@flink-app/generic-auth-plugin 0.12.1-alpha.3 → 0.12.1-alpha.33

package/src/coreFunctions.ts

@@ -1,4 +1,4 @@
-import { FlinkRepo, FlinkAuthUser, log } from "@flink-app/flink";
+import { FlinkRepo, FlinkAuthUser, log, FlinkRequest } from "@flink-app/flink";
 import { JwtAuthPlugin, jwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 
 import { User } from "./schemas/User";
@@ -45,7 +45,7 @@ export async function createUser(
     auth: JwtAuthPlugin,
     username: string,
     password: string,
-    authentificationMethod: "password" | "sms",
+    authentificationMethod: "password" | "sms" | "bankid",
     roles: string[],
     profile: UserProfile,
     createPasswordHashAndSaltMethod?: {
@@ -53,7 +53,8 @@ export async function createUser(
     },
     onUserCreated?: {
         (user: User): Promise<void>;
-    }
+    },
+    personalNumber?: string
 ): Promise<UserCreateRes> {
     if (!roles.includes("user")) roles.push("user");
 
@@ -71,6 +72,17 @@ export async function createUser(
         pushNotificationTokens: [],
     };
 
+    if (personalNumber) {
+        userData.personalNumber = personalNumber;
+    }
+
+    if (authentificationMethod == "bankid") {
+        if (!personalNumber) {
+            log.warn("BankID login requested but no personal number found for user");
+            return { status: "error" };
+        }
+    }
+
     if (authentificationMethod == "password") {
         let passwordAndSalt = null;
         if (createPasswordHashAndSaltMethod != null) {
@@ -152,8 +164,9 @@ export async function loginUser(
     },
     smsOptions?: GenericAuthsmsOptions,
     onSuccessfulLogin?: {
-        (user: User): Promise<void>;
-    }
+        (user: User, req?: FlinkRequest): Promise<void>;
+    },
+    req?: FlinkRequest
 ): Promise<UserLoginRes> {
     const user = await repo.getOne({ username: username.toLowerCase() });
     if (user == null) {
@@ -205,12 +218,21 @@ export async function loginUser(
             validationToken: token,
         };
     }
+    if (user.authentificationMethod == "bankid") {
+        if (!user.personalNumber) {
+            log.warn("BankID login requested but no personal number found for user");
+            return { status: "failed" };
+        }
+
+        log.warn("BankID login required to be handled in other way, i.e. using flink bankid plugin");
+        return { status: "failed" };
+    }
 
     if (valid) {
         const token = await auth.createToken({ username: username.toLowerCase(), _id: user._id }, user.roles);
 
         if (onSuccessfulLogin) {
-            await onSuccessfulLogin(user);
+            await onSuccessfulLogin(user, req);
         }
 
         return {
@@ -382,7 +404,7 @@ export async function passwordResetComplete(
         pwdResetStartedAt: null,
     });
 
-    return { status: "success" };
+    return { status: "success", user };
 }
 
 function generate(n: number): string {

package/src/genericAuthContext.ts

@@ -1,4 +1,4 @@
-import { FlinkRepo } from "@flink-app/flink";
+import { FlinkRepo, FlinkRequest } from "@flink-app/flink";
 import { JwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 import { User } from "./schemas/User";
 import { UserCreateRes } from "./schemas/UserCreateRes";
@@ -19,7 +19,8 @@ export interface genericAuthContext {
             password?: string,
             validatePasswordMethod?: { (password: string, hash: string, salt: string): Promise<boolean> },
             smsOptions?: GenericAuthsmsOptions,
-            onSuccessfulLogin?: (user: User) => Promise<void>
+            onSuccessfulLogin?: (user: User, req?: FlinkRequest) => Promise<void>,
+            req?: FlinkRequest
         ): Promise<UserLoginRes>;
         loginByToken(repo: FlinkRepo<any, User>, auth: JwtAuthPlugin, token: string, code: string, jwtSecret: string): Promise<UserLoginRes>;
         createUser(
@@ -27,13 +28,14 @@ export interface genericAuthContext {
             auth: JwtAuthPlugin,
             username: string,
             password: string,
-            authentificationMethod: "password" | "sms",
+            authentificationMethod: "password" | "sms" | "bankid",
             roles: string[],
             profile: UserProfile,
             createPasswordHashAndSaltMethod?: {
                 (password: string): Promise<{ hash: string; salt: string } | null>;
             },
-            onUserCreated?: (user: User) => Promise<void>
+            onUserCreated?: (user: User) => Promise<void>,
+            personalNumber?: string
         ): Promise<UserCreateRes>;
         changePassword(
             repo: FlinkRepo<any, User>,
@@ -67,7 +69,7 @@ export interface genericAuthContext {
         validatePasswordMethod?: { (password: string, hash: string, salt: string): Promise<boolean> };
         usernameFormat: RegExp;
         smsOptions?: GenericAuthsmsOptions;
-        onSuccessfulLogin?: { (user: User): Promise<void> };
+        onSuccessfulLogin?: { (user: User, req?: FlinkRequest): Promise<void> };
         onUserCreated?: { (user: User): Promise<void> };
     };
 }

