@fiado/type-kit 3.48.0 → 3.50.0

package/_test_/unit/cognitoBackofficeConnector/dtos/Introspect.test.ts

@@ -1,30 +1,30 @@
-import 'reflect-metadata';
-import { plainToInstance } from 'class-transformer';
-import { validate } from 'class-validator';
-import { IntrospectRequest } from '../../../../src/cognitoBackofficeConnector/dtos/IntrospectRequest';
-import { IntrospectResponse } from '../../../../src/cognitoBackofficeConnector/dtos/IntrospectResponse';
-import { IntrospectFailReason } from '../../../../src/cognitoBackofficeConnector/enums/IntrospectFailReason';
-
-describe('IntrospectRequest', () => {
-    it('valida happy path', async () => {
-        const dto = plainToInstance(IntrospectRequest, {
-            token: 'jwt', userPoolId: 'us-east-1_o0h1s3458', region: 'us-east-1', clientId: '1b8g4shbvbi5jhq19fuc8mi2bk',
-        });
-        expect(await validate(dto)).toEqual([]);
-    });
-    it('falla si falta userPoolId', async () => {
-        const dto = plainToInstance(IntrospectRequest, { token: 'jwt', region: 'us-east-1', clientId: 'c' });
-        expect((await validate(dto)).some(e => e.property === 'userPoolId')).toBe(true);
-    });
-});
-
-describe('IntrospectResponse', () => {
-    it('valid=true con cognitoSub', async () => {
-        const dto = plainToInstance(IntrospectResponse, { valid: true, cognitoSub: '248814c8' });
-        expect(await validate(dto)).toEqual([]);
-    });
-    it('valid=false con reason enum', async () => {
-        const dto = plainToInstance(IntrospectResponse, { valid: false, reason: IntrospectFailReason.REVOKED });
-        expect(await validate(dto)).toEqual([]);
-    });
-});
+import 'reflect-metadata';
+import { plainToInstance } from 'class-transformer';
+import { validate } from 'class-validator';
+import { IntrospectRequest } from '../../../../src/cognitoBackofficeConnector/dtos/IntrospectRequest';
+import { IntrospectResponse } from '../../../../src/cognitoBackofficeConnector/dtos/IntrospectResponse';
+import { IntrospectFailReason } from '../../../../src/cognitoBackofficeConnector/enums/IntrospectFailReason';
+
+describe('IntrospectRequest', () => {
+    it('valida happy path', async () => {
+        const dto = plainToInstance(IntrospectRequest, {
+            token: 'jwt', userPoolId: 'us-east-1_o0h1s3458', region: 'us-east-1', clientId: '1b8g4shbvbi5jhq19fuc8mi2bk',
+        });
+        expect(await validate(dto)).toEqual([]);
+    });
+    it('falla si falta userPoolId', async () => {
+        const dto = plainToInstance(IntrospectRequest, { token: 'jwt', region: 'us-east-1', clientId: 'c' });
+        expect((await validate(dto)).some(e => e.property === 'userPoolId')).toBe(true);
+    });
+});
+
+describe('IntrospectResponse', () => {
+    it('valid=true con cognitoSub', async () => {
+        const dto = plainToInstance(IntrospectResponse, { valid: true, cognitoSub: '248814c8' });
+        expect(await validate(dto)).toEqual([]);
+    });
+    it('valid=false con reason enum', async () => {
+        const dto = plainToInstance(IntrospectResponse, { valid: false, reason: IntrospectFailReason.REVOKED });
+        expect(await validate(dto)).toEqual([]);
+    });
+});

