npm - @jmlq/auth - Versions diffs - 0.0.1-alpha.3 → 0.0.1-alpha.30 - Mend

@jmlq/auth 0.0.1-alpha.3 → 0.0.1-alpha.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (155) hide show

package/dist/application/dtos/index.d.ts CHANGED Viewed

@@ -1,3 +1,3 @@
 export * from "./request";
 export * from "./response";
-export * from "./type";
+export * from "./types";

package/dist/application/dtos/index.js CHANGED Viewed

@@ -16,4 +16,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./request"), exports);
 __exportStar(require("./response"), exports);
-__exportStar(require("./type"), exports);
+__exportStar(require("./types"), exports);

package/dist/application/dtos/request/change-password.request.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Cambiar password desde formulario
+ */
+export interface ChangePasswordRequest {
+    userId: string;
+    sessionId: string;
+    currentPassword: string;
+    newPassword: string;
+    confirmNewPassword: string;
+    /**
+     * Si es true, revoca todas las sesiones del usuario.
+     * Si es false, revoca solo la sesión actual (sessionId).
+     */
+    logoutAllDevices: boolean;
+}

package/dist/application/dtos/request/index.d.ts CHANGED Viewed

@@ -2,3 +2,8 @@ export * from "./login.request";
 export * from "./logout.request";
 export * from "./refresh-token.request";
 export * from "./register-user.request";
+export * from "./request-password-reset.request";
+export * from "./reset-password.request";
+export * from "./change-password.request";
+export * from "./verify-email.request";
+export * from "./me.request";

package/dist/application/dtos/request/index.js CHANGED Viewed

@@ -18,3 +18,8 @@ __exportStar(require("./login.request"), exports);
 __exportStar(require("./logout.request"), exports);
 __exportStar(require("./refresh-token.request"), exports);
 __exportStar(require("./register-user.request"), exports);
+__exportStar(require("./request-password-reset.request"), exports);
+__exportStar(require("./reset-password.request"), exports);
+__exportStar(require("./change-password.request"), exports);
+__exportStar(require("./verify-email.request"), exports);
+__exportStar(require("./me.request"), exports);

package/dist/application/dtos/request/logout.request.d.ts CHANGED Viewed

@@ -1,3 +1,4 @@
 export interface LogoutRequest {
-    refreshToken: string;
+    refreshToken?: string;
+    sessionId?: string;
 }

package/dist/application/dtos/request/me.request.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export interface MeRequest {
+    userId: string;
+}

package/dist/application/dtos/request/me.request.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/request/register-user.request.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { UserRole } from "../type";
+import { UserRole } from "../types";
 export interface RegisterUserRequest {
     email: string;
     password: string;

package/dist/application/dtos/request/request-password-reset.request.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Solicitar un cambio de password por medio del email (inicio)
+ */
+export interface RequestPasswordResetRequest {
+    email: string;
+}

package/dist/application/dtos/request/request-password-reset.request.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/request/reset-password.request.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Actualizar password usando un token una vez que se envía link a email
+ */
+export interface ResetPasswordRequest {
+    resetToken: string;
+    newPassword: string;
+    confirmNewPassword: string;
+    /**
+     * Política de sesiones post-reset:
+     * - true: logout global (recomendado)
+     * - false: mantener sesiones (si lo permites)
+     */
+    logoutAllDevices?: boolean;
+}

package/dist/application/dtos/request/reset-password.request.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/request/verify-email.request.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export interface VerifyEmailRequest {
+    token: string;
+}

package/dist/application/dtos/request/verify-email.request.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/response/change-password.response.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Respuesta cambio de password desde formulario
+ */
+export interface ChangePasswordResponse {
+    success: true;
+    message: string;
+}

package/dist/application/dtos/response/change-password.response.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/response/index.d.ts CHANGED Viewed

