@digitaldefiance/node-express-suite-mongo 4.23.0

package/src/controllers/user.js

@@ -0,0 +1,944 @@
+"use strict";
+/**
+ * @fileoverview User controller handling authentication, registration, and user management endpoints.
+ * Provides comprehensive user operations including login, password management, and settings.
+ * @module controllers/user
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserController = void 0;
+const tslib_1 = require("tslib");
+const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
+const i18n_lib_1 = require("@digitaldefiance/i18n-lib");
+const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
+const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
+const express_validator_1 = require("express-validator");
+const zod_1 = require("zod");
+const node_express_suite_1 = require("@digitaldefiance/node-express-suite");
+const jwt_1 = require("../services/jwt");
+const request_user_1 = require("../services/request-user");
+const base_model_name_1 = require("../enumerations/base-model-name");
+const backup_code_1 = require("../services/backup-code");
+const role_1 = require("../services/role");
+const user_1 = require("../services/user");
+const mongo_transaction_1 = require("../utils/mongo-transaction");
+const isString = (v) => typeof v === 'string';
+const RegisterSchema = zod_1.z.object({
+    username: zod_1.z.string(),
+    email: zod_1.z.string(),
+    timezone: zod_1.z.string(),
+    password: zod_1.z.string().min(8).optional(),
+    mnemonic: zod_1.z.string().min(1).optional(),
+});
+const EmailLoginChallengeSchema = zod_1.z.object({
+    token: zod_1.z.string(),
+    signature: zod_1.z.string(),
+    email: zod_1.z.string().optional(),
+    username: zod_1.z.string().optional(),
+});
+const DirectLoginChallengeSchema = zod_1.z.object({
+    challenge: zod_1.z.string(),
+    signature: zod_1.z.string(),
+    email: zod_1.z.string().optional(),
+    username: zod_1.z.string().optional(),
+});
+/**
+ * User controller handling all user-related API endpoints.
+ * Manages authentication, registration, password operations, settings, and backup codes.
+ * @template TID Platform ID type
+ * @template TDate Date type
+ * @template TLanguage Site language string type
+ * @template TAccountStatus Account status string type
+ * @template TUser User base type
+ * @template TTokenRole Token role type
+ * @template TTokenUser Token user type
+ * @template TApplication Application type
+ */
+let UserController = class UserController extends node_express_suite_1.DecoratorBaseController {
+    userService;
+    jwtService;
+    backupCodeService;
+    roleService;
+    eciesService;
+    systemUser;
+    constructor(application, jwtService, userService, backupCodeService, roleService, eciesService) {
+        super(application);
+        this.jwtService = jwtService;
+        this.userService = userService;
+        this.backupCodeService = backupCodeService;
+        this.roleService = roleService;
+        this.eciesService = eciesService;
+        this.systemUser = node_express_suite_1.SystemUserService.getSystemUser(application.environment, application.constants);
+    }
+    async tokenVerifiedResponse(req, _res, _next) {
+        if (!req.user) {
+            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), {
+                statusCode: 401,
+            });
+        }
+        const user = {
+            id: req.user.id,
+            email: req.user.email,
+            username: req.user.username,
+            roles: req.user.roles || [],
+            rolePrivileges: req.user.rolePrivileges,
+            timezone: req.user.timezone,
+            currency: req.user.currency,
+            emailVerified: req.user.emailVerified,
+            darkMode: req.user.darkMode,
+            siteLanguage: req.user.siteLanguage,
+            directChallenge: req.user.directChallenge,
+            ...(req.user.lastLogin && { lastLogin: req.user.lastLogin }),
+        };
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenValid),
+                user,
+            },
+        };
+    }
+    async refreshToken(req, _res, _next) {
+        const token = (0, node_express_suite_1.findAuthToken)(req.headers);
+        if (!token) {
+            throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenMissing));
+        }
+        const tokenUser = await this.jwtService.verifyToken(token);
+        if (!tokenUser) {
+            throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenInvalid));
+        }
+        const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+        const userDoc = await UserModel.findById(tokenUser.userId).select('-password');
+        if (!userDoc || userDoc.accountStatus !== suite_core_lib_1.AccountStatus.Active) {
+            throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound));
+        }
+        const { token: newToken, roles } = await this.jwtService.signToken(userDoc, this.application.environment.jwtSecret, req.user?.siteLanguage ?? i18n_lib_1.LanguageCodes.EN_US);
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.TokenRefreshed),
+                user: request_user_1.RequestUserService.makeRequestUserDTO(userDoc, roles),
+                token: newToken,
+                serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+            },
+            headers: {
+                Authorization: `Bearer ${newToken}`,
+            },
+        };
+    }
+    async register(req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            return await (0, node_express_suite_1.requireValidatedFieldsAsync)(req, RegisterSchema, async ({ username, email, timezone, password, mnemonic }) => {
+                if (!isString(username) ||
+                    !isString(email) ||
+                    !isString(timezone)) {
+                    throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+                }
+                const { user, mnemonic: resultMnemonic, backupCodes, } = await this.userService.newUser(this.systemUser, {
+                    username: username.trim(),
+                    email: email.trim(),
+                    timezone: timezone,
+                }, undefined, undefined, sess, this.application.environment.debug, password, mnemonic);
