npm - @fiado/type-kit - Versions diffs - 3.37.0 → 3.39.0 - Mend

@fiado/type-kit 3.37.0 → 3.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

package/bin/cognitoBackofficeConnector/dtos/TotpBeginResponse.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TotpBeginResponse = void 0;
+class TotpBeginResponse {
+}
+exports.TotpBeginResponse = TotpBeginResponse;

package/bin/cognitoBackofficeConnector/dtos/TotpVerifyRequest.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export declare class TotpVerifyRequest {
+    region: string;
+    accessToken: string;
+    userCode: string;
+    friendlyDeviceName?: string;
+}

package/bin/cognitoBackofficeConnector/dtos/TotpVerifyRequest.js ADDED Viewed

@@ -0,0 +1,41 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TotpVerifyRequest = void 0;
+const class_transformer_1 = require("class-transformer");
+const class_validator_1 = require("class-validator");
+class TotpVerifyRequest {
+}
+exports.TotpVerifyRequest = TotpVerifyRequest;
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], TotpVerifyRequest.prototype, "region", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], TotpVerifyRequest.prototype, "accessToken", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], TotpVerifyRequest.prototype, "userCode", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], TotpVerifyRequest.prototype, "friendlyDeviceName", void 0);

package/bin/cognitoBackofficeConnector/dtos/UpdateEmailRequest.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export declare class UpdateEmailRequest {
+    region: string;
+    accessToken: string;
+    newEmail: string;
+}

package/bin/cognitoBackofficeConnector/dtos/UpdateEmailRequest.js ADDED Viewed

@@ -0,0 +1,34 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UpdateEmailRequest = void 0;
+const class_transformer_1 = require("class-transformer");
+const class_validator_1 = require("class-validator");
+class UpdateEmailRequest {
+}
+exports.UpdateEmailRequest = UpdateEmailRequest;
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], UpdateEmailRequest.prototype, "region", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], UpdateEmailRequest.prototype, "accessToken", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsEmail)(),
+    __metadata("design:type", String)
+], UpdateEmailRequest.prototype, "newEmail", void 0);

package/bin/cognitoBackofficeConnector/dtos/UpdateProfileRequest.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * D3 ajuste 2: self-service profile update NO permite tocar `customAttributes`
+ * — eso es exclusivo del path admin (`UpdateUserAttributesRequest` con
+ * `NoTenantIdInCustomAttrs`). El self-service solo modifica campos personales
+ * benignos.
+ */
+export declare class UpdateProfileRequest {
+    region: string;
+    accessToken: string;
+    displayName?: string;
+    phoneNumber?: string;
+}

package/bin/cognitoBackofficeConnector/dtos/UpdateProfileRequest.js ADDED Viewed

@@ -0,0 +1,47 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UpdateProfileRequest = void 0;
+const class_transformer_1 = require("class-transformer");
+const class_validator_1 = require("class-validator");
+/**
+ * D3 ajuste 2: self-service profile update NO permite tocar `customAttributes`
+ * — eso es exclusivo del path admin (`UpdateUserAttributesRequest` con
+ * `NoTenantIdInCustomAttrs`). El self-service solo modifica campos personales
+ * benignos.
+ */
+class UpdateProfileRequest {
+}
+exports.UpdateProfileRequest = UpdateProfileRequest;
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], UpdateProfileRequest.prototype, "region", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], UpdateProfileRequest.prototype, "accessToken", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], UpdateProfileRequest.prototype, "displayName", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], UpdateProfileRequest.prototype, "phoneNumber", void 0);

package/bin/cognitoBackofficeConnector/dtos/UpdateUserAttributesRequest.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+export declare class UpdateUserAttributesRequest {
+    userPoolId: string;
+    region: string;
+    displayName?: string;
+    phoneNumber?: string;
+    customAttributes?: Record<string, string>;
+}

