t.messages,
455
- errorCode: t.code,
456
- errorCodeName: g[t.code],
450
+ errorCodeName: t.codeName,
451
+ errorCode: t.code
452
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (n, i) => n.view(this.configureFactor2Page, {
453
+ errorMessage: i.message,
454
+ errorMessages: i.messages,
455
+ errorCode: i.code,
456
+ errorCodeName: g[i.code],
457
457
  next: e.query.next ?? this.sessionServer.loginRedirect,
458
458
  csrfToken: e.csrfToken,
459
459
  urlPrefix: this.prefix
@@ -474,8 +474,8 @@ class De {
474
474
  return d.logger.debug(c({ msg: "Next page " + r })), await this.configureFactor2(
475
475
  e,
476
476
  o,
477
- (s, i) => {
478
- const n = i != null && i.factor2 ? this.sessionServer.authenticators[i.factor2] : void 0;
477
+ (s, t) => {
478
+ const n = t != null && t.factor2 ? this.sessionServer.authenticators[t.factor2] : void 0;
479
479
  return !this.sessionServer.isSessionUser(e) && this.enableEmailVerification && (n == null || n.skipEmailVerificationOnSignup() != !0) ? s.view(this.signupPage, {
480
480
  next: r,
481
481
  csrfToken: e.csrfToken,
@@ -497,10 +497,10 @@ class De {
497
497
  const a = l.asCrossauthError(s);
498
498
  return d.logger.error(c({ msg: "Signup second factor failure", errorCodeName: a.codeName, errorCode: a.code })), d.logger.error(c({ msg: "Session not defined during two factor process" })), o.status(500).view(this.sessionServer.errorPage, { status: 500, errorMessage: "An unknown error occurred", errorCode: g.UnknownError, errorCodeName: "UnknownError" });
499
499
  }
500
- let i = (await this.sessionServer.sessionManager.dataForSessionId(e.sessionId))["2fa"];
500
+ let t = (await this.sessionServer.sessionManager.dataForSessionId(e.sessionId))["2fa"];
501
501
  const n = l.asCrossauthError(s);
502
- d.logger.error(c({ msg: "Signup two factor failure", user: i == null ? void 0 : i.username, errorCodeName: n.codeName, errorCode: n.code }));
503
- const { userData: t } = await this.sessionServer.sessionManager.repeatTwoFactorSignup(e.sessionId);
502
+ d.logger.error(c({ msg: "Signup two factor failure", user: t == null ? void 0 : t.username, errorCodeName: n.codeName, errorCode: n.code }));
503
+ const { userData: i } = await this.sessionServer.sessionManager.repeatTwoFactorSignup(e.sessionId);
504
504
  return this.sessionServer.handleError(s, e, o, (a, h) => a.view(this.configureFactor2Page, {
505
505
  errorMessage: h.message,
506
506
  errorMessages: h.messages,
@@ -508,11 +508,11 @@ class De {
508
508
  errorCodeName: g[h.code],
509
509
  urlPrefix: this.prefix,
510
510
  next: r,
511
- ...t,
511
+ ...i,
512
512
  csrfToken: this.sessionServer.csrfToken(e, a)
513
513
  }));
514
- } catch (i) {
515
- return d.logger.error(c({ err: i })), o.status(500).view(this.sessionServer.errorPage, {
514
+ } catch (t) {
515
+ return d.logger.error(c({ err: t })), o.status(500).view(this.sessionServer.errorPage, {
516
516
  status: 500,
517
517
  errorMessage: "An unknown error occurred",
518
518
  errorCode: g.UnknownError,
@@ -542,20 +542,20 @@ class De {
542
542
  return await this.reconfigureFactor2(
543
543
  o,
544
544
  r,
545
- (i, n, t) => i.header(...U).send({
545
+ (t, n, i) => t.header(...U).send({
546
546
  ok: !0,
547
547
  ...n
548
548
  })
549
549
  );
550
- } catch (i) {
551
- const n = l.asCrossauthError(i);
550
+ } catch (t) {
551
+ const n = l.asCrossauthError(t);
552
552
  d.logger.error(c({
553
553
  msg: "Configure 2FA configuration failure",
554
554
  user: (s = o.user) == null ? void 0 : s.username,
555
555
  errorCodeName: n.codeName,
556
556
  errorCode: n.code
557
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, r, (t, a) => {
558
- t.status(this.sessionServer.errorStatus(i)).header(...U).send({
557
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, o, r, (i, a) => {
558
+ i.status(this.sessionServer.errorStatus(t)).header(...U).send({
559
559
  ok: !1,
560
560
  errorMessage: a.message,
561
561
  errorMessages: a.messages,
@@ -579,23 +579,23 @@ class De {
579
579
  return await this.configureFactor2(
580
580
  o,
581
581
  r,
582
- (i, n) => {
583
- const t = {
582
+ (t, n) => {
583
+ const i = {
584
584
  ok: !0,
585
585
  user: n
586
586
  };
587
- return this.sessionServer.isSessionUser(o) || (t.emailVerificationNeeded = this.enableEmailVerification), i.header(...U).send(t);
587
+ return this.sessionServer.isSessionUser(o) || (i.emailVerificationNeeded = this.enableEmailVerification), t.header(...U).send(i);
588
588
  }
589
589
  );
590
- } catch (i) {
591
- const n = l.asCrossauthError(i);
590
+ } catch (t) {
591
+ const n = l.asCrossauthError(t);
592
592
  d.logger.error(c({
593
593
  msg: "Configure 2FA configuration failure",
594
594
  user: (s = o.user) == null ? void 0 : s.username,
595
595
  errorCodeName: n.codeName,
596
596
  errorCode: n.code
597
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, r, (t, a) => {
598
- t.status(this.sessionServer.errorStatus(i)).header(...U).send({
597
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, o, r, (i, a) => {
598
+ i.status(this.sessionServer.errorStatus(t)).header(...U).send({
599
599
  ok: !1,
600
600
  errorMessage: a.message,
601
601
  errorMessages: a.messages,
@@ -640,7 +640,7 @@ class De {
640
640
  return await this.requestPasswordReset(
641
641
  e,
642
642
  o,
643
- (s, i) => s.view(this.requestPasswordResetPage, {
643
+ (s, t) => s.view(this.requestPasswordResetPage, {
644
644
  csrfToken: e.csrfToken,
645
645
  message: r,
646
646
  urlPrefix: this.prefix
@@ -650,13 +650,13 @@ class De {
650
650
  return d.logger.error(c({
651
651
  msg: "Request password reset faiulure user failure",
652
652
  email: e.body.email
653
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => n.code == g.EmailNotExist ? i.view(this.requestPasswordResetPage, {
653
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => n.code == g.EmailNotExist ? t.view(this.requestPasswordResetPage, {
654
654
  csrfToken: e.csrfToken,
655
655
  message: r,
656
656
  urlPrefix: this.prefix,
657
657
  required: e.body.required,
658
658
  next: e.body.next
659
- }) : e.body.next ? i.redirect(e.body.next) : i.view(this.requestPasswordResetPage, {
659
+ }) : e.body.next ? t.redirect(e.body.next) : t.view(this.requestPasswordResetPage, {
660
660
  errorMessage: n.message,
661
661
  errorMessages: n.messages,
662
662
  errorCode: n.code,
@@ -697,8 +697,8 @@ class De {
697
697
  email: e.body.email,
698
698
  errorCodeName: s.codeName,
699
699
  errorCode: s.code
700
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => {
701
- i.status(this.sessionServer.errorStatus(r)).header(...U).send({
700
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (t, n) => {
701
+ t.status(this.sessionServer.errorStatus(r)).header(...U).send({
702
702
  ok: !1,
703
703
  errorMessage: n.message,
704
704
  errorMessages: n.messages,
@@ -764,7 +764,7 @@ class De {
764
764
  hashedToken: F.hash(e.body.token),
765
765
  errorCodeName: s.codeName,
766
766
  errorCode: s.code
767
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => i.view(this.resetPasswordPage, {
767
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (t, n) => t.view(this.resetPasswordPage, {
768
768
  errorMessage: n.message,
769
769
  errorMessages: n.messages,
770
770
  errorCode: n.code,
@@ -805,8 +805,8 @@ class De {
805
805
  hashedToken: F.hash(e.body.token),
806
806
  errorCodeName: s.codeName,
807
807
  errorCode: s.code
808
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => {
809
- i.status(this.sessionServer.errorStatus(r)).header(...U).send({
808
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (t, n) => {
809
+ t.status(this.sessionServer.errorStatus(r)).header(...U).send({
810
810
  ok: !1,
811
811
  errorMessage: n.message,
812
812
  errorMessages: n.messages,
@@ -847,7 +847,7 @@ class De {
847
847
  hashedToken: F.hash(e.params.token),
848
848
  errorCodeName: s.codeName,
849
849
  errorCode: s.code
850
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => i.view(this.sessionServer.errorPage, {
850
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (t, n) => t.view(this.sessionServer.errorPage, {
851
851
  errorCode: n.code,
852
852
  errorCodeName: g[n.code],
853
853
  errorMessage: n.message,
@@ -887,8 +887,8 @@ class De {
887
887
  hashedToken: F.hash(e.params.token),
888
888
  errorCodeName: s.codeName,
889
889
  errorCode: s.code
890
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => {
891
- i.status(this.sessionServer.errorStatus(r)).header(...U).send({
890
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (t, n) => {
891
+ t.status(this.sessionServer.errorStatus(r)).header(...U).send({
892
892
  ok: !1,
893
893
  errorMessage: n.message,
894
894
  errorMessages: n.messages,
@@ -920,28 +920,28 @@ class De {
920
920
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call delete user unless a user storage is provided");
921
921
  r = (await this.sessionServer.userStorage.getUserById(e.user.id)).user;
922
922
  } catch (n) {
923
- const t = l.asCrossauthError(n);
924
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
925
- errorMessage: t.message,
926
- errorMessages: t.messages,
927
- errorCode: t.code,
928
- errorCodeName: g[t.code]
923
+ const i = l.asCrossauthError(n);
924
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
925
+ errorMessage: i.message,
926
+ errorMessages: i.messages,
927
+ errorCode: i.code,
928
+ errorCodeName: g[i.code]
929
929
  });
930
930
  }
931
931
  const s = e.query.next ?? this.prefix;
932
- let i = {
932
+ let t = {
933
933
  urlPrefix: this.prefix,
934
934
  csrfToken: e.csrfToken,
935
935
  next: s,
936
936
  isAdmin: !1,
937
937
  user: r
938
938
  };
939
- return o.view(this.deleteUserPage, i);
939
+ return o.view(this.deleteUserPage, t);
940
940
  }
941
941
  ), this.sessionServer.app.post(
942
942
  this.prefix + "deleteuser",
943
943
  async (e, o) => {
944
- var s, i;
944
+ var s, t;
945
945
  if (d.logger.info(c({
946
946
  msg: "Page visit",
947
947
  method: "POST",
@@ -956,24 +956,24 @@ class De {
956
956
  e,
957
957
  o,
958
958
  (n) => {
959
- var t;
959
+ var i;
960
960
  return n.view(this.deleteUserPage, {
961
961
  message: "User deleted",
962
962
  csrfToken: e.csrfToken,
963
963
  urlPrefix: this.prefix,
964
- userid: (t = e.user) == null ? void 0 : t.id,
964
+ userid: (i = e.user) == null ? void 0 : i.id,
965
965
  isAdmin: !1,
966
966
  next: r
967
967
  });
968
968
  }
969
969
  );
970
970
  } catch (n) {
971
- const t = l.asCrossauthError(n);
971
+ const i = l.asCrossauthError(n);
972
972
  return d.logger.error(c({
973
973
  msg: "Failed deleting user",
974
- user: (i = e.user) == null ? void 0 : i.username,
975
- errorCodeName: t.codeName,
976
- errorCode: t.code
974
+ user: (t = e.user) == null ? void 0 : t.username,
975
+ errorCodeName: i.codeName,
976
+ errorCode: i.code
977
977
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
978
978
  var v;
979
979
  const p = l.asCrossauthError(n).httpStatus;
@@ -1013,23 +1013,23 @@ class De {
1013
1013
  return await this.deleteUser(
1014
1014
  e,
1015
1015
  o,
1016
- (i) => {
1016
+ (t) => {
1017
1017
  var n;
1018
- return i.header(...U).send({
1018
+ return t.header(...U).send({
1019
1019
  ok: !0,
1020
1020
  userid: (n = e.user) == null ? void 0 : n.id
1021
1021
  });
1022
1022
  }
1023
1023
  );
1024
- } catch (i) {
1025
- const n = l.asCrossauthError(i);
1024
+ } catch (t) {
1025
+ const n = l.asCrossauthError(t);
1026
1026
  d.logger.error(c({
1027
1027
  msg: "Delete user failure",
1028
1028
  user: (s = e.user) == null ? void 0 : s.username,
1029
1029
  errorCodeName: n.codeName,
1030
1030
  errorCode: n.code
1031
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1032
- t.status(this.sessionServer.errorStatus(i)).header(...U).send({
1031
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1032
+ i.status(this.sessionServer.errorStatus(t)).header(...U).send({
1033
1033
  ok: !1,
1034
1034
  errorMessage: a.message,
1035
1035
  errorMessages: a.messages,
@@ -1057,9 +1057,9 @@ class De {
1057
1057
  e,
1058
1058
  this.sessionServer.userStorage.userEditableFields
1059
1059
  );
1060
- let i = this.sessionServer.validateUserFn(s);
1061
- if (i.length > 0)
1062
- throw new l(g.FormEntry, i);
1060
+ let t = this.sessionServer.validateUserFn(s);
1061
+ if (t.length > 0)
1062
+ throw new l(g.FormEntry, t);
1063
1063
  let n = await this.sessionServer.sessionManager.updateUser(e.user, s);
1064
1064
  return r(o, e.user, n.emailVerificationTokenSent);
1065
1065
  }
@@ -1086,26 +1086,26 @@ class De {
1086
1086
  throw new l(g.Unauthorized);
1087
1087
  if (!e.csrfToken)
1088
1088
  throw new l(g.InvalidCsrf);
1089
- let i = e.body.factor2;
1089
+ let t = e.body.factor2;
1090
1090
  if (e.body.factor2 && !this.sessionServer.allowedFactor2.includes(e.body.factor2))
1091
1091
  throw new l(
1092
1092
  g.Forbidden,
1093
1093
  "Illegal second factor " + e.body.factor2 + " requested"
1094
1094
  );
1095
- (e.body.factor2 == "none" || e.body.factor2 == "") && (i = void 0);
1096
- const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(s, i, e.sessionId);
1097
- let t = {
1098
- factor2: i,
1095
+ (e.body.factor2 == "none" || e.body.factor2 == "") && (t = void 0);
1096
+ const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(s, t, e.sessionId);
1097
+ let i = {
1098
+ factor2: t,
1099
1099
  userData: n,
1100
1100
  username: n.username,
1101
1101
  next: e.body.next ?? this.sessionServer.loginRedirect,
1102
1102
  csrfToken: e.csrfToken
1103
1103
  };
1104
- return r(o, t);
1104
+ return r(o, i);
1105
1105
  }
1106
1106
  async changePassword(e, o, r) {
1107
1107
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changePassword unless a user storage is provided");
1108
- let s, i = !1;
1108
+ let s, t = !1;
1109
1109
  if (!this.sessionServer.isSessionUser(e) || !e.user) {
1110
1110
  const m = await this.sessionServer.getSessionData(e, "passwordchange");
1111
1111
  if (m != null && m.username) {
@@ -1115,7 +1115,7 @@ class De {
1115
1115
  skipActiveCheck: !0,
1116
1116
  skipEmailVerifiedCheck: !0
1117
1117
  }
1118
- )).user, i = !0, !e.csrfToken)
1118
+ )).user, t = !0, !e.csrfToken)
1119
1119
  throw new l(g.InvalidCsrf);
1120
1120
  } else
1121
1121
  throw new l(g.Unauthorized);
@@ -1125,24 +1125,24 @@ class De {
1125
1125
  s = e.user;
1126
1126
  } else
1127
1127
  throw new l(g.InsufficientPriviledges);
1128
- const n = this.sessionServer.authenticators[s.factor1], t = n.secretNames();
1128
+ const n = this.sessionServer.authenticators[s.factor1], i = n.secretNames();
1129
1129
  let a = {}, h = {}, f = {};
1130
1130
  for (let m in e.body)
1131
1131
  if (m.startsWith("new_")) {
1132
1132
  const w = m.replace(/^new_/, "");
1133
- t.includes(w) && (h[w] = e.body[m]);
1133
+ i.includes(w) && (h[w] = e.body[m]);
1134
1134
  } else if (m.startsWith("old_")) {
1135
1135
  const w = m.replace(/^old_/, "");
1136
- t.includes(w) && (a[w] = e.body[m]);
1136
+ i.includes(w) && (a[w] = e.body[m]);
1137
1137
  } else if (m.startsWith("repeat_")) {
1138
1138
  const w = m.replace(/^repeat_/, "");
1139
- t.includes(w) && (f[w] = e.body[m]);
1139
+ i.includes(w) && (f[w] = e.body[m]);
1140
1140
  }
1141
1141
  if (Object.keys(f).length === 0 && (f = void 0), n.validateSecrets(h).length > 0)
1142
1142
  throw new l(g.PasswordFormat);
1143
1143
  const v = s.state;
1144
1144
  try {
1145
- i && (s.state = "active", await this.sessionServer.userStorage.updateUser({ id: s.id, state: s.state })), await this.sessionServer.sessionManager.changeSecrets(
1145
+ t && (s.state = "active", await this.sessionServer.userStorage.updateUser({ id: s.id, state: s.state })), await this.sessionServer.sessionManager.changeSecrets(
1146
1146
  s.username,
1147
1147
  1,
1148
1148
  h,
@@ -1151,7 +1151,7 @@ class De {
1151
1151
  );
1152
1152
  } catch (m) {
1153
1153
  const w = l.asCrossauthError(m);
1154
- if (d.logger.debug(c({ err: m })), i)
1154
+ if (d.logger.debug(c({ err: m })), t)
1155
1155
  try {
1156
1156
  await this.sessionServer.userStorage.updateUser({ id: s.id, state: v });
1157
1157
  } catch (P) {
@@ -1159,7 +1159,7 @@ class De {
1159
1159
  }
1160
1160
  throw w;
1161
1161
  }
1162
- return i ? await this.sessionServer.loginWithUser(s, !1, e, o, r) : r(o, void 0);
1162
+ return t ? await this.sessionServer.loginWithUser(s, !1, e, o, r) : r(o, void 0);
1163
1163
  }
1164
1164
  async configureFactor2(e, o, r) {
1165
1165
  if (this.sessionServer.isSessionUser(e) && !e.csrfToken)
@@ -1177,20 +1177,20 @@ class De {
1177
1177
  !0,
1178
1178
  e,
1179
1179
  o,
1180
- (i, n) => r(i, n)
1180
+ (t, n) => r(t, n)
1181
1181
  ) : r(o, s);
1182
1182
  }
1183
1183
  async reconfigureFactor2(e, o, r) {
1184
1184
  if (!e.user || !e.sessionId || !this.sessionServer.isSessionUser(e))
1185
1185
  throw new l(g.Unauthorized);
1186
1186
  let s = e.user.factor2;
1187
- const i = this.sessionServer.authenticators[s];
1188
- if (!i || i.secretNames().length == 0)
1187
+ const t = this.sessionServer.authenticators[s];
1188
+ if (!t || t.secretNames().length == 0)
1189
1189
  throw new l(
1190
1190
  g.BadRequest,
1191
1191
  "Selected second factor does not have configuration"
1192
1192
  );
1193
- let t = {
1193
+ let i = {
1194
1194
  ...await this.sessionServer.sessionManager.initiateTwoFactorSetup(
1195
1195
  e.user,
1196
1196
  s,
@@ -1198,7 +1198,7 @@ class De {
1198
1198
  ),
1199
1199
  csrfToken: e.csrfToken
1200
1200
  };
1201
- return r(o, t);
1201
+ return r(o, i);
1202
1202
  }
1203
1203
  async requestPasswordReset(e, o, r) {
1204
1204
  if (!this.enablePasswordReset)
@@ -1211,12 +1211,12 @@ class De {
1211
1211
  const s = e.body.email;
1212
1212
  try {
1213
1213
  await this.sessionServer.sessionManager.requestPasswordReset(s);
1214
- } catch (i) {
1215
- l.asCrossauthError(i).code == g.UserNotExist ? d.logger.warn(c({
1214
+ } catch (t) {
1215
+ l.asCrossauthError(t).code == g.UserNotExist ? d.logger.warn(c({
1216
1216
  msg: "Password reset requested for invalid email",
1217
1217
  email: e.body.email
1218
1218
  })) : d.logger.debug(c({
1219
- err: i,
1219
+ err: t,
1220
1220
  msg: "Couldn't send password reset email"
1221
1221
  }));
1222
1222
  }
@@ -1225,15 +1225,15 @@ class De {
1225
1225
  async resetPassword(e, o, r) {
1226
1226
  if (!e.csrfToken)
1227
1227
  throw new l(g.InvalidCsrf);
1228
- const s = e.body.token, i = await this.sessionServer.sessionManager.userForPasswordResetToken(s), n = this.sessionServer.authenticators[i.factor1], t = n.secretNames();
1228
+ const s = e.body.token, t = await this.sessionServer.sessionManager.userForPasswordResetToken(s), n = this.sessionServer.authenticators[t.factor1], i = n.secretNames();
1229
1229
  let a = {}, h = {};
1230
1230
  for (let v in e.body)
1231
1231
  if (v.startsWith("new_")) {
1232
1232
  const m = v.replace(/^new_/, "");
1233
- t.includes(m) && (a[m] = e.body[v]);
1233
+ i.includes(m) && (a[m] = e.body[v]);
1234
1234
  } else if (v.startsWith("repeat_")) {
1235
1235
  const m = v.replace(/^repeat_/, "");
1236
- t.includes(m) && (h[m] = e.body[v]);
1236
+ i.includes(m) && (h[m] = e.body[v]);
1237
1237
  }
1238
1238
  if (Object.keys(h).length === 0 && (h = void 0), n.validateSecrets(a).length > 0)
1239
1239
  throw new l(g.PasswordFormat);
@@ -1245,8 +1245,8 @@ class De {
1245
1245
  g.Configuration,
1246
1246
  "Email verification reset not enabled"
1247
1247
  );
1248
- const s = e.params.token, i = await this.sessionServer.sessionManager.applyEmailVerificationToken(s);
1249
- return await this.sessionServer.loginWithUser(i, !0, e, o, r);
1248
+ const s = e.params.token, t = await this.sessionServer.sessionManager.applyEmailVerificationToken(s);
1249
+ return await this.sessionServer.loginWithUser(t, !0, e, o, r);
1250
1250
  }
1251
1251
  async deleteUser(e, o, r) {
1252
1252
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteUser unless a user storage is provided");
@@ -1267,10 +1267,10 @@ async function ze(S, e) {
1267
1267
  if (s.code != g.UserNotExist)
1268
1268
  throw d.logger.debug(c({ err: s })), s;
1269
1269
  try {
1270
- const { user: i } = await e.getUserByEmail(S);
1271
- o.push(i);
1272
- } catch (i) {
1273
- const n = l.asCrossauthError(i);
1270
+ const { user: t } = await e.getUserByEmail(S);
1271
+ o.push(t);
1272
+ } catch (t) {
1273
+ const n = l.asCrossauthError(t);
1274
1274
  if (n.code != g.UserNotExist)
1275
1275
  throw d.logger.debug(c({ err: n })), s;
1276
1276
  }
@@ -1331,18 +1331,18 @@ class He {
1331
1331
  return d.logger.debug(c({ msg: "Next page " + r })), await this.createUser(
1332
1332
  e,
1333
1333
  o,
1334
- (i, n, t) => i.redirect(302, r)
1334
+ (t, n, i) => t.redirect(302, r)
1335
1335
  );
1336
- } catch (i) {
1337
- const n = l.asCrossauthError(i);
1336
+ } catch (t) {
1337
+ const n = l.asCrossauthError(t);
1338
1338
  return d.logger.error(c({
1339
1339
  msg: "Signup failure",
1340
1340
  user: e.body.username,
1341
1341
  errorCodeName: n.codeName,
1342
1342
  errorCode: n.code
1343
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1344
- const f = l.asCrossauthError(i).httpStatus;
1345
- return t.status(f).view(this.adminCreateUserPage, {
1343
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1344
+ const f = l.asCrossauthError(t).httpStatus;
1345
+ return i.status(f).view(this.adminCreateUserPage, {
1346
1346
  errorMessage: a.message,
1347
1347
  errorMessages: a.messages,
1348
1348
  errorCode: a.code,
@@ -1379,21 +1379,21 @@ class He {
1379
1379
  return await this.createUser(
1380
1380
  e,
1381
1381
  o,
1382
- (i, n, t) => i.header(...R).send({
1382
+ (t, n, i) => t.header(...R).send({
1383
1383
  ok: !0,
1384
- user: t,
1384
+ user: i,
1385
1385
  ...n.userData
1386
1386
  })
1387
1387
  );
1388
- } catch (i) {
1389
- const n = l.asCrossauthError(i);
1388
+ } catch (t) {
1389
+ const n = l.asCrossauthError(t);
1390
1390
  d.logger.error(c({
1391
1391
  msg: "Create user failure",
1392
1392
  user: (s = e.user) == null ? void 0 : s.username,
1393
1393
  errorCodeName: n.codeName,
1394
1394
  errorCode: n.code
1395
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1396
- t.status(this.sessionServer.errorStatus(i)).header(...R).send({
1395
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1396
+ i.status(this.sessionServer.errorStatus(t)).header(...R).send({
1397
1397
  ok: !1,
1398
1398
  errorMessage: a.message,
1399
1399
  errorMessages: a.messages,
@@ -1420,21 +1420,21 @@ class He {
1420
1420
  })), !(e != null && e.user) || !b.isAdmin(e.user))
1421
1421
  return this.accessDeniedPage(e, o);
1422
1422
  try {
1423
