@crossauth/sveltekit 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/LICENSE +203 -0
  2. package/README.md +12 -0
  3. package/dist/index.cjs +7018 -0
  4. package/dist/index.d.ts +37 -0
  5. package/dist/index.js +7018 -0
  6. package/dist/sveltekitadminclientendpoints.d.ts +150 -0
  7. package/dist/sveltekitadminendpoints.d.ts +369 -0
  8. package/dist/sveltekitapikey.d.ts +48 -0
  9. package/dist/sveltekitoauthclient.d.ts +704 -0
  10. package/dist/sveltekitoauthserver.d.ts +406 -0
  11. package/dist/sveltekitresserver.d.ts +101 -0
  12. package/dist/sveltekitserver.d.ts +286 -0
  13. package/dist/sveltekitsession.d.ts +629 -0
  14. package/dist/sveltekitsessionadapter.d.ts +48 -0
  15. package/dist/sveltekitsharedclientendpoints.d.ts +289 -0
  16. package/dist/sveltekituserclientendpoints.d.ts +151 -0
  17. package/dist/sveltekituserendpoints.d.ts +730 -0
  18. package/dist/tests/sveltekitadminclientendpoints.test.d.ts +6 -0
  19. package/dist/tests/sveltekitadminendpoints.test.d.ts +6 -0
  20. package/dist/tests/sveltekitapikeyserver.test.d.ts +1 -0
  21. package/dist/tests/sveltekitoauthclient.test.d.ts +11 -0
  22. package/dist/tests/sveltekitoauthresserver.test.d.ts +10 -0
  23. package/dist/tests/sveltekitoauthserver.test.d.ts +6 -0
  24. package/dist/tests/sveltekituserclientendpoints.test.d.ts +6 -0
  25. package/dist/tests/sveltekituserendpoints.test.d.ts +6 -0
  26. package/dist/tests/sveltemock.test.d.ts +1 -0
  27. package/dist/tests/sveltemocks.d.ts +77 -0
  28. package/dist/tests/sveltesessionhooks.test.d.ts +1 -0
  29. package/dist/tests/testshared.d.ts +79 -0
  30. package/dist/utils.d.ts +38 -0
  31. package/package.json +52 -0
package/dist/sveltekituserendpoints.d.ts ADDED
@@ -0,0 +1,730 @@
1
+ import { SveltekitEndpoint } from './sveltekitserver';
2
+ import { SvelteKitSessionServer, SvelteKitSessionServerOptions } from './sveltekitsession';
3
+ import { User, UserInputFields, CrossauthError } from '@crossauth/common';
4
+ import { RequestEvent } from '@sveltejs/kit';
5
+
6
+ /**
7
+ * Return type for {@link SvelteKitUserEndpoints.login},
8
+ * {@link SvelteKitUserEndpoints.loginFactor2} and the
9
+ * {@link SvelteKitUserEndpoints.loginEndpoint} action.
10
+ *
11
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
12
+ */
13
+ export type LoginReturn = {
14
+ user?: User;
15
+ error?: string;
16
+ exception?: CrossauthError;
17
+ formData?: {
18
+ [key: string]: string;
19
+ };
20
+ factor2Required?: boolean;
21
+ ok: boolean;
22
+ };
23
+ /**
24
+ * Return type for {@link SvelteKitUserEndpoints.logout}
25
+ * {@link SvelteKitUserEndpoints.logoutEndpoint} action.
26
+ *
27
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
28
+ */
29
+ export type LogoutReturn = {
30
+ ok: boolean;
31
+ error?: string;
32
+ exception?: CrossauthError;
33
+ };
34
+ /**
35
+ * Return type for {@link SvelteKitUserEndpoints.signuput}
36
+ * {@link SvelteKitUserEndpoints.signupEndpoint} action.
37
+ *
38
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
39
+ */
40
+ export type SignupReturn = {
41
+ user?: UserInputFields;
42
+ factor2Data?: {
43
+ userData: {
44
+ [key: string]: any;
45
+ };
46
+ username: string;
47
+ csrfToken?: string | undefined;
48
+ factor2: string;
49
+ };
50
+ error?: string;
51
+ exception?: CrossauthError;
52
+ formData?: {
53
+ [key: string]: string | undefined;
54
+ };
55
+ ok: boolean;
56
+ factor2Required?: boolean;
57
+ emailVerificationRequired?: boolean;
58
+ };
59
+ /**
60
+ * Return type for {@link SvelteKitUserEndpoints.configureFactor2}
61
+ * {@link SvelteKitUserEndpoints.configureFactor2Endpoint} action.
