@digitaldefiance/node-express-suite 4.22.2 → 4.23.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (441) hide show
  1. package/README.md +173 -407
  2. package/package.json +1 -5
  3. package/src/__tests__/fixtures/index.d.ts +1 -1
  4. package/src/__tests__/fixtures/index.d.ts.map +1 -1
  5. package/src/__tests__/fixtures/index.js +1 -2
  6. package/src/__tests__/fixtures/index.js.map +1 -1
  7. package/src/__tests__/helpers/index.d.ts +1 -3
  8. package/src/__tests__/helpers/index.d.ts.map +1 -1
  9. package/src/__tests__/helpers/index.js +1 -4
  10. package/src/__tests__/helpers/index.js.map +1 -1
  11. package/src/__tests__/index.d.ts.map +1 -1
  12. package/src/__tests__/index.js +1 -0
  13. package/src/__tests__/index.js.map +1 -1
  14. package/src/application.d.ts +8 -11
  15. package/src/application.d.ts.map +1 -1
  16. package/src/application.js +8 -17
  17. package/src/application.js.map +1 -1
  18. package/src/branded-responses/branded-api-responses.d.ts +10 -2
  19. package/src/branded-responses/branded-api-responses.d.ts.map +1 -1
  20. package/src/branded-responses/branded-api-responses.js +5 -0
  21. package/src/branded-responses/branded-api-responses.js.map +1 -1
  22. package/src/branded-responses/serializers.d.ts +4 -1
  23. package/src/branded-responses/serializers.d.ts.map +1 -1
  24. package/src/builders/index.d.ts +1 -1
  25. package/src/builders/index.d.ts.map +1 -1
  26. package/src/builders/index.js +1 -2
  27. package/src/builders/index.js.map +1 -1
  28. package/src/controllers/base.d.ts +5 -18
  29. package/src/controllers/base.d.ts.map +1 -1
  30. package/src/controllers/base.js +7 -62
  31. package/src/controllers/base.js.map +1 -1
  32. package/src/controllers/index.d.ts +1 -1
  33. package/src/controllers/index.d.ts.map +1 -1
  34. package/src/controllers/index.js +2 -1
  35. package/src/controllers/index.js.map +1 -1
  36. package/src/controllers/openapi.d.ts +3 -3
  37. package/src/controllers/openapi.d.ts.map +1 -1
  38. package/src/controllers/openapi.js.map +1 -1
  39. package/src/enumerations/index.d.ts +0 -2
  40. package/src/enumerations/index.d.ts.map +1 -1
  41. package/src/enumerations/index.js +0 -2
  42. package/src/enumerations/index.js.map +1 -1
  43. package/src/environment.d.ts +4 -3
  44. package/src/environment.d.ts.map +1 -1
  45. package/src/environment.js +3 -1
  46. package/src/environment.js.map +1 -1
  47. package/src/errors/index.d.ts +0 -3
  48. package/src/errors/index.d.ts.map +1 -1
  49. package/src/errors/index.js +0 -3
  50. package/src/errors/index.js.map +1 -1
  51. package/src/index.d.ts +1 -8
  52. package/src/index.d.ts.map +1 -1
  53. package/src/index.js +1 -11
  54. package/src/index.js.map +1 -1
  55. package/src/interfaces/controller-config.d.ts +1 -2
  56. package/src/interfaces/controller-config.d.ts.map +1 -1
  57. package/src/interfaces/document-store.d.ts +3 -2
  58. package/src/interfaces/document-store.d.ts.map +1 -1
  59. package/src/interfaces/document-store.js +3 -3
  60. package/src/interfaces/document-store.js.map +1 -1
  61. package/src/interfaces/documents/base.d.ts +24 -0
  62. package/src/interfaces/documents/base.d.ts.map +1 -0
  63. package/src/interfaces/documents/base.js +13 -0
  64. package/src/interfaces/documents/base.js.map +1 -0
  65. package/src/interfaces/documents/email-token.d.ts +15 -0
  66. package/src/interfaces/documents/email-token.d.ts.map +1 -0
  67. package/src/interfaces/documents/email-token.js +7 -0
  68. package/src/interfaces/{models → documents}/email-token.js.map +1 -1
  69. package/src/interfaces/documents/index.d.ts +25 -0
  70. package/src/interfaces/documents/index.d.ts.map +1 -0
  71. package/src/interfaces/documents/index.js +20 -0
  72. package/src/interfaces/documents/index.js.map +1 -0
  73. package/src/interfaces/documents/mnemonic.d.ts +15 -0
  74. package/src/interfaces/documents/mnemonic.d.ts.map +1 -0
  75. package/src/interfaces/documents/mnemonic.js +7 -0
  76. package/src/interfaces/{models → documents}/mnemonic.js.map +1 -1
  77. package/src/interfaces/documents/role.d.ts +15 -0
  78. package/src/interfaces/documents/role.d.ts.map +1 -0
  79. package/src/interfaces/documents/role.js +7 -0
  80. package/src/interfaces/{models → documents}/role.js.map +1 -1
  81. package/src/interfaces/documents/used-direct-login-token.d.ts +15 -0
  82. package/src/interfaces/documents/used-direct-login-token.d.ts.map +1 -0
  83. package/src/interfaces/documents/used-direct-login-token.js +7 -0
  84. package/src/interfaces/{models → documents}/used-direct-login-token.js.map +1 -1
  85. package/src/interfaces/documents/user-role.d.ts +15 -0
  86. package/src/interfaces/documents/user-role.d.ts.map +1 -0
  87. package/src/interfaces/documents/user-role.js +7 -0
  88. package/src/interfaces/{models → documents}/user-role.js.map +1 -1
  89. package/src/interfaces/documents/user.d.ts +16 -0
  90. package/src/interfaces/documents/user.d.ts.map +1 -0
  91. package/src/interfaces/documents/user.js +7 -0
  92. package/src/interfaces/{models → documents}/user.js.map +1 -1
  93. package/src/interfaces/environment.d.ts +3 -2
  94. package/src/interfaces/environment.d.ts.map +1 -1
  95. package/src/interfaces/index.d.ts +3 -10
  96. package/src/interfaces/index.d.ts.map +1 -1
  97. package/src/interfaces/index.js +3 -10
  98. package/src/interfaces/index.js.map +1 -1
  99. package/src/interfaces/jwt-service.d.ts +27 -0
  100. package/src/interfaces/jwt-service.d.ts.map +1 -0
  101. package/src/interfaces/jwt-service.js +10 -0
  102. package/src/interfaces/jwt-service.js.map +1 -0
  103. package/src/interfaces/role-service.d.ts +55 -0
  104. package/src/interfaces/role-service.d.ts.map +1 -0
  105. package/src/interfaces/role-service.js +10 -0
  106. package/src/interfaces/role-service.js.map +1 -0
  107. package/src/interfaces/server-init-result.d.ts +10 -18
  108. package/src/interfaces/server-init-result.d.ts.map +1 -1
  109. package/src/interfaces/server-init-result.js +4 -2
  110. package/src/interfaces/server-init-result.js.map +1 -1
  111. package/src/plugins/database-plugin.d.ts +12 -0
  112. package/src/plugins/database-plugin.d.ts.map +1 -1
  113. package/src/plugins/index.d.ts +0 -1
  114. package/src/plugins/index.d.ts.map +1 -1
  115. package/src/plugins/index.js +0 -1
  116. package/src/plugins/index.js.map +1 -1
  117. package/src/routers/index.d.ts +0 -1
  118. package/src/routers/index.d.ts.map +1 -1
  119. package/src/routers/index.js +0 -1
  120. package/src/routers/index.js.map +1 -1
  121. package/src/services/abstract-jwt-service.d.ts +34 -0
  122. package/src/services/abstract-jwt-service.d.ts.map +1 -0
  123. package/src/services/abstract-jwt-service.js +68 -0
  124. package/src/services/abstract-jwt-service.js.map +1 -0
  125. package/src/services/abstract-role-service.d.ts +61 -0
  126. package/src/services/abstract-role-service.d.ts.map +1 -0
  127. package/src/services/abstract-role-service.js +69 -0
  128. package/src/services/abstract-role-service.js.map +1 -0
  129. package/src/services/base.d.ts +10 -13
  130. package/src/services/base.d.ts.map +1 -1
  131. package/src/services/base.js +7 -21
  132. package/src/services/base.js.map +1 -1
  133. package/src/services/index.d.ts +2 -15
  134. package/src/services/index.d.ts.map +1 -1
  135. package/src/services/index.js +2 -15
  136. package/src/services/index.js.map +1 -1
  137. package/src/testing.d.ts +1 -1
  138. package/src/testing.d.ts.map +1 -1
  139. package/src/testing.js +1 -1
  140. package/src/testing.js.map +1 -1
  141. package/src/types.d.ts +6 -17
  142. package/src/types.d.ts.map +1 -1
  143. package/src/types.js.map +1 -1
  144. package/src/utils.d.ts +5 -34
  145. package/src/utils.d.ts.map +1 -1
  146. package/src/utils.js +24 -165
  147. package/src/utils.js.map +1 -1
  148. package/src/__tests__/fixtures/model-mocks.mock.d.ts +0 -12
  149. package/src/__tests__/fixtures/model-mocks.mock.d.ts.map +0 -1
  150. package/src/__tests__/fixtures/model-mocks.mock.js +0 -102
  151. package/src/__tests__/fixtures/model-mocks.mock.js.map +0 -1
  152. package/src/__tests__/helpers/application.mock.d.ts +0 -8
  153. package/src/__tests__/helpers/application.mock.d.ts.map +0 -1
  154. package/src/__tests__/helpers/application.mock.js +0 -85
  155. package/src/__tests__/helpers/application.mock.js.map +0 -1
  156. package/src/__tests__/helpers/setup-test-env.d.ts +0 -13
  157. package/src/__tests__/helpers/setup-test-env.d.ts.map +0 -1
  158. package/src/__tests__/helpers/setup-test-env.js +0 -133
  159. package/src/__tests__/helpers/setup-test-env.js.map +0 -1
  160. package/src/builders/application-builder.d.ts +0 -53
  161. package/src/builders/application-builder.d.ts.map +0 -1
  162. package/src/builders/application-builder.js +0 -91
  163. package/src/builders/application-builder.js.map +0 -1
  164. package/src/controllers/user.d.ts +0 -66
  165. package/src/controllers/user.d.ts.map +0 -1
  166. package/src/controllers/user.js +0 -949
  167. package/src/controllers/user.js.map +0 -1
  168. package/src/documents/base.d.ts +0 -15
  169. package/src/documents/base.d.ts.map +0 -1
  170. package/src/documents/base.js +0 -8
  171. package/src/documents/base.js.map +0 -1
  172. package/src/documents/email-token.d.ts +0 -15
  173. package/src/documents/email-token.d.ts.map +0 -1
  174. package/src/documents/email-token.js +0 -8
  175. package/src/documents/email-token.js.map +0 -1
  176. package/src/documents/index.d.ts +0 -8
  177. package/src/documents/index.d.ts.map +0 -1
  178. package/src/documents/index.js +0 -3
  179. package/src/documents/index.js.map +0 -1
  180. package/src/documents/mnemonic.d.ts +0 -16
  181. package/src/documents/mnemonic.d.ts.map +0 -1
  182. package/src/documents/mnemonic.js +0 -8
  183. package/src/documents/mnemonic.js.map +0 -1
  184. package/src/documents/role.d.ts +0 -15
  185. package/src/documents/role.d.ts.map +0 -1
  186. package/src/documents/role.js +0 -8
  187. package/src/documents/role.js.map +0 -1
  188. package/src/documents/used-direct-login-token.d.ts +0 -16
  189. package/src/documents/used-direct-login-token.d.ts.map +0 -1
  190. package/src/documents/used-direct-login-token.js +0 -8
  191. package/src/documents/used-direct-login-token.js.map +0 -1
  192. package/src/documents/user-role.d.ts +0 -16
  193. package/src/documents/user-role.d.ts.map +0 -1
  194. package/src/documents/user-role.js +0 -8
  195. package/src/documents/user-role.js.map +0 -1
  196. package/src/documents/user.d.ts +0 -16
  197. package/src/documents/user.d.ts.map +0 -1
  198. package/src/documents/user.js +0 -8
  199. package/src/documents/user.js.map +0 -1
  200. package/src/enumerations/base-model-name.d.ts +0 -43
  201. package/src/enumerations/base-model-name.d.ts.map +0 -1
  202. package/src/enumerations/base-model-name.js +0 -39
  203. package/src/enumerations/base-model-name.js.map +0 -1
  204. package/src/enumerations/schema-collection.d.ts +0 -39
  205. package/src/enumerations/schema-collection.d.ts.map +0 -1
  206. package/src/enumerations/schema-collection.js +0 -43
  207. package/src/enumerations/schema-collection.js.map +0 -1
  208. package/src/errors/invalid-model.d.ts +0 -18
  209. package/src/errors/invalid-model.d.ts.map +0 -1
  210. package/src/errors/invalid-model.js +0 -26
  211. package/src/errors/invalid-model.js.map +0 -1
  212. package/src/errors/model-not-registered.d.ts +0 -18
  213. package/src/errors/model-not-registered.d.ts.map +0 -1
  214. package/src/errors/model-not-registered.js +0 -26
  215. package/src/errors/model-not-registered.js.map +0 -1
  216. package/src/errors/mongoose-validation.d.ts +0 -28
  217. package/src/errors/mongoose-validation.d.ts.map +0 -1
  218. package/src/errors/mongoose-validation.js +0 -33
  219. package/src/errors/mongoose-validation.js.map +0 -1
  220. package/src/interfaces/api-mongo-validation-error-response.d.ts +0 -16
  221. package/src/interfaces/api-mongo-validation-error-response.d.ts.map +0 -1
  222. package/src/interfaces/api-mongo-validation-error-response.js +0 -8
  223. package/src/interfaces/api-mongo-validation-error-response.js.map +0 -1