@@ -2,3 +2,8 @@ export * from "./login.response";
 export * from "./logout.response";
 export * from "./refresh-token.response";
 export * from "./register-user.response";
+export * from "./reset-password.response";
+export * from "./request-password-reset.response";
+export * from "./change-password.response";
+export * from "./verify-email.response";
+export * from "./me.response";

package/dist/application/dtos/response/index.js CHANGED Viewed

@@ -18,3 +18,8 @@ __exportStar(require("./login.response"), exports);
 __exportStar(require("./logout.response"), exports);
 __exportStar(require("./refresh-token.response"), exports);
 __exportStar(require("./register-user.response"), exports);
+__exportStar(require("./reset-password.response"), exports);
+__exportStar(require("./request-password-reset.response"), exports);
+__exportStar(require("./change-password.response"), exports);
+__exportStar(require("./verify-email.response"), exports);
+__exportStar(require("./me.response"), exports);

package/dist/application/dtos/response/login.response.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 export interface LoginResponse {
+    sessionId: string;
     accessToken: string;
-    refreshToken: string;
+    refreshToken?: string;
 }

package/dist/application/dtos/response/me.response.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+export interface MeResponse {
+    id: string;
+    email: string;
+    isActive: boolean;
+    isEmailVerified: boolean;
+    roles: {
+        role: string;
+    }[];
+    createdAt: string;
+    updatedAt: string;
+}

package/dist/application/dtos/response/me.response.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/response/refresh-token.response.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 export interface RefreshTokenResponse {
+    sessionId: string;
     accessToken: string;
     refreshToken: string;
 }

package/dist/application/dtos/response/register-user.response.d.ts CHANGED Viewed

@@ -4,4 +4,13 @@ export interface RegisterUserResponse {
         role: string;
     }[];
     isActive: boolean;
+    /**
+     * Delivery interno para el host (API) para enviar email.
+     * NO recomendado devolver al cliente.
+     */
+    delivery?: {
+        email: string;
+        token: string;
+        expiresAt: string;
+    };
 }

package/dist/application/dtos/response/request-password-reset.response.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * Respuesta del caso de uso.
+ * - `message` debe ser genérico para evitar enumeración de usuarios.
+ * - `delivery` es opcional y SOLO debe usarse internamente por el API para enviar email.
+ *   No se recomienda devolver `delivery` al cliente final.
+ */
+export interface RequestPasswordResetResponse {
+    success: true;
+    message: string;
+    delivery?: {
+        email: string;
+        resetToken: string;
+        expiresAt: string;
+    };
+}

package/dist/application/dtos/response/request-password-reset.response.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/response/reset-password.response.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Respuesta actualizar password por link cuando se solicita por email
+ */
+export interface ResetPasswordResponse {
+    success: true;
+    message: string;
+}

package/dist/application/dtos/response/reset-password.response.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/response/verify-email.response.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export interface VerifyEmailResponse {
+    success: true;
+    message: string;
+}

package/dist/application/dtos/response/verify-email.response.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/dtos/types/user-role.type.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ Object.defineProperty(exports, "__esModule", { value: true });

package/dist/application/facades/auth.facade.d.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import type { IAuthServiceContainer } from "../../infrastructure";
+import type { ChangePasswordRequest, LoginRequest, LogoutRequest, MeRequest, RefreshTokenRequest, RegisterUserRequest, RequestPasswordResetRequest, ResetPasswordRequest, VerifyEmailRequest } from "../dtos/request";
+import type { ChangePasswordResponse, LoginResponse, LogoutResponse, MeResponse, RefreshTokenResponse, RegisterUserResponse, RequestPasswordResetResponse, ResetPasswordResponse, VerifyEmailResponse } from "../dtos/response";
+/**
+ * Facade delgada para integrar @jmlq/auth en hosts (APIs externas).
+ *
+ * Propósito:
+ * - Ofrecer una API ergonómica y estable.
+ * - Delegar 100% la lógica de negocio a los use-cases del container.
+ *
+ * No hace:
+ * - Validaciones de negocio.
+ * - Conocimiento de Express, TypeORM, jose, etc.
+ *
+ * Nota de tipado:
+ * - Cada use-case.execute(...) retorna Promise<T>.
+ * - Por eso aquí exponemos Promise<T> (NO Promise<Promise<T>>).
+ * - Para evitar fragilidad y ruido, tipamos con DTOs públicos (request/response),
+ *   no con "index access types" sobre el container.
+ */
+export declare class AuthFacade {
+    private readonly container;
+    constructor(container: IAuthServiceContainer);
+    registerUser(request: RegisterUserRequest): Promise<RegisterUserResponse>;
+    loginWithPassword(request: LoginRequest): Promise<LoginResponse>;
+    refreshToken(request: RefreshTokenRequest): Promise<RefreshTokenResponse>;
+    logout(request: LogoutRequest): Promise<LogoutResponse>;
+    changePassword(request: ChangePasswordRequest): Promise<ChangePasswordResponse>;
+    requestPasswordReset(request: RequestPasswordResetRequest): Promise<RequestPasswordResetResponse>;
+    resetPassword(request: ResetPasswordRequest): Promise<ResetPasswordResponse>;
+    verifyEmail(request: VerifyEmailRequest): Promise<VerifyEmailResponse>;
+    me(request: MeRequest): Promise<MeResponse>;
+}