62
+ *
63
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
64
+ */
65
+ export type ConfigureFactor2Return = {
66
+ user?: UserInputFields;
67
+ factor2Data?: {
68
+ userData: {
69
+ [key: string]: any;
70
+ };
71
+ username: string;
72
+ csrfToken?: string | undefined;
73
+ factor2: string;
74
+ };
75
+ error?: string;
76
+ exception?: CrossauthError;
77
+ formData?: {
78
+ [key: string]: string | undefined;
79
+ };
80
+ ok: boolean;
81
+ emailVerificationRequired?: boolean;
82
+ };
83
+ /**
84
+ * Return type for {@link SvelteKitUserEndpoints.verifyEmail}
85
+ * {@link SvelteKitUserEndpoints.verifyEmailEndpoint} action.
86
+ *
87
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
88
+ */
89
+ export type VerifyEmailReturn = {
90
+ user?: User;
91
+ error?: string;
92
+ exception?: CrossauthError;
93
+ ok: boolean;
94
+ };
95
+ /**
96
+ * Return type for {@link SvelteKitUserEndpoints.requestPasswordReset}
97
+ * {@link SvelteKitUserEndpoints.resetPasswordEndpoint} action.
98
+ *
99
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
100
+ */
101
+ export type RequestPasswordResetReturn = {
102
+ user?: User;
103
+ formData?: {
104
+ [key: string]: string | undefined;
105
+ };
106
+ error?: string;
107
+ exception?: CrossauthError;
108
+ ok: boolean;
109
+ };
110
+ /**
111
+ * Return type for {@link SvelteKitUserEndpoints.resetPassword}
112
+ * {@link SvelteKitUserEndpoints.validatePasswordResetToken} and the
113
+ * {@link SvelteKitUserEndpoints.passwordResetTokenEndpoint} action.
114
+ *
115
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
116
+ */
117
+ export type ResetPasswordReturn = {
118
+ user?: User;
119
+ formData?: {
120
+ [key: string]: string | undefined;
121
+ };
122
+ error?: string;
123
+ exception?: CrossauthError;
124
+ ok: boolean;
125
+ };
126
+ /**
127
+ * Return type for {@link SvelteKitUserEndpoints.requestFactor2}
128
+ * {@link SvelteKitUserEndpoints.factor2Endpoint} action.
129
+ *
130
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
131
+ */
132
+ export type RequestFactor2Return = {
133
+ ok: boolean;
134
+ action?: string;
135
+ factor2?: string;
136
+ error?: string;
137
+ exception?: CrossauthError;
138
+ csrfToken?: string;
139
+ };
140
+ /**
141
+ * Return type for {@link SvelteKitUserEndpoints.changePassword}
142
+ * {@link SvelteKitUserEndpoints.changePasswordEndpoint} action.
143
+ *
144
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
145
+ */
146
+ export type ChangePasswordReturn = {
147
+ user?: User;
148
+ error?: string;
149
+ exception?: CrossauthError;
150
+ formData?: {
151
+ [key: string]: string;
152
+ };
153
+ ok: boolean;
154
+ };
155
+ /**
156
+ * Return type for {@link SvelteKitUserEndpoints.changeFactor2}
157
+ * {@link SvelteKitUserEndpoints.changeFactor2Endpoint} action.
158
+ *
159
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
160
+ */
161
+ export type ChangeFactor2Return = {
162
+ user?: User;
163
+ error?: string;
164
+ exception?: CrossauthError;
165
+ formData?: {
166
+ [key: string]: string;
167
+ };
168
+ ok: boolean;
169
+ factor2Data?: {
170
+ userData: {
171
+ [key: string]: any;
172
+ };
173
+ username: string;
174
+ csrfToken?: string | undefined;
175
+ factor2: string;
176
+ };
177
+ };
178
+ /**
179
+ * Return type for {@link SvelteKitUserEndpoints.deleteUser}
180
+ * {@link SvelteKitUserEndpoints.deleteUserEndpoint} action.