  224. package/src/interfaces/database-init-result-tx.d.ts +0 -27
  225. package/src/interfaces/database-init-result-tx.d.ts.map +0 -1
  226. package/src/interfaces/database-init-result-tx.js +0 -3
  227. package/src/interfaces/database-init-result-tx.js.map +0 -1
  228. package/src/interfaces/db-init-result.d.ts +0 -16
  229. package/src/interfaces/db-init-result.d.ts.map +0 -1
  230. package/src/interfaces/db-init-result.js +0 -8
  231. package/src/interfaces/db-init-result.js.map +0 -1
  232. package/src/interfaces/discriminator-collections.d.ts +0 -17
  233. package/src/interfaces/discriminator-collections.d.ts.map +0 -1
  234. package/src/interfaces/discriminator-collections.js +0 -8
  235. package/src/interfaces/discriminator-collections.js.map +0 -1
  236. package/src/interfaces/environment-mongo.d.ts +0 -86
  237. package/src/interfaces/environment-mongo.d.ts.map +0 -1
  238. package/src/interfaces/environment-mongo.js +0 -8
  239. package/src/interfaces/environment-mongo.js.map +0 -1
  240. package/src/interfaces/models/email-token.d.ts +0 -12
  241. package/src/interfaces/models/email-token.d.ts.map +0 -1
  242. package/src/interfaces/models/email-token.js +0 -8
  243. package/src/interfaces/models/index.d.ts +0 -8
  244. package/src/interfaces/models/index.d.ts.map +0 -1
  245. package/src/interfaces/models/index.js +0 -11
  246. package/src/interfaces/models/index.js.map +0 -1
  247. package/src/interfaces/models/mnemonic.d.ts +0 -13
  248. package/src/interfaces/models/mnemonic.d.ts.map +0 -1
  249. package/src/interfaces/models/mnemonic.js +0 -8
  250. package/src/interfaces/models/role.d.ts +0 -12
  251. package/src/interfaces/models/role.d.ts.map +0 -1
  252. package/src/interfaces/models/role.js +0 -8
  253. package/src/interfaces/models/token-role.d.ts +0 -19
  254. package/src/interfaces/models/token-role.d.ts.map +0 -1
  255. package/src/interfaces/models/token-role.js +0 -8
  256. package/src/interfaces/models/token-role.js.map +0 -1
  257. package/src/interfaces/models/used-direct-login-token.d.ts +0 -19
  258. package/src/interfaces/models/used-direct-login-token.d.ts.map +0 -1
  259. package/src/interfaces/models/used-direct-login-token.js +0 -8
  260. package/src/interfaces/models/user-role.d.ts +0 -19
  261. package/src/interfaces/models/user-role.d.ts.map +0 -1
  262. package/src/interfaces/models/user-role.js +0 -8
  263. package/src/interfaces/models/user.d.ts +0 -21
  264. package/src/interfaces/models/user.d.ts.map +0 -1
  265. package/src/interfaces/models/user.js +0 -8
  266. package/src/interfaces/mongo-application.d.ts +0 -35
  267. package/src/interfaces/mongo-application.d.ts.map +0 -1
  268. package/src/interfaces/mongo-application.js +0 -10
  269. package/src/interfaces/mongo-application.js.map +0 -1
  270. package/src/interfaces/mongo-errors.d.ts +0 -13
  271. package/src/interfaces/mongo-errors.d.ts.map +0 -1
  272. package/src/interfaces/mongo-errors.js +0 -8
  273. package/src/interfaces/mongo-errors.js.map +0 -1
  274. package/src/interfaces/mongoose-document-store.d.ts +0 -42
  275. package/src/interfaces/mongoose-document-store.d.ts.map +0 -1
  276. package/src/interfaces/mongoose-document-store.js +0 -10
  277. package/src/interfaces/mongoose-document-store.js.map +0 -1
  278. package/src/interfaces/schema.d.ts +0 -37
  279. package/src/interfaces/schema.d.ts.map +0 -1
  280. package/src/interfaces/schema.js +0 -8
  281. package/src/interfaces/schema.js.map +0 -1
  282. package/src/interfaces/test-environment.d.ts +0 -22
  283. package/src/interfaces/test-environment.d.ts.map +0 -1
  284. package/src/interfaces/test-environment.js +0 -8
  285. package/src/interfaces/test-environment.js.map +0 -1
  286. package/src/model-registry.d.ts +0 -79
  287. package/src/model-registry.d.ts.map +0 -1
  288. package/src/model-registry.js +0 -97
  289. package/src/model-registry.js.map +0 -1
  290. package/src/models/email-token.d.ts +0 -24
  291. package/src/models/email-token.d.ts.map +0 -1
  292. package/src/models/email-token.js +0 -16
  293. package/src/models/email-token.js.map +0 -1
  294. package/src/models/index.d.ts +0 -7
  295. package/src/models/index.d.ts.map +0 -1
  296. package/src/models/index.js +0 -10
  297. package/src/models/index.js.map +0 -1
  298. package/src/models/mnemonic.d.ts +0 -24
  299. package/src/models/mnemonic.d.ts.map +0 -1
  300. package/src/models/mnemonic.js +0 -27
  301. package/src/models/mnemonic.js.map +0 -1
  302. package/src/models/role.d.ts +0 -24
  303. package/src/models/role.d.ts.map +0 -1
  304. package/src/models/role.js +0 -27
  305. package/src/models/role.js.map +0 -1
  306. package/src/models/used-direct-login-token.d.ts +0 -24
  307. package/src/models/used-direct-login-token.d.ts.map +0 -1
  308. package/src/models/used-direct-login-token.js +0 -16
  309. package/src/models/used-direct-login-token.js.map +0 -1
  310. package/src/models/user-role.d.ts +0 -23
  311. package/src/models/user-role.d.ts.map +0 -1
  312. package/src/models/user-role.js +0 -26
  313. package/src/models/user-role.js.map +0 -1
  314. package/src/models/user.d.ts +0 -24
  315. package/src/models/user.d.ts.map +0 -1
  316. package/src/models/user.js +0 -27
  317. package/src/models/user.js.map +0 -1
  318. package/src/mongo-application-concrete.d.ts +0 -32
  319. package/src/mongo-application-concrete.d.ts.map +0 -1
  320. package/src/mongo-application-concrete.js +0 -49
  321. package/src/mongo-application-concrete.js.map +0 -1
  322. package/src/plugins/mongo-database-plugin.d.ts +0 -115
  323. package/src/plugins/mongo-database-plugin.d.ts.map +0 -1
  324. package/src/plugins/mongo-database-plugin.js +0 -234
  325. package/src/plugins/mongo-database-plugin.js.map +0 -1
  326. package/src/routers/api.d.ts +0 -60
  327. package/src/routers/api.d.ts.map +0 -1
  328. package/src/routers/api.js +0 -116
  329. package/src/routers/api.js.map +0 -1
  330. package/src/schemas/email-token.d.ts +0 -65
  331. package/src/schemas/email-token.d.ts.map +0 -1
  332. package/src/schemas/email-token.js +0 -68
  333. package/src/schemas/email-token.js.map +0 -1
  334. package/src/schemas/index.d.ts +0 -8
  335. package/src/schemas/index.d.ts.map +0 -1
  336. package/src/schemas/index.js +0 -11
  337. package/src/schemas/index.js.map +0 -1
  338. package/src/schemas/mnemonic.d.ts +0 -37
  339. package/src/schemas/mnemonic.d.ts.map +0 -1
  340. package/src/schemas/mnemonic.js +0 -41
  341. package/src/schemas/mnemonic.js.map +0 -1
  342. package/src/schemas/role.d.ts +0 -57
  343. package/src/schemas/role.d.ts.map +0 -1
  344. package/src/schemas/role.js +0 -102
  345. package/src/schemas/role.js.map +0 -1
  346. package/src/schemas/schema.d.ts +0 -62
  347. package/src/schemas/schema.d.ts.map +0 -1
  348. package/src/schemas/schema.js +0 -81
  349. package/src/schemas/schema.js.map +0 -1
  350. package/src/schemas/used-direct-login-token.d.ts +0 -49
  351. package/src/schemas/used-direct-login-token.d.ts.map +0 -1
  352. package/src/schemas/used-direct-login-token.js +0 -35
  353. package/src/schemas/used-direct-login-token.js.map +0 -1
  354. package/src/schemas/user-role.d.ts +0 -52
  355. package/src/schemas/user-role.d.ts.map +0 -1
  356. package/src/schemas/user-role.js +0 -67
  357. package/src/schemas/user-role.js.map +0 -1
  358. package/src/schemas/user.d.ts +0 -43
  359. package/src/schemas/user.d.ts.map +0 -1
  360. package/src/schemas/user.js +0 -214
  361. package/src/schemas/user.js.map +0 -1
  362. package/src/services/backup-code.d.ts +0 -120
  363. package/src/services/backup-code.d.ts.map +0 -1
  364. package/src/services/backup-code.js +0 -323
  365. package/src/services/backup-code.js.map +0 -1
  366. package/src/services/database-initialization.d.ts +0 -138
  367. package/src/services/database-initialization.d.ts.map +0 -1
  368. package/src/services/database-initialization.js +0 -913
  369. package/src/services/database-initialization.js.map +0 -1
  370. package/src/services/db-init-cache.d.ts +0 -18
  371. package/src/services/db-init-cache.d.ts.map +0 -1
  372. package/src/services/db-init-cache.js +0 -7
  373. package/src/services/db-init-cache.js.map +0 -1
  374. package/src/services/direct-login-token.d.ts +0 -28
  375. package/src/services/direct-login-token.d.ts.map +0 -1
  376. package/src/services/direct-login-token.js +0 -62
  377. package/src/services/direct-login-token.js.map +0 -1
  378. package/src/services/jwt.d.ts +0 -45
  379. package/src/services/jwt.d.ts.map +0 -1
  380. package/src/services/jwt.js +0 -105
  381. package/src/services/jwt.js.map +0 -1
  382. package/src/services/mnemonic.d.ts +0 -68
  383. package/src/services/mnemonic.d.ts.map +0 -1
  384. package/src/services/mnemonic.js +0 -120
  385. package/src/services/mnemonic.js.map +0 -1
  386. package/src/services/mongo-authentication-provider.d.ts +0 -27
  387. package/src/services/mongo-authentication-provider.d.ts.map +0 -1
  388. package/src/services/mongo-authentication-provider.js +0 -84
  389. package/src/services/mongo-authentication-provider.js.map +0 -1
  390. package/src/services/mongo-backup-code-store.d.ts +0 -40
  391. package/src/services/mongo-backup-code-store.d.ts.map +0 -1
  392. package/src/services/mongo-backup-code-store.js +0 -104
  393. package/src/services/mongo-backup-code-store.js.map +0 -1
  394. package/src/services/mongo-base.d.ts +0 -24
  395. package/src/services/mongo-base.d.ts.map +0 -1
  396. package/src/services/mongo-base.js +0 -28
  397. package/src/services/mongo-base.js.map +0 -1
  398. package/src/services/mongoose-collection.d.ts +0 -52
  399. package/src/services/mongoose-collection.d.ts.map +0 -1
  400. package/src/services/mongoose-collection.js +0 -326
  401. package/src/services/mongoose-collection.js.map +0 -1
  402. package/src/services/mongoose-database.d.ts +0 -64
  403. package/src/services/mongoose-database.d.ts.map +0 -1
  404. package/src/services/mongoose-database.js +0 -121
  405. package/src/services/mongoose-database.js.map +0 -1
  406. package/src/services/mongoose-document-store.d.ts +0 -109
  407. package/src/services/mongoose-document-store.d.ts.map +0 -1
  408. package/src/services/mongoose-document-store.js +0 -264
  409. package/src/services/mongoose-document-store.js.map +0 -1
  410. package/src/services/mongoose-session-adapter.d.ts +0 -39
  411. package/src/services/mongoose-session-adapter.d.ts.map +0 -1
  412. package/src/services/mongoose-session-adapter.js +0 -63
  413. package/src/services/mongoose-session-adapter.js.map +0 -1
  414. package/src/services/request-user.d.ts +0 -45
  415. package/src/services/request-user.d.ts.map +0 -1
  416. package/src/services/request-user.js +0 -90
  417. package/src/services/request-user.js.map +0 -1
  418. package/src/services/role.d.ts +0 -97
  419. package/src/services/role.d.ts.map +0 -1
  420. package/src/services/role.js +0 -289
  421. package/src/services/role.js.map +0 -1
  422. package/src/services/user.d.ts +0 -368
  423. package/src/services/user.d.ts.map +0 -1
  424. package/src/services/user.js +0 -1495
  425. package/src/services/user.js.map +0 -1
  426. package/src/transactions/index.d.ts +0 -2
  427. package/src/transactions/index.d.ts.map +0 -1
  428. package/src/transactions/index.js +0 -5
  429. package/src/transactions/index.js.map +0 -1
  430. package/src/transactions/transaction-manager.d.ts +0 -37
  431. package/src/transactions/transaction-manager.d.ts.map +0 -1
  432. package/src/transactions/transaction-manager.js +0 -50
  433. package/src/transactions/transaction-manager.js.map +0 -1
  434. package/src/types/mongoose-helpers.d.ts +0 -16
  435. package/src/types/mongoose-helpers.d.ts.map +0 -1
  436. package/src/types/mongoose-helpers.js +0 -8
  437. package/src/types/mongoose-helpers.js.map +0 -1
  438. package/src/utils/default-mongo-uri-validator.d.ts +0 -15
  439. package/src/utils/default-mongo-uri-validator.d.ts.map +0 -1
  440. package/src/utils/default-mongo-uri-validator.js +0 -46
  441. package/src/utils/default-mongo-uri-validator.js.map +0 -1
package/src/services/user.js DELETED
@@ -1,1495 +0,0 @@
1
- "use strict";
2
- /**
3
- * @fileoverview Comprehensive user management service.