package/bin/cognitoBackofficeConnector/dtos/UpdateUserAttributesRequest.js ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UpdateUserAttributesRequest = void 0;
+const class_transformer_1 = require("class-transformer");
+const class_validator_1 = require("class-validator");
+const NoTenantIdInCustomAttrs_1 = require("../validators/NoTenantIdInCustomAttrs");
+class UpdateUserAttributesRequest {
+}
+exports.UpdateUserAttributesRequest = UpdateUserAttributesRequest;
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], UpdateUserAttributesRequest.prototype, "userPoolId", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], UpdateUserAttributesRequest.prototype, "region", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], UpdateUserAttributesRequest.prototype, "displayName", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], UpdateUserAttributesRequest.prototype, "phoneNumber", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsObject)(),
+    (0, class_validator_1.Validate)(NoTenantIdInCustomAttrs_1.NoTenantIdInCustomAttrs),
+    __metadata("design:type", Object)
+], UpdateUserAttributesRequest.prototype, "customAttributes", void 0);

package/bin/cognitoBackofficeConnector/dtos/UserActionRequest.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+/**
+ * Request shared para acciones admin que solo requieren identificar el pool
+ * (el `cognitoSub` viaja por path param del endpoint): disable, enable,
+ * global sign-out, password reset.
+ */
+export declare class UserActionRequest {
+    userPoolId: string;
+    region: string;
+}

package/bin/cognitoBackofficeConnector/dtos/UserActionRequest.js ADDED Viewed

@@ -0,0 +1,34 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserActionRequest = void 0;
+const class_transformer_1 = require("class-transformer");
+const class_validator_1 = require("class-validator");
+/**
+ * Request shared para acciones admin que solo requieren identificar el pool
+ * (el `cognitoSub` viaja por path param del endpoint): disable, enable,
+ * global sign-out, password reset.
+ */
+class UserActionRequest {
+}
+exports.UserActionRequest = UserActionRequest;
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], UserActionRequest.prototype, "userPoolId", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], UserActionRequest.prototype, "region", void 0);

package/bin/cognitoBackofficeConnector/dtos/UserDetailResponse.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { CognitoUserStatus } from '../enums/CognitoUserStatus';
+export declare class UserDetailResponse {
+    cognitoSub: string;
+    email: string;
+    emailVerified: boolean;
+    status: CognitoUserStatus;
+    enabled: boolean;
+    displayName?: string;
+    phoneNumber?: string;
+    customAttributes?: Record<string, string>;
+    createdAt: number;
+    lastModifiedAt: number;
+}

package/bin/cognitoBackofficeConnector/dtos/UserDetailResponse.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UserDetailResponse = void 0;
+class UserDetailResponse {
+}
+exports.UserDetailResponse = UserDetailResponse;

package/bin/cognitoBackofficeConnector/dtos/VerifyEmailRequest.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export declare class VerifyEmailRequest {
+    region: string;
+    accessToken: string;
+    confirmationCode: string;
+}

package/bin/cognitoBackofficeConnector/dtos/VerifyEmailRequest.js ADDED Viewed

@@ -0,0 +1,35 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VerifyEmailRequest = void 0;
+const class_transformer_1 = require("class-transformer");
+const class_validator_1 = require("class-validator");
+class VerifyEmailRequest {
+}
+exports.VerifyEmailRequest = VerifyEmailRequest;
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], VerifyEmailRequest.prototype, "region", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], VerifyEmailRequest.prototype, "accessToken", void 0);
+__decorate([
+    (0, class_transformer_1.Expose)(),
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], VerifyEmailRequest.prototype, "confirmationCode", void 0);

package/bin/cognitoBackofficeConnector/enums/CognitoChallengeType.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Tipos de Cognito Challenge que el `cognito-backoffice-connector` propaga al
+ * caller (típicamente el BFF M18). Son los 4 valores canónicos del proyecto.
+ *
+ * Decisión A17 (MFA exclusivo): el proyecto soporta exclusivamente TOTP +
+ * Email OTP. Cualquier otro challenge que devuelva el SDK
+ * (`SELECT_MFA_TYPE`, `SMS_MFA`, `DEVICE_SRP_AUTH`, `DEVICE_PASSWORD_VERIFIER`,
+ * `CUSTOM_CHALLENGE`, `ADMIN_NO_SRP_AUTH`, etc.) NO se propaga como
+ * `challengeType` — se mapea a `CognitoUnexpectedError` con HTTP 502 en el
+ * service correspondiente.
+ *
+ *  - `NEW_PASSWORD_REQUIRED` — el usuario fue creado con temp password y debe
+ *    setear una definitiva en el primer login.
+ *  - `MFA_SETUP` — el usuario debe enrolarse en MFA (TOTP o Email) antes de
+ *    obtener tokens.
+ *  - `SOFTWARE_TOKEN_MFA` — el usuario tiene TOTP enrolado y debe enviar el
+ *    código del authenticator.
+ *  - `EMAIL_OTP` — el usuario tiene Email MFA habilitado y debe enviar el OTP
+ *    enviado al email.
+ */
+export declare enum CognitoChallengeType {
+    NEW_PASSWORD_REQUIRED = "NEW_PASSWORD_REQUIRED",
+    MFA_SETUP = "MFA_SETUP",
+    SOFTWARE_TOKEN_MFA = "SOFTWARE_TOKEN_MFA",
+    EMAIL_OTP = "EMAIL_OTP"
+}