181
+ *
182
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
183
+ */
184
+ export type DeleteUserReturn = {
185
+ user?: User;
186
+ error?: string;
187
+ exception?: CrossauthError;
188
+ ok: boolean;
189
+ };
190
+ /**
191
+ * Return type for {@link SvelteKitUserEndpoints.updateUser}
192
+ * {@link SvelteKitUserEndpoints.updateUserEndpoint} action.
193
+ *
194
+ * See class documentation for {@link SvelteKitUserEndpoints} for more details.
195
+ */
196
+ export type UpdateUserReturn = {
197
+ user?: User;
198
+ error?: string;
199
+ exception?: CrossauthError;
200
+ formData?: {
201
+ [key: string]: string;
202
+ };
203
+ emailVerificationNeeded: boolean;
204
+ ok: boolean;
205
+ };
206
+ /**
207
+ * Provides endpoints for users to login, logout and maintain their
208
+ * own account.
209
+ *
210
+ * This is created automatically when {@link SveltekitServer} is instantiated.
211
+ * The endpoints are available through `SveltekitServer.sessionServer.userEndpoints`.
212
+ *
213
+ * The methods in this class are designed to be used in
214
+ * `+*_server.ts` files in the `load` and `actions` exports. You can
215
+ * either use the low-level functions such as {@link changePassword} or use
216
+ * the `action` and `load` members of the endpoint objects.
217
+ * For example, for {@link changePasswordEndpoint}
218
+ *
219
+ * ```
220
+ * export const load = crossauth.sessionServer?.userEndpoints.changeFactor2Endpoint.load ?? crossauth.dummyLoad;
221
+ * export const actions = crossauth.sessionServer?.userEndpoints.changeFactor2Endpoint.actions ?? crossauth.dummyActions;
222
+ * ```
223
+ * The `?? crossauth.dummyLoad` and `?? crossauth.dummyActions` is to stop
224
+ * typescript complaining as the `sessionServer` member of the
225
+ * {@link @crossauth/sveltekit/SveltekitServer} object may be undefined, because
226
+ * some application do not have a session server.
227
+ *
228
+ * **Endpoints**
229
+ *
230
+ * | Name | Description | PageData (returned by load) | ActionData (return by actions) | Form fields expected by actions | URL param |
231
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
232
+ * | baseEndpoint | This PageData is returned by all endpoints' load function. | - `user` logged in {@link @crossauth/common!User} | *Not provided* | | |
233
+ * | | | - `csrfToken` CSRF token if enabled | | | | | loginPage |
234
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
235
+ * | signupEndpoint | Create a user and sign in | - `allowedFactor2` array of: | `default`: | `default`: | |
236
+ * | | | - `name` name that is in user's `factor2` | - see {@link SveltekitEndpoint.signup} return | - see {@link SveltekitUserEndpoint.signup} event | |
237
+ * | | | - `friendlyName` for showing in form | | | |
238
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
239
+ * | loginEndpoint | Logs a user in | - `next` page to redirect to on ok | `login`: starts login | `login`: | |
240
+ * | | | | - see {@link SveltekitEndpoint.login} return | - see {@link SveltekitUserEndpoint.login} event | |
241
+ * | | | | `factor2`: submit 2FA data to complete login | `factor2`: | |
242
+ * | | | | - see {@link SveltekitEndpoint.loginFactor2} return | - see {@link SveltekitUserEndpoint.loginFactor2} event | |
243
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
244
+ * | factor2Endpoint | Called when 2FA authentication is needed | See {@link SvelteKitUserEndpoints.requestFactor2} return | *Not provided* | | |
245
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
246
+ * | logoutEndpoint | Logs a user out | Just `baseEndpoint` data | `default`: | `default`: | |
247
+ * | | | | - see {@link SveltekitUserEndpoint.logout} return | - see {@link SveltekitUserEndpoint.logout} event | |
248
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
249
+ * | changeFactor2Endpoint | Change user's factor2 method or reconfigure existing | - `next` page to redirect to on ok | `change`: change to a different factor2 | `change`: | |
250
+ * | | | - `required` if true, this was called because the user must | - see {@link SveltekitUserEndpoint.changeFactor2} return | - see {@link SveltekitUserEndpoint.changeFactor2} event | |
251
+ * | | | eg if user's `state` set to `factor2ResetRequired` | `factor2`: submit 2FA data to complete login | `factor2`: | |
