@nauth-toolkit/core 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (778) hide show
  1. package/dist/adapters/database-columns.d.ts +10 -0
  2. package/dist/adapters/database-columns.d.ts.map +1 -0
  3. package/dist/adapters/database-columns.js +85 -0
  4. package/dist/adapters/database-columns.js.map +1 -0
  5. package/dist/adapters/express.adapter.d.ts +41 -0
  6. package/dist/adapters/express.adapter.d.ts.map +1 -0
  7. package/dist/adapters/express.adapter.js +188 -0
  8. package/dist/adapters/express.adapter.js.map +1 -0
  9. package/dist/adapters/fastify.adapter.d.ts +33 -0
  10. package/dist/adapters/fastify.adapter.d.ts.map +1 -0
  11. package/dist/adapters/fastify.adapter.js +223 -0
  12. package/dist/adapters/fastify.adapter.js.map +1 -0
  13. package/dist/adapters/index.d.ts +5 -0
  14. package/dist/adapters/index.d.ts.map +1 -0
  15. package/dist/adapters/index.js +25 -0
  16. package/dist/adapters/index.js.map +1 -0
  17. package/dist/adapters/storage.factory.d.ts +7 -0
  18. package/dist/adapters/storage.factory.d.ts.map +1 -0
  19. package/dist/adapters/storage.factory.js +24 -0
  20. package/dist/adapters/storage.factory.js.map +1 -0
  21. package/dist/bootstrap.d.ts +41 -0
  22. package/dist/bootstrap.d.ts.map +1 -0
  23. package/dist/bootstrap.js +113 -0
  24. package/dist/bootstrap.js.map +1 -0
  25. package/dist/dto/auth-challenge.dto.d.ts +19 -0
  26. package/dist/dto/auth-challenge.dto.d.ts.map +1 -0
  27. package/dist/dto/auth-challenge.dto.js +86 -0
  28. package/dist/dto/auth-challenge.dto.js.map +1 -0
  29. package/dist/dto/auth-response.dto.d.ts +31 -0
  30. package/dist/dto/auth-response.dto.d.ts.map +1 -0
  31. package/dist/dto/auth-response.dto.js +18 -0
  32. package/dist/dto/auth-response.dto.js.map +1 -0
  33. package/dist/dto/challenge-response.dto.d.ts +36 -0
  34. package/dist/dto/challenge-response.dto.d.ts.map +1 -0
  35. package/dist/dto/challenge-response.dto.js +3 -0
  36. package/dist/dto/challenge-response.dto.js.map +1 -0
  37. package/dist/dto/change-password-request.dto.d.ts +5 -0
  38. package/dist/dto/change-password-request.dto.d.ts.map +1 -0
  39. package/dist/dto/change-password-request.dto.js +30 -0
  40. package/dist/dto/change-password-request.dto.js.map +1 -0
  41. package/dist/dto/change-password-response.dto.d.ts +4 -0
  42. package/dist/dto/change-password-response.dto.d.ts.map +1 -0
  43. package/dist/dto/change-password-response.dto.js +8 -0
  44. package/dist/dto/change-password-response.dto.js.map +1 -0
  45. package/dist/dto/change-password.dto.d.ts +5 -0
  46. package/dist/dto/change-password.dto.d.ts.map +1 -0
  47. package/dist/dto/change-password.dto.js +29 -0
  48. package/dist/dto/change-password.dto.js.map +1 -0
  49. package/dist/dto/error-response.dto.d.ts +9 -0
  50. package/dist/dto/error-response.dto.d.ts.map +1 -0
  51. package/dist/dto/error-response.dto.js +59 -0
  52. package/dist/dto/error-response.dto.js.map +1 -0
  53. package/dist/dto/get-available-methods.dto.d.ts +7 -0
  54. package/dist/dto/get-available-methods.dto.d.ts.map +1 -0
  55. package/dist/dto/get-available-methods.dto.js +33 -0
  56. package/dist/dto/get-available-methods.dto.js.map +1 -0
  57. package/dist/dto/get-challenge-data-response.dto.d.ts +4 -0
  58. package/dist/dto/get-challenge-data-response.dto.d.ts.map +1 -0
  59. package/dist/dto/get-challenge-data-response.dto.js +8 -0
  60. package/dist/dto/get-challenge-data-response.dto.js.map +1 -0
  61. package/dist/dto/get-challenge-data.dto.d.ts +8 -0
  62. package/dist/dto/get-challenge-data.dto.d.ts.map +1 -0
  63. package/dist/dto/get-challenge-data.dto.js +40 -0
  64. package/dist/dto/get-challenge-data.dto.js.map +1 -0
  65. package/dist/dto/get-client-info.dto.d.ts +17 -0
  66. package/dist/dto/get-client-info.dto.d.ts.map +1 -0
  67. package/dist/dto/get-client-info.dto.js +20 -0
  68. package/dist/dto/get-client-info.dto.js.map +1 -0
  69. package/dist/dto/get-device-token-response.dto.d.ts +4 -0
  70. package/dist/dto/get-device-token-response.dto.d.ts.map +1 -0
  71. package/dist/dto/get-device-token-response.dto.js +8 -0
  72. package/dist/dto/get-device-token-response.dto.js.map +1 -0
  73. package/dist/dto/get-events-by-type.dto.d.ts +17 -0
  74. package/dist/dto/get-events-by-type.dto.d.ts.map +1 -0
  75. package/dist/dto/get-events-by-type.dto.js +20 -0
  76. package/dist/dto/get-events-by-type.dto.js.map +1 -0
  77. package/dist/dto/get-ip-address-response.dto.d.ts +4 -0
  78. package/dist/dto/get-ip-address-response.dto.d.ts.map +1 -0
  79. package/dist/dto/get-ip-address-response.dto.js +8 -0
  80. package/dist/dto/get-ip-address-response.dto.js.map +1 -0
  81. package/dist/dto/get-mfa-status.dto.d.ts +16 -0
  82. package/dist/dto/get-mfa-status.dto.d.ts.map +1 -0
  83. package/dist/dto/get-mfa-status.dto.js +41 -0
  84. package/dist/dto/get-mfa-status.dto.js.map +1 -0
  85. package/dist/dto/get-risk-assessment-history.dto.d.ts +9 -0
  86. package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -0
  87. package/dist/dto/get-risk-assessment-history.dto.js +13 -0
  88. package/dist/dto/get-risk-assessment-history.dto.js.map +1 -0
  89. package/dist/dto/get-session-id-response.dto.d.ts +4 -0
  90. package/dist/dto/get-session-id-response.dto.d.ts.map +1 -0
  91. package/dist/dto/get-session-id-response.dto.js +8 -0
  92. package/dist/dto/get-session-id-response.dto.js.map +1 -0
  93. package/dist/dto/get-setup-data-response.dto.d.ts +4 -0
  94. package/dist/dto/get-setup-data-response.dto.d.ts.map +1 -0
  95. package/dist/dto/get-setup-data-response.dto.js +8 -0
  96. package/dist/dto/get-setup-data-response.dto.js.map +1 -0
  97. package/dist/dto/get-setup-data.dto.d.ts +7 -0
  98. package/dist/dto/get-setup-data.dto.d.ts.map +1 -0
  99. package/dist/dto/get-setup-data.dto.js +43 -0
  100. package/dist/dto/get-setup-data.dto.js.map +1 -0
  101. package/dist/dto/get-suspicious-activity.dto.d.ts +9 -0
  102. package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -0
  103. package/dist/dto/get-suspicious-activity.dto.js +13 -0
  104. package/dist/dto/get-suspicious-activity.dto.js.map +1 -0
  105. package/dist/dto/get-user-agent-response.dto.d.ts +4 -0
  106. package/dist/dto/get-user-agent-response.dto.d.ts.map +1 -0
  107. package/dist/dto/get-user-agent-response.dto.js +8 -0
  108. package/dist/dto/get-user-agent-response.dto.js.map +1 -0
  109. package/dist/dto/get-user-auth-history.dto.d.ts +20 -0
  110. package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -0
  111. package/dist/dto/get-user-auth-history.dto.js +22 -0
  112. package/dist/dto/get-user-auth-history.dto.js.map +1 -0
  113. package/dist/dto/get-user-by-email.dto.d.ts +5 -0
  114. package/dist/dto/get-user-by-email.dto.d.ts.map +1 -0
  115. package/dist/dto/get-user-by-email.dto.js +36 -0
  116. package/dist/dto/get-user-by-email.dto.js.map +1 -0
  117. package/dist/dto/get-user-by-id.dto.d.ts +4 -0
  118. package/dist/dto/get-user-by-id.dto.d.ts.map +1 -0
  119. package/dist/dto/get-user-by-id.dto.js +29 -0
  120. package/dist/dto/get-user-by-id.dto.js.map +1 -0
  121. package/dist/dto/get-user-devices.dto.d.ts +8 -0
  122. package/dist/dto/get-user-devices.dto.d.ts.map +1 -0
  123. package/dist/dto/get-user-devices.dto.js +33 -0
  124. package/dist/dto/get-user-devices.dto.js.map +1 -0
  125. package/dist/dto/get-user-response.dto.d.ts +2 -0
  126. package/dist/dto/get-user-response.dto.d.ts.map +1 -0
  127. package/dist/dto/get-user-response.dto.js +6 -0
  128. package/dist/dto/get-user-response.dto.js.map +1 -0
  129. package/dist/dto/has-provider.dto.d.ts +7 -0
  130. package/dist/dto/has-provider.dto.d.ts.map +1 -0
  131. package/dist/dto/has-provider.dto.js +38 -0
  132. package/dist/dto/has-provider.dto.js.map +1 -0