package/dist/application/facades/auth.facade.js ADDED Viewed

@@ -0,0 +1,60 @@
+"use strict";
+//src/application/facades/auth.facade.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthFacade = void 0;
+/**
+ * Facade delgada para integrar @jmlq/auth en hosts (APIs externas).
+ *
+ * Propósito:
+ * - Ofrecer una API ergonómica y estable.
+ * - Delegar 100% la lógica de negocio a los use-cases del container.
+ *
+ * No hace:
+ * - Validaciones de negocio.
+ * - Conocimiento de Express, TypeORM, jose, etc.
+ *
+ * Nota de tipado:
+ * - Cada use-case.execute(...) retorna Promise<T>.
+ * - Por eso aquí exponemos Promise<T> (NO Promise<Promise<T>>).
+ * - Para evitar fragilidad y ruido, tipamos con DTOs públicos (request/response),
+ *   no con "index access types" sobre el container.
+ */
+class AuthFacade {
+    constructor(container) {
+        this.container = container;
+    }
+    // -------------------------
+    // Identity / Auth flows
+    // -------------------------
+    registerUser(request) {
+        return this.container.registerUserUseCase.execute(request);
+    }
+    loginWithPassword(request) {
+        return this.container.loginWithPasswordUseCase.execute(request);
+    }
+    refreshToken(request) {
+        return this.container.refreshTokenUseCase.execute(request);
+    }
+    logout(request) {
+        return this.container.logoutUseCase.execute(request);
+    }
+    changePassword(request) {
+        return this.container.changePasswordUseCase.execute(request);
+    }
+    // -------------------------
+    // Password reset flows
+    // -------------------------
+    requestPasswordReset(request) {
+        return this.container.requestPasswordResetUseCase.execute(request);
+    }
+    resetPassword(request) {
+        return this.container.resetPasswordUseCase.execute(request);
+    }
+    verifyEmail(request) {
+        return this.container.verifyEmailUseCase.execute(request);
+    }
+    me(request) {
+        return this.container.meUseCase.execute(request);
+    }
+}
+exports.AuthFacade = AuthFacade;

package/dist/application/facades/create-auth-facade.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { AuthFacade } from "./auth.facade";
+import type { IUserRepositoryPort, ICredentialRepositoryPort, ITokenServicePort, IPasswordResetTokenPort, IEmailVerificationTokenPort } from "../../domain";
+import type { AuthServiceFactoryOptions } from "../types";
+/**
+ * Helper de integración para hosts (APIs externas).
+ *
+ * Crea el container oficial del core (@jmlq/auth) y lo envuelve con una facade
+ * ergonómica (`AuthFacade`) para evitar boilerplate repetido.
+ *
+ * SRP:
+ * - Este helper SOLO hace composición (wiring).
+ * - No contiene reglas de negocio.
+ */
+export type CreateAuthFacadeDeps = Readonly<{
+    userRepository: IUserRepositoryPort;
+    credentialRepository: ICredentialRepositoryPort;
+    tokenService: ITokenServicePort;
+    passwordResetToken: IPasswordResetTokenPort;
+    emailVerificationToken: IEmailVerificationTokenPort;
+    options?: AuthServiceFactoryOptions;
+}>;
+export declare function createAuthFacade(deps: CreateAuthFacadeDeps): AuthFacade;