- let r = [], s = Number(e.query.skip), i = Number(e.query.take);
1424
- s < 0 && (i = -s, s = 0), s || (s = 0), i || (i = 10), e.query.search ? r = await this.userSearchFn(
1423
+ let r = [], s = Number(e.query.skip), t = Number(e.query.take);
1424
+ s < 0 && (t = -s, s = 0), s || (s = 0), t || (t = 10), e.query.search ? r = await this.userSearchFn(
1425
1425
  e.query.search,
1426
1426
  this.sessionServer.userStorage
1427
1427
  ) : r = await this.sessionServer.userStorage.getUsers(
1428
1428
  s,
1429
- i
1429
+ t
1430
1430
  );
1431
1431
  let n = {
1432
1432
  urlPrefix: this.adminPrefix,
1433
1433
  skip: s,
1434
- take: i,
1434
+ take: t,
1435
1435
  users: r,
1436
1436
  havePrevious: s > 0,
1437
- haveNext: i != null && r.length == i
1437
+ haveNext: t != null && r.length == t
1438
1438
  };
1439
1439
  return e.query.next && (n.next = e.query.next), o.view(this.adminSelectUserPage, n);
1440
1440
  } catch (r) {
@@ -1504,12 +1504,12 @@ class He {
1504
1504
  let r;
1505
1505
  try {
1506
1506
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateuser unless a user storage is provided");
1507
- const { user: i } = await this.sessionServer.userStorage.getUserById(e.params.id);
1508
- return r = i, await this.updateUser(
1507
+ const { user: t } = await this.sessionServer.userStorage.getUserById(e.params.id);
1508
+ return r = t, await this.updateUser(
1509
1509
  r,
1510
1510
  e,
1511
1511
  o,
1512
- (n, t, a, h) => {
1512
+ (n, i, a, h) => {
1513
1513
  let f = "User's details have been updated.";
1514
1514
  return a ? f = "User's details have been updated and sent and an email verification link." : h && (f = "User's details have been updated and sent and a password reset token sent."), n.view(this.adminUpdateUserPage, {
1515
1515
  csrfToken: e.csrfToken,
@@ -1519,9 +1519,9 @@ class He {
1519
1519
  });
1520
1520
  }
1521
1521
  );
1522
- } catch (i) {
1523
- const n = l.asCrossauthError(i);
1524
- return d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: n.codeName, errorCode: n.code })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => r ? t.view(this.adminUpdateUserPage, {
1522
+ } catch (t) {
1523
+ const n = l.asCrossauthError(t);
1524
+ return d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: n.codeName, errorCode: n.code })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => r ? i.view(this.adminUpdateUserPage, {
1525
1525
  user: r,
1526
1526
  errorMessage: a.message,
1527
1527
  errorMessages: a.messages,
@@ -1532,7 +1532,7 @@ class He {
1532
1532
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
1533
1533
  ...e.body
1534
1534
  }) : b.sendPageError(
1535
- t,
1535
+ i,
1536
1536
  n.httpStatus,
1537
1537
  this.sessionServer.errorPage,
1538
1538
  n.message,
@@ -1562,28 +1562,28 @@ class He {
1562
1562
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteuser unless a user storage is provided");
1563
1563
  r = (await this.sessionServer.userStorage.getUserById(e.params.id)).user;
1564
1564
  } catch (n) {
1565
- const t = l.asCrossauthError(n);
1566
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
1567
- errorMessage: t.message,
1568
- errorMessages: t.messages,
1569
- errorCode: t.code,
1570
- errorCodeName: g[t.code]
1565
+ const i = l.asCrossauthError(n);
1566
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
1567
+ errorMessage: i.message,
1568
+ errorMessages: i.messages,
1569
+ errorCode: i.code,
1570
+ errorCodeName: g[i.code]
1571
1571
  });
1572
1572
  }
1573
1573
  const s = e.query.next ?? this.adminPrefix + "selectuser";
1574
- let i = {
1574
+ let t = {
1575
1575
  urlPrefix: this.adminPrefix,
1576
1576
  csrfToken: e.csrfToken,
1577
1577
  next: s,
1578
1578
  isAdmin: !0,
1579
1579
  user: r
1580
1580
  };
1581
- return o.view(this.deleteUserPage, i);
1581
+ return o.view(this.deleteUserPage, t);
1582
1582
  }
1583
1583
  ), this.sessionServer.app.post(
1584
1584
  this.adminPrefix + "deleteuser/:id",
1585
1585
  async (e, o) => {
1586
- var s, i;
1586
+ var s, t;
1587
1587
  d.logger.info(c({
1588
1588
  msg: "Page visit",
1589
1589
  method: "POST",
@@ -1606,12 +1606,12 @@ class He {
1606
1606
  })
1607
1607
  );
1608
1608
  } catch (n) {
1609
- const t = l.asCrossauthError(n);
1609
+ const i = l.asCrossauthError(n);
1610
1610
  return d.logger.error(c({
1611
1611
  msg: "Failed deleting user",
1612
- user: (i = e.user) == null ? void 0 : i.username,
1613
- errorCodeName: t.codeName,
1614
- errorCode: t.code
1612
+ user: (t = e.user) == null ? void 0 : t.username,
1613
+ errorCodeName: i.codeName,
1614
+ errorCode: i.code
1615
1615
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1616
1616
  const p = l.asCrossauthError(n).httpStatus;
1617
1617
  return a.status(p).view(this.deleteUserPage, {
@@ -1637,7 +1637,7 @@ class He {
1637
1637
  this.sessionServer.app.post(
1638
1638
  this.adminPrefix + "api/updateuser/:id",
1639
1639
  async (e, o) => {
1640
- var s, i;
1640
+ var s, t;
1641
1641
  if (d.logger.info(c({
1642
1642
  msg: "API visit",
1643
1643
  method: "POST",
@@ -1654,18 +1654,18 @@ class He {
1654
1654
  r,
1655
1655
  e,
1656
1656
  o,
1657
- (t, a, h) => t.header(...R).send({
1657
+ (i, a, h) => i.header(...R).send({
1658
1658
  ok: !0,
1659
1659
  emailVerificationRequired: h
1660
1660
  })
1661
1661
  );
1662
1662
  } catch (n) {
1663
- const t = l.asCrossauthError(n);
1663
+ const i = l.asCrossauthError(n);
1664
1664
  return d.logger.error(c({
1665
1665
  msg: "Update user failure",
1666
- user: (i = e.user) == null ? void 0 : i.username,
1667
- errorCodeName: t.codeName,
1668
- errorCode: t.code
1666
+ user: (t = e.user) == null ? void 0 : t.username,
1667
+ errorCodeName: i.codeName,
1668
+ errorCode: i.code
1669
1669
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1670
1670
  a.status(this.sessionServer.errorStatus(n)).header(...R).send({
1671
1671
  ok: !1,
@@ -1698,20 +1698,20 @@ class He {
1698
1698
  return this.accessDeniedPage(e, o);
1699
1699
  try {
1700
1700
  const { user: s } = await this.sessionServer.userStorage.getUserById(e.params.id);
1701
- let i = {
1701
+ let t = {
1702
1702
  urlPrefix: this.adminPrefix,
1703
1703
  csrfToken: e.csrfToken,
1704
1704
  user: s
1705
1705
  };
1706
- return o.view(this.adminChangePasswordPage, i);
1706
+ return o.view(this.adminChangePasswordPage, t);
1707
1707
  } catch (s) {
1708
- const i = l.asCrossauthError(s);
1708
+ const t = l.asCrossauthError(s);
1709
1709
  return d.logger.error(c({ err: s })), b.sendPageError(
1710
1710
  o,
1711
- i.httpStatus,
1711
+ t.httpStatus,
1712
1712
  this.sessionServer.errorPage,
1713
- i.message,
1714
- i
1713
+ t.message,
1714
+ t
1715
1715
  );
1716
1716
  }
1717
1717
  }
@@ -1729,12 +1729,12 @@ class He {
1729
1729
  let r;
1730
1730
  try {
1731
1731
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changepassword unless a user storage is provided");
1732
- const { user: i } = await this.sessionServer.userStorage.getUserById(e.params.id);
1733
- return r = i, await this.changePassword(
1732
+ const { user: t } = await this.sessionServer.userStorage.getUserById(e.params.id);
1733
+ return r = t, await this.changePassword(
1734
1734
  r,
1735
1735
  e,
1736
1736
  o,
1737
- (n, t) => e.body.next ? n.redirect(e.body.next) : n.view(this.adminChangePasswordPage, {
1737
+ (n, i) => e.body.next ? n.redirect(e.body.next) : n.view(this.adminChangePasswordPage, {
1738
1738
  csrfToken: e.csrfToken,
1739
1739
  message: "User's password has been changed.",
1740
1740
  urlPrefix: this.adminPrefix,
@@ -1743,14 +1743,14 @@ class He {
1743
1743
  user: r
1744
1744
  })
1745
1745
  );
1746
- } catch (i) {
1747
- const n = l.asCrossauthError(i);
1746
+ } catch (t) {
1747
+ const n = l.asCrossauthError(t);
1748
1748
  return d.logger.error(c({
1749
1749
  msg: "Change password failure",
1750
1750
  userid: e.params.id,
1751
1751
  errorCodeName: n.codeName,
1752
1752
  errorCode: n.code
1753
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.view(this.adminChangePasswordPage, {
1753
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.view(this.adminChangePasswordPage, {
1754
1754
  errorMessage: a.message,
1755
1755
  errorMessages: a.messages,
1756
1756
  errorCode: a.code,
@@ -1769,7 +1769,7 @@ class He {
1769
1769
  this.sessionServer.app.post(
1770
1770
  this.adminPrefix + "api/changepassword/:id",
1771
1771
  async (e, o) => {
1772
- var s, i;
1772
+ var s, t;
1773
1773
  if (d.logger.info(c({
1774
1774
  msg: "API visit",
1775
1775
  method: "POST",
@@ -1786,17 +1786,17 @@ class He {
1786
1786
  r,
1787
1787
  e,
1788
1788
  o,
1789
- (t, a) => t.header(...R).send({
1789
+ (i, a) => i.header(...R).send({
1790
1790
  ok: !0
1791
1791
  })
1792
1792
  );
1793
1793
  } catch (n) {
1794
- const t = l.asCrossauthError(n);
1794
+ const i = l.asCrossauthError(n);
1795
1795
  return d.logger.error(c({
1796
1796
  msg: "Update user failure",
1797
- user: (i = e.user) == null ? void 0 : i.username,
1798
- errorCodeName: t.codeName,
1799
- errorCode: t.code
1797
+ user: (t = e.user) == null ? void 0 : t.username,
1798
+ errorCodeName: i.codeName,
1799
+ errorCode: i.code
1800
1800
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1801
1801
  a.status(this.sessionServer.errorStatus(n)).header(...R).send({
1802
1802
  ok: !1,
@@ -1829,20 +1829,20 @@ class He {
1829
1829
  return await this.deleteUser(
1830
1830
  e,
1831
1831
  o,
1832
- (i) => i.header(...R).send({
1832
+ (t) => t.header(...R).send({
1833
1833
  ok: !0,
1834
1834
  client_id: e.params.id
1835
1835
  })
1836
1836
  );
1837
- } catch (i) {
1838
- const n = l.asCrossauthError(i);
1837
+ } catch (t) {
1838
+ const n = l.asCrossauthError(t);
1839
1839
  d.logger.error(c({
1840
1840
  msg: "Delete user failure",
1841
1841
  user: (s = e.user) == null ? void 0 : s.username,
1842
1842
  errorCodeName: n.codeName,
1843
1843
  errorCode: n.code
1844
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1845
- t.status(this.sessionServer.errorStatus(i)).header(...R).send({
1844
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1845
+ i.status(this.sessionServer.errorStatus(t)).header(...R).send({
1846
1846
  ok: !1,
1847
1847
  errorMessage: a.message,
1848
1848
  errorMessages: a.messages,
@@ -1872,19 +1872,20 @@ class He {
1872
1872
  {
1873
1873
  ...this.sessionServer.userStorage.userEditableFields,
1874
1874
  ...this.sessionServer.userStorage.adminEditableFields
1875
- }
1875
+ },
1876
+ this.sessionServer.adminAllowedFactor1
1876
1877
  );
1877
- const i = this.sessionServer.authenticators[s.factor1].secretNames();
1878
+ const t = this.sessionServer.authenticators[s.factor1].secretNames();
1878
1879
  let n = !0;
1879
- for (let v of i)
1880
+ for (let v of t)
1880
1881
  !e.body[v] && !e.body["repeat_" + v] && (n = !1);
1881
- let t = [], a = {};
1882
+ let i = [], a = {};
1882
1883
  if (n) {
1883
- t = this.sessionServer.authenticators[s.factor1].validateSecrets(e.body);
1884
+ i = this.sessionServer.authenticators[s.factor1].validateSecrets(e.body);
1884
1885
  for (let v in e.body)
1885
1886
  if (v.startsWith("repeat_")) {
1886
1887
  const m = v.replace(/^repeat_/, "");
1887
- i.includes(m) && (a[m] = e.body[v]);
1888
+ t.includes(m) && (a[m] = e.body[v]);
1888
1889
  }
1889
1890
  Object.keys(a).length === 0 && (a = void 0);
1890
1891
  }
@@ -1898,7 +1899,7 @@ class He {
1898
1899
  msg: `Setting state for user to ${O.passwordResetNeeded}`,
1899
1900
  username: s.username
1900
1901
  })));
1901
- let f = [...this.sessionServer.validateUserFn(s), ...t];
1902
+ let f = [...this.sessionServer.validateUserFn(s), ...i];
1902
1903
  if (f.length > 0)
1903
1904
  throw new l(g.FormEntry, f);
1904
1905
  const p = await this.sessionServer.sessionManager.createUser(
@@ -1921,11 +1922,11 @@ class He {
1921
1922
  }
1922
1923
  async accessDeniedPage(e, o) {
1923
1924
  const r = new l(g.InsufficientPriviledges);
1924
- return this.sessionServer.handleError(r, e, o, (s, i) => s.status(r.httpStatus).view(this.sessionServer.errorPage, {
1925
- errorMessage: i.message,
1926
- errorMessages: i.messages,
1927
- errorCode: i.code,
1928
- errorCodeName: g[i.code]
1925
+ return this.sessionServer.handleError(r, e, o, (s, t) => s.status(r.httpStatus).view(this.sessionServer.errorPage, {
1926
+ errorMessage: t.message,
1927
+ errorMessages: t.messages,
1928
+ errorCode: t.code,
1929
+ errorCodeName: g[t.code]
1929
1930
  }));
1930
1931
  }
1931
1932
  async updateUser(e, o, r, s) {
@@ -1933,7 +1934,7 @@ class He {
1933
1934
  if (!o.user || !b.isAdmin(o.user))
1934
1935
  throw new l(g.Unauthorized);
1935
1936
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1936
- const i = e.factor2, n = e.state;
1937
+ const t = e.factor2, n = e.state;
1937
1938
  e.state = o.body.state, e = this.sessionServer.updateUserFn(
1938
1939
  e,
1939
1940
  o,
@@ -1942,10 +1943,10 @@ class He {
1942
1943
  ...this.sessionServer.userStorage.adminEditableFields
1943
1944
  }
1944
1945
  );
1945
- const t = e.factor2 && e.factor2 != "none" && e.factor2 != i;
1946
- if (t && !(e.state == n || e.state == "factor2ResetNeeded"))
1946
+ const i = e.factor2 && e.factor2 != "none" && e.factor2 != t;
1947
+ if (i && !(e.state == n || e.state == "factor2ResetNeeded"))
1947
1948
  throw new l(g.BadRequest, "Cannot change both factor2 and state at the same time");
1948
- t && (e.state = O.factor2ResetNeeded, d.logger.warn(c({
1949
+ i && (e.state = O.factor2ResetNeeded, d.logger.warn(c({
1949
1950
  msg: `Setting state for user to ${O.factor2ResetNeeded}`,
1950
1951
  username: e.username
1951
1952
  })));
@@ -1964,22 +1965,22 @@ class He {
1964
1965
  if (!o.user || !b.isAdmin(o.user))
1965
1966
  throw new l(g.Unauthorized);
1966
1967
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1967
- const i = this.sessionServer.authenticators[e.factor1], n = i.secretNames();
1968
- let t = {}, a = {};
1968
+ const t = this.sessionServer.authenticators[e.factor1], n = t.secretNames();
1969
+ let i = {}, a = {};
1969
1970
  for (let f in o.body)
1970
1971
  if (f.startsWith("new_")) {
1971
1972
  const p = f.replace(/^new_/, "");
1972
- n.includes(p) && (t[p] = o.body[f]);
1973
+ n.includes(p) && (i[p] = o.body[f]);
1973
1974
  } else if (f.startsWith("repeat_")) {
1974
1975
  const p = f.replace(/^repeat_/, "");
1975
1976
  n.includes(p) && (a[p] = o.body[f]);
1976
1977
  }
1977
- if (Object.keys(a).length === 0 && (a = void 0), i.validateSecrets(t).length > 0)
1978
+ if (Object.keys(a).length === 0 && (a = void 0), t.validateSecrets(i).length > 0)
1978
1979
  throw new l(g.PasswordFormat);
1979
1980
  return e.state = "active", await this.sessionServer.userStorage.updateUser({ id: e.id, state: e.state }), await this.sessionServer.sessionManager.changeSecrets(
1980
1981
  e.username,
1981
1982
  1,
1982
- t,
1983
+ i,
1983
1984
  a
1984
1985
  ), s(r, void 0);
1985
1986
  }
@@ -1998,15 +1999,15 @@ async function ve(S, e, o) {
1998
1999
  const s = await e.getClientById(S);
1999
2000
  r.push(s);
2000
2001
  } catch (s) {
2001
- const i = l.asCrossauthError(s);
2002
- if (i.code != g.UserNotExist)
2003
- throw d.logger.debug(c({ err: i })), i;
2002
+ const t = l.asCrossauthError(s);
2003
+ if (t.code != g.UserNotExist)
2004
+ throw d.logger.debug(c({ err: t })), t;
2004
2005
  try {
2005
2006
  r = await e.getClientByName(S, o);
2006
2007
  } catch (n) {
2007
- const t = l.asCrossauthError(n);
2008
- if (t.code != g.UserNotExist)
2009
- throw d.logger.debug(c({ err: t })), i;
2008
+ const i = l.asCrossauthError(n);
2009
+ if (i.code != g.UserNotExist)
2010
+ throw d.logger.debug(c({ err: i })), t;
2010
2011
  }
2011
2012
  }
2012
2013
  return r;
@@ -2049,42 +2050,42 @@ class Le {
2049
2050
  return this.accessDeniedPage(e, o);
2050
2051
  const r = e.query.next ?? encodeURIComponent(e.url);
2051
2052
  try {
2052
- let s = [], i = Number(e.query.skip), n = Number(e.query.take);
2053
- i || (i = 0), n || (n = 10);
2054
- let t = null, a;
2053
+ let s = [], t = Number(e.query.skip), n = Number(e.query.take);
2054
+ t || (t = 0), n || (n = 10);
2055
+ let i = null, a;
2055
2056
  if (e.query.userid) {
2056
2057
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call selectclient with user unless a user storage is provided");
2057
- a = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user, t = a.id;
2058
+ a = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user, i = a.id;
2058
2059
  }
2059
2060
  e.query.search ? s = await this.clientSearchFn(
2060
2061
  e.query.search,
2061
2062
  this.clientStorage,
2062
- t
2063
+ i
2063
2064
  ) : s = await this.clientStorage.getClients(
2064
- i,
2065
+ t,
2065
2066
  n,
2066
- t
2067
+ i
2067
2068
  );
2068
2069
  let h = {
2069
2070
  urlPrefix: this.adminPrefix,
2070
2071
  user: a,
2071
- skip: i,
2072
+ skip: t,
2072
2073
  take: n,
2073
2074
  clients: s,
2074
- havePrevious: i > 0,
2075
+ havePrevious: t > 0,
2075
2076
  haveNext: n != null && s.length == n,
2076
2077
  isAdmin: !0,
2077
2078
  next: r
2078
2079
  };
2079
2080
  return e.query.next && (h.next = e.query.next), o.view(this.selectClientPage, h);
2080
2081
  } catch (s) {
2081
- const i = l.asCrossauthError(s);
2082
+ const t = l.asCrossauthError(s);
2082
2083
  return d.logger.error(c({ err: s })), b.sendPageError(
2083
2084
  o,
2084
- i.httpStatus,
2085
+ t.httpStatus,
2085
2086
  this.sessionServer.errorPage,
2086
- i.message,
2087
- i
2087
+ t.message,
2088
+ t
2088
2089
  );
2089
2090
  }
2090
2091
  }
@@ -2113,15 +2114,15 @@ class Le {
2113
2114
  s = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user;
2114
2115
  }
2115
2116
  } catch (n) {
2116
- const t = l.asCrossauthError(n);
2117
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2118
- errorMessage: t.message,
2119
- errorMessages: t.messages,
2120
- errorCode: t.code,
2121
- errorCodeName: g[t.code]
2117
+ const i = l.asCrossauthError(n);
2118
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
2119
+ errorMessage: i.message,
2120
+ errorMessages: i.messages,
2121
+ errorCode: i.code,
2122
+ errorCodeName: g[i.code]
2122
2123
  });
2123
2124
  }
2124
- let i = {
2125
+ let t = {
2125
2126
  urlPrefix: this.adminPrefix,
2126
2127
  csrfToken: e.csrfToken,
2127
2128
  validFlows: this.validFlows,
@@ -2130,18 +2131,18 @@ class Le {
2130
2131
  isAdmin: !0,
2131
2132
  next: r
2132
2133
  };
2133
- return o.view(this.createClientPage, i);
2134
+ return o.view(this.createClientPage, t);
2134
2135
  }
2135
2136
  ), this.sessionServer.app.post(
2136
2137
  this.adminPrefix + "createclient",
2137
2138
  async (e, o) => {
2138
- var i, n;
2139
+ var t, n;
2139
2140
  d.logger.info(c({
2140
2141
  msg: "Page visit",
2141
2142
  method: "POST",
2142
2143
  url: this.adminPrefix + "createclient",
2143
2144
  ip: e.ip,
2144
- user: (i = e.user) == null ? void 0 : i.username
2145
+ user: (t = e.user) == null ? void 0 : t.username
2145
2146
  }));
2146
2147
  let r = e.body.next;
2147
2148
  r || (e.body.userid ? r = this.adminPrefix + "selectuser" : r = this.adminPrefix + "selectclient");
@@ -2154,7 +2155,7 @@ class Le {
2154
2155
  return await this.createClient(
2155
2156
  e,
2156
2157
  o,
2157
- (t, a) => t.view(this.createClientPage, {
2158
+ (i, a) => i.view(this.createClientPage, {
2158
2159
  message: "Created client",
2159
2160
  client: a,
2160
2161
  csrfToken: e.csrfToken,
@@ -2168,15 +2169,15 @@ class Le {
2168
2169
  }),
2169
2170
  s
2170
2171
  );
2171
- } catch (t) {
2172
- const a = l.asCrossauthError(t);
2172
+ } catch (i) {
2173
+ const a = l.asCrossauthError(i);
2173
2174
  return d.logger.error(c({
2174
2175
  msg: "Failed creating OAuth client",
2175
2176
  user: (n = e.user) == null ? void 0 : n.username,
2176
2177
  errorCodeName: a.codeName,
2177
2178
  errorCode: a.code
2178
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2179
- const v = l.asCrossauthError(t).httpStatus;
2179
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2180
+ const v = l.asCrossauthError(i).httpStatus;
2180
2181
  return h.status(v).view(this.createClientPage, {
2181
2182
  errorMessage: f.message,
2182
2183
  errorMessages: f.messages,
@@ -2223,11 +2224,11 @@ class Le {
2223
2224
  }
2224
2225
  let s = e.query.next;
2225
2226
  s || (e.query.userid ? s = this.adminPrefix + "selectuser" : s = this.adminPrefix + "selectclient");
2226
- let i;
2227
+ let t;
2227
2228
  try {
2228
2229
  if (r.userid) {
2229
2230
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateclient with user unless a user storage is provided");
2230
- i = (await this.sessionServer.userStorage.getUserById(r.userid)).user;
2231
+ t = (await this.sessionServer.userStorage.getUserById(r.userid)).user;
2231
2232
  }
2232
2233
  } catch (a) {
2233
2234
  const h = l.asCrossauthError(a);
@@ -2241,13 +2242,13 @@ class Le {
2241
2242
  let n = {};
2242
2243
  for (let a of this.validFlows)
2243
2244
  r.valid_flow.includes(a) && (n[a] = !0);
2244
- let t = {
2245
+ let i = {
2245
2246
  urlPrefix: this.adminPrefix,
2246
2247
  csrfToken: e.csrfToken,
2247
2248
  validFlows: this.validFlows,
2248
2249
  flowNames: E.flowNames(this.validFlows),
2249
2250
  selectedFlows: n,
2250
- user: i,
2251
+ user: t,
2251
2252
  client_id: r.client_id,
2252
2253
  client_name: r.client_name,
2253
2254
  confidential: r.confidential,
@@ -2255,18 +2256,18 @@ class Le {
2255
2256
  isAdmin: !0,
2256
2257
  next: s
2257
2258
  };
2258
- return o.view(this.updateClientPage, t);
2259
+ return o.view(this.updateClientPage, i);
2259
2260
  }
2260
2261
  ), this.sessionServer.app.post(
2261
2262
  this.adminPrefix + "updateclient/:client_id",
2262
2263
  async (e, o) => {
2263
- var i, n;
2264
+ var t, n;
2264
2265
  d.logger.info(c({
2265
2266
  msg: "Page visit",
2266
2267
  method: "POST",
2267
2268
  url: this.adminPrefix + "updateclient",
2268
2269
  ip: e.ip,
2269
- user: (i = e.user) == null ? void 0 : i.username
2270
+ user: (t = e.user) == null ? void 0 : t.username
2270
2271
  }));
2271
2272
  let r = e.body.next;
2272
2273
  r || (e.body.userid ? r = this.adminPrefix + "selectuser" : r = this.adminPrefix + "selectclient");
@@ -2279,7 +2280,7 @@ class Le {
2279
2280
  return await this.updateClient(
2280
2281
  e,
2281
2282
  o,
2282
- (t, a, h) => t.view(this.updateClientPage, {
2283
+ (i, a, h) => i.view(this.updateClientPage, {
2283
2284
  message: "Updated client",
2284
2285
  client: a,
2285
2286
  csrfToken: e.csrfToken,
@@ -2293,15 +2294,15 @@ class Le {
2293
2294
  ...e.body
2294
2295
  })
2295
2296
  );
2296
- } catch (t) {
2297
- const a = l.asCrossauthError(t);
2297
+ } catch (i) {
2298
+ const a = l.asCrossauthError(i);
2298
2299
