@flink-app/generic-auth-plugin 0.12.1-alpha.3 → 0.12.1-alpha.30

package/.flink/generatedHandlers.ts

@@ -1,4 +1,4 @@
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
 import { autoRegisteredHandlers, HttpMethod } from "@flink-app/flink";
 import * as UserCreate_0 from "../src/handlers/UserCreate";
 import * as UserLogin_0 from "../src/handlers/UserLogin";

package/.flink/generatedJobs.ts

@@ -1,4 +1,4 @@
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
 import { autoRegisteredJobs } from "@flink-app/flink";
 export const jobs = [];
 autoRegisteredJobs.push(...jobs);

package/.flink/generatedRepos.ts

@@ -1,4 +1,4 @@
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
   import { autoRegisteredRepos } from "@flink-app/flink";
   export const repos = [];
   autoRegisteredRepos.push(...repos);

package/.flink/schemas/schemas.json

@@ -13,11 +13,15 @@
         "password": {
           "type": "string"
         },
+        "personalNumber": {
+          "type": "string"
+        },
         "authentificationMethod": {
           "type": "string",
           "enum": [
             "password",
-            "sms"
+            "sms",
+            "bankid"
           ]
         },
         "profile": {
@@ -264,7 +268,8 @@
             "invalidCode",
             "passwordError"
           ]
-        }
+        },
+        "user": {}
       },
       "required": [
         "status"

package/.flink/schemas/schemas.ts

@@ -29,7 +29,7 @@ import { PutManagementUserRolesByUseridRes } from "../../src/schemas/Management/
 import { PutManagementUserUsernameByUseridReq } from "../../src/schemas/Management/PutUserUsernameByUseridReq";
 import { PutManagementUserUsernameByUseridRes } from "../../src/schemas/Management/PutUserUsernameByUseridRes";
 
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
 export interface UserCreate_7_ReqSchema extends UserCreateReq {}
 
 export interface UserCreate_7_ResSchema extends UserCreateRes {}

package/.flink/start.ts

@@ -1,5 +1,6 @@
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
 import "./generatedHandlers";
 import "./generatedRepos";
 import "./generatedJobs";
 import "../src/index";
+export default {}; // Export an empty object to make it a module

package/dist/.flink/generatedHandlers.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.handlers = void 0;
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
 var flink_1 = require("@flink-app/flink");
 exports.handlers = [];
 flink_1.autoRegisteredHandlers.push.apply(flink_1.autoRegisteredHandlers, exports.handlers);

package/dist/.flink/generatedJobs.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.jobs = void 0;
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
 var flink_1 = require("@flink-app/flink");
 exports.jobs = [];
 flink_1.autoRegisteredJobs.push.apply(flink_1.autoRegisteredJobs, exports.jobs);

package/dist/.flink/generatedRepos.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.repos = void 0;
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
 var flink_1 = require("@flink-app/flink");
 exports.repos = [];
 flink_1.autoRegisteredRepos.push.apply(flink_1.autoRegisteredRepos, exports.repos);

package/dist/.flink/schemas/schemas.json

@@ -13,11 +13,15 @@
                 "password": {
                     "type": "string"
                 },
+                "personalNumber": {
+                    "type": "string"
+                },
                 "authentificationMethod": {
                     "type": "string",
                     "enum": [
                         "password",
-                        "sms"
+                        "sms",
+                        "bankid"
                     ]
                 },
                 "profile": {
@@ -264,7 +268,8 @@
                         "invalidCode",
                         "passwordError"
                     ]
-                }
+                },
+                "user": {}
             },
             "required": [
                 "status"

package/dist/.flink/start.d.ts

@@ -2,3 +2,5 @@ import "./generatedHandlers";
 import "./generatedRepos";
 import "./generatedJobs";
 import "../src/index";
+declare const _default: {};
+export default _default;

package/dist/.flink/start.js

@@ -1,7 +1,8 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-// Generated Thu Mar 20 2025 14:30:08 GMT+0100 (Central European Standard Time)
+// Generated Mon Sep 22 2025 14:18:23 GMT+0200 (Central European Summer Time)
 require("./generatedHandlers");
 require("./generatedRepos");
 require("./generatedJobs");
 require("../src/index");
+exports.default = {}; // Export an empty object to make it a module