package/_test_/unit/platformRbac/auth/dtos.test.ts

@@ -1,42 +1,42 @@
-import 'reflect-metadata';
-import { plainToInstance } from 'class-transformer';
-import { validate } from 'class-validator';
-import {
-    DefineNextChallengeRequest,
-    ChallengeResultEntry,
-} from '../../../../src/platformRbac/auth/DefineNextChallengeRequest';
-import { ChallengeNameEnum } from '../../../../src/platformRbac/enums/ChallengeNameEnum';
-
-describe('DefineNextChallengeRequest', () => {
-    it('valida happy path con session vacia', async () => {
-        const dto = plainToInstance(DefineNextChallengeRequest, {
-            cognitoSub: 'abc-123',
-            userNotFound: false,
-            session: [],
-        });
-        const errors = await validate(dto);
-        expect(errors).toEqual([]);
-    });
-
-    it('valida happy path con session de un PASSWORD result', async () => {
-        const dto = plainToInstance(DefineNextChallengeRequest, {
-            cognitoSub: 'abc-123',
-            userNotFound: false,
-            session: [{ challengeName: ChallengeNameEnum.PASSWORD, challengeResult: true }],
-        });
-        const errors = await validate(dto);
-        expect(errors).toEqual([]);
-        expect(dto.session[0]).toBeInstanceOf(ChallengeResultEntry);
-    });
-
-    it('falla si cognitoSub no es string', async () => {
-        const dto = plainToInstance(DefineNextChallengeRequest, {
-            cognitoSub: 42,
-            userNotFound: false,
-            session: [],
-        });
-        const errors = await validate(dto);
-        expect(errors.length).toBeGreaterThan(0);
-        expect(errors[0].property).toBe('cognitoSub');
-    });
-});
+import 'reflect-metadata';
+import { plainToInstance } from 'class-transformer';
+import { validate } from 'class-validator';
+import {
+    DefineNextChallengeRequest,
+    ChallengeResultEntry,
+} from '../../../../src/platformRbac/auth/DefineNextChallengeRequest';
+import { ChallengeNameEnum } from '../../../../src/platformRbac/enums/ChallengeNameEnum';
+
+describe('DefineNextChallengeRequest', () => {
+    it('valida happy path con session vacia', async () => {
+        const dto = plainToInstance(DefineNextChallengeRequest, {
+            cognitoSub: 'abc-123',
+            userNotFound: false,
+            session: [],
+        });
+        const errors = await validate(dto);
+        expect(errors).toEqual([]);
+    });
+
+    it('valida happy path con session de un PASSWORD result', async () => {
+        const dto = plainToInstance(DefineNextChallengeRequest, {
+            cognitoSub: 'abc-123',
+            userNotFound: false,
+            session: [{ challengeName: ChallengeNameEnum.PASSWORD, challengeResult: true }],
+        });
+        const errors = await validate(dto);
+        expect(errors).toEqual([]);
+        expect(dto.session[0]).toBeInstanceOf(ChallengeResultEntry);
+    });
+
+    it('falla si cognitoSub no es string', async () => {
+        const dto = plainToInstance(DefineNextChallengeRequest, {
+            cognitoSub: 42,
+            userNotFound: false,
+            session: [],
+        });
+        const errors = await validate(dto);
+        expect(errors.length).toBeGreaterThan(0);
+        expect(errors[0].property).toBe('cognitoSub');
+    });
+});