package/bin/cognitoBackofficeConnector/enums/CognitoChallengeType.js ADDED Viewed

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CognitoChallengeType = void 0;
+/**
+ * Tipos de Cognito Challenge que el `cognito-backoffice-connector` propaga al
+ * caller (típicamente el BFF M18). Son los 4 valores canónicos del proyecto.
+ *
+ * Decisión A17 (MFA exclusivo): el proyecto soporta exclusivamente TOTP +
+ * Email OTP. Cualquier otro challenge que devuelva el SDK
+ * (`SELECT_MFA_TYPE`, `SMS_MFA`, `DEVICE_SRP_AUTH`, `DEVICE_PASSWORD_VERIFIER`,
+ * `CUSTOM_CHALLENGE`, `ADMIN_NO_SRP_AUTH`, etc.) NO se propaga como
+ * `challengeType` — se mapea a `CognitoUnexpectedError` con HTTP 502 en el
+ * service correspondiente.
+ *
+ *  - `NEW_PASSWORD_REQUIRED` — el usuario fue creado con temp password y debe
+ *    setear una definitiva en el primer login.
+ *  - `MFA_SETUP` — el usuario debe enrolarse en MFA (TOTP o Email) antes de
+ *    obtener tokens.
+ *  - `SOFTWARE_TOKEN_MFA` — el usuario tiene TOTP enrolado y debe enviar el
+ *    código del authenticator.
+ *  - `EMAIL_OTP` — el usuario tiene Email MFA habilitado y debe enviar el OTP
+ *    enviado al email.
+ */
+var CognitoChallengeType;
+(function (CognitoChallengeType) {
+    CognitoChallengeType["NEW_PASSWORD_REQUIRED"] = "NEW_PASSWORD_REQUIRED";
+    CognitoChallengeType["MFA_SETUP"] = "MFA_SETUP";
+    CognitoChallengeType["SOFTWARE_TOKEN_MFA"] = "SOFTWARE_TOKEN_MFA";
+    CognitoChallengeType["EMAIL_OTP"] = "EMAIL_OTP";
+})(CognitoChallengeType || (exports.CognitoChallengeType = CognitoChallengeType = {}));

package/bin/cognitoBackofficeConnector/enums/CognitoUserStatus.d.ts ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Estados posibles de un usuario en un Cognito User Pool, según el tipo
+ * `UserStatusType` del SDK `@aws-sdk/client-cognito-identity-provider`.
+ *
+ * El SDK no expone enum value `DISABLED` — el equivalente operativo en Cognito
+ * es el flag boolean `enabled` del usuario (ver `CreateUserResponse.enabled`
+ * y `UserDetailResponse.enabled`), que es independiente del `status`.
+ *
+ * `EXTERNAL_PROVIDER` (federación SAML / OIDC) no se incluye porque el
+ * proyecto NO usa federación — el backoffice solo administra usuarios nativos
+ * del pool.
+ *
+ *  - `UNCONFIRMED` — el usuario fue creado pero no completó la verificación de email.
+ *  - `CONFIRMED` — usuario verificado, puede operar (sujeto a MFA si aplica).
+ *  - `ARCHIVED` — usuario archivado por Cognito (no puede operar, no se borra).
+ *  - `COMPROMISED` — flag de Cognito Advanced Security: credencial comprometida.
+ *  - `UNKNOWN` — Cognito no determinó el estado (raro).
+ *  - `RESET_REQUIRED` — el usuario debe resetear password antes del próximo login.
+ *  - `FORCE_CHANGE_PASSWORD` — temp password vigente, requiere `NEW_PASSWORD_REQUIRED`.
+ */
+export declare enum CognitoUserStatus {
+    UNCONFIRMED = "UNCONFIRMED",
+    CONFIRMED = "CONFIRMED",
+    ARCHIVED = "ARCHIVED",
+    COMPROMISED = "COMPROMISED",
+    UNKNOWN = "UNKNOWN",
+    RESET_REQUIRED = "RESET_REQUIRED",
+    FORCE_CHANGE_PASSWORD = "FORCE_CHANGE_PASSWORD"
+}