+                await this.userService.createAndSendEmailToken(user, suite_core_lib_1.EmailTokenType.AccountVerification, sess, this.application.environment.debug);
+                return {
+                    statusCode: 201,
+                    response: {
+                        message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Registration_Success, { MNEMONIC: resultMnemonic }),
+                        mnemonic: resultMnemonic,
+                        backupCodes,
+                    },
+                };
+            });
+        }, {
+            timeoutMs: this.application.environment.mongo.transactionTimeout * 30,
+        });
+    }
+    async completeAccountVerification(_req, _res, _next) {
+        const { token } = this.validatedBody;
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            await this.userService.verifyAccountTokenAndComplete(token, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.EmailVerification_Success),
+                },
+            };
+        });
+    }
+    async setLanguage(req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { language } = this.validatedBody;
+            if (!req.user) {
+                throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+            }
+            const user = await this.userService.updateSiteLanguage(req.user.id, language, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LanguageUpdate_Success),
+                    user,
+                },
+            };
+        });
+    }
+    async setDarkMode(req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { darkMode } = this.validatedBody;
+            if (!req.user) {
+                throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+            }
+            const user = await this.userService.updateDarkMode(req.user.id, darkMode, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Settings_DarkModeSuccess),
+                    user,
+                },
+            };
+        });
+    }
+    async getSettings(req, _res, _next) {
+        if (!req.user) {
+            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+        }
+        const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+        const userDoc = await UserModel.findById(req.user.id);
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Settings_RetrievedSuccess),
+                settings: {
+                    email: userDoc?.email || '',
+                    timezone: userDoc?.timezone || '',
+                    currency: userDoc?.currency || '',
+                    siteLanguage: userDoc?.siteLanguage || '',
+                    darkMode: userDoc?.darkMode || false,
+                    directChallenge: userDoc?.directChallenge || false,
+                },
+            },
+        };
+    }
+    async updateSettings(req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { email, timezone, siteLanguage, currency, darkMode, directChallenge, } = this.validatedBody;
+            if (!req.user) {
+                throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+            }
+            const user = await this.userService.updateUserSettings(req.user.id, {
+                ...(email !== undefined && { email: email }),
+                ...(timezone !== undefined && { timezone: timezone }),
+                ...(siteLanguage !== undefined && {
+                    siteLanguage: siteLanguage,
+                }),
+                ...(currency !== undefined && { currency: currency }),
+                ...(darkMode !== undefined && { darkMode: darkMode }),
+                ...(directChallenge !== undefined && {
+                    directChallenge: directChallenge,
+                }),
+            }, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Settings_SaveSuccess),
+                    user,
+                },
+            };
+        });
+    }
+    async getBackupCodeCount(req, _res, _next) {
+        if (!req.user) {
+            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+        }
+        const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+        const user = await UserModel.findById(req.user.id);
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.BackupCodes_RetrievedSuccess),
+                codeCount: user?.backupCodes?.length || 0,
+            },
+        };
+    }
+    async resetBackupCodes(req, _res, _next) {
+        if (!req.user || !req.eciesUser || !req.eciesUser.hasPrivateKey) {
+            throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+        }
+        const newBackupCodes = await this.userService.resetUserBackupCodes(req.eciesUser, this.systemUser);
+        const codes = newBackupCodes.map((c) => c.notNullValue);
+        newBackupCodes.forEach((c) => c.dispose());
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.BackupCodeRecovery_YourNewCodes),
+                backupCodes: codes,
+            },
+        };
+    }
+    async recoverMnemonic(req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            if (!req.user) {
+                throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidCredentials)), { statusCode: 401 });
+            }
+            else if (!req.eciesUser) {
+                throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicOrPasswordRequired)), { statusCode: 401 });
+            }
+            const { password } = this.validatedBody;
+            if (!isString(password)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
+            const userDoc = await this.userService.findUserById(provider.idFromString(req.user.id), true, sess);
+            const mnemonic = await this.userService.recoverMnemonic(req.eciesUser, userDoc.mnemonicRecovery);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.MnemonicRecovery_Success),
+                    mnemonic: mnemonic.notNullValue,
+                },
+            };
+        });
+    }
+    async changePassword(req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { currentPassword, newPassword } = this.validatedBody;
+            if (!req.user) {
+                throw new i18n_lib_1.HandleableError(new Error((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_NoUserOnRequest)), { statusCode: 401 });
+            }
