@crossauth/fastify 1.1.2 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/index.cjs +2 -2
  2. package/dist/index.js +956 -957
  3. package/package.json +3 -3
package/dist/index.js CHANGED
@@ -93,23 +93,23 @@ class De {
93
93
  return await this.updateUser(
94
94
  e,
95
95
  o,
96
- (r, t, n) => {
97
- const i = n ? "Please click on the link in your email to verify your email address." : "Your details have been updated";
96
+ (r, i, n) => {
97
+ const t = n ? "Please click on the link in your email to verify your email address." : "Your details have been updated";
98
98
  return r.view(this.updateUserPage, {
99
99
  csrfToken: e.csrfToken,
100
- message: i,
100
+ message: t,
101
101
  urlPrefix: this.prefix,
102
102
  allowedFactor2: this.sessionServer.allowedFactor2Details()
103
103
  });
104
104
  }
105
105
  );
106
106
  } catch (r) {
107
- const t = l.asCrossauthError(r);
108
- d.logger.error(c({ message: "Update user failure", user: e.body.username, errorCodeName: t.codeName, errorCode: t.code })), d.logger.debug(c({ err: r }));
107
+ const i = l.asCrossauthError(r);
108
+ d.logger.error(c({ message: "Update user failure", user: e.body.username, errorCodeName: i.codeName, errorCode: i.code })), d.logger.debug(c({ err: r }));
109
109
  let n = {};
110
- for (let i in e.body)
111
- i.startsWith("user_") && (n[i] = e.body[i]);
112
- return this.sessionServer.handleError(r, e, o, (i, a) => i.view(this.updateUserPage, {
110
+ for (let t in e.body)
111
+ t.startsWith("user_") && (n[t] = e.body[t]);
112
+ return this.sessionServer.handleError(r, e, o, (t, a) => t.view(this.updateUserPage, {
113
113
  user: e.user,
114
114
  errorMessage: a.message,
115
115
  errorMessages: a.messages,
@@ -144,20 +144,20 @@ class De {
144
144
  return await this.updateUser(
145
145
  e,
146
146
  o,
147
- (t, n, i) => t.header(...U).send({
147
+ (i, n, t) => i.header(...U).send({
148
148
  ok: !0,
149
- emailVerificationRequired: i
149
+ emailVerificationRequired: t
150
150
  })
151
151
  );
152
- } catch (t) {
153
- const n = l.asCrossauthError(t);
152
+ } catch (i) {
153
+ const n = l.asCrossauthError(i);
154
154
  return d.logger.error(c({
155
155
  message: "Update user failure",
156
156
  user: (r = e.user) == null ? void 0 : r.username,
157
157
  errorCodeName: n.codeName,
158
158
  errorCode: n.code
159
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
160
- i.status(this.sessionServer.errorStatus(t)).header(...U).send({
159
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
160
+ t.status(this.sessionServer.errorStatus(i)).header(...U).send({
161
161
  ok: !1,
162
162
  errorMessage: a.message,
163
163
  errorMessages: a.messages,
@@ -176,7 +176,7 @@ class De {
176
176
  this.sessionServer.app.get(
177
177
  this.prefix + "changefactor2",
178
178
  async (e, o) => {
179
- var r, t;
179
+ var r, i;
180
180
  if (d.logger.info(c({
181
181
  message: "Page visit",
182
182
  method: "GET",
@@ -197,7 +197,7 @@ class De {
197
197
  csrfToken: e.csrfToken,
198
198
  next: e.query.next ?? this.sessionServer.loginRedirect,
199
199
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
200
- factor2: ((t = e.user) == null ? void 0 : t.factor2) ?? "none",
200
+ factor2: ((i = e.user) == null ? void 0 : i.factor2) ?? "none",
201
201
  required: e.query.required ?? !1
202
202
  };
203
203
  return o.view(this.changeFactor2Page, s);
@@ -213,8 +213,8 @@ class De {
213
213
  ip: e.ip,
214
214
  user: (s = e.user) == null ? void 0 : s.username
215
215
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
216
- const t = await this.sessionServer.getSessionData(e, "factor2change");
217
- if (!(t != null && t.username) && !this.sessionServer.isSessionUser(e))
216
+ const i = await this.sessionServer.getSessionData(e, "factor2change");
217
+ if (!(i != null && i.username) && !this.sessionServer.isSessionUser(e))
218
218
  return y.sendPageError(
219
219
  o,
220
220
  401,
@@ -225,26 +225,26 @@ class De {
225
225
  return await this.changeFactor2(
226
226
  e,
227
227
  o,
228
- (t, n, i) => n.factor2 ? t.view(this.configureFactor2Page, {
228
+ (i, n, t) => n.factor2 ? i.view(this.configureFactor2Page, {
229
229
  csrfToken: n.csrfToken,
230
230
  next: e.body.next ?? this.sessionServer.loginRedirect,
231
231
  ...n.userData
232
- }) : t.view(this.configureFactor2Page, {
232
+ }) : i.view(this.configureFactor2Page, {
233
233
  message: "Two factor authentication has been updated",
234
234
  next: e.body.next ?? this.sessionServer.loginRedirect,
235
235
  csrfToken: n.csrfToken
236
236
  })
237
237
  );
238
- } catch (t) {
239
- const n = l.asCrossauthError(t);
238
+ } catch (i) {
239
+ const n = l.asCrossauthError(i);
240
240
  return d.logger.error(c({
241
241
  message: "Change two factor authentication failure",
242
242
  user: (r = e.user) == null ? void 0 : r.username,
243
243
  errorCodeName: n.codeName,
244
244
  errorCode: n.code
245
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
245
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
246
246
  var h;
247
- return i.view(this.changeFactor2Page, {
247
+ return t.view(this.changeFactor2Page, {
248
248
  errorMessage: a.message,
249
249
  errorMessages: a.messages,
250
250
  errorCode: a.code,
@@ -280,19 +280,19 @@ class De {
280
280
  return await this.changeFactor2(
281
281
  e,
282
282
  o,
283
- (t, n, i) => t.header(...U).send({
283
+ (i, n, t) => i.header(...U).send({
284
284
  ok: !0,
285
285
  ...n.userData
286
286
  })
287
287
  );
288
- } catch (t) {
289
- const n = l.asCrossauthError(t);
288
+ } catch (i) {
289
+ const n = l.asCrossauthError(i);
290
290
  return d.logger.error(c({
291
291
  message: "Change factor2 failure",
292
292
  user: (r = e.user) == null ? void 0 : r.username,
293
293
  errorCodeName: n.codeName,
294
294
  errorCode: n.code
295
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.status(this.sessionServer.errorStatus(t)).header(...U).send({
295
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.status(this.sessionServer.errorStatus(i)).header(...U).send({
296
296
  ok: !1,
297
297
  errorMessage: a.message,
298
298
  errorMessages: a.messages,
@@ -318,8 +318,8 @@ class De {
318
318
  ip: e.ip,
319
319
  user: (r = e.user) == null ? void 0 : r.username
320
320
  })), !this.sessionServer.isSessionUser(e) || !e.user) {
321
- const t = await this.sessionServer.getSessionData(e, "passwordchange");
322
- if ((t == null ? void 0 : t.username) == null && !this.sessionServer.isSessionUser(e))
321
+ const i = await this.sessionServer.getSessionData(e, "passwordchange");
322
+ if ((i == null ? void 0 : i.username) == null && !this.sessionServer.isSessionUser(e))
323
323
  return y.sendPageError(
324
324
  o,
325
325
  401,
@@ -349,7 +349,7 @@ class De {
349
349
  return await this.changePassword(
350
350
  e,
351
351
  o,
352
- (t, n) => e.body.next ? t.redirect(e.body.next) : t.view(this.changePasswordPage, {
352
+ (i, n) => e.body.next ? i.redirect(e.body.next) : i.view(this.changePasswordPage, {
353
353
  csrfToken: e.csrfToken,
354
354
  message: "Your password has been changed.",
355
355
  urlPrefix: this.prefix,
@@ -357,14 +357,14 @@ class De {
357
357
  required: e.body.required
358
358
  })
359
359
  );
360
- } catch (t) {
361
- const n = l.asCrossauthError(t);
360
+ } catch (i) {
361
+ const n = l.asCrossauthError(i);
362
362
  return d.logger.error(c({
363
363
  message: "Change password failure",
364
364
  user: (r = e.user) == null ? void 0 : r.username,
365
365
  errorCodeName: n.codeName,
366
366
  errorCode: n.code
367
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.view(this.changePasswordPage, {
367
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.view(this.changePasswordPage, {
368
368
  errorMessage: a.message,
369
369
  errorMessages: a.messages,
370
370
  errorCode: a.code,
@@ -397,18 +397,18 @@ class De {
397
397
  return await this.changePassword(
398
398
  e,
399
399
  o,
400
- (t, n) => t.header(...U).send({
400
+ (i, n) => i.header(...U).send({
401
401
  ok: !0
402
402
  })
403
403
  );
404
- } catch (t) {
405
- const n = l.asCrossauthError(t);
404
+ } catch (i) {
405
+ const n = l.asCrossauthError(i);
406
406
  return d.logger.error(c({
407
407
  message: "Change password failure",
408
408
  user: (r = e.user) == null ? void 0 : r.username,
409
409
  errorCodeName: n.codeName,
410
410
  errorCode: n.code
411
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.status(this.sessionServer.errorStatus(t)).header(...U).send({
411
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.status(this.sessionServer.errorStatus(i)).header(...U).send({
412
412
  ok: !1,
413
413
  errorMessage: a.message,
414
414
  errorMessages: a.messages,
@@ -437,23 +437,23 @@ class De {
437
437
  return await this.reconfigureFactor2(
438
438
  e,
439
439
  o,
440
- (r, t, n) => r.view(this.configureFactor2Page, {
441
- ...t,
440
+ (r, i, n) => r.view(this.configureFactor2Page, {
441
+ ...i,
442
442
  next: e.query.next ?? this.sessionServer.loginRedirect
443
443
  })
444
444
  );
445
445
  } catch (r) {
446
- const t = l.asCrossauthError(r);
446
+ const i = l.asCrossauthError(r);
447
447
  return d.logger.error(c({
448
448
  message: "Configure factor2 failure",
449
449
  user: (s = e.user) == null ? void 0 : s.username,
450
- errorCodeName: t.codeName,
451
- errorCode: t.code
452
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (n, i) => n.view(this.configureFactor2Page, {
453
- errorMessage: i.message,
454
- errorMessages: i.messages,
455
- errorCode: i.code,
456
- errorCodeName: g[i.code],
450
+ errorCodeName: i.codeName,
451
+ errorCode: i.code
452
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (n, t) => n.view(this.configureFactor2Page, {
453
+ errorMessage: t.message,
454
+ errorMessages: t.messages,
455
+ errorCode: t.code,
456
+ errorCodeName: g[t.code],
457
457
  next: e.query.next ?? this.sessionServer.loginRedirect,
458
458
  csrfToken: e.csrfToken,
459
459
  urlPrefix: this.prefix
@@ -474,8 +474,8 @@ class De {
474
474
  return d.logger.debug(c({ message: "Next page " + s })), await this.configureFactor2(
475
475
  e,
476
476
  o,
477
- (r, t) => {
478
- const n = t != null && t.factor2 ? this.sessionServer.authenticators[t.factor2] : void 0;
477
+ (r, i) => {
478
+ const n = i != null && i.factor2 ? this.sessionServer.authenticators[i.factor2] : void 0;
479
479
  return !this.sessionServer.isSessionUser(e) && this.enableEmailVerification && (n == null || n.skipEmailVerificationOnSignup() != !0) ? r.view(this.signupPage, {
480
480
  next: s,
481
481
  csrfToken: e.csrfToken,
@@ -497,10 +497,10 @@ class De {
497
497
  const a = l.asCrossauthError(r);
498
498
  return d.logger.error(c({ message: "Signup second factor failure", errorCodeName: a.codeName, errorCode: a.code })), d.logger.error(c({ message: "Session not defined during two factor process" })), o.status(500).view(this.sessionServer.errorPage, { status: 500, errorMessage: "An unknown error occurred", errorCode: g.UnknownError, errorCodeName: "UnknownError" });
499
499
  }
500
- let t = (await this.sessionServer.sessionManager.dataForSessionId(e.sessionId))["2fa"];
500
+ let i = (await this.sessionServer.sessionManager.dataForSessionId(e.sessionId))["2fa"];
501
501
  const n = l.asCrossauthError(r);
502
- d.logger.error(c({ message: "Signup two factor failure", user: t == null ? void 0 : t.username, errorCodeName: n.codeName, errorCode: n.code }));
503
- const { userData: i } = await this.sessionServer.sessionManager.repeatTwoFactorSignup(e.sessionId);
502
+ d.logger.error(c({ message: "Signup two factor failure", user: i == null ? void 0 : i.username, errorCodeName: n.codeName, errorCode: n.code }));
503
+ const { userData: t } = await this.sessionServer.sessionManager.repeatTwoFactorSignup(e.sessionId);
504
504
  return this.sessionServer.handleError(r, e, o, (a, h) => a.view(this.configureFactor2Page, {
505
505
  errorMessage: h.message,
506
506
  errorMessages: h.messages,
@@ -508,11 +508,11 @@ class De {
508
508
  errorCodeName: g[h.code],
509
509
  urlPrefix: this.prefix,
510
510
  next: s,
511
- ...i,
511
+ ...t,
512
512
  csrfToken: this.sessionServer.csrfToken(e, a)
513
513
  }));
514
- } catch (t) {
515
- return d.logger.error(c({ err: t })), o.status(500).view(this.sessionServer.errorPage, {
514
+ } catch (i) {
515
+ return d.logger.error(c({ err: i })), o.status(500).view(this.sessionServer.errorPage, {
516
516
  status: 500,
517
517
  errorMessage: "An unknown error occurred",
518
518
  errorCode: g.UnknownError,
@@ -542,20 +542,20 @@ class De {
542
542
  return await this.reconfigureFactor2(
543
543
  o,
544
544
  s,
545
- (t, n, i) => t.header(...U).send({
545
+ (i, n, t) => i.header(...U).send({
546
546
  ok: !0,
547
547
  ...n
548
548
  })
549
549
  );
550
- } catch (t) {
551
- const n = l.asCrossauthError(t);
550
+ } catch (i) {
551
+ const n = l.asCrossauthError(i);
552
552
  d.logger.error(c({
553
553
  message: "Configure 2FA configuration failure",
554
554
  user: (r = o.user) == null ? void 0 : r.username,
555
555
  errorCodeName: n.codeName,
556
556
  errorCode: n.code
557
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, o, s, (i, a) => {
558
- i.status(this.sessionServer.errorStatus(t)).header(...U).send({
557
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, s, (t, a) => {
558
+ t.status(this.sessionServer.errorStatus(i)).header(...U).send({
559
559
  ok: !1,
560
560
  errorMessage: a.message,
561
561
  errorMessages: a.messages,
@@ -579,23 +579,23 @@ class De {
579
579
  return await this.configureFactor2(
580
580
  o,
581
581
  s,
582
- (t, n) => {
583
- const i = {
582
+ (i, n) => {
583
+ const t = {
584
584
  ok: !0,
585
585
  user: n
586
586
  };
587
- return this.sessionServer.isSessionUser(o) || (i.emailVerificationNeeded = this.enableEmailVerification), t.header(...U).send(i);
587
+ return this.sessionServer.isSessionUser(o) || (t.emailVerificationNeeded = this.enableEmailVerification), i.header(...U).send(t);
588
588
  }
589
589
  );
590
- } catch (t) {
591
- const n = l.asCrossauthError(t);
590
+ } catch (i) {
591
+ const n = l.asCrossauthError(i);
592
592
  d.logger.error(c({
593
593
  message: "Configure 2FA configuration failure",
594
594
  user: (r = o.user) == null ? void 0 : r.username,
595
595
  errorCodeName: n.codeName,
596
596
  errorCode: n.code
597
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, o, s, (i, a) => {
598
- i.status(this.sessionServer.errorStatus(t)).header(...U).send({
597
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, o, s, (t, a) => {
598
+ t.status(this.sessionServer.errorStatus(i)).header(...U).send({
599
599
  ok: !1,
600
600
  errorMessage: a.message,
601
601
  errorMessages: a.messages,
@@ -640,7 +640,7 @@ class De {
640
640
  return await this.requestPasswordReset(
641
641
  e,
642
642
  o,
643
- (r, t) => r.view(this.requestPasswordResetPage, {
643
+ (r, i) => r.view(this.requestPasswordResetPage, {
644
644
  csrfToken: e.csrfToken,
645
645
  message: s,
646
646
  urlPrefix: this.prefix
@@ -650,13 +650,13 @@ class De {
650
650
  return d.logger.error(c({
651
651
  message: "Request password reset faiulure user failure",
652
652
  email: e.body.email
653
- })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (t, n) => n.code == g.EmailNotExist ? t.view(this.requestPasswordResetPage, {
653
+ })), d.logger.debug(c({ err: r })), this.sessionServer.handleError(r, e, o, (i, n) => n.code == g.EmailNotExist ? i.view(this.requestPasswordResetPage, {
654
654
  csrfToken: e.csrfToken,
655
655
  message: s,
656
656
  urlPrefix: this.prefix,
657
657
  required: e.body.required,
658
658
  next: e.body.next
659
- }) : e.body.next ? t.redirect(e.body.next) : t.view(this.requestPasswordResetPage, {
659
+ }) : e.body.next ? i.redirect(e.body.next) : i.view(this.requestPasswordResetPage, {
660
660
  errorMessage: n.message,
661
661
  errorMessages: n.messages,
662
662
  errorCode: n.code,
@@ -697,8 +697,8 @@ class De {
697
697
  email: e.body.email,
698
698
  errorCodeName: r.codeName,
699
699
  errorCode: r.code
700
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => {
701
- t.status(this.sessionServer.errorStatus(s)).header(...U).send({
700
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => {
701
+ i.status(this.sessionServer.errorStatus(s)).header(...U).send({
702
702
  ok: !1,
703
703
  errorMessage: n.message,
704
704
  errorMessages: n.messages,
@@ -764,7 +764,7 @@ class De {
764
764
  hashedToken: F.hash(e.body.token),
765
765
  errorCodeName: r.codeName,
766
766
  errorCode: r.code
767
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => t.view(this.resetPasswordPage, {
767
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => i.view(this.resetPasswordPage, {
768
768
  errorMessage: n.message,
769
769
  errorMessages: n.messages,
770
770
  errorCode: n.code,
@@ -805,8 +805,8 @@ class De {
805
805
  hashedToken: F.hash(e.body.token),
806
806
  errorCodeName: r.codeName,
807
807
  errorCode: r.code
808
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => {
809
- t.status(this.sessionServer.errorStatus(s)).header(...U).send({
808
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => {
809
+ i.status(this.sessionServer.errorStatus(s)).header(...U).send({
810
810
  ok: !1,
811
811
  errorMessage: n.message,
812
812
  errorMessages: n.messages,
@@ -847,7 +847,7 @@ class De {
847
847
  hashedToken: F.hash(e.params.token),
848
848
  errorCodeName: r.codeName,
849
849
  errorCode: r.code
850
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => t.view(this.sessionServer.errorPage, {
850
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => i.view(this.sessionServer.errorPage, {
851
851
  errorCode: n.code,
852
852
  errorCodeName: g[n.code],
853
853
  errorMessage: n.message,
@@ -887,8 +887,8 @@ class De {
887
887
  hashedToken: F.hash(e.params.token),
888
888
  errorCodeName: r.codeName,
889
889
  errorCode: r.code
890
- })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (t, n) => {
891
- t.status(this.sessionServer.errorStatus(s)).header(...U).send({
890
+ })), d.logger.debug(c({ err: s })), this.sessionServer.handleError(s, e, o, (i, n) => {
891
+ i.status(this.sessionServer.errorStatus(s)).header(...U).send({
892
892
  ok: !1,
893
893
  errorMessage: n.message,
894
894
  errorMessages: n.messages,
@@ -920,28 +920,28 @@ class De {
920
920
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call delete user unless a user storage is provided");
921
921
  s = (await this.sessionServer.userStorage.getUserById(e.user.id)).user;
922
922
  } catch (n) {
923
- const i = l.asCrossauthError(n);
924
- return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
925
- errorMessage: i.message,
926
- errorMessages: i.messages,
927
- errorCode: i.code,
928
- errorCodeName: g[i.code]
923
+ const t = l.asCrossauthError(n);
924
+ return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
925
+ errorMessage: t.message,
926
+ errorMessages: t.messages,
927
+ errorCode: t.code,
928
+ errorCodeName: g[t.code]
929
929
  });
930
930
  }
931
931
  const r = e.query.next ?? this.prefix;
932
- let t = {
932
+ let i = {
933
933
  urlPrefix: this.prefix,
934
934
  csrfToken: e.csrfToken,
935
935
  next: r,
936
936
  isAdmin: !1,
937
937
  user: s
938
938
  };
939
- return o.view(this.deleteUserPage, t);
939
+ return o.view(this.deleteUserPage, i);
940
940
  }
941
941
  ), this.sessionServer.app.post(
942
942
  this.prefix + "deleteuser",
943
943
  async (e, o) => {
944
- var r, t;
944
+ var r, i;
945
945
  if (d.logger.info(c({
946
946
  message: "Page visit",
947
947
  method: "POST",
@@ -956,24 +956,24 @@ class De {
956
956
  e,
957
957
  o,
958
958
  (n) => {
959
- var i;
959
+ var t;
960
960
  return n.view(this.deleteUserPage, {
961
961
  message: "User deleted",
962
962
  csrfToken: e.csrfToken,
963
963
  urlPrefix: this.prefix,
964
- userid: (i = e.user) == null ? void 0 : i.id,
964
+ userid: (t = e.user) == null ? void 0 : t.id,
965
965
  isAdmin: !1,
966
966
  next: s
967
967
  });
968
968
  }
969
969
  );
970
970
  } catch (n) {
971
- const i = l.asCrossauthError(n);
971
+ const t = l.asCrossauthError(n);
972
972
  return d.logger.error(c({
973
973
  message: "Failed deleting user",
974
- user: (t = e.user) == null ? void 0 : t.username,
975
- errorCodeName: i.codeName,
976
- errorCode: i.code
974
+ user: (i = e.user) == null ? void 0 : i.username,
975
+ errorCodeName: t.codeName,
976
+ errorCode: t.code
977
977
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
978
978
  var v;
979
979
  const p = l.asCrossauthError(n).httpStatus;
@@ -1013,23 +1013,23 @@ class De {
1013
1013
  return await this.deleteUser(
1014
1014
  e,
1015
1015
  o,
1016
- (t) => {
1016
+ (i) => {
1017
1017
  var n;
1018
- return t.header(...U).send({
1018
+ return i.header(...U).send({
1019
1019
  ok: !0,
1020
1020
  userid: (n = e.user) == null ? void 0 : n.id
1021
1021
  });
1022
1022
  }
1023
1023
  );
1024
- } catch (t) {
1025
- const n = l.asCrossauthError(t);
1024
+ } catch (i) {
1025
+ const n = l.asCrossauthError(i);
1026
1026
  d.logger.error(c({
1027
1027
  message: "Delete user failure",
1028
1028
  user: (r = e.user) == null ? void 0 : r.username,
1029
1029
  errorCodeName: n.codeName,
1030
1030
  errorCode: n.code
1031
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1032
- i.status(this.sessionServer.errorStatus(t)).header(...U).send({
1031
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1032
+ t.status(this.sessionServer.errorStatus(i)).header(...U).send({
1033
1033
  ok: !1,
1034
1034
  errorMessage: a.message,
1035
1035
  errorMessages: a.messages,
@@ -1057,9 +1057,9 @@ class De {
1057
1057
  e,
1058
1058
  this.sessionServer.userStorage.userEditableFields
1059
1059
  );
1060
- let t = this.sessionServer.validateUserFn(r);
1061
- if (t.length > 0)
1062
- throw new l(g.FormEntry, t);
1060
+ let i = this.sessionServer.validateUserFn(r);
1061
+ if (i.length > 0)
1062
+ throw new l(g.FormEntry, i);
1063
1063
  let n = await this.sessionServer.sessionManager.updateUser(e.user, r);
1064
1064
  return s(o, e.user, n.emailVerificationTokenSent);
1065
1065
  }
@@ -1086,26 +1086,26 @@ class De {
1086
1086
  throw new l(g.Unauthorized);
1087
1087
  if (!e.csrfToken)
1088
1088
  throw new l(g.InvalidCsrf);
1089
- let t = e.body.factor2;
1089
+ let i = e.body.factor2;
1090
1090
  if (e.body.factor2 && !this.sessionServer.allowedFactor2.includes(e.body.factor2))
1091
1091
  throw new l(
1092
1092
  g.Forbidden,
1093
1093
  "Illegal second factor " + e.body.factor2 + " requested"
1094
1094
  );
1095
- (e.body.factor2 == "none" || e.body.factor2 == "") && (t = void 0);
1096
- const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(r, t, e.sessionId);
1097
- let i = {
1098
- factor2: t,
1095
+ (e.body.factor2 == "none" || e.body.factor2 == "") && (i = void 0);
1096
+ const n = await this.sessionServer.sessionManager.initiateTwoFactorSetup(r, i, e.sessionId);
1097
+ let t = {
1098
+ factor2: i,
1099
1099
  userData: n,
1100
1100
  username: n.username,
1101
1101
  next: e.body.next ?? this.sessionServer.loginRedirect,
1102
1102
  csrfToken: e.csrfToken
1103
1103
  };
1104
- return s(o, i);
1104
+ return s(o, t);
1105
1105
  }
1106