4
- * Handles user authentication, registration, password management, email verification,
5
- * mnemonic recovery, backup codes, and all user-related operations.
6
- * @module services/user
7
- */
8
- Object.defineProperty(exports, "__esModule", { value: true });
9
- exports.UserService = void 0;
10
- const tslib_1 = require("tslib");
11
- const ecies_lib_1 = require("@digitaldefiance/ecies-lib");
12
- const mongoose_types_1 = require("@digitaldefiance/mongoose-types");
13
- const node_ecies_lib_1 = require("@digitaldefiance/node-ecies-lib");
14
- const suite_core_lib_1 = require("@digitaldefiance/suite-core-lib");
15
- const suite_core_lib_2 = require("@digitaldefiance/suite-core-lib");
16
- const crypto_1 = require("crypto");
17
- const validator_1 = tslib_1.__importDefault(require("validator"));
18
- const backup_code_1 = require("../backup-code");
19
- const base_model_name_1 = require("../enumerations/base-model-name");
20
- const errors_1 = require("../errors");
21
- const mongoose_validation_1 = require("../errors/mongoose-validation");
22
- const model_registry_1 = require("../model-registry");
23
- const utils_1 = require("../utils");
24
- const base_1 = require("./base");
25
- const direct_login_token_1 = require("./direct-login-token");
26
- const mnemonic_1 = require("./mnemonic");
27
- const request_user_1 = require("./request-user");
28
- const system_user_1 = require("./system-user");
29
- /**
30
- * Comprehensive service for user management and authentication.
31
- * Provides methods for user creation, authentication (mnemonic/password/challenge),
32
- * email verification, password reset, backup code recovery, and settings management.
33
- * @template T - User document type
34
- * @template TID - Platform ID type
35
- * @template TDate - Date type
36
- * @template TLanguage - String type for site language
37
- * @template TAccountStatus - String type for account status
38
- * @template _TEnvironment - Environment type
39
- * @template _TConstants - Constants type
40
- * @template _TBaseDocument - Base document type
41
- * @template TUser - User base interface type
42
- * @template TTokenRole - Token role interface type
43
- * @template TApplication - Application interface type
44
- * @extends {BaseService<TID, TApplication>}
45
- */
46
- class UserService extends base_1.BaseService {
47
- roleService;
48
- eciesService;
49
- keyWrappingService;
50
- mnemonicService;
51
- emailService;
52
- backupCodeService;
53
- serverUrl;
54
- disableEmailSend;
55
- constructor(application, roleService, emailService, keyWrappingService, backupCodeService) {
56
- super(application);
57
- this.roleService = roleService;
58
- this.emailService = emailService;
59
- this.keyWrappingService = keyWrappingService;
60
- this.backupCodeService = backupCodeService;
61
- this.serverUrl = application.environment.serverUrl;
62
- this.disableEmailSend = application.environment.disableEmailSend;
63
- const config = {
64
- curveName: this.application.constants.ECIES.CURVE_NAME,
65
- primaryKeyDerivationPath: this.application.constants.ECIES.PRIMARY_KEY_DERIVATION_PATH,
66
- mnemonicStrength: this.application.constants.ECIES.MNEMONIC_STRENGTH,
67
- symmetricAlgorithm: this.application.constants.ECIES.SYMMETRIC_ALGORITHM_CONFIGURATION,
68
- symmetricKeyBits: this.application.constants.ECIES.SYMMETRIC.KEY_BITS,
69
- symmetricKeyMode: this.application.constants.ECIES.SYMMETRIC.MODE,
70
- };
71
- this.eciesService = new node_ecies_lib_1.ECIESService(config);
72
- const mnemonicModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.Mnemonic);
73
- this.mnemonicService = new mnemonic_1.MnemonicService(mnemonicModel, application.environment.mnemonicHmacSecret, this.application.constants);
74
- }
75
- /**
76
- * Given a User Document, make a User DTO
77
- * @param user a User Document
78
- * @returns An IUserDTO
79
- */
80
- static userToUserDTO(user) {
81
- const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
82
- const userId = user._id;
83
- return {
84
- ...(user instanceof mongoose_types_1.Document ? user.toObject() : user),
85
- _id: provider.validate(provider.toBytes(userId)) &&
86
- provider.idToString(userId),
87
- createdAt: (user.createdAt instanceof Date
88
- ? user.createdAt.toString()
89
- : user.createdAt),
90
- createdBy: provider.validate(provider.toBytes(user.createdBy)) &&
91
- provider.idToString(user.createdBy),
92
- updatedAt: (user.updatedAt instanceof Date
93
- ? user.updatedAt.toString()
94
- : user.updatedAt),
95
- updatedBy: provider.validate(provider.toBytes(user.updatedBy)) &&
96
- provider.idToString(user.updatedBy),
97
- ...(user.lastLogin
98
- ? {
99
- lastLogin: (user.lastLogin instanceof Date
100
- ? user.lastLogin.toString()
101
- : user.lastLogin),
102
- }
103
- : {}),
104
- ...(user.deletedAt
105
- ? {
106
- deletedAt: (user.deletedAt instanceof Date
107
- ? user.deletedAt.toString()
108
- : user.deletedAt),
109
- }
110
- : {}),
111
- ...(user.deletedBy
112
- ? {
113
- deletedBy: provider.validate(provider.toBytes(user.deletedBy)) &&
114
- provider.idToString(user.deletedBy),
115
- }
116
- : {}),
117
- };
118
- }
119
- /**
120
- * Given a User DTO, reconstitute ids and dates
121
- * @param user a User DTO
122
- * @returns An IUserBackendObject
123
- */
124
- hydrateUserDTOToBackend(user) {
125
- const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
126
- return {
127
- ...user,
128
- _id: provider.idFromString(user._id),
129
- ...(user.lastLogin ? { lastLogin: new Date(user.lastLogin) } : {}),
130
- createdAt: new Date(user.createdAt),
131
- createdBy: provider.idFromString(user.createdBy),
132
- updatedAt: new Date(user.updatedAt),
133
- updatedBy: provider.idFromString(user.updatedBy),
134
- ...(user.deletedAt ? { deletedAt: new Date(user.deletedAt) } : {}),
135
- ...(user.deletedBy
136
- ? {
137
- deletedBy: provider.idFromString(user.deletedBy),
138
- }
139
- : {}),
140
- ...(user.mnemonicId
141
- ? { mnemonicId: provider.idFromString(user.mnemonicId) }
142
- : {}),
143
- };
144
- }
145
- /**
146
- * Create a new email token to send to the user for email verification
147
- * @param userDoc The user to create the email token for
148
- * @param type The type of email token to create
149
- * @param session The session to use for the query
150
- * @returns The email token document
151
- */
152
- async createEmailToken(userDoc, type, session) {
153
- const EmailTokenModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.EmailToken);
154
- // If we already have a session, use it directly to avoid nested transactions
155
- if (session) {
156
- const now = new Date();
157
- const tokenData = {
158
- userId: userDoc._id,
159
- type: type,
160
- email: userDoc.email,
161
- token: (0, crypto_1.randomBytes)(this.application.constants.EmailTokenLength).toString('hex'),
162
- createdAt: now,
163
- updatedAt: now,
164
- expiresAt: new Date(now.getTime() + this.application.constants.EmailTokenExpiration),
165
- };
166
- // Use findOneAndUpdate with upsert to avoid duplicate key errors
167
- const emailToken = await EmailTokenModel.findOneAndUpdate({
168
- userId: userDoc._id,
169
- email: userDoc.email,
170
- type: type,
171
- }, tokenData, {
172
- upsert: true,
173
- new: true,
174
- session,
175
- });
176
- if (!emailToken) {
177
- throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateEmailToken);
178
- }
179
- return emailToken;
180
- }
181
- // Only create a new transaction if no session is provided
182
- return await this.withTransaction(async (sess) => {
183
- const now = new Date();
184
- const tokenData = {
185
- userId: userDoc._id,
186
- type: type,
187
- email: userDoc.email,
188
- token: (0, crypto_1.randomBytes)(this.application.constants.EmailTokenLength).toString('hex'),
189
- createdAt: now,
190
- updatedAt: now,
191
- expiresAt: new Date(now.getTime() + this.application.constants.EmailTokenExpiration),
192
- };
193
- // Use findOneAndUpdate with upsert to avoid duplicate key errors
194
- const emailToken = await EmailTokenModel.findOneAndUpdate({
195
- userId: userDoc._id,
196
- email: userDoc.email,
197
- type: type,
198
- }, tokenData, {
199
- upsert: true,
200
- new: true,
201
- session: sess,
202
- });
203
- if (!emailToken) {
204
- throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateEmailToken);
205
- }
206
- return emailToken;
207
- }, undefined, {
208
- timeoutMs: this.application.environment.mongo.transactionTimeout,
209
- retryAttempts: 2,
210
- });
211
- }
212
- /**
213
- * Create and send an email token to the user for email verification
214
- * @param user The user to send the email token to
215
- * @param type The type of email token to send
216
- * @param session The session to use for the query
217
- * @returns The email token document
218
- */
219
- async createAndSendEmailToken(user, type = suite_core_lib_1.EmailTokenType.AccountVerification, session, debug = false) {
220
- const emailToken = await this.createEmailToken(user, type, session);
221
- try {
222
- await this.sendEmailToken(emailToken, session, debug);
223
- }
224
- catch {
225
- // keep parity with previous behavior: continue returning token even if email send fails
226
- }
227
- return emailToken;
228
- }
229
- /**
230
- * Create and send an email token directly within an existing transaction
231
- * @param user The user to send the email token to
232
- * @param type The type of email token to send
233
- * @param session The session to use for the query (required)
234
- * @param debug Whether to enable debug logging
235
- * @returns The email token document
236
- */
237
- async createAndSendEmailTokenDirect(user, type = suite_core_lib_1.EmailTokenType.AccountVerification, session, debug = false) {
238
- const EmailTokenModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.EmailToken);
239
- // Create token directly within the existing session using upsert
240
- const now = new Date();
241
- const tokenData = {
242
- userId: user._id,
243
- type: type,
244
- email: user.email,
245
- token: (0, crypto_1.randomBytes)(this.application.constants.EmailTokenLength).toString('hex'),
