@fiado/type-kit 3.114.0 → 3.116.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,11 @@
1
1
  import { CognitoChallengeType } from '../enums/CognitoChallengeType';
2
+ export declare class VerifyPasswordTokens {
3
+ accessToken: string;
4
+ idToken: string;
5
+ refreshToken: string;
6
+ expiresIn: number;
7
+ tokenType: string;
8
+ }
2
9
  /**
3
10
  * Respuesta de `POST /auth/verify-password`.
4
11
  *
@@ -15,4 +22,5 @@ export declare class VerifyPasswordResponse {
15
22
  challengeType?: CognitoChallengeType;
16
23
  session?: string;
17
24
  challengeParameters?: Record<string, string>;
25
+ tokens?: VerifyPasswordTokens;
18
26
  }
@@ -9,10 +9,38 @@ var __metadata = (this && this.__metadata) || function (k, v) {
9
9
  if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
10
10
  };
11
11
  Object.defineProperty(exports, "__esModule", { value: true });
12
- exports.VerifyPasswordResponse = void 0;
12
+ exports.VerifyPasswordResponse = exports.VerifyPasswordTokens = void 0;
13
13
  const class_transformer_1 = require("class-transformer");
14
14
  const class_validator_1 = require("class-validator");
15
15
  const CognitoChallengeType_1 = require("../enums/CognitoChallengeType");
16
+ class VerifyPasswordTokens {
17
+ }
18
+ exports.VerifyPasswordTokens = VerifyPasswordTokens;
19
+ __decorate([
20
+ (0, class_transformer_1.Expose)(),
21
+ (0, class_validator_1.IsString)(),
22
+ __metadata("design:type", String)
23
+ ], VerifyPasswordTokens.prototype, "accessToken", void 0);
24
+ __decorate([
25
+ (0, class_transformer_1.Expose)(),
26
+ (0, class_validator_1.IsString)(),
27
+ __metadata("design:type", String)
28
+ ], VerifyPasswordTokens.prototype, "idToken", void 0);
29
+ __decorate([
30
+ (0, class_transformer_1.Expose)(),
31
+ (0, class_validator_1.IsString)(),
32
+ __metadata("design:type", String)
33
+ ], VerifyPasswordTokens.prototype, "refreshToken", void 0);
34
+ __decorate([
35
+ (0, class_transformer_1.Expose)(),
36
+ (0, class_validator_1.IsNumber)(),
37
+ __metadata("design:type", Number)
38
+ ], VerifyPasswordTokens.prototype, "expiresIn", void 0);
39
+ __decorate([
40
+ (0, class_transformer_1.Expose)(),
41
+ (0, class_validator_1.IsString)(),
42
+ __metadata("design:type", String)
43
+ ], VerifyPasswordTokens.prototype, "tokenType", void 0);
16
44
  /**
17
45
  * Respuesta de `POST /auth/verify-password`.
18
46
  *
@@ -50,3 +78,10 @@ __decorate([
50
78
  (0, class_validator_1.IsObject)(),
51
79
  __metadata("design:type", Object)
52
80
  ], VerifyPasswordResponse.prototype, "challengeParameters", void 0);
81
+ __decorate([
82
+ (0, class_transformer_1.Expose)(),
83
+ (0, class_validator_1.IsOptional)(),
84
+ (0, class_validator_1.ValidateNested)(),
85
+ (0, class_transformer_1.Type)(() => VerifyPasswordTokens),
86
+ __metadata("design:type", VerifyPasswordTokens)
87
+ ], VerifyPasswordResponse.prototype, "tokens", void 0);
@@ -7,6 +7,7 @@ export interface LevelDef {
7
7
  displayName: string;
8
8
  }
9
9
  export interface ApplicationSecurityPolicyDefault {
10
+ mfaEnabled?: boolean;
10
11
  mfaRequired?: boolean;
11
12
  methodsAllowed?: Array<'TOTP' | 'EMAIL'>;
12
13
  defaultPreferred?: 'TOTP' | 'EMAIL';
@@ -7,4 +7,5 @@
7
7
  */
8
8
  export interface TenantSecurityPolicyResponse {
9
9
  methodsAllowed: ('EMAIL' | 'TOTP')[];
10
+ mfaEnabled?: boolean;
10
11
  }
@@ -1,3 +1,4 @@
1
1
  export declare class UpdateTenantSecurityPolicyRequest {
2
2
  methodsAllowed: ('EMAIL' | 'TOTP')[];
3
+ mfaEnabled?: boolean;
3
4
  }
@@ -12,8 +12,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
12
12
  exports.UpdateTenantSecurityPolicyRequest = void 0;
13
13
  const class_transformer_1 = require("class-transformer");
14
14
  const class_validator_1 = require("class-validator");
15
- // TD-RBAC-071: methodsAllowed usa el value-set 'EMAIL'|'TOTP' (string), distinto de MfaMethodEnum
16
- // ('EMAIL_OTP'|'TOTP') a propósito. Ver TECH_DEBT.md del platform-rbac-business.
15
+ // TD-RBAC-071: methodsAllowed usa el value-set 'EMAIL'|'TOTP' (string), distinto de MfaMethodEnum.
17
16
  class UpdateTenantSecurityPolicyRequest {
18
17
  }
19
18
  exports.UpdateTenantSecurityPolicyRequest = UpdateTenantSecurityPolicyRequest;
@@ -23,3 +22,9 @@ __decorate([
23
22
  (0, class_validator_1.IsIn)(['EMAIL', 'TOTP'], { each: true }),
24
23
  __metadata("design:type", Array)
25
24
  ], UpdateTenantSecurityPolicyRequest.prototype, "methodsAllowed", void 0);
25
+ __decorate([
26
+ (0, class_transformer_1.Expose)(),
27
+ (0, class_validator_1.IsOptional)(),
28
+ (0, class_validator_1.IsBoolean)(),
29
+ __metadata("design:type", Boolean)
30
+ ], UpdateTenantSecurityPolicyRequest.prototype, "mfaEnabled", void 0);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@fiado/type-kit",
3
- "version": "3.114.0",
3
+ "version": "3.116.0",
4
4
  "description": "",
5
5
  "main": "bin/index.js",
6
6
  "types": "bin/index.d.ts",
@@ -1,7 +1,15 @@
1
- import { Expose } from 'class-transformer';
2
- import { IsBoolean, IsEnum, IsObject, IsOptional, IsString } from 'class-validator';
1
+ import { Expose, Type } from 'class-transformer';
2
+ import { IsBoolean, IsEnum, IsNumber, IsObject, IsOptional, IsString, ValidateNested } from 'class-validator';
3
3
  import { CognitoChallengeType } from '../enums/CognitoChallengeType';
4
4
 
