@jskit-ai/auth-core 0.1.9 → 0.1.10

package/package.descriptor.mjs

@@ -1,7 +1,7 @@
 export default Object.freeze({
   "packageVersion": 1,
   "packageId": "@jskit-ai/auth-core",
-  "version": "0.1.9",
+  "version": "0.1.10",
   "dependsOn": [
     "@jskit-ai/value-app-config-shared"
   ],
@@ -68,7 +68,7 @@ export default Object.freeze({
   "mutations": {
     "dependencies": {
       "runtime": {
-        "@jskit-ai/kernel": "0.1.9",
+        "@jskit-ai/kernel": "0.1.10",
         "@fastify/cookie": "^11.0.2",
         "@fastify/csrf-protection": "^7.1.0",
         "@fastify/rate-limit": "^10.3.0"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jskit-ai/auth-core",
-  "version": "0.1.9",
+  "version": "0.1.10",
   "type": "module",
   "scripts": {
     "test": "node --test"
@@ -29,7 +29,9 @@
     "./shared/oauthCallbackParams": "./src/shared/oauthCallbackParams.js",
     "./shared/inputNormalization": "./src/shared/inputNormalization.js",
     "./shared/inviteTokens": "./src/shared/inviteTokens.js",
+    "./shared/commands": "./src/shared/commands/index.js",
     "./shared/commands/authRegisterCommand": "./src/shared/commands/authRegisterCommand.js",
+    "./shared/commands/authRegisterConfirmationResendCommand": "./src/shared/commands/authRegisterConfirmationResendCommand.js",
     "./shared/commands/authLoginPasswordCommand": "./src/shared/commands/authLoginPasswordCommand.js",
     "./shared/commands/authLoginOtpRequestCommand": "./src/shared/commands/authLoginOtpRequestCommand.js",
     "./shared/commands/authLoginOtpVerifyCommand": "./src/shared/commands/authLoginOtpVerifyCommand.js",
@@ -42,7 +44,7 @@
     "./shared/commands/authSessionReadCommand": "./src/shared/commands/authSessionReadCommand.js"
   },
   "dependencies": {
-    "@jskit-ai/kernel": "0.1.9",
+    "@jskit-ai/kernel": "0.1.10",
     "@fastify/cookie": "^11.0.2",
     "@fastify/csrf-protection": "^7.1.0",
     "@fastify/rate-limit": "^10.3.0",

package/src/server/lib/actionContextContributor.js

@@ -1,16 +1,12 @@
 import { normalizeText } from "@jskit-ai/kernel/shared/support/normalize";
-
-function normalizePermissions(value) {
-  const source = Array.isArray(value) ? value : [];
-  return source.map((entry) => normalizeText(entry)).filter(Boolean);
-}
+import { normalizePermissionList } from "@jskit-ai/kernel/shared/support/permissions";
 
 function createAuthActionContextContributor() {
   return Object.freeze({
     contributorId: "auth.policy.request-context",
     contribute({ request } = {}) {
       const contribution = {};
-      const permissions = normalizePermissions(request?.permissions);
+      const permissions = normalizePermissionList(request?.permissions);
 
       if (request?.user) {
         contribution.actor = request.user;

package/src/server/membershipAccess.js

@@ -23,10 +23,6 @@ function normalizeMembershipForAccess(membershipLike) {
   };
 }
 
-function mapMembershipSummary(membershipLike) {
-  return normalizeMembershipForAccess(membershipLike);
-}
-
 function normalizePermissions(value) {
   if (!Array.isArray(value)) {
     return [];
@@ -61,7 +57,6 @@ export {
   resolveMembershipRoleId,
   resolveMembershipStatus,
   normalizeMembershipForAccess,
-  mapMembershipSummary,
   normalizePermissions,
   createMembershipIndexes
 };

package/src/server/validators.js

@@ -93,69 +93,77 @@ function resetPassword(rawPassword) {
   return registerPassword(rawPassword);
 }
 