package/dist/application/facades/create-auth-facade.js ADDED Viewed

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthFacade = createAuthFacade;
+const auth_facade_1 = require("./auth.facade");
+const factories_1 = require("../factories");
+function createAuthFacade(deps) {
+    const container = factories_1.AuthServiceFactory.create(deps.userRepository, deps.credentialRepository, deps.tokenService, deps.passwordResetToken, deps.emailVerificationToken, deps.options);
+    return new auth_facade_1.AuthFacade(container);
+}

package/dist/application/facades/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export * from "./auth.facade";
2	+ export * from "./create-auth-facade";

package/dist/application/facades/index.js ADDED Viewed

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth.facade"), exports);
+__exportStar(require("./create-auth-facade"), exports);

package/dist/application/factories/auth-service.factory.d.ts CHANGED Viewed

@@ -1,11 +1,11 @@
-import { ICredentialRepositoryPort, ITokenServicePort, IUserRepositoryPort } from "../../domain";
-import { IAuthServiceContainer } from "../../infrastructure/types";
-import { AuthServiceFactoryOptions } from "../types";
+import { ICredentialRepositoryPort, ITokenServicePort, IUserRepositoryPort, IPasswordResetTokenPort, IEmailVerificationTokenPort } from "../../domain";
+import type { IAuthServiceContainer } from "../../infrastructure/types";
+import type { AuthServiceFactoryOptions } from "../types";
 /**
  * Factory principal:
  * - construye servicios e inyecta dependencias
  * - encapsula configuración para que NO se repita en cada API externa
  */
 export declare class AuthServiceFactory {
-    static create(userRepository: IUserRepositoryPort, credentialRepository: ICredentialRepositoryPort, tokenService: ITokenServicePort, options?: AuthServiceFactoryOptions): IAuthServiceContainer;
+    static create(userRepository: IUserRepositoryPort, credentialRepository: ICredentialRepositoryPort, tokenService: ITokenServicePort, passwordResetToken: IPasswordResetTokenPort, emailVerificationToken: IEmailVerificationTokenPort, options?: AuthServiceFactoryOptions): IAuthServiceContainer;
 }

package/dist/application/factories/auth-service.factory.js CHANGED Viewed

@@ -1,7 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthServiceFactory = void 0;
-// src/application/factories/auth-service.factory.ts
 const services_1 = require("../../domain/services");
 const use_cases_1 = require("../use-cases");
 const security_1 = require("../../infrastructure/security");
@@ -12,17 +11,23 @@ const services_2 = require("../../infrastructure/services");
  * - encapsula configuración para que NO se repita en cada API externa
  */
 class AuthServiceFactory {
-    static create(userRepository, credentialRepository, tokenService, options) {
+    static create(userRepository, credentialRepository, tokenService, passwordResetToken, emailVerificationToken, options) {
         // 1) Policy + hasher
-        const passwordPolicy = new services_1.DefaultPasswordPolicy();
+        const passwordPolicy = options?.passwordPolicy ?? new services_1.DefaultPasswordPolicy();
         const passwordHasher = new security_1.BcryptPasswordHasher(options?.bcryptSaltRounds);
         // 2) Session service (rotación/revocación)
         const tokenSession = new services_2.TokenSessionService(tokenService, userRepository, credentialRepository, options?.accessTokenTtl ?? "15m", options?.refreshTokenTtl ?? "7d");
         // 3) Use cases
-        const registerUserUseCase = new use_cases_1.RegisterUserUseCase(userRepository, passwordHasher, passwordPolicy);
+        const registerUserUseCase = new use_cases_1.RegisterUserUseCase(userRepository, passwordHasher, passwordPolicy, emailVerificationToken, { verifyTokenTtl: options?.emailVerificationTokenTtl });
+        const verifyEmailUseCase = new use_cases_1.VerifyEmailUseCase(userRepository, emailVerificationToken);
         const loginWithPasswordUseCase = new use_cases_1.LoginWithPasswordUseCase(userRepository, passwordHasher, tokenSession);
+        const meUseCase = new use_cases_1.MeUseCase(userRepository);
         const refreshTokenUseCase = new use_cases_1.RefreshTokenUseCase(tokenSession);
         const logoutUseCase = new use_cases_1.LogoutUseCase(tokenSession);
+        // 4) Use cases nuevos (password flows)
+        const requestPasswordResetUseCase = new use_cases_1.RequestPasswordResetUseCase(userRepository, passwordResetToken, { resetTokenTtl: options?.passwordResetTokenTtl });
+        const resetPasswordUseCase = new use_cases_1.ResetPasswordUseCase(userRepository, credentialRepository, passwordHasher, passwordPolicy, passwordResetToken);
+        const changePasswordUseCase = new use_cases_1.ChangePasswordUseCase(userRepository, credentialRepository, passwordHasher, passwordPolicy);
         return {
             userRepository,
             credentialRepository,
@@ -30,10 +35,17 @@ class AuthServiceFactory {
             tokenService,
             passwordPolicy,
             tokenSession,
+            passwordResetToken,
             registerUserUseCase,
             loginWithPasswordUseCase,
             refreshTokenUseCase,
             logoutUseCase,
+            requestPasswordResetUseCase,
+            resetPasswordUseCase,
+            changePasswordUseCase,
+            verifyEmailUseCase,
+            emailVerificationToken,
+            meUseCase,
         };
     }
 }

