@fiado/type-kit 3.126.0 → 3.128.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/_test_/unit/platformRbac/dtos/CreateTenantRequest.test.ts +42 -0
- package/bin/identity/dtos/PeopleResponse.d.ts +1 -0
- package/bin/identity/dtos/PeopleUpdateRequest.d.ts +1 -0
- package/bin/platformRbac/dtos/CreateTenantRequest.d.ts +18 -0
- package/bin/platformRbac/dtos/CreateTenantRequest.js +33 -1
- package/package.json +1 -1
- package/src/identity/dtos/PeopleResponse.ts +1 -0
- package/src/identity/dtos/PeopleUpdateRequest.ts +1 -0
- package/src/platformRbac/dtos/CreateTenantRequest.ts +35 -2
|
@@ -60,6 +60,48 @@ describe('CreateTenantRequest', () => {
|
|
|
60
60
|
expect(errors.some(e => e.property === 'tenantType')).toBe(true);
|
|
61
61
|
});
|
|
62
62
|
|
|
63
|
+
it('valida con securityPolicy omitido (opcional — hereda app.defaults)', async () => {
|
|
64
|
+
const dto = plainToInstance(CreateTenantRequest, valid);
|
|
65
|
+
const errors = await validate(dto);
|
|
66
|
+
expect(errors).toEqual([]);
|
|
67
|
+
expect(dto.securityPolicy).toBeUndefined();
|
|
68
|
+
});
|
|
69
|
+
|
|
70
|
+
it('valida securityPolicy con métodos válidos y mfaEnabled', async () => {
|
|
71
|
+
const dto = plainToInstance(CreateTenantRequest, {
|
|
72
|
+
...valid,
|
|
73
|
+
securityPolicy: { methodsAllowed: ['EMAIL', 'TOTP'], mfaEnabled: true },
|
|
74
|
+
});
|
|
75
|
+
const errors = await validate(dto);
|
|
76
|
+
expect(errors).toEqual([]);
|
|
77
|
+
expect(dto.securityPolicy?.methodsAllowed).toEqual(['EMAIL', 'TOTP']);
|
|
78
|
+
expect(dto.securityPolicy?.mfaEnabled).toBe(true);
|
|
79
|
+
});
|
|
80
|
+
|
|
81
|
+
it('valida securityPolicy con ambos campos opcionales ausentes (objeto vacío)', async () => {
|
|
82
|
+
const dto = plainToInstance(CreateTenantRequest, { ...valid, securityPolicy: {} });
|
|
83
|
+
const errors = await validate(dto);
|
|
84
|
+
expect(errors).toEqual([]);
|
|
85
|
+
});
|
|
86
|
+
|
|
87
|
+
it('falla si securityPolicy.methodsAllowed tiene un método fuera del value-set', async () => {
|
|
88
|
+
const dto = plainToInstance(CreateTenantRequest, {
|
|
89
|
+
...valid,
|
|
90
|
+
securityPolicy: { methodsAllowed: ['SMS'] },
|
|
91
|
+
});
|
|
92
|
+
const errors = await validate(dto);
|
|
93
|
+
expect(errors.some(e => e.property === 'securityPolicy')).toBe(true);
|
|
94
|
+
});
|
|
95
|
+
|
|
96
|
+
it('falla si securityPolicy.mfaEnabled no es boolean', async () => {
|
|
97
|
+
const dto = plainToInstance(CreateTenantRequest, {
|
|
98
|
+
...valid,
|
|
99
|
+
securityPolicy: { mfaEnabled: 'si' },
|
|
100
|
+
});
|
|
101
|
+
const errors = await validate(dto);
|
|
102
|
+
expect(errors.some(e => e.property === 'securityPolicy')).toBe(true);
|
|
103
|
+
});
|
|
104
|
+
|
|
63
105
|
it('NO expone temporaryPassword en el request (campo del response, no del body)', () => {
|
|
64
106
|
// El request NO debe llevar temporaryPassword (es solo del response, fallback out-of-band F-11).
|
|
65
107
|
// Con excludeExtraneousValues solo sobreviven las props @Expose() del DTO → el contrato lo excluye.
|
|
@@ -102,6 +102,7 @@ export declare class PeopleResponse {
|
|
|
102
102
|
hasSSN_ITIN: boolean | null;
|
|
103
103
|
geoAppproved?: boolean | null;
|
|
104
104
|
cnbvManualApproval?: ManualApproval | null;
|
|
105
|
+
minorManualApproval?: ManualApproval | null;
|
|
105
106
|
};
|
|
106
107
|
SIN: string | null;
|
|
107
108
|
documentNumber: string;
|
|
@@ -52,6 +52,7 @@ export declare class PeopleUpdateRequest {
|
|
|
52
52
|
ofacListApproved?: boolean | null;
|
|
53
53
|
cnbvListApproved?: boolean | null;
|
|
54
54
|
cnbvManualApproval?: ManualApproval | null;
|
|
55
|
+
minorManualApproval?: ManualApproval | null;
|
|
55
56
|
blackListApproved?: boolean | null;
|
|
56
57
|
whiteList?: boolean | null;
|
|
57
58
|
hasOwner?: boolean;
|
|
@@ -1,5 +1,18 @@
|
|
|
1
1
|
import { TokenValidationMode } from '../enums/TokenValidationMode';
|
|
2
2
|
import { TenantType } from '../tenantTypes';
|
|
3
|
+
/**
|
|
4
|
+
* Punto inicial de la política 2FA elegido en el alta del tenant (DEC-RBAC-064). Para el CREATE
|
|
5
|
+
* ambos campos son OPCIONALES: es un override del punto de partida — si se omite, el onboarding
|
|
6
|
+
* hereda de `app.defaults.securityPolicy`.