package/_test_/unit/platformRbac/dtos/AuthorizeRequest.test.ts

@@ -1,30 +1,30 @@
-import 'reflect-metadata';
-import { plainToInstance } from 'class-transformer';
-import { validate } from 'class-validator';
-import { AuthorizeRequest } from '../../../../src/platformRbac/dtos/AuthorizeRequest';
-import { PermissionScope } from '../../../../src/platformRbac/enums/PermissionScope';
-
-describe('AuthorizeRequest', () => {
-    it('valida happy path con scope opcional', async () => {
-        const dto = plainToInstance(AuthorizeRequest, {
-            token: 'jwt.abc.def',
-            permission: 'tenant.user.create',
-            scope: PermissionScope.RETAILER,
-            scopeRef: 'VL-001',
-        });
-        const errors = await validate(dto);
-        expect(errors).toEqual([]);
-    });
-
-    it('falla si falta token', async () => {
-        const dto = plainToInstance(AuthorizeRequest, { permission: 'tenant.user.create' });
-        const errors = await validate(dto);
-        expect(errors.some(e => e.property === 'token')).toBe(true);
-    });
-
-    it('acepta sin scope/scopeRef (permiso sin scope)', async () => {
-        const dto = plainToInstance(AuthorizeRequest, { token: 'jwt', permission: 'catalog.read' });
-        const errors = await validate(dto);
-        expect(errors).toEqual([]);
-    });
-});
+import 'reflect-metadata';
+import { plainToInstance } from 'class-transformer';
+import { validate } from 'class-validator';
+import { AuthorizeRequest } from '../../../../src/platformRbac/dtos/AuthorizeRequest';
+import { PermissionScope } from '../../../../src/platformRbac/enums/PermissionScope';
+
+describe('AuthorizeRequest', () => {
+    it('valida happy path con scope opcional', async () => {
+        const dto = plainToInstance(AuthorizeRequest, {
+            token: 'jwt.abc.def',
+            permission: 'tenant.user.create',
+            scope: PermissionScope.RETAILER,
+            scopeRef: 'VL-001',
+        });
+        const errors = await validate(dto);
+        expect(errors).toEqual([]);
+    });
+
+    it('falla si falta token', async () => {
+        const dto = plainToInstance(AuthorizeRequest, { permission: 'tenant.user.create' });
+        const errors = await validate(dto);
+        expect(errors.some(e => e.property === 'token')).toBe(true);
+    });
+
+    it('acepta sin scope/scopeRef (permiso sin scope)', async () => {
+        const dto = plainToInstance(AuthorizeRequest, { token: 'jwt', permission: 'catalog.read' });
+        const errors = await validate(dto);
+        expect(errors).toEqual([]);
+    });
+});

package/_test_/unit/platformRbac/dtos/AuthorizeResponse.test.ts

@@ -1,25 +1,25 @@
-import 'reflect-metadata';
-import { plainToInstance } from 'class-transformer';
-import { validate } from 'class-validator';
-import { AuthorizeResponse } from '../../../../src/platformRbac/dtos/AuthorizeResponse';
-import { AuthorizeDenyReason } from '../../../../src/platformRbac/enums/AuthorizeDenyReason';
-
-describe('AuthorizeResponse', () => {
-    it('valida allow=true sin reason', async () => {
-        const dto = plainToInstance(AuthorizeResponse, { allow: true });
-        const errors = await validate(dto);
-        expect(errors).toEqual([]);
-    });
-
-    it('valida allow=false con reason enum', async () => {
-        const dto = plainToInstance(AuthorizeResponse, { allow: false, reason: AuthorizeDenyReason.NO_PERMISSION });
-        const errors = await validate(dto);
-        expect(errors).toEqual([]);
-    });
-
-    it('rechaza reason fuera del enum', async () => {
-        const dto = plainToInstance(AuthorizeResponse, { allow: false, reason: 'WHATEVER' });
-        const errors = await validate(dto);
-        expect(errors.some(e => e.property === 'reason')).toBe(true);
-    });
-});
+import 'reflect-metadata';
+import { plainToInstance } from 'class-transformer';
+import { validate } from 'class-validator';
+import { AuthorizeResponse } from '../../../../src/platformRbac/dtos/AuthorizeResponse';
+import { AuthorizeDenyReason } from '../../../../src/platformRbac/enums/AuthorizeDenyReason';
+
+describe('AuthorizeResponse', () => {
+    it('valida allow=true sin reason', async () => {
+        const dto = plainToInstance(AuthorizeResponse, { allow: true });
+        const errors = await validate(dto);
+        expect(errors).toEqual([]);
+    });
+
+    it('valida allow=false con reason enum', async () => {
+        const dto = plainToInstance(AuthorizeResponse, { allow: false, reason: AuthorizeDenyReason.NO_PERMISSION });
+        const errors = await validate(dto);
+        expect(errors).toEqual([]);
+    });
+
+    it('rechaza reason fuera del enum', async () => {
+        const dto = plainToInstance(AuthorizeResponse, { allow: false, reason: 'WHATEVER' });
+        const errors = await validate(dto);
+        expect(errors.some(e => e.property === 'reason')).toBe(true);
+    });
+});