246
- createdAt: now,
247
- updatedAt: now,
248
- expiresAt: new Date(now.getTime() + this.application.constants.EmailTokenExpiration),
249
- };
250
- // Use findOneAndUpdate with upsert to avoid duplicate key errors
251
- const emailToken = await EmailTokenModel.findOneAndUpdate({
252
- userId: user._id,
253
- email: user.email,
254
- type: type,
255
- }, tokenData, {
256
- upsert: true,
257
- new: true,
258
- session,
259
- });
260
- if (!emailToken) {
261
- throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToCreateEmailToken);
262
- }
263
- try {
264
- await this.sendEmailToken(emailToken, session, debug);
265
- }
266
- catch {
267
- // Ignore email send errors in direct token creation
268
- }
269
- return emailToken;
270
- }
271
- /**
272
- * Send an email token to the user for email verification
273
- * @param emailToken The email token to send
274
- * @param session The session to use for the query
275
- * @returns void
276
- */
277
- async sendEmailToken(emailToken, session, debug = false) {
278
- if (this.disableEmailSend) {
279
- (0, utils_1.debugLog)(debug, 'log', 'Email sending disabled for testing');
280
- // Still update lastSent and expiration to keep token valid during tests
281
- emailToken.lastSent = new Date();
282
- emailToken.expiresAt = new Date(Date.now() + this.application.constants.EmailTokenExpiration);
283
- await emailToken.save({ session });
284
- return;
285
- }
286
- if (emailToken.lastSent &&
287
- emailToken.lastSent.getTime() +
288
- this.application.constants.EmailTokenResendInterval >
289
- Date.now()) {
290
- throw new suite_core_lib_1.EmailTokenSentTooRecentlyError(emailToken.lastSent);
291
- }
292
- let subjectString;
293
- let bodyString;
294
- let url;
295
- switch (emailToken.type) {
296
- case suite_core_lib_1.EmailTokenType.AccountVerification:
297
- subjectString = suite_core_lib_1.SuiteCoreStringKey.Email_ConfirmationSubjectTemplate;
298
- bodyString = suite_core_lib_1.SuiteCoreStringKey.Email_ConfirmationBody;
299
- url = `${this.serverUrl}/verify-email?token=${emailToken.token}`;
300
- break;
301
- case suite_core_lib_1.EmailTokenType.PasswordReset:
302
- subjectString = suite_core_lib_1.SuiteCoreStringKey.Email_ResetPasswordSubjectTemplate;
303
- bodyString = suite_core_lib_1.SuiteCoreStringKey.Email_ResetPasswordBody;
304
- url = `${this.serverUrl}/forgot-password?token=${emailToken.token}`;
305
- break;
306
- case suite_core_lib_1.EmailTokenType.LoginRequest:
307
- subjectString = suite_core_lib_1.SuiteCoreStringKey.Email_LoginRequestSubjectTemplate;
308
- bodyString = suite_core_lib_1.SuiteCoreStringKey.Email_LoginRequestBody;
309
- url = `${this.serverUrl}/challenge?token=${emailToken.token}`;
310
- break;
311
- case suite_core_lib_1.EmailTokenType.MnemonicRecoveryRequest:
312
- case suite_core_lib_1.EmailTokenType.PrivateKeyRequest:
313
- default:
314
- throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_InvalidEmailTokenType);
315
- }
316
- const emailSubject = (0, suite_core_lib_1.getSuiteCoreTranslation)(subjectString);
317
- const emailText = `${(0, suite_core_lib_1.getSuiteCoreTranslation)(bodyString)}\r\n\r\n${url}`;
318
- const emailHtml = `<p>${(0, suite_core_lib_1.getSuiteCoreTranslation)(bodyString)}</p><br/><p><a href="${url}">${url}</a></p><p>${(0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Email_LinkExpiresInTemplate)}</p>`;
319
- try {
320
- // Use the EmailService to send the email
321
- await this.emailService.sendEmail(emailToken.email, emailSubject, emailText, emailHtml);
322
- // update last sent/expiration
323
- emailToken.lastSent = new Date();
324
- emailToken.expiresAt = new Date(Date.now() + this.application.constants.EmailTokenExpiration);
325
- await emailToken.save({ session });
326
- }
327
- catch {
328
- throw new suite_core_lib_1.EmailTokenFailedToSendError(emailToken.type);
329
- }
330
- }
331
- /**
332
- * Find a user by email or username and enforce account status checks
333
- * @param email Optional email
334
- * @param username Optional username
335
- * @param session Optional mongoose session
336
- * @throws UsernameOrEmailRequiredError if neither provided
337
- * @throws InvalidCredentialsError if not found or deleted
338
- * @throws AccountLockedError | PendingEmailVerificationError | AccountStatusError per status
339
- */
340
- async findUser(email, username, session) {
341
- if (!email && !username) {
342
- throw new suite_core_lib_2.UsernameOrEmailRequiredError();
343
- }
344
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
345
- let userDoc = null;
346
- try {
347
- if (email) {
348
- userDoc = await UserModel.findOne({
349
- email: email.toLowerCase(),
350
- })
351
- .session(session ?? null)
352
- .exec();
353
- }
354
- else if (username) {
355
- userDoc = await UserModel.findOne({ username })
356
- .collation({ locale: 'en', strength: 2 })
357
- .session(session ?? null)
358
- .exec();
359
- }
360
- }
361
- catch {
362
- // Database error in findUser - convert to InvalidCredentialsError for security
363
- throw new suite_core_lib_1.InvalidCredentialsError();
364
- }
365
- if (!userDoc || userDoc.deletedAt) {
366
- if (email) {
367
- throw new suite_core_lib_1.InvalidEmailError(ecies_lib_1.InvalidEmailErrorType.Missing);
368
- }
369
- throw new suite_core_lib_2.UserNotFoundError();
370
- }
371
- switch (userDoc.accountStatus) {
372
- case suite_core_lib_1.AccountStatus.Active:
373
- break;
374
- case suite_core_lib_1.AccountStatus.AdminLock:
375
- throw new suite_core_lib_1.AccountLockedError();
376
- case suite_core_lib_1.AccountStatus.PendingEmailVerification:
377
- throw new suite_core_lib_1.PendingEmailVerificationError();
378
- default:
379
- throw new suite_core_lib_1.AccountStatusError(userDoc.accountStatus);
380
- }
381
- return userDoc;
382
- }
383
- /**
384
- * Finds a user record by ID
385
- * @param userId The user ID
386
- * @param throwIfNotActive Whether to throw if the user is inactive
387
- * @param session The active session, if present
388
- * @returns The user document
389
- */
390
- async findUserById(userId, throwIfNotActive, session, select) {
391
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
392
- const baseQuery = UserModel.findById(userId).session(session ?? null);
393
- if (select) {
394
- // Always include fields needed for status checks
395
- const merged = this.ensureRequiredFieldsInProjection(select, [
396
- 'deletedAt',
397
- 'accountStatus',
398
- ]);
399
- baseQuery.select(merged);
400
- }
401
- const userDoc = (await baseQuery.exec());
402
- if (!userDoc || userDoc.deletedAt) {
403
- throw new suite_core_lib_2.UserNotFoundError();
404
- }
405
- if (throwIfNotActive) {
406
- switch (userDoc.accountStatus) {
407
- case suite_core_lib_1.AccountStatus.Active:
408
- break;
409
- case suite_core_lib_1.AccountStatus.AdminLock:
410
- throw new suite_core_lib_1.AccountLockedError();
411
- case suite_core_lib_1.AccountStatus.PendingEmailVerification:
412
- throw new suite_core_lib_1.PendingEmailVerificationError();
413
- default:
414
- throw new suite_core_lib_1.AccountStatusError(userDoc.accountStatus);
415
- }
416
- }
417
- return userDoc;
418
- }
419
- /**
420
- * Ensure required fields are present in a projection for queries that rely on them.
421
- * Supports string and object-style projections. For inclusion projections, adds fields.
422
- * For exclusion projections, ensures required fields are not excluded.
423
- */
424
- ensureRequiredFieldsInProjection(select, required) {
425
- if (typeof select === 'string') {
426
- const parts = select
427
- .split(/\s+/)
428
- .map((s) => s.trim())
429
- .filter(Boolean);
430
- const exclusions = new Set(parts.filter((p) => p.startsWith('-')).map((p) => p.slice(1)));
431
- // Remove exclusions on required fields
432
- for (const r of required) {
433
- exclusions.delete(r);
434
- }
435
- const cleaned = parts.filter((p) => !p.startsWith('-'));
436
- for (const r of required) {
437
- if (!cleaned.includes(r))
438
- cleaned.push(r);
439
- }
440
- const result = [...cleaned, ...[...exclusions].map((r) => `-${r}`)];
441
- return result.join(' ');
442
- }
443
- if (select && typeof select === 'object') {
444
- const proj = { ...select };
445
- const values = Object.values(proj);
446
- const hasInclusions = values.some((v) => v === 1 || v === true);
447
- if (hasInclusions) {
448
- for (const r of required) {
449
- proj[r] = 1;
450
- }
451
- }
452
- else {
453
- const keysToRemove = required.filter((r) => proj[r] === 0 || proj[r] === false || proj[r] === -1);
454
- keysToRemove.forEach((key) => delete proj[key]);
455
- }
456
- return proj;
457
- }
458
- return select;
459
- }
460
- /**
461
- * Fill in the default values to a user object
462
- * @param newUser The user object to fill in
463
- * @param createdBy The user ID of the user creating the new user
464
- * @returns The filled in user
465
- */
466
- fillUserDefaults(newUser, createdBy, backupCodes, encryptedMnemonic, userId) {
467
- return {
468
- ...(userId ? { _id: userId } : {}),
469
- timezone: 'UTC',
470
- ...newUser,
471
- email: newUser.email.toLowerCase(),
472
- emailVerified: false,
473
- darkMode: false,
474
- accountStatus: suite_core_lib_1.AccountStatus.PendingEmailVerification,
475
- siteLanguage: 'en-US',
476
- duressPasswords: [],
477
- publicKey: '',
478
- backupCodes,
479
- mnemonicRecovery: encryptedMnemonic,
480
- currency: 'USD',
481
- directChallenge: true,
482
- createdAt: new Date(),
483
- createdBy: createdBy,
484
- updatedAt: new Date(),
485
- updatedBy: createdBy,
486
- };
487
- }
488
- /**
489
- * Create a new user document from an IUser and unhashed password
490
- * @param newUser The user object
491
- * @returns The new user document
492
- */
493
- async makeUserDoc(newUser) {
494
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
495
- const newUserDoc = new UserModel(newUser);
496
- const validationError = newUserDoc.validateSync();
497
- if (validationError) {
498
- throw new mongoose_validation_1.MongooseValidationError(validationError.errors);
499
- }
500
- return newUserDoc;
501
- }
502
- /**
503
- * Create a new user.