1106
  async changePassword(e, o, s) {
1107
1107
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changePassword unless a user storage is provided");
1108
- let r, t = !1;
1108
+ let r, i = !1;
1109
1109
  if (!this.sessionServer.isSessionUser(e) || !e.user) {
1110
1110
  const m = await this.sessionServer.getSessionData(e, "passwordchange");
1111
1111
  if (m != null && m.username) {
@@ -1115,7 +1115,7 @@ class De {
1115
1115
  skipActiveCheck: !0,
1116
1116
  skipEmailVerifiedCheck: !0
1117
1117
  }
1118
- )).user, t = !0, !e.csrfToken)
1118
+ )).user, i = !0, !e.csrfToken)
1119
1119
  throw new l(g.InvalidCsrf);
1120
1120
  } else
1121
1121
  throw new l(g.Unauthorized);
@@ -1125,18 +1125,18 @@ class De {
1125
1125
  r = e.user;
1126
1126
  } else
1127
1127
  throw new l(g.InsufficientPriviledges);
1128
- const n = this.sessionServer.authenticators[r.factor1], i = n.secretNames();
1128
+ const n = this.sessionServer.authenticators[r.factor1], t = n.secretNames();
1129
1129
  let a = {}, h = {}, f = {};
1130
1130
  for (let m in e.body)
1131
1131
  if (m.startsWith("new_")) {
1132
1132
  const w = m.replace(/^new_/, "");
1133
- i.includes(w) && (h[w] = e.body[m]);
1133
+ t.includes(w) && (h[w] = e.body[m]);
1134
1134
  } else if (m.startsWith("old_")) {
1135
1135
  const w = m.replace(/^old_/, "");
1136
- i.includes(w) && (a[w] = e.body[m]);
1136
+ t.includes(w) && (a[w] = e.body[m]);
1137
1137
  } else if (m.startsWith("repeat_")) {
1138
1138
  const w = m.replace(/^repeat_/, "");
1139
- i.includes(w) && (f[w] = e.body[m]);
1139
+ t.includes(w) && (f[w] = e.body[m]);
1140
1140
  }
1141
1141
  Object.keys(f).length === 0 && (f = void 0);
1142
1142
  let p = n.validateSecrets(h);
@@ -1144,7 +1144,7 @@ class De {
1144
1144
  throw new l(g.PasswordFormat, p);
1145
1145
  const v = r.state;
1146
1146
  try {
1147
- t && (r.state = "active", await this.sessionServer.userStorage.updateUser({ id: r.id, state: r.state })), await this.sessionServer.sessionManager.changeSecrets(
1147
+ i && (r.state = "active", await this.sessionServer.userStorage.updateUser({ id: r.id, state: r.state })), await this.sessionServer.sessionManager.changeSecrets(
1148
1148
  r.username,
1149
1149
  1,
1150
1150
  h,
@@ -1153,7 +1153,7 @@ class De {
1153
1153
  );
1154
1154
  } catch (m) {
1155
1155
  const w = l.asCrossauthError(m);
1156
- if (d.logger.debug(c({ err: m })), t)
1156
+ if (d.logger.debug(c({ err: m })), i)
1157
1157
  try {
1158
1158
  await this.sessionServer.userStorage.updateUser({ id: r.id, state: v });
1159
1159
  } catch (P) {
@@ -1161,7 +1161,7 @@ class De {
1161
1161
  }
1162
1162
  throw w;
1163
1163
  }
1164
- return t ? await this.sessionServer.loginWithUser(r, !1, e, o, s) : s(o, void 0);
1164
+ return i ? await this.sessionServer.loginWithUser(r, !1, e, o, s) : s(o, void 0);
1165
1165
  }
1166
1166
  async configureFactor2(e, o, s) {
1167
1167
  if (this.sessionServer.isSessionUser(e) && !e.csrfToken)
@@ -1179,20 +1179,20 @@ class De {
1179
1179
  !0,
1180
1180
  e,
1181
1181
  o,
1182
- (t, n) => s(t, n)
1182
+ (i, n) => s(i, n)
1183
1183
  ) : s(o, r);
1184
1184
  }
1185
1185
  async reconfigureFactor2(e, o, s) {
1186
1186
  if (!e.user || !e.sessionId || !this.sessionServer.isSessionUser(e))
1187
1187
  throw new l(g.Unauthorized);
1188
1188
  let r = e.user.factor2;
1189
- const t = this.sessionServer.authenticators[r];
1190
- if (!t || t.secretNames().length == 0)
1189
+ const i = this.sessionServer.authenticators[r];
1190
+ if (!i || i.secretNames().length == 0)
1191
1191
  throw new l(
1192
1192
  g.BadRequest,
1193
1193
  "Selected second factor does not have configuration"
1194
1194
  );
1195
- let i = {
1195
+ let t = {
1196
1196
  ...await this.sessionServer.sessionManager.initiateTwoFactorSetup(
1197
1197
  e.user,
1198
1198
  r,
@@ -1200,7 +1200,7 @@ class De {
1200
1200
  ),
1201
1201
  csrfToken: e.csrfToken
1202
1202
  };
1203
- return s(o, i);
1203
+ return s(o, t);
1204
1204
  }
1205
1205
  async requestPasswordReset(e, o, s) {
1206
1206
  if (!this.enablePasswordReset)
@@ -1213,8 +1213,8 @@ class De {
1213
1213
  const r = e.body.email;
1214
1214
  try {
1215
1215
  await this.sessionServer.sessionManager.requestPasswordReset(r);
1216
- } catch (t) {
1217
- const n = l.asCrossauthError(t);
1216
+ } catch (i) {
1217
+ const n = l.asCrossauthError(i);
1218
1218
  if (n.code == g.UserNotExist)
1219
1219
  d.logger.warn(c({
1220
1220
  message: "Password reset requested for invalid email",
@@ -1222,7 +1222,7 @@ class De {
1222
1222
  }));
1223
1223
  else
1224
1224
  throw d.logger.error(c({
1225
- err: t,
1225
+ err: i,
1226
1226
  message: "Couldn't send password reset email"
1227
1227
  })), n;
1228
1228
  }
@@ -1231,15 +1231,15 @@ class De {
1231
1231
  async resetPassword(e, o, s) {
1232
1232
  if (!e.csrfToken)
1233
1233
  throw new l(g.InvalidCsrf);
1234
- const r = e.body.token, t = await this.sessionServer.sessionManager.userForPasswordResetToken(r), n = this.sessionServer.authenticators[t.factor1], i = n.secretNames();
1234
+ const r = e.body.token, i = await this.sessionServer.sessionManager.userForPasswordResetToken(r), n = this.sessionServer.authenticators[i.factor1], t = n.secretNames();
1235
1235
  let a = {}, h = {};
1236
1236
  for (let v in e.body)
1237
1237
  if (v.startsWith("new_")) {
1238
1238
  const m = v.replace(/^new_/, "");
1239
- i.includes(m) && (a[m] = e.body[v]);
1239
+ t.includes(m) && (a[m] = e.body[v]);
1240
1240
  } else if (v.startsWith("repeat_")) {
1241
1241
  const m = v.replace(/^repeat_/, "");
1242
- i.includes(m) && (h[m] = e.body[v]);
1242
+ t.includes(m) && (h[m] = e.body[v]);
1243
1243
  }
1244
1244
  Object.keys(h).length === 0 && (h = void 0);
1245
1245
  let f = n.validateSecrets(a);
@@ -1253,8 +1253,8 @@ class De {
1253
1253
  g.Configuration,
1254
1254
  "Email verification reset not enabled"
1255
1255
  );
1256
- const r = e.params.token, t = await this.sessionServer.sessionManager.applyEmailVerificationToken(r);
1257
- return await this.sessionServer.loginWithUser(t, !0, e, o, s);
1256
+ const r = e.params.token, i = await this.sessionServer.sessionManager.applyEmailVerificationToken(r);
1257
+ return await this.sessionServer.loginWithUser(i, !0, e, o, s);
1258
1258
  }
1259
1259
  async deleteUser(e, o, s) {
1260
1260
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteUser unless a user storage is provided");
@@ -1275,10 +1275,10 @@ async function ze(S, e) {
1275
1275
  if (r.code != g.UserNotExist)
1276
1276
  throw d.logger.debug(c({ err: r })), r;
1277
1277
  try {
1278
- const { user: t } = await e.getUserByEmail(S);
1279
- o.push(t);
1280
- } catch (t) {
1281
- const n = l.asCrossauthError(t);
1278
+ const { user: i } = await e.getUserByEmail(S);
1279
+ o.push(i);
1280
+ } catch (i) {
1281
+ const n = l.asCrossauthError(i);
1282
1282
  if (n.code != g.UserNotExist)
1283
1283
  throw d.logger.debug(c({ err: n })), r;
1284
1284
  }
@@ -1339,18 +1339,18 @@ class He {
1339
1339
  return d.logger.debug(c({ msg: "Next page " + s })), await this.createUser(
1340
1340
  e,
1341
1341
  o,
1342
- (t, n, i) => t.redirect(302, s)
1342
+ (i, n, t) => i.redirect(302, s)
1343
1343
  );
1344
- } catch (t) {
1345
- const n = l.asCrossauthError(t);
1344
+ } catch (i) {
1345
+ const n = l.asCrossauthError(i);
1346
1346
  return d.logger.error(c({
1347
1347
  msg: "Signup failure",
1348
1348
  user: e.body.username,
1349
1349
  errorCodeName: n.codeName,
1350
1350
  errorCode: n.code
1351
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1352
- const f = l.asCrossauthError(t).httpStatus;
1353
- return i.status(f).view(this.adminCreateUserPage, {
1351
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1352
+ const f = l.asCrossauthError(i).httpStatus;
1353
+ return t.status(f).view(this.adminCreateUserPage, {
1354
1354
  errorMessage: a.message,
1355
1355
  errorMessages: a.messages,
1356
1356
  errorCode: a.code,
@@ -1387,21 +1387,21 @@ class He {
1387
1387
  return await this.createUser(
1388
1388
  e,
1389
1389
  o,
1390
- (t, n, i) => t.header(...R).send({
1390
+ (i, n, t) => i.header(...R).send({
1391
1391
  ok: !0,
1392
- user: i,
1392
+ user: t,
1393
1393
  ...n.userData
1394
1394
  })
1395
1395
  );
1396
- } catch (t) {
1397
- const n = l.asCrossauthError(t);
1396
+ } catch (i) {
1397
+ const n = l.asCrossauthError(i);
1398
1398
  d.logger.error(c({
1399
1399
  msg: "Create user failure",
1400
1400
  user: (r = e.user) == null ? void 0 : r.username,
1401
1401
  errorCodeName: n.codeName,
1402
1402
  errorCode: n.code
1403
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1404
- i.status(this.sessionServer.errorStatus(t)).header(...R).send({
1403
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1404
+ t.status(this.sessionServer.errorStatus(i)).header(...R).send({
1405
1405
  ok: !1,
1406
1406
  errorMessage: a.message,
1407
1407
  errorMessages: a.messages,
@@ -1428,21 +1428,21 @@ class He {
1428
1428
  })), !(e != null && e.user) || !y.isAdmin(e.user))
1429
1429
  return this.accessDeniedPage(e, o);
1430
1430
  try {
1431
- let s = [], r = Number(e.query.skip), t = Number(e.query.take);
1432
- r < 0 && (t = -r, r = 0), r || (r = 0), t || (t = 10), e.query.search ? s = await this.userSearchFn(
1431
+ let s = [], r = Number(e.query.skip), i = Number(e.query.take);
1432
+ r < 0 && (i = -r, r = 0), r || (r = 0), i || (i = 10), e.query.search ? s = await this.userSearchFn(
1433
1433
  e.query.search,
1434
1434
  this.sessionServer.userStorage
1435
1435
  ) : s = await this.sessionServer.userStorage.getUsers(
1436
1436
  r,
1437
- t
1437
+ i
1438
1438
  );
1439
1439
  let n = {
1440
1440
  urlPrefix: this.adminPrefix,
1441
1441
  skip: r,
1442
- take: t,
1442
+ take: i,
1443
1443
  users: s,
1444
1444
  havePrevious: r > 0,
1445
- haveNext: t != null && s.length == t
1445
+ haveNext: i != null && s.length == i
1446
1446
  };
1447
1447
  return e.query.next && (n.next = e.query.next), o.view(this.adminSelectUserPage, n);
1448
1448
  } catch (s) {
@@ -1512,12 +1512,12 @@ class He {
1512
1512
  let s;
1513
1513
  try {
1514
1514
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateuser unless a user storage is provided");
1515
- const { user: t } = await this.sessionServer.userStorage.getUserById(e.params.id);
1516
- return s = t, await this.updateUser(
1515
+ const { user: i } = await this.sessionServer.userStorage.getUserById(e.params.id);
1516
+ return s = i, await this.updateUser(
1517
1517
  s,
1518
1518
  e,
1519
1519
  o,
1520
- (n, i, a, h) => {
1520
+ (n, t, a, h) => {
1521
1521
  let f = "User's details have been updated.";
1522
1522
  return a ? f = "User's details have been updated and sent and an email verification link." : h && (f = "User's details have been updated and sent and a password reset token sent."), n.view(this.adminUpdateUserPage, {
1523
1523
  csrfToken: e.csrfToken,
@@ -1527,9 +1527,9 @@ class He {
1527
1527
  });
1528
1528
  }
1529
1529
  );
1530
- } catch (t) {
1531
- const n = l.asCrossauthError(t);
1532
- return d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: n.codeName, errorCode: n.code })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => s ? i.view(this.adminUpdateUserPage, {
1530
+ } catch (i) {
1531
+ const n = l.asCrossauthError(i);
1532
+ return d.logger.error(c({ msg: "Update user failure", user: e.body.username, errorCodeName: n.codeName, errorCode: n.code })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => s ? t.view(this.adminUpdateUserPage, {
1533
1533
  user: s,
1534
1534
  errorMessage: a.message,
1535
1535
  errorMessages: a.messages,
@@ -1540,7 +1540,7 @@ class He {
1540
1540
  allowedFactor2: this.sessionServer.allowedFactor2Details(),
1541
1541
  ...e.body
1542
1542
  }) : y.sendPageError(
1543
- i,
1543
+ t,
1544
1544
  n.httpStatus,
1545
1545
  this.sessionServer.errorPage,
1546
1546
  n.message,
@@ -1570,28 +1570,28 @@ class He {
1570
1570
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call deleteuser unless a user storage is provided");
1571
1571
  s = (await this.sessionServer.userStorage.getUserById(e.params.id)).user;
1572
1572
  } catch (n) {
1573
- const i = l.asCrossauthError(n);
1574
- return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
1575
- errorMessage: i.message,
1576
- errorMessages: i.messages,
1577
- errorCode: i.code,
1578
- errorCodeName: g[i.code]
1573
+ const t = l.asCrossauthError(n);
1574
+ return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
1575
+ errorMessage: t.message,
1576
+ errorMessages: t.messages,
1577
+ errorCode: t.code,
1578
+ errorCodeName: g[t.code]
1579
1579
  });
1580
1580
  }
1581
1581
  const r = e.query.next ?? this.adminPrefix + "selectuser";
1582
- let t = {
1582
+ let i = {
1583
1583
  urlPrefix: this.adminPrefix,
1584
1584
  csrfToken: e.csrfToken,
1585
1585
  next: r,
1586
1586
  isAdmin: !0,
1587
1587
  user: s
1588
1588
  };
1589
- return o.view(this.deleteUserPage, t);
1589
+ return o.view(this.deleteUserPage, i);
1590
1590
  }
1591
1591
  ), this.sessionServer.app.post(
1592
1592
  this.adminPrefix + "deleteuser/:id",
1593
1593
  async (e, o) => {
1594
- var r, t;
1594
+ var r, i;
1595
1595
  d.logger.info(c({
1596
1596
  msg: "Page visit",
1597
1597
  method: "POST",
@@ -1614,12 +1614,12 @@ class He {
1614
1614
  })
1615
1615
  );
1616
1616
  } catch (n) {
1617
- const i = l.asCrossauthError(n);
1617
+ const t = l.asCrossauthError(n);
1618
1618
  return d.logger.error(c({
1619
1619
  msg: "Failed deleting user",
1620
- user: (t = e.user) == null ? void 0 : t.username,
1621
- errorCodeName: i.codeName,
1622
- errorCode: i.code
1620
+ user: (i = e.user) == null ? void 0 : i.username,
1621
+ errorCodeName: t.codeName,
1622
+ errorCode: t.code
1623
1623
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1624
1624
  const p = l.asCrossauthError(n).httpStatus;
1625
1625
  return a.status(p).view(this.deleteUserPage, {
@@ -1645,7 +1645,7 @@ class He {
1645
1645
  this.sessionServer.app.post(
1646
1646
  this.adminPrefix + "api/updateuser/:id",
1647
1647
  async (e, o) => {
1648
- var r, t;
1648
+ var r, i;
1649
1649
  if (d.logger.info(c({
1650
1650
  msg: "API visit",
1651
1651
  method: "POST",
@@ -1662,18 +1662,18 @@ class He {
1662
1662
  s,
1663
1663
  e,
1664
1664
  o,
1665
- (i, a, h) => i.header(...R).send({
1665
+ (t, a, h) => t.header(...R).send({
1666
1666
  ok: !0,
1667
1667
  emailVerificationRequired: h
1668
1668
  })
1669
1669
  );
1670
1670
  } catch (n) {
1671
- const i = l.asCrossauthError(n);
1671
+ const t = l.asCrossauthError(n);
1672
1672
  return d.logger.error(c({
1673
1673
  msg: "Update user failure",
1674
- user: (t = e.user) == null ? void 0 : t.username,
1675
- errorCodeName: i.codeName,
1676
- errorCode: i.code
1674
+ user: (i = e.user) == null ? void 0 : i.username,
1675
+ errorCodeName: t.codeName,
1676
+ errorCode: t.code
1677
1677
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1678
1678
  a.status(this.sessionServer.errorStatus(n)).header(...R).send({
1679
1679
  ok: !1,
@@ -1706,20 +1706,20 @@ class He {
1706
1706
  return this.accessDeniedPage(e, o);
1707
1707
  try {
1708
1708
  const { user: r } = await this.sessionServer.userStorage.getUserById(e.params.id);
1709
- let t = {
1709
+ let i = {
1710
1710
  urlPrefix: this.adminPrefix,
1711
1711
  csrfToken: e.csrfToken,
1712
1712
  user: r
1713
1713
  };
1714
- return o.view(this.adminChangePasswordPage, t);
1714
+ return o.view(this.adminChangePasswordPage, i);
1715
1715
  } catch (r) {
1716
- const t = l.asCrossauthError(r);
1716
+ const i = l.asCrossauthError(r);
1717
1717
  return d.logger.error(c({ err: r })), y.sendPageError(
1718
1718
  o,
1719
- t.httpStatus,
1719
+ i.httpStatus,
1720
1720
  this.sessionServer.errorPage,
1721
- t.message,
1722
- t
1721
+ i.message,
1722
+ i
1723
1723
  );
1724
1724
  }
1725
1725
  }
@@ -1737,12 +1737,12 @@ class He {
1737
1737
  let s;
1738
1738
  try {
1739
1739
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call changepassword unless a user storage is provided");
1740
- const { user: t } = await this.sessionServer.userStorage.getUserById(e.params.id);
1741
- return s = t, await this.changePassword(
1740
+ const { user: i } = await this.sessionServer.userStorage.getUserById(e.params.id);
1741
+ return s = i, await this.changePassword(
1742
1742
  s,
1743
1743
  e,
1744
1744
  o,
1745
- (n, i) => e.body.next ? n.redirect(e.body.next) : n.view(this.adminChangePasswordPage, {
1745
+ (n, t) => e.body.next ? n.redirect(e.body.next) : n.view(this.adminChangePasswordPage, {
1746
1746
  csrfToken: e.csrfToken,
1747
1747
  message: "User's password has been changed.",
1748
1748
  urlPrefix: this.adminPrefix,
@@ -1751,14 +1751,14 @@ class He {
1751
1751
  user: s
1752
1752
  })
1753
1753
  );
1754
- } catch (t) {
1755
- const n = l.asCrossauthError(t);
1754
+ } catch (i) {
1755
+ const n = l.asCrossauthError(i);
1756
1756
  return d.logger.error(c({
1757
1757
  msg: "Change password failure",
1758
1758
  userid: e.params.id,
1759
1759
  errorCodeName: n.codeName,
1760
1760
  errorCode: n.code
1761
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => i.view(this.adminChangePasswordPage, {
1761
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => t.view(this.adminChangePasswordPage, {
1762
1762
  errorMessage: a.message,
1763
1763
  errorMessages: a.messages,
1764
1764
  errorCode: a.code,
@@ -1777,7 +1777,7 @@ class He {
1777
1777
  this.sessionServer.app.post(
1778
1778
  this.adminPrefix + "api/changepassword/:id",
1779
1779
  async (e, o) => {
1780
- var r, t;
1780
+ var r, i;
1781
1781
  if (d.logger.info(c({
1782
1782
  msg: "API visit",
1783
1783
  method: "POST",
@@ -1794,17 +1794,17 @@ class He {
1794
1794
  s,
1795
1795
  e,
1796
1796
  o,
1797
- (i, a) => i.header(...R).send({
1797
+ (t, a) => t.header(...R).send({
1798
1798
  ok: !0
1799
1799
  })
1800
1800
  );
1801
1801
  } catch (n) {
1802
- const i = l.asCrossauthError(n);
1802
+ const t = l.asCrossauthError(n);
1803
1803
  return d.logger.error(c({
1804
1804
  msg: "Update user failure",
1805
- user: (t = e.user) == null ? void 0 : t.username,
1806
- errorCodeName: i.codeName,
1807
- errorCode: i.code
1805
+ user: (i = e.user) == null ? void 0 : i.username,
1806
+ errorCodeName: t.codeName,
1807
+ errorCode: t.code
1808
1808
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
1809
1809
  a.status(this.sessionServer.errorStatus(n)).header(...R).send({
1810
1810
  ok: !1,
@@ -1837,20 +1837,20 @@ class He {
1837
1837
  return await this.deleteUser(
1838
1838
  e,
1839
1839
  o,
1840
- (t) => t.header(...R).send({
1840
+ (i) => i.header(...R).send({
1841
1841
  ok: !0,
1842
1842
  client_id: e.params.id
1843
1843
  })
1844
1844
  );
1845
- } catch (t) {
1846
- const n = l.asCrossauthError(t);
1845
+ } catch (i) {
1846
+ const n = l.asCrossauthError(i);
1847
1847
  d.logger.error(c({
1848
1848
  msg: "Delete user failure",
1849
1849
  user: (r = e.user) == null ? void 0 : r.username,
1850
1850
  errorCodeName: n.codeName,
1851
1851
  errorCode: n.code
1852
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
1853
- i.status(this.sessionServer.errorStatus(t)).header(...R).send({
1852
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
1853
+ t.status(this.sessionServer.errorStatus(i)).header(...R).send({
1854
1854
  ok: !1,
1855
1855
  errorMessage: a.message,
1856
1856
  errorMessages: a.messages,
@@ -1884,17 +1884,17 @@ class He {
1884
1884
  this.sessionServer.adminAllowedFactor1,
1885
1885
  this.sessionServer.allowedFactor2
1886
1886
  );
1887
- const t = this.sessionServer.authenticators[r.factor1].secretNames();
1887
+ const i = this.sessionServer.authenticators[r.factor1].secretNames();
1888
1888
  let n = !0;
1889
- for (let v of t)
1889
+ for (let v of i)
1890
1890
  !e.body[v] && !e.body["repeat_" + v] && (n = !1);
1891
- let i = [], a = {};
1891
+ let t = [], a = {};
1892
1892
  if (n) {
1893
- i = this.sessionServer.authenticators[r.factor1].validateSecrets(e.body);
1893
+ t = this.sessionServer.authenticators[r.factor1].validateSecrets(e.body);
1894
1894
  for (let v in e.body)
1895
1895
  if (v.startsWith("repeat_")) {
1896
1896
  const m = v.replace(/^repeat_/, "");
1897
- t.includes(m) && (a[m] = e.body[v]);
1897
+ i.includes(m) && (a[m] = e.body[v]);
1898
1898
  }
1899
1899
  Object.keys(a).length === 0 && (a = void 0);
1900
1900
  }
@@ -1908,7 +1908,7 @@ class He {
1908
1908
  msg: `Setting state for user to ${O.passwordResetNeeded}`,
1909
1909
  username: r.username
1910
1910
  })));
1911
- let f = [...this.sessionServer.validateUserFn(r), ...i];
1911
+ let f = [...this.sessionServer.validateUserFn(r), ...t];
1912
1912
  if (f.length > 0)
1913
1913
  throw new l(g.FormEntry, f);
1914
1914
  const p = await this.sessionServer.sessionManager.createUser(
@@ -1931,11 +1931,11 @@ class He {
1931
1931
  }
1932
1932
  async accessDeniedPage(e, o) {
1933
1933
  const s = new l(g.InsufficientPriviledges);
1934
- return this.sessionServer.handleError(s, e, o, (r, t) => r.status(s.httpStatus).view(this.sessionServer.errorPage, {
1935
- errorMessage: t.message,
1936
- errorMessages: t.messages,
1937
- errorCode: t.code,
1938
- errorCodeName: g[t.code]
1934
+ return this.sessionServer.handleError(s, e, o, (r, i) => r.status(s.httpStatus).view(this.sessionServer.errorPage, {
1935
+ errorMessage: i.message,
1936
+ errorMessages: i.messages,
1937
+ errorCode: i.code,
1938
+ errorCodeName: g[i.code]
1939
1939
  }));
1940
1940
  }
1941
1941
  async updateUser(e, o, s, r) {
@@ -1943,7 +1943,7 @@ class He {
1943
1943
  if (!o.user || !y.isAdmin(o.user))
1944
1944
  throw new l(g.Unauthorized);
1945
1945
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1946
- const t = e.factor2, n = e.state;
1946
+ const i = e.factor2, n = e.state;
1947
1947
  e.state = o.body.state, e = this.sessionServer.updateUserFn(
1948
1948
  e,
1949
1949
  o,
@@ -1952,10 +1952,10 @@ class He {
1952
1952
  ...this.sessionServer.userStorage.adminEditableFields
1953
1953
  }
1954
1954
  );
1955
- const i = e.factor2 && e.factor2 != "none" && e.factor2 != t;
1956
- if (i && !(e.state == n || e.state == "factor2ResetNeeded"))
1955
+ const t = e.factor2 && e.factor2 != "none" && e.factor2 != i;
1956
+ if (t && !(e.state == n || e.state == "factor2ResetNeeded"))
1957
1957
  throw new l(g.BadRequest, "Cannot change both factor2 and state at the same time");
1958
- i && (e.state = O.factor2ResetNeeded, d.logger.warn(c({
1958
+ t && (e.state = O.factor2ResetNeeded, d.logger.warn(c({
1959
1959
  msg: `Setting state for user to ${O.factor2ResetNeeded}`,
1960
1960
  username: e.username
1961
1961
  })));
@@ -1974,22 +1974,22 @@ class He {
1974
1974
  if (!o.user || !y.isAdmin(o.user))
1975
1975
  throw new l(g.Unauthorized);
1976
1976
  if (this.sessionServer.isSessionUser(o) && !o.csrfToken) throw new l(g.InvalidCsrf);
1977
- const t = this.sessionServer.authenticators[e.factor1], n = t.secretNames();
1978
- let i = {}, a = {};
1977
+ const i = this.sessionServer.authenticators[e.factor1], n = i.secretNames();
1978
+ let t = {}, a = {};
1979
1979
  for (let f in o.body)
1980
1980
  if (f.startsWith("new_")) {
1981
1981
  const p = f.replace(/^new_/, "");
1982
- n.includes(p) && (i[p] = o.body[f]);