package/bin/platformRbac/mfa/VerifyTotpEnrollmentRequest.d.ts

@@ -1,3 +1,9 @@
 export declare class VerifyTotpEnrollmentRequest {
     totpCode: string;
+    /**
+     * Blob opaco (JWT cifrado con KMS) que devuelve el enroll de totp-security; el cliente
+     * lo reenvía en el verify-enrollment para que totp-security recupere el secret y persista.
+     * Requerido: sin él totp-security no puede confirmar el enrollment.
+     */
+    enrollmentToken: string;
 }

package/bin/platformRbac/mfa/VerifyTotpEnrollmentRequest.js

@@ -19,3 +19,7 @@ __decorate([
     (0, class_validator_1.Length)(6, 6),
     __metadata("design:type", String)
 ], VerifyTotpEnrollmentRequest.prototype, "totpCode", void 0);
+__decorate([
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], VerifyTotpEnrollmentRequest.prototype, "enrollmentToken", void 0);

package/bin/provider/enums/Provider.d.ts

@@ -7,5 +7,6 @@ export declare enum Provider {
     ESTAFETA = "ESTAFETA",
     STP_SERVICE_PAYMENT = "STP_SERVICE_PAYMENT",
     MULTICOMM_SERVICE_PAYMENT = "MULTICOMM_SERVICE_PAYMENT",
-    MULTICENTER_SERVICE_PAYMENT = "MULTICENTER_SERVICE_PAYMENT"
+    MULTICENTER_SERVICE_PAYMENT = "MULTICENTER_SERVICE_PAYMENT",
+    UNITELLER = "UNITELLER"
 }

package/bin/provider/enums/Provider.js

@@ -12,4 +12,5 @@ var Provider;
     Provider["STP_SERVICE_PAYMENT"] = "STP_SERVICE_PAYMENT";
     Provider["MULTICOMM_SERVICE_PAYMENT"] = "MULTICOMM_SERVICE_PAYMENT";
     Provider["MULTICENTER_SERVICE_PAYMENT"] = "MULTICENTER_SERVICE_PAYMENT";
+    Provider["UNITELLER"] = "UNITELLER";
 })(Provider || (exports.Provider = Provider = {}));

package/bin/remittance/dtos/RemittancePayRequest.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Body del POST /pay del uniteller-connector (lo invoca benefits-marketplace
+ * vía api-invoker tras la orquestación del procesador). Confirma una remesa
+ * previamente previsualizada (F6).
+ *
+ * Bajo API Lite (D22-D26) NO incluye fundingMethod/fundingMethodSourceId — el
+ * wallet USD principal del usuario es la única fuente; el connector usa
+ * unirWlpWalletId de RemittanceUsers_GT.
+ *
+ * `directoryId` viaja en el body de las llamadas privadas (D18) pero se valida
+ * por separado en el controller, no en este DTO.
+ */
+export declare class RemittancePayRequest {
+    /** transactionInternalReference que devolvió SendMoneyPreview (cacheado en RemittanceCache_GT). */
+    previewRef: string;
+    /** Idempotency key generado por mobile; end-to-end (D-F6.6). */
+    idempotencyKey: string;
+    /** transactionNumber del procesador, para el lookup de consult() (F6.C.1). */
+    marketplaceTransactionNumber?: string;
+}