504
- * Do not set createdBy to a new (non-existing) ObjectId unless you also set newUserId to it.
505
- * If newUserId is not set, one will be generated.
506
- * @param systemUser The system user performing the operation
507
- * @param userData Username, email, password in a ICreateUserBasics object
508
- * @param createdBy The user id of the user creating the user
509
- * @param newUserId the user id of the new user object- usually the createdBy user id.
510
- * @param session The session to use for the query
511
- * @param debug Whether to log debug information
512
- * @param password The password to use for the new user (optional, if not provided, mnemonic will be used)
513
- * @returns The new user document
514
- */
515
- async newUser(systemUser, userData, createdBy, newUserId, session, debug = false, password, userProvidedMnemonic) {
516
- const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
517
- const _newUserId = newUserId ?? provider.generateTyped();
518
- if (!this.application.constants.UsernameRegex.test(userData.username)) {
519
- throw new suite_core_lib_1.InvalidUsernameError();
520
- }
521
- if (password && !this.application.constants.PasswordRegex.test(password)) {
522
- throw new errors_1.InvalidNewPasswordError();
523
- }
524
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
525
- return await this.withTransaction(async (sess) => {
526
- const existingEmail = await UserModel.findOne({
527
- email: userData.email.toLowerCase(),
528
- }).session(sess ?? null);
529
- if (existingEmail) {
530
- throw new suite_core_lib_1.EmailInUseError();
531
- }
532
- const existingUsername = await UserModel.findOne({
533
- username: { $regex: new RegExp(`^${userData.username}$`, 'i') },
534
- }).session(sess ?? null);
535
- if (existingUsername) {
536
- throw new suite_core_lib_2.UsernameInUseError();
537
- }
538
- let mnemonic;
539
- let member;
540
- if (userProvidedMnemonic) {
541
- // User-provided mnemonic path: validate, check uniqueness, use directly
542
- const trimmedMnemonic = userProvidedMnemonic.trim();
543
- if (!this.application.constants.MnemonicRegex.test(trimmedMnemonic)) {
544
- throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicRegex);
545
- }
546
- const trimmedMnemonicSecure = new ecies_lib_1.SecureString(trimmedMnemonic);
547
- try {
548
- const exists = await this.mnemonicService.mnemonicExists(trimmedMnemonicSecure, sess);
549
- if (exists) {
550
- throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Validation_MnemonicInUse);
551
- }
552
- const { member: newMember, mnemonic: newMnemonic } = node_ecies_lib_1.Member.newMember(this.eciesService, ecies_lib_1.MemberType.User, userData.username, new ecies_lib_1.EmailString(userData.email), trimmedMnemonicSecure, createdBy);
553
- member = newMember;
554
- mnemonic = newMnemonic;
555
- }
556
- catch (e) {
557
- trimmedMnemonicSecure.dispose();
558
- throw e;
559
- }
560
- }
561
- else {
562
- // Server-generated mnemonic path: retry loop until unique mnemonic found
563
- while (!mnemonic || !member) {
564
- try {
565
- const { member: newMember, mnemonic: newMnemonic } = node_ecies_lib_1.Member.newMember(this.eciesService, ecies_lib_1.MemberType.User, userData.username, new ecies_lib_1.EmailString(userData.email), undefined, createdBy);
566
- // make sure the new mnemonic is not already in the database
567
- const mnemonicExists = await this.mnemonicService.mnemonicExists(newMnemonic, sess);
568
- if (!mnemonicExists) {
569
- member = newMember;
570
- mnemonic = newMnemonic;
571
- }
572
- }
573
- catch {
574
- // If we fail to create a new member, we will retry until we succeed.
575
- // This is to ensure that we do not end up with duplicate mnemonics.
576
- (0, utils_1.debugLog)(debug, 'warn', 'Failed to create a new member, retrying...');
577
- }
578
- }
579
- }
580
- const backupCodes = backup_code_1.BackupCode.generateBackupCodes();
581
- const encryptedBackupCodes = await backup_code_1.BackupCode.encryptBackupCodes(member, systemUser, backupCodes);
582
- const encryptedMnemonic = member
583
- .encryptData(Buffer.from(mnemonic.value ?? '', 'utf-8'))
584
- .toString('hex');
585
- const newUserDoc = new UserModel({
586
- ...this.fillUserDefaults(userData, createdBy ?? _newUserId, encryptedBackupCodes, encryptedMnemonic, _newUserId),
587
- publicKey: member.publicKey.toString('hex'),
588
- });
589
- const validationError = newUserDoc.validateSync();
590
- if (validationError) {
591
- throw new mongoose_validation_1.MongooseValidationError(validationError.errors);
592
- }
593
- // Always add HMAC-only mnemonic doc
594
- const newMnemonicDoc = await this.mnemonicService.addMnemonic(mnemonic, sess);
595
- if (newMnemonicDoc) {
596
- newUserDoc.mnemonicId = newMnemonicDoc._id;
597
- }
598
- // If password provided, wrap the ECIES private key with the password (Option B)
599
- if (password) {
600
- const passwordSecure = new ecies_lib_1.SecureString(password);
601
- try {
602
- const priv = new ecies_lib_1.SecureBuffer(member.privateKey.value);
603
- try {
604
- const wrapped = this.keyWrappingService.wrapSecret(priv, passwordSecure, this.application.constants);
605
- newUserDoc.passwordWrappedPrivateKey = wrapped;
606
- }
607
- finally {
608
- priv.dispose();
609
- }
610
- }
611
- finally {
612
- passwordSecure.dispose();
613
- }
614
- }
615
- const savedUserDoc = await newUserDoc.save({ session: sess });
616
- const memberRoleId = await this.roleService.getRoleIdByName(this.application.constants.MemberRole, sess);
617
- if (!memberRoleId) {
618
- throw new suite_core_lib_1.TranslatableSuiteError(suite_core_lib_1.SuiteCoreStringKey.Error_FailedToLookupRoleTemplate, {
619
- ROLE: (0, suite_core_lib_1.getSuiteCoreTranslation)(suite_core_lib_1.SuiteCoreStringKey.Common_Member),
620
- });
621
- }
622
- await this.roleService.addUserToRole(memberRoleId, savedUserDoc._id, _newUserId, sess);
623
- return {
624
- user: savedUserDoc,
625
- mnemonic: mnemonic.value ?? '',
626
- backupCodes: backupCodes.map((code) => code.value ?? ''),
627
- ...(password ? { password } : {}),
628
- };
629
- }, session, {
630
- timeoutMs: this.application.environment.mongo.transactionTimeout * 10,
631
- });
632
- }
633
- /**
634
- * Get the backup codes for a user.
635
- * Requires the user not be deleted or inactive
636
- */
637
- async getEncryptedUserBackupCodes(userId, session) {
638
- const userWithCodes = await this.findUserById(userId, true, session);
639
- return userWithCodes.backupCodes;
640
- }
641
- /**
642
- * Resets the given user's backup codes
643
- * @param backupUser The user to generate codes for
644
- * @param session The current session, if any
645
- * @returns A promise of an array of backup codes
646
- */
647
- async resetUserBackupCodes(backupUser, systemUser, session) {
648
- if (!backupUser.hasPrivateKey) {
649
- throw new suite_core_lib_1.PrivateKeyRequiredError();
650
- }
651
- const backupCodes = backup_code_1.BackupCode.generateBackupCodes();
652
- const encryptedBackupCodes = await backup_code_1.BackupCode.encryptBackupCodes(backupUser, systemUser, backupCodes);
653
- const UserModel = model_registry_1.ModelRegistry.instance.get('User')?.model;
654
- return await this.withTransaction(async (sess) => {
655
- await UserModel.updateOne({ _id: backupUser.id }, { $set: { backupCodes: encryptedBackupCodes } }, { session: sess });
656
- return backupCodes;
657
- }, session, {
658
- timeoutMs: this.application.environment.mongo.transactionTimeout,
659
- });
660
- }
661
- /**
662
- * Recover a user's mnemonic from an encrypted mnemonic
663
- * @param user The user whose mnemonic to recover
664
- * @param encryptedMnemonic The encrypted mnemonic
665
- * @returns The recovered mnemonic
666
- */
667
- recoverMnemonic(user, encryptedMnemonic) {
668
- if (!encryptedMnemonic) {
669
- throw new suite_core_lib_1.TranslatableSuiteHandleableError(suite_core_lib_1.SuiteCoreStringKey.MnemonicRecovery_Missing, undefined, undefined, {
670
- statusCode: 400,
671
- });
672
- }
673
- return new ecies_lib_1.SecureString(user.decryptData(Buffer.from(encryptedMnemonic, 'hex')).toString('utf-8'));
674
- }
675
- /**
676
- * Make a Member from a user document and optional private key
677
- * @param userDoc The user document
678
- * @param privateKey Optional private key to load the wallet
679
- * @param publicKey Optional public key to override the userDoc public key
680
- * @param session The current session, if any
681
- * @returns A promise containing the created Member
682
- */
683
- async makeUserFromUserDoc(userDoc, privateKey, publicKey, mnemonic, wallet, session) {
684
- const memberType = await this.roleService.getMemberType(userDoc, session);
685
- const user = new node_ecies_lib_1.Member(this.eciesService, memberType, userDoc.username, new ecies_lib_1.EmailString(userDoc.email), publicKey ?? Buffer.from(userDoc.publicKey, 'hex'), privateKey, wallet, userDoc._id, new Date(userDoc.createdAt), new Date(userDoc.updatedAt), userDoc.createdBy);
686
- if ((privateKey?.originalLength ?? -1) > 0 &&
687
- user.hasPrivateKey &&
688
- !wallet) {
689
- user.loadWallet(mnemonic ?? this.recoverMnemonic(user, userDoc.mnemonicRecovery));
690
- }
691
- return user;
692
- }
693
- /**
694
- * Challenges a given userDoc with a given mnemonic, returns a system and user Member
695
- * @param userDoc The userDoc in question
696
- * @param mnemonic The mnemonic to challenge against
697
- * @returns A promise containing the user and system Members
698
- * @throws InvalidCredentialsError if the challenge fails
699
- * @throws AccountLockedError if the account is locked
700
- * @throws PendingEmailVerificationError if the email is not verified
701
- * @throws AccountStatusError if the account status is invalid
702
- */
703
- async challengeUserWithMnemonic(userDoc, mnemonic, session) {
704
- try {
705
- // Verify provided mnemonic corresponds to the stored mnemonic HMAC (no password required)
706
- // This prevents any valid mnemonic from authenticating as another user.