package/dist/application/factories/index.js CHANGED Viewed

@@ -14,4 +14,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+//src/application/factories/index.ts
 __exportStar(require("./auth-service.factory"), exports);

package/dist/application/types/auth-service-factory-options.type.d.ts CHANGED Viewed

@@ -1,5 +1,49 @@
+import type { IPasswordPolicyPort } from "../../domain/ports";
+/**
+ * Permite ajustar parámetros operativos de Auth sin conocer ni tocar la construcción interna del core.
+ * Es decir: configura “políticas” y “valores por defecto” que la factory usará al armar el container.
+ */
 export interface AuthServiceFactoryOptions {
+    /**
+     * Controla el costo computacional del hashing con bcrypt
+     * - Qué hace: define cuántas rondas (work factor) usa bcrypt al generar hashes.
+     * - Impacto:
+     *   - Mayor valor ⇒ más seguro contra ataques de fuerza bruta, pero más CPU/latencia en register/login/change/reset password.
+     *   - Menor valor ⇒ más rápido, pero menos robusto.
+     */
     bcryptSaltRounds?: number;
+    /**
+     * Permite reemplazar la política de password por defecto del core.
+     * - Si no se envía, el core usa DefaultPasswordPolicy.
+     * - Si se envía, se utiliza esta policy (host-defined).
+     */
+    passwordPolicy?: IPasswordPolicyPort;
+    /**
+     * Define el tiempo de vida por defecto de los access tokens.
+     * - Qué hace: determina el exp (expiración) con el que se generan access tokens (si tu tokenSession/token service usa este default).
+     * - Formato: string “humana” (ej. "15m", "1h"), que el core normaliza.
+     * - Impacto:
+     *   - Más corto ⇒ más seguridad, más refresh frecuente.
+     *   - Más largo ⇒ mejor UX, más riesgo si el token se filtra.
+     */
     accessTokenTtl?: string;
+    /**
+     * Define el tiempo de vida por defecto de los refresh tokens.
+     * - Qué hace: determina la expiración del refresh token (el que permite rotar/renovar access tokens).
+     * - Formato: "7d", "30d", etc.
+     * - Impacto:
+     *   - Más corto ⇒ limita ventana de secuestro de sesión, pero obliga re-login más seguido.
+     *   - Más largo ⇒ sesiones persistentes, más riesgo si el refresh token se compromete.
+     */
     refreshTokenTtl?: string;
+    /**
+     * Define el tiempo de vida del token de recuperación de contraseña (RememberPassword).
+     * - Qué hace: controla cuánto dura el token que se entrega en el email de “reset password”.
+     * - Formato: "15m", "30m", "1h", etc
+     * - Impacto:
+     *  - Más corto ⇒ más seguro (menos ventana), pero el usuario puede no alcanzar a usarlo.
+     *  - Más largo ⇒ mejor conveniencia, pero incrementa exposición.
+     */
+    passwordResetTokenTtl?: string;
+    emailVerificationTokenTtl?: string;
 }