package/bin/remittance/dtos/RemittancePayRequest.js

@@ -0,0 +1,43 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RemittancePayRequest = void 0;
+const class_validator_1 = require("class-validator");
+/**
+ * Body del POST /pay del uniteller-connector (lo invoca benefits-marketplace
+ * vía api-invoker tras la orquestación del procesador). Confirma una remesa
+ * previamente previsualizada (F6).
+ *
+ * Bajo API Lite (D22-D26) NO incluye fundingMethod/fundingMethodSourceId — el
+ * wallet USD principal del usuario es la única fuente; el connector usa
+ * unirWlpWalletId de RemittanceUsers_GT.
+ *
+ * `directoryId` viaja en el body de las llamadas privadas (D18) pero se valida
+ * por separado en el controller, no en este DTO.
+ */
+class RemittancePayRequest {
+}
+exports.RemittancePayRequest = RemittancePayRequest;
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], RemittancePayRequest.prototype, "previewRef", void 0);
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], RemittancePayRequest.prototype, "idempotencyKey", void 0);
+__decorate([
+    (0, class_validator_1.IsOptional)(),
+    (0, class_validator_1.IsString)(),
+    __metadata("design:type", String)
+], RemittancePayRequest.prototype, "marketplaceTransactionNumber", void 0);

package/bin/remittance/dtos/RemittancePayResponse.d.ts

@@ -0,0 +1,23 @@
+import { RemittanceTxStatus } from "../enums/RemittanceTxStatus";
+/**
+ * Respuesta del POST /pay del uniteller-connector. Refleja el resultado del
+ * SendMoneyConfirm de UNIR + la row persistida en RemittanceTransactions_GT.
+ *
+ * exchangeRate y receivedAmount provienen del ExternalQuickQuotes cacheado en
+ * el preview (D-F5.6: en sandbox las responses de Confirm los devuelven en 0
+ * para Wlp Wallet).
+ */
+export declare class RemittancePayResponse {
+    /** transactionNumber de UNIR, formato "XXXXXXXSF". */
+    txNumber: string;
+    status: RemittanceTxStatus;
+    amountUSD: number;
+    receivedAmount: number;
+    receivedCurrency: string;
+    exchangeRate: number;
+    serviceFee: number;
+    /** Fecha en que la remesa queda disponible para retiro (si UNIR la provee). */
+    availableDate?: string;
+    /** ISO timestamp de creación de la row local. */
+    createdAt: string;
+}

package/bin/remittance/dtos/RemittancePayResponse.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RemittancePayResponse = void 0;
+/**
+ * Respuesta del POST /pay del uniteller-connector. Refleja el resultado del
+ * SendMoneyConfirm de UNIR + la row persistida en RemittanceTransactions_GT.
+ *
+ * exchangeRate y receivedAmount provienen del ExternalQuickQuotes cacheado en
+ * el preview (D-F5.6: en sandbox las responses de Confirm los devuelven en 0
+ * para Wlp Wallet).
+ */
+class RemittancePayResponse {
+}
+exports.RemittancePayResponse = RemittancePayResponse;

package/bin/remittance/dtos/index.d.ts

@@ -10,6 +10,8 @@ export * from "./RemittanceQuoteRequest";
 export * from "./RemittanceQuoteResponse";
 export * from "./RemittanceSendPreviewRequest";
 export * from "./RemittanceSendPreviewResponse";
+export * from "./RemittancePayRequest";
+export * from "./RemittancePayResponse";
 export * from "./RemittanceTransaction";
 export * from "./RemittanceLimitsInfo";
 export * from "./RemittanceHomeResponse";