package/dist/src/coreFunctions.d.ts

@@ -1,4 +1,4 @@
-import { FlinkRepo } from "@flink-app/flink";
+import { FlinkRepo, FlinkRequest } from "@flink-app/flink";
 import { JwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 import { User } from "./schemas/User";
 import { UserCreateRes } from "./schemas/UserCreateRes";
@@ -11,20 +11,20 @@ import { GenericAuthsmsOptions } from "./genericAuthPluginOptions";
 export declare function getJtwTokenPlugin(secret: string, rolePermissions?: {
     [role: string]: string[];
 }, passwordPolicy?: RegExp, tokenTTL?: number): JwtAuthPlugin;
-export declare function createUser(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, username: string, password: string, authentificationMethod: "password" | "sms", roles: string[], profile: UserProfile, createPasswordHashAndSaltMethod?: {
+export declare function createUser(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, username: string, password: string, authentificationMethod: "password" | "sms" | "bankid", roles: string[], profile: UserProfile, createPasswordHashAndSaltMethod?: {
     (password: string): Promise<{
         hash: string;
         salt: string;
     } | null>;
 }, onUserCreated?: {
     (user: User): Promise<void>;
-}): Promise<UserCreateRes>;
+}, personalNumber?: string): Promise<UserCreateRes>;
 export declare function loginByToken(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, token: string, code: string, jwtSecret: string): Promise<UserLoginRes>;
 export declare function loginUser(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, username: string, password: string | undefined, validatePasswordMethod?: {
     (password: string, hash: string, salt: string): Promise<boolean>;
 }, smsOptions?: GenericAuthsmsOptions, onSuccessfulLogin?: {
-    (user: User): Promise<void>;
-}): Promise<UserLoginRes>;
+    (user: User, req?: FlinkRequest): Promise<void>;
+}, req?: FlinkRequest): Promise<UserLoginRes>;
 export declare function changePassword(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, userId: string, newPassword: string, createPasswordHashAndSaltMethod?: {
     (password: string): Promise<{
         hash: string;

package/dist/src/coreFunctions.js

@@ -40,6 +40,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.passwordResetComplete = exports.passwordResetStart = exports.changePassword = exports.loginUser = exports.loginByToken = exports.createUser = exports.getJtwTokenPlugin = void 0;
+var flink_1 = require("@flink-app/flink");
 var jwt_auth_plugin_1 = require("@flink-app/jwt-auth-plugin");
 var jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 function getJtwTokenPlugin(secret, rolePermissions, passwordPolicy, tokenTTL) {
@@ -70,7 +71,7 @@ function getJtwTokenPlugin(secret, rolePermissions, passwordPolicy, tokenTTL) {
     });
 }
 exports.getJtwTokenPlugin = getJtwTokenPlugin;
-function createUser(repo, auth, username, password, authentificationMethod, roles, profile, createPasswordHashAndSaltMethod, onUserCreated) {
+function createUser(repo, auth, username, password, authentificationMethod, roles, profile, createPasswordHashAndSaltMethod, onUserCreated, personalNumber) {
     return __awaiter(this, void 0, void 0, function () {
         var existingUser, userData, passwordAndSalt, user, token;
         return __generator(this, function (_a) {
@@ -93,6 +94,15 @@ function createUser(repo, auth, username, password, authentificationMethod, role
                         authentificationMethod: authentificationMethod,
                         pushNotificationTokens: [],
                     };
+                    if (personalNumber) {
+                        userData.personalNumber = personalNumber;
+                    }
+                    if (authentificationMethod == "bankid") {
+                        if (!personalNumber) {
+                            flink_1.log.warn("BankID login requested but no personal number found for user");
+                            return [2 /*return*/, { status: "error" }];
+                        }
+                    }
                     if (!(authentificationMethod == "password")) return [3 /*break*/, 6];
                     passwordAndSalt = null;
                     if (!(createPasswordHashAndSaltMethod != null)) return [3 /*break*/, 3];
@@ -180,7 +190,7 @@ function loginByToken(repo, auth, token, code, jwtSecret) {
     });
 }
 exports.loginByToken = loginByToken;
-function loginUser(repo, auth, username, password, validatePasswordMethod, smsOptions, onSuccessfulLogin) {
+function loginUser(repo, auth, username, password, validatePasswordMethod, smsOptions, onSuccessfulLogin, req) {
     return __awaiter(this, void 0, void 0, function () {
         var user, valid, ex_1, code, payload, secret, options, token, token;
         return __generator(this, function (_a) {
@@ -239,12 +249,20 @@ function loginUser(repo, auth, username, password, validatePasswordMethod, smsOp
                                 validationToken: token,
                             }];
                     }
+                    if (user.authentificationMethod == "bankid") {
+                        if (!user.personalNumber) {
+                            flink_1.log.warn("BankID login requested but no personal number found for user");
+                            return [2 /*return*/, { status: "failed" }];
+                        }
+                        flink_1.log.warn("BankID login required to be handled in other way, i.e. using flink bankid plugin");
+                        return [2 /*return*/, { status: "failed" }];
+                    }
                     if (!valid) return [3 /*break*/, 13];
                     return [4 /*yield*/, auth.createToken({ username: username.toLowerCase(), _id: user._id }, user.roles)];
                 case 10:
                     token = _a.sent();
                     if (!onSuccessfulLogin) return [3 /*break*/, 12];
-                    return [4 /*yield*/, onSuccessfulLogin(user)];
+                    return [4 /*yield*/, onSuccessfulLogin(user, req)];
                 case 11:
                     _a.sent();
                     _a.label = 12;
@@ -414,7 +432,7 @@ function passwordResetComplete(repo_1, auth_1, jwtSecret_1, passwordResetToken_1
                         })];
                 case 6:
                     _a.sent();
-                    return [2 /*return*/, { status: "success" }];
+                    return [2 /*return*/, { status: "success", user: user }];
             }
         });
     });