  133. package/dist/dto/index.d.ts +51 -0
  134. package/dist/dto/index.d.ts.map +1 -0
  135. package/dist/dto/index.js +67 -0
  136. package/dist/dto/index.js.map +1 -0
  137. package/dist/dto/is-trusted-device-response.dto.d.ts +4 -0
  138. package/dist/dto/is-trusted-device-response.dto.d.ts.map +1 -0
  139. package/dist/dto/is-trusted-device-response.dto.js +8 -0
  140. package/dist/dto/is-trusted-device-response.dto.js.map +1 -0
  141. package/dist/dto/list-providers-response.dto.d.ts +4 -0
  142. package/dist/dto/list-providers-response.dto.d.ts.map +1 -0
  143. package/dist/dto/list-providers-response.dto.js +8 -0
  144. package/dist/dto/list-providers-response.dto.js.map +1 -0
  145. package/dist/dto/login.dto.d.ts +7 -0
  146. package/dist/dto/login.dto.d.ts.map +1 -0
  147. package/dist/dto/login.dto.js +68 -0
  148. package/dist/dto/login.dto.js.map +1 -0
  149. package/dist/dto/logout-all-response.dto.d.ts +4 -0
  150. package/dist/dto/logout-all-response.dto.d.ts.map +1 -0
  151. package/dist/dto/logout-all-response.dto.js +8 -0
  152. package/dist/dto/logout-all-response.dto.js.map +1 -0
  153. package/dist/dto/logout-all.dto.d.ts +5 -0
  154. package/dist/dto/logout-all.dto.d.ts.map +1 -0
  155. package/dist/dto/logout-all.dto.js +42 -0
  156. package/dist/dto/logout-all.dto.js.map +1 -0
  157. package/dist/dto/logout-response.dto.d.ts +4 -0
  158. package/dist/dto/logout-response.dto.d.ts.map +1 -0
  159. package/dist/dto/logout-response.dto.js +8 -0
  160. package/dist/dto/logout-response.dto.js.map +1 -0
  161. package/dist/dto/logout.dto.d.ts +5 -0
  162. package/dist/dto/logout.dto.d.ts.map +1 -0
  163. package/dist/dto/logout.dto.js +36 -0
  164. package/dist/dto/logout.dto.js.map +1 -0
  165. package/dist/dto/refresh-token.dto.d.ts +4 -0
  166. package/dist/dto/refresh-token.dto.d.ts.map +1 -0
  167. package/dist/dto/refresh-token.dto.js +24 -0
  168. package/dist/dto/refresh-token.dto.js.map +1 -0
  169. package/dist/dto/remove-devices.dto.d.ts +9 -0
  170. package/dist/dto/remove-devices.dto.d.ts.map +1 -0
  171. package/dist/dto/remove-devices.dto.js +50 -0
  172. package/dist/dto/remove-devices.dto.js.map +1 -0
  173. package/dist/dto/resend-code-response.dto.d.ts +4 -0
  174. package/dist/dto/resend-code-response.dto.d.ts.map +1 -0
  175. package/dist/dto/resend-code-response.dto.js +8 -0
  176. package/dist/dto/resend-code-response.dto.js.map +1 -0
  177. package/dist/dto/resend-code.dto.d.ts +4 -0
  178. package/dist/dto/resend-code.dto.d.ts.map +1 -0
  179. package/dist/dto/resend-code.dto.js +29 -0
  180. package/dist/dto/resend-code.dto.js.map +1 -0
  181. package/dist/dto/reset-password.dto.d.ts +8 -0
  182. package/dist/dto/reset-password.dto.d.ts.map +1 -0
  183. package/dist/dto/reset-password.dto.js +61 -0
  184. package/dist/dto/reset-password.dto.js.map +1 -0
  185. package/dist/dto/respond-challenge.dto.d.ts +33 -0
  186. package/dist/dto/respond-challenge.dto.d.ts.map +1 -0
  187. package/dist/dto/respond-challenge.dto.js +131 -0
  188. package/dist/dto/respond-challenge.dto.js.map +1 -0
  189. package/dist/dto/set-mfa-exemption.dto.d.ts +12 -0
  190. package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -0
  191. package/dist/dto/set-mfa-exemption.dto.js +66 -0
  192. package/dist/dto/set-mfa-exemption.dto.js.map +1 -0
  193. package/dist/dto/set-must-change-password-response.dto.d.ts +4 -0
  194. package/dist/dto/set-must-change-password-response.dto.d.ts.map +1 -0
  195. package/dist/dto/set-must-change-password-response.dto.js +8 -0
  196. package/dist/dto/set-must-change-password-response.dto.js.map +1 -0
  197. package/dist/dto/set-must-change-password.dto.d.ts +4 -0
  198. package/dist/dto/set-must-change-password.dto.d.ts.map +1 -0
  199. package/dist/dto/set-must-change-password.dto.js +29 -0
  200. package/dist/dto/set-must-change-password.dto.js.map +1 -0
  201. package/dist/dto/set-preferred-method.dto.d.ts +8 -0
  202. package/dist/dto/set-preferred-method.dto.d.ts.map +1 -0
  203. package/dist/dto/set-preferred-method.dto.js +49 -0
  204. package/dist/dto/set-preferred-method.dto.js.map +1 -0
  205. package/dist/dto/setup-mfa.dto.d.ts +9 -0
  206. package/dist/dto/setup-mfa.dto.d.ts.map +1 -0
  207. package/dist/dto/setup-mfa.dto.js +55 -0
  208. package/dist/dto/setup-mfa.dto.js.map +1 -0
  209. package/dist/dto/signup.dto.d.ts +10 -0
  210. package/dist/dto/signup.dto.d.ts.map +1 -0
  211. package/dist/dto/signup.dto.js +109 -0
  212. package/dist/dto/signup.dto.js.map +1 -0
  213. package/dist/dto/social-auth.dto.d.ts +54 -0
  214. package/dist/dto/social-auth.dto.d.ts.map +1 -0
  215. package/dist/dto/social-auth.dto.js +232 -0
  216. package/dist/dto/social-auth.dto.js.map +1 -0
  217. package/dist/dto/trust-device-response.dto.d.ts +4 -0
  218. package/dist/dto/trust-device-response.dto.d.ts.map +1 -0
  219. package/dist/dto/trust-device-response.dto.js +8 -0
  220. package/dist/dto/trust-device-response.dto.js.map +1 -0
  221. package/dist/dto/trust-device.dto.d.ts +1 -0
  222. package/dist/dto/trust-device.dto.d.ts.map +1 -0
  223. package/dist/dto/trust-device.dto.js +2 -0
  224. package/dist/dto/trust-device.dto.js.map +1 -0
  225. package/dist/dto/update-user-attributes-request.dto.d.ts +5 -0
  226. package/dist/dto/update-user-attributes-request.dto.d.ts.map +1 -0
  227. package/dist/dto/update-user-attributes-request.dto.js +30 -0
  228. package/dist/dto/update-user-attributes-request.dto.js.map +1 -0
  229. package/dist/dto/user-response.dto.d.ts +20 -0
  230. package/dist/dto/user-response.dto.d.ts.map +1 -0
  231. package/dist/dto/user-response.dto.js +42 -0
  232. package/dist/dto/user-response.dto.js.map +1 -0
  233. package/dist/dto/user-update.dto.d.ts +12 -0
  234. package/dist/dto/user-update.dto.d.ts.map +1 -0
  235. package/dist/dto/user-update.dto.js +119 -0
  236. package/dist/dto/user-update.dto.js.map +1 -0
  237. package/dist/dto/verify-email.dto.d.ts +29 -0
  238. package/dist/dto/verify-email.dto.d.ts.map +1 -0
  239. package/dist/dto/verify-email.dto.js +161 -0
  240. package/dist/dto/verify-email.dto.js.map +1 -0
  241. package/dist/dto/verify-mfa-code.dto.d.ts +10 -0
  242. package/dist/dto/verify-mfa-code.dto.d.ts.map +1 -0
  243. package/dist/dto/verify-mfa-code.dto.js +56 -0
  244. package/dist/dto/verify-mfa-code.dto.js.map +1 -0
  245. package/dist/dto/verify-phone-by-sub.dto.d.ts +6 -0
  246. package/dist/dto/verify-phone-by-sub.dto.d.ts.map +1 -0
  247. package/dist/dto/verify-phone-by-sub.dto.js +49 -0
  248. package/dist/dto/verify-phone-by-sub.dto.js.map +1 -0
  249. package/dist/dto/verify-phone.dto.d.ts +24 -0
  250. package/dist/dto/verify-phone.dto.d.ts.map +1 -0
  251. package/dist/dto/verify-phone.dto.js +124 -0
  252. package/dist/dto/verify-phone.dto.js.map +1 -0
  253. package/dist/entities/auth-audit.entity.d.ts +31 -0
  254. package/dist/entities/auth-audit.entity.d.ts.map +1 -0
  255. package/dist/entities/auth-audit.entity.js +33 -0
  256. package/dist/entities/auth-audit.entity.js.map +1 -0
  257. package/dist/entities/challenge-session.entity.d.ts +17 -0
  258. package/dist/entities/challenge-session.entity.d.ts.map +1 -0
  259. package/dist/entities/challenge-session.entity.js +21 -0
  260. package/dist/entities/challenge-session.entity.js.map +1 -0
  261. package/dist/entities/index.d.ts +12 -0
  262. package/dist/entities/index.d.ts.map +1 -0
  263. package/dist/entities/index.js +26 -0
  264. package/dist/entities/index.js.map +1 -0
  265. package/dist/entities/login-attempt.entity.d.ts +13 -0
  266. package/dist/entities/login-attempt.entity.d.ts.map +1 -0
  267. package/dist/entities/login-attempt.entity.js +17 -0
  268. package/dist/entities/login-attempt.entity.js.map +1 -0
  269. package/dist/entities/mfa-device.entity.d.ts +22 -0