package/bin/remittance/dtos/index.js

@@ -26,6 +26,8 @@ __exportStar(require("./RemittanceQuoteRequest"), exports);
 __exportStar(require("./RemittanceQuoteResponse"), exports);
 __exportStar(require("./RemittanceSendPreviewRequest"), exports);
 __exportStar(require("./RemittanceSendPreviewResponse"), exports);
+__exportStar(require("./RemittancePayRequest"), exports);
+__exportStar(require("./RemittancePayResponse"), exports);
 __exportStar(require("./RemittanceTransaction"), exports);
 __exportStar(require("./RemittanceLimitsInfo"), exports);
 __exportStar(require("./RemittanceHomeResponse"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fiado/type-kit",
-  "version": "3.48.0",
+  "version": "3.50.0",
   "description": "",
   "main": "bin/index.js",
   "types": "bin/index.d.ts",

package/src/cognitoBackofficeConnector/dtos/InitiateAuthRequest.ts

@@ -1,12 +1,12 @@
-import { Expose } from 'class-transformer';
-import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
-
-export class InitiateAuthRequest {
-    @Expose() @IsString() @IsNotEmpty() userPoolId!: string;
-    @Expose() @IsString() @IsNotEmpty() region!: string;
-    @Expose() @IsString() @IsNotEmpty() clientId!: string;
-    @Expose() @IsString() @IsNotEmpty() authFlow!: string;
-    @Expose() @IsString() @IsNotEmpty() username!: string;
-    // CUSTOM_AUTH initiate NO manda password (ya validado por authVerifyPassword, DEC-AUTH-013).
-    @Expose() @IsOptional() @IsString() password?: string;
-}
+import { Expose } from 'class-transformer';
+import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
+
+export class InitiateAuthRequest {
+    @Expose() @IsString() @IsNotEmpty() userPoolId!: string;
+    @Expose() @IsString() @IsNotEmpty() region!: string;
+    @Expose() @IsString() @IsNotEmpty() clientId!: string;
+    @Expose() @IsString() @IsNotEmpty() authFlow!: string;
+    @Expose() @IsString() @IsNotEmpty() username!: string;
+    // CUSTOM_AUTH initiate NO manda password (ya validado por authVerifyPassword, DEC-AUTH-013).
+    @Expose() @IsOptional() @IsString() password?: string;
+}

package/src/cognitoBackofficeConnector/dtos/IntrospectRequest.ts

@@ -1,10 +1,10 @@
-import { Expose } from 'class-transformer';
-import { IsNotEmpty, IsString } from 'class-validator';
-
-/** Input del POST /auth/introspect: token + datos del pool (el connector es stateless). */
-export class IntrospectRequest {
-    @Expose() @IsString() @IsNotEmpty() token!: string;
-    @Expose() @IsString() @IsNotEmpty() userPoolId!: string;
-    @Expose() @IsString() @IsNotEmpty() region!: string;
-    @Expose() @IsString() @IsNotEmpty() clientId!: string;
-}
+import { Expose } from 'class-transformer';
+import { IsNotEmpty, IsString } from 'class-validator';
+
+/** Input del POST /auth/introspect: token + datos del pool (el connector es stateless). */
+export class IntrospectRequest {
+    @Expose() @IsString() @IsNotEmpty() token!: string;
+    @Expose() @IsString() @IsNotEmpty() userPoolId!: string;
+    @Expose() @IsString() @IsNotEmpty() region!: string;
+    @Expose() @IsString() @IsNotEmpty() clientId!: string;
+}

package/src/cognitoBackofficeConnector/dtos/IntrospectResponse.ts

@@ -1,10 +1,10 @@
-import { Expose } from 'class-transformer';
-import { IsBoolean, IsEnum, IsOptional, IsString } from 'class-validator';
-import { IntrospectFailReason } from '../enums/IntrospectFailReason';
-
-/** Output del POST /auth/introspect: validez + identidad (sub) o reason del fallo. */
-export class IntrospectResponse {
-    @Expose() @IsBoolean() valid!: boolean;
-    @Expose() @IsOptional() @IsString() cognitoSub?: string;
-    @Expose() @IsOptional() @IsEnum(IntrospectFailReason) reason?: IntrospectFailReason;
-}
+import { Expose } from 'class-transformer';
+import { IsBoolean, IsEnum, IsOptional, IsString } from 'class-validator';
+import { IntrospectFailReason } from '../enums/IntrospectFailReason';
+
+/** Output del POST /auth/introspect: validez + identidad (sub) o reason del fallo. */
+export class IntrospectResponse {
+    @Expose() @IsBoolean() valid!: boolean;
+    @Expose() @IsOptional() @IsString() cognitoSub?: string;
+    @Expose() @IsOptional() @IsEnum(IntrospectFailReason) reason?: IntrospectFailReason;
+}