package/bin/cognitoBackofficeConnector/enums/CognitoUserStatus.js ADDED Viewed

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CognitoUserStatus = void 0;
+/**
+ * Estados posibles de un usuario en un Cognito User Pool, según el tipo
+ * `UserStatusType` del SDK `@aws-sdk/client-cognito-identity-provider`.
+ *
+ * El SDK no expone enum value `DISABLED` — el equivalente operativo en Cognito
+ * es el flag boolean `enabled` del usuario (ver `CreateUserResponse.enabled`
+ * y `UserDetailResponse.enabled`), que es independiente del `status`.
+ *
+ * `EXTERNAL_PROVIDER` (federación SAML / OIDC) no se incluye porque el
+ * proyecto NO usa federación — el backoffice solo administra usuarios nativos
+ * del pool.
+ *
+ *  - `UNCONFIRMED` — el usuario fue creado pero no completó la verificación de email.
+ *  - `CONFIRMED` — usuario verificado, puede operar (sujeto a MFA si aplica).
+ *  - `ARCHIVED` — usuario archivado por Cognito (no puede operar, no se borra).
+ *  - `COMPROMISED` — flag de Cognito Advanced Security: credencial comprometida.
+ *  - `UNKNOWN` — Cognito no determinó el estado (raro).
+ *  - `RESET_REQUIRED` — el usuario debe resetear password antes del próximo login.
+ *  - `FORCE_CHANGE_PASSWORD` — temp password vigente, requiere `NEW_PASSWORD_REQUIRED`.
+ */
+var CognitoUserStatus;
+(function (CognitoUserStatus) {
+    CognitoUserStatus["UNCONFIRMED"] = "UNCONFIRMED";
+    CognitoUserStatus["CONFIRMED"] = "CONFIRMED";
+    CognitoUserStatus["ARCHIVED"] = "ARCHIVED";
+    CognitoUserStatus["COMPROMISED"] = "COMPROMISED";
+    CognitoUserStatus["UNKNOWN"] = "UNKNOWN";
+    CognitoUserStatus["RESET_REQUIRED"] = "RESET_REQUIRED";
+    CognitoUserStatus["FORCE_CHANGE_PASSWORD"] = "FORCE_CHANGE_PASSWORD";
+})(CognitoUserStatus || (exports.CognitoUserStatus = CognitoUserStatus = {}));