  270. package/dist/entities/mfa-device.entity.d.ts.map +1 -0
  271. package/dist/entities/mfa-device.entity.js +25 -0
  272. package/dist/entities/mfa-device.entity.js.map +1 -0
  273. package/dist/entities/rate-limit.entity.d.ts +9 -0
  274. package/dist/entities/rate-limit.entity.d.ts.map +1 -0
  275. package/dist/entities/rate-limit.entity.js +13 -0
  276. package/dist/entities/rate-limit.entity.js.map +1 -0
  277. package/dist/entities/session.entity.d.ts +32 -0
  278. package/dist/entities/session.entity.d.ts.map +1 -0
  279. package/dist/entities/session.entity.js +36 -0
  280. package/dist/entities/session.entity.js.map +1 -0
  281. package/dist/entities/social-account.entity.d.ts +13 -0
  282. package/dist/entities/social-account.entity.d.ts.map +1 -0
  283. package/dist/entities/social-account.entity.js +17 -0
  284. package/dist/entities/social-account.entity.js.map +1 -0
  285. package/dist/entities/storage-lock.entity.d.ts +8 -0
  286. package/dist/entities/storage-lock.entity.d.ts.map +1 -0
  287. package/dist/entities/storage-lock.entity.js +12 -0
  288. package/dist/entities/storage-lock.entity.js.map +1 -0
  289. package/dist/entities/trusted-device.entity.d.ts +17 -0
  290. package/dist/entities/trusted-device.entity.d.ts.map +1 -0
  291. package/dist/entities/trusted-device.entity.js +21 -0
  292. package/dist/entities/trusted-device.entity.js.map +1 -0
  293. package/dist/entities/user.entity.d.ts +41 -0
  294. package/dist/entities/user.entity.d.ts.map +1 -0
  295. package/dist/entities/user.entity.js +45 -0
  296. package/dist/entities/user.entity.js.map +1 -0
  297. package/dist/entities/verification-token.entity.d.ts +19 -0
  298. package/dist/entities/verification-token.entity.d.ts.map +1 -0
  299. package/dist/entities/verification-token.entity.js +29 -0
  300. package/dist/entities/verification-token.entity.js.map +1 -0
  301. package/dist/enums/auth-audit-event-type.enum.d.ts +55 -0
  302. package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -0
  303. package/dist/enums/auth-audit-event-type.enum.js +59 -0
  304. package/dist/enums/auth-audit-event-type.enum.js.map +1 -0
  305. package/dist/enums/error-codes.enum.d.ts +53 -0
  306. package/dist/enums/error-codes.enum.d.ts.map +1 -0
  307. package/dist/enums/error-codes.enum.js +57 -0
  308. package/dist/enums/error-codes.enum.js.map +1 -0
  309. package/dist/enums/mfa-method.enum.d.ts +11 -0
  310. package/dist/enums/mfa-method.enum.d.ts.map +1 -0
  311. package/dist/enums/mfa-method.enum.js +18 -0
  312. package/dist/enums/mfa-method.enum.js.map +1 -0
  313. package/dist/enums/risk-factor.enum.d.ts +14 -0
  314. package/dist/enums/risk-factor.enum.d.ts.map +1 -0
  315. package/dist/enums/risk-factor.enum.js +18 -0
  316. package/dist/enums/risk-factor.enum.js.map +1 -0
  317. package/dist/exceptions/nauth.exception.d.ts +18 -0
  318. package/dist/exceptions/nauth.exception.d.ts.map +1 -0
  319. package/dist/exceptions/nauth.exception.js +64 -0
  320. package/dist/exceptions/nauth.exception.js.map +1 -0
  321. package/dist/handlers/auth.handler.d.ts +18 -0
  322. package/dist/handlers/auth.handler.d.ts.map +1 -0
  323. package/dist/handlers/auth.handler.js +173 -0
  324. package/dist/handlers/auth.handler.js.map +1 -0
  325. package/dist/handlers/client-info.handler.d.ts +12 -0
  326. package/dist/handlers/client-info.handler.d.ts.map +1 -0
  327. package/dist/handlers/client-info.handler.js +61 -0
  328. package/dist/handlers/client-info.handler.js.map +1 -0
  329. package/dist/handlers/csrf.handler.d.ts +13 -0
  330. package/dist/handlers/csrf.handler.d.ts.map +1 -0
  331. package/dist/handlers/csrf.handler.js +84 -0
  332. package/dist/handlers/csrf.handler.js.map +1 -0
  333. package/dist/handlers/token-delivery.handler.d.ts +12 -0
  334. package/dist/handlers/token-delivery.handler.d.ts.map +1 -0
  335. package/dist/handlers/token-delivery.handler.js +86 -0
  336. package/dist/handlers/token-delivery.handler.js.map +1 -0
  337. package/dist/index.d.ts +27 -0
  338. package/dist/index.d.ts.map +1 -0
  339. package/dist/index.js +51 -0
  340. package/dist/index.js.map +1 -0
  341. package/dist/interfaces/client-info.interface.d.ts +16 -0
  342. package/dist/interfaces/client-info.interface.d.ts.map +1 -0
  343. package/dist/interfaces/client-info.interface.js +3 -0
  344. package/dist/interfaces/client-info.interface.js.map +1 -0
  345. package/dist/interfaces/config.interface.d.ts +279 -0
  346. package/dist/interfaces/config.interface.d.ts.map +1 -0
  347. package/dist/interfaces/config.interface.js +3 -0
  348. package/dist/interfaces/config.interface.js.map +1 -0
  349. package/dist/interfaces/entities.interface.d.ts +169 -0
  350. package/dist/interfaces/entities.interface.d.ts.map +1 -0
  351. package/dist/interfaces/entities.interface.js +3 -0
  352. package/dist/interfaces/entities.interface.js.map +1 -0
  353. package/dist/interfaces/index.d.ts +11 -0
  354. package/dist/interfaces/index.d.ts.map +1 -0
  355. package/dist/interfaces/index.js +27 -0
  356. package/dist/interfaces/index.js.map +1 -0
  357. package/dist/interfaces/logger.interface.d.ts +43 -0
  358. package/dist/interfaces/logger.interface.d.ts.map +1 -0
  359. package/dist/interfaces/logger.interface.js +12 -0
  360. package/dist/interfaces/logger.interface.js.map +1 -0
  361. package/dist/interfaces/mfa-provider.interface.d.ts +12 -0
  362. package/dist/interfaces/mfa-provider.interface.d.ts.map +1 -0
  363. package/dist/interfaces/mfa-provider.interface.js +3 -0
  364. package/dist/interfaces/mfa-provider.interface.js.map +1 -0
  365. package/dist/interfaces/oauth.interface.d.ts +24 -0
  366. package/dist/interfaces/oauth.interface.d.ts.map +1 -0
  367. package/dist/interfaces/oauth.interface.js +3 -0
  368. package/dist/interfaces/oauth.interface.js.map +1 -0
  369. package/dist/interfaces/provider.interface.d.ts +12 -0
  370. package/dist/interfaces/provider.interface.d.ts.map +1 -0
  371. package/dist/interfaces/provider.interface.js +3 -0
  372. package/dist/interfaces/provider.interface.js.map +1 -0
  373. package/dist/interfaces/social-auth-provider.interface.d.ts +13 -0
  374. package/dist/interfaces/social-auth-provider.interface.d.ts.map +1 -0
  375. package/dist/interfaces/social-auth-provider.interface.js +3 -0
  376. package/dist/interfaces/social-auth-provider.interface.js.map +1 -0
  377. package/dist/interfaces/storage-adapter.interface.d.ts +39 -0
  378. package/dist/interfaces/storage-adapter.interface.d.ts.map +1 -0
  379. package/dist/interfaces/storage-adapter.interface.js +3 -0
  380. package/dist/interfaces/storage-adapter.interface.js.map +1 -0
  381. package/dist/interfaces/template.interface.d.ts +99 -0
  382. package/dist/interfaces/template.interface.d.ts.map +1 -0
  383. package/dist/interfaces/template.interface.js +15 -0
  384. package/dist/interfaces/template.interface.js.map +1 -0
  385. package/dist/interfaces/token-verifier.interface.d.ts +7 -0
  386. package/dist/interfaces/token-verifier.interface.d.ts.map +1 -0
  387. package/dist/interfaces/token-verifier.interface.js +3 -0
  388. package/dist/interfaces/token-verifier.interface.js.map +1 -0
  389. package/dist/internal.d.ts +20 -0
  390. package/dist/internal.d.ts.map +1 -0
  391. package/dist/internal.js +53 -0
  392. package/dist/internal.js.map +1 -0
  393. package/dist/platform/interfaces.d.ts +56 -0
  394. package/dist/platform/interfaces.d.ts.map +1 -0
  395. package/dist/platform/interfaces.js +3 -0
  396. package/dist/platform/interfaces.js.map +1 -0
  397. package/dist/schemas/auth-config.schema.d.ts +3411 -0
  398. package/dist/schemas/auth-config.schema.d.ts.map +1 -0
  399. package/dist/schemas/auth-config.schema.js +428 -0