707
- const MnemonicModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.Mnemonic);
708
- if (!userDoc.mnemonicId) {
709
- throw new suite_core_lib_1.InvalidCredentialsError();
710
- }
711
- const mnemonicDoc = await MnemonicModel.findById(userDoc.mnemonicId)
712
- .select('hmac')
713
- .session(session ?? null)
714
- .lean()
715
- .exec();
716
- if (!mnemonicDoc) {
717
- throw new suite_core_lib_1.InvalidCredentialsError();
718
- }
719
- const computedHmac = this.mnemonicService.getMnemonicHmac(mnemonic);
720
- if (computedHmac !== mnemonicDoc.hmac) {
721
- throw new suite_core_lib_1.InvalidCredentialsError();
722
- }
723
- // Create a Member from the provided mnemonic to get the keys
724
- const { wallet } = this.eciesService.walletAndSeedFromMnemonic(mnemonic);
725
- const privateKey = wallet.getPrivateKey();
726
- // Get compressed public key (already includes prefix)
727
- const publicKeyWithPrefix = this.eciesService.getPublicKey(Buffer.from(privateKey));
728
- const userMember = await this.makeUserFromUserDoc(userDoc, new ecies_lib_1.SecureBuffer(privateKey), publicKeyWithPrefix, mnemonic, wallet, session);
729
- // Verify the public key matches the stored userDoc public key
730
- if (userMember.publicKey.toString('hex') !== userDoc.publicKey) {
731
- throw new suite_core_lib_1.InvalidCredentialsError();
732
- }
733
- // Generate a nonce challenge to verify they can decrypt with their key
734
- const adminMember = system_user_1.SystemUserService.getSystemUser(this.application.environment, this.application.constants);
735
- const nonce = (0, crypto_1.randomBytes)(32);
736
- const signature = adminMember.sign(nonce);
737
- const payload = Buffer.concat([nonce, signature]);
738
- const encryptedPayload = userMember.encryptData(payload);
739
- const decryptedPayload = userMember.decryptData(encryptedPayload);
740
- // Verify the server's signature on the nonce
741
- const decryptedNonce = decryptedPayload.subarray(0, 32);
742
- const decryptedSignature = decryptedPayload.subarray(32);
743
- const isSignatureValid = adminMember.verify(decryptedSignature, decryptedNonce);
744
- if (!isSignatureValid || !nonce.equals(decryptedNonce)) {
745
- throw new suite_core_lib_1.InvalidCredentialsError();
746
- }
747
- return {
748
- userMember,
749
- adminMember: adminMember,
750
- };
751
- }
752
- catch (error) {
753
- if (error instanceof suite_core_lib_1.InvalidCredentialsError ||
754
- error instanceof suite_core_lib_1.AccountLockedError ||
755
- error instanceof suite_core_lib_1.PendingEmailVerificationError ||
756
- error instanceof suite_core_lib_1.AccountStatusError) {
757
- throw error;
758
- }
759
- throw new suite_core_lib_1.InvalidCredentialsError();
760
- }
761
- }
762
- /**
763
- * Validates a login challenge response
764
- * @param challengeResponse The challenge response bytes in hex
765
- * @param email The email address of the user
766
- * @param username The username of the user
767
- * @param session The mongo session for the query
768
- * @returns A promise that resolves to the user document, user member, and system member
769
- */
770
- async loginWithChallengeResponse(challengeResponse, email, username, session) {
771
- const challengeBuffer = Buffer.from(challengeResponse, 'hex');
772
- // validate the expected challenge response length (8 + 32 + 64 = 104 bytes)
773
- if (challengeBuffer.length !=
774
- this.application.constants.DirectLoginChallengeLength) {
775
- throw new suite_core_lib_1.InvalidChallengeResponseError();
776
- }
777
- // disassemble the challengeResponse into time, nonce, signature
778
- const time = challengeBuffer.subarray(0, 8); // 16 hex characters
779
- const nonce = challengeBuffer.subarray(8, 40); // 64 hex characters
780
- const signature = challengeBuffer.subarray(40); // 65 * 2 hex characters
781
- const timeMs = parseInt(time.toString('hex'), 16);
782
- if (new Date().getTime() - timeMs >
783
- this.application.constants.LoginChallengeExpiration) {
784
- throw new suite_core_lib_1.LoginChallengeExpiredError();
785
- }
786
- const userDoc = await this.findUser(email, username, session);
787
- if (!userDoc && email) {
788
- throw new suite_core_lib_1.InvalidEmailError(ecies_lib_1.InvalidEmailErrorType.Missing);
789
- }
790
- else if (!userDoc) {
791
- throw new suite_core_lib_2.UserNotFoundError();
792
- }
793
- // re-sign the time + nonce and check if the signature matches
794
- const adminMember = system_user_1.SystemUserService.getSystemUser(this.application.environment, this.application.constants);
795
- const timeAndNonce = Buffer.concat([time, nonce]);
796
- const expectedSignature = adminMember.sign(timeAndNonce);
797
- if (expectedSignature.toString('hex') !== signature.toString('hex')) {
798
- throw new suite_core_lib_1.InvalidChallengeResponseError();
799
- }
800
- const userMember = await this.makeUserFromUserDoc(userDoc, undefined, undefined, undefined, undefined, session);
801
- return {
802
- userDoc,
803
- userMember,
804
- adminMember: adminMember,
805
- };
806
- }
807
- /**
808
- * Authenticate a user with client-verified challenge (skips server-side challenge)
809
- * @returns The authenticated user document.
810
- */
811
- async loginWithClientVerifiedChallenge(usernameOrEmail, mnemonic, session) {
812
- const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
813
- const userQuery = validator_1.default.isEmail(usernameOrEmail)
814
- ? UserModel.findOne({ email: usernameOrEmail.toLowerCase() }).select('_id username email accountStatus deletedAt mnemonicId publicKey passwordWrappedPrivateKey')
815
- : UserModel.findOne({ username: usernameOrEmail })
816
- .collation({ locale: 'en', strength: 2 })
817
- .select('_id username email accountStatus deletedAt mnemonicId publicKey passwordWrappedPrivateKey');
818
- const userDoc = await userQuery.session(session ?? null);
819
- if (!userDoc || userDoc.deletedAt) {
820
- throw new suite_core_lib_1.InvalidCredentialsError();
821
- }
822
- // Check account status
823
- switch (userDoc.accountStatus) {
824
- case suite_core_lib_1.AccountStatus.Active:
825
- break;
826
- case suite_core_lib_1.AccountStatus.AdminLock:
827
- throw new suite_core_lib_1.AccountLockedError();
828
- case suite_core_lib_1.AccountStatus.PendingEmailVerification:
829
- throw new suite_core_lib_1.PendingEmailVerificationError();
830
- default:
831
- throw new suite_core_lib_1.AccountStatusError(userDoc.accountStatus);
832
- }
833
- // Verify mnemonic matches user (simplified verification)
834
- try {
835
- const MnemonicModel = this.application.getModel(base_model_name_1.BaseModelName.Mnemonic);
836
- if (!userDoc.mnemonicId) {
837
- throw new suite_core_lib_1.InvalidCredentialsError();
838
- }
839
- const mnemonicDoc = await MnemonicModel.findById(userDoc.mnemonicId)
840
- .select('hmac')
841
- .session(session ?? null)
842
- .lean()
843
- .exec();
844
- if (!mnemonicDoc) {
845
- throw new suite_core_lib_1.InvalidCredentialsError();
846
- }
847
- const computedHmac = this.mnemonicService.getMnemonicHmac(mnemonic);
848
- if (computedHmac !== mnemonicDoc.hmac) {
849
- throw new suite_core_lib_1.InvalidCredentialsError();
850
- }
851
- // Create Member from mnemonic
852
- const { wallet } = this.eciesService.walletAndSeedFromMnemonic(mnemonic);
853
- const privateKey = wallet.getPrivateKey();
854
- // Get compressed public key (already includes prefix)
855
- const publicKeyWithPrefix = this.eciesService.getPublicKey(Buffer.from(privateKey));
856
- const userMember = await this.makeUserFromUserDoc(userDoc, new ecies_lib_1.SecureBuffer(privateKey), publicKeyWithPrefix, mnemonic, wallet, session);
857
- // Verify public key matches
858
- if (userMember.publicKey.toString('hex') !== userDoc.publicKey) {
859
- throw new suite_core_lib_1.InvalidCredentialsError();
860
- }
861
- const adminMember = system_user_1.SystemUserService.getSystemUser(this.application.environment, this.application.constants);
862
- return {
863
- userMember,
864
- adminMember,
865
- userDoc,
866
- };
867
- }
868
- catch (error) {
869
- if (error instanceof suite_core_lib_1.InvalidCredentialsError ||
870
- error instanceof suite_core_lib_1.AccountLockedError ||
871
- error instanceof suite_core_lib_1.PendingEmailVerificationError ||
872
- error instanceof suite_core_lib_1.AccountStatusError) {
873
- throw error;
874
- }
875
- throw new suite_core_lib_1.InvalidCredentialsError();
876
- }
877
- }
878
- /**
879
- * Authenticate a user with their mnemonic.
880
- * @returns The authenticated user document.
881
- */
882
- async loginWithMnemonic(usernameOrEmail, mnemonic, session) {
883
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
884
- const userQuery = validator_1.default.isEmail(usernameOrEmail)
885
- ? UserModel.findOne({ email: usernameOrEmail.toLowerCase() }).select('_id username email accountStatus deletedAt mnemonicId publicKey passwordWrappedPrivateKey')
886
- : UserModel.findOne({ username: usernameOrEmail })
887
- .collation({ locale: 'en', strength: 2 })
888
- .select('_id username email accountStatus deletedAt mnemonicId publicKey passwordWrappedPrivateKey');
889
- const userDoc = await userQuery.session(session ?? null);
890
- if (!userDoc || userDoc.deletedAt) {
891
- throw new suite_core_lib_1.InvalidCredentialsError();
892
- }
893
- // Check account status
894
- switch (userDoc.accountStatus) {
895
- case suite_core_lib_1.AccountStatus.Active:
896
- break;
897
- case suite_core_lib_1.AccountStatus.AdminLock:
898
- throw new suite_core_lib_1.AccountLockedError();
899
- case suite_core_lib_1.AccountStatus.PendingEmailVerification:
900
- throw new suite_core_lib_1.PendingEmailVerificationError();
901
- default:
902
- throw new suite_core_lib_1.AccountStatusError(userDoc.accountStatus);
903
- }
904
- const challengeResponse = await this.challengeUserWithMnemonic(userDoc, mnemonic, session);
905
- return { ...challengeResponse, userDoc };
906
- }
907
- /**
908
- * Authenticate a user with their password (for key-wrapped accounts).
909
- * @returns The authenticated user document.