5
+ export class VerifyPasswordTokens {
6
+ @Expose() @IsString() accessToken!: string;
7
+ @Expose() @IsString() idToken!: string;
8
+ @Expose() @IsString() refreshToken!: string;
9
+ @Expose() @IsNumber() expiresIn!: number;
10
+ @Expose() @IsString() tokenType!: string;
11
+ }
12
+
5
13
  /**
6
14
  * Respuesta de `POST /auth/verify-password`.
7
15
  *
@@ -21,4 +29,8 @@ export class VerifyPasswordResponse {
21
29
  @Expose() @IsOptional() @IsString() session?: string;
22
30
 
23
31
  @Expose() @IsOptional() @IsObject() challengeParameters?: Record<string, string>;
32
+
33
+ // DEC-RBAC-045: tokens directos de ADMIN_USER_PASSWORD_AUTH cuando no hay challenge. El rbac SOLO
34
+ // los usa si el tenant tiene mfaEnabled=false. Aditivo, backward-compatible.
35
+ @Expose() @IsOptional() @ValidateNested() @Type(() => VerifyPasswordTokens) tokens?: VerifyPasswordTokens;
24
36
  }
@@ -9,6 +9,8 @@ export interface LevelDef {
9
9
  }
10
10
 
11
11
  export interface ApplicationSecurityPolicyDefault {
12
+ // DEC-RBAC-045: 2FA master switch por tenant. Ausente ⇒ habilitado (secure-by-default).
13
+ mfaEnabled?: boolean;
12
14
  mfaRequired?: boolean;
13
15
  methodsAllowed?: Array<'TOTP' | 'EMAIL'>;
14
16
  defaultPreferred?: 'TOTP' | 'EMAIL';
@@ -7,4 +7,7 @@
7
7
  */
8
8
  export interface TenantSecurityPolicyResponse {
9
9
  methodsAllowed: ('EMAIL' | 'TOTP')[];
10
+
11
+ // DEC-RBAC-045: 2FA master switch por tenant. Ausente ⇒ habilitado (secure-by-default).
12
+ mfaEnabled?: boolean;
10
13
  }
@@ -1,11 +1,16 @@
1
1
  import { Expose } from 'class-transformer';
2
- import { ArrayNotEmpty, IsIn } from 'class-validator';
2
+ import { ArrayNotEmpty, IsBoolean, IsIn, IsOptional } from 'class-validator';
3
3
 
4
- // TD-RBAC-071: methodsAllowed usa el value-set 'EMAIL'|'TOTP' (string), distinto de MfaMethodEnum
5
- // ('EMAIL_OTP'|'TOTP') a propósito. Ver TECH_DEBT.md del platform-rbac-business.
4
+ // TD-RBAC-071: methodsAllowed usa el value-set 'EMAIL'|'TOTP' (string), distinto de MfaMethodEnum.
6
5
  export class UpdateTenantSecurityPolicyRequest {
7
6
  @Expose()
8
7
  @ArrayNotEmpty()
9
8
  @IsIn(['EMAIL', 'TOTP'], { each: true })
10
9
  methodsAllowed!: ('EMAIL' | 'TOTP')[];
10
+
11
+ // DEC-RBAC-045: 2FA master switch por tenant. Ausente ⇒ habilitado (secure-by-default).
12
+ @Expose()
13
+ @IsOptional()
14
+ @IsBoolean()
15
+ mfaEnabled?: boolean;
11
16
  }