1982
+ n.includes(p) && (t[p] = o.body[f]);
1983
1983
  } else if (f.startsWith("repeat_")) {
1984
1984
  const p = f.replace(/^repeat_/, "");
1985
1985
  n.includes(p) && (a[p] = o.body[f]);
1986
1986
  }
1987
- if (Object.keys(a).length === 0 && (a = void 0), t.validateSecrets(i).length > 0)
1987
+ if (Object.keys(a).length === 0 && (a = void 0), i.validateSecrets(t).length > 0)
1988
1988
  throw new l(g.PasswordFormat);
1989
1989
  return e.state = "active", await this.sessionServer.userStorage.updateUser({ id: e.id, state: e.state }), await this.sessionServer.sessionManager.changeSecrets(
1990
1990
  e.username,
1991
1991
  1,
1992
- i,
1992
+ t,
1993
1993
  a
1994
1994
  ), r(s, void 0);
1995
1995
  }
@@ -2008,15 +2008,15 @@ async function ve(S, e, o) {
2008
2008
  const r = await e.getClientById(S);
2009
2009
  s.push(r);
2010
2010
  } catch (r) {
2011
- const t = l.asCrossauthError(r);
2012
- if (t.code != g.UserNotExist)
2013
- throw d.logger.debug(c({ err: t })), t;
2011
+ const i = l.asCrossauthError(r);
2012
+ if (i.code != g.UserNotExist)
2013
+ throw d.logger.debug(c({ err: i })), i;
2014
2014
  try {
2015
2015
  s = await e.getClientByName(S, o);
2016
2016
  } catch (n) {
2017
- const i = l.asCrossauthError(n);
2018
- if (i.code != g.UserNotExist)
2019
- throw d.logger.debug(c({ err: i })), t;
2017
+ const t = l.asCrossauthError(n);
2018
+ if (t.code != g.UserNotExist)
2019
+ throw d.logger.debug(c({ err: t })), i;
2020
2020
  }
2021
2021
  }
2022
2022
  return s;
@@ -2059,42 +2059,42 @@ class Le {
2059
2059
  return this.accessDeniedPage(e, o);
2060
2060
  const s = e.query.next ?? encodeURIComponent(e.url);
2061
2061
  try {
2062
- let r = [], t = Number(e.query.skip), n = Number(e.query.take);
2063
- t || (t = 0), n || (n = 10);
2064
- let i = null, a;
2062
+ let r = [], i = Number(e.query.skip), n = Number(e.query.take);
2063
+ i || (i = 0), n || (n = 10);
2064
+ let t = null, a;
2065
2065
  if (e.query.userid) {
2066
2066
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call selectclient with user unless a user storage is provided");
2067
- a = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user, i = a.id;
2067
+ a = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user, t = a.id;
2068
2068
  }
2069
2069
  e.query.search ? r = await this.clientSearchFn(
2070
2070
  e.query.search,
2071
2071
  this.clientStorage,
2072
- i
2072
+ t
2073
2073
  ) : r = await this.clientStorage.getClients(
2074
- t,
2074
+ i,
2075
2075
  n,
2076
- i
2076
+ t
2077
2077
  );
2078
2078
  let h = {
2079
2079
  urlPrefix: this.adminPrefix,
2080
2080
  user: a,
2081
- skip: t,
2081
+ skip: i,
2082
2082
  take: n,
2083
2083
  clients: r,
2084
- havePrevious: t > 0,
2084
+ havePrevious: i > 0,
2085
2085
  haveNext: n != null && r.length == n,
2086
2086
  isAdmin: !0,
2087
2087
  next: s
2088
2088
  };
2089
2089
  return e.query.next && (h.next = e.query.next), o.view(this.selectClientPage, h);
2090
2090
  } catch (r) {
2091
- const t = l.asCrossauthError(r);
2091
+ const i = l.asCrossauthError(r);
2092
2092
  return d.logger.error(c({ err: r })), y.sendPageError(
2093
2093
  o,
2094
- t.httpStatus,
2094
+ i.httpStatus,
2095
2095
  this.sessionServer.errorPage,
2096
- t.message,
2097
- t
2096
+ i.message,
2097
+ i
2098
2098
  );
2099
2099
  }
2100
2100
  }
@@ -2123,15 +2123,15 @@ class Le {
2123
2123
  r = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user;
2124
2124
  }
2125
2125
  } catch (n) {
2126
- const i = l.asCrossauthError(n);
2127
- return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
2128
- errorMessage: i.message,
2129
- errorMessages: i.messages,
2130
- errorCode: i.code,
2131
- errorCodeName: g[i.code]
2126
+ const t = l.asCrossauthError(n);
2127
+ return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2128
+ errorMessage: t.message,
2129
+ errorMessages: t.messages,
2130
+ errorCode: t.code,
2131
+ errorCodeName: g[t.code]
2132
2132
  });
2133
2133
  }
2134
- let t = {
2134
+ let i = {
2135
2135
  urlPrefix: this.adminPrefix,
2136
2136
  csrfToken: e.csrfToken,
2137
2137
  validFlows: this.validFlows,
@@ -2140,18 +2140,18 @@ class Le {
2140
2140
  isAdmin: !0,
2141
2141
  next: s
2142
2142
  };
2143
- return o.view(this.createClientPage, t);
2143
+ return o.view(this.createClientPage, i);
2144
2144
  }
2145
2145
  ), this.sessionServer.app.post(
2146
2146
  this.adminPrefix + "createclient",
2147
2147
  async (e, o) => {
2148
- var t, n;
2148
+ var i, n;
2149
2149
  d.logger.info(c({
2150
2150
  msg: "Page visit",
2151
2151
  method: "POST",
2152
2152
  url: this.adminPrefix + "createclient",
2153
2153
  ip: e.ip,
2154
- user: (t = e.user) == null ? void 0 : t.username
2154
+ user: (i = e.user) == null ? void 0 : i.username
2155
2155
  }));
2156
2156
  let s = e.body.next;
2157
2157
  s || (e.body.userid ? s = this.adminPrefix + "selectuser" : s = this.adminPrefix + "selectclient");
@@ -2164,7 +2164,7 @@ class Le {
2164
2164
  return await this.createClient(
2165
2165
  e,
2166
2166
  o,
2167
- (i, a) => i.view(this.createClientPage, {
2167
+ (t, a) => t.view(this.createClientPage, {
2168
2168
  message: "Created client",
2169
2169
  client: a,
2170
2170
  csrfToken: e.csrfToken,
@@ -2178,15 +2178,15 @@ class Le {
2178
2178
  }),
2179
2179
  r
2180
2180
  );
2181
- } catch (i) {
2182
- const a = l.asCrossauthError(i);
2181
+ } catch (t) {
2182
+ const a = l.asCrossauthError(t);
2183
2183
  return d.logger.error(c({
2184
2184
  msg: "Failed creating OAuth client",
2185
2185
  user: (n = e.user) == null ? void 0 : n.username,
2186
2186
  errorCodeName: a.codeName,
2187
2187
  errorCode: a.code
2188
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2189
- const v = l.asCrossauthError(i).httpStatus;
2188
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2189
+ const v = l.asCrossauthError(t).httpStatus;
2190
2190
  return h.status(v).view(this.createClientPage, {
2191
2191
  errorMessage: f.message,
2192
2192
  errorMessages: f.messages,
@@ -2233,11 +2233,11 @@ class Le {
2233
2233
  }
2234
2234
  let r = e.query.next;
2235
2235
  r || (e.query.userid ? r = this.adminPrefix + "selectuser" : r = this.adminPrefix + "selectclient");
2236
- let t;
2236
+ let i;
2237
2237
  try {
2238
2238
  if (s.userid) {
2239
2239
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateclient with user unless a user storage is provided");
2240
- t = (await this.sessionServer.userStorage.getUserById(s.userid)).user;
2240
+ i = (await this.sessionServer.userStorage.getUserById(s.userid)).user;
2241
2241
  }
2242
2242
  } catch (a) {
2243
2243
  const h = l.asCrossauthError(a);
@@ -2251,13 +2251,13 @@ class Le {
2251
2251
  let n = {};
2252
2252
  for (let a of this.validFlows)
2253
2253
  s.valid_flow.includes(a) && (n[a] = !0);
2254
- let i = {
2254
+ let t = {
2255
2255
  urlPrefix: this.adminPrefix,
2256
2256
  csrfToken: e.csrfToken,
2257
2257
  validFlows: this.validFlows,
2258
2258
  flowNames: E.flowNames(this.validFlows),
2259
2259
  selectedFlows: n,
2260
- user: t,
2260
+ user: i,
2261
2261
  client_id: s.client_id,
2262
2262
  client_name: s.client_name,
2263
2263
  confidential: s.confidential,
@@ -2265,18 +2265,18 @@ class Le {
2265
2265
  isAdmin: !0,
2266
2266
  next: r
2267
2267
  };
2268
- return o.view(this.updateClientPage, i);
2268
+ return o.view(this.updateClientPage, t);
2269
2269
  }
2270
2270
  ), this.sessionServer.app.post(
2271
2271
  this.adminPrefix + "updateclient/:client_id",
2272
2272
  async (e, o) => {
2273
- var t, n;
2273
+ var i, n;
2274
2274
  d.logger.info(c({
2275
2275
  msg: "Page visit",
2276
2276
  method: "POST",
2277
2277
  url: this.adminPrefix + "updateclient",
2278
2278
  ip: e.ip,
2279
- user: (t = e.user) == null ? void 0 : t.username
2279
+ user: (i = e.user) == null ? void 0 : i.username
2280
2280
  }));
2281
2281
  let s = e.body.next;
2282
2282
  s || (e.body.userid ? s = this.adminPrefix + "selectuser" : s = this.adminPrefix + "selectclient");
@@ -2289,7 +2289,7 @@ class Le {
2289
2289
  return await this.updateClient(
2290
2290
  e,
2291
2291
  o,
2292
- (i, a, h) => i.view(this.updateClientPage, {
2292
+ (t, a, h) => t.view(this.updateClientPage, {
2293
2293
  message: "Updated client",
2294
2294
  client: a,
2295
2295
  csrfToken: e.csrfToken,
@@ -2303,15 +2303,15 @@ class Le {
2303
2303
  ...e.body
2304
2304
  })
2305
2305
  );
2306
- } catch (i) {
2307
- const a = l.asCrossauthError(i);
2306
+ } catch (t) {
2307
+ const a = l.asCrossauthError(t);
2308
2308
  return d.logger.error(c({
2309
2309
  msg: "Failed updating OAuth client",
2310
2310
  user: (n = e.user) == null ? void 0 : n.username,
2311
2311
  errorCodeName: a.codeName,
2312
2312
  errorCode: a.code
2313
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2314
- const v = l.asCrossauthError(i).httpStatus;
2313
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2314
+ const v = l.asCrossauthError(t).httpStatus;
2315
2315
  let m = {};
2316
2316
  for (let w of this.validFlows)
2317
2317
  w in e.body && (m[w] = !0);
@@ -2353,27 +2353,27 @@ class Le {
2353
2353
  try {
2354
2354
  s = await this.clientStorage.getClientById(e.params.client_id);
2355
2355
  } catch (n) {
2356
- const i = l.asCrossauthError(n);
2357
- return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
2358
- errorMessage: i.message,
2359
- errorMessages: i.messages,
2360
- errorCode: i.code,
2361
- errorCodeName: g[i.code]
2356
+ const t = l.asCrossauthError(n);
2357
+ return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
2358
+ errorMessage: t.message,
2359
+ errorMessages: t.messages,
2360
+ errorCode: t.code,
2361
+ errorCodeName: g[t.code]
2362
2362
  });
2363
2363
  }
2364
2364
  const r = e.query.next ?? this.adminPrefix + "selectclient";
2365
- let t = {
2365
+ let i = {
2366
2366
  urlPrefix: this.adminPrefix,
2367
2367
  csrfToken: e.csrfToken,
2368
2368
  next: r,
2369
2369
  client: s
2370
2370
  };
2371
- return o.view(this.deleteClientPage, t);
2371
+ return o.view(this.deleteClientPage, i);
2372
2372
  }
2373
2373
  ), this.sessionServer.app.post(
2374
2374
  this.adminPrefix + "deleteclient/:client_id",
2375
2375
  async (e, o) => {
2376
- var r, t;
2376
+ var r, i;
2377
2377
  d.logger.info(c({
2378
2378
  msg: "Page visit",
2379
2379
  method: "POST",
@@ -2396,12 +2396,12 @@ class Le {
2396
2396
  })
2397
2397
  );
2398
2398
  } catch (n) {
2399
- const i = l.asCrossauthError(n);
2399
+ const t = l.asCrossauthError(n);
2400
2400
  return d.logger.error(c({
2401
2401
  msg: "Failed deleting OAuth client",
2402
- user: (t = e.user) == null ? void 0 : t.username,
2403
- errorCodeName: i.codeName,
2404
- errorCode: i.code
2402
+ user: (i = e.user) == null ? void 0 : i.username,
2403
+ errorCodeName: t.codeName,
2404
+ errorCode: t.code
2405
2405
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2406
2406
  const p = l.asCrossauthError(n).httpStatus;
2407
2407
  return a.status(p).view(this.deleteClientPage, {
@@ -2427,7 +2427,7 @@ class Le {
2427
2427
  this.sessionServer.app.post(
2428
2428
  this.adminPrefix + "api/createclient",
2429
2429
  async (e, o) => {
2430
- var r, t;
2430
+ var r, i;
2431
2431
  d.logger.info(c({
2432
2432
  msg: "API visit",
2433
2433
  method: "POST",
@@ -2444,19 +2444,19 @@ class Le {
2444
2444
  return await this.createClient(
2445
2445
  e,
2446
2446
  o,
2447
- (n, i) => n.header(...B).send({
2447
+ (n, t) => n.header(...B).send({
2448
2448
  ok: !0,
2449
- client: i
2449
+ client: t
2450
2450
  }),
2451
2451
  s
2452
2452
  );
2453
2453
  } catch (n) {
2454
- const i = l.asCrossauthError(n);
2454
+ const t = l.asCrossauthError(n);
2455
2455
  d.logger.error(c({
2456
2456
  msg: "Create client failure",
2457
- user: (t = e.user) == null ? void 0 : t.username,
2458
- errorCodeName: i.codeName,
2459
- errorCode: i.code
2457
+ user: (i = e.user) == null ? void 0 : i.username,
2458
+ errorCodeName: t.codeName,
2459
+ errorCode: t.code
2460
2460
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2461
2461
  a.status(this.sessionServer.errorStatus(n)).header(...B).send({
2462
2462
  ok: !1,
@@ -2492,22 +2492,22 @@ class Le {
2492
2492
  return await this.updateClient(
2493
2493
  e,
2494
2494
  o,
2495
- (t, n, i) => t.header(...B).send({
2495
+ (i, n, t) => i.header(...B).send({
2496
2496
  ok: !0,
2497
2497
  client: n,
2498
2498
  csrfToken: e.csrfToken,
2499
- newSecret: i
2499
+ newSecret: t
2500
2500
  })
2501
2501
  );
2502
- } catch (t) {
2503
- const n = l.asCrossauthError(t);
2502
+ } catch (i) {
2503
+ const n = l.asCrossauthError(i);
2504
2504
  return d.logger.error(c({
2505
2505
  msg: "Failed updating OAuth client",
2506
2506
  user: (r = e.user) == null ? void 0 : r.username,
2507
2507
  errorCodeName: n.codeName,
2508
2508
  errorCode: n.code
2509
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2510
- i.status(this.sessionServer.errorStatus(t)).header(...B).send({
2509
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2510
+ t.status(this.sessionServer.errorStatus(i)).header(...B).send({
2511
2511
  ok: !1,
2512
2512
  errorMessage: a.message,
2513
2513
  errorMessages: a.messages,
@@ -2538,20 +2538,20 @@ class Le {
2538
2538
  return await this.deleteClient(
2539
2539
  e,
2540
2540
  o,
2541
- (t) => t.header(...B).send({
2541
+ (i) => i.header(...B).send({
2542
2542
  ok: !0,
2543
2543
  client_id: e.params.client_id
2544
2544
  })
2545
2545
  );
2546
- } catch (t) {
2547
- const n = l.asCrossauthError(t);
2546
+ } catch (i) {
2547
+ const n = l.asCrossauthError(i);
2548
2548
  d.logger.error(c({
2549
2549
  msg: "Delete client failure",
2550
2550
  user: (r = e.user) == null ? void 0 : r.username,
2551
2551
  errorCodeName: n.codeName,
2552
2552
  errorCode: n.code
2553
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2554
- i.status(this.sessionServer.errorStatus(t)).header(...B).send({
2553
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2554
+ t.status(this.sessionServer.errorStatus(i)).header(...B).send({
2555
2555
  ok: !1,
2556
2556
  errorMessage: a.message,
2557
2557
  errorMessages: a.messages,
@@ -2566,11 +2566,11 @@ class Le {
2566
2566
  // Internal functions
2567
2567
  async accessDeniedPage(e, o) {
2568
2568
  const s = new l(g.InsufficientPriviledges);
2569
- return this.sessionServer.handleError(s, e, o, (r, t) => r.status(s.httpStatus).view(this.sessionServer.errorPage, {
2570
- errorMessage: t.message,
2571
- errorMessages: t.messages,
2572
- errorCode: t.code,
2573
- errorCodeName: g[t.code]
2569
+ return this.sessionServer.handleError(s, e, o, (r, i) => r.status(s.httpStatus).view(this.sessionServer.errorPage, {
2570
+ errorMessage: i.message,
2571
+ errorMessages: i.messages,
2572
+ errorCode: i.code,
2573
+ errorCodeName: g[i.code]
2574
2574
  }));
2575
2575
  }
2576
2576
  async createClient(e, o, s, r) {
@@ -2578,9 +2578,9 @@ class Le {
2578
2578
  throw new l(g.InvalidCsrf);
2579
2579
  if (!e.user || !y.isAdmin(e.user))
2580
2580
  throw new l(g.InsufficientPriviledges);
2581
- const t = e.body.confidential == "true", n = e.body.client_name, i = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2581
+ const i = e.body.confidential == "true", n = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2582
2582
  let a = [];
2583
- for (let p of i)
2583
+ for (let p of t)
2584
2584
  try {
2585
2585
  L.validateUri(p);
2586
2586
  } catch (v) {
@@ -2596,9 +2596,9 @@ class Le {
2596
2596
  p in e.body && h.push(p);
2597
2597
  const f = await this.clientManager.createClient(
2598
2598
  n,
2599
- i,
2600
- h,
2601
2599
  t,
2600
+ h,
2601
+ i,
2602
2602
  r == null ? void 0 : r.id
2603
2603
  );
2604
2604
  return s(o, f);
@@ -2609,26 +2609,26 @@ class Le {
2609
2609
  if (!e.user || !y.isAdmin(e.user))
2610
2610
  throw new l(g.InsufficientPriviledges);
2611
2611
  const r = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
2612
- let t = [];
2612
+ let i = [];
2613
2613
  for (let p of r)
2614
2614
  try {
2615
2615
  L.validateUri(p);
2616
2616
  } catch (v) {
2617
- d.logger.error(c({ err: v })), t.push("[" + p + "]");
2617
+ d.logger.error(c({ err: v })), i.push("[" + p + "]");
2618
2618
  }
2619
- if (t.length > 0)
2619
+ if (i.length > 0)
2620
2620
  throw new l(
2621
2621
  g.BadRequest,
2622
- "The following redirect URIs are invalid: " + t.join(" ")
2622
+ "The following redirect URIs are invalid: " + i.join(" ")
2623
2623
  );
2624
2624
  let n = [];
2625
2625
  for (let p of this.validFlows)
2626
2626
  p in e.body && n.push(p);
2627
- const i = {};
2628
- i.client_name = e.body.client_name, i.confidential = e.body.confidential == "true", i.valid_flow = n, i.redirect_uri = r, i.userid = e.body.userid, i.userid == null && (i.userid = null);
2627
+ const t = {};
2628
+ t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = n, t.redirect_uri = r, t.userid = e.body.userid, t.userid == null && (t.userid = null);
2629
2629
  const a = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
2630
2630
  e.params.client_id,
2631
- i,
2631
+ t,
2632
2632
  a
2633
2633
  );
2634
2634
  return s(o, h, f);
@@ -2683,29 +2683,29 @@ class Ge {
2683
2683
  })), !(e != null && e.user))
2684
2684
  return o.redirect(this.sessionServer.loginUrl + "?next=" + this.prefix + "selectclient");
2685
2685
  try {
2686
- let s = [], r = Number(e.query.skip), t = Number(e.query.take);
2687
- r || (r = 0), t || (t = 10), e.query.search ? s = await this.clientSearchFn(
2686
+ let s = [], r = Number(e.query.skip), i = Number(e.query.take);
2687
+ r || (r = 0), i || (i = 10), e.query.search ? s = await this.clientSearchFn(
2688
2688
  e.query.search,
2689
2689
  this.clientStorage,
2690
2690
  e.user.id
2691
2691
  ) : s = await this.clientStorage.getClients(
2692
2692
  r,
2693
- t,
2693
+ i,
2694
2694
  e.user.id
2695
2695
  );
2696
2696
  const n = e.query.next ?? encodeURIComponent(e.url);
2697
- let i = {
2697
+ let t = {
2698
2698
  urlPrefix: this.prefix,
2699
2699
  user: e.user,
2700
2700
  skip: r,
2701
- take: t,
2701
+ take: i,
2702
2702
  clients: s,
2703
2703
  havePrevious: r > 0,
2704
- haveNext: t != null && s.length == t,
2704
+ haveNext: i != null && s.length == i,
2705
2705
  isAdmin: !1,
2706
2706
  next: n
2707
2707
  };
2708
- return e.query.next && (i.next = e.query.next), o.view(this.selectClientPage, i);
2708
+ return e.query.next && (t.next = e.query.next), o.view(this.selectClientPage, t);
2709
2709
  } catch (s) {
2710
2710
  const r = l.asCrossauthError(s);
2711
2711
  return d.logger.error(c({ err: s })), y.sendPageError(
@@ -2748,7 +2748,7 @@ class Ge {
2748
2748
  ), this.sessionServer.app.post(
2749
2749
  this.prefix + "createclient",
2750
2750
  async (e, o) => {
2751
- var r, t;
2751
+ var r, i;
2752
2752
  if (d.logger.info(c({
2753
2753
  msg: "Page visit",
2754
2754
  method: "POST",
@@ -2762,9 +2762,9 @@ class Ge {
2762
2762
  return await this.createClient(
2763
2763
  e,
2764
2764
  o,
2765
- (n, i) => n.view(this.createClientPage, {
2765
+ (n, t) => n.view(this.createClientPage, {
2766
2766
  message: "Created client",
2767
- client: i,
2767
+ client: t,
2768
2768
  csrfToken: e.csrfToken,
2769
2769
  urlPrefix: this.prefix,
2770
2770
  validFlows: this.validFlows,
@@ -2777,12 +2777,12 @@ class Ge {
2777
2777
  e.user
2778
2778
  );
2779
2779
  } catch (n) {
2780
- const i = l.asCrossauthError(n);
2780
+ const t = l.asCrossauthError(n);
2781
2781
  return d.logger.error(c({
2782
2782
  msg: "Failed creating OAuth client",
2783
- user: (t = e.user) == null ? void 0 : t.username,
2784
- errorCodeName: i.codeName,
2785
- errorCode: i.code
2783
+ user: (i = e.user) == null ? void 0 : i.username,
2784
+ errorCodeName: t.codeName,
2785
+ errorCode: t.code
2786
2786
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
2787
2787
  const p = l.asCrossauthError(n).httpStatus;
2788
2788
  return a.status(p).view(this.createClientPage, {
@@ -2823,21 +2823,21 @@ class Ge {
2823
2823
  return await this.createClient(
2824
2824
  e,
2825
2825
  o,
2826
- (t, n) => t.header(...D).send({
2826
+ (i, n) => i.header(...D).send({
2827
2827
  ok: !0,
2828
2828
  client: n
2829
2829
  }),
2830
2830
  e.user
2831
2831
  );
2832
- } catch (t) {
2833
- const n = l.asCrossauthError(t);
2832
+ } catch (i) {
2833
+ const n = l.asCrossauthError(i);
2834
2834
  d.logger.error(c({
2835
2835
  msg: "Create client failure",
2836
2836
  user: (r = e.user) == null ? void 0 : r.username,
2837
2837
  errorCodeName: n.codeName,
2838
2838
  errorCode: n.code
2839
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
2840
- i.status(this.sessionServer.errorStatus(t)).header(...D).send({
2839
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
2840
+ t.status(this.sessionServer.errorStatus(i)).header(...D).send({
2841
2841
  ok: !1,
2842
2842
  errorMessage: a.message,
2843
2843
  errorMessages: a.messages,
@@ -2877,9 +2877,9 @@ class Ge {
2877
2877
  }
2878
2878
  let r = e.query.next;
2879
2879
  r || (e.query.userid ? r = this.prefix + "selectuser" : r = this.prefix + "selectclient");
2880
- let t;
2880
+ let i;
2881
2881
  try {
2882
- e.query.userid && (t = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user);
2882
+ e.query.userid && (i = (await this.sessionServer.userStorage.getUserById(e.query.userid)).user);
2883
2883
  } catch (a) {
2884
2884
  const h = l.asCrossauthError(a);
2885
2885
  return d.logger.debug(c({ err: a })), o.status(h.httpStatus).view(this.sessionServer.errorPage, {
@@ -2892,13 +2892,13 @@ class Ge {
2892
2892
  let n = {};
2893
2893
  for (let a of this.validFlows)
2894
2894
  s.valid_flow.includes(a) && (n[a] = !0);
2895
- let i = {
2895
+ let t = {
2896
2896
  urlPrefix: this.prefix,
2897
2897
  csrfToken: e.csrfToken,
2898
2898
  validFlows: this.validFlows,
2899
2899
  flowNames: E.flowNames(this.validFlows),
2900
2900
  selectedFlows: n,
2901
- user: t,
2901
+ user: i,
2902
2902
  client_id: s.client_id,
2903
2903
  client_name: s.client_name,
2904
2904
  confidential: s.confidential,
@@ -2906,19 +2906,19 @@ class Ge {
2906
2906
  isAdmin: !0,
2907
2907
  next: r
2908
2908
  };
2909
- return o.view(this.updateClientPage, i);
2909
+ return o.view(this.updateClientPage, t);
2910
2910
  }
2911
2911
  ), this.sessionServer.app.post(
2912
2912
  this.prefix + "updateclient/:client_id",
2913
2913
  async (e, o) => {
2914
- var t, n;
2914
+ var i, n;
2915
2915
  if (!this.sessionServer.userStorage) throw new l(g.Configuration, "Cannot call updateclient unless a user storage is provided ");
2916
2916
  d.logger.info(c({
2917
2917
  msg: "Page visit",
2918
2918
  method: "POST",
2919
2919
  url: this.prefix + "updateclient",
2920
2920
  ip: e.ip,
2921
- user: (t = e.user) == null ? void 0 : t.username
2921
+ user: (i = e.user) == null ? void 0 : i.username
2922
2922
  }));
2923
2923
  let s = e.body.next;
2924
2924
  s || (s = this.prefix + "selectuser");
@@ -2928,7 +2928,7 @@ class Ge {
2928
2928
  return e.body.userid && (r = (await this.sessionServer.userStorage.getUserById(e.body.userid)).user), await this.updateClient(
2929
2929
  e,
2930
2930
  o,
2931
- (i, a, h) => i.view(this.updateClientPage, {
2931
+ (t, a, h) => t.view(this.updateClientPage, {
2932
2932
  message: "Updated client",
2933
2933
  client: a,
2934