  400. package/dist/schemas/auth-config.schema.js.map +1 -0
  401. package/dist/services/adaptive-mfa-decision.service.d.ts +39 -0
  402. package/dist/services/adaptive-mfa-decision.service.d.ts.map +1 -0
  403. package/dist/services/adaptive-mfa-decision.service.js +223 -0
  404. package/dist/services/adaptive-mfa-decision.service.js.map +1 -0
  405. package/dist/services/auth-audit.service.d.ts +44 -0
  406. package/dist/services/auth-audit.service.d.ts.map +1 -0
  407. package/dist/services/auth-audit.service.js +241 -0
  408. package/dist/services/auth-audit.service.js.map +1 -0
  409. package/dist/services/auth-challenge-helper.service.d.ts +48 -0
  410. package/dist/services/auth-challenge-helper.service.d.ts.map +1 -0
  411. package/dist/services/auth-challenge-helper.service.js +425 -0
  412. package/dist/services/auth-challenge-helper.service.js.map +1 -0
  413. package/dist/services/auth-flow-context-builder.service.d.ts +31 -0
  414. package/dist/services/auth-flow-context-builder.service.d.ts.map +1 -0
  415. package/dist/services/auth-flow-context-builder.service.js +253 -0
  416. package/dist/services/auth-flow-context-builder.service.js.map +1 -0
  417. package/dist/services/auth-flow-rules.d.ts +18 -0
  418. package/dist/services/auth-flow-rules.d.ts.map +1 -0
  419. package/dist/services/auth-flow-rules.js +55 -0
  420. package/dist/services/auth-flow-rules.js.map +1 -0
  421. package/dist/services/auth-flow-state-definitions.d.ts +5 -0
  422. package/dist/services/auth-flow-state-definitions.d.ts.map +1 -0
  423. package/dist/services/auth-flow-state-definitions.js +87 -0
  424. package/dist/services/auth-flow-state-definitions.js.map +1 -0
  425. package/dist/services/auth-flow-state-machine.service.d.ts +17 -0
  426. package/dist/services/auth-flow-state-machine.service.d.ts.map +1 -0
  427. package/dist/services/auth-flow-state-machine.service.js +91 -0
  428. package/dist/services/auth-flow-state-machine.service.js.map +1 -0
  429. package/dist/services/auth-flow-state-machine.types.d.ts +55 -0
  430. package/dist/services/auth-flow-state-machine.types.d.ts.map +1 -0
  431. package/dist/services/auth-flow-state-machine.types.js +16 -0
  432. package/dist/services/auth-flow-state-machine.types.js.map +1 -0
  433. package/dist/services/auth.service.d.ts +87 -0
  434. package/dist/services/auth.service.d.ts.map +1 -0
  435. package/dist/services/auth.service.js +2356 -0
  436. package/dist/services/auth.service.js.map +1 -0
  437. package/dist/services/challenge.service.d.ts +32 -0
  438. package/dist/services/challenge.service.d.ts.map +1 -0
  439. package/dist/services/challenge.service.js +293 -0
  440. package/dist/services/challenge.service.js.map +1 -0
  441. package/dist/services/client-info.service.d.ts +20 -0
  442. package/dist/services/client-info.service.d.ts.map +1 -0
  443. package/dist/services/client-info.service.js +202 -0
  444. package/dist/services/client-info.service.js.map +1 -0
  445. package/dist/services/csrf.service.d.ts +13 -0
  446. package/dist/services/csrf.service.d.ts.map +1 -0
  447. package/dist/services/csrf.service.js +67 -0
  448. package/dist/services/csrf.service.js.map +1 -0
  449. package/dist/services/email-verification.service.d.ts +30 -0
  450. package/dist/services/email-verification.service.d.ts.map +1 -0
  451. package/dist/services/email-verification.service.js +373 -0
  452. package/dist/services/email-verification.service.js.map +1 -0
  453. package/dist/services/geo-location.service.d.ts +85 -0
  454. package/dist/services/geo-location.service.d.ts.map +1 -0
  455. package/dist/services/geo-location.service.js +338 -0
  456. package/dist/services/geo-location.service.js.map +1 -0
  457. package/dist/services/index.d.ts +14 -0
  458. package/dist/services/index.d.ts.map +1 -0
  459. package/dist/services/index.js +30 -0
  460. package/dist/services/index.js.map +1 -0
  461. package/dist/services/jwt.service.d.ts +62 -0
  462. package/dist/services/jwt.service.d.ts.map +1 -0
  463. package/dist/services/jwt.service.js +261 -0
  464. package/dist/services/jwt.service.js.map +1 -0
  465. package/dist/services/mfa-base.service.d.ts +37 -0
  466. package/dist/services/mfa-base.service.d.ts.map +1 -0
  467. package/dist/services/mfa-base.service.js +297 -0
  468. package/dist/services/mfa-base.service.js.map +1 -0
  469. package/dist/services/mfa.service.d.ts +35 -0
  470. package/dist/services/mfa.service.d.ts.map +1 -0
  471. package/dist/services/mfa.service.js +449 -0
  472. package/dist/services/mfa.service.js.map +1 -0
  473. package/dist/services/password.service.d.ts +19 -0
  474. package/dist/services/password.service.d.ts.map +1 -0
  475. package/dist/services/password.service.js +150 -0
  476. package/dist/services/password.service.js.map +1 -0
  477. package/dist/services/phone-verification.service.d.ts +32 -0
  478. package/dist/services/phone-verification.service.d.ts.map +1 -0
  479. package/dist/services/phone-verification.service.js +474 -0
  480. package/dist/services/phone-verification.service.js.map +1 -0
  481. package/dist/services/risk-detection.service.d.ts +30 -0
  482. package/dist/services/risk-detection.service.d.ts.map +1 -0
  483. package/dist/services/risk-detection.service.js +518 -0
  484. package/dist/services/risk-detection.service.js.map +1 -0
  485. package/dist/services/risk-scoring.service.d.ts +12 -0
  486. package/dist/services/risk-scoring.service.d.ts.map +1 -0
  487. package/dist/services/risk-scoring.service.js +44 -0
  488. package/dist/services/risk-scoring.service.js.map +1 -0
  489. package/dist/services/session.service.d.ts +64 -0
  490. package/dist/services/session.service.d.ts.map +1 -0
  491. package/dist/services/session.service.js +455 -0
  492. package/dist/services/session.service.js.map +1 -0
  493. package/dist/services/social-auth-base.service.d.ts +57 -0
  494. package/dist/services/social-auth-base.service.d.ts.map +1 -0
  495. package/dist/services/social-auth-base.service.js +340 -0
  496. package/dist/services/social-auth-base.service.js.map +1 -0
  497. package/dist/services/social-auth.service.d.ts +31 -0
  498. package/dist/services/social-auth.service.d.ts.map +1 -0
  499. package/dist/services/social-auth.service.js +172 -0
  500. package/dist/services/social-auth.service.js.map +1 -0
  501. package/dist/services/social-provider-registry.service.d.ts +9 -0
  502. package/dist/services/social-provider-registry.service.d.ts.map +1 -0
  503. package/dist/services/social-provider-registry.service.js +30 -0
  504. package/dist/services/social-provider-registry.service.js.map +1 -0
  505. package/dist/services/trusted-device.service.d.ts +29 -0
  506. package/dist/services/trusted-device.service.d.ts.map +1 -0
  507. package/dist/services/trusted-device.service.js +190 -0
  508. package/dist/services/trusted-device.service.js.map +1 -0
  509. package/dist/storage/account-lockout-storage.service.d.ts +16 -0
  510. package/dist/storage/account-lockout-storage.service.d.ts.map +1 -0
  511. package/dist/storage/account-lockout-storage.service.js +50 -0
  512. package/dist/storage/account-lockout-storage.service.js.map +1 -0
  513. package/dist/storage/index.d.ts +4 -0
  514. package/dist/storage/index.d.ts.map +1 -0
  515. package/dist/storage/index.js +20 -0
  516. package/dist/storage/index.js.map +1 -0
  517. package/dist/storage/memory-storage.adapter.d.ts +33 -0
  518. package/dist/storage/memory-storage.adapter.d.ts.map +1 -0
  519. package/dist/storage/memory-storage.adapter.js +195 -0
  520. package/dist/storage/memory-storage.adapter.js.map +1 -0
  521. package/dist/storage/rate-limit-storage.service.d.ts +11 -0
  522. package/dist/storage/rate-limit-storage.service.d.ts.map +1 -0
  523. package/dist/storage/rate-limit-storage.service.js +33 -0