+            if (!isString(currentPassword) || !isString(newPassword)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            await this.userService.changePassword(req.user.id, currentPassword, newPassword, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordChange_Success),
+                },
+            };
+        });
+    }
+    async requestDirectLogin(_req, _res, _next) {
+        const challenge = this.userService.generateDirectLoginChallenge();
+        return {
+            statusCode: 200,
+            response: {
+                challenge: challenge,
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Login_ChallengeGenerated),
+                serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+            },
+        };
+    }
+    async directLoginChallenge(req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { username, email, challenge, signature } = this
+                .validatedBody;
+            const { userDoc } = await this.userService.verifyDirectLoginChallenge(String(challenge), String(signature), username ? String(username) : undefined, email ? String(email) : undefined, sess);
+            const { token: jwtToken, roles } = await this.jwtService.signToken(userDoc, this.application.environment.jwtSecret, req.user?.siteLanguage ?? i18n_lib_1.LanguageCodes.EN_US);
+            return {
+                statusCode: 200,
+                response: {
+                    user: request_user_1.RequestUserService.makeRequestUserDTO(userDoc, roles),
+                    token: jwtToken,
+                    serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LoggedIn_Success),
+                },
+            };
+        });
+    }
+    async requestEmailLogin(_req, _res, _next) {
+        const { username, email } = this.validatedBody;
+        try {
+            await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+                const userDoc = await this.userService.findUser(email, username, sess);
+                await this.userService.createAndSendEmailToken(userDoc, suite_core_lib_1.EmailTokenType.LoginRequest, sess, this.application.environment.debug);
+            });
+        }
+        catch {
+            // Suppress user-related errors for security
+        }
+        return {
+            statusCode: 200,
+            response: {
+                message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Email_TokenSent),
+            },
+        };
+    }
+    async emailLoginChallenge(req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { token, signature } = this.validatedBody;
+            const userDoc = await this.userService.validateEmailLoginTokenChallenge(String(token), String(signature), sess);
+            const { token: jwtToken, roles } = await this.jwtService.signToken(userDoc, this.application.environment.jwtSecret, req.user?.siteLanguage ?? i18n_lib_1.LanguageCodes.EN_US);
+            return {
+                statusCode: 200,
+                response: {
+                    user: request_user_1.RequestUserService.makeRequestUserDTO(userDoc, roles),
+                    token: jwtToken,
+                    serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.LoggedIn_Success),
+                },
+            };
+        });
+    }
+    async resendVerification(_req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { username, email } = this.validatedBody;
+            const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+            const query = {};
+            if (isString(username))
+                query.username = username;
+            else if (isString(email))
+                query.email = email;
+            else {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const user = await UserModel.findOne(query).session(sess ?? null);
+            if (!user) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UserNotFound), { statusCode: 404 });
+            }
+            await this.userService.resendEmailToken(user._id.toString(), suite_core_lib_1.EmailTokenType.AccountVerification, sess, this.application.environment.debug);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.EmailVerification_Resent),
+                },
+            };
+        });
+    }
+    async useBackupCodeLogin(_req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { code, newPassword, email, username } = this.validatedBody;
+            if (!code) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const recoverMnemonic = this.validatedBody?.['recoverMnemonic'] === 'true' ||
+                this.validatedBody?.['recoverMnemonic'] === true;
+            const userDoc = await this.userService.findUser(email, username, sess);
+            const { user, userDoc: updatedUserDoc, codeCount, } = await this.backupCodeService.recoverKeyWithBackupCode(userDoc, code, newPassword ? new ecies_lib_1.SecureString(newPassword) : undefined, sess);
+            let mnemonic;
+            if (recoverMnemonic) {
+                if (!updatedUserDoc) {
+                    throw new Error('User document not found after backup code recovery');
+                }
+                mnemonic = await this.userService.recoverMnemonic(user, updatedUserDoc.mnemonicRecovery);
+            }
+            const { token, roles } = await this.jwtService.signToken(userDoc, this.application.environment.jwtSecret, i18n_lib_1.LanguageCodes.EN_US);
+            if (!updatedUserDoc) {
+                throw new Error('User document not found after backup code recovery');
+            }
+            this.userService.updateLastLogin(updatedUserDoc._id).catch(() => { });
+            return {
+                statusCode: 200,
+                response: {
+                    user: request_user_1.RequestUserService.makeRequestUserDTO(userDoc, roles),
+                    token: token,
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.BackupCodeRecovery_Success),
+                    codeCount,
+                    ...(recoverMnemonic && mnemonic
+                        ? { mnemonic: mnemonic.value }
+                        : {}),
+                    serverPublicKey: this.application.environment.systemPublicKeyHex ?? '',
+                },
+            };
+        });
+    }