package/src/cognitoBackofficeConnector/dtos/VerifyPasswordRequest.ts

@@ -1,15 +1,15 @@
-import { Expose } from 'class-transformer';
-import { IsNotEmpty, IsString } from 'class-validator';
-
-/**
- * Request de validación de password (DEC-AUTH-012). El connector valida el
- * password contra Cognito internamente (hoy ADMIN_USER_PASSWORD_AUTH) y devuelve
- * un veredicto. El caller (rbac) NO conoce el mecanismo.
- */
-export class VerifyPasswordRequest {
-    @Expose() @IsString() @IsNotEmpty() userPoolId!: string;
-    @Expose() @IsString() @IsNotEmpty() region!: string;
-    @Expose() @IsString() @IsNotEmpty() clientId!: string;
-    @Expose() @IsString() @IsNotEmpty() username!: string;
-    @Expose() @IsString() @IsNotEmpty() password!: string;
-}
+import { Expose } from 'class-transformer';
+import { IsNotEmpty, IsString } from 'class-validator';
+
+/**
+ * Request de validación de password (DEC-AUTH-012). El connector valida el
+ * password contra Cognito internamente (hoy ADMIN_USER_PASSWORD_AUTH) y devuelve
+ * un veredicto. El caller (rbac) NO conoce el mecanismo.
+ */
+export class VerifyPasswordRequest {
+    @Expose() @IsString() @IsNotEmpty() userPoolId!: string;
+    @Expose() @IsString() @IsNotEmpty() region!: string;
+    @Expose() @IsString() @IsNotEmpty() clientId!: string;
+    @Expose() @IsString() @IsNotEmpty() username!: string;
+    @Expose() @IsString() @IsNotEmpty() password!: string;
+}

package/src/cognitoBackofficeConnector/dtos/VerifyPasswordResponse.ts

@@ -1,6 +1,6 @@
-import { Expose } from 'class-transformer';
-import { IsBoolean } from 'class-validator';
-
-export class VerifyPasswordResponse {
-    @Expose() @IsBoolean() valid!: boolean;
-}
+import { Expose } from 'class-transformer';
+import { IsBoolean } from 'class-validator';
+
+export class VerifyPasswordResponse {
+    @Expose() @IsBoolean() valid!: boolean;
+}