-function registerInput(payload = {}) {
-  const emailCheck = validateEmail(payload.email);
-  const passwordCheck = registerPassword(payload.password);
+function buildFieldErrors(entries = []) {
   const fieldErrors = {};
-
-  if (emailCheck.error) {
-    fieldErrors.email = emailCheck.error;
-  }
-  if (passwordCheck.error) {
-    fieldErrors.password = passwordCheck.error;
+  for (const entry of Array.isArray(entries) ? entries : []) {
+    const field = String(entry?.field || "").trim();
+    const error = String(entry?.error || "").trim();
+    if (!field || !error) {
+      continue;
+    }
+    fieldErrors[field] = error;
   }
-
-  return {
-    email: emailCheck.email,
-    password: passwordCheck.password,
-    fieldErrors
-  };
+  return fieldErrors;
 }
 
-function loginInput(payload = {}) {
+function buildEmailPasswordInput(payload = {}, { passwordValidator } = {}) {
   const emailCheck = validateEmail(payload.email);
-  const passwordCheck = loginPassword(payload.password);
-  const fieldErrors = {};
-
-  if (emailCheck.error) {
-    fieldErrors.email = emailCheck.error;
-  }
-  if (passwordCheck.error) {
-    fieldErrors.password = passwordCheck.error;
-  }
+  const resolvePassword = typeof passwordValidator === "function" ? passwordValidator : registerPassword;
+  const passwordCheck = resolvePassword(payload.password);
 
   return {
     email: emailCheck.email,
     password: passwordCheck.password,
-    fieldErrors
+    fieldErrors: buildFieldErrors([
+      {
+        field: "email",
+        error: emailCheck.error
+      },
+      {
+        field: "password",
+        error: passwordCheck.error
+      }
+    ])
   };
 }
 
+function registerInput(payload = {}) {
+  return buildEmailPasswordInput(payload, {
+    passwordValidator: registerPassword
+  });
+}
+
+function loginInput(payload = {}) {
+  return buildEmailPasswordInput(payload, {
+    passwordValidator: loginPassword
+  });
+}
+
 function forgotPasswordInput(payload = {}) {
   const emailCheck = validateEmail(payload.email);
-  const fieldErrors = {};
-
-  if (emailCheck.error) {
-    fieldErrors.email = emailCheck.error;
-  }
 
   return {
     email: emailCheck.email,
-    fieldErrors
+    fieldErrors: buildFieldErrors([
+      {
+        field: "email",
+        error: emailCheck.error
+      }
+    ])
   };
 }
 
 function resetPasswordInput(payload = {}) {
   const passwordCheck = resetPassword(payload.password);
-  const fieldErrors = {};
-
-  if (passwordCheck.error) {
-    fieldErrors.password = passwordCheck.error;
-  }
 
   return {
     password: passwordCheck.password,
-    fieldErrors
+    fieldErrors: buildFieldErrors([
+      {
+        field: "password",
+        error: passwordCheck.error
+      }
+    ])
   };
 }
 

package/src/shared/authApi.js

@@ -8,6 +8,9 @@ function createApi({ request }) {
     register(payload) {
       return request(AUTH_PATHS.REGISTER, { method: "POST", body: payload });
     },
+    resendRegisterConfirmation(payload) {
+      return request(AUTH_PATHS.REGISTER_CONFIRMATION_RESEND, { method: "POST", body: payload });
+    },
     login(payload) {
       return request(AUTH_PATHS.LOGIN, { method: "POST", body: payload });
     },

package/src/shared/authPaths.js

@@ -1,5 +1,6 @@
 const AUTH_PATHS = Object.freeze({
   REGISTER: "/api/register",
+  REGISTER_CONFIRMATION_RESEND: "/api/register/confirmation/resend",
   LOGIN: "/api/login",
   LOGIN_OTP_REQUEST: "/api/login/otp/request",
   LOGIN_OTP_VERIFY: "/api/login/otp/verify",