252
+ * | | | - `username` the user's username (`user` not set if not fully logged in yet) | - see {@link SveltekitUserEndpoint.loginFactor2} return | - see {@link SveltekitUserEndpoint.loginFactor2} event | |
253
+ * | | | - `allowedFactor2` see PageData for `signupEndpoint` | | | |
254
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
255
+ * | changePasswordEndpoint | Change user's factor2 method or reconfigure existing | - `next` page to redirect to on ok | `default`: | `default`: | |
256
+ * | | | - `required` if true, this was called because the user must | - see {@link SveltekitUserEndpoint.changePassword} return | - see {@link SveltekitUserEndpoint.changePassword} event | |
257
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
258
+ * | configureFactor2Endpoint | Configure secrets for user's factor2 | Just `baseEndpoint` data | `default`: | `default`: | |
259
+ * | | | | - see {@link SveltekitUserEndpoint.configureFactor2} return | - see {@link SveltekitUserEndpoint.configureFactor2} event | |
260
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
261
+ * | deleteUserEndpoint | Delete the logged in user | Just `baseEndpoint` data | `default`: | `default`: | |
262
+ * | | | | - see {@link SveltekitUserEndpoint.deleteUser} return | - see {@link SveltekitUserEndpoint.deleteUser} event | |
263
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
264
+ * | resetPasswordEndpoint | Requests and password reset and emails token to user | - `next` page to redirect to on ok | `default`: | `default`: | |
265
+ * | | | - `required` if true, this was called because the user must | - see {@link SveltekitUserEndpoint.requestPasswordReset} return | - see {@link SveltekitUserEndpoint.requestPasswordReset} event | |
266
+ * | | | | | | |
267
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
268
+ * | passwordResetTokenEndpoint | Validates emailed token and executes a password reset | - `tokenValidates` true if the token is valid | `default`: | `default`: | `token` |
269
+ * | | | - `error` error message if token is not valid | - see {@link SveltekitUserEndpoint.resetPassword} return | - see {@link SveltekitUserEndpoint.resetPassword} event | |
270
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
271
+ * | updateUserEndpoint | Update currently-logged in user's details | - `allowedFactor2` see PageData for `signupEndpoint` | `default`: | `default`: | |
272
+ * | | | - `required` if true, this was called because the user must | - see {@link SveltekitUserEndpoint.updateUser} return | - see {@link SveltekitUserEndpoint.updateUser} event | |
273
+ * | -------------------------- | ---------------------------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------------------------- | --------------------------------------------------------------- | --------- |
274
+ * | verifyEmailTokenEndpoint | Validates an email verification token emailed to user | - `user` corresponding {@link @crossauth/common!User} if token is valid | *None provided* | | `token` |
275
+ * | | | - `error` error message if token validation failed | | | |
276
+ * | | | - `ok` true if validation was successful, false otherwise | | | |
277
+ */
278
+ export declare class SvelteKitUserEndpoints {
279
+ private sessionServer;
280
+ private changePasswordUrl;
281
+ private changeFactor2Url;
282
+ private requestPasswordResetUrl;
283
+ private loginRedirectUrl;
284
+ private loginUrl;
285
+ private addToSession?;
286
+ constructor(sessionServer: SvelteKitSessionServer, options: SvelteKitSessionServerOptions);
287
+ /** Returns whether there is a user logged in with a cookie-based session
288
+ */
289
+ isSessionUser(event: RequestEvent): boolean;
290
+ /**
291
+ * A user can edit his or her account if they are logged in with
292
+ * session management, or are logged in with some other means and
293
+ * e`ditUserScope` has been set and is included in the user's scopes.
294
+ * @param request the Fastify request
295
+ * @returns true or false
296
+ */
297
+ canEditUser(event: RequestEvent): boolean | "" | undefined;
298
+ /**
299
+ * Log a user in if possible.
300
+ *
301
+ * Form data is returned unless there was
302
+ * an error extrafting it. User is returned if log in was successful.