2934
  csrfToken: e.csrfToken,
@@ -2942,15 +2942,15 @@ class Ge {
2942
2942
  ...e.body
2943
2943
  })
2944
2944
  );
2945
- } catch (i) {
2946
- const a = l.asCrossauthError(i);
2945
+ } catch (t) {
2946
+ const a = l.asCrossauthError(t);
2947
2947
  return d.logger.error(c({
2948
2948
  msg: "Failed updating OAuth client",
2949
2949
  user: (n = e.user) == null ? void 0 : n.username,
2950
2950
  errorCodeName: a.codeName,
2951
2951
  errorCode: a.code
2952
- })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (h, f) => {
2953
- const v = l.asCrossauthError(i).httpStatus;
2952
+ })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (h, f) => {
2953
+ const v = l.asCrossauthError(t).httpStatus;
2954
2954
  let m = {};
2955
2955
  for (let w of this.validFlows)
2956
2956
  w in e.body && (m[w] = !0);
@@ -2993,22 +2993,22 @@ class Ge {
2993
2993
  return e.body.userid && await this.sessionServer.userStorage.getUserById(e.body.userid), await this.updateClient(
2994
2994
  e,
2995
2995
  o,
2996
- (t, n, i) => t.header(...D).send({
2996
+ (i, n, t) => i.header(...D).send({
2997
2997
  ok: !0,
2998
2998
  client: n,
2999
2999
  csrfToken: e.csrfToken,
3000
- newSecret: i
3000
+ newSecret: t
3001
3001
  })
3002
3002
  );
3003
- } catch (t) {
3004
- const n = l.asCrossauthError(t);
3003
+ } catch (i) {
3004
+ const n = l.asCrossauthError(i);
3005
3005
  return d.logger.error(c({
3006
3006
  msg: "Failed updating OAuth client",
3007
3007
  user: (r = e.user) == null ? void 0 : r.username,
3008
3008
  errorCodeName: n.codeName,
3009
3009
  errorCode: n.code
3010
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
3011
- i.status(this.sessionServer.errorStatus(t)).header(...D).send({
3010
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
3011
+ t.status(this.sessionServer.errorStatus(i)).header(...D).send({
3012
3012
  ok: !1,
3013
3013
  errorMessage: a.message,
3014
3014
  errorMessages: a.messages,
@@ -3043,28 +3043,28 @@ class Ge {
3043
3043
  "You may not delete this client"
3044
3044
  );
3045
3045
  } catch (n) {
3046
- const i = l.asCrossauthError(n);
3047
- return d.logger.debug(c({ err: n })), o.status(i.httpStatus).view(this.sessionServer.errorPage, {
3048
- errorMessage: i.message,
3049
- errorMessages: i.messages,
3050
- errorCode: i.code,
3051
- errorCodeName: g[i.code]
3046
+ const t = l.asCrossauthError(n);
3047
+ return d.logger.debug(c({ err: n })), o.status(t.httpStatus).view(this.sessionServer.errorPage, {
3048
+ errorMessage: t.message,
3049
+ errorMessages: t.messages,
3050
+ errorCode: t.code,
3051
+ errorCodeName: g[t.code]
3052
3052
  });
3053
3053
  }
3054
3054
  const r = e.query.next ?? "/";
3055
- let t = {
3055
+ let i = {
3056
3056
  urlPrefix: this.prefix,
3057
3057
  csrfToken: e.csrfToken,
3058
3058
  backUrl: this.prefix + "selectclient",
3059
3059
  client: s,
3060
3060
  next: r
3061
3061
  };
3062
- return o.view(this.deleteClientPage, t);
3062
+ return o.view(this.deleteClientPage, i);
3063
3063
  }
3064
3064
  ), this.sessionServer.app.post(
3065
3065
  this.prefix + "deleteclient/:client_id",
3066
3066
  async (e, o) => {
3067
- var r, t;
3067
+ var r, i;
3068
3068
  if (d.logger.info(c({
3069
3069
  msg: "Page visit",
3070
3070
  method: "POST",
@@ -3088,12 +3088,12 @@ class Ge {
3088
3088
  e.user
3089
3089
  );
3090
3090
  } catch (n) {
3091
- const i = l.asCrossauthError(n);
3091
+ const t = l.asCrossauthError(n);
3092
3092
  return d.logger.error(c({
3093
3093
  msg: "Failed deleting OAuth client",
3094
- user: (t = e.user) == null ? void 0 : t.username,
3095
- errorCodeName: i.codeName,
3096
- errorCode: i.code
3094
+ user: (i = e.user) == null ? void 0 : i.username,
3095
+ errorCodeName: t.codeName,
3096
+ errorCode: t.code
3097
3097
  })), d.logger.debug(c({ err: n })), this.sessionServer.handleError(n, e, o, (a, h) => {
3098
3098
  const p = l.asCrossauthError(n).httpStatus;
3099
3099
  return a.status(p).view(this.deleteClientPage, {
@@ -3132,21 +3132,21 @@ class Ge {
3132
3132
  return await this.deleteClient(
3133
3133
  e,
3134
3134
  o,
3135
- (t) => t.header(...D).send({
3135
+ (i) => i.header(...D).send({
3136
3136
  ok: !0,
3137
3137
  client_id: e.params.client_id
3138
3138
  }),
3139
3139
  e.user
3140
3140
  );
3141
- } catch (t) {
3142
- const n = l.asCrossauthError(t);
3141
+ } catch (i) {
3142
+ const n = l.asCrossauthError(i);
3143
3143
  d.logger.error(c({
3144
3144
  msg: "Delete client failure",
3145
3145
  user: (r = e.user) == null ? void 0 : r.username,
3146
3146
  errorCodeName: n.codeName,
3147
3147
  errorCode: n.code
3148
- })), d.logger.debug(c({ err: t })), this.sessionServer.handleError(t, e, o, (i, a) => {
3149
- i.status(this.sessionServer.errorStatus(t)).header(...D).send({
3148
+ })), d.logger.debug(c({ err: i })), this.sessionServer.handleError(i, e, o, (t, a) => {
3149
+ t.status(this.sessionServer.errorStatus(i)).header(...D).send({
3150
3150
  ok: !1,
3151
3151
  errorMessage: a.message,
3152
3152
  errorMessages: a.messages,
@@ -3164,9 +3164,9 @@ class Ge {
3164
3164
  throw new l(g.InvalidCsrf);
3165
3165
  if (!e.user)
3166
3166
  throw new l(g.InsufficientPriviledges);
3167
- const t = e.body.confidential == "true", n = e.body.client_name, i = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3167
+ const i = e.body.confidential == "true", n = e.body.client_name, t = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3168
3168
  let a = [];
3169
- for (let p of i)
3169
+ for (let p of t)
3170
3170
  try {
3171
3171
  L.validateUri(p);
3172
3172
  } catch (v) {
@@ -3181,9 +3181,9 @@ class Ge {
3181
3181
  e.body[E.AuthorizationCode] && h.push(E.AuthorizationCode), e.body[E.AuthorizationCodeWithPKCE] && h.push(E.AuthorizationCodeWithPKCE), e.body[E.ClientCredentials] && h.push(E.ClientCredentials), e.body[E.RefreshToken] && h.push(E.RefreshToken), e.body[E.DeviceCode] && h.push(E.DeviceCode), e.body[E.Password] && h.push(E.Password), e.body[E.PasswordMfa] && h.push(E.PasswordMfa), e.body[E.OidcAuthorizationCode] && h.push(E.OidcAuthorizationCode);
3182
3182
  const f = await this.clientManager.createClient(
3183
3183
  n,
3184
- i,
3185
- h,
3186
3184
  t,
3185
+ h,
3186
+ i,
3187
3187
  r == null ? void 0 : r.id
3188
3188
  );
3189
3189
  return s(o, f);
@@ -3194,26 +3194,26 @@ class Ge {
3194
3194
  if (!e.user)
3195
3195
  throw new l(g.InsufficientPriviledges);
3196
3196
  const r = e.body.redirect_uris.trim().length == 0 ? [] : e.body.redirect_uris.trim().split(/[, ][ \t\n]*/);
3197
- let t = [];
3197
+ let i = [];
3198
3198
  for (let p of r)
3199
3199
  try {
3200
3200
  L.validateUri(p);
3201
3201
  } catch (v) {
3202
- d.logger.error(c({ err: v })), t.push("[" + p + "]");
3202
+ d.logger.error(c({ err: v })), i.push("[" + p + "]");
3203
3203
  }
3204
- if (t.length > 0)
3204
+ if (i.length > 0)
3205
3205
  throw new l(
3206
3206
  g.BadRequest,
3207
- "The following redirect URIs are invalid: " + t.join(" ")
3207
+ "The following redirect URIs are invalid: " + i.join(" ")
3208
3208
  );
3209
3209
  let n = [];
3210
3210
  for (let p of this.validFlows)
3211
3211
  p in e.body && n.push(p);
3212
- const i = {};
3213
- i.client_name = e.body.client_name, i.confidential = e.body.confidential == "true", i.valid_flow = n, i.redirect_uri = r, i.userid = e.user.id;
3212
+ const t = {};
3213
+ t.client_name = e.body.client_name, t.confidential = e.body.confidential == "true", t.valid_flow = n, t.redirect_uri = r, t.userid = e.user.id;
3214
3214
  const a = e.body.resetSecret == "true", { client: h, newSecret: f } = await this.clientManager.updateClient(
3215
3215
  e.params.client_id,
3216
- i,
3216
+ t,
3217
3217
  a
3218
3218
  );
3219
3219
  return s(o, h, f);
@@ -3338,22 +3338,22 @@ function je(S) {
3338
3338
  return S.username == null ? e.push("Username must be given") : S.username.length < 2 ? e.push("Username must be at least 2 characters") : S.username.length > 254 && e.push("Username must be no longer than 254 characters"), e;
3339
3339
  }
3340
3340
  function We(S, e, o, s) {
3341
- let t = {
3341
+ let i = {
3342
3342
  username: S.body.username,
3343
3343
  state: "active"
3344
3344
  };
3345
3345
  const n = S.user && y.isAdmin(S.user);
3346
- for (let i in S.body) {
3347
- let a = i.replace(/^user_/, "");
3348
- i.startsWith("user_") && (n || e.includes(a)) && (t[a] = S.body[i]);
3346
+ for (let t in S.body) {
3347
+ let a = t.replace(/^user_/, "");
3348
+ t.startsWith("user_") && (n || e.includes(a)) && (i[a] = S.body[t]);
3349
3349
  }
3350
- return t.factor1 = "localpassword", S.body.factor1 && o.includes("" + S.body.factor1) && (t.factor1 = S.body.factor1), S.body.factor2 && s.includes("" + S.body.factor2) && (t.factor2 = S.body.factor2), t;
3350
+ return i.factor1 = "localpassword", S.body.factor1 && o.includes("" + S.body.factor1) && (i.factor1 = S.body.factor1), S.body.factor2 && s.includes("" + S.body.factor2) && (i.factor2 = S.body.factor2), i;
3351
3351
  }
3352
3352
  function Je(S, e, o) {
3353
3353
  const s = e.user && y.isAdmin(e.user);
3354
3354
  for (let r in e.body) {
3355
- let t = r.replace(/^user_/, "");
3356
- r.startsWith("user_") && (s || o.includes(t)) && (S[t] = e.body[r]);
3355
+ let i = r.replace(/^user_/, "");
3356
+ r.startsWith("user_") && (s || o.includes(i)) && (S[i] = e.body[r]);
3357
3357
  }
3358
3358
  return S;
3359
3359
  }
@@ -3473,23 +3473,23 @@ class Ke {
3473
3473
  u(this, "userAllowedFactor1", ["localpassword"]);
3474
3474
  u(this, "adminAllowedFactor1", ["localpassword"]);
3475
3475
  this.app = e, this.userEndpoints = new De(this, r), this.adminEndpoints = new He(this, r), C("prefix", k.String, this, r, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), this.prefix.startsWith("/") || "" + this.prefix, this.loginUrl = this.prefix + "login", C("signupPage", k.String, this, r, "SIGNUP_PAGE"), C("loginPage", k.String, this, r, "LOGIN_PAGE"), C("factor2Page", k.String, this, r, "FACTOR2_PAGE"), C("configureFactor2Page", k.String, this, r, "SIGNUP_FACTOR2_PAGE"), C("errorPage", k.String, this, r, "ERROR_PAGE"), C("allowedFactor2", k.JsonArray, this, r, "ALLOWED_FACTOR2"), C("enableEmailVerification", k.Boolean, this, r, "ENABLE_EMAIL_VERIFICATION"), C("enablePasswordReset", k.Boolean, this, r, "ENABLE_PASSWORD_RESET"), C("factor2ProtectedPageEndpoints", k.JsonArray, this, r, "FACTOR2_PROTECTED_PAGE_ENDPOINTS"), C("factor2ProtectedApiEndpoints", k.JsonArray, this, r, "FACTOR2_PROTECTED_API_ENDPOINTS"), C("enableAdminEndpoints", k.Boolean, this, r, "ENABLE_ADMIN_ENDPOINTS"), C("enableOAuthClientManagement", k.Boolean, this, r, "ENABLE_OAUTH_CLIENT_MANAGEMENT"), C("editUserScope", k.String, this, r, "EDIT_USER_SCOPE"), C("userAllowedFactor1", k.JsonArray, this, r, "USER_ALLOWED_FACTOR1"), C("adminAllowedFactor1", k.JsonArray, this, r, "ADMIN_ALLOWED_FACTOR1"), C("loginRedirect", k.JsonArray, this, r, "LOGIN_REDIRECT"), C("logoutRedirect", k.JsonArray, this, r, "LOGOUT_REDIRECT"), r.validateUserFn && (this.validateUserFn = r.validateUserFn), r.createUserFn && (this.createUserFn = r.createUserFn), r.updateUserFn && (this.updateUserFn = r.updateUserFn), r.addToSession && (this.addToSession = r.addToSession), r.validateSession && (this.validateSession = r.validateSession), this.endpoints = [...he, ...le], this.endpoints = [...this.endpoints, ...se, ...ie], this.enableAdminEndpoints && (this.endpoints = [...this.endpoints, ...re, ...te]), this.enableOAuthClientManagement && (this.endpoints = [...this.endpoints, ...Z, ...ee, ...Q, ...q]), this.enableEmailVerification && (this.endpoints = [...this.endpoints, ...ae, ...ne]), this.enablePasswordReset && (this.endpoints = [...this.endpoints, ...de, ...ce]), r.endpoints && (C("endpoints", k.JsonArray, this, r, "SESSION_ENDPOINTS"), this.endpoints.length == 1 && this.endpoints[0] == "all" && (this.endpoints = Ve), this.endpoints.length == 1 && this.endpoints[0] == "allMinusOAuth" && (this.endpoints = Be)), this.allowedFactor2.length > 0 && (this.endpoints = [...this.endpoints, ...ge, ...oe]);
3476
- let t = !1;
3477
- for (let i of this.endpoints)
3478
- if (q.includes(i) || Q.includes(i)) {
3479
- t = !0;
3476
+ let i = !1;
3477
+ for (let t of this.endpoints)
3478
+ if (q.includes(t) || Q.includes(t)) {
3479
+ i = !0;
3480
3480
  break;
3481
3481
  }
3482
- t && (this.adminClientEndpoints = new Le(this, r));
3482
+ i && (this.adminClientEndpoints = new Le(this, r));
3483
3483
  let n = !1;
3484
- for (let i of this.endpoints)
3485
- if (ee.includes(i) || Z.includes(i)) {
3484
+ for (let t of this.endpoints)
3485
+ if (ee.includes(t) || Z.includes(t)) {
3486
3486
  n = !0;
3487
3487
  break;
3488
3488
  }
3489
- n && (this.userClientEndpoints = new Ge(this, r)), this.addEndpoints(), C("endpoints", k.JsonArray, this, r, "ENDPOINTS"), r.userStorage && (this.userStorage = r.userStorage), this.authenticators = s, this.sessionManager = new Ae(o, s, r), e.addHook("preHandler", async (i, a) => {
3489
+ n && (this.userClientEndpoints = new Ge(this, r)), this.addEndpoints(), C("endpoints", k.JsonArray, this, r, "ENDPOINTS"), r.userStorage && (this.userStorage = r.userStorage), this.authenticators = s, this.sessionManager = new Ae(o, s, r), e.addHook("preHandler", async (t, a) => {
3490
3490
  var v, m;
3491
3491
  d.logger.debug(c({ message: "Getting session cookie" }));
3492
- let h = this.getSessionCookieValue(i), f = {};
3492
+ let h = this.getSessionCookieValue(t), f = {};
3493
3493
  if (h)
3494
3494
  try {
3495
3495
  f.hashedSessionId = F.hash(this.sessionManager.getSessionId(h));
@@ -3499,68 +3499,68 @@ class Ke {
3499
3499
  d.logger.debug(c({ message: "Getting csrf cookie" }));
3500
3500
  let p;
3501
3501
  try {
3502
- p = this.getCsrfCookieValue(i), p && this.sessionManager.validateCsrfCookie(p);
3502
+ p = this.getCsrfCookieValue(t), p && this.sessionManager.validateCsrfCookie(p);
3503
3503
  } catch (w) {
3504
- d.logger.warn(c({ message: "Invalid csrf cookie received", cerr: w, hashedCsrfCookie: this.getHashOfCsrfCookie(i) })), a.clearCookie(this.sessionManager.csrfCookieName), p = void 0;
3504
+ d.logger.warn(c({ message: "Invalid csrf cookie received", cerr: w, hashedCsrfCookie: this.getHashOfCsrfCookie(t) })), a.clearCookie(this.sessionManager.csrfCookieName), p = void 0;
3505
3505
  }
3506
- if (["GET", "OPTIONS", "HEAD"].includes(i.method))
3506
+ if (["GET", "OPTIONS", "HEAD"].includes(t.method))
3507
3507
  try {
3508
3508
  if (p) {
3509
3509
  d.logger.debug(c({ message: "Valid CSRF cookie - creating token" }));
3510
3510
  const w = await this.sessionManager.createCsrfFormOrHeaderValue(p);
3511
- i.csrfToken = w;
3511
+ t.csrfToken = w;
3512
3512
  } else {
3513
3513
  d.logger.debug(c({ message: "Invalid CSRF cookie - recreating" }));
3514
3514
  const { csrfCookie: w, csrfFormOrHeaderValue: P } = await this.sessionManager.createCsrfToken();
3515
- a.setCookie(w.name, w.value, w.options), i.csrfToken = P;
3515
+ a.setCookie(w.name, w.value, w.options), t.csrfToken = P;
3516
3516
  }
3517
- a.header(this.sessionManager.csrfHeaderName, i.csrfToken);
3517
+ a.header(this.sessionManager.csrfHeaderName, t.csrfToken);
3518
3518
  } catch (w) {
3519
3519
  d.logger.error(c({
3520
3520
  message: "Couldn't create CSRF token",
3521
3521
  cerr: w,
3522
- user: (v = i.user) == null ? void 0 : v.username,
3522
+ user: (v = t.user) == null ? void 0 : v.username,
3523
3523
  ...f
3524
3524
  })), d.logger.debug(c({ err: w })), a.clearCookie(this.sessionManager.csrfCookieName);
3525
3525
  }
3526
3526
  else if (p)
3527
3527
  try {
3528
- this.csrfToken(i, a);
3528
+ this.csrfToken(t, a);
3529
3529
  } catch (w) {
3530
3530
  d.logger.error(c({
3531
3531
  message: "Couldn't create CSRF token",
3532
3532
  cerr: w,
3533
- user: (m = i.user) == null ? void 0 : m.username,
3533
+ user: (m = t.user) == null ? void 0 : m.username,
3534
3534
  ...f
3535
3535
  })), d.logger.debug(c({ err: w }));
3536
3536
  }
3537
- if (h = this.getSessionCookieValue(i), h)
3537
+ if (h = this.getSessionCookieValue(t), h)
3538
3538
  try {
3539
3539
  const w = this.sessionManager.getSessionId(h);
3540
3540
  let { key: P, user: T } = await this.sessionManager.userForSessionId(w);
3541
3541
  this.validateSession && this.validateSession(
3542
3542
  P,
3543
3543
  T,
3544
- i
3545
- ), i.sessionId = w, i.user = T, i.authType = "cookie", d.logger.debug(c({
3544
+ t
3545
+ ), t.sessionId = w, t.user = T, t.authType = "cookie", d.logger.debug(c({
3546
3546
  message: "Valid session id",
3547
3547
  user: T == null ? void 0 : T.username
3548
3548
  }));
3549
3549
  } catch {
3550
3550
  d.logger.warn(c({
3551
3551
  message: "Invalid session cookie received",
3552
- hashOfSessionId: this.getHashOfSessionId(i)
3552
+ hashOfSessionId: this.getHashOfSessionId(t)
3553
3553
  })), a.clearCookie(this.sessionManager.sessionCookieName);
3554
3554
  }
3555
3555
  }), e.addHook(
3556
3556
  "preHandler",
3557
- async (i, a) => {
3557
+ async (t, a) => {
3558
3558
  var f, p, v;
3559
- const h = this.getSessionCookieValue(i);
3560
- if (h && ((f = i.user) != null && f.factor2) && (this.factor2ProtectedPageEndpoints.includes(i.url) || this.factor2ProtectedApiEndpoints.includes(i.url))) {
3559
+ const h = this.getSessionCookieValue(t);
3560
+ if (h && ((f = t.user) != null && f.factor2) && (this.factor2ProtectedPageEndpoints.includes(t.url) || this.factor2ProtectedApiEndpoints.includes(t.url))) {
3561
3561
  const m = this.sessionManager.getSessionId(h);
3562
- if (["GET", "OPTIONS", "HEAD"].includes(i.method)) {
3563
- const w = this.getSessionCookieValue(i);
3562
+ if (["GET", "OPTIONS", "HEAD"].includes(t.method)) {
3563
+ const w = this.getSessionCookieValue(t);
3564
3564
  if (w) {
3565
3565
  const P = this.sessionManager.getSessionId(w);
3566
3566
  if ("pre2fa" in await this.sessionManager.dataForSessionId(P)) {
@@ -3568,7 +3568,7 @@ class Ke {
3568
3568
  try {
3569
3569
  await this.sessionManager.cancelTwoFactorPageVisit(P);
3570
3570
  } catch (N) {
3571
- d.logger.debug(c({ err: N })), d.logger.error(c({ message: "Failed cancelling 2FA", cerr: N, user: (v = i.user) == null ? void 0 : v.username, hashOfSessionId: this.getHashOfSessionId(i) }));
3571
+ d.logger.debug(c({ err: N })), d.logger.error(c({ message: "Failed cancelling 2FA", cerr: N, user: (v = t.user) == null ? void 0 : v.username, hashOfSessionId: this.getHashOfSessionId(t) }));
3572
3572
  }
3573
3573
  }
3574
3574
  }
@@ -3578,8 +3578,8 @@ class Ke {
3578
3578
  d.logger.debug("Completing 2FA");
3579
3579
  const T = [...this.authenticators[w.pre2fa.factor2].transientSecretNames()];
3580
3580
  let N = {};
3581
- for (let M in i.body)
3582
- T.includes(M) && (N[M] = i.body[M]);
3581
+ for (let M in t.body)
3582
+ T.includes(M) && (N[M] = t.body[M]);
3583
3583
  let b;
3584
3584
  try {
3585
3585
  await this.sessionManager.completeTwoFactorPageVisit(N, m);
@@ -3589,28 +3589,28 @@ class Ke {
3589
3589
  d.logger.error(c({
3590
3590
  message: b.message,
3591
3591
  cerr: M,
3592
- user: i.body.username,
3592
+ user: t.body.username,
3593
3593
  errorCode: I.code,
3594
3594
  errorCodeName: I.codeName
3595
3595
  }));
3596
3596
  }
3597
- if (i.body = w.pre2fa.body, b)
3597
+ if (t.body = w.pre2fa.body, b)
3598
3598
  if (b.code == g.Expired) {
3599
3599
  d.logger.debug("Error - cancelling 2FA");
3600
3600
  try {
3601
3601
  await this.sessionManager.cancelTwoFactorPageVisit(m);
3602
3602
  } catch (M) {
3603
- d.logger.error(c({ message: "Failed cancelling 2FA", cerr: M, user: (p = i.user) == null ? void 0 : p.username, hashOfSessionId: this.getHashOfSessionId(i) })), d.logger.debug(c({ err: M }));
3603
+ d.logger.error(c({ message: "Failed cancelling 2FA", cerr: M, user: (p = t.user) == null ? void 0 : p.username, hashOfSessionId: this.getHashOfSessionId(t) })), d.logger.debug(c({ err: M }));
3604
3604
  }
3605
- i.body = {
3606
- ...i.body,
3605
+ t.body = {
3606
+ ...t.body,
3607
3607
  errorMessage: b.message,
3608
3608
  errorMessages: b.message,
3609
3609
  errorCode: "" + b.code,
3610
3610
  errorCodeName: g[b.code]
3611
3611
  };
3612
3612
  } else
3613
- return this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2?error=" + g[b.code]) : a.status(b.httpStatus).send(JSON.stringify({
3613
+ return this.factor2ProtectedPageEndpoints.includes(t.url) ? a.redirect(this.prefix + "factor2?error=" + g[b.code]) : a.status(b.httpStatus).send(JSON.stringify({
3614
3614
  ok: !1,
3615
3615
  errorMessage: b.message,
3616
3616
  errorMessages: b.messages,
@@ -3618,7 +3618,7 @@ class Ke {
3618
3618
  errorCodeName: g[b.code]
3619
3619
  }));
3620
3620
  } else
3621
- return this.validateCsrfToken(i), d.logger.debug("Starting 2FA"), await this.sessionManager.initiateTwoFactorPageVisit(i.user, m, i.body, i.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(i.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3621
+ return this.validateCsrfToken(t), d.logger.debug("Starting 2FA"), await this.sessionManager.initiateTwoFactorPageVisit(t.user, m, t.body, t.url.replace(/\?.*$/, "")), this.factor2ProtectedPageEndpoints.includes(t.url) ? a.redirect(this.prefix + "factor2") : a.send(JSON.stringify({
3622
3622
  ok: !0,
3623
3623
  factor2Required: !0
3624
3624
  }));
@@ -3685,13 +3685,13 @@ class Ke {
3685
3685
  return await this.login(
3686
3686
  e,
3687
3687
  o,
3688
- (r, t) => {
3689
- if (t.state == O.passwordChangeNeeded) {
3688
+ (r, i) => {
3689
+ if (i.state == O.passwordChangeNeeded) {
3690
3690
  if (this.endpoints.includes("changepassword"))
3691
3691
  return d.logger.debug(c({ message: "Password change needed - sending redirect" })), r.redirect("/changepassword?required=true&next=" + encodeURIComponent("login?next=" + s));
3692
3692
  {
3693
3693
  const n = new l(g.PasswordChangeNeeded);
3694
- return this.handleError(n, e, r, (i, a) => i.view(this.loginPage, {
3694
+ return this.handleError(n, e, r, (t, a) => t.view(this.loginPage, {
3695
3695
  errorMessage: a.message,
3696
3696
  errorMessages: a.messages,
3697
3697
  errorCode: a.code,
@@ -3703,10 +3703,10 @@ class Ke {
3703
3703
  urlPrefix: this.prefix
3704
3704
  }));
3705
3705
  }
3706
- } else if (t.state == O.passwordResetNeeded || t.state == O.passwordAndFactor2ResetNeeded) {
3706
+ } else if (i.state == O.passwordResetNeeded || i.state == O.passwordAndFactor2ResetNeeded) {
3707
3707
  d.logger.debug(c({ message: "Password reset needed - sending error" }));
3708
3708
  const n = new l(g.PasswordResetNeeded);
3709
- return this.handleError(n, e, r, (i, a) => i.view(this.loginPage, {
3709
+ return this.handleError(n, e, r, (t, a) => t.view(this.loginPage, {
3710
3710
  errorMessage: a.message,
3711
3711
  errorMessages: a.messages,
3712
3712
  errorCode: a.code,
@@ -3717,15 +3717,15 @@ class Ke {
3717
3717
  csrfToken: e.csrfToken,
3718
3718
  urlPrefix: this.prefix
3719
3719
  }));
3720
- } else if (this.allowedFactor2.length > 0 && (t.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(t.factor2 ? t.factor2 : "none"))) {
3720
+ } else if (this.allowedFactor2.length > 0 && (i.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(i.factor2 ? i.factor2 : "none"))) {
3721
3721
  if (d.logger.debug(c({
3722