package/src/shared/commands/authCommandValidators.js

@@ -152,7 +152,7 @@ const oauthCompleteResponseValidator = Object.freeze({
   schema: Type.Object(
     {
       ok: Type.Boolean(),
-      provider: oauthProviderValidator.schema,
+      provider: Type.Optional(oauthProviderValidator.schema),
       username: Type.String({ minLength: 1, maxLength: 120 }),
       email: authEmailValidator.schema
     },

package/src/shared/commands/authLoginOAuthCompleteCommand.js

@@ -12,7 +12,6 @@ import {
 const AUTH_LOGIN_OAUTH_COMPLETE_MESSAGES = createCommandMessages({
   fields: {
     provider: {
-      required: "OAuth provider is required.",
       pattern: "OAuth provider id is invalid.",
       default: "OAuth provider id is invalid."
     },
@@ -31,7 +30,7 @@ const AUTH_LOGIN_OAUTH_COMPLETE_MESSAGES = createCommandMessages({
 const authLoginOAuthCompleteBodyValidator = Object.freeze({
   schema: Type.Object(
     {
-      provider: oauthProviderValidator.schema,
+      provider: Type.Optional(oauthProviderValidator.schema),
       code: Type.Optional(authRecoveryTokenValidator.schema),
       accessToken: Type.Optional(authAccessTokenValidator.schema),
       refreshToken: Type.Optional(authRefreshTokenValidator.schema),

package/src/shared/commands/authRegisterConfirmationResendCommand.js

@@ -0,0 +1,49 @@
+import { Type } from "typebox";
+import { normalizeObjectInput } from "../inputNormalization.js";
+import {
+  authEmailValidator,
+  createCommandMessages,
+  okMessageResponseValidator
+} from "./authCommandValidators.js";
+
+const AUTH_REGISTER_CONFIRMATION_RESEND_MESSAGES = createCommandMessages({
+  fields: {
+    email: {
+      required: "Email is required.",
+      minLength: "Email is required.",
+      pattern: "Enter a valid email address.",
+      default: "Enter a valid email address."
+    }
+  }
+});
+
+const authRegisterConfirmationResendBodyValidator = Object.freeze({
+  schema: Type.Object(
+    {
+      email: authEmailValidator.schema
+    },
+    {
+      additionalProperties: false
+    }
+  ),
+  normalize: normalizeObjectInput,
+  messages: AUTH_REGISTER_CONFIRMATION_RESEND_MESSAGES
+});
+
+const authRegisterConfirmationResendCommand = Object.freeze({
+  command: "auth.register.confirmation.resend",
+  operation: Object.freeze({
+    method: "POST",
+    bodyValidator: authRegisterConfirmationResendBodyValidator,
+    responseValidator: okMessageResponseValidator,
+    messages: AUTH_REGISTER_CONFIRMATION_RESEND_MESSAGES,
+    idempotent: false,
+    invalidates: Object.freeze([])
+  })
+});
+
+export {
+  authRegisterConfirmationResendBodyValidator,
+  AUTH_REGISTER_CONFIRMATION_RESEND_MESSAGES,
+  authRegisterConfirmationResendCommand
+};

package/src/shared/commands/index.js

@@ -0,0 +1,12 @@
+export { authRegisterCommand } from "./authRegisterCommand.js";
+export { authRegisterConfirmationResendCommand } from "./authRegisterConfirmationResendCommand.js";
+export { authLoginPasswordCommand } from "./authLoginPasswordCommand.js";
+export { authLoginOtpRequestCommand } from "./authLoginOtpRequestCommand.js";
+export { authLoginOtpVerifyCommand } from "./authLoginOtpVerifyCommand.js";
+export { authLoginOAuthStartCommand } from "./authLoginOAuthStartCommand.js";
+export { authLoginOAuthCompleteCommand } from "./authLoginOAuthCompleteCommand.js";
+export { authPasswordResetRequestCommand } from "./authPasswordResetRequestCommand.js";
+export { authPasswordRecoveryCompleteCommand } from "./authPasswordRecoveryCompleteCommand.js";
+export { authPasswordResetCommand } from "./authPasswordResetCommand.js";
+export { authLogoutCommand } from "./authLogoutCommand.js";
+export { authSessionReadCommand } from "./authSessionReadCommand.js";