  524. package/dist/storage/rate-limit-storage.service.js.map +1 -0
  525. package/dist/templates/html-template.engine.d.ts +16 -0
  526. package/dist/templates/html-template.engine.d.ts.map +1 -0
  527. package/dist/templates/html-template.engine.js +502 -0
  528. package/dist/templates/html-template.engine.js.map +1 -0
  529. package/dist/templates/index.d.ts +2 -0
  530. package/dist/templates/index.d.ts.map +1 -0
  531. package/dist/templates/index.js +18 -0
  532. package/dist/templates/index.js.map +1 -0
  533. package/dist/utils/common-passwords.d.ts +4 -0
  534. package/dist/utils/common-passwords.d.ts.map +1 -0
  535. package/dist/utils/common-passwords.js +108 -0
  536. package/dist/utils/common-passwords.js.map +1 -0
  537. package/dist/utils/context-storage.d.ts +13 -0
  538. package/dist/utils/context-storage.d.ts.map +1 -0
  539. package/dist/utils/context-storage.js +54 -0
  540. package/dist/utils/context-storage.js.map +1 -0
  541. package/dist/utils/cookie-names.util.d.ts +7 -0
  542. package/dist/utils/cookie-names.util.d.ts.map +1 -0
  543. package/dist/utils/cookie-names.util.js +30 -0
  544. package/dist/utils/cookie-names.util.js.map +1 -0
  545. package/dist/utils/cookies.util.d.ts +12 -0
  546. package/dist/utils/cookies.util.d.ts.map +1 -0
  547. package/dist/utils/cookies.util.js +48 -0
  548. package/dist/utils/cookies.util.js.map +1 -0
  549. package/dist/utils/index.d.ts +8 -0
  550. package/dist/utils/index.d.ts.map +1 -0
  551. package/dist/utils/index.js +24 -0
  552. package/dist/utils/index.js.map +1 -0
  553. package/dist/utils/ip-extractor.d.ts +12 -0
  554. package/dist/utils/ip-extractor.d.ts.map +1 -0
  555. package/dist/utils/ip-extractor.js +88 -0
  556. package/dist/utils/ip-extractor.js.map +1 -0
  557. package/dist/utils/nauth-logger.d.ts +20 -0
  558. package/dist/utils/nauth-logger.d.ts.map +1 -0
  559. package/dist/utils/nauth-logger.js +129 -0
  560. package/dist/utils/nauth-logger.js.map +1 -0
  561. package/dist/utils/pii-redactor.d.ts +16 -0
  562. package/dist/utils/pii-redactor.d.ts.map +1 -0
  563. package/dist/utils/pii-redactor.js +147 -0
  564. package/dist/utils/pii-redactor.js.map +1 -0
  565. package/dist/utils/setup/get-repositories.d.ts +16 -0
  566. package/dist/utils/setup/get-repositories.d.ts.map +1 -0
  567. package/dist/utils/setup/get-repositories.js +36 -0
  568. package/dist/utils/setup/get-repositories.js.map +1 -0
  569. package/dist/utils/setup/init-services.d.ts +41 -0
  570. package/dist/utils/setup/init-services.d.ts.map +1 -0
  571. package/dist/utils/setup/init-services.js +107 -0
  572. package/dist/utils/setup/init-services.js.map +1 -0
  573. package/dist/utils/setup/init-social.d.ts +13 -0
  574. package/dist/utils/setup/init-social.d.ts.map +1 -0
  575. package/dist/utils/setup/init-social.js +77 -0
  576. package/dist/utils/setup/init-social.js.map +1 -0
  577. package/dist/utils/setup/init-storage.d.ts +4 -0
  578. package/dist/utils/setup/init-storage.d.ts.map +1 -0
  579. package/dist/utils/setup/init-storage.js +79 -0
  580. package/dist/utils/setup/init-storage.js.map +1 -0
  581. package/dist/utils/setup/register-mfa.d.ts +5 -0
  582. package/dist/utils/setup/register-mfa.d.ts.map +1 -0
  583. package/dist/utils/setup/register-mfa.js +85 -0
  584. package/dist/utils/setup/register-mfa.js.map +1 -0
  585. package/dist/utils/setup/run-nauth-migrations.d.ts +5 -0
  586. package/dist/utils/setup/run-nauth-migrations.d.ts.map +1 -0
  587. package/dist/utils/setup/run-nauth-migrations.js +67 -0
  588. package/dist/utils/setup/run-nauth-migrations.js.map +1 -0
  589. package/dist/utils/token-delivery-policy.d.ts +6 -0
  590. package/dist/utils/token-delivery-policy.d.ts.map +1 -0
  591. package/dist/utils/token-delivery-policy.js +15 -0
  592. package/dist/utils/token-delivery-policy.js.map +1 -0
  593. package/dist/validators/template.validator.d.ts +7 -0
  594. package/dist/validators/template.validator.d.ts.map +1 -0
  595. package/dist/validators/template.validator.js +95 -0
  596. package/dist/validators/template.validator.js.map +1 -0
  597. package/jest.config.js +15 -0
  598. package/jest.setup.ts +6 -0
  599. package/package.json +73 -0
  600. package/src/adapters/database-columns.ts +165 -0
  601. package/src/adapters/express.adapter.ts +385 -0
  602. package/src/adapters/fastify.adapter.ts +416 -0
  603. package/src/adapters/index.ts +16 -0
  604. package/src/adapters/storage.factory.ts +143 -0
  605. package/src/bootstrap.ts +374 -0
  606. package/src/dto/auth-challenge.dto.ts +231 -0
  607. package/src/dto/auth-response.dto.ts +253 -0
  608. package/src/dto/challenge-response.dto.ts +234 -0
  609. package/src/dto/change-password-request.dto.ts +50 -0
  610. package/src/dto/change-password-response.dto.ts +29 -0
  611. package/src/dto/change-password.dto.ts +57 -0
  612. package/src/dto/error-response.dto.ts +136 -0
  613. package/src/dto/get-available-methods.dto.ts +55 -0
  614. package/src/dto/get-challenge-data-response.dto.ts +28 -0
  615. package/src/dto/get-challenge-data.dto.ts +69 -0
  616. package/src/dto/get-client-info.dto.ts +104 -0
  617. package/src/dto/get-device-token-response.dto.ts +25 -0
  618. package/src/dto/get-events-by-type.dto.ts +76 -0
  619. package/src/dto/get-ip-address-response.dto.ts +24 -0
  620. package/src/dto/get-mfa-status.dto.ts +94 -0
  621. package/src/dto/get-risk-assessment-history.dto.ts +39 -0
  622. package/src/dto/get-session-id-response.dto.ts +25 -0
  623. package/src/dto/get-setup-data-response.dto.ts +31 -0
  624. package/src/dto/get-setup-data.dto.ts +75 -0
  625. package/src/dto/get-suspicious-activity.dto.ts +42 -0
  626. package/src/dto/get-user-agent-response.dto.ts +23 -0
  627. package/src/dto/get-user-auth-history.dto.ts +95 -0
  628. package/src/dto/get-user-by-email.dto.ts +61 -0
  629. package/src/dto/get-user-by-id.dto.ts +46 -0
  630. package/src/dto/get-user-devices.dto.ts +53 -0
  631. package/src/dto/get-user-response.dto.ts +17 -0
  632. package/src/dto/has-provider.dto.ts +56 -0
  633. package/src/dto/index.ts +57 -0
  634. package/src/dto/is-trusted-device-response.dto.ts +34 -0
  635. package/src/dto/list-providers-response.dto.ts +23 -0
  636. package/src/dto/login.dto.ts +95 -0
  637. package/src/dto/logout-all-response.dto.ts +24 -0
  638. package/src/dto/logout-all.dto.ts +65 -0
  639. package/src/dto/logout-response.dto.ts +25 -0
  640. package/src/dto/logout.dto.ts +64 -0
  641. package/src/dto/refresh-token.dto.ts +36 -0
  642. package/src/dto/remove-devices.dto.ts +85 -0
  643. package/src/dto/resend-code-response.dto.ts +32 -0
  644. package/src/dto/resend-code.dto.ts +51 -0
  645. package/src/dto/reset-password.dto.ts +115 -0
  646. package/src/dto/respond-challenge.dto.ts +272 -0
  647. package/src/dto/set-mfa-exemption.dto.ts +112 -0
  648. package/src/dto/set-must-change-password-response.dto.ts +27 -0
  649. package/src/dto/set-must-change-password.dto.ts +46 -0
  650. package/src/dto/set-preferred-method.dto.ts +80 -0
  651. package/src/dto/setup-mfa.dto.ts +98 -0
  652. package/src/dto/signup.dto.ts +174 -0
  653. package/src/dto/social-auth.dto.ts +422 -0
  654. package/src/dto/trust-device-response.dto.ts +30 -0
  655. package/src/dto/trust-device.dto.ts +9 -0
  656. package/src/dto/update-user-attributes-request.dto.ts +51 -0
  657. package/src/dto/user-response.dto.ts +138 -0
  658. package/src/dto/user-update.dto.ts +222 -0
  659. package/src/dto/verify-email.dto.ts +313 -0
  660. package/src/dto/verify-mfa-code.dto.ts +103 -0
  661. package/src/dto/verify-phone-by-sub.dto.ts +78 -0
  662. package/src/dto/verify-phone.dto.ts +245 -0
  663. package/src/entities/auth-audit.entity.ts +232 -0
  664. package/src/entities/challenge-session.entity.ts +116 -0