|
|
7
|
+
*
|
|
8
|
+
* TD-RBAC-071: `methodsAllowed` usa el value-set 'EMAIL'|'TOTP' (string), espejo del que usa
|
|
9
|
+
* `UpdateTenantSecurityPolicyRequest`. NO se reusa ese DTO porque allí `methodsAllowed` es REQUERIDO
|
|
10
|
+
* (@ArrayNotEmpty); en el create es opcional.
|
|
11
|
+
*/
|
|
12
|
+
export declare class CreateTenantSecurityPolicy {
|
|
13
|
+
methodsAllowed?: ('EMAIL' | 'TOTP')[];
|
|
14
|
+
mfaEnabled?: boolean;
|
|
15
|
+
}
|
|
3
16
|
/**
|
|
4
17
|
* Input del POST backoffice de creación de tenant (F-11 — onboarding de tenant en SureKeep).
|
|
5
18
|
* Consumido por el controller `backofficeCreateTenant` del platform-rbac-business y, a futuro,
|
|
@@ -28,4 +41,9 @@ export declare class CreateTenantRequest {
|
|
|
28
41
|
tenantType?: TenantType;
|
|
29
42
|
/** DEC-RBAC-034: aplicación (plantilla) de la que se crea el tenant; opcional, fallback a tenantType (back-compat). */
|
|
30
43
|
applicationId?: string;
|
|
44
|
+
/**
|
|
45
|
+
* DEC-RBAC-064: punto inicial de métodos 2FA elegido en el alta. Opcional: si se omite, el
|
|
46
|
+
* onboarding hereda `app.defaults.securityPolicy`. Aditivo, no rompe altas existentes.
|
|
47
|
+
*/
|
|
48
|
+
securityPolicy?: CreateTenantSecurityPolicy;
|
|
31
49
|
}
|
|
@@ -9,11 +9,36 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
9
9
|
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
10
10
|
};
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
|
-
exports.CreateTenantRequest = void 0;
|
|
12
|
+
exports.CreateTenantRequest = exports.CreateTenantSecurityPolicy = void 0;
|
|
13
13
|
const class_transformer_1 = require("class-transformer");
|
|
14
14
|
const class_validator_1 = require("class-validator");
|
|
15
15
|
const TokenValidationMode_1 = require("../enums/TokenValidationMode");
|
|
16
16
|
const tenantTypes_1 = require("../tenantTypes");
|
|
17
|
+
/**
|
|
18
|
+
* Punto inicial de la política 2FA elegido en el alta del tenant (DEC-RBAC-064). Para el CREATE
|
|
19
|
+
* ambos campos son OPCIONALES: es un override del punto de partida — si se omite, el onboarding
|
|
20
|
+
* hereda de `app.defaults.securityPolicy`.
|
|
21
|
+
*
|
|
22
|
+
* TD-RBAC-071: `methodsAllowed` usa el value-set 'EMAIL'|'TOTP' (string), espejo del que usa
|
|
23
|
+
* `UpdateTenantSecurityPolicyRequest`. NO se reusa ese DTO porque allí `methodsAllowed` es REQUERIDO
|
|
24
|
+
* (@ArrayNotEmpty); en el create es opcional.
|
|
25
|
+
*/
|
|
26
|
+
class CreateTenantSecurityPolicy {
|
|
27
|
+
}
|
|
28
|
+
exports.CreateTenantSecurityPolicy = CreateTenantSecurityPolicy;
|
|
29
|
+
__decorate([
|
|
30
|
+
(0, class_transformer_1.Expose)(),
|
|
31
|
+
(0, class_validator_1.IsOptional)(),
|
|
32
|
+
(0, class_validator_1.IsArray)(),
|
|
33
|
+
(0, class_validator_1.IsIn)(['EMAIL', 'TOTP'], { each: true }),
|
|
34
|
+
__metadata("design:type", Array)
|
|
35
|
+
], CreateTenantSecurityPolicy.prototype, "methodsAllowed", void 0);
|
|
36
|
+
__decorate([
|
|
37
|
+
(0, class_transformer_1.Expose)(),
|
|
38
|
+
(0, class_validator_1.IsOptional)(),
|
|
39
|
+
(0, class_validator_1.IsBoolean)(),
|
|
40
|
+
__metadata("design:type", Boolean)
|
|
41
|
+
], CreateTenantSecurityPolicy.prototype, "mfaEnabled", void 0);
|
|
17
42
|
/**
|
|
18
43
|
* Input del POST backoffice de creación de tenant (F-11 — onboarding de tenant en SureKeep).