+    async forgotPassword(_req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { email } = this.validatedBody;
+            const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
+            if (!isString(email)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const user = await UserModel.findOne({
+                email: email.toLowerCase(),
+            }).session(sess ?? null);
+            if (!user || !user.passwordWrappedPrivateKey) {
+                return {
+                    statusCode: 200,
+                    response: {
+                        message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordReset_Success),
+                    },
+                };
+            }
+            // Mongoose document type doesn't exactly match UserDocument generic signature
+            // but the document has all required properties
+            await this.userService.createAndSendEmailToken(user, suite_core_lib_1.EmailTokenType.PasswordReset, sess, this.application.environment.debug);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordReset_Success),
+                },
+            };
+        });
+    }
+    async verifyResetToken(req, _res, _next) {
+        const token = req.query['token'];
+        if (!token) {
+            throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenMissing));
+        }
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            await this.userService.verifyEmailToken(token, suite_core_lib_1.EmailTokenType.PasswordReset, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenValid),
+                },
+            };
+        });
+    }
+    async resetPassword(_req, _res, _next) {
+        return await (0, mongo_transaction_1.withMongoTransaction)(this.application.db.connection, this.application.environment.mongo.useTransactions, undefined, async (sess) => {
+            const { token, newPassword, password, currentPassword, mnemonic } = this.validatedBody;
+            const selectedNewPassword = (newPassword ?? password);
+            if (!isString(token) || !isString(selectedNewPassword)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            const credential = mnemonic ??
+                currentPassword;
+            if (!isString(credential)) {
+                throw new suite_core_lib_1.GenericValidationError((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MissingValidatedData));
+            }
+            await this.userService.resetPasswordWithToken(token, selectedNewPassword, credential, sess);
+            return {
+                statusCode: 200,
+                response: {
+                    message: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.PasswordChange_Success),
+                },
+            };
+        });
+    }
+};
+exports.UserController = UserController;
+tslib_1.__decorate([
+    (0, node_express_suite_1.Get)('/verify', { auth: true }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "tokenVerifiedResponse", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Get)('/refresh-token', { auth: true }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "refreshToken", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/register', {
+        schema: RegisterSchema,
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)('username')
+                    .matches(constants.UsernameRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+                (0, express_validator_1.body)('email')
+                    .isEmail()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+                (0, express_validator_1.body)('timezone')
+                    .isString()
+                    .custom((value) => (0, i18n_lib_1.isValidTimezone)(value))
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TimezoneInvalid, undefined, validationLanguage)),
+                (0, express_validator_1.body)('password')
+                    .optional()
+                    .matches(constants.PasswordRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate)),
+                (0, express_validator_1.body)('mnemonic')
+                    .optional()
+                    .isString()
+                    .trim()
+                    .matches(constants.MnemonicRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicRegex, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "register", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/account-verification', {
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)('token')
+                    .not()
+                    .isEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenRequired, undefined, validationLanguage))
+                    .matches(new RegExp(`^[a-f0-9]{${constants.EmailTokenLength * 2}}$`))
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "completeAccountVerification", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/language', {
+        auth: true,
+        validation: function (validationLanguage) {
+            return [
+                (0, express_validator_1.body)('language')
+                    .isString()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidLanguage, undefined, validationLanguage))
+                    .isIn(Object.values(i18n_lib_1.LanguageCodes))
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidLanguage, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "setLanguage", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/dark-mode', {
+        auth: true,
+        validation: function (validationLanguage) {
+            return [
+                (0, express_validator_1.body)('darkMode')
+                    .isBoolean()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_Required, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "setDarkMode", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Get)('/settings', { auth: true }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "getSettings", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/settings', {
+        auth: true,
+        validation: function (validationLanguage) {
+            return [
+                (0, express_validator_1.body)('email')
+                    .optional()
+                    .isEmail()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+                (0, express_validator_1.body)('timezone')