package/bin/cognitoBackofficeConnector/index.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Módulo `cognitoBackofficeConnector` — DTOs, enums y validators para el Lambda
+ * `cognito-backoffice-connector` (backoffice multi-tenant Fiado).
+ *
+ * Es un módulo NUEVO y SEPARADO del módulo `cognitoConnector/` legacy que pertenece
+ * a otro Lambda Cognito Fiado (mantenido por yhonhansen). No reusar tipos del
+ * legacy aquí ni viceversa — los dominios divergieron y mezclarlos arrastraría
+ * acoplamiento histórico.
+ */
+export * from './enums/CognitoChallengeType';
+export * from './enums/CognitoUserStatus';
+export * from './validators/NoTenantIdInCustomAttrs';
+export * from './validators/MfaTypesRequiresOne';
+export * from './dtos/CreateUserRequest';
+export * from './dtos/CreateUserResponse';
+export * from './dtos/UpdateUserAttributesRequest';
+export * from './dtos/UserActionRequest';
+export * from './dtos/DeleteUserRequest';
+export * from './dtos/ResendInvitationRequest';
+export * from './dtos/UserDetailResponse';
+export * from './dtos/AuthEventsRequest';
+export * from './dtos/AuthEventResponse';
+export * from './dtos/AuthTokensResponse';
+export * from './dtos/InitiateAuthRequest';
+export * from './dtos/InitiateAuthResponse';
+export * from './dtos/RespondToChallengeRequest';
+export * from './dtos/RespondToChallengeResponse';
+export * from './dtos/RefreshTokensRequest';
+export * from './dtos/RefreshTokensResponse';
+export * from './dtos/ForgotPasswordRequest';
+export * from './dtos/ConfirmForgotPasswordRequest';
+export * from './dtos/ResendConfirmationRequest';
+export * from './dtos/ChangePasswordRequest';
+export * from './dtos/TotpBeginRequest';
+export * from './dtos/TotpBeginResponse';
+export * from './dtos/TotpVerifyRequest';
+export * from './dtos/MfaVerifyResponse';
+export * from './dtos/SetMfaPreferenceRequest';
+export * from './dtos/MfaResetRequest';
+export * from './dtos/UpdateEmailRequest';
+export * from './dtos/VerifyEmailRequest';
+export * from './dtos/UpdateProfileRequest';
+export * from './dtos/HealthcheckResponse';
+export * from './dtos/MfaPoolConfig';
+export * from './dtos/PasswordPolicyConfig';
+export * from './dtos/CustomAttributeSpec';
+export * from './dtos/AppClientConfig';
+export * from './dtos/CreatePoolRequest';
+export * from './dtos/CreatePoolResponse';
+export * from './dtos/DeletePoolRequest';

package/bin/cognitoBackofficeConnector/index.js ADDED Viewed

@@ -0,0 +1,66 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Módulo `cognitoBackofficeConnector` — DTOs, enums y validators para el Lambda
+ * `cognito-backoffice-connector` (backoffice multi-tenant Fiado).
+ *
+ * Es un módulo NUEVO y SEPARADO del módulo `cognitoConnector/` legacy que pertenece
+ * a otro Lambda Cognito Fiado (mantenido por yhonhansen). No reusar tipos del
+ * legacy aquí ni viceversa — los dominios divergieron y mezclarlos arrastraría
+ * acoplamiento histórico.
+ */
+__exportStar(require("./enums/CognitoChallengeType"), exports);
+__exportStar(require("./enums/CognitoUserStatus"), exports);
+__exportStar(require("./validators/NoTenantIdInCustomAttrs"), exports);
+__exportStar(require("./validators/MfaTypesRequiresOne"), exports);
+__exportStar(require("./dtos/CreateUserRequest"), exports);
+__exportStar(require("./dtos/CreateUserResponse"), exports);
+__exportStar(require("./dtos/UpdateUserAttributesRequest"), exports);
+__exportStar(require("./dtos/UserActionRequest"), exports);
+__exportStar(require("./dtos/DeleteUserRequest"), exports);
+__exportStar(require("./dtos/ResendInvitationRequest"), exports);
+__exportStar(require("./dtos/UserDetailResponse"), exports);
+__exportStar(require("./dtos/AuthEventsRequest"), exports);
+__exportStar(require("./dtos/AuthEventResponse"), exports);
+__exportStar(require("./dtos/AuthTokensResponse"), exports);
+__exportStar(require("./dtos/InitiateAuthRequest"), exports);
+__exportStar(require("./dtos/InitiateAuthResponse"), exports);
+__exportStar(require("./dtos/RespondToChallengeRequest"), exports);
+__exportStar(require("./dtos/RespondToChallengeResponse"), exports);
+__exportStar(require("./dtos/RefreshTokensRequest"), exports);
+__exportStar(require("./dtos/RefreshTokensResponse"), exports);
+__exportStar(require("./dtos/ForgotPasswordRequest"), exports);
+__exportStar(require("./dtos/ConfirmForgotPasswordRequest"), exports);
+__exportStar(require("./dtos/ResendConfirmationRequest"), exports);
+__exportStar(require("./dtos/ChangePasswordRequest"), exports);
+__exportStar(require("./dtos/TotpBeginRequest"), exports);
+__exportStar(require("./dtos/TotpBeginResponse"), exports);
+__exportStar(require("./dtos/TotpVerifyRequest"), exports);
+__exportStar(require("./dtos/MfaVerifyResponse"), exports);
+__exportStar(require("./dtos/SetMfaPreferenceRequest"), exports);
+__exportStar(require("./dtos/MfaResetRequest"), exports);
+__exportStar(require("./dtos/UpdateEmailRequest"), exports);
+__exportStar(require("./dtos/VerifyEmailRequest"), exports);
+__exportStar(require("./dtos/UpdateProfileRequest"), exports);
+__exportStar(require("./dtos/HealthcheckResponse"), exports);
+__exportStar(require("./dtos/MfaPoolConfig"), exports);
+__exportStar(require("./dtos/PasswordPolicyConfig"), exports);
+__exportStar(require("./dtos/CustomAttributeSpec"), exports);
+__exportStar(require("./dtos/AppClientConfig"), exports);
+__exportStar(require("./dtos/CreatePoolRequest"), exports);
+__exportStar(require("./dtos/CreatePoolResponse"), exports);
+__exportStar(require("./dtos/DeletePoolRequest"), exports);