package/src/cognitoBackofficeConnector/enums/CognitoChallengeType.ts

@@ -1,24 +1,24 @@
-/**
- * Tipos de Cognito Challenge que el `cognito-backoffice-connector` propaga al
- * caller (típicamente el BFF M18 / platform-rbac-business).
- *
- * `CUSTOM_CHALLENGE` (DEC-AUTH-013): único challengeName que viaja a Cognito en
- * el flujo CUSTOM_AUTH. Los sub-tipos `EMAIL_OTP` / `SOFTWARE_TOKEN_MFA` los
- * decide el rbac y viajan en `challengeParameters` — Cognito no los conoce en
- * custom-auth. Cualquier OTRO challenge fuera de este set (`SMS_MFA`,
- * `SELECT_MFA_TYPE`, `DEVICE_SRP_AUTH`, etc.) se mapea a `CognitoUnexpectedError`
- * 502 (misconfig del pool).
- *
- *  - `NEW_PASSWORD_REQUIRED` — temp password, debe setear definitiva en primer login.
- *  - `MFA_SETUP` — debe enrolarse en MFA.
- *  - `SOFTWARE_TOKEN_MFA` — TOTP nativo enrolado.
- *  - `EMAIL_OTP` — Email MFA nativo.
- *  - `CUSTOM_CHALLENGE` — flujo CUSTOM_AUTH orquestado por el rbac.
- */
-export enum CognitoChallengeType {
-    NEW_PASSWORD_REQUIRED = 'NEW_PASSWORD_REQUIRED',
-    MFA_SETUP = 'MFA_SETUP',
-    SOFTWARE_TOKEN_MFA = 'SOFTWARE_TOKEN_MFA',
-    EMAIL_OTP = 'EMAIL_OTP',
-    CUSTOM_CHALLENGE = 'CUSTOM_CHALLENGE',
-}
+/**
+ * Tipos de Cognito Challenge que el `cognito-backoffice-connector` propaga al
+ * caller (típicamente el BFF M18 / platform-rbac-business).
+ *
+ * `CUSTOM_CHALLENGE` (DEC-AUTH-013): único challengeName que viaja a Cognito en
+ * el flujo CUSTOM_AUTH. Los sub-tipos `EMAIL_OTP` / `SOFTWARE_TOKEN_MFA` los
+ * decide el rbac y viajan en `challengeParameters` — Cognito no los conoce en
+ * custom-auth. Cualquier OTRO challenge fuera de este set (`SMS_MFA`,
+ * `SELECT_MFA_TYPE`, `DEVICE_SRP_AUTH`, etc.) se mapea a `CognitoUnexpectedError`
+ * 502 (misconfig del pool).
+ *
+ *  - `NEW_PASSWORD_REQUIRED` — temp password, debe setear definitiva en primer login.
+ *  - `MFA_SETUP` — debe enrolarse en MFA.
+ *  - `SOFTWARE_TOKEN_MFA` — TOTP nativo enrolado.
+ *  - `EMAIL_OTP` — Email MFA nativo.
+ *  - `CUSTOM_CHALLENGE` — flujo CUSTOM_AUTH orquestado por el rbac.
+ */
+export enum CognitoChallengeType {
+    NEW_PASSWORD_REQUIRED = 'NEW_PASSWORD_REQUIRED',
+    MFA_SETUP = 'MFA_SETUP',
+    SOFTWARE_TOKEN_MFA = 'SOFTWARE_TOKEN_MFA',
+    EMAIL_OTP = 'EMAIL_OTP',
+    CUSTOM_CHALLENGE = 'CUSTOM_CHALLENGE',
+}

package/src/cognitoBackofficeConnector/enums/IntrospectFailReason.ts

@@ -1,11 +1,11 @@
-/**
- * Razón de fallo del POST /auth/introspect del cognito-backoffice-connector.
- */
-export enum IntrospectFailReason {
-    INVALID_SIGNATURE = 'INVALID_SIGNATURE',
-    EXPIRED = 'EXPIRED',
-    CLIENT_ID_MISMATCH = 'CLIENT_ID_MISMATCH',
-    TOKEN_USE_MISMATCH = 'TOKEN_USE_MISMATCH',
-    REVOKED = 'REVOKED',
-    USER_NOT_FOUND = 'USER_NOT_FOUND',
-}
+/**
+ * Razón de fallo del POST /auth/introspect del cognito-backoffice-connector.
+ */
+export enum IntrospectFailReason {
+    INVALID_SIGNATURE = 'INVALID_SIGNATURE',
+    EXPIRED = 'EXPIRED',
+    CLIENT_ID_MISMATCH = 'CLIENT_ID_MISMATCH',
+    TOKEN_USE_MISMATCH = 'TOKEN_USE_MISMATCH',
+    REVOKED = 'REVOKED',
+    USER_NOT_FOUND = 'USER_NOT_FOUND',
+}