package/dist/src/genericAuthContext.d.ts

@@ -1,4 +1,4 @@
-import { FlinkRepo } from "@flink-app/flink";
+import { FlinkRepo, FlinkRequest } from "@flink-app/flink";
 import { JwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 import { User } from "./schemas/User";
 import { UserCreateRes } from "./schemas/UserCreateRes";
@@ -13,14 +13,14 @@ export interface genericAuthContext {
     genericAuthPlugin: {
         loginUser(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, username: string, password?: string, validatePasswordMethod?: {
             (password: string, hash: string, salt: string): Promise<boolean>;
-        }, smsOptions?: GenericAuthsmsOptions, onSuccessfulLogin?: (user: User) => Promise<void>): Promise<UserLoginRes>;
+        }, smsOptions?: GenericAuthsmsOptions, onSuccessfulLogin?: (user: User, req?: FlinkRequest) => Promise<void>, req?: FlinkRequest): Promise<UserLoginRes>;
         loginByToken(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, token: string, code: string, jwtSecret: string): Promise<UserLoginRes>;
-        createUser(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, username: string, password: string, authentificationMethod: "password" | "sms", roles: string[], profile: UserProfile, createPasswordHashAndSaltMethod?: {
+        createUser(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, username: string, password: string, authentificationMethod: "password" | "sms" | "bankid", roles: string[], profile: UserProfile, createPasswordHashAndSaltMethod?: {
             (password: string): Promise<{
                 hash: string;
                 salt: string;
             } | null>;
-        }, onUserCreated?: (user: User) => Promise<void>): Promise<UserCreateRes>;
+        }, onUserCreated?: (user: User) => Promise<void>, personalNumber?: string): Promise<UserCreateRes>;
         changePassword(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, userId: string, newPassword: string, createPasswordHashAndSaltMethod?: {
             (password: string): Promise<{
                 hash: string;
@@ -48,7 +48,7 @@ export interface genericAuthContext {
         usernameFormat: RegExp;
         smsOptions?: GenericAuthsmsOptions;
         onSuccessfulLogin?: {
-            (user: User): Promise<void>;
+            (user: User, req?: FlinkRequest): Promise<void>;
         };
         onUserCreated?: {
             (user: User): Promise<void>;

package/dist/src/genericAuthPluginOptions.d.ts

@@ -1,3 +1,4 @@
+import { FlinkRequest } from "@flink-app/flink";
 import { User } from "./schemas/User";
 import { UserPasswordResetSettings } from "./schemas/UserPasswordResetSettings";
 import { client as smsClient } from "@flink-app/sms-plugin";
@@ -26,7 +27,7 @@ export interface GenericAuthPluginOptions {
     usernameFormat?: RegExp;
     sms?: GenericAuthsmsOptions;
     onSuccessfulLogin?: {
-        (user: User): Promise<void>;
+        (user: User, req?: FlinkRequest): Promise<void>;
     };
     onUserCreated?: {
         (user: User): Promise<void>;