+                    .optional()
+                    .isString()
+                    .custom((value) => (0, i18n_lib_1.isValidTimezone)(value))
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TimezoneInvalid, undefined, validationLanguage)),
+                (0, express_validator_1.body)('siteLanguage')
+                    .optional()
+                    .isString()
+                    .isIn(Object.values(i18n_lib_1.LanguageCodes))
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidLanguage, undefined, validationLanguage)),
+                (0, express_validator_1.body)('currency')
+                    .optional()
+                    .isString()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_CurrencyCodeRequired, undefined, validationLanguage)),
+                (0, express_validator_1.body)('darkMode')
+                    .optional()
+                    .isBoolean()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_Required, undefined, validationLanguage)),
+                (0, express_validator_1.body)('directChallenge')
+                    .optional()
+                    .isBoolean()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_Required, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "updateSettings", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Get)('/backup-codes', { auth: true }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "getBackupCodeCount", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/backup-codes', {
+        auth: true,
+        cryptoAuth: true,
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)().custom((value, { req }) => {
+                    if (!req.body?.password && !req.body?.mnemonic) {
+                        throw new node_express_suite_1.MnemonicOrPasswordRequiredError();
+                    }
+                    return true;
+                }),
+                (0, express_validator_1.body)('password')
+                    .optional()
+                    .notEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_CurrentPasswordRequired, undefined, validationLanguage)),
+                (0, express_validator_1.body)('mnemonic')
+                    .optional()
+                    .notEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicRequired, undefined, validationLanguage))
+                    .matches(constants.MnemonicRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicRegex, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "resetBackupCodes", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/recover-mnemonic', {
+        auth: true,
+        cryptoAuth: true,
+        validation: function (validationLanguage) {
+            return [
+                (0, express_validator_1.body)('password')
+                    .isString()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_CurrentPasswordRequired, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "recoverMnemonic", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/change-password', {
+        auth: true,
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)('currentPassword')
+                    .notEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_Required, undefined, validationLanguage)),
+                (0, express_validator_1.body)('newPassword')
+                    .matches(constants.PasswordRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate))
+                    .notEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_Required, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "changePassword", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/request-direct-login'),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "requestDirectLogin", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/direct-challenge', {
+        schema: DirectLoginChallengeSchema,
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)('challenge')
+                    .not()
+                    .isEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidChallenge, undefined, validationLanguage))
+                    .matches(new RegExp(`^[a-f0-9]{${(ecies_lib_1.UINT64_SIZE + 32 + ecies_lib_1.ECIES.SIGNATURE_SIZE) * 2}}$`))
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidChallenge, undefined, validationLanguage)),
+                (0, express_validator_1.body)('signature')
+                    .not()
+                    .isEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidSignature))
+                    .matches(new RegExp(`^[a-f0-9]{${ecies_lib_1.ECIES.SIGNATURE_SIZE * 2}}$`))
+                    .withMessage(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidSignature),
+                (0, express_validator_1.body)().custom((value, { req }) => {
+                    if (!req.body.username && !req.body.email) {
+                        throw new suite_core_lib_1.UsernameOrEmailRequiredError();
+                    }
+                    return true;
+                }),
+                (0, express_validator_1.body)('username')
+                    .optional()
+                    .matches(constants.UsernameRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+                (0, express_validator_1.body)('email')
+                    .optional()
+                    .isEmail()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "directLoginChallenge", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/request-email-login', {
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)().custom((value, { req }) => {
+                    if (!req.body.username && !req.body.email) {
+                        throw new suite_core_lib_1.UsernameOrEmailRequiredError();
+                    }
+                    return true;
+                }),
+                (0, express_validator_1.body)('username')
+                    .optional()
+                    .matches(constants.UsernameRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+                (0, express_validator_1.body)('email')
+                    .optional()
+                    .isEmail()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "requestEmailLogin", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/email-challenge', {
+        schema: EmailLoginChallengeSchema,