910
- */
911
- async loginWithPassword(usernameOrEmail, password, session) {
912
- const UserModel = this.application.getModel(base_model_name_1.BaseModelName.User);
913
- const query = validator_1.default.isEmail(usernameOrEmail)
914
- ? UserModel.findOne({ email: usernameOrEmail.toLowerCase() })
915
- : UserModel.findOne({ username: usernameOrEmail }).collation({
916
- locale: 'en',
917
- strength: 2,
918
- });
919
- const userDoc = await query
920
- .session(session ?? null)
921
- .exec();
922
- if (!userDoc || userDoc.deletedAt) {
923
- throw new suite_core_lib_1.InvalidCredentialsError();
924
- }
925
- // Check account status
926
- switch (userDoc.accountStatus) {
927
- case suite_core_lib_1.AccountStatus.Active:
928
- break;
929
- case suite_core_lib_1.AccountStatus.AdminLock:
930
- throw new suite_core_lib_1.AccountLockedError();
931
- case suite_core_lib_1.AccountStatus.PendingEmailVerification:
932
- throw new suite_core_lib_1.PendingEmailVerificationError();
933
- default:
934
- throw new suite_core_lib_1.AccountStatusError(userDoc.accountStatus);
935
- }
936
- // Check if user has password-based authentication set up (Option B requires passwordWrappedPrivateKey)
937
- if (!userDoc.passwordWrappedPrivateKey || !userDoc.mnemonicId) {
938
- throw new suite_core_lib_1.PasswordLoginNotEnabledError();
939
- }
940
- // Unwrap password-wrapped private key and complete challenge with possession of private key
941
- const unwrapped = await this.keyWrappingService.unwrapSecretAsync(userDoc.passwordWrappedPrivateKey, password, this.application.constants);
942
- // Build user member with unwrapped private key to decrypt challenge
943
- // Note: userMember now owns the unwrapped SecureBuffer, so we don't dispose it here
944
- const userMember = await this.makeUserFromUserDoc(userDoc, unwrapped, undefined, undefined, undefined, session);
945
- // Generate a nonce challenge signed by system
946
- const adminMember = system_user_1.SystemUserService.getSystemUser(this.application.environment, this.application.constants);
947
- const nonce = (0, crypto_1.randomBytes)(32);
948
- const signature = adminMember.sign(nonce);
949
- const payload = Buffer.concat([nonce, signature]);
950
- const encryptedPayload = userMember.encryptData(payload);
951
- const decryptedPayload = userMember.decryptData(encryptedPayload);
952
- const decryptedNonce = decryptedPayload.subarray(0, 32);
953
- const decryptedSignature = decryptedPayload.subarray(32);
954
- const isSignatureValid = adminMember.verify(decryptedSignature, decryptedNonce);
955
- if (!isSignatureValid || !nonce.equals(decryptedNonce)) {
956
- throw new suite_core_lib_1.InvalidCredentialsError();
957
- }
958
- return { userDoc, userMember, adminMember: adminMember };
959
- }
960
- /**
961
- * Re-send a previously sent email token
962
- * @param userId The user id
963
- * @param session The session to use for the query
964
- * @returns void
965
- * @throws EmailTokenUsedOrInvalidError
966
- */
967
- async resendEmailToken(userId, type, session, debug = false) {
968
- const EmailTokenModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.EmailToken);
969
- return await this.withTransaction(async (sess) => {
970
- // look up the most recent email token for a given user, then send it
971
- const emailToken = await EmailTokenModel.findOne({
972
- userId,
973
- type,
974
- expiresAt: { $gt: new Date() },
975
- })
976
- .session(sess ?? null)
977
- .sort({ createdAt: -1 })
978
- .limit(1);
979
- if (!emailToken) {
980
- throw new suite_core_lib_1.EmailTokenUsedOrInvalidError();
981
- }
982
- await this.sendEmailToken(emailToken, sess, debug);
983
- }, session, {
984
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
985
- });
986
- }
987
- /**
988
- * Verify the email token and update the user's account status
989
- * @param emailToken The email token to verify
990
- * @param session The session to use for the query
991
- * @returns void
992
- * @throws EmailTokenUsedOrInvalidError
993
- * @throws EmailTokenExpiredError
994
- * @throws EmailVerifiedError
995
- * @throws UserNotFoundError
996
- */
997
- async verifyAccountTokenAndComplete(emailToken, session) {
998
- let alreadyVerified = false;
999
- await this.withTransaction(async (sess) => {
1000
- const EmailTokenModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.EmailToken);
1001
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
1002
- const token = await this.findEmailToken(emailToken, suite_core_lib_1.EmailTokenType.AccountVerification, sess);
1003
- if (!token) {
1004
- throw new suite_core_lib_1.EmailTokenUsedOrInvalidError();
1005
- }
1006
- if (token.expiresAt < new Date()) {
1007
- await EmailTokenModel.deleteOne({ _id: token._id }).session(sess ?? null);
1008
- throw new suite_core_lib_1.EmailTokenExpiredError();
1009
- }
1010
- const user = await UserModel.findById(token.userId).session(sess ?? null);
1011
- if (!user || user.deletedAt) {
1012
- throw new suite_core_lib_2.UserNotFoundError();
1013
- }
1014
- if (user.emailVerified) {
1015
- // Delete the token and mark to throw error after transaction commits
1016
- await EmailTokenModel.deleteOne({ _id: token._id }).session(sess ?? null);
1017
- alreadyVerified = true;
1018
- return;
1019
- }
1020
- // set user email to token email and mark as verified
1021
- user.email = token.email;
1022
- user.emailVerified = true;
1023
- user.accountStatus = suite_core_lib_1.AccountStatus.Active;
1024
- user.updatedBy = user._id;
1025
- await user.save({ session: sess });
1026
- // Delete the token after successful verification
1027
- await EmailTokenModel.deleteOne({ _id: token._id }).session(sess ?? null);
1028
- // add the user to the member role
1029
- const memberRoleId = await this.roleService.getRoleIdByName(this.application.constants.MemberRole, sess);
1030
- if (memberRoleId) {
1031
- await this.roleService.addUserToRole(memberRoleId, user._id, user._id, sess);
1032
- }
1033
- else {
1034
- throw new Error('Member role not found');
1035
- }
1036
- }, session, {
1037
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
1038
- });
1039
- if (alreadyVerified) {
1040
- throw new suite_core_lib_1.EmailVerifiedError(409);
1041
- }
1042
- }
1043
- /**
1044
- * Validate the email token
1045
- * @param token The token to validate
1046
- * @param restrictType The type of email token to validate (or throw)
1047
- * @param session The session to use for the query
1048
- * @returns void
1049
- * @throws EmailTokenUsedOrInvalidError
1050
- */
1051
- async validateEmailToken(token, restrictType, session) {
1052
- return await this.withTransaction(async (ses) => {
1053
- const EmailTokenModel = this.application.getModel(base_model_name_1.BaseModelName.EmailToken);
1054
- const emailToken = await EmailTokenModel.findOne({
1055
- token,
1056
- ...(restrictType ? { type: suite_core_lib_1.EmailTokenType.PasswordReset } : {}),
1057
- }).session(ses ?? null);
1058
- if (!emailToken) {
1059
- throw new suite_core_lib_1.EmailTokenUsedOrInvalidError();
1060
- }
1061
- else if (emailToken.expiresAt < new Date()) {
1062
- await EmailTokenModel.deleteOne({ _id: emailToken._id }).session(ses ?? null);
1063
- throw new suite_core_lib_1.EmailTokenExpiredError();
1064
- }
1065
- // nothing else to do here, token is valid
1066
- }, session, {
1067
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
1068
- });
1069
- }
1070
- /**
1071
- * Updates the user's language
1072
- * @param userId - The ID of the user
1073
- * @param newLanguage - The new language
1074
- * @param session - The session to use for the query
1075
- * @returns The updated user
1076
- */
1077
- async updateSiteLanguage(userId, newLanguage, session) {
1078
- const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
1079
- return await this.withTransaction(async (sess) => {
1080
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
1081
- const userDoc = await UserModel.findByIdAndUpdate(provider.idFromString(userId), {
1082
- siteLanguage: newLanguage,
1083
- }, { new: true }).session(sess ?? null);
1084
- if (!userDoc) {
1085
- throw new suite_core_lib_2.UserNotFoundError();
1086
- }
1087
- const roles = await this.roleService.getUserRoles(userDoc._id);
1088
- const tokenRoles = this.roleService.rolesToTokenRoles(roles);
1089
- return request_user_1.RequestUserService.makeRequestUserDTO(userDoc, tokenRoles);
1090
- }, session, {
1091
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
1092
- });
1093
- }
1094
- /**
1095
- * Updates the user's Dark Mode preference
1096
- * @param userId - The ID of the user
1097
- * @param newDarkMode - The new Dark Mode preference
1098
- * @param session - The session to use for the query
1099
- * @returns The updated user
1100
- */
1101
- async updateDarkMode(userId, newDarkMode, session) {
1102
- const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
1103
- return await this.withTransaction(async (sess) => {
1104
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
1105
- const userDoc = await UserModel.findByIdAndUpdate(provider.idFromString(userId), {
1106
- darkMode: newDarkMode,
1107
- }, { new: true }).session(sess ?? null);
1108
- if (!userDoc) {
1109
- throw new suite_core_lib_2.UserNotFoundError();
1110
- }
1111
- const roles = await this.roleService.getUserRoles(userDoc._id);
1112
- const tokenRoles = this.roleService.rolesToTokenRoles(roles);
1113
- return request_user_1.RequestUserService.makeRequestUserDTO(userDoc, tokenRoles);
1114
- }, session, {
1115
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
1116
- });
1117
- }
1118
- /**
1119
- * Updates multiple user settings at once
1120
- * @param userId - The ID of the user
1121
- * @param settings - Object containing settings to update
1122
- * @param session - The session to use for the query
1123
- * @returns The updated user
1124
- */
1125
- async updateUserSettings(userId, settings, session) {
1126
- const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
1127
- return await this.withTransaction(async (sess) => {
1128
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
1129
- const userDoc = await UserModel.findById(provider.idFromString(userId)).session(sess ?? null);
1130
- if (!userDoc) {
1131
- throw new suite_core_lib_2.UserNotFoundError();
1132
- }
1133
- // Check if email is changing and if it's already in use
1134
- if (settings.email &&
1135
- settings.email.toLowerCase() !== userDoc.email.toLowerCase()) {
1136
- const existingUser = await UserModel.findOne({
1137
- email: settings.email.toLowerCase(),
1138
- _id: { $ne: userDoc._id },
1139
- }).session(sess ?? null);
1140
- if (existingUser) {
1141
- throw new suite_core_lib_1.EmailInUseError();
1142
- }
1143
- // Send verification email for new address
1144
- userDoc.email = settings.email.toLowerCase();
1145
- await this.createAndSendEmailTokenDirect(userDoc, suite_core_lib_1.EmailTokenType.AccountVerification, sess, this.application.environment.debug);
1146
- }
1147
- // Update other settings
1148
- if (settings.timezone !== undefined)
1149
- userDoc.timezone = settings.timezone;
1150
- if (settings.siteLanguage !== undefined)
1151
- userDoc.siteLanguage = settings.siteLanguage;
1152
- if (settings.darkMode !== undefined)
1153
- userDoc.darkMode = settings.darkMode;
1154
- if (settings.currency !== undefined)
1155
- userDoc.currency = settings.currency;
1156
- if (settings.directChallenge !== undefined)
1157
- userDoc.directChallenge = settings.directChallenge;
1158
- await userDoc.save({ session: sess });
1159
- const roles = await this.roleService.getUserRoles(userDoc._id);
1160
- const tokenRoles = this.roleService.rolesToTokenRoles(roles);
1161
- return request_user_1.RequestUserService.makeRequestUserDTO(userDoc, tokenRoles);
1162
- }, session, {
1163
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
1164
- });
1165
- }
1166
- /**
1167
- * Changes the user's password by re-wrapping their master key
1168
- * @param userId - The ID of the user
1169
- * @param currentPassword - The current password
1170
- * @param newPassword - The new password
1171
- * @param session - The session to use for the query
1172
- * @returns void
1173
- */
1174
- async changePassword(userId, currentPassword, newPassword, session) {
1175
- const provider = (0, node_ecies_lib_1.getEnhancedNodeIdProvider)();
1176
- return await this.withTransaction(async (sess) => {
1177
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
1178
- const userDoc = await UserModel.findById(provider.idFromString(userId)).session(sess ?? null);
1179
- if (!userDoc || !userDoc.passwordWrappedPrivateKey) {
1180
- throw new suite_core_lib_2.UserNotFoundError();
1181
- }
1182
- if (!this.application.constants.PasswordRegex.test(newPassword)) {
1183
- throw new errors_1.InvalidNewPasswordError();
1184
- }
1185
- const currentPasswordSecure = new ecies_lib_1.SecureString(currentPassword);
1186
- const newPasswordSecure = new ecies_lib_1.SecureString(newPassword);
1187
- try {
1188
- // Unwrap existing private key and rewrap under new password
1189
- const priv = this.keyWrappingService.unwrapSecret(userDoc.passwordWrappedPrivateKey, currentPasswordSecure);
1190
- try {
1191
- const wrapped = this.keyWrappingService.wrapSecret(priv, newPasswordSecure, this.application.constants);
1192
- userDoc.passwordWrappedPrivateKey = wrapped;