package/dist/src/handlers/UserCreate.js

@@ -39,12 +39,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.__schemas = exports.__params = exports.__query = exports.__file = exports.__assumedHttpMethod = void 0;
 var flink_1 = require("@flink-app/flink");
 var userCreateHandler = function (_a) { return __awaiter(void 0, [_a], void 0, function (_b) {
-    var _c, password, username, authentificationMethod, profile, roles, pluginName, repo, re, createUserResponse;
+    var _c, password, username, authentificationMethod, profile, personalNumber, roles, pluginName, repo, re, createUserResponse;
     var ctx = _b.ctx, req = _b.req, origin = _b.origin;
     return __generator(this, function (_d) {
         switch (_d.label) {
             case 0:
-                _c = req.body, password = _c.password, username = _c.username, authentificationMethod = _c.authentificationMethod, profile = _c.profile;
+                _c = req.body, password = _c.password, username = _c.username, authentificationMethod = _c.authentificationMethod, profile = _c.profile, personalNumber = _c.personalNumber;
                 if (authentificationMethod == null) {
                     authentificationMethod = "password";
                 }
@@ -63,7 +63,7 @@ var userCreateHandler = function (_a) { return __awaiter(void 0, [_a], void 0, f
                 if (!re.test(username)) {
                     return [2 /*return*/, (0, flink_1.badRequest)("Username does not meet requirements", "usernameError")];
                 }
-                return [4 /*yield*/, ctx.plugins.genericAuthPlugin.createUser(repo, ctx.auth, username.toLocaleLowerCase(), password, authentificationMethod, roles, profile, ctx.plugins[pluginName].createPasswordHashAndSaltMethod, ctx.plugins[pluginName].onUserCreated)];
+                return [4 /*yield*/, ctx.plugins.genericAuthPlugin.createUser(repo, ctx.auth, username.toLocaleLowerCase(), password, authentificationMethod, roles, profile, ctx.plugins[pluginName].createPasswordHashAndSaltMethod, ctx.plugins[pluginName].onUserCreated, personalNumber)];
             case 1:
                 createUserResponse = _d.sent();
                 if (createUserResponse.status != "success") {
@@ -85,4 +85,4 @@ var userCreateHandler = function (_a) { return __awaiter(void 0, [_a], void 0, f
 }); };
 exports.default = userCreateHandler;
 exports.__assumedHttpMethod = "", exports.__file = "UserCreate.ts", exports.__query = [], exports.__params = [];
-exports.__schemas = { reqSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "username": { "type": "string" }, "password": { "type": "string" }, "authentificationMethod": { "type": "string", "enum": ["password", "sms"] }, "profile": { "type": "object" } }, "required": ["username"], "definitions": {} }, resSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "status": { "type": "string", "enum": ["success", "error", "userExists", "passwordError"] }, "user": { "type": "object", "properties": { "_id": { "type": "string" }, "username": { "type": "string" }, "token": { "type": "string" } }, "required": ["_id", "username", "token"], "additionalProperties": false } }, "required": ["status"], "definitions": {} } };
+exports.__schemas = { reqSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "username": { "type": "string" }, "password": { "type": "string" }, "personalNumber": { "type": "string" }, "authentificationMethod": { "type": "string", "enum": ["password", "sms", "bankid"] }, "profile": { "type": "object" } }, "required": ["username"], "definitions": {} }, resSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "status": { "type": "string", "enum": ["success", "error", "userExists", "passwordError"] }, "user": { "type": "object", "properties": { "_id": { "type": "string" }, "username": { "type": "string" }, "token": { "type": "string" } }, "required": ["_id", "username", "token"], "additionalProperties": false } }, "required": ["status"], "definitions": {} } };

package/dist/src/handlers/UserLogin.js

@@ -39,29 +39,61 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.__schemas = exports.__params = exports.__query = exports.__file = exports.__assumedHttpMethod = void 0;
 var flink_1 = require("@flink-app/flink");
 var userLoginHandler = function (_a) { return __awaiter(void 0, [_a], void 0, function (_b) {
-    var pluginName, repo, loginRespons;
+    var pluginName, repo, loginResponse, error_1;
     var ctx = _b.ctx, req = _b.req, origin = _b.origin;
     return __generator(this, function (_c) {
         switch (_c.label) {
             case 0:
                 pluginName = origin || "genericAuthPlugin";
                 repo = ctx.repos[ctx.plugins[pluginName].repoName];
-                return [4 /*yield*/, ctx.plugins.genericAuthPlugin.loginUser(repo, ctx.auth, req.body.username, req.body.password, ctx.plugins.genericAuthPlugin.validatePasswordMethod, ctx.plugins[pluginName].smsOptions, ctx.plugins[pluginName].onSuccessfulLogin)];
+                loginResponse = undefined;
+                _c.label = 1;
             case 1:
-                loginRespons = _c.sent();
-                if (loginRespons.status != "success") {
-                    switch (loginRespons.status) {
+                _c.trys.push([1, 3, , 4]);
+                return [4 /*yield*/, ctx.plugins.genericAuthPlugin.loginUser(repo, ctx.auth, req.body.username, req.body.password, ctx.plugins.genericAuthPlugin.validatePasswordMethod, ctx.plugins[pluginName].smsOptions, ctx.plugins[pluginName].onSuccessfulLogin, req)];
+            case 2:
+                loginResponse = _c.sent();
+                return [3 /*break*/, 4];
+            case 3:
+                error_1 = _c.sent();
+                // Convert any thrown error that conforms to flink error structure to a proper response
+                // Note that any auth failures would not have been thrown, but returned as part of loginResponse
+                // but with this it is possible to throw errors from callbacks like onSuccessfulLogin
+                if (isFlinkError(error_1)) {
+                    flink_1.log.debug("Caught FlinkError in userLoginHandler:", error_1);
+                    return [2 /*return*/, {
+                            status: error_1.status,
+                            error: {
+                                id: error_1.error.id,
+                                title: error_1.error.title,
+                                code: error_1.error.code,
+                                detail: error_1.error.detail,
+                            },
+                        }];
+                }
+                // For other errors, return a generic 500 response
+                flink_1.log.error("Error in userLoginHandler:", error_1);
+                return [2 /*return*/, (0, flink_1.internalServerError)()];
+            case 4:
+                if ((loginResponse === null || loginResponse === void 0 ? void 0 : loginResponse.status) != "success") {
+                    switch (loginResponse === null || loginResponse === void 0 ? void 0 : loginResponse.status) {
                         case "failed":
-                            return [2 /*return*/, (0, flink_1.unauthorized)("Invalid username or password", loginRespons.status)];
+                            return [2 /*return*/, (0, flink_1.unauthorized)("Invalid username or password", loginResponse.status)];
                     }
                 }
                 return [2 /*return*/, {
-                        data: loginRespons,
+                        data: loginResponse,
                         status: 200,
                     }];
         }
     });
 }); };
 exports.default = userLoginHandler;
+function isFlinkError(res) {
+    if (res && res.status && typeof res.status === "number" && res.error && res.error.id) {
+        return true;
+    }
+    return false;
+}
 exports.__assumedHttpMethod = "", exports.__file = "UserLogin.ts", exports.__query = [], exports.__params = [];
 exports.__schemas = { reqSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "username": { "type": "string" }, "password": { "type": "string" } }, "required": ["username"], "definitions": {} }, resSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "status": { "type": "string", "enum": ["success", "failed", "requiresValidation"] }, "user": { "type": "object", "properties": { "_id": { "type": "string" }, "username": { "type": "string" }, "token": { "type": "string" }, "profile": { "type": "object" } }, "required": ["_id", "username", "token", "profile"], "additionalProperties": false }, "validationToken": { "type": "string" } }, "required": ["status"], "definitions": {} } };