  665. package/src/entities/index.ts +29 -0
  666. package/src/entities/login-attempt.entity.ts +64 -0
  667. package/src/entities/mfa-device.entity.ts +151 -0
  668. package/src/entities/rate-limit.entity.ts +44 -0
  669. package/src/entities/session.entity.ts +180 -0
  670. package/src/entities/social-account.entity.ts +96 -0
  671. package/src/entities/storage-lock.entity.ts +39 -0
  672. package/src/entities/trusted-device.entity.ts +112 -0
  673. package/src/entities/user.entity.ts +243 -0
  674. package/src/entities/verification-token.entity.ts +141 -0
  675. package/src/enums/auth-audit-event-type.enum.ts +360 -0
  676. package/src/enums/error-codes.enum.ts +420 -0
  677. package/src/enums/mfa-method.enum.ts +97 -0
  678. package/src/enums/risk-factor.enum.ts +111 -0
  679. package/src/exceptions/nauth.exception.ts +231 -0
  680. package/src/handlers/auth.handler.ts +260 -0
  681. package/src/handlers/client-info.handler.ts +101 -0
  682. package/src/handlers/csrf.handler.ts +156 -0
  683. package/src/handlers/token-delivery.handler.ts +118 -0
  684. package/src/index.ts +118 -0
  685. package/src/interfaces/client-info.interface.ts +85 -0
  686. package/src/interfaces/config.interface.ts +2135 -0
  687. package/src/interfaces/entities.interface.ts +226 -0
  688. package/src/interfaces/index.ts +15 -0
  689. package/src/interfaces/logger.interface.ts +283 -0
  690. package/src/interfaces/mfa-provider.interface.ts +154 -0
  691. package/src/interfaces/oauth.interface.ts +148 -0
  692. package/src/interfaces/provider.interface.ts +47 -0
  693. package/src/interfaces/social-auth-provider.interface.ts +131 -0
  694. package/src/interfaces/storage-adapter.interface.ts +82 -0
  695. package/src/interfaces/template.interface.ts +510 -0
  696. package/src/interfaces/token-verifier.interface.ts +110 -0
  697. package/src/internal.ts +178 -0
  698. package/src/platform/interfaces.ts +299 -0
  699. package/src/schemas/auth-config.schema.ts +646 -0
  700. package/src/services/adaptive-mfa-decision.service.spec.ts +1058 -0
  701. package/src/services/adaptive-mfa-decision.service.ts +457 -0
  702. package/src/services/auth-audit.service.spec.ts +675 -0
  703. package/src/services/auth-audit.service.ts +558 -0
  704. package/src/services/auth-challenge-helper.service.spec.ts +3227 -0
  705. package/src/services/auth-challenge-helper.service.ts +825 -0
  706. package/src/services/auth-flow-context-builder.service.ts +520 -0
  707. package/src/services/auth-flow-rules.ts +202 -0
  708. package/src/services/auth-flow-state-definitions.ts +190 -0
  709. package/src/services/auth-flow-state-machine.service.ts +207 -0
  710. package/src/services/auth-flow-state-machine.types.ts +316 -0
  711. package/src/services/auth.service.spec.ts +4195 -0
  712. package/src/services/auth.service.ts +3727 -0
  713. package/src/services/challenge.service.spec.ts +1363 -0
  714. package/src/services/challenge.service.ts +696 -0
  715. package/src/services/client-info.service.spec.ts +572 -0
  716. package/src/services/client-info.service.ts +374 -0
  717. package/src/services/csrf.service.ts +54 -0
  718. package/src/services/email-verification.service.spec.ts +1229 -0
  719. package/src/services/email-verification.service.ts +578 -0
  720. package/src/services/geo-location.service.spec.ts +603 -0
  721. package/src/services/geo-location.service.ts +599 -0
  722. package/src/services/index.ts +13 -0
  723. package/src/services/jwt.service.spec.ts +882 -0
  724. package/src/services/jwt.service.ts +621 -0
  725. package/src/services/mfa-base.service.spec.ts +246 -0
  726. package/src/services/mfa-base.service.ts +611 -0
  727. package/src/services/mfa.service.spec.ts +693 -0
  728. package/src/services/mfa.service.ts +960 -0
  729. package/src/services/password.service.spec.ts +166 -0
  730. package/src/services/password.service.ts +309 -0
  731. package/src/services/phone-verification.service.spec.ts +1120 -0
  732. package/src/services/phone-verification.service.ts +751 -0
  733. package/src/services/risk-detection.service.spec.ts +1292 -0
  734. package/src/services/risk-detection.service.ts +1012 -0
  735. package/src/services/risk-scoring.service.spec.ts +204 -0
  736. package/src/services/risk-scoring.service.ts +131 -0
  737. package/src/services/session.service.spec.ts +1293 -0
  738. package/src/services/session.service.ts +803 -0
  739. package/src/services/social-account.service.spec.ts +725 -0
  740. package/src/services/social-auth-base.service.spec.ts +418 -0
  741. package/src/services/social-auth-base.service.ts +581 -0
  742. package/src/services/social-auth.service.spec.ts +238 -0
  743. package/src/services/social-auth.service.ts +436 -0
  744. package/src/services/social-provider-registry.service.spec.ts +238 -0
  745. package/src/services/social-provider-registry.service.ts +122 -0
  746. package/src/services/trusted-device.service.spec.ts +505 -0
  747. package/src/services/trusted-device.service.ts +339 -0
  748. package/src/storage/account-lockout-storage.service.spec.ts +310 -0
  749. package/src/storage/account-lockout-storage.service.ts +89 -0
  750. package/src/storage/index.ts +3 -0
  751. package/src/storage/memory-storage.adapter.ts +443 -0
  752. package/src/storage/rate-limit-storage.service.spec.ts +247 -0
  753. package/src/storage/rate-limit-storage.service.ts +38 -0
  754. package/src/templates/html-template.engine.spec.ts +161 -0
  755. package/src/templates/html-template.engine.ts +688 -0
  756. package/src/templates/index.ts +7 -0
  757. package/src/utils/common-passwords.spec.ts +230 -0
  758. package/src/utils/common-passwords.ts +170 -0
  759. package/src/utils/context-storage.ts +188 -0
  760. package/src/utils/cookie-names.util.ts +67 -0
  761. package/src/utils/cookies.util.ts +94 -0
  762. package/src/utils/index.ts +12 -0
  763. package/src/utils/ip-extractor.spec.ts +330 -0
  764. package/src/utils/ip-extractor.ts +220 -0
  765. package/src/utils/nauth-logger.spec.ts +388 -0
  766. package/src/utils/nauth-logger.ts +215 -0
  767. package/src/utils/pii-redactor.spec.ts +130 -0
  768. package/src/utils/pii-redactor.ts +288 -0
  769. package/src/utils/setup/get-repositories.ts +140 -0
  770. package/src/utils/setup/init-services.ts +422 -0
  771. package/src/utils/setup/init-social.ts +189 -0
  772. package/src/utils/setup/init-storage.ts +94 -0
  773. package/src/utils/setup/register-mfa.ts +165 -0
  774. package/src/utils/setup/run-nauth-migrations.ts +61 -0
  775. package/src/utils/token-delivery-policy.ts +38 -0
  776. package/src/validators/template.validator.ts +219 -0
  777. package/tsconfig.json +37 -0
  778. package/tsconfig.lint.json +6 -0
package/src/services/adaptive-mfa-decision.service.spec.ts ADDED
@@ -0,0 +1,1058 @@
1
+ import { AdaptiveMFADecisionService } from './adaptive-mfa-decision.service';
2
+ import { RiskDetectionService } from './risk-detection.service';
3
+ import { RiskScoringService } from './risk-scoring.service';
4
+ import { StorageAdapter } from '../interfaces/storage-adapter.interface';
5
+ import { AuthAuditService } from './auth-audit.service';
6
+ import { ClientInfoService } from './client-info.service';
7
+ import { IUser } from '../interfaces/entities.interface';
8
+ import { NAuthConfig, AdaptiveMFARiskEventPayload } from '../interfaces/config.interface';
9
+ import { NAuthLogger } from '../utils/nauth-logger';
10
+ import { ClientInfo } from '../interfaces/client-info.interface';
11
+ import { AuthAuditEventType } from '../enums/auth-audit-event-type.enum';
12
+ import { RiskFactor } from '../enums/risk-factor.enum';
13
+
14
+ /**
15
+ * Adaptive MFA Decision Service Unit Tests
16
+ *
17
+ * Platform-agnostic: Uses direct instantiation, no NestJS dependencies.