package/bin/cognitoBackofficeConnector/validators/MfaTypesRequiresOne.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { ValidatorConstraintInterface, ValidationArguments } from 'class-validator';
+/**
+ * Cross-field validator: si `requireMfa: true`, entonces `mfaTypes` debe tener
+ * al menos 1 elemento. Si `requireMfa: false`, `mfaTypes` puede ser vacío.
+ *
+ * Razón: cuando el pool nace con MFA habilitado, el connector llama
+ * `SetUserPoolMfaConfigCommand` con la lista de tipos del DTO. Si el array
+ * llega vacío con `requireMfa: true`, el SDK rechaza con InvalidParameterException
+ * y el pool queda en estado inconsistente (MfaConfiguration:'ON' sin tipos).
+ * Mejor rechazar en validación del DTO antes de tocar AWS.
+ *
+ * Ver pivote v1.4.1 TD-017 cerrado + spec doc §1 R3.
+ */
+export declare class MfaTypesRequiresOne implements ValidatorConstraintInterface {
+    validate(mfaTypes: unknown, args: ValidationArguments): boolean;
+    defaultMessage(): string;
+}

package/bin/cognitoBackofficeConnector/validators/MfaTypesRequiresOne.js ADDED Viewed

@@ -0,0 +1,39 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MfaTypesRequiresOne = void 0;
+const class_validator_1 = require("class-validator");
+/**
+ * Cross-field validator: si `requireMfa: true`, entonces `mfaTypes` debe tener
+ * al menos 1 elemento. Si `requireMfa: false`, `mfaTypes` puede ser vacío.
+ *
+ * Razón: cuando el pool nace con MFA habilitado, el connector llama
+ * `SetUserPoolMfaConfigCommand` con la lista de tipos del DTO. Si el array
+ * llega vacío con `requireMfa: true`, el SDK rechaza con InvalidParameterException
+ * y el pool queda en estado inconsistente (MfaConfiguration:'ON' sin tipos).
+ * Mejor rechazar en validación del DTO antes de tocar AWS.
+ *
+ * Ver pivote v1.4.1 TD-017 cerrado + spec doc §1 R3.
+ */
+let MfaTypesRequiresOne = class MfaTypesRequiresOne {
+    validate(mfaTypes, args) {
+        const obj = args.object;
+        if (obj.requireMfa === true) {
+            return Array.isArray(mfaTypes) && mfaTypes.length >= 1;
+        }
+        // requireMfa: false → cualquier mfaTypes pasa.
+        return true;
+    }
+    defaultMessage() {
+        return 'mfaTypes requiere al menos un tipo cuando requireMfa=true';
+    }
+};
+exports.MfaTypesRequiresOne = MfaTypesRequiresOne;
+exports.MfaTypesRequiresOne = MfaTypesRequiresOne = __decorate([
+    (0, class_validator_1.ValidatorConstraint)({ name: 'MfaTypesRequiresOneWhenMfaRequired', async: false })
+], MfaTypesRequiresOne);