package/src/genericAuthPluginOptions.ts

@@ -1,3 +1,4 @@
+import { FlinkRequest } from "@flink-app/flink";
 import { User } from "./schemas/User";
 import { UserPasswordResetSettings } from "./schemas/UserPasswordResetSettings";
 import { client as smsClient } from "@flink-app/sms-plugin";
@@ -23,7 +24,7 @@ export interface GenericAuthPluginOptions {
     usernameFormat?: RegExp;
     sms?: GenericAuthsmsOptions;
     onSuccessfulLogin?: {
-        (user: User): Promise<void>;
+        (user: User, req?: FlinkRequest): Promise<void>;
     };
     onUserCreated?: {
         (user: User): Promise<void>;

package/src/handlers/UserCreate.ts

@@ -5,7 +5,7 @@ import { UserCreateReq } from "../schemas/UserCreateReq";
 import { UserCreateRes } from "../schemas/UserCreateRes";
 
 const userCreateHandler: Handler<FlinkContext<genericAuthContext>, UserCreateReq, UserCreateRes> = async ({ ctx, req, origin }) => {
-    let { password, username, authentificationMethod, profile } = req.body;
+    let { password, username, authentificationMethod, profile, personalNumber } = req.body;
     if (authentificationMethod == null) {
         authentificationMethod = "password";
     }
@@ -36,7 +36,8 @@ const userCreateHandler: Handler<FlinkContext<genericAuthContext>, UserCreateReq
         roles,
         profile,
         (<any>ctx.plugins)[pluginName].createPasswordHashAndSaltMethod,
-        (<any>ctx.plugins)[pluginName].onUserCreated
+        (<any>ctx.plugins)[pluginName].onUserCreated,
+        personalNumber
     );
     if (createUserResponse.status != "success") {
         switch (createUserResponse.status) {

package/src/handlers/UserLogin.ts

@@ -1,41 +1,66 @@
-import { FlinkContext, Handler, unauthorized } from "@flink-app/flink";
+import { FlinkContext, FlinkResponse, Handler, internalServerError, log, unauthorized } from "@flink-app/flink";
+import { JwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 import { genericAuthContext } from "../genericAuthContext";
 import { UserLoginReq } from "../schemas/UserLoginReq";
 import { UserLoginRes } from "../schemas/UserLoginRes";
-import { JwtAuthPlugin } from "@flink-app/jwt-auth-plugin";
 
-const userLoginHandler: Handler<
-  FlinkContext<genericAuthContext>,
-  UserLoginReq,
-  UserLoginRes
-> = async ({ ctx, req, origin }) => {
-  let pluginName = origin || "genericAuthPlugin";
-  let repo = ctx.repos[(<any>ctx.plugins)[pluginName].repoName];
-  
-  const loginRespons = await ctx.plugins.genericAuthPlugin.loginUser(
-    repo,
-    <JwtAuthPlugin>ctx.auth,
-    req.body.username,
-    req.body.password,
-    ctx.plugins.genericAuthPlugin.validatePasswordMethod,
-    (<any>ctx.plugins)[pluginName].smsOptions,
-    (<any>ctx.plugins)[pluginName].onSuccessfulLogin
-  );
-
-  if (loginRespons.status != "success") {
-    switch (loginRespons.status) {
-      case "failed":
-        return unauthorized(
-          "Invalid username or password",
-          loginRespons.status
+const userLoginHandler: Handler<FlinkContext<genericAuthContext>, UserLoginReq, UserLoginRes> = async ({ ctx, req, origin }) => {
+    let pluginName = origin || "genericAuthPlugin";
+    let repo = ctx.repos[(<any>ctx.plugins)[pluginName].repoName];
+
+    let loginResponse: UserLoginRes | undefined = undefined;
+
+    try {
+        loginResponse = await ctx.plugins.genericAuthPlugin.loginUser(
+            repo,
+            <JwtAuthPlugin>ctx.auth,
+            req.body.username,
+            req.body.password,
+            ctx.plugins.genericAuthPlugin.validatePasswordMethod,
+            (<any>ctx.plugins)[pluginName].smsOptions,
+            (<any>ctx.plugins)[pluginName].onSuccessfulLogin,
+            req
         );
+    } catch (error: any) {
+        // Convert any thrown error that conforms to flink error structure to a proper response
+        // Note that any auth failures would not have been thrown, but returned as part of loginResponse
+        // but with this it is possible to throw errors from callbacks like onSuccessfulLogin
+        if (isFlinkError(error)) {
+            log.debug("Caught FlinkError in userLoginHandler:", error);
+            return {
+                status: error.status,
+                error: {
+                    id: error.error.id,
+                    title: error.error.title,
+                    code: error.error.code,
+                    detail: error.error.detail,
+                },
+            } as FlinkResponse;
+        }
+
+        // For other errors, return a generic 500 response
+        log.error("Error in userLoginHandler:", error);
+        return internalServerError();
     }
-  }
 