303
+ * Error messge and exception are returned if not successful.
304
+ *
305
+ * @param event the Sveltekit event. The fields needed are:
306
+ *
307
+ * - `username`.
308
+ * - *secrets* (eg `password`).
309
+ * - `repeat_`*secrets* (eg `repeat_password`).
310
+ *
311
+ * The secrets are authenticator-dependent.
312
+ *
313
+ * @returns object with:
314
+ *
315
+ * - `success` true if login was successful, false otherwise.
316
+ * even if factor2 authentication is required, this will still
317
+ * be true if there was no error.
318
+ * - `user` the user if login was successful
319
+ * - `formData` the form fields extracted from the request
320
+ * - `error` an error message or undefined
321
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
322
+ * exception was raised
323
+ * - `factor2Required` if true, second factor authentication is needed
324
+ * to complete login
325
+ */
326
+ login(event: RequestEvent): Promise<LoginReturn>;
327
+ /**
328
+ * This is called after the user has been validated to log the user in
329
+ */
330
+ private loginWithUser;
331
+ /**
332
+ * Log a user out.
333
+ *
334
+ * Deletes the session if the user was logged in and clears session
335
+ * and CSRF cookies (if CSRF protection is enabled)
336
+ *
337
+ * @param event the Sveltekit event
338
+ *
339
+ * @returns object with:
340
+ *
341
+ * - `success` true if logout was successful, false otherwise.
342
+ * - `error` an error message or undefined
343
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
344
+ * exception was raised
345
+ */
346
+ logout(event: RequestEvent): Promise<LogoutReturn>;
347
+ /**
348
+ * Creates an account.
349
+ *
350
+ * Form data is returned unless there was an error extrafting it.
351
+ *
352
+ * Initiates user login if creation was successful.
353
+ *
354
+ * If login was successful, no factor2 is needed
355
+ * and no email verification is needed, the user is returned.
356
+ *
357
+ * If email verification is needed, `emailVerificationRequired` is
358
+ * returned as `true`.
359
+ *
360
+ * If factor2 configuration is required, `factor2Required` is returned
361
+ * as `true`.
362
+ *
363
+ * @param event the Sveltekit event. The form fields used are
364
+ * - `username` the desired username
365
+ * - `factor2` which must be in the `allowedFactor2` option passed
366
+ * to the constructor.
367
+ * - *secrets* (eg `password`) which are factor1 authenticator specific
368
+ * - `repeat_`*secrets* (eg `repeat_password`)
369
+ * - `user_*` anything prefixed with `user` that is also in
370
+ * - the `userEditableFields` option passed when constructing the
371
+ * user storage object will be added to the {@link @crossuath/common!User}
372
+ * object (with `user_` removed).
373
+ *
374
+ * @returns object with:
375
+ *
376
+ * - `ok` true if creation and login were successful,
377
+ * false otherwise.
378
+ * even if factor2 authentication is required, this will still
379
+ * be true if there was no error.
380
+ * - `user` the user if login was successful
381
+ * - `formData` the form fields extracted from the request
382
+ * - `error` an error message or undefined
383
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
384
+ * exception was raised
385
+ * - `factor2Required` if true, second factor authentication is needed
386
+ * to complete login
387
+ * - `factor2Data` contains data that needs to be passed to the user's
388
+ * chosen factor2 authenticator
389
+ * - `emailVerificationRequired` if true, the user needs to click on
390
+ * the link emailed to them to complete signup.
391
+ */
392
+ signup(event: RequestEvent): Promise<SignupReturn>;
393
+ /**
394
+ * Takes email verification token from the params on the URL and attempts
395
+ * email verification.
396
+ *
397
+ * @param event the Sveltekit event. This should contain the URL
398
+ * parameter called `token`
399
+ *
400
+ * @returns object with:
401
+ *
402
+ * - `ok` true if creation and login were successful,
403
+ * false otherwise.
404
+ * even if factor2 authentication is required, this will still
405
+ * be true if there was no error.
406
+ * - `user` the user if successful
407
+ * - `formData` the form fields extracted from the request
408
+ * - `error` an error message or undefined
409
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
410
+ * exception was raised
411
+ * - `factor2Required` if true, second factor authentication is needed
412
+ * to complete login
413
+ * - `factor2Data` contains data that needs to be passed to the user's
414
+ * chosen factor2 authenticator
415
+ * - `emailVerificationRequired` if true, the user needs to click on
416
+ * the link emailed to them to complete signup.