- message: `Factor2 reset needed. Factor2 is ${t.factor2}, state is ${t.state}, allowed factor2 is [${this.allowedFactor2.join(", ")}]`,
3723
- username: t.username
3722
+ message: `Factor2 reset needed. Factor2 is ${i.factor2}, state is ${i.state}, allowed factor2 is [${this.allowedFactor2.join(", ")}]`,
3723
+ username: i.username
3724
3724
  })), this.endpoints.includes("changefactor2"))
3725
3725
  return d.logger.debug(c({ message: "Factor 2 reset needed - sending redirect" })), r.redirect("/changefactor2?required=true&next=" + encodeURIComponent("login?next=" + s));
3726
3726
  {
3727
3727
  const n = new l(g.Factor2ResetNeeded);
3728
- return this.handleError(n, e, r, (i, a) => i.view(this.loginPage, {
3728
+ return this.handleError(n, e, r, (t, a) => t.view(this.loginPage, {
3729
3729
  errorMessage: a.message,
3730
3730
  errorMessages: a.messages,
3731
3731
  errorCode: a.code,
@@ -3738,7 +3738,7 @@ class Ke {
3738
3738
  }));
3739
3739
  }
3740
3740
  } else {
3741
- if (!t.factor2 || t.factor2.length == 0)
3741
+ if (!i.factor2 || i.factor2.length == 0)
3742
3742
  return d.logger.debug(c({ message: "Successful login - sending redirect" })), r.redirect(s);
3743
3743
  {
3744
3744
  let n = {
@@ -3746,7 +3746,7 @@ class Ke {
3746
3746
  next: e.body.next ?? this.loginRedirect,
3747
3747
  persist: e.body.persist ? "on" : "",
3748
3748
  urlPrefix: this.prefix,
3749
- factor2: t.factor2,
3749
+ factor2: i.factor2,
3750
3750
  action: "loginfactor2"
3751
3751
  };
3752
3752
  return r.view(this.factor2Page, n);
@@ -3755,7 +3755,7 @@ class Ke {
3755
3755
  }
3756
3756
  );
3757
3757
  } catch (r) {
3758
- return d.logger.debug(c({ err: r })), this.handleError(r, e, o, (t, n) => t.view(this.loginPage, {
3758
+ return d.logger.debug(c({ err: r })), this.handleError(r, e, o, (i, n) => i.view(this.loginPage, {
3759
3759
  errorMessage: n.message,
3760
3760
  errorMessages: n.messages,
3761
3761
  errorCode: n.code,
@@ -3780,33 +3780,33 @@ class Ke {
3780
3780
  return d.logger.debug(c({ message: "Next page " + s })), await this.loginFactor2(
3781
3781
  e,
3782
3782
  o,
3783
- (r, t) => (d.logger.debug(c({ message: "Successful login - sending redirect to" })), r.redirect(s))
3783
+ (r, i) => (d.logger.debug(c({ message: "Successful login - sending redirect to" })), r.redirect(s))
3784
3784
  );
3785
3785
  } catch (r) {
3786
3786
  d.logger.debug(c({ err: r }));
3787
- let t;
3787
+ let i;
3788
3788
  try {
3789
3789
  const n = e.sessionId ? await this.sessionManager.dataForSessionId(e.sessionId) : void 0;
3790
- t = n == null ? void 0 : n.factor2;
3790
+ i = n == null ? void 0 : n.factor2;
3791
3791
  } catch (n) {
3792
3792
  d.logger.error(c({ err: n }));
3793
3793
  }
3794
- return t && t in this.authenticators ? this.handleError(r, e, o, (n, i) => n.view(this.factor2Page, {
3795
- errorMessage: i.message,
3796
- errorMessages: i.messages,
3797
- errorCode: i.code,
3798
- errorCodeName: g[i.code],
3794
+ return i && i in this.authenticators ? this.handleError(r, e, o, (n, t) => n.view(this.factor2Page, {
3795
+ errorMessage: t.message,
3796
+ errorMessages: t.messages,
3797
+ errorCode: t.code,
3798
+ errorCodeName: g[t.code],
3799
3799
  next: e.body.next,
3800
3800
  persist: e.body.persist ? "on" : "",
3801
3801
  csrfToken: e.csrfToken,
3802
3802
  urlPrefix: this.prefix,
3803
- factor2: t,
3803
+ factor2: i,
3804
3804
  action: "loginfactor2"
3805
- })) : this.handleError(r, e, o, (n, i) => n.view(this.loginPage, {
3806
- errorMessage: i.message,
3807
- errorMessages: i.messages,
3808
- errorCode: i.code,
3809
- errorCodeName: g[i.code],
3805
+ })) : this.handleError(r, e, o, (n, t) => n.view(this.loginPage, {
3806
+ errorMessage: t.message,
3807
+ errorMessages: t.messages,
3808
+ errorCode: t.code,
3809
+ errorCodeName: g[t.code],
3810
3810
  next: e.body.next,
3811
3811
  persist: e.body.persist ? "on" : "",
3812
3812
  csrfToken: e.csrfToken,
@@ -3829,17 +3829,17 @@ class Ke {
3829
3829
  g.Unauthorized,
3830
3830
  "No session cookie present"
3831
3831
  );
3832
- const s = this.getSessionCookieValue(e), r = this.sessionManager.getSessionId(s ?? ""), t = await this.sessionManager.dataForSessionId(r);
3833
- if (!(t != null && t.pre2fa)) throw new l(
3832
+ const s = this.getSessionCookieValue(e), r = this.sessionManager.getSessionId(s ?? ""), i = await this.sessionManager.dataForSessionId(r);
3833
+ if (!(i != null && i.pre2fa)) throw new l(
3834
3834
  g.Unauthorized,
3835
3835
  "2FA not initiated"
3836
3836
  );
3837
3837
  let n = {
3838
3838
  urlPrefix: this.prefix,
3839
3839
  csrfToken: e.csrfToken,
3840
- action: t.pre2fa.url,
3840
+ action: i.pre2fa.url,
3841
3841
  errorCodeName: e.query.error,
3842
- factor2: t.pre2fa.factor2
3842
+ factor2: i.pre2fa.factor2
3843
3843
  };
3844
3844
  return o.view(this.factor2Page, n);
3845
3845
  }
@@ -3877,39 +3877,39 @@ class Ke {
3877
3877
  return d.logger.debug(c({ message: "Next page " + s })), await this.signup(
3878
3878
  e,
3879
3879
  o,
3880
- (r, t, n) => {
3880
+ (r, i, n) => {
3881
3881
  var a, h;
3882
- const i = (a = t == null ? void 0 : t.userData) != null && a.factor2 ? this.authenticators[t.userData.factor2] : void 0;
3883
- return (h = t.userData) != null && h.factor2 ? r.view(this.configureFactor2Page, {
3884
- csrfToken: t.csrfToken,
3885
- ...t.userData
3886
- }) : this.enableEmailVerification && (i == null || i.skipEmailVerificationOnSignup() != !0) ? r.view(this.signupPage, {
3882
+ const t = (a = i == null ? void 0 : i.userData) != null && a.factor2 ? this.authenticators[i.userData.factor2] : void 0;
3883
+ return (h = i.userData) != null && h.factor2 ? r.view(this.configureFactor2Page, {
3884
+ csrfToken: i.csrfToken,
3885
+ ...i.userData
3886
+ }) : this.enableEmailVerification && (t == null || t.skipEmailVerificationOnSignup() != !0) ? r.view(this.signupPage, {
3887
3887
  next: s,
3888
3888
  csrfToken: e.csrfToken,
3889
3889
  message: "Please check your email to finish signing up.",
3890
3890
  allowedFactor2: this.allowedFactor2Details(),
3891
3891
  urlPrefix: this.prefix,
3892
3892
  factor2: e.body.factor2,
3893
- ...t.userData
3893
+ ...i.userData
3894
3894
  }) : r.redirect(this.loginRedirect);
3895
3895
  }
3896
3896
  );
3897
3897
  } catch (r) {
3898
- const t = l.asCrossauthError(r);
3898
+ const i = l.asCrossauthError(r);
3899
3899
  return d.logger.error(c({
3900
3900
  message: "Signup failure",
3901
3901
  user: e.body.username,
3902
- errorCodeName: t.codeName,
3903
- errorCode: t.code
3904
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (n, i) => {
3902
+ errorCodeName: i.codeName,
3903
+ errorCode: i.code
3904
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (n, t) => {
3905
3905
  let a = {};
3906
3906
  for (let h in e.body)
3907
3907
  h.startsWith("user_") && (a[h] = e.body[h]);
3908
3908
  return n.view(this.signupPage, {
3909
- errorMessage: i.message,
3910
- errorMessages: i.messages,
3911
- errorCode: i.code,
3912
- errorCodeName: g[i.code],
3909
+ errorMessage: t.message,
3910
+ errorMessages: t.messages,
3911
+ errorCode: t.code,
3912
+ errorCodeName: g[t.code],
3913
3913
  next: s,
3914
3914
  persist: e.body.persist,
3915
3915
  username: e.body.username,
@@ -3940,16 +3940,16 @@ class Ke {
3940
3940
  return await this.logout(
3941
3941
  e,
3942
3942
  o,
3943
- (t) => t.redirect(e.body.next ? e.body.next : this.logoutRedirect)
3943
+ (i) => i.redirect(e.body.next ? e.body.next : this.logoutRedirect)
3944
3944
  );
3945
- } catch (t) {
3946
- const n = l.asCrossauthError(t);
3945
+ } catch (i) {
3946
+ const n = l.asCrossauthError(i);
3947
3947
  return d.logger.error(c({
3948
3948
  message: "Logout failure",
3949
3949
  user: (r = e.user) == null ? void 0 : r.username,
3950
3950
  errorCodeName: n.codeName,
3951
3951
  errorCode: n.code
3952
- })), d.logger.debug(c({ err: t })), this.handleError(t, e, o, (i, a) => i.view(this.errorPage, {
3952
+ })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, a) => t.view(this.errorPage, {
3953
3953
  urlPrefix: this.prefix,
3954
3954
  errorMessage: a.message,
3955
3955
  errorMessages: a.messages,
@@ -3978,36 +3978,36 @@ class Ke {
3978
3978
  o,
3979
3979
  (s, r) => {
3980
3980
  if (r.state == O.passwordChangeNeeded) {
3981
- const t = new l(g.PasswordChangeNeeded);
3982
- return this.handleError(t, e, s, (n, i) => {
3983
- n.status(this.errorStatus(t)).header(...A).send({
3981
+ const i = new l(g.PasswordChangeNeeded);
3982
+ return this.handleError(i, e, s, (n, t) => {
3983
+ n.status(this.errorStatus(i)).header(...A).send({
3984
3984
  ok: !1,
3985
- errorMessage: i.message,
3986
- errorMessages: i.messages,
3987
- errorCode: i.code,
3988
- errorCodeName: g[i.code]
3985
+ errorMessage: t.message,
3986
+ errorMessages: t.messages,
3987
+ errorCode: t.code,
3988
+ errorCodeName: g[t.code]
3989
3989
  });
3990
3990
  });
3991
3991
  } else if (r.state == O.passwordResetNeeded || r.state == O.passwordAndFactor2ResetNeeded) {
3992
- const t = new l(g.PasswordResetNeeded);
3993
- return this.handleError(t, e, s, (n, i) => {
3994
- n.status(this.errorStatus(t)).header(...A).send({
3992
+ const i = new l(g.PasswordResetNeeded);
3993
+ return this.handleError(i, e, s, (n, t) => {
3994
+ n.status(this.errorStatus(i)).header(...A).send({
3995
3995
  ok: !1,
3996
- errorMessage: i.message,
3997
- errorMessages: i.messages,
3998
- errorCode: i.code,
3999
- errorCodeName: g[i.code]
3996
+ errorMessage: t.message,
3997
+ errorMessages: t.messages,
3998
+ errorCode: t.code,
3999
+ errorCodeName: g[t.code]
4000
4000
  });
4001
4001
  });
4002
4002
  } else if (this.allowedFactor2.length > 0 && (r.state == O.factor2ResetNeeded || !this.allowedFactor2.includes(r.factor2 ? r.factor2 : "none"))) {
4003
- const t = new l(g.Factor2ResetNeeded);
4004
- return this.handleError(t, e, s, (n, i) => {
4005
- n.status(this.errorStatus(t)).header(...A).send({
4003
+ const i = new l(g.Factor2ResetNeeded);
4004
+ return this.handleError(i, e, s, (n, t) => {
4005
+ n.status(this.errorStatus(i)).header(...A).send({
4006
4006
  ok: !1,
4007
- errorMessage: i.message,
4008
- errorMessages: i.messages,
4009
- errorCode: i.code,
4010
- errorCodeName: g[i.code]
4007
+ errorMessage: t.message,
4008
+ errorMessages: t.messages,
4009
+ errorCode: t.code,
4010
+ errorCodeName: g[t.code]
4011
4011
  });
4012
4012
  });
4013
4013
  } else return "factor2" in r && r.factor2 != "" && r.factor2 in this.authenticators ? s.header(...A).send({ ok: !0, twoFactorRequired: !0 }) : s.header(...A).send({ ok: !0, user: r });
@@ -4020,8 +4020,8 @@ class Ke {
4020
4020
  user: e.body.username,
4021
4021
  errorCodeName: r.codeName,
4022
4022
  errorCode: r.code
4023
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (t, n) => {
4024
- t.status(this.errorStatus(s)).header(...A).send({
4023
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, n) => {
4024
+ i.status(this.errorStatus(s)).header(...A).send({
4025
4025
  ok: !1,
4026
4026
  errorMessage: n.message,
4027
4027
  errorMessages: n.messages,
@@ -4050,14 +4050,14 @@ class Ke {
4050
4050
  (s) => s.header(...A).send({ ok: !0 })
4051
4051
  );
4052
4052
  } catch (s) {
4053
- const t = e.user || "", n = l.asCrossauthError(s);
4053
+ const i = e.user || "", n = l.asCrossauthError(s);
4054
4054
  return d.logger.error(c({
4055
4055
  message: "Cancel 2FA failure",
4056
- user: t,
4056
+ user: i,
4057
4057
  errorCodeName: n.codeName,
4058
4058
  errorCode: n.code
4059
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, a) => {
4060
- i.status(this.errorStatus(s)).header(...A).send({
4059
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (t, a) => {
4060
+ t.status(this.errorStatus(s)).header(...A).send({
4061
4061
  ok: !1,
4062
4062
  errorMessage: a.message,
4063
4063
  errorMessages: a.messages,
@@ -4092,7 +4092,7 @@ class Ke {
4092
4092
  hashOfSessionId: this.getHashOfSessionId(e),
4093
4093
  errorCodeName: r.codeName,
4094
4094
  errorCode: r.code
4095
- })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (t, n) => t.status(this.errorStatus(s)).header(...A).send({
4095
+ })), d.logger.debug(c({ err: s })), this.handleError(s, e, o, (i, n) => i.status(this.errorStatus(s)).header(...A).send({
4096
4096
  ok: !1,
4097
4097
  errorMessage: n.message,
4098
4098
  errorMessages: n.messages,
@@ -4119,17 +4119,17 @@ class Ke {
4119
4119
  return await this.logout(
4120
4120
  e,
4121
4121
  o,
4122
- (t) => t.header(...A).send({ ok: !0 })
4122
+ (i) => i.header(...A).send({ ok: !0 })
4123
4123
  );
4124
- } catch (t) {
4125
- const n = l.asCrossauthError(t);
4124
+ } catch (i) {
4125
+ const n = l.asCrossauthError(i);
4126
4126
  return d.logger.error(c({
4127
4127
  message: "Logout failure",
4128
4128
  user: (r = e.user) == null ? void 0 : r.username,
4129
4129
  errorCodeName: n.codeName,
4130
4130
  errorCode: n.code
4131
- })), d.logger.debug(c({ err: t })), this.handleError(t, e, o, (i, a) => {
4132
- i.status(this.errorStatus(t)).header(...A).send({
4131
+ })), d.logger.debug(c({ err: i })), this.handleError(i, e, o, (t, a) => {
4132
+ t.status(this.errorStatus(i)).header(...A).send({
4133
4133
  ok: !1,
4134
4134
  errorMessage: a.message,
4135
4135
  errorMessages: a.messages,
@@ -4156,26 +4156,26 @@ class Ke {
4156
4156
  return await this.signup(
4157
4157
  e,
4158
4158
  o,
4159
- (r, t, n) => r.header(...A).send({
4159
+ (r, i, n) => r.header(...A).send({
4160
4160
  ok: !0,
4161
4161
  user: n,
4162
4162
  emailVerificationNeeded: this.enableEmailVerification ?? !1,
4163
- ...t.userData
4163
+ ...i.userData
4164
4164
  })
4165
4165
  );
4166
4166
  } catch (r) {
4167
- const t = l.asCrossauthError(r);
4167
+ const i = l.asCrossauthError(r);
4168
4168
  d.logger.error(c({
4169
4169
  message: "Signup failure",
4170
4170
  user: (s = e.user) == null ? void 0 : s.username,
4171
- errorCodeName: t.codeName,
4172
- errorCode: t.code
4173
- })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (n, i) => {
4171
+ errorCodeName: i.codeName,
4172
+ errorCode: i.code
4173
+ })), d.logger.debug(c({ err: r })), this.handleError(r, e, o, (n, t) => {
4174
4174
  n.status(this.errorStatus(r)).header(...A).send({
4175
4175
  ok: !1,
4176
- errorMessage: i.message,
4177
- errorMessages: i.messages,
4178
- errorCode: g[i.code]
4176
+ errorMessage: t.message,
4177
+ errorMessages: t.messages,
4178
+ errorCode: g[t.code]
4179
4179
  });
4180
4180
  });
4181
4181
  }
@@ -4200,28 +4200,28 @@ class Ke {
4200
4200
  "No CSRF token present"
4201
4201
  );
4202
4202
  try {
4203
- let t;
4204
- return e.sessionId ? (t = (await this.sessionManager.userForSessionId(e.sessionId)).user, o.header(...A).send({ ok: !0, user: t })) : this.sendJsonError(
4203
+ let i;
4204
+ return e.sessionId ? (i = (await this.sessionManager.userForSessionId(e.sessionId)).user, o.header(...A).send({ ok: !0, user: i })) : this.sendJsonError(
4205
4205
  o,
4206
4206
  401,
4207
4207
  "User not logged in"
4208
4208
  );
4209
- } catch (t) {
4210
- const n = l.asCrossauthError(t);
4211
- let i = n.message, a = n.code, h = n.codeName;
4209
+ } catch (i) {
4210
+ const n = l.asCrossauthError(i);
4211
+ let t = n.message, a = n.code, h = n.codeName;
4212
4212
  switch (n.code) {
4213
4213
  case g.UserNotExist:
4214
4214
  case g.PasswordInvalid:
4215
- i = "Invalid username or password", a = g.UsernameOrPasswordInvalid, h = g[a];
4215
+ t = "Invalid username or password", a = g.UsernameOrPasswordInvalid, h = g[a];
4216
4216
  break;
4217
4217
  }
4218
4218
  return d.logger.error(c({
4219
- message: i,
4219
+ message: t,
4220
4220
  user: (r = e.user) == null ? void 0 : r.username,
4221
4221
  hashOfSessionId: this.getHashOfSessionId(e),
4222
4222
  errorCodeName: h,
4223
4223
  errorCode: a
4224
- })), d.logger.debug(c({ err: t })), o.status(this.errorStatus(t)).header(...A).send({
4224
+ })), d.logger.debug(c({ err: i })), o.status(this.errorStatus(i)).header(...A).send({
4225
4225
  ok: !1,
4226
4226
  errorCode: a,
4227
4227
  errorCodeName: h
@@ -4247,15 +4247,15 @@ class Ke {
4247
4247
  ok: !0,
4248
4248
  csrfToken: e.csrfToken
4249
4249
  });
4250
- } catch (t) {
4251
- const n = l.asCrossauthError(t);
4250
+ } catch (i) {
4251
+ const n = l.asCrossauthError(i);
4252
4252
  return d.logger.error(c({
4253
4253
  message: "getcsrftoken failure",
4254
4254
  user: (r = e.user) == null ? void 0 : r.username,
4255
4255
  hashedCsrfCookie: this.getHashOfCsrfCookie(e),
4256
4256
  errorCode: n.code,
4257
4257
  errorCodeName: n.codeName
4258
- })), d.logger.debug(c({ err: t })), o.status(this.errorStatus(t)).header(...A).send({
4258
+ })), d.logger.debug(c({ err: i })), o.status(this.errorStatus(i)).header(...A).send({
4259
4259
  ok: !1,
4260
4260
  errorCode: n.code,
4261
4261
  errorCodeName: n.codeName,
@@ -4272,10 +4272,10 @@ class Ke {
4272
4272
  o,
4273
4273
  e.user
4274
4274
  );
4275
- const r = e.body.username, t = e.body.persist;
4275
+ const r = e.body.username, i = e.body.persist;
4276
4276
  if (!e.csrfToken) throw new l(g.InvalidCsrf);
4277
4277
  const n = this.getSessionCookieValue(e);
4278
- let i = this.addToSession ? this.addToSession(e) : {}, { sessionCookie: a, csrfCookie: h, user: f } = await this.sessionManager.login(r, e.body, i, t);
4278
+ let t = this.addToSession ? this.addToSession(e) : {}, { sessionCookie: a, csrfCookie: h, user: f } = await this.sessionManager.login(r, e.body, t, i);
4279
4279
  if (d.logger.debug(c({
4280
4280
  message: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
4281
4281
  user: e.body.username
@@ -4304,24 +4304,24 @@ class Ke {
4304
4304
  );
4305
4305
  const r = e.sessionId;
4306
4306
  if (!r) throw new l(g.Unauthorized);
4307
- const t = e.body.persist;
4307
+ const i = e.body.persist;
4308
4308
  if (this.isSessionUser(e) && !e.csrfToken) throw new l(g.InvalidCsrf);
4309
4309
  let n = this.addToSession ? this.addToSession(e) : {};
4310
- const { sessionCookie: i, csrfCookie: a, user: h } = await this.sessionManager.completeTwoFactorLogin(
4310
+ const { sessionCookie: t, csrfCookie: a, user: h } = await this.sessionManager.completeTwoFactorLogin(
4311
4311
  e.body,
4312
4312
  r,
4313
4313
  n,
4314
- t
4314
+ i
4315
4315
  );
4316
4316
  return d.logger.debug(c({
4317
- message: "Login: set session cookie " + i.name + " opts " + JSON.stringify(i.options),
4317
+ message: "Login: set session cookie " + t.name + " opts " + JSON.stringify(t.options),
4318
4318
  user: h == null ? void 0 : h.username
4319
4319
  })), o.cookie(
4320
- i.name,
4321
- i.value,
4322
- i.options
4320
+ t.name,
4321
+ t.value,
4322
+ t.options
4323
4323
  ), d.logger.debug(c({
4324
- message: "Login: set csrf cookie " + a.name + " opts " + JSON.stringify(i.options),
4324
+ message: "Login: set csrf cookie " + a.name + " opts " + JSON.stringify(t.options),
4325
4325
  user: h == null ? void 0 : h.username
4326
4326
  })), o.cookie(a.name, a.value, a.options), e.csrfToken = await this.sessionManager.createCsrfFormOrHeaderValue(a.value), s(o, h);
4327
4327
  }
@@ -4333,9 +4333,9 @@ class Ke {
4333
4333
  /**
4334
4334
  * This is called after the user has been validated to log the user in
4335
4335
  */
4336
- async loginWithUser(e, o, s, r, t) {
4336
+ async loginWithUser(e, o, s, r, i) {
4337
4337
  const n = this.getSessionCookieValue(s);
4338
- let i = this.addToSession ? this.addToSession(s) : {}, { sessionCookie: a, csrfCookie: h } = await this.sessionManager.login("", {}, i, void 0, e, o);
4338
+ let t = this.addToSession ? this.addToSession(s) : {}, { sessionCookie: a, csrfCookie: h } = await this.sessionManager.login("", {}, t, void 0, e, o);
4339
4339
  if (d.logger.debug(c({
4340
4340
  message: "Login: set session cookie " + a.name + " opts " + JSON.stringify(a.options),
4341
4341
  user: e.username
@@ -4355,19 +4355,19 @@ class Ke {
4355
4355
  hashOfSessionId: this.getHashOfSessionId(s)
4356
4356
  })), d.logger.debug(c({ err: f }));
4357
4357
  }
4358
- return t(r, e);
4358
+ return i(r, e);
4359
4359
  }
4360
4360
  async signup(e, o, s) {
4361
4361
  if (!this.userStorage) throw new l(g.Configuration, "Cannot call signup unless you provide a user stotage");
4362
4362
  if (this.isSessionUser(e) && !e.csrfToken) throw new l(g.InvalidCsrf);
4363
- const r = e.body.username, t = e.body.next;
4363
+ const r = e.body.username, i = e.body.next;
4364
4364
  if (e.body.factor2 || (e.body.factor2 = this.allowedFactor2[0]), e.body.factor2 && !this.allowedFactor2.includes(e.body.factor2 ?? "none"))
4365
4365
  throw new l(
4366
4366
  g.Forbidden,
4367
4367
  "Illegal second factor " + e.body.factor2 + " requested"
4368
4368
  );
4369
4369
  (e.body.factor2 == "none" || e.body.factor2 == "") && (e.body.factor2 = void 0);
4370
- let n = this.createUserFn(e, this.userStorage.userEditableFields, this.userAllowedFactor1, this.allowedFactor2), i = this.authenticators[n.factor1].validateSecrets(e.body);
4370
+ let n = this.createUserFn(e, this.userStorage.userEditableFields, this.userAllowedFactor1, this.allowedFactor2), t = this.authenticators[n.factor1].validateSecrets(e.body);
4371
4371
  const a = this.authenticators[n.factor1].secretNames();
4372
4372
  let h = {};
4373
4373
  for (let m in e.body)
@@ -4376,7 +4376,7 @@ class Ke {
4376
4376
  a.includes(w) && (h[w] = e.body[m]);
4377
4377
  }
4378
4378
  Object.keys(h).length === 0 && (h = void 0), n.state = "active", e.body.factor2 && e.body.factor2 != "none" ? this.enableEmailVerification ? n.state = O.awaitingTwoFactorSetupAndEmailVerification : n.state = O.awaitingTwoFactorSetup : this.enableEmailVerification && (n.state = "awaitingemailverification");
4379
- let p = [...this.validateUserFn(n), ...i];
4379
+ let p = [...this.validateUserFn(n), ...t];
4380
4380
  if (p.length > 0)
4381
4381
  throw new l(g.FormEntry, p);
4382
4382
  let v = !1;
@@ -4410,7 +4410,7 @@ class Ke {
4410
4410
  let w = {
4411
4411
  userData: m,
4412
4412
  username: r,
4413
- next: t ?? this.loginRedirect,
4413
+ next: i ?? this.loginRedirect,
4414
4414
  csrfToken: e.csrfToken
4415
4415
  };
4416
4416
  return s(o, w);
@@ -4453,14 +4453,14 @@ class Ke {
4453
4453
  d.logger.debug(c({ message: "Creating session ID" }));
4454
4454
  let r = this.addToSession ? this.addToSession(e) : {};
4455
4455
  s && (r.data = JSON.stringify(s));
4456
- let { sessionCookie: t, csrfCookie: n, csrfFormOrHeaderValue: i } = await this.sessionManager.createAnonymousSession(r);
4456
+ let { sessionCookie: i, csrfCookie: n, csrfFormOrHeaderValue: t } = await this.sessionManager.createAnonymousSession(r);
4457
4457
  o.cookie(
4458
- t.name,
4459
- t.value,
4460
- t.options
4461
- ), e.csrfToken = i, o.setCookie(n.name, n.value, n.options), e.user = void 0;
4462
- const a = this.sessionManager.getSessionId(t.value);
4463
- return e.sessionId = a, t.value;
4458
+ i.name,
4459
+ i.value,
4460
+ i.options
4461
+ ), e.csrfToken = t, o.setCookie(n.name, n.value, n.options), e.user = void 0;
4462
+ const a = this.sessionManager.getSessionId(i.value);
4463
+ return e.sessionId = a, i.value;
4464
4464
  }
4465
4465
  /**
4466
4466
  * Called by each endpoint on error.
@@ -4476,27 +4476,27 @@ class Ke {
4476
4476
  * incorrect. If false, report that the username or password is
4477
4477
  * incorrect. Default false.