  return d.logger.error(c({
2299
2300
  msg: "Failed updating OAuth client",
2300
2301
  user: (n = e.user) == null ? void 0 : n.username,
2301
2302
  errorCodeName: a.codeName,
2302
2303
  errorCode: a.code
2303
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2304
- const v = l.asCrossauthError(t).httpStatus;
2304
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2305
+ const v = l.asCrossauthError(i).httpStatus;
2305
2306
  let m = {};
2306
2307
  for (let w of this.validFlows)
2307
2308
  w in e.body && (m[w] = !0);
@@ -2343,27 +2344,27 @@ class Le {
2343
2344
  try {
2344
2345
  r = await this.clientStorage.getClientById(e.params.client_id);
2345
2346
  } catch (n) {
2346
- const t = l.asCrossauthError(n);
2347
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2348
- errorMessage: t.message,
2349
- errorMessages: t.messages,
2350
- errorCode: t.code,
2351
- errorCodeName: g[t.code]
2347
+ const i = l.asCrossauthError(n);
2348
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
2349
+ errorMessage: i.message,
2350
+ errorMessages: i.messages,
2351
+ errorCode: i.code,
2352
+ errorCodeName: g[i.code]
2352
2353
  });
2353
2354
  }
2354
2355
  const s = e.query.next ?? this.adminPrefix + "selectclient";
2355
- let i = {
2356
+ let t = {
2356
2357
  urlPrefix: this.adminPrefix,
2357
2358
  csrfToken: e.csrfToken,
2358
2359
  next: s,
2359
2360
  client: r
2360
2361
  };
2361
- return o.view(this.deleteClientPage, i);
2362
+ return o.view(this.deleteClientPage, t);
2362
2363
  }
2363
2364
  ), this.sessionServer.app.post(
2364
2365
  this.adminPrefix + "deleteclient/:client_id",
2365
2366
  async (e, o) => {
2366
- var s, i;
2367
+ var s, t;
2367
2368
  d.logger.info(c({
2368
2369
  msg: "Page visit",
2369
2370
  method: "POST",
@@ -2386,12 +2387,12 @@ class Le {
2386
2387
  })
2387
2388
  );
2388
2389
  } catch (n) {
2389
- const t = l.asCrossauthError(n);
2390
+ const i = l.asCrossauthError(n);
2390
2391
  return d.logger.error(c({
2391
2392
  msg: "Failed deleting OAuth client",
2392
- user: (i = e.user) == null ? void 0 : i.username,
2393
- errorCodeName: t.codeName,
2394
- errorCode: t.code
2393
+ user: (t = e.user) == null ? void 0 : t.username,
2394
+ errorCodeName: i.codeName,
2395
+ errorCode: i.code
2395
2396
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2396
2397
  const p = l.asCrossauthError(n).httpStatus;
2397
2398
  return a.status(p).view(this.deleteClientPage, {
@@ -2417,7 +2418,7 @@ class Le {
2417
2418
  this.sessionServer.app.post(
2418
2419
  this.adminPrefix + "api/createclient",
2419
2420
  async (e, o) => {
2420
- var s, i;
2421
+ var s, t;
2421
2422
  d.logger.info(c({
2422
2423
  msg: "API visit",
2423
2424
  method: "POST",
@@ -2434,19 +2435,19 @@ class Le {
2434
2435
  return await this.createClient(
2435
2436
  e,
2436
2437
  o,
2437
- (n, t) => n.header(...B).send({
2438
+ (n, i) => n.header(...B).send({
2438
2439
  ok: !0,
2439
- client: t
2440
+ client: i
2440
2441
  }),
2441
2442
  r
2442
2443
  );
2443
2444
  } catch (n) {
2444
- const t = l.asCrossauthError(n);
2445
+ const i = l.asCrossauthError(n);
2445
2446
  d.logger.error(c({
2446
2447
  msg: "Create client failure",
2447
- user: (i = e.user) == null ? void 0 : i.username,
2448
- errorCodeName: t.codeName,
2449
- errorCode: t.code
2448
+ user: (t = e.user) == null ? void 0 : t.username,
2449
+ errorCodeName: i.codeName,
2450
+ errorCode: i.code
2450
2451
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2451
2452
  a.status(this.sessionServer.errorStatus(n)).header(...B).send({
2452
2453
  ok: !1,
@@ -2482,22 +2483,22 @@ class Le {
2482
2483
  return await this.updateClient(
2483
2484
  e,
2484
2485
  o,
2485
- (i, n, t) => i.header(...B).send({
2486
+ (t, n, i) => t.header(...B).send({
2486
2487
  ok: !0,
2487
2488
  client: n,
2488
2489
  csrfToken: e.csrfToken,
2489
- newSecret: t
2490
+ newSecret: i
2490
2491
  })
2491
2492
  );
2492
- } catch (i) {
2493
- const n = l.asCrossauthError(i);
2493
+ } catch (t) {
2494
+ const n = l.asCrossauthError(t);
2494
2495
  return d.logger.error(c({
2495
2496
  msg: "Failed updating OAuth client",
2496
2497
  user: (s = e.user) == null ? void 0 : s.username,
2497
2498
  errorCodeName: n.codeName,
2498
2499
  errorCode: n.code
2499
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2500
- t.status(this.sessionServer.errorStatus(i)).header(...B).send({
2500
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2501
+ i.status(this.sessionServer.errorStatus(t)).header(...B).send({
2501
2502
  ok: !1,
2502
2503
  errorMessage: a.message,
2503
2504
  errorMessages: a.messages,
@@ -2528,20 +2529,20 @@ class Le {
2528
2529
  return await this.deleteClient(
2529
2530
  e,
2530
2531
  o,
2531
- (i) => i.header(...B).send({
2532
+ (t) => t.header(...B).send({
2532
2533
  ok: !0,
2533
2534
  client_id: e.params.client_id
2534
2535
  })
2535
2536
  );
2536
- } catch (i) {
2537
- const n = l.asCrossauthError(i);
2537
+ } catch (t) {
2538
+ const n = l.asCrossauthError(t);
2538
2539
  d.logger.error(c({
2539
2540
  msg: "Delete client failure",
2540
2541
  user: (s = e.user) == null ? void 0 : s.username,
2541
2542
  errorCodeName: n.codeName,
2542
2543
  errorCode: n.code
2543
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2544
- t.status(this.sessionServer.errorStatus(i)).header(...B).send({
2544
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2545
+ i.status(this.sessionServer.errorStatus(t)).header(...B).send({
2545
2546
  ok: !1,
2546
2547
  errorMessage: a.message,
2547
2548
  errorMessages: a.messages,
@@ -2556,11 +2557,11 @@ class Le {
2556
2557
  // Internal functions
2557
2558
  async accessDeniedPage(e, o) {
2558
2559
  const r = new l(g.InsufficientPriviledges);
2559
- return this.sessionServer.handleError(r, e, o, (s, i) => s.status(r.httpStatus).view(this.sessionServer.errorPage, {
2560
- errorMessage: i.message,
2561
- errorMessages: i.messages,
2562
- errorCode: i.code,
2563
- errorCodeName: g[i.code]
2560
+ return this.sessionServer.handleError(r, e, o, (s, t) => s.status(r.httpStatus).view(this.sessionServer.errorPage, {
2561
+ errorMessage: t.message,
2562
+ errorMessages: t.messages,
2563
+ errorCode: t.code,
2564
+ errorCodeName: g[t.code]
2564
2565
  }));
2565
2566
  }
2566
2567
  async createClient(e, o, r, s) {
@@ -2568,9 +2569,9 @@ class Le {
2568
2569
  throw new l(g.InvalidCsrf);
2569
2570
  if (!e.user || !b.isAdmin(e.user))
2570
2571
  throw new l(g.InsufficientPriviledges);
2571
- const i = e.body.confidential == "true", n = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2572
+ const t = e.body.confidential == "true", n = e.body.client_name, i = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2572
2573
  let a = [];
2573
- for (let p of t)
2574
+ for (let p of i)
2574
2575
  try {
2575
2576
  L.validateUri(p);
2576
2577
  } catch (v) {
@@ -2586,9 +2587,9 @@ class Le {
2586
2587
  p in e.body && h.push(p);
2587
2588
  const f = await this.clientManager.createClient(
2588
2589
  n,
2589
- t,
2590
- h,
2591
2590
  i,
2591
+ h,
2592
+ t,
2592
2593
  s == null ? void 0 : s.id
2593
2594
  );
2594
2595
  return r(o, f);
@@ -2599,26 +2600,26 @@ class Le {
2599
2600
  if (!e.user || !b.isAdmin(e.user))
2600
2601
  throw new l(g.InsufficientPriviledges);
2601
2602
  const s = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2602
- let i = [];
2603
+ let t = [];
2603
2604
  for (let p of s)
2604
2605
  try {
2605
2606
  L.validateUri(p);
2606
2607
  } catch (v) {
2607
- d.logger.error(c({ err: v })), i.push("[" + p + "]");
2608
+ d.logger.error(c({ err: v })), t.push("[" + p + "]");
2608
2609
  }
2609
- if (i.length > 0)
2610
+ if (t.length > 0)
2610
2611
  throw new l(
2611
2612
  g.BadRequest,
2612
- "The following redirect URIs are invalid: " + i.join(" ")
2613
+ "The following redirect URIs are invalid: " + t.join(" ")
2613
2614
  );
2614
2615
  let n = [];
2615
2616
  for (let p of this.validFlows)
2616
2617
  p in e.body && n.push(p);
2617
- const t = {};
2618
- t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = n, t.redirect_uri = s, t.userid = e.body.userid, t.userid == null && (t.userid = null);
2618
+ const i = {};
2619
+ i.client_name = e.body.client_name, i.confidential = e.body.confidential == "true", i.valid_flow = n, i.redirect_uri = s, i.userid = e.body.userid, i.userid == null && (i.userid = null);
2619
2620
  const a = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
2620
2621
  e.params.client_id,
2621
- t,
2622
+ i,
2622
2623
  a
2623
2624
  );
2624
2625
  return r(o, h, f);
@@ -2673,29 +2674,29 @@ class Ge {
2673
2674
  })), !(e != null && e.user))
2674
2675
  return o.redirect(this.sessionServer.loginUrl + "?next=" + this.prefix + "selectclient");
2675
2676
  try {
2676
- let r = [], s = Number(e.query.skip), i = Number(e.query.take);
2677
- s || (s = 0), i || (i = 10), e.query.search ? r = await this.clientSearchFn(
2677
+ let r = [], s = Number(e.query.skip), t = Number(e.query.take);
2678
+ s || (s = 0), t || (t = 10), e.query.search ? r = await this.clientSearchFn(
2678
2679
  e.query.search,
2679
2680
  this.clientStorage,
2680
2681
  e.user.id
2681
2682
  ) : r = await this.clientStorage.getClients(
2682
2683
  s,
2683
- i,
2684
+ t,
2684
2685
  e.user.id
2685
2686
  );
2686
2687
  const n = e.query.next ?? encodeURIComponent(e.url);
2687
- let t = {
2688
+ let i = {
2688
2689
  urlPrefix: this.prefix,
2689
2690
  user: e.user,
2690
2691
  skip: s,
2691
- take: i,
2692
+ take: t,
2692
2693
  clients: r,
2693
2694
  havePrevious: s > 0,
2694
- haveNext: i != null && r.length == i,
2695
+ haveNext: t != null && r.length == t,
2695
2696
  isAdmin: !1,
2696
2697
  next: n
2697
2698
  };
2698
- return e.query.next && (t.next = e.query.next), o.view(this.selectClientPage, t);
2699
+ return e.query.next && (i.next = e.query.next), o.view(this.selectClientPage, i);
2699
2700
  } catch (r) {
2700
2701
  const s = l.asCrossauthError(r);
2701
2702
  return d.logger.error(c({ err: r })), b.sendPageError(
@@ -2738,7 +2739,7 @@ class Ge {
2738
2739
  ), this.sessionServer.app.post(
2739
2740
  this.prefix + "createclient",
2740
2741
  async (e, o) => {
2741
- var s, i;
2742
+ var s, t;
2742
2743
  if (d.logger.info(c({
2743
2744
  msg: "Page visit",
2744
2745
  method: "POST",
@@ -2752,9 +2753,9 @@ class Ge {
2752
2753
  return await this.createClient(
2753
2754
  e,
2754
2755
  o,
2755
- (n, t) => n.view(this.createClientPage, {
2756
+ (n, i) => n.view(this.createClientPage, {
2756
2757
  message: "Created client",
2757
- client: t,
2758
+ client: i,
2758
2759
  csrfToken: e.csrfToken,
2759
2760
  urlPrefix: this.prefix,
2760
2761
  validFlows: this.validFlows,
@@ -2767,12 +2768,12 @@ class Ge {
2767
2768
  e.user
2768
2769
  );
2769
2770
  } catch (n) {
2770
- const t = l.asCrossauthError(n);
2771
+ const i = l.asCrossauthError(n);
2771
2772
  return d.logger.error(c({
2772
2773
  msg: "Failed creating OAuth client",
2773
- user: (i = e.user) == null ? void 0 : i.username,
2774
- errorCodeName: t.codeName,
2775
- errorCode: t.code
2774
+ user: (t = e.user) == null ? void 0 : t.username,
2775
+ errorCodeName: i.codeName,
2776
+ errorCode: i.code
2776
2777
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2777
2778
  const p = l.asCrossauthError(n).httpStatus;
2778
2779
  return a.status(p).view(this.createClientPage, {
@@ -2813,21 +2814,21 @@ class Ge {
2813
2814
  return await this.createClient(
2814
2815
  e,
2815
2816
  o,
2816
- (i, n) => i.header(...D).send({
2817
+ (t, n) => t.header(...D).send({
2817
2818
  ok: !0,
2818
2819
  client: n
2819
2820
  }),
2820
2821
  e.user
2821
2822
  );
2822
- } catch (i) {
2823
- const n = l.asCrossauthError(i);
2823
+ } catch (t) {
2824
+ const n = l.asCrossauthError(t);
2824
2825
  d.logger.error(c({
2825
2826
  msg: "Create client failure",
2826
2827
  user: (s = e.user) == null ? void 0 : s.username,
2827
2828
  errorCodeName: n.codeName,
2828
2829
  errorCode: n.code
2829
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2830
- t.status(this.sessionServer.errorStatus(i)).header(...D).send({
2830
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2831
+ i.status(this.sessionServer.errorStatus(t)).header(...D).send({
2831
2832
  ok: !1,
2832
2833
  errorMessage: a.message,
2833
2834
  errorMessages: a.messages,
@@ -2867,9 +2868,9 @@ class Ge {
2867
2868
  }
2868
2869
  let s = e.query.next;
2869
2870
  s || (e.query.userid ? s = this.prefix + "selectuser" : s = this.prefix + "selectclient");
2870
- let i;
2871
+ let t;
2871
2872
  try {
2872
- e.query.userid && (i = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user);
2873
+ e.query.userid && (t = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user);
2873
2874
  } catch (a) {
2874
2875
  const h = l.asCrossauthError(a);
2875
2876
  return d.logger.debug(c({ err: a })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
@@ -2882,13 +2883,13 @@ class Ge {
2882
2883
  let n = {};
2883
2884
  for (let a of this.validFlows)
2884
2885
  r.valid_flow.includes(a) && (n[a] = !0);
2885
- let t = {
2886
+ let i = {
2886
2887
  urlPrefix: this.prefix,
2887
2888
  csrfToken: e.csrfToken,
2888
2889
  validFlows: this.validFlows,
2889
2890
  flowNames: E.flowNames(this.validFlows),
2890
2891
  selectedFlows: n,
2891
- user: i,
2892
+ user: t,
2892
2893
  client_id: r.client_id,
2893
2894
  client_name: r.client_name,
2894
2895
  confidential: r.confidential,
@@ -2896,19 +2897,19 @@ class Ge {
2896
2897
  isAdmin: !0,
2897
2898
  next: s
2898
2899
  };
2899
- return o.view(this.updateClientPage, t);
2900
+ return o.view(this.updateClientPage, i);
2900
2901
  }
2901
2902
  ), this.sessionServer.app.post(
2902
2903
  this.prefix + "updateclient/:client_id",
2903
2904
  async (e, o) => {
2904
- var i, n;
2905
+ var t, n;
2905
2906
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateclient unless a user storage is provided ");
2906
2907
  d.logger.info(c({
2907
2908
  msg: "Page visit",
2908
2909
  method: "POST",
2909
2910
  url: this.prefix + "updateclient",
2910
2911
  ip: e.ip,
2911
- user: (i = e.user) == null ? void 0 : i.username
2912
+ user: (t = e.user) == null ? void 0 : t.username
2912
2913
  }));
2913
2914
  let r = e.body.next;
2914
2915
  r || (r = this.prefix + "selectuser");
@@ -2918,7 +2919,7 @@ class Ge {
2918
2919
  return e.body.userid && (s = (await this.sessionServer.userStorage.getUserById(e.body.userid)).user), await this.updateClient(
2919
2920
  e,
2920
2921
  o,
2921
- (t, a, h) => t.view(this.updateClientPage, {
2922
+ (i, a, h) => i.view(this.updateClientPage, {
2922
2923
  message: "Updated client",
2923
2924
  client: a,
2924
2925
  csrfToken: e.csrfToken,
@@ -2932,15 +2933,15 @@ class Ge {
2932
2933
  ...e.body
2933
2934
  })
2934
2935
  );
2935
- } catch (t) {
2936
- const a = l.asCrossauthError(t);
2936
+ } catch (i) {
2937
+ const a = l.asCrossauthError(i);
2937
2938
  return d.logger.error(c({
2938
2939
  msg: "Failed updating OAuth client",
2939
2940
  user: (n = e.user) == null ? void 0 : n.username,
2940
2941
  errorCodeName: a.codeName,
2941
2942
  errorCode: a.code
2942
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2943
- const v = l.asCrossauthError(t).httpStatus;
2943
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2944
+ const v = l.asCrossauthError(i).httpStatus;
2944
2945
  let m = {};
2945
2946
  for (let w of this.validFlows)
2946
2947
  w in e.body && (m[w] = !0);
@@ -2983,22 +2984,22 @@ class Ge {
2983
2984
  return e.body.userid && await this.sessionServer.userStorage.getUserById(e.body.userid), await this.updateClient(
2984
2985
  e,
2985
2986
  o,
2986
- (i, n, t) => i.header(...D).send({
2987
+ (t, n, i) => t.header(...D).send({
2987
2988
  ok: !0,
2988
2989
  client: n,
2989
2990
  csrfToken: e.csrfToken,
2990
- newSecret: t
2991
+ newSecret: i
2991
2992
  })
2992
2993
  );
2993
- } catch (i) {
2994
- const n = l.asCrossauthError(i);
2994
+ } catch (t) {
2995
+ const n = l.asCrossauthError(t);
2995
2996
  return d.logger.error(c({
2996
2997
  msg: "Failed updating OAuth client",
2997
2998
  user: (s = e.user) == null ? void 0 : s.username,
2998
2999
  errorCodeName: n.codeName,
2999
3000
  errorCode: n.code
3000
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
3001
- t.status(this.sessionServer.errorStatus(i)).header(...D).send({
3001
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
3002
+ i.status(this.sessionServer.errorStatus(t)).header(...D).send({
3002
3003
  ok: !1,
3003
3004
  errorMessage: a.message,
3004
3005
  errorMessages: a.messages,
@@ -3033,28 +3034,28 @@ class Ge {
3033
3034
  "You may not delete this client"
3034
3035
  );
3035
3036
  } catch (n) {
3036
- const t = l.asCrossauthError(n);
3037
- return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
3038
- errorMessage: t.message,
3039
- errorMessages: t.messages,
3040
- errorCode: t.code,
3041
- errorCodeName: g[t.code]
3037
+ const i = l.asCrossauthError(n);
3038
+ return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
3039
+ errorMessage: i.message,
3040
+ errorMessages: i.messages,
3041
+ errorCode: i.code,
3042
+ errorCodeName: g[i.code]
3042
3043
  });
3043
3044
  }
3044
3045
  const s = e.query.next ?? "/";
3045
- let i = {
3046
+ let t = {
3046
3047
  urlPrefix: this.prefix,
3047
3048
  csrfToken: e.csrfToken,
3048
3049
  backUrl: this.prefix + "selectclient",
3049
3050
  client: r,
3050
3051
  next: s
3051
3052
  };
3052
- return o.view(this.deleteClientPage, i);
3053
+ return o.view(this.deleteClientPage, t);
3053
3054
  }
3054
3055
  ), this.sessionServer.app.post(
3055
3056
  this.prefix + "deleteclient/:client_id",
3056
3057
  async (e, o) => {
3057
- var s, i;
3058
+ var s, t;
3058
3059
  if (d.logger.info(c({
3059
3060
  msg: "Page visit",
3060
3061
  method: "POST",
@@ -3078,12 +3079,12 @@ class Ge {
3078
3079
  e.user
3079
3080
  );
3080
3081
  } catch (n) {
3081
- const t = l.asCrossauthError(n);
3082
+ const i = l.asCrossauthError(n);
3082
3083
  return d.logger.error(c({
3083
3084
  msg: "Failed deleting OAuth client",
3084
- user: (i = e.user) == null ? void 0 : i.username,
3085
- errorCodeName: t.codeName,
3086
- errorCode: t.code
3085
+ user: (t = e.user) == null ? void 0 : t.username,
3086
+ errorCodeName: i.codeName,
3087
+ errorCode: i.code
3087
3088
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
3088
3089
  const p = l.asCrossauthError(n).httpStatus;
3089
3090
  return a.status(p).view(this.deleteClientPage, {
@@ -3122,21 +3123,21 @@ class Ge {
3122
3123
  return await this.deleteClient(
3123
3124
  e,
3124
3125
  o,
3125
- (i) => i.header(...D).send({
3126
+ (t) => t.header(...D).send({
3126
3127
  ok: !0,
3127
3128
  client_id: e.params.client_id
3128
3129
  }),
3129
3130
  e.user
3130
3131
  );
3131
- } catch (i) {
3132
- const n = l.asCrossauthError(i);
3132
+ } catch (t) {
3133
+ const n = l.asCrossauthError(t);
3133
3134
  d.logger.error(c({
3134
3135
  msg: "Delete client failure",
3135
3136
  user: (s = e.user) == null ? void 0 : s.username,
3136
3137
  errorCodeName: n.codeName,
3137
3138
  errorCode: n.code
3138
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
3139
- t.status(this.sessionServer.errorStatus(i)).header(...D).send({
3139
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
3140
+ i.status(this.sessionServer.errorStatus(t)).header(...D).send({
3140
3141
  ok: !1,
3141
3142
  errorMessage: a.message,
3142
3143
  errorMessages: a.messages,
@@ -3154,9 +3155,9 @@ class Ge {
3154
3155
  throw new l(g.InvalidCsrf);
3155
3156
  if (!e.user)
3156
3157
  throw new l(g.InsufficientPriviledges);
3157
- const i = e.body.confidential == "true", n = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3158
+ const t = e.body.confidential == "true", n = e.body.client_name, i = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3158
3159
  let a = [];
3159
- for (let p of t)
3160
+ for (let p of i)
3160
3161
  try {
3161
3162
  L.validateUri(p);
3162
3163
  } catch (v) {
@@ -3171,9 +3172,9 @@ class Ge {
3171
3172
  e.body[E.AuthorizationCode] && h.push(E.AuthorizationCode), e.body[E.AuthorizationCodeWithPKCE] && h.push(E.AuthorizationCodeWithPKCE), e.body[E.ClientCredentials] && h.push(E.ClientCredentials), e.body[E.RefreshToken] && h.push(E.RefreshToken), e.body[E.DeviceCode] && h.push(E.DeviceCode), e.body[E.Password] && h.push(E.Password), e.body[E.PasswordMfa] && h.push(E.PasswordMfa), e.body[E.OidcAuthorizationCode] && h.push(E.OidcAuthorizationCode);
3172
3173
  const f = await this.clientManager.createClient(
3173
3174
  n,
3174
- t,
3175
- h,
3176
3175
  i,
3176
+ h,
3177
+ t,
3177
3178
  s == null ? void 0 : s.id
3178
3179
  );
3179
3180
  return r(o, f);
@@ -3184,26 +3185,26 @@ class Ge {
3184
3185
  if (!e.user)
3185
3186
  throw new l(g.InsufficientPriviledges);
3186
3187
  const s = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3187
- let i = [];
3188
+ let t = [];
3188
3189
  for (let p of s)
3189
3190
  try {
3190
3191
  L.validateUri(p);
3191
3192
  } catch (v) {
3192
- d.logger.error(c({ err: v })), i.push("[" + p + "]");
3193
+ d.logger.error(c({ err: v })), t.push("[" + p + "]");
3193
3194
  }
3194
- if (i.length > 0)
3195
+ if (t.length > 0)
3195
3196
  throw new l(
3196
3197
  g.BadRequest,
3197
- "The following redirect URIs are invalid: " + i.join(" ")
3198
+ "The following redirect URIs are invalid: " + t.join(" ")
3198
3199
  );
3199
3200
  let n = [];
3200
3201
  for (let p of this.validFlows)
3201
3202
  p in e.body && n.push(p);
3202
- const t = {};
3203
- t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = n, t.redirect_uri = s, t.userid = e.user.id;
3203
+ const i = {};
3204
+ i.client_name = e.body.client_name, i.confidential = e.body.confidential == "true", i.valid_flow = n, i.redirect_uri = s, i.userid = e.user.id;
3204
3205
  const a = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
3205
3206
  e.params.client_id,
3206
- t,
3207
+ i,
3207
3208
  a
3208
3209
  );
3209
3210
  return r(o, h, f);
@@ -3327,23 +3328,23 @@ function Ve(S) {
3327
3328
  let e = [];
3328
3329
  return S.username == null ? e.push("Username must be given") : S.username.length < 2 ? e.push("Username must be at least 2 characters") : S.username.length > 254 && e.push("Username must be no longer than 254 characters"), e;
3329
3330
  }
3330
- function We(S, e) {
3331
- let r = {
3331
+ function We(S, e, o) {
3332
+ let s = {
3332
3333
  username: S.body.username,
3333
3334
  state: "active"
3334
3335
  };
3335
- const s = S.user && b.isAdmin(S.user);
3336
- for (let i in S.body) {
3337
- let n = i.replace(/^user_/, "");
3338
- i.startsWith("user_") && (s || e.includes(n)) && (r[n] = S.body[i]);