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)('token')
+                    .not()
+                    .isEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenRequired, undefined, validationLanguage))
+                    .matches(new RegExp(`^[a-f0-9]{${constants.EmailTokenLength * 2}}$`))
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken, undefined, validationLanguage)),
+                (0, express_validator_1.body)('signature')
+                    .not()
+                    .isEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidSignature))
+                    .matches(new RegExp(`^[a-f0-9]{${ecies_lib_1.ECIES.SIGNATURE_SIZE * 2}}$`))
+                    .withMessage(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidSignature),
+                (0, express_validator_1.body)().custom((value, { req }) => {
+                    if (!req.body.username && !req.body.email) {
+                        throw new suite_core_lib_1.UsernameOrEmailRequiredError();
+                    }
+                    return true;
+                }),
+                (0, express_validator_1.body)('username')
+                    .optional()
+                    .matches(constants.UsernameRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+                (0, express_validator_1.body)('email')
+                    .optional()
+                    .isEmail()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "emailLoginChallenge", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/resend-verification', {
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)().custom((value, { req }) => {
+                    if (!req.body.username && !req.body.email) {
+                        throw new suite_core_lib_1.UsernameOrEmailRequiredError();
+                    }
+                    return true;
+                }),
+                (0, express_validator_1.body)('username')
+                    .optional()
+                    .isString()
+                    .matches(constants.UsernameRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+                (0, express_validator_1.body)('email').optional().isEmail(),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "resendVerification", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/backup-code', {
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)('email').optional().isEmail(),
+                (0, express_validator_1.body)('username')
+                    .optional()
+                    .matches(constants.UsernameRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_UsernameRegexErrorTemplate, undefined, validationLanguage)),
+                (0, express_validator_1.body)('code')
+                    .custom((value) => {
+                    const normalized = node_express_suite_1.BackupCode.normalizeCode(value);
+                    return (constants.BACKUP_CODES.DisplayRegex.test(value) ||
+                        constants.BACKUP_CODES.NormalizedHexRegex.test(normalized));
+                })
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidBackupCode, undefined, validationLanguage)),
+                (0, express_validator_1.body)('recoverMnemonic').isBoolean().optional(),
+                (0, express_validator_1.body)('newPassword')
+                    .optional()
+                    .matches(constants.PasswordRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "useBackupCodeLogin", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/forgot-password', {
+        validation: function (validationLanguage) {
+            return [
+                (0, express_validator_1.body)('email')
+                    .isEmail()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidEmail, undefined, validationLanguage)),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "forgotPassword", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Get)('/verify-reset-token'),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "verifyResetToken", null);
+tslib_1.__decorate([
+    (0, node_express_suite_1.Post)('/reset-password', {
+        validation: function (validationLanguage) {
+            const constants = this.constants;
+            return [
+                (0, express_validator_1.body)('token')
+                    .not()
+                    .isEmpty()
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_TokenRequired, undefined, validationLanguage))
+                    .matches(new RegExp(`^[a-f0-9]{${constants.EmailTokenLength * 2}}$`))
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_InvalidToken, undefined, validationLanguage)),
+                (0, express_validator_1.body)('newPassword')
+                    .optional()
+                    .isLength({ min: 8 })
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordMinLengthTemplate, undefined, validationLanguage))
+                    .matches(constants.PasswordRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate, undefined, validationLanguage)),
+                (0, express_validator_1.body)('password')
+                    .optional()
+                    .isLength({ min: 8 })
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordMinLengthTemplate, undefined, validationLanguage))
+                    .matches(constants.PasswordRegex)
+                    .withMessage((0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Validation_PasswordRegexErrorTemplate, undefined, validationLanguage)),
+                (0, express_validator_1.body)('currentPassword').optional().isString(),
+                (0, express_validator_1.body)('mnemonic').optional().isString(),
+            ];
+        },
+    }),
+    tslib_1.__metadata("design:type", Function),
+    tslib_1.__metadata("design:paramtypes", [Object, Object, Function]),
+    tslib_1.__metadata("design:returntype", Promise)
+], UserController.prototype, "resetPassword", null);
+exports.UserController = UserController = tslib_1.__decorate([
+    (0, node_express_suite_1.Controller)(),
+    tslib_1.__metadata("design:paramtypes", [Object, jwt_1.JwtService,
+        user_1.UserService,
+        backup_code_1.BackupCodeService,
+        role_1.RoleService,
+        node_ecies_lib_1.ECIESService])
+], UserController);
+//# sourceMappingURL=user.js.map