package/dist/application/use-cases/change-password.use-case.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+import type { ICredentialRepositoryPort, IPasswordHasherPort, IPasswordPolicyPort, IUserRepositoryPort } from "../../domain/ports";
+import { ChangePasswordRequest, ChangePasswordResponse } from "../dtos";
+/**
+ * Cambia contraseña con validación de password actual.
+ *
+ * - Valida confirmación
+ * - Valida policy
+ * - Verifica password actual
+ * - Cambia hash
+ * - Revoca sesiones:
+ *   - logoutAllDevices=true => revoca todas
+ *   - false => revoca solo la sesión actual (sessionId)
+ */
+export declare class ChangePasswordUseCase {
+    private readonly userRepository;
+    private readonly credentialRepository;
+    private readonly passwordHasher;
+    private readonly passwordPolicy;
+    constructor(userRepository: IUserRepositoryPort, credentialRepository: ICredentialRepositoryPort, passwordHasher: IPasswordHasherPort, passwordPolicy: IPasswordPolicyPort);
+    execute(request: ChangePasswordRequest): Promise<ChangePasswordResponse>;
+}

package/dist/application/use-cases/change-password.use-case.js ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ChangePasswordUseCase = void 0;
+const object_values_1 = require("../../domain/object-values");
+const errors_1 = require("../../domain/errors");
+const internal_1 = require("./internal");
+/**
+ * Cambia contraseña con validación de password actual.
+ *
+ * - Valida confirmación
+ * - Valida policy
+ * - Verifica password actual
+ * - Cambia hash
+ * - Revoca sesiones:
+ *   - logoutAllDevices=true => revoca todas
+ *   - false => revoca solo la sesión actual (sessionId)
+ */
+class ChangePasswordUseCase {
+    constructor(userRepository, credentialRepository, passwordHasher, passwordPolicy) {
+        this.userRepository = userRepository;
+        this.credentialRepository = credentialRepository;
+        this.passwordHasher = passwordHasher;
+        this.passwordPolicy = passwordPolicy;
+    }
+    async execute(request) {
+        (0, internal_1.assertPasswordsMatch)(request.newPassword, request.confirmNewPassword);
+        (0, internal_1.assertPasswordPolicy)(this.passwordPolicy, request.newPassword);
+        const user = await this.userRepository.findById(new object_values_1.Id(request.userId));
+        if (!user)
+            throw new errors_1.UserNotFoundError("User not found");
+        const currentHash = user.password.serialize();
+        const ok = await this.passwordHasher.compare(request.currentPassword, currentHash);
+        if (!ok) {
+            throw new errors_1.PasswordMismatchError("Current password is invalid");
+        }
+        const newHash = await this.passwordHasher.hash(request.newPassword);
+        user.changePassword(new object_values_1.HashedPassword(newHash));
+        await this.userRepository.update(user);
+        const userId = user.id;
+        if (request.logoutAllDevices) {
+            await this.credentialRepository.deleteByUserId(userId);
+        }
+        else {
+            await this.credentialRepository.deleteBySessionId(new object_values_1.Id(request.sessionId));
+        }
+        return { success: true, message: "Password changed successfully" };
+    }
+}
+exports.ChangePasswordUseCase = ChangePasswordUseCase;

package/dist/application/use-cases/index.d.ts CHANGED Viewed

@@ -2,3 +2,8 @@ export * from "./login-with-password.use-case";
 export * from "./logout.use-case";
 export * from "./refresh-token.use-case";
 export * from "./register-user.use-case";
+export * from "./change-password.use-case";
+export * from "./request-password-reset.use-case";
+export * from "./reset-password.use-case";
+export * from "./verify-email.use-case";
+export * from "./me.use-case";

package/dist/application/use-cases/index.js CHANGED Viewed

@@ -18,3 +18,8 @@ __exportStar(require("./login-with-password.use-case"), exports);
 __exportStar(require("./logout.use-case"), exports);
 __exportStar(require("./refresh-token.use-case"), exports);
 __exportStar(require("./register-user.use-case"), exports);
+__exportStar(require("./change-password.use-case"), exports);
+__exportStar(require("./request-password-reset.use-case"), exports);
+__exportStar(require("./reset-password.use-case"), exports);
+__exportStar(require("./verify-email.use-case"), exports);
+__exportStar(require("./me.use-case"), exports);

package/dist/application/use-cases/internal/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export * from "./password-assertions";

package/dist/application/use-cases/internal/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./password-assertions"), exports);