package/dist/src/handlers/UserPasswordResetComplete.js

@@ -67,4 +67,4 @@ var postPasswordResetCompleteHandler = function (_a) { return __awaiter(void 0,
 }); };
 exports.default = postPasswordResetCompleteHandler;
 exports.__assumedHttpMethod = "", exports.__file = "UserPasswordResetComplete.ts", exports.__query = [], exports.__params = [];
-exports.__schemas = { reqSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "passwordResetToken": { "type": "string" }, "code": { "type": "string" }, "password": { "type": "string" } }, "required": ["code", "password", "passwordResetToken"], "definitions": {} }, resSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "status": { "type": "string", "enum": ["success", "userNotFound", "invalidCode", "passwordError"] } }, "required": ["status"], "definitions": {} } };
+exports.__schemas = { reqSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "passwordResetToken": { "type": "string" }, "code": { "type": "string" }, "password": { "type": "string" } }, "required": ["code", "password", "passwordResetToken"], "definitions": {} }, resSchema: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "additionalProperties": false, "properties": { "status": { "type": "string", "enum": ["success", "userNotFound", "invalidCode", "passwordError"] }, "user": {} }, "required": ["status"], "definitions": {} } };

package/dist/src/handlers/UserPushRegisterToken.js

@@ -87,7 +87,7 @@ var postUserPushRegisterTokenHandler = function (_a) { return __awaiter(void 0,
                 if (!deregisterOtherDevices) return [3 /*break*/, 9];
                 return [4 /*yield*/, repo.findAll({
                         $or: [{ "pushNotificationTokens.deviceId": req.body.deviceId }, { "pushNotificationTokens.token": req.body.token }],
-                        _id: { $ne: user._id },
+                        _id: { $ne: repo.buildId(user._id) },
                     })];
             case 3:
                 otherRegistrations = _d.sent();

package/dist/src/schemas/User.d.ts

@@ -3,11 +3,12 @@ import { UserProfile } from "./UserProfile";
 export interface User {
     _id: string;
     username: string;
+    personalNumber?: string;
     password?: string;
     salt?: string;
     pwdResetStartedAt?: string | null;
     roles: string[];
-    authentificationMethod: "password" | "sms";
+    authentificationMethod: "password" | "sms" | "bankid";
     profile: UserProfile;
     pushNotificationTokens: Array<PushNotificationToken>;
 }

package/dist/src/schemas/UserCreateReq.d.ts

@@ -2,6 +2,7 @@ import { UserProfile } from "./UserProfile";
 export interface UserCreateReq {
     username: string;
     password?: string;
-    authentificationMethod?: "password" | "sms";
+    personalNumber?: string;
+    authentificationMethod?: "password" | "sms" | "bankid";
     profile?: UserProfile;
 }

package/dist/src/schemas/UserPasswordResetCompleteRes.d.ts

@@ -1,3 +1,7 @@
 export interface UserPasswordResetCompleteRes {
     status: "success" | "userNotFound" | "invalidCode" | "passwordError";
+    /**
+     * The user object is returned only if the status is "success".
+     */
+    user?: any;
 }