package/test/authApi.test.js

@@ -15,6 +15,7 @@ test("authApi exposes the expected methods and request routes", async () => {
   assert.deepEqual(Object.keys(api), [
     "session",
     "register",
+    "resendRegisterConfirmation",
     "login",
     "requestOtp",
     "verifyOtp",
@@ -27,14 +28,17 @@ test("authApi exposes the expected methods and request routes", async () => {
   ]);
 
   await api.session();
+  await api.resendRegisterConfirmation({ email: "x@example.com" });
   await api.login({ email: "x@example.com" });
   await api.logout();
 
   assert.equal(calls[0].url, "/api/session");
-  assert.equal(calls[1].url, "/api/login");
+  assert.equal(calls[1].url, "/api/register/confirmation/resend");
   assert.equal(calls[1].options.method, "POST");
-  assert.equal(calls[2].url, "/api/logout");
+  assert.equal(calls[2].url, "/api/login");
   assert.equal(calls[2].options.method, "POST");
+  assert.equal(calls[3].url, "/api/logout");
+  assert.equal(calls[3].options.method, "POST");
 });
 
 test("authApi oauthStartUrl builds provider path with optional returnTo", () => {

package/test/authPaths.test.js

@@ -6,6 +6,7 @@ import { AUTH_PATHS, buildAuthOauthStartPath } from "../src/shared/authPaths.js"
 test("AUTH_PATHS defines canonical auth endpoint paths", () => {
   assert.equal(Object.isFrozen(AUTH_PATHS), true);
   assert.equal(AUTH_PATHS.LOGIN, "/api/login");
+  assert.equal(AUTH_PATHS.REGISTER_CONFIRMATION_RESEND, "/api/register/confirmation/resend");
   assert.equal(AUTH_PATHS.LOGOUT, "/api/logout");
   assert.equal(AUTH_PATHS.SESSION, "/api/session");
   assert.equal(AUTH_PATHS.OAUTH_START_TEMPLATE, "/api/oauth/:provider/start");

package/test/commandValidators.test.js

@@ -1,6 +1,7 @@
 import test from "node:test";
 import assert from "node:assert/strict";
 import { authRegisterCommand } from "../src/shared/commands/authRegisterCommand.js";
+import { authRegisterConfirmationResendCommand } from "../src/shared/commands/authRegisterConfirmationResendCommand.js";
 import { authLoginPasswordCommand } from "../src/shared/commands/authLoginPasswordCommand.js";
 import { authLoginOtpRequestCommand } from "../src/shared/commands/authLoginOtpRequestCommand.js";
 import { authLoginOtpVerifyCommand } from "../src/shared/commands/authLoginOtpVerifyCommand.js";
@@ -15,6 +16,7 @@ import { authSessionReadCommand } from "../src/shared/commands/authSessionReadCo
 test("auth commands expose canonical operation validator messages", () => {
   const commands = {
     authRegisterCommand,
+    authRegisterConfirmationResendCommand,
     authLoginPasswordCommand,
     authLoginOtpRequestCommand,
     authLoginOtpVerifyCommand,
@@ -31,3 +33,13 @@ test("auth commands expose canonical operation validator messages", () => {
     assert.equal(typeof command.operation?.messages, "object", `${label}.operation.messages must be an object.`);
   }
 });
+
+test("oauth complete command allows provider-less session-pair callbacks", () => {
+  const bodySchema = authLoginOAuthCompleteCommand.operation.bodyValidator.schema;
+  const bodyRequired = Array.isArray(bodySchema?.required) ? bodySchema.required : [];
+  assert.equal(bodyRequired.includes("provider"), false);
+
+  const responseSchema = authLoginOAuthCompleteCommand.operation.responseValidator.schema;
+  const responseRequired = Array.isArray(responseSchema?.required) ? responseSchema.required : [];
+  assert.equal(responseRequired.includes("provider"), false);
+});