3336
+ const t = S.user && b.isAdmin(S.user);
3337
+ for (let n in S.body) {
3338
+ let i = n.replace(/^user_/, "");
3339
+ n.startsWith("user_") && (t || e.includes(i)) && (s[i] = S.body[n]);
3339
3340
  }
3340
- return r.factor1 = "localpassword", r.factor2 = S.body.factor2, r;
3341
+ return s.factor1 = "localpassword", o.includes(s.factor1) && (s.factor1 = S.body.factor1), s.factor2 = S.body.factor2, s;
3341
3342
  }
3342
3343
  function Je(S, e, o) {
3343
3344
  const r = e.user && b.isAdmin(e.user);
3344
3345
  for (let s in e.body) {
3345
- let i = s.replace(/^user_/, "");
3346
- s.startsWith("user_") && (r || o.includes(i)) && (S[i] = e.body[s]);
3346
+ let t = s.replace(/^user_/, "");
3347
+ s.startsWith("user_") && (r || o.includes(t)) && (S[t] = e.body[s]);
3347
3348
  }
3348
3349
  return S;
3349
3350
  }
@@ -3460,24 +3461,26 @@ class Ke {
3460
3461
  ]);
3461
3462
  u(this, "editUserScope");
3462
3463
  u(this, "enableCsrfProtection", !0);
3463
- this.app = e, this.userEndpoints = new De(this, s), this.adminEndpoints = new He(this, s), C("prefix", k.String, this, s, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), this.prefix.startsWith("/") || "" + this.prefix, this.loginUrl = this.prefix + "login", C("signupPage", k.String, this, s, "SIGNUP_PAGE"), C("loginPage", k.String, this, s, "LOGIN_PAGE"), C("factor2Page", k.String, this, s, "FACTOR2_PAGE"), C("configureFactor2Page", k.String, this, s, "SIGNUP_FACTOR2_PAGE"), C("errorPage", k.String, this, s, "ERROR_PAGE"), C("emailFrom", k.String, this, s, "EMAIL_FROM"), C("allowedFactor2", k.JsonArray, this, s, "ALLOWED_FACTOR2"), C("enableEmailVerification", k.Boolean, this, s, "ENABLE_EMAIL_VERIFICATION"), C("enablePasswordReset", k.Boolean, this, s, "ENABLE_PASSWORD_RESET"), C("factor2ProtectedPageEndpoints", k.JsonArray, this, s, "FACTOR2_PROTECTED_PAGE_ENDPOINTS"), C("factor2ProtectedApiEndpoints", k.JsonArray, this, s, "FACTOR2_PROTECTED_API_ENDPOINTS"), C("enableAdminEndpoints", k.Boolean, this, s, "ENABLE_ADMIN_ENDPOINTS"), C("enableOAuthClientManagement", k.Boolean, this, s, "ENABLE_OAUTH_CLIENT_MANAGEMENT"), C("editUserScope", k.String, this, s, "EDIT_USER_SCOPE"), s.validateUserFn && (this.validateUserFn = s.validateUserFn), s.createUserFn && (this.createUserFn = s.createUserFn), s.updateUserFn && (this.updateUserFn = s.updateUserFn), s.addToSession && (this.addToSession = s.addToSession), s.validateSession && (this.validateSession = s.validateSession), this.endpoints = [...he, ...le], this.endpoints = [...this.endpoints, ...re, ...ie], this.enableAdminEndpoints && (this.endpoints = [...this.endpoints, ...se, ...te]), this.enableOAuthClientManagement && (this.endpoints = [...this.endpoints, ...Z, ...ee, ...Q, ...q]), this.enableEmailVerification && (this.endpoints = [...this.endpoints, ...ae, ...ne]), this.enablePasswordReset && (this.endpoints = [...this.endpoints, ...de, ...ce]), s.endpoints && (C("endpoints", k.JsonArray, this, s, "SESSION_ENDPOINTS"), this.endpoints.length == 1 && this.endpoints[0] == "all" && (this.endpoints = je), this.endpoints.length == 1 && this.endpoints[0] == "allMinusOAuth" && (this.endpoints = Be)), this.allowedFactor2.length > 0 && (this.endpoints = [...this.endpoints, ...ge, ...oe]);
3464
- let i = !1;
3465
- for (let t of this.endpoints)
3466
- if (q.includes(t) || Q.includes(t)) {
3467
- i = !0;
3464
+ u(this, "userAllowedFactor1", ["localpassword"]);
3465
+ u(this, "adminAllowedFactor1", ["localpassword"]);
3466
+ this.app = e, this.userEndpoints = new De(this, s), this.adminEndpoints = new He(this, s), C("prefix", k.String, this, s, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), this.prefix.startsWith("/") || "" + this.prefix, this.loginUrl = this.prefix + "login", C("signupPage", k.String, this, s, "SIGNUP_PAGE"), C("loginPage", k.String, this, s, "LOGIN_PAGE"), C("factor2Page", k.String, this, s, "FACTOR2_PAGE"), C("configureFactor2Page", k.String, this, s, "SIGNUP_FACTOR2_PAGE"), C("errorPage", k.String, this, s, "ERROR_PAGE"), C("emailFrom", k.String, this, s, "EMAIL_FROM"), C("allowedFactor2", k.JsonArray, this, s, "ALLOWED_FACTOR2"), C("enableEmailVerification", k.Boolean, this, s, "ENABLE_EMAIL_VERIFICATION"), C("enablePasswordReset", k.Boolean, this, s, "ENABLE_PASSWORD_RESET"), C("factor2ProtectedPageEndpoints", k.JsonArray, this, s, "FACTOR2_PROTECTED_PAGE_ENDPOINTS"), C("factor2ProtectedApiEndpoints", k.JsonArray, this, s, "FACTOR2_PROTECTED_API_ENDPOINTS"), C("enableAdminEndpoints", k.Boolean, this, s, "ENABLE_ADMIN_ENDPOINTS"), C("enableOAuthClientManagement", k.Boolean, this, s, "ENABLE_OAUTH_CLIENT_MANAGEMENT"), C("editUserScope", k.String, this, s, "EDIT_USER_SCOPE"), C("userAllowedFactor1", k.JsonArray, this, s, "USER_ALLOWED_FACTOR1"), C("adminAllowedFactor1", k.JsonArray, this, s, "ADMIN_ALLOWED_FACTOR1"), s.validateUserFn && (this.validateUserFn = s.validateUserFn), s.createUserFn && (this.createUserFn = s.createUserFn), s.updateUserFn && (this.updateUserFn = s.updateUserFn), s.addToSession && (this.addToSession = s.addToSession), s.validateSession && (this.validateSession = s.validateSession), this.endpoints = [...he, ...le], this.endpoints = [...this.endpoints, ...re, ...ie], this.enableAdminEndpoints && (this.endpoints = [...this.endpoints, ...se, ...te]), this.enableOAuthClientManagement && (this.endpoints = [...this.endpoints, ...Z, ...ee, ...Q, ...q]), this.enableEmailVerification && (this.endpoints = [...this.endpoints, ...ae, ...ne]), this.enablePasswordReset && (this.endpoints = [...this.endpoints, ...de, ...ce]), s.endpoints && (C("endpoints", k.JsonArray, this, s, "SESSION_ENDPOINTS"), this.endpoints.length == 1 && this.endpoints[0] == "all" && (this.endpoints = je), this.endpoints.length == 1 && this.endpoints[0] == "allMinusOAuth" && (this.endpoints = Be)), this.allowedFactor2.length > 0 && (this.endpoints = [...this.endpoints, ...ge, ...oe]);
3467
+ let t = !1;
3468
+ for (let i of this.endpoints)
3469
+ if (q.includes(i) || Q.includes(i)) {
3470
+ t = !0;
3468
3471
  break;
3469
3472
  }
3470
- i && (this.adminClientEndpoints = new Le(this, s));
3473
+ t && (this.adminClientEndpoints = new Le(this, s));
3471
3474
  let n = !1;
3472
- for (let t of this.endpoints)
3473
- if (ee.includes(t) || Z.includes(t)) {
3475
+ for (let i of this.endpoints)
3476
+ if (ee.includes(i) || Z.includes(i)) {
3474
3477
  n = !0;
3475
3478
  break;
3476
3479
  }
3477
- n && (this.userClientEndpoints = new Ge(this, s)), this.addEndpoints(), C("endpoints", k.JsonArray, this, s, "ENDPOINTS"), s.userStorage && (this.userStorage = s.userStorage), this.authenticators = r, this.sessionManager = new Ae(o, r, s), e.addHook("preHandler", async (t, a) => {
3480
+ n && (this.userClientEndpoints = new Ge(this, s)), this.addEndpoints(), C("endpoints", k.JsonArray, this, s, "ENDPOINTS"), s.userStorage && (this.userStorage = s.userStorage), this.authenticators = r, this.sessionManager = new Ae(o, r, s), e.addHook("preHandler", async (i, a) => {
3478
3481
  var v, m;
3479
3482
  d.logger.debug(c({ msg: "Getting session cookie" }));
3480
- let h = this.getSessionCookieValue(t), f = {};
3483
+ let h = this.getSessionCookieValue(i), f = {};
3481
3484
  if (h)
3482
3485
  try {
3483
3486
  f.hashedSessionId = F.hash(this.sessionManager.getSessionId(h));
@@ -3487,68 +3490,68 @@ class Ke {
3487
3490
  d.logger.debug(c({ msg: "Getting csrf cookie" }));
3488
3491
  let p;
3489
3492
  try {
3490
- p = this.getCsrfCookieValue(t), p && this.sessionManager.validateCsrfCookie(p);
3493
+ p = this.getCsrfCookieValue(i), p && this.sessionManager.validateCsrfCookie(p);
3491
3494
  } catch (w) {
3492
- d.logger.warn(c({ msg: "Invalid csrf cookie received", cerr: w, hashedCsrfCookie: this.getHashOfCsrfCookie(t) })), a.clearCookie(this.sessionManager.csrfCookieName), p = void 0;
3495
+ d.logger.warn(c({ msg: "Invalid csrf cookie received", cerr: w, hashedCsrfCookie: this.getHashOfCsrfCookie(i) })), a.clearCookie(this.sessionManager.csrfCookieName), p = void 0;
3493
3496
  }
3494
- if (["GET", "OPTIONS", "HEAD"].includes(t.method))
3497
+ if (["GET", "OPTIONS", "HEAD"].includes(i.method))
3495
3498
  try {
3496
3499
  if (p) {
3497
3500
  d.logger.debug(c({ msg: "Valid CSRF cookie - creating token" }));
3498
3501
  const w = await this.sessionManager.createCsrfFormOrHeaderValue(p);
3499
- t.csrfToken = w;
3502
+ i.csrfToken = w;
3500
3503
  } else {
3501
3504
  d.logger.debug(c({ msg: "Invalid CSRF cookie - recreating" }));
3502
3505
  const { csrfCookie: w, csrfFormOrHeaderValue: P } = await this.sessionManager.createCsrfToken();
3503
- a.setCookie(w.name, w.value, w.options), t.csrfToken = P;
3506
+ a.setCookie(w.name, w.value, w.options), i.csrfToken = P;
3504
3507
  }
3505
- a.header(this.sessionManager.csrfHeaderName, t.csrfToken);
3508
+ a.header(this.sessionManager.csrfHeaderName, i.csrfToken);
3506
3509
  } catch (w) {
3507
3510
  d.logger.error(c({
3508
3511
  msg: "Couldn't create CSRF token",
3509
3512
  cerr: w,
3510
- user: (v = t.user) == null ? void 0 : v.username,
3513
+ user: (v = i.user) == null ? void 0 : v.username,
3511
3514
  ...f
3512
3515
  })), d.logger.debug(c({ err: w })), a.clearCookie(this.sessionManager.csrfCookieName);
3513
3516
  }
3514
3517
  else if (p)
3515
3518
  try {
3516
- this.csrfToken(t, a);
3519
+ this.csrfToken(i, a);
3517
3520
  } catch (w) {
3518
3521
  d.logger.error(c({
3519
3522
  msg: "Couldn't create CSRF token",
3520
3523
  cerr: w,
3521
- user: (m = t.user) == null ? void 0 : m.username,
3524
+ user: (m = i.user) == null ? void 0 : m.username,
3522
3525
  ...f
3523
3526
  })), d.logger.debug(c({ err: w }));
3524
3527
  }
3525
- if (h = this.getSessionCookieValue(t), h)
3528
+ if (h = this.getSessionCookieValue(i), h)
3526
3529
  try {
3527
3530
  const w = this.sessionManager.getSessionId(h);
3528
3531
  let { key: P, user: T } = await this.sessionManager.userForSessionId(w);
3529
3532
  this.validateSession && this.validateSession(
3530
3533
  P,
3531
3534
  T,
3532
- t
3533
- ), t.sessionId = w, t.user = T, t.authType = "cookie", d.logger.debug(c({
3535
+ i
3536
+ ), i.sessionId = w, i.user = T, i.authType = "cookie", d.logger.debug(c({
3534
3537
  msg: "Valid session id",
3535
3538
  user: T == null ? void 0 : T.username
3536
3539
  }));
3537
3540
  } catch {
3538
3541
  d.logger.warn(c({
3539
3542
  msg: "Invalid session cookie received",
3540
- hashOfSessionId: this.getHashOfSessionId(t)
3543
+ hashOfSessionId: this.getHashOfSessionId(i)
3541
3544
  })), a.clearCookie(this.sessionManager.sessionCookieName);
3542
3545
  }
3543
3546
  }), e.addHook(
3544
3547
  "preHandler",
3545
- async (t, a) => {
3548
+ async (i, a) => {
3546
3549
  var f, p, v;
3547
- const h = this.getSessionCookieValue(t);
3548
- if (h && ((f = t.user) != null && f.factor2) && (this.factor2ProtectedPageEndpoints.includes(t.url) || this.factor2ProtectedApiEndpoints.includes(t.url))) {
3550
+ const h = this.getSessionCookieValue(i);
3551
+ if (h && ((f = i.user) != null && f.factor2) && (this.factor2ProtectedPageEndpoints.includes(i.url) || this.factor2ProtectedApiEndpoints.includes(i.url))) {
3549
3552
  const m = this.sessionManager.getSessionId(h);
3550
- if (["GET", "OPTIONS", "HEAD"].includes(t.method)) {
3551
- const w = this.getSessionCookieValue(t);
3553
+ if (["GET", "OPTIONS", "HEAD"].includes(i.method)) {
3554
+ const w = this.getSessionCookieValue(i);
3552
3555
  if (w) {
3553
3556
  const P = this.sessionManager.getSessionId(w);
3554
3557
  if ("pre2fa" in await this.sessionManager.dataForSessionId(P)) {
@@ -3556,7 +3559,7 @@ class Ke {
3556
3559
  try {
3557
3560
  await this.sessionManager.cancelTwoFactorPageVisit(P);
3558
3561
  } catch (N) {
3559
- d.logger.debug(c({ err: N })), d.logger.error(c({ msg: "Failed cancelling 2FA", cerr: N, user: (v = t.user) == null ? void 0 : v.username, hashOfSessionId: this.getHashOfSessionId(t) }));
3562
+ d.logger.debug(c({ err: N })), d.logger.error(c({ msg: "Failed cancelling 2FA", cerr: N, user: (v = i.user) == null ? void 0 : v.username, hashOfSessionId: this.getHashOfSessionId(i) }));
3560
3563
  }
3561
3564
  }
3562
3565
  }
@@ -3566,8 +3569,8 @@ class Ke {
3566
3569
  d.logger.debug("Completing 2FA");
3567
3570
  const T = [...this.authenticators[w.pre2fa.factor2].transientSecretNames()];
3568
3571
  let N = {};
3569
- for (let M in t.body)
3570
- T.includes(M) && (N[M] = t.body[M]);
3572
+ for (let M in i.body)
3573
+ T.includes(M) && (N[M] = i.body[M]);
3571
3574
  let y;
3572
3575
  try {
3573
3576
  await this.sessionManager.completeTwoFactorPageVisit(N, m);
@@ -3577,28 +3580,28 @@ class Ke {
3577
3580
  d.logger.error(c({
3578
3581
  msg: y.message,
3579
3582
  cerr: M,
3580
- user: t.body.username,
3583
+ user: i.body.username,
3581
3584
  errorCode: I.code,
3582
3585
  errorCodeName: I.codeName
3583
3586
  }));
3584
3587
  }
3585
- if (t.body = w.pre2fa.body, y)
3588
+ if (i.body = w.pre2fa.body, y)
3586
3589
  if (y.code == g.Expired) {
3587
3590
  d.logger.debug("Error - cancelling 2FA");
3588
3591
  try {
3589
3592
  await this.sessionManager.cancelTwoFactorPageVisit(m);
3590
3593
  } catch (M) {
3591
- d.logger.error(c({ msg: "Failed cancelling 2FA", cerr: M, user: (p = t.user) == null ? void 0 : p.username, hashOfSessionId: this.getHashOfSessionId(t) })), d.logger.debug(c({ err: M }));
3594
+ d.logger.error(c({ msg: "Failed cancelling 2FA", cerr: M, user: (p = i.user) == null ? void 0 : p.username, hashOfSessionId: this.getHashOfSessionId(i) })), d.logger.debug(c({ err: M }));
3592
3595
  }
3593
- t.body = {
3594
- ...t.body,
3596
+ i.body = {
3597
+ ...i.body,
3595
3598
  errorMessage: y.message,
3596
3599
  errorMessages: y.message,
3597
3600
  errorCode: "" + y.code,
3598
3601
  errorCodeName: g[y.code]
3599
3602
  };
3600
3603
  } else
3601
- return this.factor2ProtectedPageEndpoints.includes(t.url) ? a.redirect(this.prefix + "factor2?error=" + g[y.code]) : a.status(y.httpStatus).send(JSON.stringify({
3604
+ return this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2?error=" + g[y.code]) : a.status(y.httpStatus).send(JSON.stringify({
3602
3605
  ok: !1,
3603
3606
  errorMessage: y.message,
3604
3607
  errorMessages: y.messages,
@@ -3606,7 +3609,7 @@ class Ke {
3606
3609
  errorCodeName: g[y.code]
3607
3610
  }));
3608
3611
  } else
3609
- return this.validateCsrfToken(t), d.logger.debug("Starting 2FA"), this.sessionManager.initiateTwoFactorPageVisit(t.user, m, t.body, t.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(t.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3612
+ return this.validateCsrfToken(i), d.logger.debug("Starting 2FA"), this.sessionManager.initiateTwoFactorPageVisit(i.user, m, i.body, i.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3610
3613
  ok: !0,
3611
3614
  factor2Required: !0
3612
3615
  }));
@@ -3673,13 +3676,13 @@ class Ke {
3673
3676
  return await this.login(
3674
3677
  e,
3675
3678
  o,
3676
- (s, i) => {
3677
- if (i.state == O.passwordChangeNeeded) {
3679
+ (s, t) => {
3680
+ if (t.state == O.passwordChangeNeeded) {
3678
3681
  if (this.endpoints.includes("changepassword"))
3679
3682
  return d.logger.debug(c({ msg: "Password change needed - sending redirect" })), s.redirect("/changepassword?required=true&next=" + encodeURIComponent("login?next=" + r));
3680
3683
  {
3681
3684
  const n = new l(g.PasswordChangeNeeded);
3682
- return this.handleError(n, e, s, (t, a) => t.view(this.loginPage, {
3685
+ return this.handleError(n, e, s, (i, a) => i.view(this.loginPage, {
3683
3686
  errorMessage: a.message,
3684
3687
  errorMessages: a.messages,
3685
3688
  errorCode: a.code,
@@ -3691,10 +3694,10 @@ class Ke {
3691
3694
  urlPrefix: this.prefix
3692
3695
  }));
3693
3696
  }
3694
- } else if (i.state == O.passwordResetNeeded || i.state == O.passwordAndFactor2ResetNeeded) {
3697
+ } else if (t.state == O.passwordResetNeeded || t.state == O.passwordAndFactor2ResetNeeded) {
3695
3698
  d.logger.debug(c({ msg: "Password reset needed - sending error" }));
3696
3699
  const n = new l(g.PasswordResetNeeded);
3697
- return this.handleError(n, e, s, (t, a) => t.view(this.loginPage, {
3700
+ return this.handleError(n, e, s, (i, a) => i.view(this.loginPage, {
3698
3701
  errorMessage: a.message,
3699
3702
  errorMessages: a.messages,
3700
3703
  errorCode: a.code,
@@ -3705,15 +3708,15 @@ class Ke {
3705
3708
  csrfToken: e.csrfToken,
3706
3709
  urlPrefix: this.prefix
3707
3710
  }));
3708
- } else if (this.allowedFactor2.length > 0 && (i.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(i.factor2 ? i.factor2 : "none"))) {
3711
+ } else if (this.allowedFactor2.length > 0 && (t.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(t.factor2 ? t.factor2 : "none"))) {
3709
3712
  if (d.logger.debug(c({
3710
- msg: `Factor2 reset needed. Factor2 is ${i.factor2}, state is ${i.state}, allowed factor2 is [${this.allowedFactor2.join(", ")}]`,
3711
- username: i.username
3713
+ msg: `Factor2 reset needed. Factor2 is ${t.factor2}, state is ${t.state}, allowed factor2 is [${this.allowedFactor2.join(", ")}]`,
3714
+ username: t.username
3712
3715
  })), this.endpoints.includes("changefactor2"))
3713
3716
  return d.logger.debug(c({ msg: "Factor 2 reset needed - sending redirect" })), s.redirect("/changefactor2?required=true&next=" + encodeURIComponent("login?next=" + r));
3714
3717
  {
3715
3718
  const n = new l(g.Factor2ResetNeeded);
3716
- return this.handleError(n, e, s, (t, a) => t.view(this.loginPage, {
3719
+ return this.handleError(n, e, s, (i, a) => i.view(this.loginPage, {
3717
3720
  errorMessage: a.message,
3718
3721
  errorMessages: a.messages,
3719
3722
  errorCode: a.code,
@@ -3726,7 +3729,7 @@ class Ke {
3726
3729
  }));
3727
3730
  }
3728
3731
  } else {
3729
- if (!i.factor2 || i.factor2.length == 0)
3732
+ if (!t.factor2 || t.factor2.length == 0)
3730
3733
  return d.logger.debug(c({ msg: "Successful login - sending redirect" })), s.redirect(r);
3731
3734
  {
3732
3735
  let n = {
@@ -3734,7 +3737,7 @@ class Ke {
3734
3737
  next: e.body.next ?? this.loginRedirect,
3735
3738
  persist: e.body.persist ? "on" : "",
3736
3739
  urlPrefix: this.prefix,
3737
- factor2: i.factor2,
3740
+ factor2: t.factor2,
3738
3741
  action: "loginfactor2"
3739
3742
  };
3740
3743
  return s.view(this.factor2Page, n);
@@ -3743,7 +3746,7 @@ class Ke {
3743
3746
  }
3744
3747
  );
3745
3748
  } catch (s) {
3746
- return d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, n) => i.view(this.loginPage, {
3749
+ return d.logger.debug(c({ err: s })), this.handleError(s, e, o, (t, n) => t.view(this.loginPage, {
3747
3750
  errorMessage: n.message,
3748
3751
  errorMessages: n.messages,
3749
3752
  errorCode: n.code,
@@ -3768,33 +3771,33 @@ class Ke {
3768
3771
  return d.logger.debug(c({ msg: "Next page " + r })), await this.loginFactor2(
3769
3772
  e,
3770
3773
  o,
3771
- (s, i) => (d.logger.debug(c({ msg: "Successful login - sending redirect to" })), s.redirect(r))
3774
+ (s, t) => (d.logger.debug(c({ msg: "Successful login - sending redirect to" })), s.redirect(r))
3772
3775
  );
3773
3776
  } catch (s) {
3774
3777
  d.logger.debug(c({ err: s }));
3775
- let i;
3778
+ let t;
3776
3779
  try {
3777
3780
  const n = e.sessionId ? await this.sessionManager.dataForSessionId(e.sessionId) : void 0;
3778
- i = n == null ? void 0 : n.factor2;
3781
+ t = n == null ? void 0 : n.factor2;
3779
3782
  } catch (n) {
3780
3783
  d.logger.error(c({ err: n }));
3781
3784
  }
3782
- return i && i in this.authenticators ? this.handleError(s, e, o, (n, t) => n.view(this.factor2Page, {
3783
- errorMessage: t.message,
3784
- errorMessages: t.messages,
3785
- errorCode: t.code,
3786
- errorCodeName: g[t.code],
3785
+ return t && t in this.authenticators ? this.handleError(s, e, o, (n, i) => n.view(this.factor2Page, {
3786
+ errorMessage: i.message,
3787
+ errorMessages: i.messages,
3788
+ errorCode: i.code,
3789
+ errorCodeName: g[i.code],
3787
3790
  next: e.body.next,
3788
3791
  persist: e.body.persist ? "on" : "",
3789
3792
  csrfToken: e.csrfToken,
3790
3793
  urlPrefix: this.prefix,
3791
- factor2: i,
3794
+ factor2: t,
3792
3795
  action: "loginfactor2"
3793
- })) : this.handleError(s, e, o, (n, t) => n.view(this.loginPage, {
3794
- errorMessage: t.message,
3795
- errorMessages: t.messages,
3796
- errorCode: t.code,
3797
- errorCodeName: g[t.code],
3796
+ })) : this.handleError(s, e, o, (n, i) => n.view(this.loginPage, {
3797
+ errorMessage: i.message,
3798
+ errorMessages: i.messages,
3799
+ errorCode: i.code,
3800
+ errorCodeName: g[i.code],
3798
3801
  next: e.body.next,
3799
3802
  persist: e.body.persist ? "on" : "",
3800
3803
  csrfToken: e.csrfToken,
@@ -3817,17 +3820,17 @@ class Ke {
3817
3820
  g.Unauthorized,
3818
3821
  "No session cookie present"
3819
3822
  );
3820
- const r = this.getSessionCookieValue(e), s = this.sessionManager.getSessionId(r ?? ""), i = await this.sessionManager.dataForSessionId(s);
3821
- if (!(i != null && i.pre2fa)) throw new l(
3823
+ const r = this.getSessionCookieValue(e), s = this.sessionManager.getSessionId(r ?? ""), t = await this.sessionManager.dataForSessionId(s);
3824
+ if (!(t != null && t.pre2fa)) throw new l(
3822
3825
  g.Unauthorized,
3823
3826
  "2FA not initiated"
3824
3827
  );
3825
3828
  let n = {
3826
3829
  urlPrefix: this.prefix,
3827
3830
  csrfToken: e.csrfToken,
3828
- action: i.pre2fa.url,
3831
+ action: t.pre2fa.url,
3829
3832
  errorCodeName: e.query.error,
3830
- factor2: i.pre2fa.factor2
3833
+ factor2: t.pre2fa.factor2
3831
3834
  };
3832
3835
  return o.view(this.factor2Page, n);
3833
3836
  }
@@ -3865,39 +3868,39 @@ class Ke {
3865
3868
  return d.logger.debug(c({ msg: "Next page " + r })), await this.signup(
3866
3869
  e,
3867
3870
  o,
3868
- (s, i, n) => {
3871
+ (s, t, n) => {
3869
3872
  var a, h;
3870
- const t = (a = i == null ? void 0 : i.userData) != null && a.factor2 ? this.authenticators[i.userData.factor2] : void 0;
3871
- return (h = i.userData) != null && h.factor2 ? s.view(this.configureFactor2Page, {
3872
- csrfToken: i.csrfToken,
3873
- ...i.userData
3874
- }) : this.enableEmailVerification && (t == null || t.skipEmailVerificationOnSignup() != !0) ? s.view(this.signupPage, {
3873
+ const i = (a = t == null ? void 0 : t.userData) != null && a.factor2 ? this.authenticators[t.userData.factor2] : void 0;
3874
+ return (h = t.userData) != null && h.factor2 ? s.view(this.configureFactor2Page, {
3875
+ csrfToken: t.csrfToken,
3876
+ ...t.userData
3877
+ }) : this.enableEmailVerification && (i == null || i.skipEmailVerificationOnSignup() != !0) ? s.view(this.signupPage, {
3875
3878
  next: r,