4478
4478
  */
4479
- handleError(e, o, s, r, t = !1) {
4479
+ handleError(e, o, s, r, i = !1) {
4480
4480
  var n;
4481
4481
  try {
4482
- let i = l.asCrossauthError(e);
4483
- if (!t)
4484
- switch (i.code) {
4482
+ let t = l.asCrossauthError(e);
4483
+ if (!i)
4484
+ switch (t.code) {
4485
4485
  case g.UserNotExist:
4486
4486
  case g.PasswordInvalid:
4487
- i = new l(
4487
+ t = new l(
4488
4488
  g.UsernameOrPasswordInvalid,
4489
4489
  "Invalid username or password"
4490
4490
  );
4491
4491
  break;
4492
4492
  }
4493
- return d.logger.debug(c({ err: i })), d.logger.error(c({
4494
- cerr: i,
4493
+ return d.logger.debug(c({ err: t })), d.logger.error(c({
4494
+ cerr: t,
4495
4495
  hashOfSessionId: this.getHashOfSessionId(o),
4496
4496
  user: (n = o.user) == null ? void 0 : n.username
4497
- })), r(s, i);
4498
- } catch (i) {
4499
- return d.logger.error(c({ err: i })), r(s, new l(g.UnknownError));
4497
+ })), r(s, t);
4498
+ } catch (t) {
4499
+ return d.logger.error(c({ err: t })), r(s, new l(g.UnknownError));
4500
4500
  }
4501
4501
  }
4502
4502
  //////////////
@@ -4572,14 +4572,14 @@ class Ke {
4572
4572
  * @returns the Fastiy reply
4573
4573
  */
4574
4574
  csrfToken(e, o) {
4575
- var t;
4575
+ var i;
4576
4576
  let s;
4577
4577
  const r = this.sessionManager.csrfHeaderName;
4578
4578
  if (e.headers && r.toLowerCase() in e.headers) {
4579
4579
  const n = e.headers[r.toLowerCase()];
4580
4580
  Array.isArray(n) ? s = n[0] : s = n;
4581
4581
  }
4582
- if (!s && ((t = e.body) != null && t.csrfToken) && (s = e.body.csrfToken), s)
4582
+ if (!s && ((i = e.body) != null && i.csrfToken) && (s = e.body.csrfToken), s)
4583
4583
  try {
4584
4584
  this.sessionManager.validateDoubleSubmitCsrfToken(
4585
4585
  this.getCsrfCookieValue(e),
@@ -4605,18 +4605,18 @@ class Ke {
4605
4605
  */
4606
4606
  sendJsonError(e, o, s, r) {
4607
4607
  (!s || !r) && (s = "Unknown error");
4608
- const t = r ? l.asCrossauthError(r) : void 0;
4608
+ const i = r ? l.asCrossauthError(r) : void 0;
4609
4609
  return d.logger.warn(c({
4610
4610
  message: s,
4611
- errorCode: t == null ? void 0 : t.code,
4612
- errorCodeName: t == null ? void 0 : t.codeName,
4611
+ errorCode: i == null ? void 0 : i.code,
4612
+ errorCodeName: i == null ? void 0 : i.codeName,
4613
4613
  httpStatus: o
4614
4614
  })), e.header(...A).status(o).send({
4615
4615
  ok: !1,
4616
4616
  status: o,
4617
4617
  errorMessage: s,
4618
- errorCode: t == null ? void 0 : t.code,
4619
- errorCodeName: t == null ? void 0 : t.codeName
4618
+ errorCode: i == null ? void 0 : i.code,
4619
+ errorCodeName: i == null ? void 0 : i.codeName
4620
4620
  });
4621
4621
  }
4622
4622
  /**
@@ -4743,35 +4743,35 @@ class Ye {
4743
4743
  u(this, "apiKeyManager");
4744
4744
  this.app = e, this.userStorage = o, this.apiKeyManager = new Y(s, r), this.app.addHook(
4745
4745
  "preHandler",
4746
- async (t, n) => {
4747
- if (t.headers.authorization)
4746
+ async (i, n) => {
4747
+ if (i.headers.authorization)
4748
4748
  try {
4749
4749
  d.logger.debug(c({
4750
4750
  msg: "Received authorization header"
4751
4751
  }));
4752
- const i = await this.apiKeyManager.validateToken(
4753
- t.headers.authorization
4752
+ const t = await this.apiKeyManager.validateToken(
4753
+ i.headers.authorization
4754
4754
  );
4755
4755
  d.logger.debug(c({
4756
4756
  msg: "Valid API key",
4757
- hahedApiKey: Y.hashSignedApiKeyValue(i.value)
4757
+ hahedApiKey: Y.hashSignedApiKeyValue(t.value)
4758
4758
  }));
4759
- const a = Fe.decodeData(i.data);
4760
- if (t.apiKey = { ...i, ...a }, "scope" in a && Array.isArray(a.scope)) {
4759
+ const a = Fe.decodeData(t.data);
4760
+ if (i.apiKey = { ...t, ...a }, "scope" in a && Array.isArray(a.scope)) {
4761
4761
  let h = [];
4762
4762
  for (let f of a.scope)
4763
4763
  typeof f == "string" && h.push(f);
4764
- t.scope = h;
4764
+ i.scope = h;
4765
4765
  }
4766
- if (i.userid)
4766
+ if (t.userid)
4767
4767
  try {
4768
- const { user: h } = await this.userStorage.getUserById(i.userid);
4769
- t.user = h, t.authType = "apiKey", d.logger.debug(c({ msg: "API key is for user", userid: h.id, user: h.username, hahedApiKey: Y.hashSignedApiKeyValue(i.value) }));
4768
+ const { user: h } = await this.userStorage.getUserById(t.userid);
4769
+ i.user = h, i.authType = "apiKey", d.logger.debug(c({ msg: "API key is for user", userid: h.id, user: h.username, hahedApiKey: Y.hashSignedApiKeyValue(t.value) }));
4770
4770
  } catch (h) {
4771
- d.logger.error(c({ msg: "API key has invalid user", userid: i.userid, hashedApiKey: Y.hashSignedApiKeyValue(i.value) })), d.logger.debug(c({ err: h }));
4771
+ d.logger.error(c({ msg: "API key has invalid user", userid: t.userid, hashedApiKey: Y.hashSignedApiKeyValue(t.value) })), d.logger.debug(c({ err: h }));
4772
4772
  }
4773
- } catch (i) {
4774
- d.logger.error(c({ msg: "Invalid authorization header received", header: t.headers.authorization })), d.logger.debug(c({ err: i }));
4773
+ } catch (t) {
4774
+ d.logger.error(c({ msg: "Invalid authorization header received", header: i.headers.authorization })), d.logger.debug(c({ err: t }));
4775
4775
  }
4776
4776
  }
4777
4777
  );
@@ -4789,7 +4789,7 @@ class $e {
4789
4789
  * for the password flow
4790
4790
  * @param options see {@link FastifyAuthorizationServerOptions}
4791
4791
  */
4792
- constructor(e, o, s, r, t, n = {}) {
4792
+ constructor(e, o, s, r, i, n = {}) {
4793
4793
  /** The Fastify app passed to the constructor */
4794
4794
  u(this, "app");
4795
4795
  /** The underlying framework-independent authorization server */
@@ -4814,11 +4814,11 @@ class $e {
4814
4814
  this.app = e, this.fastifyServer = o, this.clientStorage = s, this.authServer = new Ne(
4815
4815
  this.clientStorage,
4816
4816
  r,
4817
- t,
4817
+ i,
4818
4818
  n
4819
4819
  ), C("prefix", k.String, this, n, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("errorPage", k.String, this, n, "ERROR_PAGE"), C("devicePage", k.String, this, n, "OAUTH_DEVICE_PAGE"), C("loginUrl", k.String, this, n, "LOGIN_URL"), C("oauthAuthorizePage", k.String, this, n, "OAUTH_AUTHORIZE_PAGE"), C("refreshTokenType", k.String, this, n, "OAUTH_REFRESH_TOKEN_TYPE"), C("refreshTokenCookieName", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_NAME"), C("refreshTokenCookieDomain", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_DOMAIN"), C("refreshTokenCookieHttpOnly", k.Boolean, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_HTTPONLY"), C("refreshTokenCookiePath", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_PATH"), C("refreshTokenCookieSecure", k.Boolean, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_SECURE"), C("refreshTokenCookieSameSite", k.String, this, n, "OAUTH_REFRESH_TOKEN_COOKIE_SAMESITE"), C("createGetCsrfTokenEndpoint", k.String, this, n, "OAUTH_CREATE_GET_CSRF_TOKEN_ENDPOINT"), this.refreshTokenType != "json" && (this.createGetCsrfTokenEndpoint ? this.csrfTokens = new Ue(n.doubleSubmitCookieOptions) : this.fastifyServer.sessionServer && (this.csrfTokens = this.fastifyServer.sessionServer.sessionManager.csrfTokens)), this.createGetCsrfTokenEndpoint && this.addApiGetCsrfTokenEndpoints(), e.get(
4820
4820
  this.prefix + ".well-known/openid-configuration",
4821
- async (i, a) => a.header(...x).status(200).send(
4821
+ async (t, a) => a.header(...x).status(200).send(
4822
4822
  this.authServer.oidcConfiguration({
4823
4823
  authorizeEndpoint: this.prefix + "authorize",
4824
4824
  tokenEndpoint: this.prefix + "token",
@@ -4828,32 +4828,32 @@ class $e {
4828
4828
  )
4829
4829
  ), e.get(
4830
4830
  this.prefix + "jwks",
4831
- async (i, a) => a.header(...x).status(200).send(
4831
+ async (t, a) => a.header(...x).status(200).send(
4832
4832
  this.authServer.jwks()
4833
4833
  )
4834
- ), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode)) && (e.get(this.prefix + "authorize", async (i, a) => {
4834
+ ), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode)) && (e.get(this.prefix + "authorize", async (t, a) => {
4835
4835
  var h;
4836
- return d.logger.info(c({ msg: "Page visit", method: "GET", url: this.prefix + "authorize", ip: i.ip, user: (h = i.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(i, a, i.query);
4837
- }), e.post(this.prefix + "authorize", async (i, a) => {
4836
+ return d.logger.info(c({ msg: "Page visit", method: "GET", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, a, t.query);
4837
+ }), e.post(this.prefix + "authorize", async (t, a) => {
4838
4838
  var h;
4839
- return d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: i.ip, user: (h = i.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(i, a, i.body);
4839
+ return d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (h = t.user) == null ? void 0 : h.username })), await this.authorizeEndpoint(t, a, t.body);
4840
4840
  }), this.app.post(
4841
4841
  this.prefix + "userauthorize",
4842
- async (i, a) => {
4842
+ async (t, a) => {
4843
4843
  var p, v;
4844
- if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: i.ip, user: (p = i.user) == null ? void 0 : p.username })), !i.user) return y.sendPageError(
4844
+ if (d.logger.info(c({ msg: "Page visit", method: "POST", url: this.prefix + "authorize", ip: t.ip, user: (p = t.user) == null ? void 0 : p.username })), !t.user) return y.sendPageError(
4845
4845
  a,
4846
4846
  401,
4847
4847
  this.errorPage
4848
4848
  );
4849
4849
  let h, f;
4850
4850
  try {
4851
- h = await this.fastifyServer.validateCsrfToken(i);
4851
+ h = await this.fastifyServer.validateCsrfToken(t);
4852
4852
  } catch (m) {
4853
4853
  f = l.asCrossauthError(m), f.message = "Invalid csrf cookie received", d.logger.error(c({
4854
4854
  msg: f.message,
4855
4855
  hashedCsrfCookie: h ? F.hash(h) : void 0,
4856
- user: (v = i.user) == null ? void 0 : v.username,
4856
+ user: (v = t.user) == null ? void 0 : v.username,
4857
4857
  cerr: f
4858
4858
  }));
4859
4859
  }
@@ -4882,45 +4882,45 @@ class $e {
4882
4882
  }
4883
4883
  }
4884
4884
  if (!f) {
4885
- const m = i.body.authorized == "true";
4886
- return await this.authorize(i, a, m, {
4887
- responseType: i.body.response_type,
4888
- client_id: i.body.client_id,
4889
- redirect_uri: i.body.redirect_uri,
4890
- scope: i.body.scope,
4891
- state: i.body.state,
4892
- codeChallenge: i.body.code_challenge,
4893
- codeChallengeMethod: i.body.code_challenge_method
4885
+ const m = t.body.authorized == "true";
4886
+ return await this.authorize(t, a, m, {
4887
+ responseType: t.body.response_type,
4888
+ client_id: t.body.client_id,
4889
+ redirect_uri: t.body.redirect_uri,
4890
+ scope: t.body.scope,
4891
+ state: t.body.state,
4892
+ codeChallenge: t.body.code_challenge,
4893
+ codeChallengeMethod: t.body.code_challenge_method
4894
4894
  });
4895
4895
  }
4896
4896
  }
4897
4897
  )), (this.authServer.validFlows.includes(E.AuthorizationCode) || this.authServer.validFlows.includes(E.AuthorizationCodeWithPKCE) || this.authServer.validFlows.includes(E.OidcAuthorizationCode) || this.authServer.validFlows.includes(E.ClientCredentials) || this.authServer.validFlows.includes(E.RefreshToken) || this.authServer.validFlows.includes(E.Password) || this.authServer.validFlows.includes(E.PasswordMfa) || this.authServer.validFlows.includes(E.DeviceCode)) && this.app.post(
4898
4898
  this.prefix + "token",
4899
- async (i, a) => {
4899
+ async (t, a) => {
4900
4900
  var m;
4901
4901
  d.logger.info(c({
4902
4902
  msg: "Page visit",
4903
4903
  method: "POST",
4904
4904
  url: this.prefix + "token",
4905
- ip: i.ip,
4906
- user: (m = i.user) == null ? void 0 : m.username
4905
+ ip: t.ip,
4906
+ user: (m = t.user) == null ? void 0 : m.username
4907
4907
  }));
4908
- let h = i.body.client_id, f = i.body.client_secret;
4909
- if (i.headers.authorization) {
4908
+ let h = t.body.client_id, f = t.body.client_secret;
4909
+ if (t.headers.authorization) {
4910
4910
  let w, P;
4911
- const T = i.headers.authorization.split(" ");
4911
+ const T = t.headers.authorization.split(" ");
4912
4912
  if (T.length == 2 && T[0].toLocaleLowerCase() == "basic") {
4913
4913
  const b = F.base64Decode(T[1]).split(":", 2);
4914
4914
  b.length == 2 && (w = b[0], P = b[1]);
4915
4915
  }
4916
4916
  w == null || P == null ? d.logger.warn(c({
4917
- msg: "Ignoring malform authenization header " + i.headers.authorization
4917
+ msg: "Ignoring malform authenization header " + t.headers.authorization
4918
4918
  })) : (h = w, f = P);
4919
4919
  }
4920
- let p = i.body.refresh_token;
4921
- if ((this.refreshTokenType == "cookie" && i.cookies && this.refreshTokenCookieName in i.cookies || this.refreshTokenType == "both" && i.cookies && this.refreshTokenCookieName in i.cookies && p == null) && this.csrfTokens) {
4922
- const w = i.cookies[this.csrfTokens.cookieName];
4923
- let P = i.headers[this.csrfTokens.headerName.toLowerCase()];
4920
+ let p = t.body.refresh_token;
4921
+ if ((this.refreshTokenType == "cookie" && t.cookies && this.refreshTokenCookieName in t.cookies || this.refreshTokenType == "both" && t.cookies && this.refreshTokenCookieName in t.cookies && p == null) && this.csrfTokens) {
4922
+ const w = t.cookies[this.csrfTokens.cookieName];
4923
+ let P = t.headers[this.csrfTokens.headerName.toLowerCase()];
4924
4924
  if (Array.isArray(P) && (P = P[0]), !w || !P)
4925
4925
  return {
4926
4926
  error: "access_denied",
@@ -4929,28 +4929,28 @@ class $e {
4929
4929
  try {
4930
4930
  this.csrfTokens.validateDoubleSubmitCsrfToken(w, P);
4931
4931
  } catch (T) {
4932
- return d.logger.debug(c({ err: T })), d.logger.warn(c({ cerr: T, msg: "Invalid csrf token", client_id: i.body.client_id })), {
4932
+ return d.logger.debug(c({ err: T })), d.logger.warn(c({ cerr: T, msg: "Invalid csrf token", client_id: t.body.client_id })), {
4933
4933
  error: "access_denied",
4934
4934
  error_description: "Invalid csrf token"
4935
4935
  };
4936
4936
  }
4937
- p = i.cookies[this.refreshTokenCookieName];
4937
+ p = t.cookies[this.refreshTokenCookieName];
4938
4938
  }
4939
4939
  const v = await this.authServer.tokenEndpoint({
4940
- grantType: i.body.grant_type,
4940
+ grantType: t.body.grant_type,
4941
4941
  client_id: h,
4942
4942
  client_secret: f,
4943
- scope: i.body.scope,
4944
- codeVerifier: i.body.code_verifier,
4945
- code: i.body.code,
4946
- username: i.body.username,
4947
- password: i.body.password,
4948
- mfaToken: i.body.mfa_token,
4949
- oobCode: i.body.oob_code,
4950
- bindingCode: i.body.binding_code,
4951
- otp: i.body.otp,
4943
+ scope: t.body.scope,
4944
+ codeVerifier: t.body.code_verifier,
4945
+ code: t.body.code,
4946
+ username: t.body.username,
4947
+ password: t.body.password,
4948
+ mfaToken: t.body.mfa_token,
4949
+ oobCode: t.body.oob_code,
4950
+ bindingCode: t.body.binding_code,
4951
+ otp: t.body.otp,
4952
4952
  refreshToken: p,
4953
- deviceCode: i.body.device_code
4953
+ deviceCode: t.body.device_code
4954
4954
  });
4955
4955
  if (v.error == "authorization_pending")
4956
4956
  return a.header(...x).status(200).send(v);
@@ -4964,67 +4964,67 @@ class $e {
4964
4964
  }
4965
4965
  ), this.authServer.validFlows.includes(E.PasswordMfa) && (e.get(
4966
4966
  this.prefix + "mfa/authenticators",
4967
- async (i, a) => {
4967
+ async (t, a) => {
4968
4968
  var h;
4969
4969
  return d.logger.info(c({
4970
4970
  msg: "Page visit",
4971
4971
  method: "GET",
4972
4972
  url: this.prefix + "mfa/authenticators",
4973
- ip: i.ip,
4974
- user: (h = i.user) == null ? void 0 : h.username
4975
- })), await this.mfaAuthenticatorsEndpoint(i, a);
4973
+ ip: t.ip,
4974
+ user: (h = t.user) == null ? void 0 : h.username
4975
+ })), await this.mfaAuthenticatorsEndpoint(t, a);
4976
4976
  }
4977
4977
  ), e.post(
4978
4978
  this.prefix + "mfa/authenticators",
4979
- async (i, a) => {
4979
+ async (t, a) => {
4980
4980
  var h;
4981
4981
  return d.logger.info(c({
4982
4982
  msg: "Page visit",
4983
4983
  method: "POST",
4984
4984
  url: this.prefix + "mfa/authenticators",
4985
- ip: i.ip,
4986
- user: (h = i.user) == null ? void 0 : h.username
4987
- })), await this.mfaAuthenticatorsEndpoint(i, a);
4985
+ ip: t.ip,
4986
+ user: (h = t.user) == null ? void 0 : h.username
4987
+ })), await this.mfaAuthenticatorsEndpoint(t, a);
4988
4988
  }
4989
4989
  ), e.post(
4990
4990
  this.prefix + "mfa/challenge",
4991
- async (i, a) => {
4991
+ async (t, a) => {
4992
4992
  var h;
4993
4993
  return d.logger.info(c({
4994
4994
  msg: "Page visit",
4995
4995
  method: "POST",
4996
4996
  url: this.prefix + "mfa/challenge",
4997
- ip: i.ip,
4998
- user: (h = i.user) == null ? void 0 : h.username
4999
- })), await this.mfaChallengeEndpoint(i, a, i.body);
4997
+ ip: t.ip,
4998
+ user: (h = t.user) == null ? void 0 : h.username
4999
+ })), await this.mfaChallengeEndpoint(t, a, t.body);
5000
5000
  }
5001
5001
  )), this.authServer.validFlows.includes(E.DeviceCode) && (this.app.post(
5002
5002
  this.prefix + "device_authorization",
5003
- async (i, a) => {
5003
+ async (t, a) => {
5004
5004
  var v;
5005
5005
  d.logger.info(c({
5006
5006
  msg: "Page visit",
5007
5007
  method: "POST",
5008
5008
  url: this.prefix + "device_authorization",
5009
- ip: i.ip,
5010
- user: (v = i.user) == null ? void 0 : v.username
5009
+ ip: t.ip,
5010
+ user: (v = t.user) == null ? void 0 : v.username
5011
5011
  }));
5012
- let h = i.body.client_id, f = i.body.client_secret;
5013
- if (i.headers.authorization) {
5012
+ let h = t.body.client_id, f = t.body.client_secret;
5013
+ if (t.headers.authorization) {
5014
5014
  let m, w;
5015
- const P = i.headers.authorization.split(" ");
5015
+ const P = t.headers.authorization.split(" ");
5016
5016
  if (P.length == 2 && P[0].toLocaleLowerCase() == "basic") {
5017
5017
  const N = F.base64Decode(P[1]).split(":", 2);
5018
5018
  N.length == 2 && (m = N[0], w = N[1]);
5019
5019
  }
5020
5020
  m == null || w == null ? d.logger.warn(c({
5021
- msg: "Ignoring malform authenization header " + i.headers.authorization
5021
+ msg: "Ignoring malform authenization header " + t.headers.authorization
5022
5022
  })) : (h = m, f = w);
5023
5023
  }
5024
5024
  const p = await this.authServer.deviceAuthorizationEndpoint({
5025
5025
  client_id: h,
5026
5026
  client_secret: f,
5027
- scope: i.body.scope
5027
+ scope: t.body.scope
5028
5028
  });
5029
5029
  if (p.error || !p.device_code || !p.user_code) {
5030
5030
  let m = "server_error", w = "Neither code nor error received when requesting authorization";
@@ -5036,27 +5036,27 @@ class $e {
5036
5036
  }
5037
5037
  ), e.get(
5038
5038
  this.prefix + "device",
5039
- async (i, a) => {
5039
+ async (t, a) => {
5040
5040
  var h;
5041
5041
  return d.logger.info(c({
5042
5042
  msg: "Page visit",
5043
5043
  method: "GET",
5044
5044
  url: this.prefix + "device",
5045
- ip: i.ip,
5046
- user: (h = i.user) == null ? void 0 : h.username
5047
- })), i.user ? await this.deviceGet(!1, i, a, i.user) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(i.url), 302);
5045
+ ip: t.ip,
5046
+ user: (h = t.user) == null ? void 0 : h.username
5047
+ })), t.user ? await this.deviceGet(!1, t, a, t.user) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5048
5048
  }
5049
5049
  ), e.get(
5050
5050
  this.prefix + "api/device",
5051
- async (i, a) => {
5051
+ async (t, a) => {
5052
5052
  var h;
5053
5053
  if (d.logger.info(c({
5054
5054
  msg: "Page visit",
5055
5055
  method: "GET",
5056
5056
  url: this.prefix + "device",
5057
- ip: i.ip,
5058
- user: (h = i.user) == null ? void 0 : h.username
5059
- })), !i.user) {
5057
+ ip: t.ip,
5058
+ user: (h = t.user) == null ? void 0 : h.username
5059
+ })), !t.user) {
5060
5060
  const f = new l(g.Unauthorized, "Not logged in");
5061
5061
  return a.header(...x).status(401).send({
5062
5062
  errorMessage: f.message,
@@ -5064,31 +5064,31 @@ class $e {
5064
5064
  errorCodeName: f.codeName
5065
5065
  });
5066
5066
  }
5067
- return await this.deviceGet(!0, i, a, i.user);
5067
+ return await this.deviceGet(!0, t, a, t.user);
5068
5068
  }
5069
5069
  ), this.app.post(
5070
5070
  this.prefix + "device",
5071
- async (i, a) => {
5071
+ async (t, a) => {
5072
5072
  var h;
5073
5073
  return d.logger.info(c({
5074
5074
  msg: "Page visit",
5075
5075
  method: "POST",
5076
5076
  url: this.prefix + "device",
5077
- ip: i.ip,
5078
- user: (h = i.user) == null ? void 0 : h.username
5079
- })), i.user ? await this.deviceCodePost(!1, i, a) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(i.url), 302);
5077
+ ip: t.ip,
5078
+ user: (h = t.user) == null ? void 0 : h.username
5079
+ })), t.user ? await this.deviceCodePost(!1, t, a) : a.redirect(this.loginUrl + "?next=" + encodeURIComponent(t.url), 302);
5080
5080
  }
5081
5081
  ), this.app.post(
5082
5082
  this.prefix + "api/device",
5083
- async (i, a) => {
5083
+ async (t, a) => {
5084
5084
  var h;
5085
5085
  return d.logger.info(c({
5086
5086
  msg: "Page visit",
5087
5087
  method: "POST",
5088
5088
  url: this.prefix + "device",
5089
- ip: i.ip,
5090
- user: (h = i.user) == null ? void 0 : h.username
5091
- })), await this.deviceCodePost(!0, i, a);
5089
+ ip: t.ip,
5090
+ user: (h = t.user) == null ? void 0 : h.username
5091
+ })), await this.deviceCodePost(!0, t, a);
5092
5092
  }
5093
5093
  ));
5094
5094
  }
@@ -5109,7 +5109,7 @@ class $e {
5109
5109
  this.csrfTokens && this.app.get(
5110
5110
  this.prefix + "getcsrftoken",
5111
5111
  async (e, o) => {
5112
- var r, t;
5112
+ var r, i;
5113
5113
  if (d.logger.info(c({
5114
5114
  msg: "API visit",
5115
5115
  method: "POST",
@@ -5121,56 +5121,56 @@ class $e {
5121
5121
  try {
5122
5122
  const {
5123
5123
  csrfCookie: n,
5124
- csrfFormOrHeaderValue: i
5124
+ csrfFormOrHeaderValue: t
5125
5125
  } = await this.createCsrfToken();
5126
5126
  return s = n.value, o.setCookie(n.name, n.value, n.options), o.header(...x).send({
5127
5127
  ok: !0,
5128
- csrfToken: i
5128
+ csrfToken: t
5129
5129
  });
5130
5130
  } catch (n) {
5131
- const i = l.asCrossauthError(n);
5131
+ const t = l.asCrossauthError(n);
5132
5132
  return d.logger.error(c({
5133
5133
  msg: "getcsrftoken failure",
5134
- user: (t = e.user) == null ? void 0 : t.username,
5134
+ user: (i = e.user) == null ? void 0 : i.username,
5135
5135
  hashedCsrfCookie: F.hash(s.split(".")[0]),
5136
- errorCode: i.code,
5137
- errorCodeName: i.codeName
5138
- })), d.logger.debug(c({ err: n })), o.status(i.httpStatus).header(...x).send({
5136
+ errorCode: t.code,
5137
+ errorCodeName: t.codeName
5138
+ })), d.logger.debug(c({ err: n })), o.status(t.httpStatus).header(...x).send({
5139
5139
  ok: !1,
5140
- errorCode: i.code,
5141
- errorCodeName: i.codeName,
5142
- error: i.message
5140
+ errorCode: t.code,
5141
+ errorCodeName: t.codeName,
5142
+ error: t.message
5143
5143
  });
5144
5144
  }
5145
5145
  }
5146
5146
  );
5147
5147
  }
5148
5148
  async authorizeEndpoint(e, o, s) {
5149
- var i, a, h;
5149
+ var t, a, h;
5150
5150
  if (!e.user) return o.redirect(this.loginUrl + "?next=" + encodeURIComponent(e.url), 302);
5151
5151
  d.logger.debug(c({ msg: "validating authorize parameters" }));
5152
- let { error_description: r } = this.authServer.validateAuthorizeParameters(s), t;
5153
- if (r ? (t = new l(g.BadRequest, r), d.logger.error(c({
5152
+ let { error_description: r } = this.authServer.validateAuthorizeParameters(s), i;
5153
+ if (r ? (i = new l(g.BadRequest, r), d.logger.error(c({
5154
5154
  msg: "authorize parameter invalid",
5155
- cerr: t,
5156
- user: (i = e.user) == null ? void 0 : i.username
5155
+ cerr: i,
5156
+ user: (t = e.user) == null ? void 0 : t.username
5157
5157
  }))) : d.logger.error(c({
5158
5158
  msg: "authorize parameter valid",
5159
5159
  user: (a = e.user) == null ? void 0 : a.username
5160
- })), t) {
5160
+ })), i) {
5161
5161
  if (this.errorPage)
5162
- return o.status(t.httpStatus).view(
5162
+ return o.status(i.httpStatus).view(
5163
5163
  this.errorPage,
5164
5164
  {
5165
- status: t.httpStatus,
5166
- errorMessage: t.message,
5167
- errorCode: t.code,
5168
- errorCodeName: t.codeName
5165
+ status: i.httpStatus,
5166
+ errorMessage: i.message,
5167
+ errorCode: i.code,
5168
+ errorCodeName: i.codeName
5169
5169
  }
5170
5170
  );
5171
5171
  {
5172
5172
  let f = "500";
5173
- switch (t.httpStatus) {
5173
+ switch (i.httpStatus) {
5174
5174
  case 401:
5175
5175
  f = "401";
5176
5176
  break;
@@ -5178,7 +5178,7 @@ class $e {
5178
5178
  f = "400";
5179
5179
  break;
5180
5180
  }
5181
- return o.status(t.httpStatus).send($[f] ?? G);
5181
+ return o.status(i.httpStatus).send($[f] ?? G);
5182
5182
  }
5183
5183
  }
5184
5184
  let n = !1;
@@ -5240,9 +5240,9 @@ class $e {
5240
5240
  }
5241
5241
  async authorize(e, o, s, {
5242
5242
  responseType: r,
5243
- client_id: t,
5243
+ client_id: i,
5244
5244
  redirect_uri: n,
5245
- scope: i,
5245
+ scope: t,
5246
5246
  state: a,
5247
5247
  codeChallenge: h,
5248
5248
  codeChallengeMethod: f
@@ -5251,9 +5251,9 @@ class $e {
5251
5251
  if (s) {
5252
5252
  const w = await this.authServer.authorizeGetEndpoint({
5253
5253
  responseType: r,
5254
- client_id: t,
5254
+ client_id: i,
5255
5255
  redirect_uri: n,
5256
- scope: i,
5256
+ scope: t,
5257
5257
  state: a,
5258
5258
  codeChallenge: h,
5259
5259
  codeChallengeMethod: f,
@@ -5312,18 +5312,18 @@ class $e {
5312
5312
  }
5313
5313
  }
5314
5314
  async mfaAuthenticatorsEndpoint(e, o) {
5315
- var i;
5316
- const s = (i = e.headers.authorization) == null ? void 0 : i.split(" ");
5315
+ var t;
5316
+ const s = (t = e.headers.authorization) == null ? void 0 : t.split(" ");