417
+ */
418
+ verifyEmail(event: RequestEvent): Promise<VerifyEmailReturn>;
419
+ /**
420
+ * Completes factor2 configuration.
421
+ *
422
+ * 2FA configuration is initiated with {@link signup()}, or
423
+ * {@link changeFactor2()}. If these return successfully, call this
424
+ * function.
425
+ *
426
+ * @param event the Sveltekit event. This should contain fields
427
+ * required by the user's chosen authenticator.
428
+ *
429
+ * @returns object with:
430
+ *
431
+ * - `success` true if creation and login were successful,
432
+ * false otherwise.
433
+ * - `user` the user successful
434
+ * - `error` an error message or undefined
435
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
436
+ * exception was raised
437
+ * - `emailVerificationRequired` if true, the user needs to click on
438
+ * the link emailed to them to complete configuration.
439
+ */
440
+ configureFactor2(event: RequestEvent): Promise<ConfigureFactor2Return>;
441
+ /**
442
+ * Call this when `login()` returns `factor2Required = true`
443
+ *
444
+ * @param event the Sveltekit event. The fields needed are those
445
+ * required by the factor2 authenticator.
446
+ *
447
+ * @returns object with:
448
+ *
449
+ * - `success` true if login was successful, false otherwise.
450
+ * - `user` the user if login was successful
451
+ * - `formData` the form fields extracted from the request
452
+ * - `error` an error message or undefined
453
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
454
+ * exception was raised
455
+ */
456
+ loginFactor2(event: RequestEvent): Promise<LoginReturn>;
457
+ requestPasswordReset(event: RequestEvent): Promise<RequestPasswordResetReturn>;
458
+ /**
459
+ * Call this from the GET url the user clicks on to reset their password.
460
+ *
461
+ * If it is enabled, fetches the user for the token to confirm the token
462
+ * is valid.
463
+
464
+ * @param event the Sveltekit event. This should a `token` URL parameter.
465
+
466
+ * @returns object with:
467
+ *
468
+ * - `ok` true if creation and login were successful,
469
+ * false otherwise.
470
+ * - `user` the user successful
471
+ * - `error` an error message or undefined
472
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
473
+ * exception was raised
474
+ * - `formData` the form fields extracted from the request
475
+ */
476
+ validatePasswordResetToken(event: RequestEvent): Promise<ResetPasswordReturn>;
477
+ /**
478
+ * Call this from the POST url the user uses to fill in a new password
479
+ * after validating the token in the GET url with
480
+ * {@link validatePasswordResetToken}.
481
+ *
482
+ * @param event the Sveltekit event. This should contain
483
+ * - `new_`*secrets` (eg `new_password`) the new secret.
484
+ * - `repeat_`*secrets` (eg `repeat_password`) repeat of the new secret.
485
+
486
+ * @returns object with:
487
+ *
488
+ * - `ok` true if creation and login were successful,
489
+ * false otherwise.
490
+ * - `user` the user if successful
491
+ * - `error` an error message or undefined
492
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
493
+ * exception was raised
494
+ * - `formData` the form fields extracted from the request
495
+ */
496
+ resetPassword(event: RequestEvent): Promise<ResetPasswordReturn>;
497
+ /**
498
+ * Call this from your factor2 endpoint to fetch the data needed to
499
+ * display the factor2 form.
500
+ *
501
+ * This can only be called after 2FA has been initiated by visiting
502
+ * a page with factor2 protection, as defined by the
503
+ * `factor2ProtectedPageEndpoints` and `factor2ProtectedApiEndpoints`
504
+ * defined when constructing this class.
505
+ *
506
+ * @param event the Sveltekit event.
507
+
508
+ * @returns object with:
509
+ *
510
+ * - `ok` true if creation and login were successful,
511
+ * false otherwise.
512
+ * - `action` the URL to load on ok. This was the one originally
513
+ * requested by the user before being redirected to 2FA authentication.