3876
3879
  csrfToken: e.csrfToken,
3877
3880
  message: "Please check your email to finish signing up.",
3878
3881
  allowedFactor2: this.allowedFactor2Details(),
3879
3882
  urlPrefix: this.prefix,
3880
3883
  factor2: e.body.factor2,
3881
- ...i.userData
3884
+ ...t.userData
3882
3885
  }) : s.redirect(this.loginRedirect);
3883
3886
  }
3884
3887
  );
3885
3888
  } catch (s) {
3886
- const i = l.asCrossauthError(s);
3889
+ const t = l.asCrossauthError(s);
3887
3890
  return d.logger.error(c({
3888
3891
  msg: "Signup failure",
3889
3892
  user: e.body.username,
3890
- errorCodeName: i.codeName,
3891
- errorCode: i.code
3892
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (n, t) => {
3893
+ errorCodeName: t.codeName,
3894
+ errorCode: t.code
3895
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (n, i) => {
3893
3896
  let a = {};
3894
3897
  for (let h in e.body)
3895
3898
  h.startsWith("user_") && (a[h] = e.body[h]);
3896
3899
  return n.view(this.signupPage, {
3897
- errorMessage: t.message,
3898
- errorMessages: t.messages,
3899
- errorCode: t.code,
3900
- errorCodeName: g[t.code],
3900
+ errorMessage: i.message,
3901
+ errorMessages: i.messages,
3902
+ errorCode: i.code,
3903
+ errorCodeName: g[i.code],
3901
3904
  next: r,
3902
3905
  persist: e.body.persist,
3903
3906
  username: e.body.username,
@@ -3928,16 +3931,16 @@ class Ke {
3928
3931
  return await this.logout(
3929
3932
  e,
3930
3933
  o,
3931
- (i) => i.redirect(e.body.next ? e.body.next : this.logoutRedirect)
3934
+ (t) => t.redirect(e.body.next ? e.body.next : this.logoutRedirect)
3932
3935
  );
3933
- } catch (i) {
3934
- const n = l.asCrossauthError(i);
3936
+ } catch (t) {
3937
+ const n = l.asCrossauthError(t);
3935
3938
  return d.logger.error(c({
3936
3939
  msg: "Logout failure",
3937
3940
  user: (s = e.user) == null ? void 0 : s.username,
3938
3941
  errorCodeName: n.codeName,
3939
3942
  errorCode: n.code
3940
- })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, a) => t.view(this.errorPage, {
3943
+ })), d.logger.debug(c({ err: t })), this.handleError(t, e, o, (i, a) => i.view(this.errorPage, {
3941
3944
  urlPrefix: this.prefix,
3942
3945
  errorMessage: a.message,
3943
3946
  errorMessages: a.messages,
@@ -3966,36 +3969,36 @@ class Ke {
3966
3969
  o,
3967
3970
  (r, s) => {
3968
3971
  if (s.state == O.passwordChangeNeeded) {
3969
- const i = new l(g.PasswordChangeNeeded);
3970
- return this.handleError(i, e, r, (n, t) => {
3971
- n.status(this.errorStatus(i)).header(...A).send({
3972
+ const t = new l(g.PasswordChangeNeeded);
3973
+ return this.handleError(t, e, r, (n, i) => {
3974
+ n.status(this.errorStatus(t)).header(...A).send({
3972
3975
  ok: !1,
3973
- errorMessage: t.message,
3974
- errorMessages: t.messages,
3975
- errorCode: t.code,
3976
- errorCodeName: g[t.code]
3976
+ errorMessage: i.message,
3977
+ errorMessages: i.messages,
3978
+ errorCode: i.code,
3979
+ errorCodeName: g[i.code]
3977
3980
  });
3978
3981
  });
3979
3982
  } else if (s.state == O.passwordResetNeeded || s.state == O.passwordAndFactor2ResetNeeded) {
3980
- const i = new l(g.PasswordResetNeeded);
3981
- return this.handleError(i, e, r, (n, t) => {
3982
- n.status(this.errorStatus(i)).header(...A).send({
3983
+ const t = new l(g.PasswordResetNeeded);
3984
+ return this.handleError(t, e, r, (n, i) => {
3985
+ n.status(this.errorStatus(t)).header(...A).send({
3983
3986
  ok: !1,
3984
- errorMessage: t.message,
3985
- errorMessages: t.messages,
3986
- errorCode: t.code,
3987
- errorCodeName: g[t.code]
3987
+ errorMessage: i.message,
3988
+ errorMessages: i.messages,
3989
+ errorCode: i.code,
3990
+ errorCodeName: g[i.code]
3988
3991
  });
3989
3992
  });
3990
3993
  } else if (this.allowedFactor2.length > 0 && (s.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(s.factor2 ? s.factor2 : "none"))) {
3991
- const i = new l(g.Factor2ResetNeeded);
3992
- return this.handleError(i, e, r, (n, t) => {
3993
- n.status(this.errorStatus(i)).header(...A).send({
3994
+ const t = new l(g.Factor2ResetNeeded);
3995
+ return this.handleError(t, e, r, (n, i) => {
3996
+ n.status(this.errorStatus(t)).header(...A).send({
3994
3997
  ok: !1,
3995
- errorMessage: t.message,
3996
- errorMessages: t.messages,
3997
- errorCode: t.code,
3998
- errorCodeName: g[t.code]
3998
+ errorMessage: i.message,
3999
+ errorMessages: i.messages,
4000
+ errorCode: i.code,
4001
+ errorCodeName: g[i.code]
3999
4002
  });
4000
4003
  });
4001
4004
  } else return s.twoFactorRequired ? r.header(...A).send({ ok: !0, twoFactorRequired: !0 }) : r.header(...A).send({ ok: !0, user: s });
@@ -4008,8 +4011,8 @@ class Ke {
4008
4011
  user: e.body.username,
4009
4012
  errorCodeName: s.codeName,
4010
4013
  errorCode: s.code
4011
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, n) => {
4012
- i.status(this.errorStatus(r)).header(...A).send({
4014
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (t, n) => {
4015
+ t.status(this.errorStatus(r)).header(...A).send({
4013
4016
  ok: !1,
4014
4017
  errorMessage: n.message,
4015
4018
  errorMessages: n.messages,
@@ -4038,14 +4041,14 @@ class Ke {
4038
4041
  (r) => r.header(...A).send({ ok: !0 })
4039
4042
  );
4040
4043
  } catch (r) {
4041
- const i = e.user || "", n = l.asCrossauthError(r);
4044
+ const t = e.user || "", n = l.asCrossauthError(r);
4042
4045
  return d.logger.error(c({
4043
4046
  msg: "Login failure",
4044
- user: i,
4047
+ user: t,
4045
4048
  errorCodeName: n.codeName,
4046
4049
  errorCode: n.code
4047
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (t, a) => {
4048
- t.status(this.errorStatus(r)).header(...A).send({
4050
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, a) => {
4051
+ i.status(this.errorStatus(r)).header(...A).send({
4049
4052
  ok: !1,
4050
4053
  errorMessage: a.message,
4051
4054
  errorMessages: a.messages,
@@ -4080,7 +4083,7 @@ class Ke {
4080
4083
  hashOfSessionId: this.getHashOfSessionId(e),
4081
4084
  errorCodeName: s.codeName,
4082
4085
  errorCode: s.code
4083
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, n) => i.status(this.errorStatus(r)).header(...A).send({
4086
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (t, n) => t.status(this.errorStatus(r)).header(...A).send({
4084
4087
  ok: !1,
4085
4088
  errorMessage: n.message,
4086
4089
  errorMessages: n.messages,
@@ -4111,17 +4114,17 @@ class Ke {
4111
4114
  return await this.logout(
4112
4115
  e,
4113
4116
  o,
4114
- (i) => i.header(...A).send({ ok: !0 })
4117
+ (t) => t.header(...A).send({ ok: !0 })
4115
4118
  );
4116
- } catch (i) {
4117
- const n = l.asCrossauthError(i);
4119
+ } catch (t) {
4120
+ const n = l.asCrossauthError(t);
4118
4121
  return d.logger.error(c({
4119
4122
  msg: "Logout failure",
4120
4123
  user: (s = e.user) == null ? void 0 : s.username,
4121
4124
  errorCodeName: n.codeName,
4122
4125
  errorCode: n.code
4123
- })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, a) => {
4124
- t.status(this.errorStatus(i)).header(...A).send({
4126
+ })), d.logger.debug(c({ err: t })), this.handleError(t, e, o, (i, a) => {
4127
+ i.status(this.errorStatus(t)).header(...A).send({
4125
4128
  ok: !1,
4126
4129
  errorMessage: a.message,
4127
4130
  errorMessages: a.messages,
@@ -4148,26 +4151,26 @@ class Ke {
4148
4151
  return await this.signup(
4149
4152
  e,
4150
4153
  o,
4151
- (s, i, n) => s.header(...A).send({
4154
+ (s, t, n) => s.header(...A).send({
4152
4155
  ok: !0,
4153
4156
  user: n,
4154
4157
  emailVerificationNeeded: this.enableEmailVerification ?? !1,
4155
- ...i.userData
4158
+ ...t.userData
4156
4159
  })
4157
4160
  );
4158
4161
  } catch (s) {
4159
- const i = l.asCrossauthError(s);
4162
+ const t = l.asCrossauthError(s);
4160
4163
  d.logger.error(c({
4161
4164
  msg: "Signup failure",
4162
4165
  user: (r = e.user) == null ? void 0 : r.username,
4163
- errorCodeName: i.codeName,
4164
- errorCode: i.code
4165
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (n, t) => {
4166
+ errorCodeName: t.codeName,
4167
+ errorCode: t.code
4168
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (n, i) => {
4166
4169
  n.status(this.errorStatus(s)).header(...A).send({
4167
4170
  ok: !1,
4168
- errorMessage: t.message,
4169
- errorMessages: t.messages,
4170
- errorCode: g[t.code]
4171
+ errorMessage: i.message,
4172
+ errorMessages: i.messages,
4173
+ errorCode: g[i.code]
4171
4174
  });
4172
4175
  });
4173
4176
  }
@@ -4197,24 +4200,24 @@ class Ke {
4197
4200
  "No CSRF token present"
4198
4201
  );
4199
4202
  try {
4200
- let i;
4201
- return e.sessionId && (i = (await this.sessionManager.userForSessionId(e.sessionId)).user), o.header(...A).send({ ok: !0, user: i });
4202
- } catch (i) {
4203
- const n = l.asCrossauthError(i);
4204
- let t = n.message, a = n.code, h = n.codeName;
4203
+ let t;
4204
+ return e.sessionId && (t = (await this.sessionManager.userForSessionId(e.sessionId)).user), o.header(...A).send({ ok: !0, user: t });
4205
+ } catch (t) {
4206
+ const n = l.asCrossauthError(t);
4207
+ let i = n.message, a = n.code, h = n.codeName;
4205
4208
  switch (n.code) {
4206
4209
  case g.UserNotExist:
4207
4210
  case g.PasswordInvalid:
4208
- t = "Invalid username or password", a = g.UsernameOrPasswordInvalid, h = g[a];
4211
+ i = "Invalid username or password", a = g.UsernameOrPasswordInvalid, h = g[a];
4209
4212
  break;
4210
4213
  }
4211
4214
  return d.logger.error(c({
4212
- msg: t,
4215
+ msg: i,
4213
4216
  user: (s = e.user) == null ? void 0 : s.username,
4214
4217
  hashOfSessionId: this.getHashOfSessionId(e),
4215
4218
  errorCodeName: h,
4216
4219
  errorCode: a
4217
- })), d.logger.debug(c({ err: i })), o.status(this.errorStatus(i)).header(...A).send({
4220
+ })), d.logger.debug(c({ err: t })), o.status(this.errorStatus(t)).header(...A).send({
4218
4221
  ok: !1,
4219
4222
  errorCode: a,
4220
4223
  errorCodeName: h
@@ -4240,15 +4243,15 @@ class Ke {
4240
4243
  ok: !0,
4241
4244
  csrfToken: e.csrfToken
4242
4245
  });
4243
- } catch (i) {
4244
- const n = l.asCrossauthError(i);
4246
+ } catch (t) {
4247
+ const n = l.asCrossauthError(t);
4245
4248
  return d.logger.error(c({
4246
4249
  msg: "getcsrftoken failure",
4247
4250
  user: (s = e.user) == null ? void 0 : s.username,
4248
4251
  hashedCsrfCookie: this.getHashOfCsrfCookie(e),
4249
4252
  errorCode: n.code,
4250
4253
  errorCodeName: n.codeName
4251
- })), d.logger.debug(c({ err: i })), o.status(this.errorStatus(i)).header(...A).send({
4254
+ })), d.logger.debug(c({ err: t })), o.status(this.errorStatus(t)).header(...A).send({
4252
4255
  ok: !1,
4253
4256
  errorCode: n.code,
4254
4257
  errorCodeName: n.codeName,
@@ -4265,10 +4268,10 @@ class Ke {
4265
4268
  o,
4266
4269
  e.user
4267
4270
  );
4268
- const s = e.body.username, i = e.body.persist;
4271
+ const s = e.body.username, t = e.body.persist;
4269
4272
  if (!e.csrfToken) throw new l(g.InvalidCsrf);
4270
4273
  const n = this.getSessionCookieValue(e);
4271
- let t = this.addToSession ? this.addToSession(e) : {}, { sessionCookie: a, csrfCookie: h, user: f } = await this.sessionManager.login(s, e.body, t, i);
4274
+ let i = this.addToSession ? this.addToSession(e) : {}, { sessionCookie: a, csrfCookie: h, user: f } = await this.sessionManager.login(s, e.body, i, t);
4272
4275
  if (d.logger.debug(c({
4273
4276
  msg: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
4274
4277
  user: e.body.username
@@ -4297,24 +4300,24 @@ class Ke {
4297
4300
  );
4298
4301
  const s = e.sessionId;
4299
4302
  if (!s) throw new l(g.Unauthorized);
4300
- const i = e.body.persist;
4303
+ const t = e.body.persist;
4301
4304
  if (this.isSessionUser(e) && !e.csrfToken) throw new l(g.InvalidCsrf);
4302
4305
  let n = this.addToSession ? this.addToSession(e) : {};
4303
- const { sessionCookie: t, csrfCookie: a, user: h } = await this.sessionManager.completeTwoFactorLogin(
4306
+ const { sessionCookie: i, csrfCookie: a, user: h } = await this.sessionManager.completeTwoFactorLogin(
4304
4307
  e.body,
4305
4308
  s,
4306
4309
  n,
4307
- i
4310
+ t
4308
4311
  );
4309
4312
  return d.logger.debug(c({
4310
- msg: "Login: set session cookie " + t.name + " opts " + JSON.stringify(t.options),
4313
+ msg: "Login: set session cookie " + i.name + " opts " + JSON.stringify(i.options),
4311
4314
  user: h == null ? void 0 : h.username
4312
4315
  })), o.cookie(
4313
- t.name,
4314
- t.value,
4315
- t.options
4316
+ i.name,
4317
+ i.value,
4318
+ i.options
4316
4319
  ), d.logger.debug(c({
4317
- msg: "Login: set csrf cookie " + a.name + " opts " + JSON.stringify(t.options),
4320
+ msg: "Login: set csrf cookie " + a.name + " opts " + JSON.stringify(i.options),
4318
4321
  user: h == null ? void 0 : h.username
4319
4322
  })), o.cookie(a.name, a.value, a.options), e.csrfToken = await this.sessionManager.createCsrfFormOrHeaderValue(a.value), r(o, h);
4320
4323
  }
@@ -4326,9 +4329,9 @@ class Ke {
4326
4329
  /**
4327
4330
  * This is called after the user has been validated to log the user in
4328
4331
  */
4329
- async loginWithUser(e, o, r, s, i) {
4332
+ async loginWithUser(e, o, r, s, t) {
4330
4333
  const n = this.getSessionCookieValue(r);
4331
- let t = this.addToSession ? this.addToSession(r) : {}, { sessionCookie: a, csrfCookie: h } = await this.sessionManager.login("", {}, t, void 0, e, o);
4334
+ let i = this.addToSession ? this.addToSession(r) : {}, { sessionCookie: a, csrfCookie: h } = await this.sessionManager.login("", {}, i, void 0, e, o);
4332
4335
  if (d.logger.debug(c({
4333
4336
  msg: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
4334
4337
  user: e.username
@@ -4348,19 +4351,19 @@ class Ke {
4348
4351
  hashOfSessionId: this.getHashOfSessionId(r)
4349
4352
  })), d.logger.debug(c({ err: f }));
4350
4353
  }
4351
- return i(s, e);
4354
+ return t(s, e);
4352
4355
  }
4353
4356
  async signup(e, o, r) {
4354
4357
  if (!this.userStorage) throw new l(g.Configuration, "Cannot call signup unless you provide a user stotage");
4355
4358
  if (this.isSessionUser(e) && !e.csrfToken) throw new l(g.InvalidCsrf);
4356
- const s = e.body.username, i = e.body.next;
4359
+ const s = e.body.username, t = e.body.next;
4357
4360
  if (e.body.factor2 || (e.body.factor2 = this.allowedFactor2[0]), e.body.factor2 && !this.allowedFactor2.includes(e.body.factor2 ?? "none"))
4358
4361
  throw new l(
4359
4362
  g.Forbidden,
4360
4363
  "Illegal second factor " + e.body.factor2 + " requested"
4361
4364
  );
4362
4365
  (e.body.factor2 == "none" || e.body.factor2 == "") && (e.body.factor2 = void 0);
4363
- let n = this.createUserFn(e, this.userStorage.userEditableFields), t = this.authenticators[n.factor1].validateSecrets(e.body);
4366
+ let n = this.createUserFn(e, this.userStorage.userEditableFields, this.userAllowedFactor1), i = this.authenticators[n.factor1].validateSecrets(e.body);
4364
4367
  const a = this.authenticators[n.factor1].secretNames();
4365
4368
  let h = {};
4366
4369
  for (let m in e.body)
@@ -4369,7 +4372,7 @@ class Ke {
4369
4372
  a.includes(w) && (h[w] = e.body[m]);
4370
4373
  }
4371
4374
  Object.keys(h).length === 0 && (h = void 0), n.state = "active", e.body.factor2 && e.body.factor2 != "none" ? n.state = "awaitingtwofactor" : this.enableEmailVerification && (n.state = "awaitingemailverification");
4372
- let p = [...this.validateUserFn(n), ...t];
4375
+ let p = [...this.validateUserFn(n), ...i];
4373
4376
  if (p.length > 0)
4374
4377
  throw new l(g.FormEntry, p);
4375
4378
  let v = !1;
@@ -4403,7 +4406,7 @@ class Ke {
4403
4406
  let w = {
4404
4407
  userData: m,
4405
4408
  username: s,
4406
- next: i ?? this.loginRedirect,
4409
+ next: t ?? this.loginRedirect,
4407
4410
  csrfToken: e.csrfToken
4408
4411
  };
4409
4412
  return r(o, w);
@@ -4446,14 +4449,14 @@ class Ke {
4446
4449
  d.logger.debug(c({ msg: "Creating session ID" }));
4447
4450
  let s = this.addToSession ? this.addToSession(e) : {};
4448
4451
  r && (s.data = JSON.stringify(r));
4449
- let { sessionCookie: i, csrfCookie: n, csrfFormOrHeaderValue: t } = await this.sessionManager.createAnonymousSession(s);
4452
+ let { sessionCookie: t, csrfCookie: n, csrfFormOrHeaderValue: i } = await this.sessionManager.createAnonymousSession(s);
4450
4453
  o.cookie(
4451
- i.name,
4452
- i.value,
4453
- i.options
4454
- ), e.csrfToken = t, o.setCookie(n.name, n.value, n.options), e.user = void 0;
4455
- const a = this.sessionManager.getSessionId(i.value);
4456
- return e.sessionId = a, i.value;
4454
+ t.name,
4455
+ t.value,
4456
+ t.options
4457
+ ), e.csrfToken = i, o.setCookie(n.name, n.value, n.options), e.user = void 0;
4458
+ const a = this.sessionManager.getSessionId(t.value);
4459
+ return e.sessionId = a, t.value;
4457
4460
  }
4458
4461
  /**
4459
4462
  * Called by each endpoint on error.
@@ -4469,27 +4472,27 @@ class Ke {
4469
4472
  * incorrect. If false, report that the username or password is
4470
4473
  * incorrect. Default false.
4471
4474
  */
4472
- handleError(e, o, r, s, i = !1) {
4475
+ handleError(e, o, r, s, t = !1) {
4473
4476
  var n;
4474
4477
  try {
4475
- let t = l.asCrossauthError(e);
4476
- if (!i)
4477
- switch (t.code) {
4478
+ let i = l.asCrossauthError(e);
4479
+ if (!t)
4480
+ switch (i.code) {
4478
4481
  case g.UserNotExist:
4479
4482
  case g.PasswordInvalid:
4480
- t = new l(
4483
+ i = new l(
4481
4484
  g.UsernameOrPasswordInvalid,
4482
4485
  "Invalid username or password"
4483
4486
  );
4484
4487
  break;
4485
4488
  }
4486
- return d.logger.debug(c({ err: t })), d.logger.error(c({
4487
- cerr: t,
4489
+ return d.logger.debug(c({ err: i })), d.logger.error(c({
4490
+ cerr: i,
4488
4491
  hashOfSessionId: this.getHashOfSessionId(o),
4489
4492
  user: (n = o.user) == null ? void 0 : n.username
4490
- })), s(r, t);
4491
- } catch (t) {
4492
- return d.logger.error(c({ err: t })), s(r, new l(g.UnknownError));
4493
+ })), s(r, i);
4494
+ } catch (i) {
4495
+ return d.logger.error(c({ err: i })), s(r, new l(g.UnknownError));
4493
4496
  }
4494
4497
  }
4495
4498
  //////////////
@@ -4565,14 +4568,14 @@ class Ke {
4565
4568
  * @returns the Fastiy reply
4566
4569
  */
4567
4570
  csrfToken(e, o) {
4568
- var i;
4571
+ var t;
4569
4572
  let r;
4570
4573
  const s = this.sessionManager.csrfHeaderName;
4571
4574
  if (e.headers && s.toLowerCase() in e.headers) {
4572
4575
  const n = e.headers[s.toLowerCase()];
4573
4576
  Array.isArray(n) ? r = n[0] : r = n;
4574
4577
  }
4575
- if (!r && ((i = e.body) != null && i.csrfToken) && (r = e.body.csrfToken), r)
4578
+ if (!r && ((t = e.body) != null && t.csrfToken) && (r = e.body.csrfToken), r)
4576
4579
  try {
4577
4580
  this.sessionManager.validateDoubleSubmitCsrfToken(
4578
4581
  this.getCsrfCookieValue(e),
@@ -4598,18 +4601,18 @@ class Ke {
4598
4601
  */
4599
4602
  sendJsonError(e, o, r, s) {
4600
4603
  (!r || !s) && (r = "Unknown error");
4601
- const i = s ? l.asCrossauthError(s) : void 0;
4604
+ const t = s ? l.asCrossauthError(s) : void 0;
4602
4605
  return d.logger.warn(c({
4603
4606
  msg: r,
4604
- errorCode: i == null ? void 0 : i.code,
4605
- errorCodeName: i == null ? void 0 : i.codeName,
4607
+ errorCode: t == null ? void 0 : t.code,
4608
+ errorCodeName: t == null ? void 0 : t.codeName,
4606
4609
  httpStatus: o
4607
4610
  })), e.header(...A).status(o).send({
4608
4611
  ok: !1,
4609
4612
  status: o,
4610
4613
  errorMessage: r,
4611
- errorCode: i == null ? void 0 : i.code,
4612
- errorCodeName: i == null ? void 0 : i.codeName
4614
+ errorCode: t == null ? void 0 : t.code,
4615
+ errorCodeName: t == null ? void 0 : t.codeName
4613
4616
  });
4614
4617
  }
4615
4618
  /**
@@ -4736,35 +4739,35 @@ class Ye {
4736
4739
  u(this, "apiKeyManager");
4737
4740
  this.app = e, this.userStorage = o, this.apiKeyManager = new Y(r, s), this.app.addHook(
4738
4741
  "preHandler",
4739
- async (i, n) => {
4740
- if (i.headers.authorization)
4742
+ async (t, n) => {
4743
+ if (t.headers.authorization)
4741
4744
  try {
4742
4745
  d.logger.debug(c({
4743
4746
  msg: "Received authorization header"
4744
4747
  }));
4745
- const t = await this.apiKeyManager.validateToken(
4746
- i.headers.authorization
4748
+ const i = await this.apiKeyManager.validateToken(
4749
+ t.headers.authorization
4747
4750
  );
4748
4751
  d.logger.debug(c({
4749
4752
  msg: "Valid API key",
4750
- hahedApiKey: Y.hashSignedApiKeyValue(t.value)
4753
+ hahedApiKey: Y.hashSignedApiKeyValue(i.value)
4751
4754
  }));
4752
- const a = Fe.decodeData(t.data);
4753
- if (i.apiKey = { ...t, ...a }, "scope" in a && Array.isArray(a.scope)) {
4755
+ const a = Fe.decodeData(i.data);
4756
+ if (t.apiKey = { ...i, ...a }, "scope" in a && Array.isArray(a.scope)) {
4754
4757
  let h = [];
4755
4758
  for (let f of a.scope)
4756
4759
  typeof f == "string" && h.push(f);
4757
- i.scope = h;
4760
+ t.scope = h;
4758
4761
  }
4759
- if (t.userid)
4762
+ if (i.userid)
4760
4763
  try {
4761
- const { user: h } = await this.userStorage.getUserById(t.userid);
4762
- i.user = h, i.authType = "apiKey", d.logger.debug(c({ msg: "API key is for user", userid: h.id, user: h.username, hahedApiKey: Y.hashSignedApiKeyValue(t.value) }));
4764
+ const { user: h } = await this.userStorage.getUserById(i.userid);
4765
+ t.user = h, t.authType = "apiKey", d.logger.debug(c({ msg: "API key is for user", userid: h.id, user: h.username, hahedApiKey: Y.hashSignedApiKeyValue(i.value) }));
4763
4766
  } catch (h) {
4764
- d.logger.error(c({ msg: "API key has invalid user", userid: t.userid, hashedApiKey: Y.hashSignedApiKeyValue(t.value) })), d.logger.debug(c({ err: h }));
4767
+ d.logger.error(c({ msg: "API key has invalid user", userid: i.userid, hashedApiKey: Y.hashSignedApiKeyValue(i.value) })), d.logger.debug(c({ err: h }));
4765
4768
  }
4766
- } catch (t) {
4767
- d.logger.error(c({ msg: "Invalid authorization header received", header: i.headers.authorization })), d.logger.debug(c({ err: t }));
4769
+ } catch (i) {
4770
+ d.logger.error(c({ msg: "Invalid authorization header received", header: t.headers.authorization })), d.logger.debug(c({ err: i }));
4768
4771
  }
4769
4772
  }
4770
4773
  );
@@ -4782,7 +4785,7 @@ class $e {
4782
4785
  * for the password flow
4783
4786
  * @param options see {@link FastifyAuthorizationServerOptions}
4784
4787
  */
4785
- constructor(e, o, r, s, i, n = {}) {
4788
+ constructor(e, o, r, s, t, n = {}) {
4786
4789
  /** The Fastify app passed to the constructor */
4787
4790
  u(this, "app");
4788
4791
  /** The underlying framework-independent authorization server */
@@ -4807,11 +4810,11 @@ class $e {
4807
4810
  this.app = e, this.fastifyServer = o, this.clientStorage = r, this.authServer = new Ne(