package/package.json

@@ -1,11 +1,11 @@
 {
     "name": "@flink-app/generic-auth-plugin",
-    "version": "0.12.1-alpha.3",
+    "version": "0.12.1-alpha.30",
     "description": "Flink plugin that provides a generic user authentification solution.",
     "scripts": {
         "test": "echo \"Error: no test specified\"",
         "build": "flink build",
-        "prepublish": "npm run build",
+        "prepare": "npm run build",
         "watch": "nodemon --exec \"flink build\""
     },
     "author": "johan@frost.se",
@@ -16,19 +16,19 @@
     "types": "dist/src/index.d.ts",
     "main": "dist/src/index.js",
     "dependencies": {
-        "@flink-app/email-plugin": "^0.12.1-alpha.3",
-        "@flink-app/jwt-auth-plugin": "^0.12.1-alpha.3",
-        "@flink-app/management-api-plugin": "^0.12.1-alpha.3",
-        "@flink-app/sms-plugin": "^0.12.1-alpha.3",
+        "@flink-app/email-plugin": "^0.12.1-alpha.23",
+        "@flink-app/jwt-auth-plugin": "^0.12.1-alpha.23",
+        "@flink-app/management-api-plugin": "^0.12.1-alpha.23",
+        "@flink-app/sms-plugin": "^0.12.1-alpha.23",
         "handlebars": "^4.7.7",
         "jsonwebtoken": "^8.5.1"
     },
     "devDependencies": {
-        "@flink-app/flink": "^0.12.1-alpha.3",
+        "@flink-app/flink": "^0.12.1-alpha.23",
         "@types/jsonwebtoken": "^8.5.2",
         "@types/node": "22.13.10",
         "ts-node": "^9.1.1",
         "typescript": "5.4.5"
     },
-    "gitHead": "51b6524e233acb2430953ffaed6382909f34db8e"
+    "gitHead": "29be118cfa4f008e3b8e0b22d08374880222124e"
 }

package/src/coreFunctions.ts

@@ -1,4 +1,4 @@
-import { FlinkRepo, FlinkAuthUser, log } from "@flink-app/flink";
+import { FlinkRepo, FlinkAuthUser, log, FlinkRequest } from "@flink-app/flink";
 import { JwtAuthPlugin, jwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 
 import { User } from "./schemas/User";
@@ -45,7 +45,7 @@ export async function createUser(
     auth: JwtAuthPlugin,
     username: string,
     password: string,
-    authentificationMethod: "password" | "sms",
+    authentificationMethod: "password" | "sms" | "bankid",
     roles: string[],
     profile: UserProfile,
     createPasswordHashAndSaltMethod?: {
@@ -53,7 +53,8 @@ export async function createUser(
     },
     onUserCreated?: {
         (user: User): Promise<void>;
-    }
+    },
+    personalNumber?: string
 ): Promise<UserCreateRes> {
     if (!roles.includes("user")) roles.push("user");
 
@@ -71,6 +72,17 @@ export async function createUser(
         pushNotificationTokens: [],
     };
 
+    if (personalNumber) {
+        userData.personalNumber = personalNumber;
+    }
+
+    if (authentificationMethod == "bankid") {
+        if (!personalNumber) {
+            log.warn("BankID login requested but no personal number found for user");
+            return { status: "error" };
+        }
+    }
+
     if (authentificationMethod == "password") {
         let passwordAndSalt = null;
         if (createPasswordHashAndSaltMethod != null) {
@@ -152,8 +164,9 @@ export async function loginUser(
     },
     smsOptions?: GenericAuthsmsOptions,
     onSuccessfulLogin?: {
-        (user: User): Promise<void>;
-    }
+        (user: User, req?: FlinkRequest): Promise<void>;
+    },
+    req?: FlinkRequest
 ): Promise<UserLoginRes> {
     const user = await repo.getOne({ username: username.toLowerCase() });
     if (user == null) {
@@ -205,12 +218,21 @@ export async function loginUser(
             validationToken: token,
         };
     }
+    if (user.authentificationMethod == "bankid") {
+        if (!user.personalNumber) {
+            log.warn("BankID login requested but no personal number found for user");
+            return { status: "failed" };
+        }
+
+        log.warn("BankID login required to be handled in other way, i.e. using flink bankid plugin");
+        return { status: "failed" };
+    }
 
     if (valid) {
         const token = await auth.createToken({ username: username.toLowerCase(), _id: user._id }, user.roles);
 
         if (onSuccessfulLogin) {
-            await onSuccessfulLogin(user);
+            await onSuccessfulLogin(user, req);
         }
 
         return {
@@ -382,7 +404,7 @@ export async function passwordResetComplete(
         pwdResetStartedAt: null,
     });
 