514
+ * - `factor2` the user's factor2
515
+ * - `error` an error message or undefined
516
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
517
+ * exception was raised
518
+ */
519
+ requestFactor2(event: RequestEvent): Promise<RequestFactor2Return>;
520
+ /**
521
+ * Call this with POST data to change the logged-in user's password
522
+ *
523
+ * @param event the Sveltekit event. This should contain
524
+ * - `old_`*secrets` (eg `old_password`) the existing secret.
525
+ * - `new_`*secrets` (eg `new_password`) the new secret.
526
+ * - `repeat_`*secrets` (eg `repeat_password`) repeat of the new secret.
527
+
528
+ * @returns object with:
529
+ *
530
+ * - `ok` true if creation and login were successful,
531
+ * false otherwise.
532
+ * - `user` the user if successful
533
+ * - `error` an error message or undefined
534
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
535
+ * exception was raised
536
+ * - `formData` the form fields extracted from the request
537
+ */
538
+ changePassword(event: RequestEvent): Promise<ChangePasswordReturn>;
539
+ /**
540
+ * Call this to delete the logged-in user
541
+ *
542
+ * @param event the Sveltekit event.
543
+
544
+ * @returns object with:
545
+ *
546
+ * - `ok` true if creation and login were successful,
547
+ * false otherwise.
548
+ * - `error` an error message or undefined
549
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
550
+ * exception was raised
551
+ */
552
+ deleteUser(event: RequestEvent): Promise<DeleteUserReturn>;
553
+ /**
554
+ * Call this to update a user's details (apart from password and factor2)
555
+ *
556
+ * @param event the Sveltekit event. The form fields used are
557
+ * - `username` the desired username
558
+ * - `user_*` anything prefixed with `user` that is also in
559
+ * the `userEditableFields` option passed when constructing the
560
+ * user storage object will be added to the {@link @crossuath/common!User}
561
+ * object (with `user_` removed).
562
+ *
563
+ * @returns object with:
564
+ *
565
+ * - `ok` true if creation and login were successful,
566
+ * false otherwise.
567
+ * even if factor2 authentication is required, this will still
568
+ * be true if there was no error.
569
+ * - `user` the user if login was successful
570
+ * - `formData` the form fields extracted from the request
571
+ * - `error` an error message or undefined
572
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
573
+ * exception was raised
574
+ * - `emailVerificationRequired` if true, the user needs to click on
575
+ * the link emailed to them to complete signup.
576
+ */
577
+ updateUser(event: RequestEvent): Promise<UpdateUserReturn>;
578
+ /**
579
+ * Call this to change the logged in user's factor2.
580
+ *
581
+ * @param event the Sveltekit event. The form fields used are
582
+ * - `factor2` the new designed factor2, which must be in
583
+ * the `allowedFactor2` option passed to the constructor.
584
+ *
585
+ * @returns object with:
586
+ *
587
+ * - `ok` true if creation and login were successful,
588
+ * false otherwise.
589
+ * even if factor2 authentication is required, this will still
590
+ * be true if there was no error.
591
+ * - `user` the user if login was successful
592
+ * - `formData` the form fields extracted from the request
593
+ * - `error` an error message or undefined
594
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
595
+ * exception was raised
596
+ * - `factor2Data` the data to pass to the factor2 configuration page.
597
+ */
598
+ changeFactor2(event: RequestEvent): Promise<ChangeFactor2Return>;
599
+ /**
600
+ * Call this to reconfigure the current factor2 type.
601
+ *
602
+ * @param event the Sveltekit event.
603
+ *
604
+ * @returns object with:
605
+ *
606
+ * - `ok` true if creation and login were successful,
607
+ * false otherwise.
608
+ * even if factor2 authentication is required, this will still
609
+ * be true if there was no error.
610
+ * - `user` the user if login was successful
611
+ * - `formData` the form fields extracted from the request
612
+ * - `error` an error message or undefined
613
+ * - `exception` a {@link @crossauth/common!CrossauthError} if an
614
+ * exception was raised
615
+ * - `factor2Data` the data to pass to the factor2 configuration page.