1193
- await userDoc.save({ session: sess });
1194
- }
1195
- finally {
1196
- priv.dispose();
1197
- }
1198
- }
1199
- catch (error) {
1200
- // Re-throw original error so controller can map it properly
1201
- // Re-throw original error so controller can map it properly
1202
- throw error;
1203
- }
1204
- finally {
1205
- currentPasswordSecure.dispose();
1206
- newPasswordSecure.dispose();
1207
- }
1208
- }, session, {
1209
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
1210
- });
1211
- }
1212
- /**
1213
- * Retrieve an email token by its token string and type
1214
- * @param token - The token string
1215
- * @param type - The type of the email token
1216
- * @param session - The session to use for the query
1217
- * @returns The email token document or null if not found
1218
- */
1219
- async findEmailToken(token, type, session) {
1220
- const EmailTokenModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.EmailToken);
1221
- return await EmailTokenModel.findOne({
1222
- token: token.toLowerCase().trim(),
1223
- ...(type ? { type } : {}),
1224
- expiresAt: { $gt: new Date() },
1225
- }).session(session ?? null);
1226
- }
1227
- /**
1228
- * Verify email token is valid
1229
- * @param token - The email token
1230
- * @param session - The session to use for the query
1231
- * @returns void
1232
- */
1233
- async verifyEmailToken(token, type, session) {
1234
- return await this.withTransaction(async (sess) => {
1235
- // Find and validate the token
1236
- const emailToken = await this.findEmailToken(token, type, sess);
1237
- if (!emailToken) {
1238
- throw new suite_core_lib_1.EmailTokenUsedOrInvalidError();
1239
- }
1240
- }, session, {
1241
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
1242
- });
1243
- }
1244
- /**
1245
- * Reset password using email token
1246
- * @param token - The email token
1247
- * @param newPassword - The new password
1248
- * @param session - The session to use for the query
1249
- * @returns void
1250
- */
1251
- async resetPasswordWithToken(token, newPassword, credential, // either mnemonic or current password; required
1252
- session) {
1253
- if (!this.application.constants.PasswordRegex.test(newPassword)) {
1254
- throw new errors_1.InvalidNewPasswordError();
1255
- }
1256
- if (!credential) {
1257
- throw new suite_core_lib_1.EmailTokenUsedOrInvalidError();
1258
- }
1259
- return await this.withTransaction(async (sess) => {
1260
- const EmailTokenModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.EmailToken);
1261
- const UserModel = model_registry_1.ModelRegistry.instance.getTypedModel(base_model_name_1.BaseModelName.User);
1262
- // Find and validate the token
1263
- const emailToken = await this.findEmailToken(token, suite_core_lib_1.EmailTokenType.PasswordReset, sess);
1264
- if (!emailToken) {
1265
- throw new suite_core_lib_1.EmailTokenUsedOrInvalidError();
1266
- }
1267
- // Find the user
1268
- const userDoc = await UserModel.findById(emailToken.userId).session(sess ?? null);
1269
- if (!userDoc) {
1270
- throw new suite_core_lib_2.UserNotFoundError();
1271
- }
1272
- // Update password-wrapped secrets based on credential type (Option B)
1273
- const newPasswordSecure = new ecies_lib_1.SecureString(newPassword);
1274
- try {
1275
- if (this.application.constants.MnemonicRegex.test(credential)) {
1276
- // Credential is mnemonic: verify it belongs to this user via public key
1277
- const providedMnemonic = new ecies_lib_1.SecureString(credential);
1278
- try {
1279
- const { wallet } = this.eciesService.walletAndSeedFromMnemonic(providedMnemonic);
1280
- const privateKey = wallet.getPrivateKey();
1281
- // Get compressed public key (already includes prefix)
1282
- const pub = this.eciesService.getPublicKey(Buffer.from(privateKey));
1283
- if (pub.toString('hex') !== userDoc.publicKey) {
1284
- throw new suite_core_lib_1.InvalidCredentialsError();
1285
- }
1286
- // Wrap private key with new password
1287
- const priv = new ecies_lib_1.SecureBuffer(privateKey);
1288
- try {
1289
- const wrappedPriv = this.keyWrappingService.wrapSecret(priv, newPasswordSecure, this.application.constants);
1290
- userDoc.passwordWrappedPrivateKey = wrappedPriv;
1291
- await userDoc.save({ session: sess });
1292
- }
1293
- finally {
1294
- priv.dispose();
1295
- }
1296
- }
1297
- finally {
1298
- providedMnemonic.dispose();
1299
- }
1300
- }
1301
- else {
1302
- // Credential is current password: unwrap existing master key
1303
- if (!userDoc.passwordWrappedPrivateKey) {
1304
- throw new suite_core_lib_1.InvalidCredentialsError();
1305
- }
1306
- const privateKeyBuf = await this.keyWrappingService.unwrapSecretAsync(userDoc.passwordWrappedPrivateKey, credential, this.application.constants);
1307
- try {
1308
- // Re-wrap the existing private key under the new password
1309
- const wrappedPriv = this.keyWrappingService.wrapSecret(privateKeyBuf, newPasswordSecure, this.application.constants);
1310
- userDoc.passwordWrappedPrivateKey = wrappedPriv;
1311
- await userDoc.save({ session: sess });
1312
- }
1313
- finally {
1314
- privateKeyBuf.dispose();
1315
- }
1316
- }
1317
- // Delete the used token
1318
- await EmailTokenModel.deleteOne({ _id: emailToken._id }).session(sess ?? null);
1319
- // Dispose temporary master key
1320
- }
1321
- finally {
1322
- newPasswordSecure.dispose();
1323
- }
1324
- }, session, {
1325
- timeoutMs: this.application.environment.mongo.transactionTimeout * 5,
1326
- });
1327
- }
1328
- /**
1329
- * Generate a login challenge for the client to sign
1330
- * @returns The login challenge in hex
1331
- */
1332
- generateDirectLoginChallenge() {
1333
- const adminMember = system_user_1.SystemUserService.getSystemUser(this.application.environment, this.application.constants);
1334
- const time = Buffer.alloc(8);
1335
- time.writeBigUInt64BE(BigInt(new Date().getTime()));
1336
- const nonce = (0, crypto_1.randomBytes)(32);
1337
- const signature = adminMember.sign(Buffer.concat([time, nonce]));
1338
- return Buffer.concat([time, nonce, signature]).toString('hex');
1339
- }
1340
- /**
1341
- * Verifies a direct login challenge response
1342
- * @param serverSignedRequest The login challenge response in hex
1343
- * @param session The mongoose session, if provided
1344
- * @returns A promise with the user document and user member object
1345
- */
1346
- async verifyDirectLoginChallenge(serverSignedRequest, signature, username, email, session) {
1347
- return await this.withTransaction(async (sess) => {
1348
- // serverSignedRequest is:
1349
- // time (8) +
1350
- // nonce (32) +
1351
- // server signature (64) +
1352
- // signature (64)
1353
- if (serverSignedRequest.length <
1354
- (8 + 32 + this.application.constants.ECIES.SIGNATURE_SIZE) * 2) {
1355
- throw new suite_core_lib_1.InvalidChallengeResponseError();
1356
- }
1357
- // get signed request into a buffer
1358
- const requestBuffer = Buffer.from(serverSignedRequest, 'hex');
1359
- // start tracking offset
1360
- let offset = 0;
1361
- // get the time
1362
- const time = requestBuffer.subarray(offset, 8);
1363
- offset += 8;
1364
- // get the nonce
1365
- const nonce = requestBuffer.subarray(offset, 40);
1366
- offset += 32;
1367
- // get the server signature
1368
- const serverSignature = requestBuffer.subarray(offset, this.application.constants.ECIES.SIGNATURE_SIZE + 40);
1369
- offset += this.application.constants.ECIES.SIGNATURE_SIZE;
1370
- const signedDataLength = offset;
1371
- if (offset !== requestBuffer.length) {
1372
- throw new suite_core_lib_1.InvalidChallengeResponseError();
1373
- }
1374
- // validate time is within acceptable range
1375
- const timeMs = time.readBigUInt64BE();
1376
- if (new Date().getTime() - Number(timeMs) >
1377
- this.application.constants.LoginChallengeExpiration) {
1378
- throw new suite_core_lib_1.LoginChallengeExpiredError();
1379
- }
1380
- // validate the server's signature on the time + nonce portion
1381
- const adminMember = system_user_1.SystemUserService.getSystemUser(this.application.environment, this.application.constants);
1382
- if (!adminMember.verify(serverSignature, Buffer.concat([time, nonce]))) {
1383
- throw new suite_core_lib_1.InvalidChallengeResponseError();
1384
- }
1385
- // locate the user by email or username
1386
- const userDoc = await this.findUser(email, username, sess);
1387
- if (!userDoc) {
1388
- throw new suite_core_lib_1.InvalidChallengeResponseError();
1389
- }
1390
- // get the user's member object
1391
- const user = await this.makeUserFromUserDoc(userDoc, undefined, undefined, undefined, undefined, sess);
1392
- // get the signed portion of the response
1393
- const signedData = requestBuffer.subarray(0, signedDataLength);
1394
- // verify the user's signature on the signed portion
1395
- if (!user.verify(Buffer.from(signature, 'hex'), signedData)) {
1396
- throw new suite_core_lib_1.InvalidChallengeResponseError();
1397
- }
1398
- if (userDoc.directChallenge !== true) {
1399
- throw new suite_core_lib_1.DirectChallengeNotEnabledError();
1400
- }
1401
- // if the user is valid, try to use the token (prevents replay attacks)
1402
- await direct_login_token_1.DirectLoginTokenService.useToken(this.application, userDoc._id, nonce.toString('hex'));
1403
- // if successful, update lastLogin
1404
- await this.updateLastLogin(userDoc._id);
1405
- // return the user document and member object
1406
- return { userDoc, userMember: user };
1407
- }, session, { timeoutMs: this.application.environment.mongo.transactionTimeout });
1408
- }
1409
- /**
1410
- * Request a login link via email
1411
- * @param email Email address
1412
- * @param username Username
1413
- * @param session Existing session, if any
1414
- * @returns void
1415
- */
1416
- async requestEmailLogin(email, username, session) {
1417
- return this.withTransaction(async (sess) => {
1418
- const userDoc = await this.findUser(email, username, sess);
1419
- if (!userDoc) {
1420
- return;
1421
- }
1422
- await this.createAndSendEmailToken(userDoc, suite_core_lib_1.EmailTokenType.LoginRequest, sess, this.application.environment.debug);
1423
- }, session, {
1424
- timeoutMs: this.application.environment.mongo.transactionTimeout,
1425
- });
1426
- }
1427
- /**
1428
- * Validate an email login token challenge
1429
- * @param token The token to challenge
1430
- * @param signature The signature of the token by the user's private key
1431
- * @param session The session to use for the query
1432
- * @returns The user document if the challenge is valid
1433
- */
1434
- async validateEmailLoginTokenChallenge(token, signature, session) {
1435
- return this.withTransaction(async (sess) => {
1436
- const emailToken = await this.findEmailToken(token, suite_core_lib_1.EmailTokenType.LoginRequest, sess);
1437
- if (!emailToken) {
1438
- throw new suite_core_lib_1.EmailTokenUsedOrInvalidError();
1439
- }
1440
- const userDoc = await this.findUser(emailToken.email, undefined, sess);
1441
- if (!userDoc) {
1442
- throw new suite_core_lib_2.UserNotFoundError();
1443
- }
1444
- const user = await this.makeUserFromUserDoc(userDoc, undefined, undefined, undefined, undefined, sess);
1445
- const result = user.verify(Buffer.from(signature, 'hex'), Buffer.from(token, 'hex'));
1446
- if (!result) {
1447
- throw new suite_core_lib_1.InvalidChallengeResponseError();
1448
- }
1449
- await emailToken.deleteOne({ session: sess ?? null });
1450
- await this.updateLastLogin(userDoc._id);
1451
- return userDoc;
1452
- }, session, {
1453
- timeoutMs: this.application.environment.mongo.transactionTimeout,
1454
- });
1455
- }
1456
- /**
1457
- * Updates the user's last login time atomically
1458
- * @param userId - The ID of the user
1459
- * @returns void
1460
- */
1461
- async updateLastLogin(userId) {
1462
- const UserModel = model_registry_1.ModelRegistry.instance.get('User')?.model;
1463
- try {
1464
- // Check if the database connection is still open
1465
- const connection = this.application.db.connection;
1466
- if (connection.readyState !== 1) {
1467
- // Connection is not open (0 = disconnected, 1 = connected, 2 = connecting, 3 = disconnecting)
1468
- return; // Silently return if connection is not available
1469
- }
1470
- // Use atomic update to avoid conflicts and ensure we only update lastLogin
1471
- // Use a separate session to avoid interfering with any ongoing transactions
1472
- await UserModel.updateOne({ _id: userId }, {
1473
- $set: { lastLogin: new Date() },
1474
- $setOnInsert: {}, // Prevent any unintended document creation
1475
- }, {
1476
- upsert: false, // Never create a new document
1477
- runValidators: false, // Skip validation for performance since we're only updating lastLogin
1478
- // Don't use any session to avoid transaction conflicts
1479
- });
1480
- }
1481
- catch (error) {
1482
- // Check if the error is due to client being closed
1483
- if (error instanceof Error &&
1484
- (error.message.includes('client was closed') ||
1485
- error.message.includes('MongoClientClosedError') ||
1486
- error.name === 'MongoClientClosedError')) {
1487
- // This is expected during shutdown, don't log it as an error
1488
- return;
1489
- }
1490
- // If this fails, it's not critical for login functionality. Ignore and move on.
1491
- }
1492
- }
1493
- }
1494
- exports.UserService = UserService;
1495
- //# sourceMappingURL=user.js.map