-    return { status: "success" };
+    return { status: "success", user };
 }
 
 function generate(n: number): string {

package/src/genericAuthContext.ts

@@ -1,4 +1,4 @@
-import { FlinkRepo } from "@flink-app/flink";
+import { FlinkRepo, FlinkRequest } from "@flink-app/flink";
 import { JwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 import { User } from "./schemas/User";
 import { UserCreateRes } from "./schemas/UserCreateRes";
@@ -19,7 +19,8 @@ export interface genericAuthContext {
             password?: string,
             validatePasswordMethod?: { (password: string, hash: string, salt: string): Promise<boolean> },
             smsOptions?: GenericAuthsmsOptions,
-            onSuccessfulLogin?: (user: User) => Promise<void>
+            onSuccessfulLogin?: (user: User, req?: FlinkRequest) => Promise<void>,
+            req?: FlinkRequest
         ): Promise<UserLoginRes>;
         loginByToken(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, token: string, code: string, jwtSecret: string): Promise<UserLoginRes>;
         createUser(
@@ -27,13 +28,14 @@ export interface genericAuthContext {
             auth: JwtAuthPlugin,
             username: string,
             password: string,
-            authentificationMethod: "password" | "sms",
+            authentificationMethod: "password" | "sms" | "bankid",
             roles: string[],
             profile: UserProfile,
             createPasswordHashAndSaltMethod?: {
                 (password: string): Promise<{ hash: string; salt: string } | null>;
             },
-            onUserCreated?: (user: User) => Promise<void>
+            onUserCreated?: (user: User) => Promise<void>,
+            personalNumber?: string
         ): Promise<UserCreateRes>;
         changePassword(
             repo: FlinkRepo<any, User>,
@@ -67,7 +69,7 @@ export interface genericAuthContext {
         validatePasswordMethod?: { (password: string, hash: string, salt: string): Promise<boolean> };
         usernameFormat: RegExp;
         smsOptions?: GenericAuthsmsOptions;
-        onSuccessfulLogin?: { (user: User): Promise<void> };
+        onSuccessfulLogin?: { (user: User, req?: FlinkRequest): Promise<void> };
         onUserCreated?: { (user: User): Promise<void> };
     };
 }

package/src/genericAuthPluginOptions.ts

@@ -1,3 +1,4 @@
+import { FlinkRequest } from "@flink-app/flink";
 import { User } from "./schemas/User";
 import { UserPasswordResetSettings } from "./schemas/UserPasswordResetSettings";
 import { client as smsClient } from "@flink-app/sms-plugin";
@@ -23,7 +24,7 @@ export interface GenericAuthPluginOptions {
     usernameFormat?: RegExp;
     sms?: GenericAuthsmsOptions;
     onSuccessfulLogin?: {
-        (user: User): Promise<void>;
+        (user: User, req?: FlinkRequest): Promise<void>;
     };
     onUserCreated?: {
         (user: User): Promise<void>;

package/src/handlers/UserCreate.ts

@@ -5,7 +5,7 @@ import { UserCreateReq } from "../schemas/UserCreateReq";
 import { UserCreateRes } from "../schemas/UserCreateRes";
 
 const userCreateHandler: Handler<FlinkContext<genericAuthContext>, UserCreateReq, UserCreateRes> = async ({ ctx, req, origin }) => {
-    let { password, username, authentificationMethod, profile } = req.body;
+    let { password, username, authentificationMethod, profile, personalNumber } = req.body;
     if (authentificationMethod == null) {
         authentificationMethod = "password";
     }
@@ -36,7 +36,8 @@ const userCreateHandler: Handler<FlinkContext<genericAuthContext>, UserCreateReq
         roles,
         profile,
         (<any>ctx.plugins)[pluginName].createPasswordHashAndSaltMethod,
-        (<any>ctx.plugins)[pluginName].onUserCreated
+        (<any>ctx.plugins)[pluginName].onUserCreated,
+        personalNumber
     );
     if (createUserResponse.status != "success") {
         switch (createUserResponse.status) {

package/src/handlers/UserLogin.ts

@@ -1,41 +1,66 @@
-import { FlinkContext, Handler, unauthorized } from "@flink-app/flink";
+import { FlinkContext, FlinkResponse, Handler, internalServerError, log, unauthorized } from "@flink-app/flink";
+import { JwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 import { genericAuthContext } from "../genericAuthContext";
 import { UserLoginReq } from "../schemas/UserLoginReq";
 import { UserLoginRes } from "../schemas/UserLoginRes";
-import { JwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 
-const userLoginHandler: Handler<
-  FlinkContext<genericAuthContext>,
-  UserLoginReq,
-  UserLoginRes
-> = async ({ ctx, req, origin }) => {
-  let pluginName = origin || "genericAuthPlugin";
-  let repo = ctx.repos[(<any>ctx.plugins)[pluginName].repoName];
-  
-  const loginRespons = await ctx.plugins.genericAuthPlugin.loginUser(
-    repo,
-    <JwtAuthPlugin>ctx.auth,
-    req.body.username,
-    req.body.password,
-    ctx.plugins.genericAuthPlugin.validatePasswordMethod,
-    (<any>ctx.plugins)[pluginName].smsOptions,
-    (<any>ctx.plugins)[pluginName].onSuccessfulLogin
-  );
-
-  if (loginRespons.status != "success") {
-    switch (loginRespons.status) {
-      case "failed":
-        return unauthorized(
-          "Invalid username or password",
-          loginRespons.status
+const userLoginHandler: Handler<FlinkContext<genericAuthContext>, UserLoginReq, UserLoginRes> = async ({ ctx, req, origin }) => {
+    let pluginName = origin || "genericAuthPlugin";
+    let repo = ctx.repos[(<any>ctx.plugins)[pluginName].repoName];
+
+    let loginResponse: UserLoginRes | undefined = undefined;
+
+    try {
+        loginResponse = await ctx.plugins.genericAuthPlugin.loginUser(
+            repo,
+            <JwtAuthPlugin>ctx.auth,
+            req.body.username,
+            req.body.password,
+            ctx.plugins.genericAuthPlugin.validatePasswordMethod,
+            (<any>ctx.plugins)[pluginName].smsOptions,
+            (<any>ctx.plugins)[pluginName].onSuccessfulLogin,
+            req
         );
+    } catch (error: any) {
+        // Convert any thrown error that conforms to flink error structure to a proper response
+        // Note that any auth failures would not have been thrown, but returned as part of loginResponse
+        // but with this it is possible to throw errors from callbacks like onSuccessfulLogin
+        if (isFlinkError(error)) {
+            log.debug("Caught FlinkError in userLoginHandler:", error);
+            return {
+                status: error.status,
+                error: {
+                    id: error.error.id,
+                    title: error.error.title,
+                    code: error.error.code,
+                    detail: error.error.detail,
+                },
+            } as FlinkResponse;
+        }
+
+        // For other errors, return a generic 500 response
+        log.error("Error in userLoginHandler:", error);
+        return internalServerError();
     }
-  }
 