|
|
19
44
|
* Consumido por el controller `backofficeCreateTenant` del platform-rbac-business y, a futuro,
|
|
@@ -75,3 +100,10 @@ __decorate([
|
|
|
75
100
|
(0, class_validator_1.IsString)(),
|
|
76
101
|
__metadata("design:type", String)
|
|
77
102
|
], CreateTenantRequest.prototype, "applicationId", void 0);
|
|
103
|
+
__decorate([
|
|
104
|
+
(0, class_transformer_1.Expose)(),
|
|
105
|
+
(0, class_validator_1.IsOptional)(),
|
|
106
|
+
(0, class_validator_1.ValidateNested)(),
|
|
107
|
+
(0, class_transformer_1.Type)(() => CreateTenantSecurityPolicy),
|
|
108
|
+
__metadata("design:type", CreateTenantSecurityPolicy)
|
|
109
|
+
], CreateTenantRequest.prototype, "securityPolicy", void 0);
|
package/package.json
CHANGED
|
@@ -57,6 +57,7 @@ export class PeopleUpdateRequest {
|
|
|
57
57
|
ofacListApproved?: boolean | null;
|
|
58
58
|
cnbvListApproved?: boolean | null;
|
|
59
59
|
cnbvManualApproval?: ManualApproval | null;
|
|
60
|
+
minorManualApproval?: ManualApproval | null;
|
|
60
61
|
blackListApproved?: boolean | null;
|
|
61
62
|
whiteList?: boolean | null;
|
|
62
63
|
hasOwner?: boolean;
|
|
@@ -1,8 +1,35 @@
|
|
|
1
|
-
import { Expose } from 'class-transformer';
|
|
2
|
-
import {
|
|
1
|
+
import { Expose, Type } from 'class-transformer';
|
|
2
|
+
import {
|
|
3
|
+
IsArray,
|
|
4
|
+
IsBoolean,
|
|
5
|
+
IsEmail,
|
|
6
|
+
IsEnum,
|
|
7
|
+
IsIn,
|
|
8
|
+
IsOptional,
|
|
9
|
+
IsString,
|
|
10
|
+
Matches,
|
|
11
|
+
ValidateNested,
|
|
12
|
+
} from 'class-validator';
|
|
3
13
|
import { TokenValidationMode } from '../enums/TokenValidationMode';
|
|
4
14
|
import { TenantType } from '../tenantTypes';
|
|
5
15
|
|
|
16
|
+
/**
|
|
17
|
+
* Punto inicial de la política 2FA elegido en el alta del tenant (DEC-RBAC-064). Para el CREATE
|
|
18
|
+
* ambos campos son OPCIONALES: es un override del punto de partida — si se omite, el onboarding
|
|
19
|
+
* hereda de `app.defaults.securityPolicy`.
|
|
20
|
+
*
|
|
21
|
+
* TD-RBAC-071: `methodsAllowed` usa el value-set 'EMAIL'|'TOTP' (string), espejo del que usa
|
|
22
|
+
* `UpdateTenantSecurityPolicyRequest`. NO se reusa ese DTO porque allí `methodsAllowed` es REQUERIDO
|
|
23
|
+
* (@ArrayNotEmpty); en el create es opcional.
|
|
24
|
+
*/
|
|
25
|
+
export class CreateTenantSecurityPolicy {
|
|
26
|
+
@Expose() @IsOptional() @IsArray() @IsIn(['EMAIL', 'TOTP'], { each: true })
|
|
27
|
+
methodsAllowed?: ('EMAIL' | 'TOTP')[];
|
|
28
|
+
|
|
29
|
+
@Expose() @IsOptional() @IsBoolean()
|
|
30
|
+
mfaEnabled?: boolean;
|
|
31
|
+
}
|
|
32
|
+
|
|
6
33
|
/**
|
|
7
34
|
* Input del POST backoffice de creación de tenant (F-11 — onboarding de tenant en SureKeep).
|
|
8
35
|
* Consumido por el controller `backofficeCreateTenant` del platform-rbac-business y, a futuro,
|
|
@@ -34,4 +61,10 @@ export class CreateTenantRequest {
|
|
|
34
61
|
@Expose() @IsOptional() @IsEnum(TenantType) tenantType?: TenantType;
|
|
35
62
|
/** DEC-RBAC-034: aplicación (plantilla) de la que se crea el tenant; opcional, fallback a tenantType (back-compat). */
|
|
36
63
|
@Expose() @IsOptional() @IsString() applicationId?: string;
|
|
64
|
+
/**
|
|
65
|
+
* DEC-RBAC-064: punto inicial de métodos 2FA elegido en el alta. Opcional: si se omite, el
|
|
66
|
+
* onboarding hereda `app.defaults.securityPolicy`. Aditivo, no rompe altas existentes.
|
|
67
|
+
*/
|
|
68
|
+
@Expose() @IsOptional() @ValidateNested() @Type(() => CreateTenantSecurityPolicy)
|
|
69
|
+
securityPolicy?: CreateTenantSecurityPolicy;
|
|
37
70
|
}
|