5317
5317
  if (!s || s.length != 2)
5318
5318
  return {
5319
5319
  error: "access_denied",
5320
5320
  error_desciption: "Invalid authorization header"
5321
5321
  };
5322
- const r = s[1], t = await this.authServer.mfaAuthenticatorsEndpoint(r);
5323
- if (t.authenticators)
5324
- return o.header(...x).status(200).send(t.authenticators);
5325
- const n = l.fromOAuthError(t.error ?? "server_error");
5326
- return o.header(...x).status(n.httpStatus).send(t);
5322
+ const r = s[1], i = await this.authServer.mfaAuthenticatorsEndpoint(r);
5323
+ if (i.authenticators)
5324
+ return o.header(...x).status(200).send(i.authenticators);
5325
+ const n = l.fromOAuthError(i.error ?? "server_error");
5326
+ return o.header(...x).status(n.httpStatus).send(i);
5327
5327
  }
5328
5328
  async mfaChallengeEndpoint(e, o, s) {
5329
5329
  const r = await this.authServer.mfaChallengeEndpoint(
@@ -5334,15 +5334,15 @@ class $e {
5334
5334
  s.authenticator_id
5335
5335
  );
5336
5336
  if (r.error) {
5337
- const t = l.fromOAuthError(r.error);
5338
- return o.header(...x).status(t.httpStatus).send(r);
5337
+ const i = l.fromOAuthError(r.error);
5338
+ return o.header(...x).status(i.httpStatus).send(r);
5339
5339
  }
5340
5340
  return o.header(...x).status(200).send(r);
5341
5341
  }
5342
5342
  setRefreshTokenCookie(e, o, s) {
5343
5343
  if (!this.refreshTokenCookieName) return;
5344
- let r = s ? new Date(Date.now() + s * 1e3).toUTCString() : void 0, t = this.refreshTokenCookieName + "=" + o;
5345
- r && (t += "; expires=" + new Date(r).toUTCString()), this.refreshTokenCookieSameSite && (t += "; SameSite=" + this.refreshTokenCookieSameSite), this.refreshTokenCookieDomain && (t += "; domain=" + this.refreshTokenCookieDomain), this.refreshTokenCookiePath && (t += "; path=" + this.refreshTokenCookiePath), this.refreshTokenCookieHttpOnly == !0 && (t += "; httpOnly"), this.refreshTokenCookieSecure == !0 && (t += "; secure"), e.setCookie(this.refreshTokenCookieName, t);
5344
+ let r = s ? new Date(Date.now() + s * 1e3).toUTCString() : void 0, i = this.refreshTokenCookieName + "=" + o;
5345
+ r && (i += "; expires=" + new Date(r).toUTCString()), this.refreshTokenCookieSameSite && (i += "; SameSite=" + this.refreshTokenCookieSameSite), this.refreshTokenCookieDomain && (i += "; domain=" + this.refreshTokenCookieDomain), this.refreshTokenCookiePath && (i += "; path=" + this.refreshTokenCookiePath), this.refreshTokenCookieHttpOnly == !0 && (i += "; httpOnly"), this.refreshTokenCookieSecure == !0 && (i += "; secure"), e.setCookie(this.refreshTokenCookieName, i);
5346
5346
  }
5347
5347
  /**
5348
5348
  * Returns this server's OIDC configuration. Just wraps
@@ -5360,18 +5360,18 @@ class $e {
5360
5360
  /////
5361
5361
  // Device code flow
5362
5362
  async applyUserCode(e, o, s) {
5363
- var r, t, n;
5363
+ var r, i, n;
5364
5364
  try {
5365
- const i = await this.authServer.deviceEndpoint({ userCode: e, user: s });
5366
- if (i.error)
5365
+ const t = await this.authServer.deviceEndpoint({ userCode: e, user: s });
5366
+ if (t.error)
5367
5367
  return {
5368
5368
  ok: !1,
5369
5369
  completed: !1,
5370
5370
  retryAllowed: !1,
5371
- error: i.error,
5372
- error_description: i.error_description
5371
+ error: t.error,
5372
+ error_description: t.error_description
5373
5373
  };
5374
- if (!i.client_id)
5374
+ if (!t.client_id)
5375
5375
  return d.logger.error(c({ msg: "No client id found for user code", userCodeHash: F.hash(e), ip: o.ip, username: (r = o.user) == null ? void 0 : r.username })), {
5376
5376
  ok: !1,
5377
5377
  completed: !1,
@@ -5379,33 +5379,33 @@ class $e {
5379
5379
  error: "server_error",
5380
5380
  error_description: "No client id found for user code"
5381
5381
  };
5382
- if (i.error == "access_denied")
5383
- return d.logger.error(c({ msg: "Incorrect user code given", userCodeHash: F.hash(e), ip: o.ip, username: (t = o.user) == null ? void 0 : t.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((p) => setTimeout(p, f)))(this.authServer.userCodeThrottle), {
5382
+ if (t.error == "access_denied")
5383
+ return d.logger.error(c({ msg: "Incorrect user code given", userCodeHash: F.hash(e), ip: o.ip, username: (i = o.user) == null ? void 0 : i.username })), this.authServer.userCodeThrottle > 0 && await ((f) => new Promise((p) => setTimeout(p, f)))(this.authServer.userCodeThrottle), {
5384
5384
  ok: !1,
5385
5385
  completed: !1,
5386
5386
  retryAllowed: !0,
5387
- error: i.error,
5388
- error_description: i.error_description
5387
+ error: t.error,
5388
+ error_description: t.error_description
5389
5389
  };
5390
- if (i.error == "expired_token")
5390
+ if (t.error == "expired_token")
5391
5391
  return d.logger.error(c({ msg: "Expired user code", userCodeHash: F.hash(e), ip: o.ip, username: (n = o.user) == null ? void 0 : n.username })), {
5392
5392
  ok: !1,
5393
5393
  completed: !1,
5394
5394
  retryAllowed: !1,
5395
- error: i.error,
5396
- error_description: i.error_description
5395
+ error: t.error,
5396
+ error_description: t.error_description
5397
5397
  };
5398
- const a = await this.clientStorage.getClientById(i.client_id);
5399
- return i.scopeAuthorizationNeeded ? {
5398
+ const a = await this.clientStorage.getClientById(t.client_id);
5399
+ return t.scopeAuthorizationNeeded ? {
5400
5400
  ok: !0,
5401
5401
  completed: !1,
5402
5402
  retryAllowed: !0,
5403
5403
  authorizationNeeded: {
5404
5404
  user: s,
5405
- client_id: i.client_id,
5405
+ client_id: t.client_id,
5406
5406
  client_name: a.client_name,
5407
- scope: i.scope,
5408
- scopes: i.scope ? i.scope.split(" ") : [],
5407
+ scope: t.scope,
5408
+ scopes: t.scope ? t.scope.split(" ") : [],
5409
5409
  csrfToken: o.csrfToken
5410
5410
  },
5411
5411
  user: o.user,
@@ -5418,8 +5418,8 @@ class $e {
5418
5418
  user: o.user,
5419
5419
  csrfToken: o.csrfToken
5420
5420
  };
5421
- } catch (i) {
5422
- const a = l.asCrossauthError(i);
5421
+ } catch (t) {
5422
+ const a = l.asCrossauthError(t);
5423
5423
  return d.logger.debug(c({ err: a })), d.logger.error(c({ msg: a.message, cerr: a })), {
5424
5424
  ok: !1,
5425
5425
  completed: !1,
@@ -5431,34 +5431,34 @@ class $e {
5431
5431
  }
5432
5432
  async deviceGet(e, o, s, r) {
5433
5433
  if (o.query.user_code) {
5434
- let t = await this.applyUserCode(o.query.user_code, o, r);
5435
- if (t.error) {
5436
- const i = l.fromOAuthError(t.error, t.error_description);
5437
- d.logger.debug({ err: i }), d.logger.error({ cerr: i });
5434
+ let i = await this.applyUserCode(o.query.user_code, o, r);
5435
+ if (i.error) {
5436
+ const t = l.fromOAuthError(i.error, i.error_description);
5437
+ d.logger.debug({ err: t }), d.logger.error({ cerr: t });
5438
5438
  const a = {
5439
5439
  ok: !1,
5440
5440
  completed: !1,
5441
- status: i.httpStatus,
5442
- errorMessage: i.message,
5443
- errorCode: i.code,
5444
- errorCodeName: i.codeName,
5445
- retryAllowed: t.retryAllowed
5441
+ status: t.httpStatus,
5442
+ errorMessage: t.message,
5443
+ errorCode: t.code,
5444
+ errorCodeName: t.codeName,
5445
+ retryAllowed: i.retryAllowed
5446
5446
  };
5447
- return e ? s.header(...x).status(i.httpStatus).send(a) : s.status(i.httpStatus).view(this.devicePage, {
5447
+ return e ? s.header(...x).status(t.httpStatus).send(a) : s.status(t.httpStatus).view(this.devicePage, {
5448
5448
  csrfToken: o.csrfToken,
5449
5449
  ...a
5450
5450
  });
5451
- } else if (t.authorizationNeeded) {
5452
- const i = {
5451
+ } else if (i.authorizationNeeded) {
5452
+ const t = {
5453
5453
  ok: !0,
5454
5454
  completed: !1,
5455
- retryAllowed: t.retryAllowed,
5456
- authorizationNeeded: t.authorizationNeeded,
5457
- user_code: t.user_code
5455
+ retryAllowed: i.retryAllowed,
5456
+ authorizationNeeded: i.authorizationNeeded,
5457
+ user_code: i.user_code
5458
5458
  };
5459
- return e ? s.header(...x).status(200).send(i) : s.status(200).view(this.devicePage, {
5459
+ return e ? s.header(...x).status(200).send(t) : s.status(200).view(this.devicePage, {
5460
5460
  csrfToken: o.csrfToken,
5461
- ...i
5461
+ ...t
5462
5462
  });
5463
5463
  }
5464
5464
  const n = {
@@ -5470,13 +5470,13 @@ class $e {
5470
5470
  ...n
5471
5471
  });
5472
5472
  } else {
5473
- const t = {
5473
+ const i = {
5474
5474
  ok: !1,
5475
5475
  completed: !1,
5476
5476
  user_code: o.query.user_code,
5477
5477
  csrfToken: o.csrfToken
5478
5478
  };
5479
- return e ? s.header(...x).status(200).send(t) : s.status(200).view(this.devicePage, t);
5479
+ return e ? s.header(...x).status(200).send(i) : s.status(200).view(this.devicePage, i);
5480
5480
  }
5481
5481
  }
5482
5482
  async deviceCodePost(e, o, s) {
@@ -5489,7 +5489,7 @@ class $e {
5489
5489
  if (r.error) {
5490
5490
  const n = l.fromOAuthError(r.error, r.error_description);
5491
5491
  d.logger.debug({ err: n }), d.logger.error({ cerr: n });
5492
- const i = {
5492
+ const t = {
5493
5493
  ok: !1,
5494
5494
  completed: !1,
5495
5495
  status: n.httpStatus,
@@ -5498,9 +5498,9 @@ class $e {
5498
5498
  errorCodeName: n.codeName,
5499
5499
  retryAllowed: r.retryAllowed
5500
5500
  };
5501
- return e ? s.header(...x).status(200).send(i) : s.status(n.httpStatus).view(this.devicePage, {
5501
+ return e ? s.header(...x).status(200).send(t) : s.status(n.httpStatus).view(this.devicePage, {
5502
5502
  csrfToken: o.csrfToken,
5503
- ...i
5503
+ ...t
5504
5504
  });
5505
5505
  } else if (r.authorizationNeeded) {
5506
5506
  const n = {
@@ -5515,14 +5515,14 @@ class $e {
5515
5515
  ...n
5516
5516
  });
5517
5517
  }
5518
- const t = {
5518
+ const i = {
5519
5519
  ok: !0,
5520
5520
  completed: !0,
5521
5521
  csrfToken: o.csrfToken
5522
5522
  };
5523
- return e ? s.header(...x).status(200).send(t) : s.status(200).view(this.devicePage, t);
5523
+ return e ? s.header(...x).status(200).send(i) : s.status(200).view(this.devicePage, i);
5524
5524
  } else {
5525
- const r = l.fromOAuthError("unauthorized", "Please enter the code"), t = {
5525
+ const r = l.fromOAuthError("unauthorized", "Please enter the code"), i = {
5526
5526
  ok: !1,
5527
5527
  completed: !1,
5528
5528
  user_code: o.body.user_code,
@@ -5533,22 +5533,22 @@ class $e {
5533
5533
  errorCode: r.code,
5534
5534
  errorCodeName: r.codeName
5535
5535
  };
5536
- return e ? s.header(...x).status(401).send(t) : s.status(200).view(this.devicePage, {
5536
+ return e ? s.header(...x).status(401).send(i) : s.status(200).view(this.devicePage, {
5537
5537
  csrfToken: o.csrfToken,
5538
- ...t
5538
+ ...i
5539
5539
  });
5540
5540
  }
5541
5541
  else if (o.body.authorized == "true") {
5542
- let r = o.body.user_code, t = o.body.scope;
5543
- t == "";
5542
+ let r = o.body.user_code, i = o.body.scope;
5543
+ i == "";
5544
5544
  const n = o.body.client_id;
5545
5545
  if (!r) throw new l(g.BadRequest, "user_code missing");
5546
5546
  if (!n) throw new l(g.BadRequest, "client_id missing");
5547
- let i = await this.authServer.validateAndPersistScope(n, t, o.user);
5548
- if (i.error)
5549
- throw l.fromOAuthError(i.error, i.error_description);
5550
- if (i = await this.applyUserCode(r, o, o.user), i.error)
5551
- throw l.fromOAuthError(i.error, i.error_description);
5547
+ let t = await this.authServer.validateAndPersistScope(n, i, o.user);
5548
+ if (t.error)
5549
+ throw l.fromOAuthError(t.error, t.error_description);
5550
+ if (t = await this.applyUserCode(r, o, o.user), t.error)
5551
+ throw l.fromOAuthError(t.error, t.error_description);
5552
5552
  const a = {
5553
5553
  ok: !0,
5554
5554
  completed: !0,
@@ -5558,16 +5558,16 @@ class $e {
5558
5558
  } else
5559
5559
  throw new l(g.Unauthorized, "You did not authorize the client");
5560
5560
  } catch (r) {
5561
- const t = l.asCrossauthError(r);
5562
- d.logger.debug({ err: t }), d.logger.error({ cerr: t });
5561
+ const i = l.asCrossauthError(r);
5562
+ d.logger.debug({ err: i }), d.logger.error({ cerr: i });
5563
5563
  const n = {
5564
5564
  ok: !1,
5565
- status: t.httpStatus,
5566
- errorMessage: t.message,
5567
- errorCode: t.code,
5568
- errorCodeName: t.codeName
5565
+ status: i.httpStatus,
5566
+ errorMessage: i.message,
5567
+ errorCode: i.code,
5568
+ errorCodeName: i.codeName
5569
5569
  };
5570
- return e ? s.header(...x).status(401).send(n) : s.status(t.httpStatus).view(this.devicePage, {
5570
+ return e ? s.header(...x).status(401).send(n) : s.status(i.httpStatus).view(this.devicePage, {
5571
5571
  csrfToken: o.csrfToken,
5572
5572
  ...n
5573
5573
  });
@@ -5616,10 +5616,10 @@ function fe(S, e) {
5616
5616
  if (S.access_token)
5617
5617
  try {
5618
5618
  if (S.access_token && e.includes("access")) {
5619
- const s = J(S.access_token), r = s.jti ? s.jti : s.sid ? s.sid : "", t = r ? F.hash(r) : void 0;
5619
+ const s = J(S.access_token), r = s.jti ? s.jti : s.sid ? s.sid : "", i = r ? F.hash(r) : void 0;
5620
5620
  d.logger.debug(c({
5621
5621
  msg: "Got access token",
5622
- accessTokenHash: t
5622
+ accessTokenHash: i
5623
5623
  }));
5624
5624
  }
5625
5625
  } catch (s) {
@@ -5630,10 +5630,10 @@ function fe(S, e) {
5630
5630
  if (S.id_token && e.includes("id")) {
5631
5631
  let s = S.id_payload ?? J(S.id_token);
5632
5632
  if (s) {
5633
- const r = s.jti ? s.jti : s.sid ? s.sid : "", t = r ? F.hash(r) : void 0;
5633
+ const r = s.jti ? s.jti : s.sid ? s.sid : "", i = r ? F.hash(r) : void 0;
5634
5634
  d.logger.debug(c({
5635
5635
  msg: "Got id token",
5636
- idTokenHash: t
5636
+ idTokenHash: i
5637
5637
  }));
5638
5638
  }
5639
5639
  }
@@ -5672,11 +5672,11 @@ async function Qe(S, e, o, s) {
5672
5672
  let r = { ...S };
5673
5673
  return e.jwtTokens.includes("id") && S.id_token && (r.id_payload = S.id_payload ?? V(S.id_token)), s.status(200).view(e.authorizedPage, r);
5674
5674
  } catch (r) {
5675
- const t = l.asCrossauthError(r);
5676
- return s.status(t.httpStatus).view(e.errorPage, {
5677
- status: t.httpStatus,
5678
- errorMessage: t.message,
5679
- errorCodeName: t.codeName
5675
+ const i = l.asCrossauthError(r);
5676
+ return s.status(i.httpStatus).view(e.errorPage, {
5677
+ status: i.httpStatus,
5678
+ errorMessage: i.message,
5679
+ errorCodeName: i.codeName
5680
5680
  });
5681
5681
  }
5682
5682
  }
@@ -5708,37 +5708,37 @@ async function Ze(S, e, o, s) {
5708
5708
  return e.jwtTokens.includes("id") && (r.id_payload = S.id_payload ?? V(S.id_token)), s.status(200).view(e.authorizedPage, r);
5709
5709
  }
5710
5710
  } catch (r) {
5711
- const t = l.asCrossauthError(r);
5712
- if (d.logger.debug(c({ err: t })), d.logger.debug(c({ cerr: t, msg: "Error receiving tokens" })), s)
5713
- return s.status(t.httpStatus).view(e.errorPage, {
5714
- status: t.httpStatus,
5715
- errorMessage: t.message,
5716
- errorCodeName: t.codeName
5711
+ const i = l.asCrossauthError(r);
5712
+ if (d.logger.debug(c({ err: i })), d.logger.debug(c({ cerr: i, msg: "Error receiving tokens" })), s)
5713
+ return s.status(i.httpStatus).view(e.errorPage, {
5714
+ status: i.httpStatus,
5715
+ errorMessage: i.message,
5716
+ errorCodeName: i.codeName
5717
5717
  });
5718
5718
  }
5719
5719
  }
5720
- async function Se(S, e, o, s) {
5720
+ async function Se(S, e, o, s, r) {
5721
5721
  if (!e.server.sessionAdapter) throw new l(
5722
5722
  g.Configuration,
5723
5723
  "Cannot update session data if sessions not enabled"
5724
5724
  );
5725
- let r = S.expires_in;
5726
- if (!r && S.access_token && e.jwtTokens.includes("access")) {
5727
- const i = J(S.access_token);
5728
- i.exp && (r = i.exp);
5725
+ let i = S.expires_in;
5726
+ if (!i && S.access_token && e.jwtTokens.includes("access")) {
5727
+ const a = J(S.access_token);
5728
+ a.exp && (i = a.exp);
5729
5729
  }
5730
- if (!r)
5730
+ if (!i)
5731
5731
  throw new l(
5732
5732
  g.BadRequest,
5733
5733
  "OAuth server did not return an expiry for the access token"
5734
5734
  );
5735
- const t = Date.now() + r * 1e3;
5736
- let n = { ...S, expires_at: t };
5737
- if ("id_token" in S) {
5738
- let i = S.id_payload ?? V(S.id_token);
5739
- i && (n.id_token = i);
5735
+ const n = Date.now() + i * 1e3;
5736
+ let t = {};
5737
+ if (t = { ...S, expires_at: n }, "id_token" in S) {
5738
+ let a = S.id_payload ?? V(S.id_token);
5739
+ a && (t.id_token = a);
5740
5740
  }
5741
- await e.storeSessionData(n, o, s);
5741
+ await e.storeSessionData(t, o, s);
5742
5742
  }
5743
5743
  async function qe(S, e, o, s) {
5744
5744
  if (S.error) {
@@ -5764,12 +5764,12 @@ async function qe(S, e, o, s) {
5764
5764
  errorCode: g.Configuration
5765
5765
  });
5766
5766
  } catch (r) {
5767
- const t = l.asCrossauthError(r);
5768
- if (d.logger.debug(c({ err: t })), d.logger.debug(c({ cerr: t, msg: "Error receiving tokens" })), s)
5769
- return s.status(t.httpStatus).view(e.errorPage, {
5770
- status: t.httpStatus,
5771
- errorMessage: t.message,
5772
- errorCodeName: t.codeName
5767
+ const i = l.asCrossauthError(r);
5768
+ if (d.logger.debug(c({ err: i })), d.logger.debug(c({ cerr: i, msg: "Error receiving tokens" })), s)
5769
+ return s.status(i.httpStatus).view(e.errorPage, {
5770
+ status: i.httpStatus,
5771
+ errorMessage: i.message,
5772
+ errorCodeName: i.codeName
5773
5773
  });
5774
5774
  }
5775
5775
  }
@@ -5781,7 +5781,7 @@ class we extends Oe {
5781
5781
  * @param options See {@link FastifyOAuthClientOptions}
5782
5782
  */
5783
5783
  constructor(o, s, r) {
5784
- var t, n, i;
5784
+ var i, n, t;
5785
5785
  super(s, r);
5786
5786
  u(this, "server");
5787
5787
  u(this, "siteUrl", "/");
@@ -5821,7 +5821,7 @@ class we extends Oe {
5821
5821
  u(this, "bffEndpointName", "bff");
5822
5822
  u(this, "bffBaseUrl");
5823
5823
  u(this, "tokenEndpoints", []);
5824
- if (this.server = o, C("sessionDataName", k.String, this, r, "OAUTH_SESSION_DATA_NAME"), C("siteUrl", k.String, this, r, "SITE_URL", !0), C("tokenResponseType", k.String, this, r, "OAUTH_TOKEN_RESPONSE_TYPE"), C("errorResponseType", k.String, this, r, "OAUTH_ERROR_RESPONSE_TYPE"), C("prefix", k.String, this, r, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("loginUrl", k.String, this, r, "LOGIN_URL"), C("errorPage", k.String, this, r, "ERROR_PAGE"), C("authorizedPage", k.String, this, r, "AUTHORIZED_PAGE"), C("authorizedUrl", k.String, this, r, "AUTHORIZED_URL"), C("loginProtectedFlows", k.JsonArray, this, r, "OAUTH_LOGIN_PROTECTED_FLOWS"), C("passwordFlowUrl", k.String, this, r, "OAUTH_PASSWORD_FLOW_URL"), C("passwordOtpUrl", k.String, this, r, "OAUTH_PASSWORD_OTP_URL"), C("passwordOobUrl", k.String, this, r, "OAUTH_PASSWORD_OOB_URL"), C("passwordFlowPage", k.String, this, r, "OAUTH_PASSWORD_FLOW_PAGE"), C("deviceCodeFlowPage", k.String, this, r, "OAUTH_DEVICECODE_FLOW_PAGE"), C("deleteTokensPage", k.String, this, r, "OAUTH_DELETE_TOKENS_PAGE"), C("deleteTokensGetUrl", k.String, this, r, "OAUTH_DELETE_TOKENS_GET_URL"), C("deleteTokensPostUrl", k.String, this, r, "OAUTH_DELETE_TOKENS_POST_URL"), C("apiDeleteTokensPostUrl", k.String, this, r, "OAUTHAPI__DELETE_TOKENS_POST_URL"), C("mfaOtpPage", k.String, this, r, "OAUTH_MFA_OTP_PAGE"), C("mfaOobPage", k.String, this, r, "OAUTH_MFA_OOB_PAGE"), C("deviceCodeFlowUrl", k.String, this, r, "OAUTH_DEVICECODE_FLOW_URL"), C("deviceCodePollUrl", k.String, this, r, "OAUTH_DEVICECODE_POLL_URL"), C("bffEndpointName", k.String, this, r, "OAUTH_BFF_ENDPOINT_NAME"), C("bffBaseUrl", k.String, this, r, "OAUTH_BFF_BASEURL"), C("validFlows", k.JsonArray, this, r, "OAUTH_VALIDFLOWS"), C("jwtTokens", k.JsonArray, this, r, "OAUTH_JWT_TOKENS"), (t = this.deleteTokensGetUrl) != null && t.startsWith("/") && (this.deleteTokensGetUrl = this.deleteTokensGetUrl.substring(1)), (n = this.deleteTokensPostUrl) != null && n.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), (i = this.deleteTokensPostUrl) != null && i.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), this.validFlows.length == 1 && this.validFlows[0] == E.All)
5824
+ if (this.server = o, C("sessionDataName", k.String, this, r, "OAUTH_SESSION_DATA_NAME"), C("siteUrl", k.String, this, r, "SITE_URL", !0), C("tokenResponseType", k.String, this, r, "OAUTH_TOKEN_RESPONSE_TYPE"), C("errorResponseType", k.String, this, r, "OAUTH_ERROR_RESPONSE_TYPE"), C("prefix", k.String, this, r, "PREFIX"), this.prefix.endsWith("/") || (this.prefix += "/"), C("loginUrl", k.String, this, r, "LOGIN_URL"), C("errorPage", k.String, this, r, "ERROR_PAGE"), C("authorizedPage", k.String, this, r, "AUTHORIZED_PAGE"), C("authorizedUrl", k.String, this, r, "AUTHORIZED_URL"), C("loginProtectedFlows", k.JsonArray, this, r, "OAUTH_LOGIN_PROTECTED_FLOWS"), C("passwordFlowUrl", k.String, this, r, "OAUTH_PASSWORD_FLOW_URL"), C("passwordOtpUrl", k.String, this, r, "OAUTH_PASSWORD_OTP_URL"), C("passwordOobUrl", k.String, this, r, "OAUTH_PASSWORD_OOB_URL"), C("passwordFlowPage", k.String, this, r, "OAUTH_PASSWORD_FLOW_PAGE"), C("deviceCodeFlowPage", k.String, this, r, "OAUTH_DEVICECODE_FLOW_PAGE"), C("deleteTokensPage", k.String, this, r, "OAUTH_DELETE_TOKENS_PAGE"), C("deleteTokensGetUrl", k.String, this, r, "OAUTH_DELETE_TOKENS_GET_URL"), C("deleteTokensPostUrl", k.String, this, r, "OAUTH_DELETE_TOKENS_POST_URL"), C("apiDeleteTokensPostUrl", k.String, this, r, "OAUTHAPI__DELETE_TOKENS_POST_URL"), C("mfaOtpPage", k.String, this, r, "OAUTH_MFA_OTP_PAGE"), C("mfaOobPage", k.String, this, r, "OAUTH_MFA_OOB_PAGE"), C("deviceCodeFlowUrl", k.String, this, r, "OAUTH_DEVICECODE_FLOW_URL"), C("deviceCodePollUrl", k.String, this, r, "OAUTH_DEVICECODE_POLL_URL"), C("bffEndpointName", k.String, this, r, "OAUTH_BFF_ENDPOINT_NAME"), C("bffBaseUrl", k.String, this, r, "OAUTH_BFF_BASEURL"), C("validFlows", k.JsonArray, this, r, "OAUTH_VALIDFLOWS"), C("jwtTokens", k.JsonArray, this, r, "OAUTH_JWT_TOKENS"), (i = this.deleteTokensGetUrl) != null && i.startsWith("/") && (this.deleteTokensGetUrl = this.deleteTokensGetUrl.substring(1)), (n = this.deleteTokensPostUrl) != null && n.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), (t = this.deleteTokensPostUrl) != null && t.startsWith("/") && (this.deleteTokensPostUrl = this.deleteTokensPostUrl.substring(1)), this.validFlows.length == 1 && this.validFlows[0] == E.All)
5825
5825
  this.validFlows = E.allFlows();
5826
5826
  else if (!E.areAllValidFlows(this.validFlows))
5827
5827
  throw new l(g.Configuration, "Invalid flows specificied in " + this.validFlows.join(","));
@@ -5869,7 +5869,7 @@ class we extends Oe {
5869
5869
  }
5870
5870
  const f = this.randomValue(this.stateLength), p = { scope: a.query.scope, state: f };
5871
5871
  await this.storeSessionData(p, a, h);
5872
- const { url: v, error: m, error_description: w } = await this.startAuthorizationCodeFlow(f, a.query.scope);
5872
+ const { url: v, error: m, error_description: w } = await this.startAuthorizationCodeFlow(f, { scope: a.query.scope });
5873
5873
  if (m || !v) {
5874
5874
  const T = l.fromOAuthError(
5875
5875
  m ?? "server_error",
@@ -5920,12 +5920,11 @@ class we extends Oe {
5920
5920
  return h.redirect(this.loginUrl + "?next=" + encodeURIComponent(a.url), 302);
5921
5921
  const f = this.randomValue(this.stateLength), { codeChallenge: p, codeVerifier: v } = await this.codeChallengeAndVerifier(), m = { scope: a.query.scope, state: f, codeChallenge: p, codeVerifier: v };
5922
5922
  await this.storeSessionData(m, a, h);
5923
- const { url: w, error: P, error_description: T } = await this.startAuthorizationCodeFlow(
5924
- f,
5925
- a.query.scope,
5926
- p,
5927
- !0
5928
- );
5923
+ const { url: w, error: P, error_description: T } = await this.startAuthorizationCodeFlow(f, {
5924
+ scope: a.query.scope,
5925
+ codeChallenge: p,
5926
+ pkce: !0
5927
+ });
5929
5928
  if (P || !w) {
5930
5929
  const b = l.fromOAuthError(
5931
5930
  P ?? "server_error",
@@ -5952,13 +5951,13 @@ class we extends Oe {
5952
5951
  const f = await ((m = this.server.sessionAdapter) == null ? void 0 : m.getSessionData(a, this.sessionDataName));
5953
5952
  if (!(f != null && f.state) || (f == null ? void 0 : f.state) != a.query.state)
5954
5953
  throw new l(g.Unauthorized, "State does not match");
5955
- let p = await this.redirectEndpoint(
5956
- a.query.code,
5957
- f == null ? void 0 : f.scope,
5958
- f == null ? void 0 : f.codeVerifier,
5959
- a.query.error,
5960
- a.query.error_description
5961
- );
5954
+ let p = await this.redirectEndpoint({
5955
+ code: a.query.code,
5956
+ scope: f == null ? void 0 : f.scope,
5957
+ codeVerifier: f == null ? void 0 : f.codeVerifier,
5958
+ error: a.query.error,
5959
+ errorDescription: a.query.error_description
5960
+ });
5962
5961
  try {
5963
5962
  if (p.error) {
5964
5963
  const P = l.fromOAuthError(
@@ -6472,14 +6471,14 @@ class we extends Oe {
6472
6471
  }
6473
6472
  }
6474
6473
  async passwordPost(o, s, r) {
6475
- var t;
6474
+ var i;
6476
6475
  if (this.server.sessionAdapter) {
6477
- const { error: n, reply: i } = await this.server.errorIfCsrfInvalid(
6476
+ const { error: n, reply: t } = await this.server.errorIfCsrfInvalid(
6478
6477
  s,
6479
6478
  r,
6480
6479
  this.errorFn
6481
6480
  );
6482
- if (n) return i;
6481
+ if (n) return t;
6483
6482
  }
6484
6483
  try {
6485
6484
  let n = await this.passwordFlow(
@@ -6488,10 +6487,10 @@ class we extends Oe {
6488
6487
  s.body.scope
6489
6488
  );
6490
6489
  if (n.error == "mfa_required" && n.mfa_token && this.validFlows.includes(E.PasswordMfa)) {
6491
- const i = n.mfa_token;
6490
+ const t = n.mfa_token;
6492
6491
  if (n = await this.passwordMfa(
6493
6492
  o,
6494
- i,
6493
+ t,
6495
6494
  s.body.scope,
6496
6495
  s,
6497
6496
  r
@@ -6521,56 +6520,56 @@ class we extends Oe {
6521
6520
  }
6522
6521