-  return {
-    data: loginRespons,
-    status: 200,
-  };
+    if (loginResponse?.status != "success") {
+        switch (loginResponse?.status) {
+            case "failed":
+                return unauthorized("Invalid username or password", loginResponse.status);
+        }
+    }
+
+    return {
+        data: loginResponse,
+        status: 200,
+    };
 };
 
 export default userLoginHandler;
+
+function isFlinkError(res: any) {
+    if (res && res.status && typeof res.status === "number" && res.error && res.error.id) {
+        return true;
+    }
+    return false;
+}

package/src/handlers/UserPushRegisterToken.ts

@@ -43,7 +43,7 @@ const postUserPushRegisterTokenHandler: Handler<FlinkContext<genericAuthContext>
     if (deregisterOtherDevices) {
         const otherRegistrations = <User[]>await repo.findAll({
             $or: [{ "pushNotificationTokens.deviceId": req.body.deviceId }, { "pushNotificationTokens.token": req.body.token }],
-            _id: { $ne: user._id },
+            _id: { $ne: repo.buildId(user._id) },
         });
 
         log.debug(`Found ${otherRegistrations.length} other registrations for device ${req.body.deviceId} or token ${req.body.token}`);

package/src/schemas/User.ts

@@ -4,6 +4,7 @@ import { UserProfile } from "./UserProfile";
 export interface User {
     _id: string;
     username: string;
+    personalNumber?: string;
 
     password?: string;
     salt?: string;
@@ -11,7 +12,7 @@ export interface User {
     pwdResetStartedAt?: string | null;
     roles: string[];
 
-    authentificationMethod: "password" | "sms";
+    authentificationMethod: "password" | "sms" | "bankid";
     profile: UserProfile;
     pushNotificationTokens: Array<PushNotificationToken>;
 }

package/src/schemas/UserCreateReq.ts

@@ -1,8 +1,9 @@
 import { UserProfile } from "./UserProfile";
 
-export interface UserCreateReq{
+export interface UserCreateReq {
     username: string;
     password?: string;
-    authentificationMethod? : "password" | "sms"
-    profile? : UserProfile
-}
+    personalNumber?: string;
+    authentificationMethod?: "password" | "sms" | "bankid";
+    profile?: UserProfile;
+}

package/src/schemas/UserPasswordResetCompleteRes.ts

@@ -1,3 +1,8 @@
-export interface UserPasswordResetCompleteRes{
-    status : "success" | "userNotFound" | "invalidCode" | "passwordError";
-}
+export interface UserPasswordResetCompleteRes {
+    status: "success" | "userNotFound" | "invalidCode" | "passwordError";
+
+    /**
+     * The user object is returned only if the status is "success".
+     */
+    user?: any;
+}

package/CLAUDE.md

@@ -1,32 +0,0 @@
-# CLAUDE.md - Guidelines for Generic Auth Plugin
-
-## Build Commands
-- Build: `npm run build` (runs `flink build`)
-- Watch mode: `npm run watch` (uses nodemon to watch files and trigger builds)
-- Publish: `npm run prepublish` (runs build before publishing)
-
-## Code Style
-
-### TypeScript
-- Target: ES5, CommonJS modules, strict typing enabled
-- Keep type definitions in separate schema files in the `/schemas` directory
-- Use explicit return types on all functions (eg: `Promise<UserLoginRes>`)
-- Always handle optionality with `?` and `undefined`/`null` checks
-
-### Naming Conventions
-- camelCase for variables, functions, and methods
-- PascalCase for interfaces and types
-- Request types use `Req` suffix (UserLoginReq)
-- Response types use `Res` suffix (UserLoginRes)
-- Handler files match their function name (UserLogin.ts)
-
-### Error Handling
-- Use structured error responses with status fields and messages
-- Return typed response objects rather than throwing exceptions
-- Use try/catch blocks for operations that might fail (JWT verification)
-
-### Code Structure
-- Group imports: framework first, then local, then third-party
-- Separate authentication methods and utility functions
-- Use standard 4-space indentation with semicolons
-- Maintain consistent function parameter ordering