4808
4811
  this.clientStorage,
4809
4812
  s,
4810
- i,
4813
+ t,
4811
4814
  n
4812
4815
  ), C("prefix", k.String, this, n, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("errorPage", k.String, this, n, "ERROR_PAGE"), C("devicePage", k.String, this, n, "OAUTH_DEVICE_PAGE"), C("loginUrl", k.String, this, n, "LOGIN_URL"), C("oauthAuthorizePage", k.String, this, n, "OAUTH_AUTHORIZE_PAGE"), C("refreshTokenType", k.String, this, n, "OAUTH_REFRESH_TOKEN_TYPE"), C("refreshTokenCookieName", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_NAME"), C("refreshTokenCookieDomain", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_DOMAIN"), C("refreshTokenCookieHttpOnly", k.Boolean, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_HTTPONLY"), C("refreshTokenCookiePath", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_PATH"), C("refreshTokenCookieSecure", k.Boolean, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_SECURE"), C("refreshTokenCookieSameSite", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_SAMESITE"), C("createGetCsrfTokenEndpoint", k.String, this, n, "OAUTH_CREATE_GET_CSRF_TOKEN_ENDPOINT"), this.refreshTokenType != "json" && (this.createGetCsrfTokenEndpoint ? this.csrfTokens = new Ue(n.doubleSubmitCookieOptions) : this.fastifyServer.sessionServer && (this.csrfTokens = this.fastifyServer.sessionServer.sessionManager.csrfTokens)), this.createGetCsrfTokenEndpoint && this.addApiGetCsrfTokenEndpoints(), e.get(
4813
4816
  this.prefix + ".well-known/openid-configuration",
4814
- async (t, a) => a.header(...x).status(200).send(
4817
+ async (i, a) => a.header(...x).status(200).send(
4815
4818
  this.authServer.oidcConfiguration({
4816
4819
  authorizeEndpoint: this.prefix + "authorize",
4817
4820
  tokenEndpoint: this.prefix + "token",
@@ -4821,32 +4824,32 @@ class $e {
4821
4824
  )
4822
4825
  ), e.get(
4823
4826
  this.prefix + "jwks",
4824
- async (t, a) => a.header(...x).status(200).send(
4827
+ async (i, a) => a.header(...x).status(200).send(
4825
4828
  this.authServer.jwks()
4826
4829
  )
4827
- ), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode)) && (e.get(this.prefix + "authorize", async (t, a) => {
4830
+ ), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode)) && (e.get(this.prefix + "authorize", async (i, a) => {
4828
4831
  var h;
4829
- return d.logger.info(c({ msg: "Page visit", method: "GET", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, a, t.query);
4830
- }), e.post(this.prefix + "authorize", async (t, a) => {
4832
+ return d.logger.info(c({ msg: "Page visit", method: "GET", url: this.prefix + "authorize", ip: i.ip, user: (h = i.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(i, a, i.query);
4833
+ }), e.post(this.prefix + "authorize", async (i, a) => {
4831
4834
  var h;
4832
- return d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, a, t.body);
4835
+ return d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: i.ip, user: (h = i.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(i, a, i.body);
4833
4836
  }), this.app.post(
4834
4837
  this.prefix + "userauthorize",
4835
- async (t, a) => {
4838
+ async (i, a) => {
4836
4839
  var p, v;
4837
- if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (p = t.user) == null ? void 0 : p.username })), !t.user) return b.sendPageError(
4840
+ if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: i.ip, user: (p = i.user) == null ? void 0 : p.username })), !i.user) return b.sendPageError(
4838
4841
  a,
4839
4842
  401,
4840
4843
  this.errorPage
4841
4844
  );
4842
4845
  let h, f;
4843
4846
  try {
4844
- h = await this.fastifyServer.validateCsrfToken(t);
4847
+ h = await this.fastifyServer.validateCsrfToken(i);
4845
4848
  } catch (m) {
4846
4849
  f = l.asCrossauthError(m), f.message = "Invalid csrf cookie received", d.logger.error(c({
4847
4850
  msg: f.message,
4848
4851
  hashedCsrfCookie: h ? F.hash(h) : void 0,
4849
- user: (v = t.user) == null ? void 0 : v.username,
4852
+ user: (v = i.user) == null ? void 0 : v.username,
4850
4853
  cerr: f
4851
4854
  }));
4852
4855
  }
@@ -4875,45 +4878,45 @@ class $e {
4875
4878
  }
4876
4879
  }
4877
4880
  if (!f) {
4878
- const m = t.body.authorized == "true";
4879
- return await this.authorize(t, a, m, {
4880
- responseType: t.body.response_type,
4881
- client_id: t.body.client_id,
4882
- redirect_uri: t.body.redirect_uri,
4883
- scope: t.body.scope,
4884
- state: t.body.state,
4885
- codeChallenge: t.body.code_challenge,
4886
- codeChallengeMethod: t.body.code_challenge_method
4881
+ const m = i.body.authorized == "true";
4882
+ return await this.authorize(i, a, m, {
4883
+ responseType: i.body.response_type,
4884
+ client_id: i.body.client_id,
4885
+ redirect_uri: i.body.redirect_uri,
4886
+ scope: i.body.scope,
4887
+ state: i.body.state,
4888
+ codeChallenge: i.body.code_challenge,
4889
+ codeChallengeMethod: i.body.code_challenge_method
4887
4890
  });
4888
4891
  }
4889
4892
  }
4890
4893
  )), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode) || this.authServer.validFlows.includes(E.ClientCredentials) || this.authServer.validFlows.includes(E.RefreshToken) || this.authServer.validFlows.includes(E.Password) || this.authServer.validFlows.includes(E.PasswordMfa) || this.authServer.validFlows.includes(E.DeviceCode)) && this.app.post(
4891
4894
  this.prefix + "token",
4892
- async (t, a) => {
4895
+ async (i, a) => {
4893
4896
  var m;
4894
4897
  d.logger.info(c({
4895
4898
  msg: "Page visit",
4896
4899
  method: "POST",
4897
4900
  url: this.prefix + "token",
4898
- ip: t.ip,
4899
- user: (m = t.user) == null ? void 0 : m.username
4901
+ ip: i.ip,
4902
+ user: (m = i.user) == null ? void 0 : m.username
4900
4903
  }));
4901
- let h = t.body.client_id, f = t.body.client_secret;
4902
- if (t.headers.authorization) {
4904
+ let h = i.body.client_id, f = i.body.client_secret;
4905
+ if (i.headers.authorization) {
4903
4906
  let w, P;
4904
- const T = t.headers.authorization.split(" ");
4907
+ const T = i.headers.authorization.split(" ");
4905
4908
  if (T.length == 2 && T[0].toLocaleLowerCase() == "basic") {
4906
4909
  const y = F.base64Decode(T[1]).split(":", 2);
4907
4910
  y.length == 2 && (w = y[0], P = y[1]);
4908
4911
  }
4909
4912
  w == null || P == null ? d.logger.warn(c({
4910
- msg: "Ignoring malform authenization header " + t.headers.authorization
4913
+ msg: "Ignoring malform authenization header " + i.headers.authorization
4911
4914
  })) : (h = w, f = P);
4912
4915
  }
4913
- let p = t.body.refresh_token;
4914
- if ((this.refreshTokenType == "cookie" && t.cookies && this.refreshTokenCookieName in t.cookies || this.refreshTokenType == "both" && t.cookies && this.refreshTokenCookieName in t.cookies && p == null) && this.csrfTokens) {
4915
- const w = t.cookies[this.csrfTokens.cookieName];
4916
- let P = t.headers[this.csrfTokens.headerName.toLowerCase()];
4916
+ let p = i.body.refresh_token;
4917
+ if ((this.refreshTokenType == "cookie" && i.cookies && this.refreshTokenCookieName in i.cookies || this.refreshTokenType == "both" && i.cookies && this.refreshTokenCookieName in i.cookies && p == null) && this.csrfTokens) {
4918
+ const w = i.cookies[this.csrfTokens.cookieName];
4919
+ let P = i.headers[this.csrfTokens.headerName.toLowerCase()];
4917
4920
  if (Array.isArray(P) && (P = P[0]), !w || !P)
4918
4921
  return {
4919
4922
  error: "access_denied",
@@ -4922,28 +4925,28 @@ class $e {
4922
4925
  try {
4923
4926
  this.csrfTokens.validateDoubleSubmitCsrfToken(w, P);
4924
4927
  } catch (T) {
4925
- return d.logger.debug(c({ err: T })), d.logger.warn(c({ cerr: T, msg: "Invalid csrf token", client_id: t.body.client_id })), {
4928
+ return d.logger.debug(c({ err: T })), d.logger.warn(c({ cerr: T, msg: "Invalid csrf token", client_id: i.body.client_id })), {
4926
4929
  error: "access_denied",
4927
4930
  error_description: "Invalid csrf token"
4928
4931
  };
4929
4932
  }
4930
- p = t.cookies[this.refreshTokenCookieName];
4933
+ p = i.cookies[this.refreshTokenCookieName];
4931
4934
  }
4932
4935
  const v = await this.authServer.tokenEndpoint({
4933
- grantType: t.body.grant_type,
4936
+ grantType: i.body.grant_type,
4934
4937
  client_id: h,
4935
4938
  client_secret: f,
4936
- scope: t.body.scope,
4937
- codeVerifier: t.body.code_verifier,
4938
- code: t.body.code,
4939
- username: t.body.username,
4940
- password: t.body.password,
4941
- mfaToken: t.body.mfa_token,
4942
- oobCode: t.body.oob_code,
4943
- bindingCode: t.body.binding_code,
4944
- otp: t.body.otp,
4939
+ scope: i.body.scope,
4940
+ codeVerifier: i.body.code_verifier,
4941
+ code: i.body.code,
4942
+ username: i.body.username,
4943
+ password: i.body.password,
4944
+ mfaToken: i.body.mfa_token,
4945
+ oobCode: i.body.oob_code,
4946
+ bindingCode: i.body.binding_code,
4947
+ otp: i.body.otp,
4945
4948
  refreshToken: p,
4946
- deviceCode: t.body.device_code
4949
+ deviceCode: i.body.device_code
4947
4950
  });
4948
4951
  if (v.error == "authorization_pending")
4949
4952
  return a.header(...x).status(200).send(v);
@@ -4957,67 +4960,67 @@ class $e {
4957
4960
  }
4958
4961
  ), this.authServer.validFlows.includes(E.PasswordMfa) && (e.get(
4959
4962
  this.prefix + "mfa/authenticators",
4960
- async (t, a) => {
4963
+ async (i, a) => {
4961
4964
  var h;
4962
4965
  return d.logger.info(c({
4963
4966
  msg: "Page visit",
4964
4967
  method: "GET",
4965
4968
  url: this.prefix + "mfa/authenticators",
4966
- ip: t.ip,
4967
- user: (h = t.user) == null ? void 0 : h.username
4968
- })), await this.mfaAuthenticatorsEndpoint(t, a);
4969
+ ip: i.ip,
4970
+ user: (h = i.user) == null ? void 0 : h.username
4971
+ })), await this.mfaAuthenticatorsEndpoint(i, a);
4969
4972
  }
4970
4973
  ), e.post(
4971
4974
  this.prefix + "mfa/authenticators",
4972
- async (t, a) => {
4975
+ async (i, a) => {
4973
4976
  var h;
4974
4977
  return d.logger.info(c({
4975
4978
  msg: "Page visit",
4976
4979
  method: "POST",
4977
4980
  url: this.prefix + "mfa/authenticators",
4978
- ip: t.ip,
4979
- user: (h = t.user) == null ? void 0 : h.username
4980
- })), await this.mfaAuthenticatorsEndpoint(t, a);
4981
+ ip: i.ip,
4982
+ user: (h = i.user) == null ? void 0 : h.username
4983
+ })), await this.mfaAuthenticatorsEndpoint(i, a);
4981
4984
  }
4982
4985
  ), e.post(
4983
4986
  this.prefix + "mfa/challenge",
4984
- async (t, a) => {
4987
+ async (i, a) => {
4985
4988
  var h;
4986
4989
  return d.logger.info(c({
4987
4990
  msg: "Page visit",
4988
4991
  method: "POST",
4989
4992
  url: this.prefix + "mfa/challenge",
4990
- ip: t.ip,
4991
- user: (h = t.user) == null ? void 0 : h.username
4992
- })), await this.mfaChallengeEndpoint(t, a, t.body);
4993
+ ip: i.ip,
4994
+ user: (h = i.user) == null ? void 0 : h.username
4995
+ })), await this.mfaChallengeEndpoint(i, a, i.body);
4993
4996
  }
4994
4997
  )), this.authServer.validFlows.includes(E.DeviceCode) && (this.app.post(
4995
4998
  this.prefix + "device_authorization",
4996
- async (t, a) => {
4999
+ async (i, a) => {
4997
5000
  var v;
4998
5001
  d.logger.info(c({
4999
5002
  msg: "Page visit",
5000
5003
  method: "POST",
5001
5004
  url: this.prefix + "device_authorization",
5002
- ip: t.ip,
5003
- user: (v = t.user) == null ? void 0 : v.username
5005
+ ip: i.ip,
5006
+ user: (v = i.user) == null ? void 0 : v.username
5004
5007
  }));
5005
- let h = t.body.client_id, f = t.body.client_secret;
5006
- if (t.headers.authorization) {
5008
+ let h = i.body.client_id, f = i.body.client_secret;
5009
+ if (i.headers.authorization) {
5007
5010
  let m, w;
5008
- const P = t.headers.authorization.split(" ");
5011
+ const P = i.headers.authorization.split(" ");
5009
5012
  if (P.length == 2 && P[0].toLocaleLowerCase() == "basic") {
5010
5013
  const N = F.base64Decode(P[1]).split(":", 2);
5011
5014
  N.length == 2 && (m = N[0], w = N[1]);
5012
5015
  }
5013
5016
  m == null || w == null ? d.logger.warn(c({
5014
- msg: "Ignoring malform authenization header " + t.headers.authorization
5017
+ msg: "Ignoring malform authenization header " + i.headers.authorization
5015
5018
  })) : (h = m, f = w);
5016
5019
  }
5017
5020
  const p = await this.authServer.deviceAuthorizationEndpoint({
5018
5021
  client_id: h,
5019
5022
  client_secret: f,
5020
- scope: t.body.scope
5023
+ scope: i.body.scope
5021
5024
  });
5022
5025
  if (p.error || !p.device_code || !p.user_code) {
5023
5026
  let m = "server_error", w = "Neither code nor error received when requesting authorization";
@@ -5029,27 +5032,27 @@ class $e {
5029
5032
  }
5030
5033
  ), e.get(
5031
5034
  this.prefix + "device",
5032
- async (t, a) => {
5035
+ async (i, a) => {
5033
5036
  var h;
5034
5037
  return d.logger.info(c({
5035
5038
  msg: "Page visit",
5036
5039
  method: "GET",
5037
5040
  url: this.prefix + "device",
5038
- ip: t.ip,
5039
- user: (h = t.user) == null ? void 0 : h.username
5040
- })), t.user ? await this.deviceGet(!1, t, a, t.user) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5041
+ ip: i.ip,
5042
+ user: (h = i.user) == null ? void 0 : h.username
5043
+ })), i.user ? await this.deviceGet(!1, i, a, i.user) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(i.url), 302);
5041
5044
  }
5042
5045
  ), e.get(
5043
5046
  this.prefix + "api/device",
5044
- async (t, a) => {
5047
+ async (i, a) => {
5045
5048
  var h;
5046
5049
  if (d.logger.info(c({
5047
5050
  msg: "Page visit",
5048
5051
  method: "GET",
5049
5052
  url: this.prefix + "device",
5050
- ip: t.ip,
5051
- user: (h = t.user) == null ? void 0 : h.username
5052
- })), !t.user) {
5053
+ ip: i.ip,
5054
+ user: (h = i.user) == null ? void 0 : h.username
5055
+ })), !i.user) {
5053
5056
  const f = new l(g.Unauthorized, "Not logged in");
5054
5057
  return a.header(...x).status(401).send({
5055
5058
  errorMessage: f.message,
@@ -5057,31 +5060,31 @@ class $e {
5057
5060
  errorCodeName: f.codeName
5058
5061
  });
5059
5062
  }
5060
- return await this.deviceGet(!0, t, a, t.user);
5063
+ return await this.deviceGet(!0, i, a, i.user);
5061
5064
  }
5062
5065
  ), this.app.post(
5063
5066
  this.prefix + "device",
5064
- async (t, a) => {
5067
+ async (i, a) => {
5065
5068
  var h;
5066
5069
  return d.logger.info(c({
5067
5070
  msg: "Page visit",
5068
5071
  method: "POST",
5069
5072
  url: this.prefix + "device",
5070
- ip: t.ip,
5071
- user: (h = t.user) == null ? void 0 : h.username
5072
- })), t.user ? await this.deviceCodePost(!1, t, a) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5073
+ ip: i.ip,
5074
+ user: (h = i.user) == null ? void 0 : h.username
5075
+ })), i.user ? await this.deviceCodePost(!1, i, a) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(i.url), 302);
5073
5076
  }
5074
5077
  ), this.app.post(
5075
5078
  this.prefix + "api/device",
5076
- async (t, a) => {
5079
+ async (i, a) => {
5077
5080
  var h;
5078
5081
  return d.logger.info(c({
5079
5082
  msg: "Page visit",
5080
5083
  method: "POST",
5081
5084
  url: this.prefix + "device",
5082
- ip: t.ip,
5083
- user: (h = t.user) == null ? void 0 : h.username
5084
- })), await this.deviceCodePost(!0, t, a);
5085
+ ip: i.ip,
5086
+ user: (h = i.user) == null ? void 0 : h.username
5087
+ })), await this.deviceCodePost(!0, i, a);
5085
5088
  }
5086
5089
  ));
5087
5090
  }
@@ -5102,7 +5105,7 @@ class $e {
5102
5105
  this.csrfTokens && this.app.get(
5103
5106
  this.prefix + "getcsrftoken",
5104
5107
  async (e, o) => {
5105
- var s, i;
5108
+ var s, t;
5106
5109
  if (d.logger.info(c({
5107
5110
  msg: "API visit",
5108
5111
  method: "POST",
@@ -5114,56 +5117,56 @@ class $e {
5114
5117
  try {
5115
5118
  const {
5116
5119
  csrfCookie: n,
5117
- csrfFormOrHeaderValue: t
5120
+ csrfFormOrHeaderValue: i
5118
5121
  } = await this.createCsrfToken();
5119
5122
  return r = n.value, o.setCookie(n.name, n.value, n.options), o.header(...x).send({
5120
5123
  ok: !0,
5121
- csrfToken: t
5124
+ csrfToken: i
5122
5125
  });
5123
5126
  } catch (n) {
5124
- const t = l.asCrossauthError(n);
5127
+ const i = l.asCrossauthError(n);
5125
5128
  return d.logger.error(c({
5126
5129
  msg: "getcsrftoken failure",
5127
- user: (i = e.user) == null ? void 0 : i.username,
5130
+ user: (t = e.user) == null ? void 0 : t.username,
5128
5131
  hashedCsrfCookie: F.hash(r.split(".")[0]),
5129
- errorCode: t.code,
5130
- errorCodeName: t.codeName
5131
- })), d.logger.debug(c({ err: n })), o.status(t.httpStatus).header(...x).send({
5132
+ errorCode: i.code,
5133
+ errorCodeName: i.codeName
5134
+ })), d.logger.debug(c({ err: n })), o.status(i.httpStatus).header(...x).send({
5132
5135
  ok: !1,
5133
- errorCode: t.code,
5134
- errorCodeName: t.codeName,
5135
- error: t.message
5136
+ errorCode: i.code,
5137
+ errorCodeName: i.codeName,
5138
+ error: i.message
5136
5139
  });
5137
5140
  }
5138
5141
  }
5139
5142
  );
5140
5143
  }
5141
5144
  async authorizeEndpoint(e, o, r) {
5142
- var t, a, h;
5145
+ var i, a, h;
5143
5146
  if (!e.user) return o.redirect(this.loginUrl + "?next=" + encodeURIComponent(e.url), 302);
5144
5147
  d.logger.debug(c({ msg: "validating authorize parameters" }));
5145
- let { error_description: s } = this.authServer.validateAuthorizeParameters(r), i;
5146
- if (s ? (i = new l(g.BadRequest, s), d.logger.error(c({
5148
+ let { error_description: s } = this.authServer.validateAuthorizeParameters(r), t;
5149
+ if (s ? (t = new l(g.BadRequest, s), d.logger.error(c({
5147
5150
  msg: "authorize parameter invalid",
5148
- cerr: i,
5149
- user: (t = e.user) == null ? void 0 : t.username
5151
+ cerr: t,
5152
+ user: (i = e.user) == null ? void 0 : i.username
5150
5153
  }))) : d.logger.error(c({
5151
5154
  msg: "authorize parameter valid",
5152
5155
  user: (a = e.user) == null ? void 0 : a.username
5153
- })), i) {
5156
+ })), t) {
5154
5157
  if (this.errorPage)
5155
- return o.status(i.httpStatus).view(
5158
+ return o.status(t.httpStatus).view(
5156
5159
  this.errorPage,
5157
5160
  {
5158
- status: i.httpStatus,
5159
- errorMessage: i.message,
5160
- errorCode: i.code,
5161
- errorCodeName: i.codeName
5161
+ status: t.httpStatus,
5162
+ errorMessage: t.message,
5163
+ errorCode: t.code,
5164
+ errorCodeName: t.codeName
5162
5165
  }
5163
5166
  );
5164
5167
  {
5165
5168
  let f = "500";
5166
- switch (i.httpStatus) {
5169
+ switch (t.httpStatus) {
5167
5170
  case 401:
5168
5171
  f = "401";
5169
5172
  break;
@@ -5171,7 +5174,7 @@ class $e {
5171
5174
  f = "400";
5172
5175
  break;
5173
5176
  }
5174
- return o.status(i.httpStatus).send($[f] ?? G);
5177
+ return o.status(t.httpStatus).send($[f] ?? G);
5175
5178
  }
5176
5179
  }
5177
5180
  let n = !1;
@@ -5233,9 +5236,9 @@ class $e {
5233
5236
  }
5234
5237
  async authorize(e, o, r, {
5235
5238
  responseType: s,
5236
- client_id: i,
5239
+ client_id: t,
5237
5240
  redirect_uri: n,
5238
- scope: t,
5241
+ scope: i,
5239
5242
  state: a,
5240
5243
  codeChallenge: h,
5241
5244
  codeChallengeMethod: f
@@ -5244,9 +5247,9 @@ class $e {
5244
5247
  if (r) {
5245
5248
  const w = await this.authServer.authorizeGetEndpoint({
5246
5249
  responseType: s,
5247
- client_id: i,
5250
+ client_id: t,
5248
5251
  redirect_uri: n,
5249
- scope: t,
5252
+ scope: i,
5250
5253
  state: a,
5251
5254
  codeChallenge: h,
5252
5255
  codeChallengeMethod: f,
@@ -5305,18 +5308,18 @@ class $e {
5305
5308
  }
5306
5309
  }
5307
5310
  async mfaAuthenticatorsEndpoint(e, o) {
5308
- var t;
5309
- const r = (t = e.headers.authorization) == null ? void 0 : t.split(" ");
5311
+ var i;
5312
+ const r = (i = e.headers.authorization) == null ? void 0 : i.split(" ");
5310
5313
  if (!r || r.length != 2)
5311
5314
  return {
5312
5315
  error: "access_denied",
5313
5316
  error_desciption: "Invalid authorization header"
5314
5317
  };
5315
- const s = r[1], i = await this.authServer.mfaAuthenticatorsEndpoint(s);
5316
- if (i.authenticators)
5317
- return o.header(...x).status(200).send(i.authenticators);
5318
- const n = l.fromOAuthError(i.error ?? "server_error");
5319
- return o.header(...x).status(n.httpStatus).send(i);
5318
+ const s = r[1], t = await this.authServer.mfaAuthenticatorsEndpoint(s);
5319
+ if (t.authenticators)
5320
+ return o.header(...x).status(200).send(t.authenticators);
5321
+ const n = l.fromOAuthError(t.error ?? "server_error");
5322
+ return o.header(...x).status(n.httpStatus).send(t);
5320
5323
  }
5321
5324
  async mfaChallengeEndpoint(e, o, r) {
5322
5325
  const s = await this.authServer.mfaChallengeEndpoint(
@@ -5327,15 +5330,15 @@ class $e {
5327
5330
  r.authenticator_id
5328
5331
  );
5329
5332
  if (s.error) {
5330
- const i = l.fromOAuthError(s.error);
5331
- return o.header(...x).status(i.httpStatus).send(s);
5333
+ const t = l.fromOAuthError(s.error);
5334
+ return o.header(...x).status(t.httpStatus).send(s);
5332
5335
  }
5333
5336
  return o.header(...x).status(200).send(s);
5334
5337
  }
5335
5338
  setRefreshTokenCookie(e, o, r) {
5336
5339
  if (!this.refreshTokenCookieName) return;
5337
- let s = r ? new Date(Date.now() + r * 1e3).toUTCString() : void 0, i = this.refreshTokenCookieName + "=" + o;
5338
- s && (i += "; expires=" + new Date(s).toUTCString()), this.refreshTokenCookieSameSite && (i += "; SameSite=" + this.refreshTokenCookieSameSite), this.refreshTokenCookieDomain && (i += "; domain=" + this.refreshTokenCookieDomain), this.refreshTokenCookiePath && (i += "; path=" + this.refreshTokenCookiePath), this.refreshTokenCookieHttpOnly == !0 && (i += "; httpOnly"), this.refreshTokenCookieSecure == !0 && (i += "; secure"), e.setCookie(this.refreshTokenCookieName, i);
5340
+ let s = r ? new Date(Date.now() + r * 1e3).toUTCString() : void 0, t = this.refreshTokenCookieName + "=" + o;
5341
+ s && (t += "; expires=" + new Date(s).toUTCString()), this.refreshTokenCookieSameSite && (t += "; SameSite=" + this.refreshTokenCookieSameSite), this.refreshTokenCookieDomain && (t += "; domain=" + this.refreshTokenCookieDomain), this.refreshTokenCookiePath && (t += "; path=" + this.refreshTokenCookiePath), this.refreshTokenCookieHttpOnly == !0 && (t += "; httpOnly"), this.refreshTokenCookieSecure == !0 && (t += "; secure"), e.setCookie(this.refreshTokenCookieName, t);
5339
5342
  }
5340
5343
  /**
5341
5344
  * Returns this server's OIDC configuration. Just wraps
@@ -5353,18 +5356,18 @@ class $e {
5353
5356
  /////
5354
5357
  // Device code flow
5355
5358
  async applyUserCode(e, o, r) {
5356
- var s, i, n;
5359
+ var s, t, n;
5357
5360
  try {
5358
- const t = await this.authServer.deviceEndpoint({ userCode: e, user: r });
5359
- if (t.error)
5361
+ const i = await this.authServer.deviceEndpoint({ userCode: e, user: r });
5362