18
+ *
19
+ * Covers:
20
+ * - Risk evaluation and decision making
21
+ * - Risk level determination (low, medium, high)
22
+ * - Action determination (allow, require_mfa, block_signin)
23
+ * - Lifecycle hook integration (onAdaptiveMFATriggered, onSignInBlocked)
24
+ * - User blocking functionality (isUserBlocked, blockUserSignIn)
25
+ * - Configuration-based risk level customization
26
+ * - Error handling and graceful degradation
27
+ */
28
+ describe('AdaptiveMFADecisionService', () => {
29
+ let service: AdaptiveMFADecisionService;
30
+ let mockRiskDetectionService: jest.Mocked<RiskDetectionService>;
31
+ let mockRiskScoringService: jest.Mocked<RiskScoringService>;
32
+ let mockStorageAdapter: jest.Mocked<StorageAdapter>;
33
+ let mockAuditService: jest.Mocked<AuthAuditService>;
34
+ let mockClientInfoService: jest.Mocked<ClientInfoService>;
35
+ let mockConfig: NAuthConfig;
36
+ let mockLogger: jest.Mocked<NAuthLogger>;
37
+
38
+ const mockUser: IUser = {
39
+ id: 1,
40
+ sub: 'user-123',
41
+ email: 'test@example.com',
42
+ username: 'testuser',
43
+ phone: null,
44
+ firstName: null,
45
+ lastName: null,
46
+ passwordHash: null,
47
+ passwordChangedAt: null,
48
+ passwordHistory: null,
49
+ isEmailVerified: true,
50
+ isPhoneVerified: false,
51
+ isActive: true,
52
+ mustChangePassword: false,
53
+ isLocked: false,
54
+ lockReason: null,
55
+ lockedAt: null,
56
+ lockedUntil: null,
57
+ failedLoginAttempts: 0,
58
+ lastFailedLoginAt: null,
59
+ lastLoginAt: null,
60
+ lastLoginIp: null,
61
+ hasSocialAuth: false,
62
+ socialProviders: null,
63
+ mfaEnabled: false,
64
+ mfaMethods: null,
65
+ preferredMfaMethod: null,
66
+ backupCodes: null,
67
+ metadata: null,
68
+ createdAt: new Date(),
69
+ updatedAt: new Date(),
70
+ deletedAt: null,
71
+ };
72
+
73
+ const mockClientInfo: ClientInfo = {
74
+ ipAddress: '192.168.1.100',
75
+ userAgent: 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36',
76
+ deviceToken: 'device-123',
77
+ deviceName: 'Chrome on Windows',
78
+ deviceType: 'desktop',
79
+ ipCountry: 'US',
80
+ ipCity: 'New York',
81
+ platform: 'Windows',
82
+ browser: 'Chrome',
83
+ };
84
+
85
+ beforeEach(() => {
86
+ mockRiskDetectionService = {
87
+ detectRiskFactors: jest.fn(),
88
+ } as any;
89
+
90
+ mockRiskScoringService = {
91
+ calculateRiskScore: jest.fn(),
92
+ getRiskLevel: jest.fn(),
93
+ } as any;
94
+
95
+ mockStorageAdapter = {
96
+ get: jest.fn(),
97
+ set: jest.fn(),
98
+ del: jest.fn(),
99
+ exists: jest.fn(),
100
+ incr: jest.fn(),
101
+ decr: jest.fn(),
102
+ expire: jest.fn(),
103
+ ttl: jest.fn(),
104
+ hget: jest.fn(),
105
+ hset: jest.fn(),
106
+ hgetall: jest.fn(),
107
+ hdel: jest.fn(),
108
+ lpush: jest.fn(),
109
+ lrange: jest.fn(),
110
+ llen: jest.fn(),
111
+ keys: jest.fn(),
112
+ scan: jest.fn(),
113
+ initialize: jest.fn(),
114
+ isHealthy: jest.fn(),
115
+ cleanup: jest.fn(),
116
+ disconnect: jest.fn(),
117
+ } as any;
118
+
119
+ mockAuditService = {
120
+ recordEvent: jest.fn().mockResolvedValue(null),
121
+ } as any;
122
+
123
+ mockClientInfoService = {
124
+ get: jest.fn().mockReturnValue(mockClientInfo),
125
+ } as any;
126
+
127
+ mockLogger = {
128
+ log: jest.fn(),
129
+ error: jest.fn(),
130
+ warn: jest.fn(),
131
+ debug: jest.fn(),
132
+ verbose: jest.fn(),
133
+ } as any;
134
+
135
+ mockConfig = {
136
+ jwt: {
137
+ accessToken: { secret: 'test-secret', expiresIn: '15m' },
138
+ refreshToken: { secret: 'test-refresh-secret', expiresIn: '7d' },
139
+ },
140
+ mfa: {
141
+ adaptive: {
142
+ triggers: ['new_device', 'new_ip', 'new_country'],
143
+ riskLevels: {
144
+ low: { maxScore: 20, action: 'allow', notifyUser: false },
145
+ medium: { maxScore: 50, action: 'require_mfa', notifyUser: true },
146
+ high: { maxScore: 100, action: 'require_mfa', notifyUser: true },
147
+ },
148
+ },
149
+ },
150
+ };
151
+
152
+ // Instantiate service directly
153
+ service = new AdaptiveMFADecisionService(
154
+ mockRiskDetectionService,
155
+ mockRiskScoringService,
156
+ mockStorageAdapter,
157
+ mockClientInfoService,
158
+ mockConfig,
159
+ mockLogger,
160
+ mockAuditService,
161
+ );
162
+ });
163
+
164
+ afterEach(() => {
165
+ jest.clearAllMocks();
166
+ });
167
+
168
+ // ============================================================================
169
+ // Service Initialization
170
+ // ============================================================================
171
+
172
+ it('should be defined', () => {
173
+ expect(service).toBeDefined();
174
+ // Verify clientInfoService is injected
175
+ expect((service as any).clientInfoService).toBe(mockClientInfoService);
176
+ });
177
+
178
+ // ============================================================================
179
+ // evaluateAdaptiveMFA - Low Risk
180
+ // ============================================================================
181
+
182
+ describe('evaluateAdaptiveMFA() - low risk', () => {
183
+ it('should return allow action for low risk score', async () => {
184
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
185
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.NEW_DEVICE]);
186
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(15); // Low risk
187
+ mockRiskScoringService.getRiskLevel.mockReturnValue('low');
188
+ mockAuditService.recordEvent.mockResolvedValue(null);
189
+
190
+ const decision = await service.evaluateAdaptiveMFA(mockUser, 'password');
191
+
192
+ expect(decision.action).toBe('allow');
193
+ expect(decision.riskScore).toBe(15);
194
+ expect(decision.riskLevel).toBe('low');
195
+ expect(decision.riskFactors).toEqual([RiskFactor.NEW_DEVICE]);
196
+ // Payload should not be included for low risk (allow action, notifyUser false)
197
+ expect(decision.payload).toBeUndefined();
198
+ expect(decision.notifyUser).toBe(false);
199
+ expect(decision.hookOverride).toBe(false);
200
+ });
201
+
202
+ it('should not call lifecycle hook for low risk when notifyUser is false', async () => {
203
+ const mockHook = jest.fn();
204
+ const testConfig: NAuthConfig = {
205
+ ...mockConfig,
206
+ hooks: {
207
+ onAdaptiveMFATriggered: mockHook,
208
+ },
209
+ };
210
+
211
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
212
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([]);
213
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(0);
214
+ mockRiskScoringService.getRiskLevel.mockReturnValue('low');
215
+
216
+ const testService = new AdaptiveMFADecisionService(
217
+ mockRiskDetectionService,
218
+ mockRiskScoringService,
219
+ mockStorageAdapter,
220
+ mockClientInfoService,
221
+ testConfig,
222
+ mockLogger,
223
+ mockAuditService,
224
+ );
225
+
226
+ await testService.evaluateAdaptiveMFA(mockUser, 'password');
227
+
228
+ expect(mockHook).not.toHaveBeenCalled();
229
+ });
230
+ });
231
+
232
+ // ============================================================================
233
+ // evaluateAdaptiveMFA - Medium Risk
234
+ // ============================================================================
235
+
236
+ describe('evaluateAdaptiveMFA() - medium risk', () => {
237
+ it('should return require_mfa action for medium risk score', async () => {
238
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
239
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.NEW_COUNTRY]);
240
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(35); // Medium risk
241
+ mockRiskScoringService.getRiskLevel.mockReturnValue('medium');
242
+ mockAuditService.recordEvent.mockResolvedValue(null);
243
+
244
+ const decision = await service.evaluateAdaptiveMFA(mockUser, 'password');
245
+
246
+ expect(decision.action).toBe('require_mfa');
247
+ expect(decision.riskScore).toBe(35);
248
+ expect(decision.riskLevel).toBe('medium');
249
+ expect(decision.notifyUser).toBe(true);
250
+ // Payload should be included when notifyUser is true
251
+ expect(decision.payload).toBeDefined();
252
+ expect(decision.payload?.action).toBe('require_mfa');
253
+ expect(decision.payload?.user.email).toBe('test@example.com');
254
+ });
255
+
256
+ it('should call lifecycle hook for medium risk when notifyUser is true', async () => {
257
+ const mockHook = jest.fn().mockResolvedValue(undefined);
258
+ const testConfig: NAuthConfig = {
259
+ ...mockConfig,
260
+ hooks: {
261
+ onAdaptiveMFATriggered: mockHook,
262
+ },
263
+ };
264
+
265
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
266
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.NEW_COUNTRY]);
267
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(35);
268
+ mockRiskScoringService.getRiskLevel.mockReturnValue('medium');
269
+
270
+ const testService = new AdaptiveMFADecisionService(
271
+ mockRiskDetectionService,
272
+ mockRiskScoringService,
273
+ mockStorageAdapter,
274
+ mockClientInfoService,
275
+ testConfig,
276
+ mockLogger,
277
+ mockAuditService,
278
+ );
279
+
280