616
+ */
617
+ reconfigureFactor2(event: RequestEvent): Promise<ChangeFactor2Return>;
618
+ baseEndpoint(event: RequestEvent): {
619
+ user: User | undefined;
620
+ csrfToken: string | undefined;
621
+ };
622
+ readonly signupEndpoint: {
623
+ load: (event: RequestEvent) => Promise<{
624
+ user: User | undefined;
625
+ csrfToken: string | undefined;
626
+ allowedFactor2: {
627
+ name: string;
628
+ friendlyName: string;
629
+ configurable: boolean;
630
+ }[];
631
+ }>;
632
+ actions: {
633
+ default: (event: RequestEvent) => Promise<SignupReturn>;
634
+ };
635
+ };
636
+ readonly loginEndpoint: {
637
+ load: (event: RequestEvent) => Promise<{
638
+ user: User | undefined;
639
+ csrfToken: string | undefined;
640
+ next: string;
641
+ }>;
642
+ actions: {
643
+ login: (event: RequestEvent) => Promise<LoginReturn>;
644
+ factor2: (event: RequestEvent) => Promise<LoginReturn>;
645
+ };
646
+ };
647
+ readonly factor2Endpoint: {
648
+ load: (event: RequestEvent) => Promise<RequestFactor2Return>;
649
+ };
650
+ readonly logoutEndpoint: {
651
+ actions: {
652
+ default: (event: RequestEvent) => Promise<LogoutReturn>;
653
+ };
654
+ load: (event: RequestEvent) => Promise<{
655
+ user: User | undefined;
656
+ csrfToken: string | undefined;
657
+ }>;
658
+ };
659
+ readonly changeFactor2Endpoint: {
660
+ actions: {
661
+ change: (event: RequestEvent) => Promise<ChangeFactor2Return>;
662
+ reconfigure: (event: RequestEvent) => Promise<ChangeFactor2Return>;
663
+ };
664
+ load: (event: RequestEvent) => Promise<{
665
+ user: User | undefined;
666
+ csrfToken: string | undefined;
667
+ username: string | undefined;
668
+ required?: boolean | undefined;
669
+ next?: string | undefined;
670
+ allowedFactor2: {
671
+ name: string;
672
+ friendlyName: string;
673
+ configurable: boolean;
674
+ }[];
675
+ }>;
676
+ };
677
+ readonly changePasswordEndpoint: {
678
+ actions: {
679
+ default: (event: RequestEvent) => Promise<ChangePasswordReturn>;
680
+ };
681
+ load: (event: RequestEvent) => Promise<{
682
+ user: User | undefined;
683
+ csrfToken: string | undefined;
684
+ required?: boolean | undefined;
685
+ next?: string | undefined;
686
+ }>;
687
+ };
688
+ readonly configureFactor2Endpoint: {
689
+ actions: {
690
+ default: (event: RequestEvent) => Promise<ConfigureFactor2Return>;
691
+ };
692
+ load: (event: RequestEvent) => Promise<{
693
+ user: User | undefined;
694
+ csrfToken: string | undefined;
695
+ }>;
696
+ };
697
+ readonly deleteUserEndpoint: {
698
+ actions: {
699
+ default: (event: RequestEvent) => Promise<DeleteUserReturn>;
700
+ };
701
+ load: (event: RequestEvent) => Promise<{
702
+ user: User | undefined;
703
+ csrfToken: string | undefined;
704
+ }>;
705
+ };
706
+ readonly resetPasswordEndpoint: {
707
+ actions: {
708
+ default: (event: RequestEvent) => Promise<RequestPasswordResetReturn>;
709
+ };
710
+ load: (event: RequestEvent) => Promise<{
711
+ user: User | undefined;
712
+ csrfToken: string | undefined;
713
+ required?: boolean | undefined;
714
+ next?: string | undefined;
715
+ }>;
716
+ };
717
+ readonly passwordResetTokenEndpoint: {
718
+ actions: {
719
+ default: (event: RequestEvent) => Promise<ResetPasswordReturn>;
720
+ };
721
+ load: (event: RequestEvent) => Promise<{
722
+ user: User | undefined;
723
+ csrfToken: string | undefined;
724
+ tokenValidated: boolean;
725
+ error: string | undefined;
726
+ }>;
727
+ };
728
+ readonly updateUserEndpoint: SveltekitEndpoint;
729
+ readonly verifyEmailTokenEndpoint: SveltekitEndpoint;
730
+ }