-  return {
-    data: loginRespons,
-    status: 200,
-  };
+    if (loginResponse?.status != "success") {
+        switch (loginResponse?.status) {
+            case "failed":
+                return unauthorized("Invalid username or password", loginResponse.status);
+        }
+    }
+
+    return {
+        data: loginResponse,
+        status: 200,
+    };
 };
 
 export default userLoginHandler;
+
+function isFlinkError(res: any) {
+    if (res && res.status && typeof res.status === "number" && res.error && res.error.id) {
+        return true;
+    }
+    return false;
+}

package/src/handlers/UserPushRegisterToken.ts

@@ -43,7 +43,7 @@ const postUserPushRegisterTokenHandler: Handler<FlinkContext<genericAuthContext>
     if (deregisterOtherDevices) {
         const otherRegistrations = <User[]>await repo.findAll({
             $or: [{ "pushNotificationTokens.deviceId": req.body.deviceId }, { "pushNotificationTokens.token": req.body.token }],
-            _id: { $ne: user._id },
+            _id: { $ne: repo.buildId(user._id) },
         });
 
         log.debug(`Found ${otherRegistrations.length} other registrations for device ${req.body.deviceId} or token ${req.body.token}`);

package/src/schemas/User.ts

@@ -4,6 +4,7 @@ import { UserProfile } from "./UserProfile";
 export interface User {
     _id: string;
     username: string;
+    personalNumber?: string;
 
     password?: string;
     salt?: string;
@@ -11,7 +12,7 @@ export interface User {
     pwdResetStartedAt?: string | null;
     roles: string[];
 
-    authentificationMethod: "password" | "sms";
+    authentificationMethod: "password" | "sms" | "bankid";
     profile: UserProfile;
     pushNotificationTokens: Array<PushNotificationToken>;
 }

package/src/schemas/UserCreateReq.ts

@@ -1,8 +1,9 @@
 import { UserProfile } from "./UserProfile";
 
-export interface UserCreateReq{
+export interface UserCreateReq {
     username: string;
     password?: string;
-    authentificationMethod? : "password" | "sms"
-    profile? : UserProfile
-}
+    personalNumber?: string;
+    authentificationMethod?: "password" | "sms" | "bankid";
+    profile?: UserProfile;
+}

package/src/schemas/UserPasswordResetCompleteRes.ts

@@ -1,3 +1,8 @@
-export interface UserPasswordResetCompleteRes{
-    status : "success" | "userNotFound" | "invalidCode" | "passwordError";
-}
+export interface UserPasswordResetCompleteRes {
+    status: "success" | "userNotFound" | "invalidCode" | "passwordError";
+
+    /**
+     * The user object is returned only if the status is "success".
+     */
+    user?: any;
+}

package/CLAUDE.md

@@ -1,32 +0,0 @@
-# CLAUDE.md - Guidelines for Generic Auth Plugin
-
-## Build Commands
-- Build: `npm run build` (runs `flink build`)
-- Watch mode: `npm run watch` (uses nodemon to watch files and trigger builds)
-- Publish: `npm run prepublish` (runs build before publishing)
-
-## Code Style
-
-### TypeScript
-- Target: ES5, CommonJS modules, strict typing enabled
-- Keep type definitions in separate schema files in the `/schemas` directory
-- Use explicit return types on all functions (eg: `Promise<UserLoginRes>`)
-- Always handle optionality with `?` and `undefined`/`null` checks
-
-### Naming Conventions
-- camelCase for variables, functions, and methods
-- PascalCase for interfaces and types
-- Request types use `Req` suffix (UserLoginReq)
-- Response types use `Res` suffix (UserLoginRes)
-- Handler files match their function name (UserLogin.ts)
-
-### Error Handling
-- Use structured error responses with status fields and messages
-- Return typed response objects rather than throwing exceptions
-- Use try/catch blocks for operations that might fail (JWT verification)
-
-### Code Structure
-- Group imports: framework first, then local, then third-party
-- Separate authentication methods and utility functions
-- Use standard 4-space indentation with semicolons
-- Maintain consistent function parameter ordering