+ if (i.error)
5360
5363
  return {
5361
5364
  ok: !1,
5362
5365
  completed: !1,
5363
5366
  retryAllowed: !1,
5364
- error: t.error,
5365
- error_description: t.error_description
5367
+ error: i.error,
5368
+ error_description: i.error_description
5366
5369
  };
5367
- if (!t.client_id)
5370
+ if (!i.client_id)
5368
5371
  return d.logger.error(c({ msg: "No client id found for user code", userCodeHash: F.hash(e), ip: o.ip, username: (s = o.user) == null ? void 0 : s.username })), {
5369
5372
  ok: !1,
5370
5373
  completed: !1,
@@ -5372,33 +5375,33 @@ class $e {
5372
5375
  error: "server_error",
5373
5376
  error_description: "No client id found for user code"
5374
5377
  };
5375
- if (t.error == "access_denied")
5376
- return d.logger.error(c({ msg: "Incorrect user code given", userCodeHash: F.hash(e), ip: o.ip, username: (i = o.user) == null ? void 0 : i.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((p) => setTimeout(p, f)))(this.authServer.userCodeThrottle), {
5378
+ if (i.error == "access_denied")
5379
+ return d.logger.error(c({ msg: "Incorrect user code given", userCodeHash: F.hash(e), ip: o.ip, username: (t = o.user) == null ? void 0 : t.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((p) => setTimeout(p, f)))(this.authServer.userCodeThrottle), {
5377
5380
  ok: !1,
5378
5381
  completed: !1,
5379
5382
  retryAllowed: !0,
5380
- error: t.error,
5381
- error_description: t.error_description
5383
+ error: i.error,
5384
+ error_description: i.error_description
5382
5385
  };
5383
- if (t.error == "expired_token")
5386
+ if (i.error == "expired_token")
5384
5387
  return d.logger.error(c({ msg: "Expired user code", userCodeHash: F.hash(e), ip: o.ip, username: (n = o.user) == null ? void 0 : n.username })), {
5385
5388
  ok: !1,
5386
5389
  completed: !1,
5387
5390
  retryAllowed: !1,
5388
- error: t.error,
5389
- error_description: t.error_description
5391
+ error: i.error,
5392
+ error_description: i.error_description
5390
5393
  };
5391
- const a = await this.clientStorage.getClientById(t.client_id);
5392
- return t.scopeAuthorizationNeeded ? {
5394
+ const a = await this.clientStorage.getClientById(i.client_id);
5395
+ return i.scopeAuthorizationNeeded ? {
5393
5396
  ok: !0,
5394
5397
  completed: !1,
5395
5398
  retryAllowed: !0,
5396
5399
  authorizationNeeded: {
5397
5400
  user: r,
5398
- client_id: t.client_id,
5401
+ client_id: i.client_id,
5399
5402
  client_name: a.client_name,
5400
- scope: t.scope,
5401
- scopes: t.scope ? t.scope.split(" ") : [],
5403
+ scope: i.scope,
5404
+ scopes: i.scope ? i.scope.split(" ") : [],
5402
5405
  csrfToken: o.csrfToken
5403
5406
  },
5404
5407
  user: o.user,
@@ -5411,8 +5414,8 @@ class $e {
5411
5414
  user: o.user,
5412
5415
  csrfToken: o.csrfToken
5413
5416
  };
5414
- } catch (t) {
5415
- const a = l.asCrossauthError(t);
5417
+ } catch (i) {
5418
+ const a = l.asCrossauthError(i);
5416
5419
  return d.logger.debug(c({ err: a })), d.logger.error(c({ msg: a.message, cerr: a })), {
5417
5420
  ok: !1,
5418
5421
  completed: !1,
@@ -5424,34 +5427,34 @@ class $e {
5424
5427
  }
5425
5428
  async deviceGet(e, o, r, s) {
5426
5429
  if (o.query.user_code) {
5427
- let i = await this.applyUserCode(o.query.user_code, o, s);
5428
- if (i.error) {
5429
- const t = l.fromOAuthError(i.error, i.error_description);
5430
- d.logger.debug({ err: t }), d.logger.error({ cerr: t });
5430
+ let t = await this.applyUserCode(o.query.user_code, o, s);
5431
+ if (t.error) {
5432
+ const i = l.fromOAuthError(t.error, t.error_description);
5433
+ d.logger.debug({ err: i }), d.logger.error({ cerr: i });
5431
5434
  const a = {
5432
5435
  ok: !1,
5433
5436
  completed: !1,
5434
- status: t.httpStatus,
5435
- errorMessage: t.message,
5436
- errorCode: t.code,
5437
- errorCodeName: t.codeName,
5438
- retryAllowed: i.retryAllowed
5437
+ status: i.httpStatus,
5438
+ errorMessage: i.message,
5439
+ errorCode: i.code,
5440
+ errorCodeName: i.codeName,
5441
+ retryAllowed: t.retryAllowed
5439
5442
  };
5440
- return e ? r.header(...x).status(t.httpStatus).send(a) : r.status(t.httpStatus).view(this.devicePage, {
5443
+ return e ? r.header(...x).status(i.httpStatus).send(a) : r.status(i.httpStatus).view(this.devicePage, {
5441
5444
  csrfToken: o.csrfToken,
5442
5445
  ...a
5443
5446
  });
5444
- } else if (i.authorizationNeeded) {
5445
- const t = {
5447
+ } else if (t.authorizationNeeded) {
5448
+ const i = {
5446
5449
  ok: !0,
5447
5450
  completed: !1,
5448
- retryAllowed: i.retryAllowed,
5449
- authorizationNeeded: i.authorizationNeeded,
5450
- user_code: i.user_code
5451
+ retryAllowed: t.retryAllowed,
5452
+ authorizationNeeded: t.authorizationNeeded,
5453
+ user_code: t.user_code
5451
5454
  };
5452
- return e ? r.header(...x).status(200).send(t) : r.status(200).view(this.devicePage, {
5455
+ return e ? r.header(...x).status(200).send(i) : r.status(200).view(this.devicePage, {
5453
5456
  csrfToken: o.csrfToken,
5454
- ...t
5457
+ ...i
5455
5458
  });
5456
5459
  }
5457
5460
  const n = {
@@ -5463,13 +5466,13 @@ class $e {
5463
5466
  ...n
5464
5467
  });
5465
5468
  } else {
5466
- const i = {
5469
+ const t = {
5467
5470
  ok: !1,
5468
5471
  completed: !1,
5469
5472
  user_code: o.query.user_code,
5470
5473
  csrfToken: o.csrfToken
5471
5474
  };
5472
- return e ? r.header(...x).status(200).send(i) : r.status(200).view(this.devicePage, i);
5475
+ return e ? r.header(...x).status(200).send(t) : r.status(200).view(this.devicePage, t);
5473
5476
  }
5474
5477
  }
5475
5478
  async deviceCodePost(e, o, r) {
@@ -5482,7 +5485,7 @@ class $e {
5482
5485
  if (s.error) {
5483
5486
  const n = l.fromOAuthError(s.error, s.error_description);
5484
5487
  d.logger.debug({ err: n }), d.logger.error({ cerr: n });
5485
- const t = {
5488
+ const i = {
5486
5489
  ok: !1,
5487
5490
  completed: !1,
5488
5491
  status: n.httpStatus,
@@ -5491,9 +5494,9 @@ class $e {
5491
5494
  errorCodeName: n.codeName,
5492
5495
  retryAllowed: s.retryAllowed
5493
5496
  };
5494
- return e ? r.header(...x).status(200).send(t) : r.status(n.httpStatus).view(this.devicePage, {
5497
+ return e ? r.header(...x).status(200).send(i) : r.status(n.httpStatus).view(this.devicePage, {
5495
5498
  csrfToken: o.csrfToken,
5496
- ...t
5499
+ ...i
5497
5500
  });
5498
5501
  } else if (s.authorizationNeeded) {
5499
5502
  const n = {
@@ -5508,14 +5511,14 @@ class $e {
5508
5511
  ...n
5509
5512
  });
5510
5513
  }
5511
- const i = {
5514
+ const t = {
5512
5515
  ok: !0,
5513
5516
  completed: !0,
5514
5517
  csrfToken: o.csrfToken
5515
5518
  };
5516
- return e ? r.header(...x).status(200).send(i) : r.status(200).view(this.devicePage, i);
5519
+ return e ? r.header(...x).status(200).send(t) : r.status(200).view(this.devicePage, t);
5517
5520
  } else {
5518
- const s = l.fromOAuthError("unauthorized", "Please enter the code"), i = {
5521
+ const s = l.fromOAuthError("unauthorized", "Please enter the code"), t = {
5519
5522
  ok: !1,
5520
5523
  completed: !1,
5521
5524
  user_code: o.body.user_code,
@@ -5526,22 +5529,22 @@ class $e {
5526
5529
  errorCode: s.code,
5527
5530
  errorCodeName: s.codeName
5528
5531
  };
5529
- return e ? r.header(...x).status(401).send(i) : r.status(200).view(this.devicePage, {
5532
+ return e ? r.header(...x).status(401).send(t) : r.status(200).view(this.devicePage, {
5530
5533
  csrfToken: o.csrfToken,
5531
- ...i
5534
+ ...t
5532
5535
  });
5533
5536
  }
5534
5537
  else if (o.body.authorized == "true") {
5535
- let s = o.body.user_code, i = o.body.scope;
5536
- i == "";
5538
+ let s = o.body.user_code, t = o.body.scope;
5539
+ t == "";
5537
5540
  const n = o.body.client_id;
5538
5541
  if (!s) throw new l(g.BadRequest, "user_code missing");
5539
5542
  if (!n) throw new l(g.BadRequest, "client_id missing");
5540
- let t = await this.authServer.validateAndPersistScope(n, i, o.user);
5541
- if (t.error)
5542
- throw l.fromOAuthError(t.error, t.error_description);
5543
- if (t = await this.applyUserCode(s, o, o.user), t.error)
5544
- throw l.fromOAuthError(t.error, t.error_description);
5543
+ let i = await this.authServer.validateAndPersistScope(n, t, o.user);
5544
+ if (i.error)
5545
+ throw l.fromOAuthError(i.error, i.error_description);
5546
+ if (i = await this.applyUserCode(s, o, o.user), i.error)
5547
+ throw l.fromOAuthError(i.error, i.error_description);
5545
5548
  const a = {
5546
5549
  ok: !0,
5547
5550
  completed: !0,
@@ -5551,16 +5554,16 @@ class $e {
5551
5554
  } else
5552
5555
  throw new l(g.Unauthorized, "You did not authorize the client");
5553
5556
  } catch (s) {
5554
- const i = l.asCrossauthError(s);
5555
- d.logger.debug({ err: i }), d.logger.error({ cerr: i });
5557
+ const t = l.asCrossauthError(s);
5558
+ d.logger.debug({ err: t }), d.logger.error({ cerr: t });
5556
5559
  const n = {
5557
5560
  ok: !1,
5558
- status: i.httpStatus,
5559
- errorMessage: i.message,
5560
- errorCode: i.code,
5561
- errorCodeName: i.codeName
5561
+ status: t.httpStatus,
5562
+ errorMessage: t.message,
5563
+ errorCode: t.code,
5564
+ errorCodeName: t.codeName
5562
5565
  };
5563
- return e ? r.header(...x).status(401).send(n) : r.status(i.httpStatus).view(this.devicePage, {
5566
+ return e ? r.header(...x).status(401).send(n) : r.status(t.httpStatus).view(this.devicePage, {
5564
5567
  csrfToken: o.csrfToken,
5565
5568
  ...n
5566
5569
  });
@@ -5609,10 +5612,10 @@ function fe(S, e) {
5609
5612
  if (S.access_token)
5610
5613
  try {
5611
5614
  if (S.access_token && e.includes("access")) {
5612
- const r = J(S.access_token), s = r.jti ? r.jti : r.sid ? r.sid : "", i = s ? F.hash(s) : void 0;
5615
+ const r = J(S.access_token), s = r.jti ? r.jti : r.sid ? r.sid : "", t = s ? F.hash(s) : void 0;
5613
5616
  d.logger.debug(c({
5614
5617
  msg: "Got access token",
5615
- accessTokenHash: i
5618
+ accessTokenHash: t
5616
5619
  }));
5617
5620
  }
5618
5621
  } catch (r) {
@@ -5623,10 +5626,10 @@ function fe(S, e) {
5623
5626
  if (S.id_token && e.includes("id")) {
5624
5627
  let r = S.id_payload ?? J(S.id_token);
5625
5628
  if (r) {
5626
- const s = r.jti ? r.jti : r.sid ? r.sid : "", i = s ? F.hash(s) : void 0;
5629
+ const s = r.jti ? r.jti : r.sid ? r.sid : "", t = s ? F.hash(s) : void 0;
5627
5630
  d.logger.debug(c({
5628
5631
  msg: "Got id token",
5629
- idTokenHash: i
5632
+ idTokenHash: t
5630
5633
  }));
5631
5634
  }
5632
5635
  }
@@ -5665,11 +5668,11 @@ async function Qe(S, e, o, r) {
5665
5668
  let s = { ...S };
5666
5669
  return e.jwtTokens.includes("id") && S.id_token && (s.id_payload = S.id_payload ?? j(S.id_token)), r.status(200).view(e.authorizedPage, s);
5667
5670
  } catch (s) {
5668
- const i = l.asCrossauthError(s);
5669
- return r.status(i.httpStatus).view(e.errorPage, {
5670
- status: i.httpStatus,
5671
- errorMessage: i.message,
5672
- errorCodeName: i.codeName
5671
+ const t = l.asCrossauthError(s);
5672
+ return r.status(t.httpStatus).view(e.errorPage, {
5673
+ status: t.httpStatus,
5674
+ errorMessage: t.message,
5675
+ errorCodeName: t.codeName
5673
5676
  });
5674
5677
  }
5675
5678
  }
@@ -5701,12 +5704,12 @@ async function Ze(S, e, o, r) {
5701
5704
  return e.jwtTokens.includes("id") && (s.id_payload = S.id_payload ?? j(S.id_token)), r.status(200).view(e.authorizedPage, s);
5702
5705
  }
5703
5706
  } catch (s) {
5704
- const i = l.asCrossauthError(s);
5705
- if (d.logger.debug(c({ err: i })), d.logger.debug(c({ cerr: i, msg: "Error receiving tokens" })), r)
5706
- return r.status(i.httpStatus).view(e.errorPage, {
5707
- status: i.httpStatus,
5708
- errorMessage: i.message,
5709
- errorCodeName: i.codeName
5707
+ const t = l.asCrossauthError(s);
5708
+ if (d.logger.debug(c({ err: t })), d.logger.debug(c({ cerr: t, msg: "Error receiving tokens" })), r)
5709
+ return r.status(t.httpStatus).view(e.errorPage, {
5710
+ status: t.httpStatus,
5711
+ errorMessage: t.message,
5712
+ errorCodeName: t.codeName
5710
5713
  });
5711
5714
  }
5712
5715
  }
@@ -5717,19 +5720,19 @@ async function Se(S, e, o, r) {
5717
5720
  );
5718
5721
  let s = S.expires_in;
5719
5722
  if (!s && S.access_token && e.jwtTokens.includes("access")) {
5720
- const t = J(S.access_token);
5721
- t.exp && (s = t.exp);
5723
+ const i = J(S.access_token);
5724
+ i.exp && (s = i.exp);
5722
5725
  }
5723
5726
  if (!s)
5724
5727
  throw new l(
5725
5728
  g.BadRequest,
5726
5729
  "OAuth server did not return an expiry for the access token"
5727
5730
  );
5728
- const i = Date.now() + s * 1e3;
5729
- let n = { ...S, expires_at: i };
5731
+ const t = Date.now() + s * 1e3;
5732
+ let n = { ...S, expires_at: t };
5730
5733
  if ("id_token" in S) {
5731
- let t = S.id_payload ?? j(S.id_token);
5732
- t && (n.id_token = t);
5734
+ let i = S.id_payload ?? j(S.id_token);
5735
+ i && (n.id_token = i);
5733
5736
  }
5734
5737
  await e.storeSessionData(n, o, r);
5735
5738
  }
@@ -5757,12 +5760,12 @@ async function qe(S, e, o, r) {
5757
5760
  errorCode: g.Configuration
5758
5761
  });
5759
5762
  } catch (s) {
5760
- const i = l.asCrossauthError(s);
5761
- if (d.logger.debug(c({ err: i })), d.logger.debug(c({ cerr: i, msg: "Error receiving tokens" })), r)
5762
- return r.status(i.httpStatus).view(e.errorPage, {
5763
- status: i.httpStatus,
5764
- errorMessage: i.message,
5765
- errorCodeName: i.codeName
5763
+ const t = l.asCrossauthError(s);
5764
+ if (d.logger.debug(c({ err: t })), d.logger.debug(c({ cerr: t, msg: "Error receiving tokens" })), r)
5765
+ return r.status(t.httpStatus).view(e.errorPage, {
5766
+ status: t.httpStatus,
5767
+ errorMessage: t.message,
5768
+ errorCodeName: t.codeName
5766
5769
  });
5767
5770
  }
5768
5771
  }
@@ -5774,7 +5777,7 @@ class we extends Oe {
5774
5777
  * @param options See {@link FastifyOAuthClientOptions}
5775
5778
  */
5776
5779
  constructor(o, r, s) {
5777
- var i, n, t;
5780
+ var t, n, i;
5778
5781
  super(r, s);
5779
5782
  u(this, "server");
5780
5783
  u(this, "siteUrl", "/");
@@ -5814,7 +5817,7 @@ class we extends Oe {
5814
5817
  u(this, "bffEndpointName", "bff");
5815
5818
  u(this, "bffBaseUrl");
5816
5819
  u(this, "tokenEndpoints", []);
5817
- if (this.server = o, C("sessionDataName", k.String, this, s, "OAUTH_SESSION_DATA_NAME"), C("siteUrl", k.String, this, s, "SITE_URL", !0), C("tokenResponseType", k.String, this, s, "OAUTH_TOKEN_RESPONSE_TYPE"), C("errorResponseType", k.String, this, s, "OAUTH_ERROR_RESPONSE_TYPE"), C("prefix", k.String, this, s, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("loginUrl", k.String, this, s, "LOGIN_URL"), C("errorPage", k.String, this, s, "ERROR_PAGE"), C("authorizedPage", k.String, this, s, "AUTHORIZED_PAGE"), C("authorizedUrl", k.String, this, s, "AUTHORIZED_URL"), C("loginProtectedFlows", k.JsonArray, this, s, "OAUTH_LOGIN_PROTECTED_FLOWS"), C("passwordFlowUrl", k.String, this, s, "OAUTH_PASSWORD_FLOW_URL"), C("passwordOtpUrl", k.String, this, s, "OAUTH_PASSWORD_OTP_URL"), C("passwordOobUrl", k.String, this, s, "OAUTH_PASSWORD_OOB_URL"), C("passwordFlowPage", k.String, this, s, "OAUTH_PASSWORD_FLOW_PAGE"), C("deviceCodeFlowPage", k.String, this, s, "OAUTH_DEVICECODE_FLOW_PAGE"), C("deleteTokensPage", k.String, this, s, "OAUTH_DELETE_TOKENS_PAGE"), C("deleteTokensGetUrl", k.String, this, s, "OAUTH_DELETE_TOKENS_GET_URL"), C("deleteTokensPostUrl", k.String, this, s, "OAUTH_DELETE_TOKENS_POST_URL"), C("apiDeleteTokensPostUrl", k.String, this, s, "OAUTHAPI__DELETE_TOKENS_POST_URL"), C("mfaOtpPage", k.String, this, s, "OAUTH_MFA_OTP_PAGE"), C("mfaOobPage", k.String, this, s, "OAUTH_MFA_OOB_PAGE"), C("deviceCodeFlowUrl", k.String, this, s, "OAUTH_DEVICECODE_FLOW_URL"), C("deviceCodePollUrl", k.String, this, s, "OAUTH_DEVICECODE_POLL_URL"), C("bffEndpointName", k.String, this, s, "OAUTH_BFF_ENDPOINT_NAME"), C("bffBaseUrl", k.String, this, s, "OAUTH_BFF_BASEURL"), C("validFlows", k.JsonArray, this, s, "OAUTH_VALIDFLOWS"), C("jwtTokens", k.JsonArray, this, s, "OAUTH_JWT_TOKENS"), (i = this.deleteTokensGetUrl) != null && i.startsWith("/") && (this.deleteTokensGetUrl = this.deleteTokensGetUrl.substring(1)), (n = this.deleteTokensPostUrl) != null && n.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), (t = this.deleteTokensPostUrl) != null && t.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), this.validFlows.length == 1 && this.validFlows[0] == E.All)
5820
+ if (this.server = o, C("sessionDataName", k.String, this, s, "OAUTH_SESSION_DATA_NAME"), C("siteUrl", k.String, this, s, "SITE_URL", !0), C("tokenResponseType", k.String, this, s, "OAUTH_TOKEN_RESPONSE_TYPE"), C("errorResponseType", k.String, this, s, "OAUTH_ERROR_RESPONSE_TYPE"), C("prefix", k.String, this, s, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("loginUrl", k.String, this, s, "LOGIN_URL"), C("errorPage", k.String, this, s, "ERROR_PAGE"), C("authorizedPage", k.String, this, s, "AUTHORIZED_PAGE"), C("authorizedUrl", k.String, this, s, "AUTHORIZED_URL"), C("loginProtectedFlows", k.JsonArray, this, s, "OAUTH_LOGIN_PROTECTED_FLOWS"), C("passwordFlowUrl", k.String, this, s, "OAUTH_PASSWORD_FLOW_URL"), C("passwordOtpUrl", k.String, this, s, "OAUTH_PASSWORD_OTP_URL"), C("passwordOobUrl", k.String, this, s, "OAUTH_PASSWORD_OOB_URL"), C("passwordFlowPage", k.String, this, s, "OAUTH_PASSWORD_FLOW_PAGE"), C("deviceCodeFlowPage", k.String, this, s, "OAUTH_DEVICECODE_FLOW_PAGE"), C("deleteTokensPage", k.String, this, s, "OAUTH_DELETE_TOKENS_PAGE"), C("deleteTokensGetUrl", k.String, this, s, "OAUTH_DELETE_TOKENS_GET_URL"), C("deleteTokensPostUrl", k.String, this, s, "OAUTH_DELETE_TOKENS_POST_URL"), C("apiDeleteTokensPostUrl", k.String, this, s, "OAUTHAPI__DELETE_TOKENS_POST_URL"), C("mfaOtpPage", k.String, this, s, "OAUTH_MFA_OTP_PAGE"), C("mfaOobPage", k.String, this, s, "OAUTH_MFA_OOB_PAGE"), C("deviceCodeFlowUrl", k.String, this, s, "OAUTH_DEVICECODE_FLOW_URL"), C("deviceCodePollUrl", k.String, this, s, "OAUTH_DEVICECODE_POLL_URL"), C("bffEndpointName", k.String, this, s, "OAUTH_BFF_ENDPOINT_NAME"), C("bffBaseUrl", k.String, this, s, "OAUTH_BFF_BASEURL"), C("validFlows", k.JsonArray, this, s, "OAUTH_VALIDFLOWS"), C("jwtTokens", k.JsonArray, this, s, "OAUTH_JWT_TOKENS"), (t = this.deleteTokensGetUrl) != null && t.startsWith("/") && (this.deleteTokensGetUrl = this.deleteTokensGetUrl.substring(1)), (n = this.deleteTokensPostUrl) != null && n.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), (i = this.deleteTokensPostUrl) != null && i.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), this.validFlows.length == 1 && this.validFlows[0] == E.All)
5818
5821
  this.validFlows = E.allFlows();
5819
5822
  else if (!E.areAllValidFlows(this.validFlows))
5820
5823
  throw new l(g.Configuration, "Invalid flows specificied in " + this.validFlows.join(","));
@@ -6465,14 +6468,14 @@ class we extends Oe {
6465
6468
  }
6466
6469
  }
6467
6470
  async passwordPost(o, r, s) {
6468
- var i;
6471
+ var t;
6469
6472
  if (this.server.sessionAdapter) {
6470
- const { error: n, reply: t } = await this.server.errorIfCsrfInvalid(
6473
+ const { error: n, reply: i } = await this.server.errorIfCsrfInvalid(
6471
6474
  r,
6472
6475
  s,
6473
6476
  this.errorFn
6474
6477
  );
6475
- if (n) return t;
6478
+ if (n) return i;
6476
6479
  }
6477
6480
  try {
6478
6481
  let n = await this.passwordFlow(
@@ -6481,10 +6484,10 @@ class we extends Oe {
6481
6484
  r.body.scope
6482
6485
  );
6483
6486
  if (n.error == "mfa_required" && n.mfa_token && this.validFlows.includes(E.PasswordMfa)) {
6484
- const t = n.mfa_token;
6487
+ const i = n.mfa_token;
6485
6488
  if (n = await this.passwordMfa(
6486
6489
  o,
6487
- t,
6490
+ i,
6488
6491
  r.body.scope,
6489
6492
  r,
6490
6493
  s
@@ -6514,56 +6517,56 @@ class we extends Oe {
6514
6517
  }
6515
6518
  return await this.receiveTokenFn(n, this, r, s);
6516
6519
  } else if (n.error) {
6517
- const t = l.fromOAuthError(
6520
+ const i = l.fromOAuthError(
6518
6521
  n.error,
6519
6522
  n.error_description
6520
6523
  );
6521
- return o ? await this.errorFn(this.server, r, s, t) : s.view(
6524
+ return o ? await this.errorFn(this.server, r, s, i) : s.view(
6522
6525
  this.passwordFlowPage,
6523
6526
  {
6524
6527
  user: r.user,
6525
6528
  username: r.body.username,
6526
6529
  //password: request.body.password,
6527
6530
  scope: r.body.scope,
6528
- errorMessage: t.message,
6529
- errorCode: t.code,
6530
- errorCodeName: t.codeName,
6531
+ errorMessage: i.message,
6532
+ errorCode: i.code,
6533
+ errorCodeName: i.codeName,
6531
6534
  csrfToken: r.csrfToken
6532
6535
  }
6533
6536
  );
6534
6537
  }
6535
6538
  return await this.receiveTokenFn(n, this, r, s);
6536
6539
  } catch (n) {
6537
- const t = l.asCrossauthError(n);
6540
+ const i = l.asCrossauthError(n);
6538
6541
  return d.logger.error(c({
6539
6542
  msg: "Error receiving token",
6540
- cerr: t,
6541
- user: (i = r.user) == null ? void 0 : i.user
6543
+ cerr: i,
6544
+ user: (t = r.user) == null ? void 0 : t.user
6542
6545
  })), d.logger.debug(c({ err: n })), o ? await this.errorFn(
6543
6546
  this.server,
6544
6547
  r,
6545
6548
  s,
6546
- t
6549
+ i
6547
6550
  ) : s.view(this.passwordFlowPage, {
6548
6551
  user: r.user,
6549
6552
  username: r.body.username,
6550
6553
  password: r.body.password,
6551
6554
  scope: r.body.scope,
6552
- errorMessage: t.message,
6553
- errorCode: t.code,
6554
- errorCodeName: t.codeName,
6555
+ errorMessage: i.message,
6556
+ errorCode: i.code,
6557
+ errorCodeName: i.codeName,
6555
6558
  csrfToken: r.csrfToken
6556
6559
  });
6557
6560
  }
6558
6561
  }
6559
- async passwordMfa(o, r, s, i, n) {
6560
- const t = await this.mfaAuthenticators(r);
6561
- if (t.error || !t.authenticators || !Array.isArray(t.authenticators) || t.authenticators.length == 0 || t.authenticators.length > 1 && !t.authenticators[0].active)
6562
- return t.error ? t : {
6562
+ async passwordMfa(o, r, s, t, n) {
6563
+ const i = await this.mfaAuthenticators(r);
6564
+ if (i.error || !i.authenticators || !Array.isArray(i.authenticators) || i.authenticators.length == 0 || i.authenticators.length > 1 && !i.authenticators[0].active)
6565
+ return i.error ? i : {
6563
6566
  error: "access_denied",
6564
6567
  error_description: "No MFA authenticators available"
6565
6568
  };
6566
- const a = t.authenticators[0];
6569
+ const a = i.authenticators[0];
6567
6570
  if (a.authenticator_type == "otp") {
6568
6571
  const f = await this.mfaOtpRequest(r, a.id);
6569
6572
  return f.error || f.challenge_type != "otp" ? {
@@ -6599,60 +6602,60 @@ class we extends Oe {
6599
6602
  }
6600
6603
  async passwordOtp(o, r, s) {
6601
6604
  var n;
6602
- const i = await this.mfaOtpComplete(
6605
+ const t = await this.mfaOtpComplete(