  return await this.receiveTokenFn(n, this, s, r);
6523
6522
  } else if (n.error) {
6524
- const i = l.fromOAuthError(
6523
+ const t = l.fromOAuthError(
6525
6524
  n.error,
6526
6525
  n.error_description
6527
6526
  );
6528
- return o ? await this.errorFn(this.server, s, r, i) : r.view(
6527
+ return o ? await this.errorFn(this.server, s, r, t) : r.view(
6529
6528
  this.passwordFlowPage,
6530
6529
  {
6531
6530
  user: s.user,
6532
6531
  username: s.body.username,
6533
6532
  //password: request.body.password,
6534
6533
  scope: s.body.scope,
6535
- errorMessage: i.message,
6536
- errorCode: i.code,
6537
- errorCodeName: i.codeName,
6534
+ errorMessage: t.message,
6535
+ errorCode: t.code,
6536
+ errorCodeName: t.codeName,
6538
6537
  csrfToken: s.csrfToken
6539
6538
  }
6540
6539
  );
6541
6540
  }
6542
6541
  return await this.receiveTokenFn(n, this, s, r);
6543
6542
  } catch (n) {
6544
- const i = l.asCrossauthError(n);
6543
+ const t = l.asCrossauthError(n);
6545
6544
  return d.logger.error(c({
6546
6545
  msg: "Error receiving token",
6547
- cerr: i,
6548
- user: (t = s.user) == null ? void 0 : t.user
6546
+ cerr: t,
6547
+ user: (i = s.user) == null ? void 0 : i.user
6549
6548
  })), d.logger.debug(c({ err: n })), o ? await this.errorFn(
6550
6549
  this.server,
6551
6550
  s,
6552
6551
  r,
6553
- i
6552
+ t
6554
6553
  ) : r.view(this.passwordFlowPage, {
6555
6554
  user: s.user,
6556
6555
  username: s.body.username,
6557
6556
  password: s.body.password,
6558
6557
  scope: s.body.scope,
6559
- errorMessage: i.message,
6560
- errorCode: i.code,
6561
- errorCodeName: i.codeName,
6558
+ errorMessage: t.message,
6559
+ errorCode: t.code,
6560
+ errorCodeName: t.codeName,
6562
6561
  csrfToken: s.csrfToken
6563
6562
  });
6564
6563
  }
6565
6564
  }
6566
- async passwordMfa(o, s, r, t, n) {
6567
- const i = await this.mfaAuthenticators(s);
6568
- if (i.error || !i.authenticators || !Array.isArray(i.authenticators) || i.authenticators.length == 0 || i.authenticators.length > 1 && !i.authenticators[0].active)
6569
- return i.error ? i : {
6565
+ async passwordMfa(o, s, r, i, n) {
6566
+ const t = await this.mfaAuthenticators(s);
6567
+ if (t.error || !t.authenticators || !Array.isArray(t.authenticators) || t.authenticators.length == 0 || t.authenticators.length > 1 && !t.authenticators[0].active)
6568
+ return t.error ? t : {
6570
6569
  error: "access_denied",
6571
6570
  error_description: "No MFA authenticators available"
6572
6571
  };
6573
- const a = i.authenticators[0];
6572
+ const a = t.authenticators[0];
6574
6573
  if (a.authenticator_type == "otp") {
6575
6574
  const f = await this.mfaOtpRequest(s, a.id);
6576
6575
  return f.error || f.challenge_type != "otp" ? {
@@ -6606,60 +6605,60 @@ class we extends Oe {
6606
6605
  }
6607
6606
  async passwordOtp(o, s, r) {
6608
6607
  var n;
6609
- const t = await this.mfaOtpComplete(
6608
+ const i = await this.mfaOtpComplete(
6610
6609
  s.body.mfa_token,
6611
6610
  s.body.otp
6612
6611
  );
6613
- if (t.error) {
6614
- const i = l.fromOAuthError(
6615
- t.error,
6616
- t.error_description ?? "Error completing MFA"
6612
+ if (i.error) {
6613
+ const t = l.fromOAuthError(
6614
+ i.error,
6615
+ i.error_description ?? "Error completing MFA"
6617
6616
  );
6618
6617
  return d.logger.warn(c({
6619
6618
  msg: "Error completing MFA",
6620
- cerr: i,
6619
+ cerr: t,
6621
6620
  user: (n = s.user) == null ? void 0 : n.user,
6622
6621
  hashedMfaToken: F.hash(s.body.mfa_token)
6623
- })), d.logger.debug(c({ err: i })), o ? await this.errorFn(
6622
+ })), d.logger.debug(c({ err: t })), o ? await this.errorFn(
6624
6623
  this.server,
6625
6624
  s,
6626
6625
  r,
6627
- i
6626
+ t
6628
6627
  ) : r.view(this.mfaOtpPage, {
6629
6628
  user: s.user,
6630
6629
  scope: s.body.scope,
6631
6630
  mfa_token: s.body.mfa_token,
6632
6631
  challenge_tpye: s.body.challenge_type,
6633
- errorMessage: i.message,
6634
- errorCode: i.code,
6635
- errorCodeName: i.codeName,
6632
+ errorMessage: t.message,
6633
+ errorCode: t.code,
6634
+ errorCodeName: t.codeName,
6636
6635
  csrfToken: s.csrfToken
6637
6636
  });
6638
6637
  }
6639
- return await this.receiveTokenFn(t, this, s, r) ?? r;
6638
+ return await this.receiveTokenFn(i, this, s, r) ?? r;
6640
6639
  }
6641
6640
  async passwordOob(o, s, r) {
6642
6641
  var n;
6643
- const t = await this.mfaOobComplete(
6642
+ const i = await this.mfaOobComplete(
6644
6643
  s.body.mfa_token,
6645
6644
  s.body.oob_code,
6646
6645
  s.body.binding_code
6647
6646
  );
6648
- if (t.error) {
6649
- const i = l.fromOAuthError(
6650
- t.error,
6651
- t.error_description ?? "Error completing MFA"
6647
+ if (i.error) {
6648
+ const t = l.fromOAuthError(
6649
+ i.error,
6650
+ i.error_description ?? "Error completing MFA"
6652
6651
  );
6653
6652
  return d.logger.warn(c({
6654
6653
  msg: "Error completing MFA",
6655
- cerr: i,
6654
+ cerr: t,
6656
6655
  user: (n = s.user) == null ? void 0 : n.user,
6657
6656
  hashedMfaToken: F.hash(s.body.mfa_token)
6658
- })), d.logger.debug(c({ err: i })), o ? await this.errorFn(
6657
+ })), d.logger.debug(c({ err: t })), o ? await this.errorFn(
6659
6658
  this.server,
6660
6659
  s,
6661
6660
  r,
6662
- i
6661
+ t
6663
6662
  ) : r.view(this.mfaOobPage, {
6664
6663
  user: s.user,
6665
6664
  scope: s.body.scope,
@@ -6667,70 +6666,70 @@ class we extends Oe {
6667
6666
  name: s.body.name,
6668
6667
  challenge_tpye: s.body.challenge_type,
6669
6668
  mfa_token: s.body.mfa_token,
6670
- errorMessage: i.message,
6671
- errorCode: i.code,
6672
- errorCodeName: i.codeName,
6669
+ errorMessage: t.message,
6670
+ errorCode: t.code,
6671
+ errorCodeName: t.codeName,
6673
6672
  csrfToken: s.csrfToken
6674
6673
  });
6675
6674
  }
6676
- return await this.receiveTokenFn(t, this, s, r) ?? r;
6675
+ return await this.receiveTokenFn(i, this, s, r) ?? r;
6677
6676
  }
6678
6677
  async deviceCodePost(o, s, r) {
6679
- var t;
6678
+ var i;
6680
6679
  if (this.server.sessionAdapter) {
6681
- const { error: n, reply: i } = await this.server.errorIfCsrfInvalid(
6680
+ const { error: n, reply: t } = await this.server.errorIfCsrfInvalid(
6682
6681
  s,
6683
6682
  r,
6684
6683
  this.errorFn
6685
6684
  );
6686
- if (n) return i;
6685
+ if (n) return t;
6687
6686
  }
6688
6687
  try {
6689
6688
  if (!s.csrfToken)
6690
6689
  throw new l(g.Unauthorized, "CSRF token missing or invalid");
6691
6690
  let n = this.authServerBaseUrl;
6692
6691
  n.endsWith("/") || (n += "/"), n += this.deviceAuthorizationUrl;
6693
- const i = await this.startDeviceCodeFlow(n, s.body.scope);
6694
- if (i.error) {
6695
- const h = l.fromOAuthError(i.error, i.error_description), f = {
6692
+ const t = await this.startDeviceCodeFlow(n, s.body.scope);
6693
+ if (t.error) {
6694
+ const h = l.fromOAuthError(t.error, t.error_description), f = {
6696
6695
  user: s.user,
6697
6696
  scope: s.body.scope,
6698
6697
  errorMessage: h.message,
6699
6698
  errorCode: h.code,
6700
6699
  errorCodeName: h.codeName,
6701
6700
  csrfToken: s.csrfToken,
6702
- error: i.error,
6703
- error_description: i.error_description
6701
+ error: t.error,
6702
+ error_description: t.error_description
6704
6703
  };
6705
- return o ? r.header(..._).status(h.httpStatus).send(i) : r.view(this.deviceCodeFlowPage, f);
6704
+ return o ? r.header(..._).status(h.httpStatus).send(t) : r.view(this.deviceCodeFlowPage, f);
6706
6705
  }
6707
6706
  let a;
6708
- return i.verification_uri_complete && await Re.toDataURL(i.verification_uri_complete).then((h) => {
6707
+ return t.verification_uri_complete && await Re.toDataURL(t.verification_uri_complete).then((h) => {
6709
6708
  a = h;
6710
6709
  }).catch((h) => {
6711
6710
  d.logger.debug(c({ err: h })), d.logger.warn(c({ msg: "Couldn't generate verification URL QR Code" }));
6712
- }), o ? r.header(..._).send(i) : r.view(
6711
+ }), o ? r.header(..._).send(t) : r.view(
6713
6712
  this.deviceCodeFlowPage,
6714
6713
  {
6715
6714
  user: s.user,
6716
6715
  scope: s.body.scope,
6717
6716
  verification_uri_qrdata: a,
6718
- ...i
6717
+ ...t
6719
6718
  }
6720
6719
  );
6721
6720
  } catch (n) {
6722
- const i = l.asCrossauthError(n);
6721
+ const t = l.asCrossauthError(n);
6723
6722
  d.logger.error(c({
6724
6723
  msg: "Error receiving token",
6725
- cerr: i,
6726
- user: (t = s.user) == null ? void 0 : t.user
6724
+ cerr: t,
6725
+ user: (i = s.user) == null ? void 0 : i.user
6727
6726
  })), d.logger.debug(c({ err: n }));
6728
6727
  const a = {
6729
- errorMessage: i.message,
6730
- errorCode: i.code,
6731
- errorCodeName: i.codeName
6728
+ errorMessage: t.message,
6729
+ errorCode: t.code,
6730
+ errorCodeName: t.codeName
6732
6731
  };
6733
- return o ? r.header(..._).status(i.httpStatus).send(a) : r.view(this.deviceCodeFlowPage, {
6732
+ return o ? r.header(..._).status(t.httpStatus).send(a) : r.view(this.deviceCodeFlowPage, {
6734
6733
  user: s.user,
6735
6734
  csrfToken: s.csrfToken,
6736
6735
  scope: s.body.scope,
@@ -6739,7 +6738,7 @@ class we extends Oe {
6739
6738
  }
6740
6739
  }
6741
6740
  async deviceCodePoll(o, s, r) {
6742
- var t;
6741
+ var i;
6743
6742
  try {
6744
6743
  const n = await this.pollDeviceCodeFlow(s.body.device_code);
6745
6744
  return n.error ? r.header(..._).send(n) : await this.receiveTokenFn(
@@ -6749,28 +6748,28 @@ class we extends Oe {
6749
6748
  o ? void 0 : r
6750
6749
  );
6751
6750
  } catch (n) {
6752
- const i = l.asCrossauthError(n);
6751
+ const t = l.asCrossauthError(n);
6753
6752
  return d.logger.error(c({
6754
6753
  msg: "Error receiving token",
6755
- cerr: i,
6756
- user: (t = s.user) == null ? void 0 : t.user
6754
+ cerr: t,
6755
+ user: (i = s.user) == null ? void 0 : i.user
6757
6756
  })), d.logger.debug(c({ err: n })), await this.errorFn(
6758
6757
  this.server,
6759
6758
  s,
6760
6759
  r,
6761
- i
6760
+ t
6762
6761
  );
6763
6762
  }
6764
6763
  }
6765
- async refresh(o, s, r, t, n, i) {
6766
- if (!i || !n)
6764
+ async refresh(o, s, r, i, n, t) {
6765
+ if (!t || !n)
6767
6766
  return r ? void 0 : await this.receiveTokenFn(
6768
6767
  {},
6769
6768
  this,
6770
6769
  o,
6771
6770
  r ? void 0 : s
6772
6771
  );
6773
- if (!t || i <= Date.now())
6772
+ if (!i || t <= Date.now())
6774
6773
  try {
6775
6774
  const a = await this.refreshTokenFlow(n);
6776
6775
  if (!a.error && !a.access_token && (a.error = "server_error", a.error_description = "Unexpectedly did not receive error or access token"), !a.error) {
@@ -6822,7 +6821,7 @@ class we extends Oe {
6822
6821
  };
6823
6822
  }
6824
6823
  }
6825
- async refreshTokens(o, s, r, t) {
6824
+ async refreshTokens(o, s, r, i) {
6826
6825
  if (!o.csrfToken)
6827
6826
  return s.header(..._).status(401).send({ ok: !1, msg: "No csrf token given" });
6828
6827
  if (!this.server.sessionAdapter) throw new l(
@@ -6846,20 +6845,20 @@ class we extends Oe {
6846
6845
  );
6847
6846
  }
6848
6847
  }
6849
- const i = await this.refresh(
6848
+ const t = await this.refresh(
6850
6849
  o,
6851
6850
  s,
6852
6851
  r,
6853
- t,
6852
+ i,
6854
6853
  n.refresh_token,
6855
6854
  //onlyIfExpired ? oauthData.expires_at : undefined
6856
6855
  n.expires_at
6857
6856
  );
6858
6857
  if (!r) {
6859
- if (i == null) return this.receiveTokenFn({}, this, o, s);
6860
- if (i != null) return i;
6858
+ if (t == null) return this.receiveTokenFn({}, this, o, s);
6859
+ if (t != null) return t;
6861
6860
  }
6862
- return s.header(..._).status(200).send({ ok: !0, expires_at: i == null ? void 0 : i.expires_at });
6861
+ return s.header(..._).status(200).send({ ok: !0, expires_at: t == null ? void 0 : t.expires_at });
6863
6862
  }
6864
6863
  async deleteTokens(o) {
6865
6864
  if (!this.server.sessionAdapter) throw new l(
@@ -6878,14 +6877,14 @@ class we extends Oe {
6878
6877
  await this.server.sessionAdapter.deleteSessionData(o, this.sessionDataName);
6879
6878
  }
6880
6879
  async storeSessionData(o, s, r) {
6881
- var t;
6880
+ var i;
6882
6881
  if (this.server.sessionServer) {
6883
6882
  let n = this.server.sessionServer.getSessionCookieValue(s);
6884
6883
  !n && r ? n = await this.server.createAnonymousSession(
6885
6884
  s,
6886
6885
  r,
6887
6886
  { [this.sessionDataName]: o }
6888
- ) : await ((t = this.server.sessionAdapter) == null ? void 0 : t.updateSessionData(s, this.sessionDataName, o));
6887
+ ) : await ((i = this.server.sessionAdapter) == null ? void 0 : i.updateSessionData(s, this.sessionDataName, o));
6889
6888
  } else {
6890
6889
  if (!this.server.sessionAdapter) throw new l(
6891
6890
  g.Configuration,
@@ -6912,65 +6911,65 @@ class es extends Ie {
6912
6911
  u(this, "tokenLocations", ["header"]);
6913
6912
  u(this, "sessionAdapter");
6914
6913
  if (C("errorBody", k.Json, this, r, "OAUTH_RESSERVER_ACCESS_DENIED_BODY"), C("tokenLocations", k.JsonArray, this, r, "OAUTH_TOKEN_LOCATIONS"), C("sessionDataName", k.String, this, r, "OAUTH_SESSION_DATA_NAME"), this.userStorage = r.userStorage, this.sessionAdapter = r.sessionAdapter, r.protectedEndpoints) {
6915
- const t = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
6916
- for (const [n, i] of Object.entries(r.protectedEndpoints)) {
6914
+ const i = /^[!#\$%&'\(\)\*\+,\.\/a-zA-Z\[\]\^_`-]+/;
6915
+ for (const [n, t] of Object.entries(r.protectedEndpoints)) {
6917
6916
  if (!n.startsWith("/"))
6918
6917
  throw new l(g.Configuration, "protected endpoints must be absolute paths without the protocol and hostname");
6919
- i.scope && i.scope.forEach((a) => {
6920
- if (!t.test(a)) throw new l(g.Configuration, "Illegal characters in scope " + a);
6918
+ t.scope && t.scope.forEach((a) => {
6919
+ if (!i.test(a)) throw new l(g.Configuration, "Illegal characters in scope " + a);
6921
6920
  });
6922
6921
  }
6923
6922
  this.protectedEndpoints = { ...r.protectedEndpoints };
6924
6923
  for (let n in r.protectedEndpoints) {
6925
- let i = this.protectedEndpoints[n];
6926
- i.suburls == !0 && (n.endsWith("/") || (n += "/", this.protectedEndpoints[n] = i), this.protectedEndpointPrefixes.push(n));
6924
+ let t = this.protectedEndpoints[n];
6925
+ t.suburls == !0 && (n.endsWith("/") || (n += "/", this.protectedEndpoints[n] = t), this.protectedEndpointPrefixes.push(n));
6927
6926
  }
6928
6927
  }
6929
- r.protectedEndpoints && o.addHook("preHandler", async (t, n) => {
6928
+ r.protectedEndpoints && o.addHook("preHandler", async (i, n) => {
6930
6929
  var p, v;
6931
- const i = t.url.split("?", 2)[0];
6930
+ const t = i.url.split("?", 2)[0];
6932
6931
  let a = !1, h = "";
6933
- if (i in this.protectedEndpoints)
6934
- a = !0, h = i;
6932
+ if (t in this.protectedEndpoints)
6933
+ a = !0, h = t;
6935
6934
  else
6936
6935
  for (let m of this.protectedEndpointPrefixes)
6937
- i.startsWith(m) && (a = !0), h = m;
6936
+ t.startsWith(m) && (a = !0), h = m;
6938
6937
  if (!a) return;
6939
- const f = await this.authorized(t);
6940
- if (!(t.user && t.authType == "cookie" && this.protectedEndpoints[h].acceptSessionAuthorization != !0)) {
6938
+ const f = await this.authorized(i);
6939
+ if (!(i.user && i.authType == "cookie" && this.protectedEndpoints[h].acceptSessionAuthorization != !0)) {
6941
6940
  if (!f) {
6942
- t.authError = "access_denied", t.authErrorDescription = "No access token";
6943
- const m = this.authenticateHeader(t);
6941
+ i.authError = "access_denied", i.authErrorDescription = "No access token";
6942
+ const m = this.authenticateHeader(i);
6944
6943
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6945
6944
  }
6946
6945
  if (!f.authorized) {
6947
- const m = this.authenticateHeader(t);
6946
+ const m = this.authenticateHeader(i);
6948
6947
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6949
6948
  }
6950
6949
  }
6951
6950
  if (f) {
6952
- if (t.accessTokenPayload = f.tokenPayload, t.user = f.user, (p = f.tokenPayload) != null && p.scope)
6951
+ if (i.accessTokenPayload = f.tokenPayload, i.user = f.user, (p = f.tokenPayload) != null && p.scope)
6953
6952
  if (Array.isArray(f.tokenPayload.scope)) {
6954
6953
  let m = [];
6955
6954
  for (let w of f.tokenPayload.scope)
6956
6955
  typeof w == "string" && m.push(w);
6957
- t.scope = m;
6958
- } else typeof f.tokenPayload.scope == "string" && (t.scope = f.tokenPayload.scope.split(" "));
6956
+ i.scope = m;
6957
+ } else typeof f.tokenPayload.scope == "string" && (i.scope = f.tokenPayload.scope.split(" "));
6959
6958
  if (this.protectedEndpoints[h].scope) {
6960
6959
  for (let m of this.protectedEndpoints[h].scope ?? [])
6961
- if (!t.scope || !t.scope.includes(m) && this.protectedEndpoints[h].acceptSessionAuthorization != !0)
6960
+ if (!i.scope || !i.scope.includes(m) && this.protectedEndpoints[h].acceptSessionAuthorization != !0)
6962
6961
  return d.logger.warn(c({
6963
6962
  msg: "Access token does not have sufficient scope",
6964
- username: (v = t.user) == null ? void 0 : v.username,
6965
- url: t.url
6966
- })), t.scope = void 0, t.accessTokenPayload = void 0, t.user = void 0, t.authError = "access_denied", t.authErrorDescription = "Access token does not have sufficient scope", n.status(401).send(this.errorBody);
6963
+ username: (v = i.user) == null ? void 0 : v.username,
6964
+ url: i.url
6965
+ })), i.scope = void 0, i.accessTokenPayload = void 0, i.user = void 0, i.authError = "access_denied", i.authErrorDescription = "Access token does not have sufficient scope", n.status(401).send(this.errorBody);
6967
6966
  }
6968
- if (t.authType = "oauth", t.authError = f == null ? void 0 : f.error, (f == null ? void 0 : f.error) == "access_denied") {
6969
- const m = this.authenticateHeader(t);
6967
+ if (i.authType = "oauth", i.authError = f == null ? void 0 : f.error, (f == null ? void 0 : f.error) == "access_denied") {
6968
+ const m = this.authenticateHeader(i);
6970
6969
  return n.header("WWW-Authenticate", m).status(401).send(this.errorBody);
6971
6970
  } else if (f != null && f.error)
6972
6971
  return n.status(500).send(this.errorBody);
6973
- t.authErrorDescription = f == null ? void 0 : f.error_description, d.logger.debug(c({ msg: "Resource server url", url: t.url, authorized: t.accessTokenPayload != null }));
6972
+ i.authErrorDescription = f == null ? void 0 : f.error_description, d.logger.debug(c({ msg: "Resource server url", url: i.url, authorized: i.accessTokenPayload != null }));
6974
6973
  }
6975
6974
  });
6976
6975
  }
@@ -6996,8 +6995,8 @@ class es extends Ie {
6996
6995
  async authorized(o) {
6997
6996
  try {
6998
6997
  let s;
6999
- for (let t of this.tokenLocations)
7000
- if (t == "header") {
6998
+ for (let i of this.tokenLocations)
6999
+ if (i == "header") {
7001
7000
  const n = await this.tokenFromHeader(o);
7002
7001
  if (n) {
7003
7002
  s = n;
@@ -7013,8 +7012,8 @@ class es extends Ie {
7013
7012
  let r;
7014
7013
  if (s) {
7015
7014
  if (s.sub && this.userStorage) {
7016
- const t = await this.userStorage.getUserByUsername(s.sub);
7017
- t && (r = t.user), o.user = r;
7015
+ const i = await this.userStorage.getUserByUsername(s.sub);
7016
+ i && (r = i.user), o.user = r;
7018
7017
  } else s.sub && (o.user = {
7019
7018
  id: s.userid ?? s.sub,
7020
7019
  username: s.sub,
@@ -7126,9 +7125,9 @@ const K = class K {
7126
7125
  sessionAdapter: o,
7127
7126
  apiKey: s,
7128
7127
  oAuthAuthServer: r,
7129
- oAuthClient: t,
7128
+ oAuthClient: i,
7130
7129
  oAuthClients: n,
7131
- oAuthResServer: i
7130
+ oAuthResServer: t
7132
7131
  }, a = {}) {
7133
7132
  u(this, "views", "views");
7134
7133
  /** The Fastify app, which was either passed in the constructor or
@@ -7208,12 +7207,12 @@ const K = class K {
7208
7207
  { ...f, ...a, ...r.options }
7209
7208
  );
7210
7209
  }
7211
- if (t && this.oAuthClients)
7210
+ if (i && this.oAuthClients)
7212
7211
  throw new l(g.Configuration, "Do not use both oAuthClient and oAuthClients");
7213
- if (t && (this.oAuthClient = new we(
7212
+ if (i && (this.oAuthClient = new we(
7214
7213
  this,
7215
- t.authServerBaseUrl,
7216
- { ...a, ...t.options }
7214
+ i.authServerBaseUrl,
7215
+ { ...a, ...i.options }
7217
7216
  )), n) {
7218
7217
  this.oAuthClients = [];
7219
7218
  for (let f of n)
@@ -7225,10 +7224,10 @@ const K = class K {
7225
7224
  )
7226
7225
  );
7227
7226
  }
7228
- i && (this.audience = "", C("audience", k.String, this, a, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new es(
7227
+ t && (this.audience = "", C("audience", k.String, this, a, "OAUTH_AUDIENCE", !0), this.oAuthResServer = new es(
7229
7228
  this.app,
7230
7229
  [new Me(this.audience, a)],
7231
- { sessionAdapter: this.sessionAdapter, ...i.options, ...a }
7230
+ { sessionAdapter: this.sessionAdapter, ...t.options, ...a }
7232
7231
  ));
7233
7232
  }
7234
7233
  /**
@@ -7260,7 +7259,7 @@ const K = class K {
7260
7259
  * from calling `errorFn`.
7261
7260
  */
7262
7261
  async errorIfCsrfInvalid(e, o, s) {
7263
- var r, t;
7262
+ var r, i;
7264
7263
  try {
7265
7264
  if (!e.csrfToken) throw new l(g.InvalidCsrf);
7266
7265
  return { error: !1, reply: o };
@@ -7271,23 +7270,23 @@ const K = class K {
7271
7270
  }));
7272
7271
  try {
7273
7272
  if (s) {
7274
- const i = l.asCrossauthError(n);
7275
- return { error: !0, reply: await s(this, e, o, i) };
7273
+ const t = l.asCrossauthError(n);
7274
+ return { error: !0, reply: await s(this, e, o, t) };
7276
7275
  } else if ((r = this.sessionServer) != null && r.errorPage) {
7277
- const i = new l(g.InvalidCsrf, "CSRF Token not provided");
7276
+ const t = new l(g.InvalidCsrf, "CSRF Token not provided");
7278
7277
  return { error: !0, reply: o.status(401).view(
7279
- ((t = this.sessionServer) == null ? void 0 : t.errorPage) ?? "",
7278
+ ((i = this.sessionServer) == null ? void 0 : i.errorPage) ?? "",
7280
7279
  {
7281
- errorMessage: i.message,
7282
- errorMessages: i.messages,
7283
- status: i.httpStatus,
7280
+ errorMessage: t.message,
7281
+ errorMessages: t.messages,
7282
+ status: t.httpStatus,
7284
7283
  errorCode: g.InvalidCsrf,
7285
7284
  errorCodeName: g[g.InvalidCsrf]
7286
7285
  }
7287
7286
  ) };
7288
7287
  }
7289
- } catch (i) {
7290
- return d.logger.error(c({ err: i })), { error: !0, reply: o.status(401).send(z) };
7288
+ } catch (t) {
7289
+ return d.logger.error(c({ err: t })), { error: !0, reply: o.status(401).send(z) };
7291
7290
  }
7292
7291
  return { error: !0, reply: o.status(401).send(z) };
7293
7292
  }
@@ -7305,7 +7304,7 @@ const K = class K {
7305
7304
  * from calling `errorFn`.
7306
7305
  */
7307
7306
  async errorIfNotLoggedIn(e, o, s) {
7308
- var r, t, n;
7307
+ var r, i, n;
7309
7308
  if (!e.user) {
7310
7309
  d.logger.warn(c({
7311
7310
  msg: "Attempt to access url without csrf token",
@@ -7313,14 +7312,14 @@ const K = class K {
7313
7312
  }));
7314
7313
  try {
7315
7314
  if (s) {
7316
- const i = new l(
7315
+ const t = new l(
7317
7316
  g.Unauthorized,
7318
7317
  "User is not logged in"
7319
7318
  );
7320
- return await s(this, e, o, i);
7319
+ return await s(this, e, o, t);
7321
7320
  } else if ((r = this.sessionServer) != null && r.errorPage)
7322
7321
  return o.status(401).view(
7323
- ((t = this.sessionServer) == null ? void 0 : t.errorPage) ?? "",
7322
+ ((i = this.sessionServer) == null ? void 0 : i.errorPage) ?? "",
7324
7323
  {
7325
7324
  errorMessage: "User is not logged in",
7326
7325
  status: 401,
@@ -7328,9 +7327,9 @@ const K = class K {
7328
7327
  codeName: g[g.Unauthorized]
7329
7328
  }
7330
7329
  );
7331
- } catch (i) {
7332
- return d.logger.debug(c({ err: i })), d.logger.error(c({
7333
- cerr: i,
7330
+ } catch (t) {
7331
+ return d.logger.debug(c({ err: t })), d.logger.error(c({
7332
+ cerr: t,
7334
7333
  hashedSessionCookie: (n = this.sessionServer) == null ? void 0 : n.getHashOfSessionId(e)
7335
7334
  })), o.status(401).send(z);
7336
7335
  }
@@ -7357,8 +7356,8 @@ const K = class K {
7357
7356
  * @returns the reply from rendering the error page.
7358
7357
  *
7359
7358
  */
7360
- static sendPageError(e, o, s, r, t) {
7361
- if (!r || !t)
7359
+ static sendPageError(e, o, s, r, i) {
7360
+ if (!r || !i)
7362
7361
  return d.logger.warn(c({
7363
7362
  msg: r,
7364
7363
  errorCode: g.UnknownError,
@@ -7372,15 +7371,15 @@ const K = class K {
7372
7371
  }
7373
7372
  ) : e.status(o).send(o == 401 ? z : G);
7374
7373
  try {
7375
- let n = 0, i = "UnknownError";
7376
- if ("isCrossAuthError" in t) {
7377
- const a = l.asCrossauthError(t);
7378
- n = a.code, i = a.name, r || (r = t.message);
7374
+ let n = 0, t = "UnknownError";
7375
+ if ("isCrossAuthError" in i) {
7376
+ const a = l.asCrossauthError(i);
7377
+ n = a.code, t = a.name, r || (r = i.message);
7379
7378
  }
7380
- return r || (o == 401 ? (r = "You are not authorized to access this page", n = g.Unauthorized, i = g[n]) : o == 403 ? (r = "You do not have permission to access this page", n = g.Forbidden, i = g[n]) : r = "An unknwon error has occurred"), d.logger.warn(c({
7379
+ return r || (o == 401 ? (r = "You are not authorized to access this page", n = g.Unauthorized, t = g[n]) : o == 403 ? (r = "You do not have permission to access this page", n = g.Forbidden, t = g[n]) : r = "An unknwon error has occurred"), d.logger.warn(c({
7381
7380
  msg: r,
7382
7381
  errorCode: n,
7383
- errorCodeName: i,
7382
+ errorCodeName: t,
7384
7383
  httpStatus: o
7385
7384
  })), s ? e.status(o).view(
7386
7385
  s,
@@ -7388,7 +7387,7 @@ const K = class K {
7388
7387
  status: o,
7389
7388
  errorMessage: r,
7390
7389
  errorCode: n,
7391
- errorCodeName: i
7390
+ errorCodeName: t
7392
7391
  }
7393
7392
  ) : e.status(o).send(o == 401 ? z : G);
7394
7393
  } catch (n) {