6603
6606
  r.body.mfa_token,
6604
6607
  r.body.otp
6605
6608
  );
6606
- if (i.error) {
6607
- const t = l.fromOAuthError(
6608
- i.error,
6609
- i.error_description ?? "Error completing MFA"
6609
+ if (t.error) {
6610
+ const i = l.fromOAuthError(
6611
+ t.error,
6612
+ t.error_description ?? "Error completing MFA"
6610
6613
  );
6611
6614
  return d.logger.warn(c({
6612
6615
  msg: "Error completing MFA",
6613
- cerr: t,
6616
+ cerr: i,
6614
6617
  user: (n = r.user) == null ? void 0 : n.user,
6615
6618
  hashedMfaToken: F.hash(r.body.mfa_token)
6616
- })), d.logger.debug(c({ err: t })), o ? await this.errorFn(
6619
+ })), d.logger.debug(c({ err: i })), o ? await this.errorFn(
6617
6620
  this.server,
6618
6621
  r,
6619
6622
  s,
6620
- t
6623
+ i
6621
6624
  ) : s.view(this.mfaOtpPage, {
6622
6625
  user: r.user,
6623
6626
  scope: r.body.scope,
6624
6627
  mfa_token: r.body.mfa_token,
6625
6628
  challenge_tpye: r.body.challenge_type,
6626
- errorMessage: t.message,
6627
- errorCode: t.code,
6628
- errorCodeName: t.codeName,
6629
+ errorMessage: i.message,
6630
+ errorCode: i.code,
6631
+ errorCodeName: i.codeName,
6629
6632
  csrfToken: r.csrfToken
6630
6633
  });
6631
6634
  }
6632
- return await this.receiveTokenFn(i, this, r, s) ?? s;
6635
+ return await this.receiveTokenFn(t, this, r, s) ?? s;
6633
6636
  }
6634
6637
  async passwordOob(o, r, s) {
6635
6638
  var n;
6636
- const i = await this.mfaOobComplete(
6639
+ const t = await this.mfaOobComplete(
6637
6640
  r.body.mfa_token,
6638
6641
  r.body.oob_code,
6639
6642
  r.body.binding_code
6640
6643
  );
6641
- if (i.error) {
6642
- const t = l.fromOAuthError(
6643
- i.error,
6644
- i.error_description ?? "Error completing MFA"
6644
+ if (t.error) {
6645
+ const i = l.fromOAuthError(
6646
+ t.error,
6647
+ t.error_description ?? "Error completing MFA"
6645
6648
  );
6646
6649
  return d.logger.warn(c({
6647
6650
  msg: "Error completing MFA",
6648
- cerr: t,
6651
+ cerr: i,
6649
6652
  user: (n = r.user) == null ? void 0 : n.user,
6650
6653
  hashedMfaToken: F.hash(r.body.mfa_token)
6651
- })), d.logger.debug(c({ err: t })), o ? await this.errorFn(
6654
+ })), d.logger.debug(c({ err: i })), o ? await this.errorFn(
6652
6655
  this.server,
6653
6656
  r,
6654
6657
  s,
6655
- t
6658
+ i
6656
6659
  ) : s.view(this.mfaOobPage, {
6657
6660
  user: r.user,
6658
6661
  scope: r.body.scope,
@@ -6660,70 +6663,70 @@ class we extends Oe {
6660
6663
  name: r.body.name,
6661
6664
  challenge_tpye: r.body.challenge_type,
6662
6665
  mfa_token: r.body.mfa_token,
6663
- errorMessage: t.message,
6664
- errorCode: t.code,
6665
- errorCodeName: t.codeName,
6666
+ errorMessage: i.message,
6667
+ errorCode: i.code,
6668
+ errorCodeName: i.codeName,
6666
6669
  csrfToken: r.csrfToken
6667
6670
  });
6668
6671
  }
6669
- return await this.receiveTokenFn(i, this, r, s) ?? s;
6672
+ return await this.receiveTokenFn(t, this, r, s) ?? s;
6670
6673
  }
6671
6674
  async deviceCodePost(o, r, s) {
6672
- var i;
6675
+ var t;
6673
6676
  if (this.server.sessionAdapter) {
6674
- const { error: n, reply: t } = await this.server.errorIfCsrfInvalid(
6677
+ const { error: n, reply: i } = await this.server.errorIfCsrfInvalid(
6675
6678
  r,
6676
6679
  s,
6677
6680
  this.errorFn
6678
6681
  );
6679
- if (n) return t;
6682
+ if (n) return i;
6680
6683
  }
6681
6684
  try {
6682
6685
  if (!r.csrfToken)
6683
6686
  throw new l(g.Unauthorized, "CSRF token missing or invalid");
6684
6687
  let n = this.authServerBaseUrl;
6685
6688
  n.endsWith("/") || (n += "/"), n += this.deviceAuthorizationUrl;
6686
- const t = await this.startDeviceCodeFlow(n, r.body.scope);
6687
- if (t.error) {
6688
- const h = l.fromOAuthError(t.error, t.error_description), f = {
6689
+ const i = await this.startDeviceCodeFlow(n, r.body.scope);
6690
+ if (i.error) {
6691
+ const h = l.fromOAuthError(i.error, i.error_description), f = {
6689
6692
  user: r.user,
6690
6693
  scope: r.body.scope,
6691
6694
  errorMessage: h.message,
6692
6695
  errorCode: h.code,
6693
6696
  errorCodeName: h.codeName,
6694
6697
  csrfToken: r.csrfToken,
6695
- error: t.error,
6696
- error_description: t.error_description
6698
+ error: i.error,
6699
+ error_description: i.error_description
6697
6700
  };
6698
- return o ? s.header(..._).status(h.httpStatus).send(t) : s.view(this.deviceCodeFlowPage, f);
6701
+ return o ? s.header(..._).status(h.httpStatus).send(i) : s.view(this.deviceCodeFlowPage, f);
6699
6702
  }
6700
6703
  let a;
6701
- return t.verification_uri_complete && await Re.toDataURL(t.verification_uri_complete).then((h) => {
6704
+ return i.verification_uri_complete && await Re.toDataURL(i.verification_uri_complete).then((h) => {
6702
6705
  a = h;
6703
6706
  }).catch((h) => {
6704
6707
  d.logger.debug(c({ err: h })), d.logger.warn(c({ msg: "Couldn't generate verification URL QR Code" }));
6705
- }), o ? s.header(..._).send(t) : s.view(
6708
+ }), o ? s.header(..._).send(i) : s.view(
6706
6709
  this.deviceCodeFlowPage,
6707
6710
  {
6708
6711
  user: r.user,
6709
6712
  scope: r.body.scope,
6710
6713
  verification_uri_qrdata: a,
6711
- ...t
6714
+ ...i
6712
6715
  }
6713
6716
  );
6714
6717
  } catch (n) {
6715
- const t = l.asCrossauthError(n);
6718
+ const i = l.asCrossauthError(n);
6716
6719
  d.logger.error(c({
6717
6720
  msg: "Error receiving token",
6718
- cerr: t,
6719
- user: (i = r.user) == null ? void 0 : i.user
6721
+ cerr: i,
6722
+ user: (t = r.user) == null ? void 0 : t.user
6720
6723
  })), d.logger.debug(c({ err: n }));
6721
6724
  const a = {
6722
- errorMessage: t.message,
6723
- errorCode: t.code,
6724
- errorCodeName: t.codeName
6725
+ errorMessage: i.message,
6726
+ errorCode: i.code,
6727
+ errorCodeName: i.codeName
6725
6728
  };
6726
- return o ? s.header(..._).status(t.httpStatus).send(a) : s.view(this.deviceCodeFlowPage, {
6729
+ return o ? s.header(..._).status(i.httpStatus).send(a) : s.view(this.deviceCodeFlowPage, {
6727
6730
  user: r.user,
6728
6731
  csrfToken: r.csrfToken,
6729
6732
  scope: r.body.scope,
@@ -6732,7 +6735,7 @@ class we extends Oe {
6732
6735
  }
6733
6736
  }
6734
6737
  async deviceCodePoll(o, r, s) {
6735
- var i;
6738
+ var t;
6736
6739
  try {
6737
6740
  const n = await this.pollDeviceCodeFlow(r.body.device_code);
6738
6741
  return n.error ? s.header(..._).send(n) : await this.receiveTokenFn(
@@ -6742,28 +6745,28 @@ class we extends Oe {
6742
6745
  o ? void 0 : s
6743
6746
  );
6744
6747
  } catch (n) {
6745
- const t = l.asCrossauthError(n);
6748
+ const i = l.asCrossauthError(n);
6746
6749
  return d.logger.error(c({
6747
6750
  msg: "Error receiving token",
6748
- cerr: t,
6749
- user: (i = r.user) == null ? void 0 : i.user
6751
+ cerr: i,
6752
+ user: (t = r.user) == null ? void 0 : t.user
6750
6753
  })), d.logger.debug(c({ err: n })), await this.errorFn(
6751
6754
  this.server,
6752
6755
  r,
6753
6756
  s,
6754
- t
6757
+ i
6755
6758
  );
6756
6759
  }
6757
6760
  }
6758
- async refresh(o, r, s, i, n, t) {
6759
- if (!t || !n)
6761
+ async refresh(o, r, s, t, n, i) {
6762
+ if (!i || !n)
6760
6763
  return s ? void 0 : await this.receiveTokenFn(
6761
6764
  {},
6762
6765
  this,
6763
6766
  o,
6764
6767
  s ? void 0 : r
6765
6768
  );
6766
- if (!i || t <= Date.now())
6769
+ if (!t || i <= Date.now())
6767
6770
  try {
6768
6771
  const a = await this.refreshTokenFlow(n);
6769
6772
  if (!a.error && !a.access_token && (a.error = "server_error", a.error_description = "Unexpectedly did not receive error or access token"), !a.error) {
@@ -6815,7 +6818,7 @@ class we extends Oe {
6815
6818
  };
6816
6819
  }
6817
6820
  }
6818
- async refreshTokens(o, r, s, i) {
6821
+ async refreshTokens(o, r, s, t) {
6819
6822
  if (!o.csrfToken)
6820
6823
  return r.header(..._).status(401).send({ ok: !1, msg: "No csrf token given" });
6821
6824
  if (!this.server.sessionAdapter) throw new l(
@@ -6839,20 +6842,20 @@ class we extends Oe {
6839
6842
  );
6840
6843
  }
6841
6844
  }
6842
- const t = await this.refresh(
6845
+ const i = await this.refresh(
6843
6846
  o,
6844
6847
  r,
6845
6848
  s,
6846
- i,
6849
+ t,
6847
6850
  n.refresh_token,
6848
6851
  //onlyIfExpired ? oauthData.expires_at : undefined
6849
6852
  n.expires_at
6850
6853
  );
6851
6854
  if (!s) {
6852
- if (t == null) return this.receiveTokenFn({}, this, o, r);
6853
- if (t != null) return t;
6855
+ if (i == null) return this.receiveTokenFn({}, this, o, r);
6856
+ if (i != null) return i;
6854
6857
  }
6855
- return r.header(..._).status(200).send({ ok: !0, expires_at: t == null ? void 0 : t.expires_at });
6858
+ return r.header(..._).status(200).send({ ok: !0, expires_at: i == null ? void 0 : i.expires_at });
6856
6859
  }
6857
6860
  async deleteTokens(o) {
6858
6861
  if (!this.server.sessionAdapter) throw new l(
@@ -6871,14 +6874,14 @@ class we extends Oe {
6871
6874
  await this.server.sessionAdapter.deleteSessionData(o, this.sessionDataName);
6872
6875
  }
6873
6876
  async storeSessionData(o, r, s) {
6874
- var i;
6877
+ var t;
6875
6878
  if (this.server.sessionServer) {
6876
6879
  let n = this.server.sessionServer.getSessionCookieValue(r);
6877
6880
  !n && s ? n = await this.server.createAnonymousSession(
6878
6881
  r,
6879
6882
  s,
6880
6883
  { [this.sessionDataName]: o }
6881
- ) : await ((i = this.server.sessionAdapter) == null ? void 0 : i.updateSessionData(r, this.sessionDataName, o));
6884
+ ) : await ((t = this.server.sessionAdapter) == null ? void 0 : t.updateSessionData(r, this.sessionDataName, o));
6882
6885
  } else {
6883
6886
  if (!this.server.sessionAdapter) throw new l(
6884
6887
  g.Configuration,
@@ -6905,65 +6908,65 @@ class er extends Ie {
6905
6908
  u(this, "tokenLocations", ["header"]);
6906
6909
  u(this, "sessionAdapter");
6907
6910
  if (C("errorBody", k.Json, this, s, "OAUTH_RESSERVER_ACCESS_DENIED_BODY"), C("tokenLocations", k.JsonArray, this, s, "OAUTH_TOKEN_LOCATIONS"), C("sessionDataName", k.String, this, s, "OAUTH_SESSION_DATA_NAME"), this.userStorage = s.userStorage, this.sessionAdapter = s.sessionAdapter, s.protectedEndpoints) {
6908
- const i = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
6909
- for (const [n, t] of Object.entries(s.protectedEndpoints)) {
6911
+ const t = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
6912
+ for (const [n, i] of Object.entries(s.protectedEndpoints)) {
6910
6913
  if (!n.startsWith("/"))
6911
6914
  throw new l(g.Configuration, "protected endpoints must be absolute paths without the protocol and hostname");
6912
- t.scope && t.scope.forEach((a) => {
6913
- if (!i.test(a)) throw new l(g.Configuration, "Illegal characters in scope " + a);
6915
+ i.scope && i.scope.forEach((a) => {
6916
+ if (!t.test(a)) throw new l(g.Configuration, "Illegal characters in scope " + a);
6914
6917
  });
6915
6918
  }
6916
6919
  this.protectedEndpoints = { ...s.protectedEndpoints };
6917
6920
  for (let n in s.protectedEndpoints) {
6918
- let t = this.protectedEndpoints[n];
6919
- t.suburls == !0 && (n.endsWith("/") || (n += "/", this.protectedEndpoints[n] = t), this.protectedEndpointPrefixes.push(n));
6921
+ let i = this.protectedEndpoints[n];
6922
+ i.suburls == !0 && (n.endsWith("/") || (n += "/", this.protectedEndpoints[n] = i), this.protectedEndpointPrefixes.push(n));
6920
6923
  }
6921
6924
  }
6922
- s.protectedEndpoints && o.addHook("preHandler", async (i, n) => {
6925
+ s.protectedEndpoints && o.addHook("preHandler", async (t, n) => {
6923
6926
  var p, v;
6924
- const t = i.url.split("?", 2)[0];
6927
+ const i = t.url.split("?", 2)[0];
6925
6928
  let a = !1, h = "";
6926
- if (t in this.protectedEndpoints)
6927
- a = !0, h = t;
6929
+ if (i in this.protectedEndpoints)
6930
+ a = !0, h = i;
6928
6931
  else
6929
6932
  for (let m of this.protectedEndpointPrefixes)
6930
- t.startsWith(m) && (a = !0), h = m;
6933
+ i.startsWith(m) && (a = !0), h = m;
6931
6934
  if (!a) return;
6932
- const f = await this.authorized(i);
6933
- if (!(i.user && i.authType == "cookie" && this.protectedEndpoints[h].acceptSessionAuthorization != !0)) {
6935
+ const f = await this.authorized(t);
6936
+ if (!(t.user && t.authType == "cookie" && this.protectedEndpoints[h].acceptSessionAuthorization != !0)) {
6934
6937
  if (!f) {
6935
- i.authError = "access_denied", i.authErrorDescription = "No access token";
6936
- const m = this.authenticateHeader(i);
6938
+ t.authError = "access_denied", t.authErrorDescription = "No access token";
6939
+ const m = this.authenticateHeader(t);
6937
6940
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6938
6941
  }
6939
6942
  if (!f.authorized) {
6940
- const m = this.authenticateHeader(i);
6943
+ const m = this.authenticateHeader(t);
6941
6944
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6942
6945
  }
6943
6946
  }
6944
6947
  if (f) {
6945
- if (i.accessTokenPayload = f.tokenPayload, i.user = f.user, (p = f.tokenPayload) != null && p.scope)
6948
+ if (t.accessTokenPayload = f.tokenPayload, t.user = f.user, (p = f.tokenPayload) != null && p.scope)
6946
6949
  if (Array.isArray(f.tokenPayload.scope)) {
6947
6950
  let m = [];
6948
6951
  for (let w of f.tokenPayload.scope)
6949
6952
  typeof w == "string" && m.push(w);
6950
- i.scope = m;
6951
- } else typeof f.tokenPayload.scope == "string" && (i.scope = f.tokenPayload.scope.split(" "));
6953
+ t.scope = m;
6954
+ } else typeof f.tokenPayload.scope == "string" && (t.scope = f.tokenPayload.scope.split(" "));
6952
6955
  if (this.protectedEndpoints[h].scope) {
6953
6956
  for (let m of this.protectedEndpoints[h].scope ?? [])
6954
- if (!i.scope || !i.scope.includes(m) && this.protectedEndpoints[h].acceptSessionAuthorization != !0)
6957
+ if (!t.scope || !t.scope.includes(m) && this.protectedEndpoints[h].acceptSessionAuthorization != !0)
6955
6958
  return d.logger.warn(c({
6956
6959
  msg: "Access token does not have sufficient scope",
6957
- username: (v = i.user) == null ? void 0 : v.username,
6958
- url: i.url
6959
- })), i.scope = void 0, i.accessTokenPayload = void 0, i.user = void 0, i.authError = "access_denied", i.authErrorDescription = "Access token does not have sufficient scope", n.status(401).send(this.errorBody);
6960
+ username: (v = t.user) == null ? void 0 : v.username,
6961
+ url: t.url
6962
+ })), t.scope = void 0, t.accessTokenPayload = void 0, t.user = void 0, t.authError = "access_denied", t.authErrorDescription = "Access token does not have sufficient scope", n.status(401).send(this.errorBody);
6960
6963
  }
6961
- if (i.authType = "oauth", i.authError = f == null ? void 0 : f.error, (f == null ? void 0 : f.error) == "access_denied") {
6962
- const m = this.authenticateHeader(i);
6964
+ if (t.authType = "oauth", t.authError = f == null ? void 0 : f.error, (f == null ? void 0 : f.error) == "access_denied") {
6965
+ const m = this.authenticateHeader(t);
6963
6966
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6964
6967
  } else if (f != null && f.error)
6965
6968
  return n.status(500).send(this.errorBody);
6966
- i.authErrorDescription = f == null ? void 0 : f.error_description, d.logger.debug(c({ msg: "Resource server url", url: i.url, authorized: i.accessTokenPayload != null }));
6969
+ t.authErrorDescription = f == null ? void 0 : f.error_description, d.logger.debug(c({ msg: "Resource server url", url: t.url, authorized: t.accessTokenPayload != null }));
6967
6970
  }
6968
6971
  });
6969
6972
  }
@@ -6989,8 +6992,8 @@ class er extends Ie {
6989
6992
  async authorized(o) {
6990
6993
  try {
6991
6994
  let r;
6992
- for (let i of this.tokenLocations)
6993
- if (i == "header") {
6995
+ for (let t of this.tokenLocations)
6996
+ if (t == "header") {
6994
6997
  const n = await this.tokenFromHeader(o);
6995
6998
  if (n) {
6996
6999
  r = n;
@@ -7006,8 +7009,8 @@ class er extends Ie {
7006
7009
  let s;
7007
7010
  if (r) {
7008
7011
  if (r.sub && this.userStorage) {
7009
- const i = await this.userStorage.getUserByUsername(r.sub);
7010
- i && (s = i.user), o.user = s;
7012
+ const t = await this.userStorage.getUserByUsername(r.sub);
7013
+ t && (s = t.user), o.user = s;
7011
7014
  } else r.sub && (o.user = {
7012
7015
  id: r.userid ?? r.sub,
7013
7016
  username: r.sub,
@@ -7119,9 +7122,9 @@ const K = class K {
7119
7122
  sessionAdapter: o,
7120
7123
  apiKey: r,
7121
7124
  oAuthAuthServer: s,
7122
- oAuthClient: i,
7125
+ oAuthClient: t,
7123
7126
  oAuthClients: n,
7124
- oAuthResServer: t
7127
+ oAuthResServer: i
7125
7128
  }, a = {}) {
7126
7129
  u(this, "views", "views");
7127
7130
  /** The Fastify app, which was either passed in the constructor or
@@ -7201,12 +7204,12 @@ const K = class K {
7201
7204
  { ...f, ...a, ...s.options }
7202
7205
  );
7203
7206
  }
7204
- if (i && this.oAuthClients)
7207
+ if (t && this.oAuthClients)
7205
7208
  throw new l(g.Configuration, "Do not use both oAuthClient and oAuthClients");
7206
- if (i && (this.oAuthClient = new we(
7209
+ if (t && (this.oAuthClient = new we(
7207
7210
  this,
7208
- i.authServerBaseUrl,
7209
- { ...a, ...i.options }
7211
+ t.authServerBaseUrl,
7212
+ { ...a, ...t.options }
7210
7213
  )), n) {
7211
7214
  this.oAuthClients = [];
7212
7215
  for (let f of n)
@@ -7218,10 +7221,10 @@ const K = class K {
7218
7221
  )
7219
7222
  );
7220
7223
  }
7221
- t && (this.audience = "", C("audience", k.String, this, a, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new er(
7224
+ i && (this.audience = "", C("audience", k.String, this, a, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new er(
7222
7225
  this.app,
7223
7226
  [new Me(this.audience, a)],
7224
- { sessionAdapter: this.sessionAdapter, ...t.options, ...a }
7227
+ { sessionAdapter: this.sessionAdapter, ...i.options, ...a }
7225
7228
  ));
7226
7229
  }
7227
7230
  /**
@@ -7253,7 +7256,7 @@ const K = class K {
7253
7256
  * from calling `errorFn`.
7254
7257
  */
7255
7258
  async errorIfCsrfInvalid(e, o, r) {
7256
- var s, i;
7259
+ var s, t;
7257
7260
  try {
7258
7261
  if (!e.csrfToken) throw new l(g.InvalidCsrf);
7259
7262
  return { error: !1, reply: o };
@@ -7264,23 +7267,23 @@ const K = class K {
7264
7267
  }));
7265
7268
  try {
7266
7269
  if (r) {
7267
- const t = l.asCrossauthError(n);
7268
- return { error: !0, reply: await r(this, e, o, t) };
7270
+ const i = l.asCrossauthError(n);
7271
+ return { error: !0, reply: await r(this, e, o, i) };
7269
7272
  } else if ((s = this.sessionServer) != null && s.errorPage) {
7270
- const t = new l(g.InvalidCsrf, "CSRF Token not provided");
7273
+ const i = new l(g.InvalidCsrf, "CSRF Token not provided");
7271
7274
  return { error: !0, reply: o.status(401).view(
7272
- ((i = this.sessionServer) == null ? void 0 : i.errorPage) ?? "",
7275
+ ((t = this.sessionServer) == null ? void 0 : t.errorPage) ?? "",
7273
7276
  {
7274
- errorMessage: t.message,
7275
- errorMessages: t.messages,
7276
- status: t.httpStatus,
7277
+ errorMessage: i.message,
7278
+ errorMessages: i.messages,
7279
+ status: i.httpStatus,
7277
7280
  errorCode: g.InvalidCsrf,
7278
7281
  errorCodeName: g[g.InvalidCsrf]
7279
7282
  }
7280
7283
  ) };
7281
7284
  }
7282
- } catch (t) {
7283
- return d.logger.error(c({ err: t })), { error: !0, reply: o.status(401).send(z) };
7285
+ } catch (i) {
7286
+ return d.logger.error(c({ err: i })), { error: !0, reply: o.status(401).send(z) };
7284
7287
  }
7285
7288
  return { error: !0, reply: o.status(401).send(z) };
7286
7289
  }
@@ -7298,7 +7301,7 @@ const K = class K {
7298
7301
  * from calling `errorFn`.
7299
7302
  */
7300
7303
  async errorIfNotLoggedIn(e, o, r) {
7301
- var s, i, n;
7304
+ var s, t, n;
7302
7305
  if (!e.user) {
7303
7306
  d.logger.warn(c({
7304
7307
  msg: "Attempt to access url without csrf token",
@@ -7306,14 +7309,14 @@ const K = class K {
7306
7309
  }));
7307
7310
  try {
7308
7311
  if (r) {
7309
- const t = new l(
7312
+ const i = new l(
7310
7313
  g.Unauthorized,
7311
7314
  "User is not logged in"
7312
7315
  );
7313
- return await r(this, e, o, t);
7316
+ return await r(this, e, o, i);
7314
7317
  } else if ((s = this.sessionServer) != null && s.errorPage)
7315
7318
  return o.status(401).view(
7316
- ((i = this.sessionServer) == null ? void 0 : i.errorPage) ?? "",
7319
+ ((t = this.sessionServer) == null ? void 0 : t.errorPage) ?? "",
7317
7320
  {
7318
7321
  errorMessage: "User is not logged in",
7319
7322
  status: 401,
@@ -7321,9 +7324,9 @@ const K = class K {
7321
7324
  codeName: g[g.Unauthorized]
7322
7325
  }
7323
7326
  );
7324
- } catch (t) {
7325
- return d.logger.debug(c({ err: t })), d.logger.error(c({
7326
- cerr: t,
7327
+ } catch (i) {
7328
+ return d.logger.debug(c({ err: i })), d.logger.error(c({
7329
+ cerr: i,
7327
7330
  hashedSessionCookie: (n = this.sessionServer) == null ? void 0 : n.getHashOfSessionId(e)
7328
7331
  })), o.status(401).send(z);
7329
7332
  }
@@ -7350,8 +7353,8 @@ const K = class K {
7350
7353
  * @returns the reply from rendering the error page.
7351
7354
  *
7352
7355
  */
7353
- static sendPageError(e, o, r, s, i) {
7354
- if (!s || !i)
7356
+ static sendPageError(e, o, r, s, t) {
7357
+ if (!s || !t)
7355
7358
  return d.logger.warn(c({
7356
7359
  msg: s,
7357
7360
  errorCode: g.UnknownError,
@@ -7365,15 +7368,15 @@ const K = class K {
7365
7368
  }
7366
7369
  ) : e.status(o).send(o == 401 ? z : G);
7367
7370
  try {
7368
- let n = 0, t = "UnknownError";
7369
- if ("isCrossAuthError" in i) {
7370
- const a = l.asCrossauthError(i);
7371
- n = a.code, t = a.name, s || (s = i.message);
7371
+ let n = 0, i = "UnknownError";
7372
+ if ("isCrossAuthError" in t) {
7373
+ const a = l.asCrossauthError(t);
7374
+ n = a.code, i = a.name, s || (s = t.message);
7372
7375
  }
7373
- return s || (o == 401 ? (s = "You are not authorized to access this page", n = g.Unauthorized, t = g[n]) : o == 403 ? (s = "You do not have permission to access this page", n = g.Forbidden, t = g[n]) : s = "An unknwon error has occurred"), d.logger.warn(c({
7376
+ return s || (o == 401 ? (s = "You are not authorized to access this page", n = g.Unauthorized, i = g[n]) : o == 403 ? (s = "You do not have permission to access this page", n = g.Forbidden, i = g[n]) : s = "An unknwon error has occurred"), d.logger.warn(c({
7374
7377
  msg: s,
7375
7378
  errorCode: n,
7376
- errorCodeName: t,
7379
+ errorCodeName: i,
7377
7380
  httpStatus: o
7378
7381
  })), r ? e.status(o).view(
7379
7382
  r,
@@ -7381,7 +7384,7 @@ const K = class K {
7381
7384
  status: o,
7382
7385
  errorMessage: s,
7383
7386
  errorCode: n,
7384
- errorCodeName: t
7387
+ errorCodeName: i
7385
7388
  }
7386
7389
  ) : e.status(o).send(o == 401 ? z : G);
7387
7390
  } catch (n) {