+ await testService.evaluateAdaptiveMFA(mockUser, 'password');
281
+
282
+ expect(mockHook).toHaveBeenCalledTimes(1);
283
+ const payload: AdaptiveMFARiskEventPayload = mockHook.mock.calls[0][0];
284
+ expect(payload.user.sub).toBe('user-123');
285
+ expect(payload.user.email).toBe('test@example.com');
286
+ expect(payload.riskScore).toBe(35);
287
+ expect(payload.riskLevel).toBe('medium');
288
+ expect(payload.riskFactors).toEqual(['new_country']);
289
+ expect(payload.action).toBe('require_mfa');
290
+ });
291
+
292
+ it('should allow hook to override action by returning false', async () => {
293
+ const mockHook = jest.fn().mockResolvedValue(false); // Override
294
+ const testConfig: NAuthConfig = {
295
+ ...mockConfig,
296
+ hooks: {
297
+ onAdaptiveMFATriggered: mockHook,
298
+ },
299
+ };
300
+
301
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
302
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.NEW_COUNTRY]);
303
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(35);
304
+ mockRiskScoringService.getRiskLevel.mockReturnValue('medium');
305
+
306
+ const testService = new AdaptiveMFADecisionService(
307
+ mockRiskDetectionService,
308
+ mockRiskScoringService,
309
+ mockStorageAdapter,
310
+ mockClientInfoService,
311
+ testConfig,
312
+ mockLogger,
313
+ mockAuditService,
314
+ );
315
+
316
+ const decision = await testService.evaluateAdaptiveMFA(mockUser, 'password');
317
+
318
+ expect(decision.action).toBe('allow'); // Overridden
319
+ expect(decision.hookOverride).toBe(true);
320
+ expect(mockHook).toHaveBeenCalled();
321
+ });
322
+ });
323
+
324
+ // ============================================================================
325
+ // evaluateAdaptiveMFA - High Risk
326
+ // ============================================================================
327
+
328
+ describe('evaluateAdaptiveMFA() - high risk', () => {
329
+ it('should return require_mfa action for high risk by default', async () => {
330
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
331
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([
332
+ RiskFactor.IMPOSSIBLE_TRAVEL,
333
+ RiskFactor.SUSPICIOUS_ACTIVITY,
334
+ ]);
335
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(70); // High risk
336
+ mockRiskScoringService.getRiskLevel.mockReturnValue('high');
337
+ mockAuditService.recordEvent.mockResolvedValue(null);
338
+
339
+ const decision = await service.evaluateAdaptiveMFA(mockUser, 'password');
340
+
341
+ expect(decision.action).toBe('require_mfa');
342
+ expect(decision.riskScore).toBe(70);
343
+ expect(decision.riskLevel).toBe('high');
344
+ expect(decision.notifyUser).toBe(true);
345
+ });
346
+
347
+ it('should return block_signin action when configured for high risk', async () => {
348
+ const testConfig: NAuthConfig = {
349
+ ...mockConfig,
350
+ mfa: {
351
+ ...mockConfig.mfa,
352
+ adaptive: {
353
+ ...mockConfig.mfa!.adaptive!,
354
+ riskLevels: {
355
+ ...mockConfig.mfa!.adaptive!.riskLevels,
356
+ high: {
357
+ maxScore: 100,
358
+ action: 'block_signin' as const,
359
+ notifyUser: true,
360
+ },
361
+ },
362
+ },
363
+ },
364
+ };
365
+
366
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
367
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([
368
+ RiskFactor.IMPOSSIBLE_TRAVEL,
369
+ RiskFactor.SUSPICIOUS_ACTIVITY,
370
+ ]);
371
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(70);
372
+ mockRiskScoringService.getRiskLevel.mockReturnValue('high');
373
+
374
+ const testService = new AdaptiveMFADecisionService(
375
+ mockRiskDetectionService,
376
+ mockRiskScoringService,
377
+ mockStorageAdapter,
378
+ mockClientInfoService,
379
+ testConfig,
380
+ mockLogger,
381
+ mockAuditService,
382
+ );
383
+
384
+ const decision = await testService.evaluateAdaptiveMFA(mockUser, 'password');
385
+
386
+ expect(decision.action).toBe('block_signin');
387
+ expect(decision.riskScore).toBe(70);
388
+ expect(decision.riskLevel).toBe('high');
389
+ // Payload should be included for block_signin action
390
+ expect(decision.payload).toBeDefined();
391
+ expect(decision.payload?.action).toBe('block_signin');
392
+ expect(decision.payload?.riskScore).toBe(70);
393
+ expect(decision.payload?.user.email).toBe('test@example.com');
394
+ });
395
+
396
+ it('should return block_signin action and include payload for blockUserSignIn', async () => {
397
+ const testConfig: NAuthConfig = {
398
+ ...mockConfig,
399
+ mfa: {
400
+ ...mockConfig.mfa,
401
+ adaptive: {
402
+ ...mockConfig.mfa!.adaptive!,
403
+ riskLevels: {
404
+ ...mockConfig.mfa!.adaptive!.riskLevels,
405
+ high: {
406
+ maxScore: 100,
407
+ action: 'block_signin' as const,
408
+ notifyUser: true,
409
+ },
410
+ },
411
+ },
412
+ },
413
+ };
414
+
415
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
416
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.IMPOSSIBLE_TRAVEL]);
417
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(70);
418
+ mockRiskScoringService.getRiskLevel.mockReturnValue('high');
419
+
420
+ const testService = new AdaptiveMFADecisionService(
421
+ mockRiskDetectionService,
422
+ mockRiskScoringService,
423
+ mockStorageAdapter,
424
+ mockClientInfoService,
425
+ testConfig,
426
+ mockLogger,
427
+ mockAuditService,
428
+ );
429
+
430
+ const decision = await testService.evaluateAdaptiveMFA(mockUser, 'password');
431
+
432
+ expect(decision.action).toBe('block_signin');
433
+ // Payload should be included for block_signin action (caller can use it to call blockUserSignIn)
434
+ expect(decision.payload).toBeDefined();
435
+ expect(decision.payload?.action).toBe('block_signin');
436
+ });
437
+ });
438
+
439
+ // ============================================================================
440
+ // evaluateAdaptiveMFA - Configuration
441
+ // ============================================================================
442
+
443
+ describe('evaluateAdaptiveMFA() - configuration', () => {
444
+ it('should use default risk levels when not configured', async () => {
445
+ const testConfig: NAuthConfig = {
446
+ ...mockConfig,
447
+ mfa: {
448
+ ...mockConfig.mfa,
449
+ adaptive: {
450
+ ...mockConfig.mfa!.adaptive!,
451
+ riskLevels: undefined,
452
+ },
453
+ },
454
+ };
455
+
456
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
457
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.NEW_DEVICE]);
458
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(15);
459
+ mockRiskScoringService.getRiskLevel.mockReturnValue('low');
460
+
461
+ const testService = new AdaptiveMFADecisionService(
462
+ mockRiskDetectionService,
463
+ mockRiskScoringService,
464
+ mockStorageAdapter,
465
+ mockClientInfoService,
466
+ testConfig,
467
+ mockLogger,
468
+ mockAuditService,
469
+ );
470
+
471
+ const decision = await testService.evaluateAdaptiveMFA(mockUser, 'password');
472
+
473
+ expect(decision.action).toBe('allow'); // Default for low
474
+ });
475
+
476
+ it('should respect custom risk level thresholds', async () => {
477
+ const testConfig: NAuthConfig = {
478
+ ...mockConfig,
479
+ mfa: {
480
+ ...mockConfig.mfa,
481
+ adaptive: {
482
+ ...mockConfig.mfa!.adaptive!,
483
+ riskLevels: {
484
+ low: { maxScore: 30, action: 'allow' as const, notifyUser: false },
485
+ medium: { maxScore: 70, action: 'require_mfa' as const, notifyUser: true },
486
+ high: { maxScore: 100, action: 'require_mfa' as const, notifyUser: true },
487
+ },
488
+ },
489
+ },
490
+ };
491
+
492
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
493
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.NEW_DEVICE]);
494
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(25); // Now in low range
495
+ mockRiskScoringService.getRiskLevel.mockReturnValue('low');
496
+
497
+ const testService = new AdaptiveMFADecisionService(
498
+ mockRiskDetectionService,
499
+ mockRiskScoringService,
500
+ mockStorageAdapter,
501
+ mockClientInfoService,
502
+ testConfig,
503
+ mockLogger,
504
+ mockAuditService,
505
+ );
506
+
507
+ const decision = await testService.evaluateAdaptiveMFA(mockUser, 'password');
508
+
509
+ expect(decision.action).toBe('allow');
510
+ });
511
+ });
512
+
513
+ // ============================================================================
514
+ // evaluateAdaptiveMFA - Audit Logging
515
+ // ============================================================================
516
+
517
+ describe('evaluateAdaptiveMFA() - audit logging', () => {
518
+ it('should record audit event with risk details', async () => {
519
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
520
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.NEW_COUNTRY]);
521
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(35);
522
+ mockRiskScoringService.getRiskLevel.mockReturnValue('medium');
523
+ mockAuditService.recordEvent.mockResolvedValue(null);
524
+
525
+ await service.evaluateAdaptiveMFA(mockUser, 'password');
526
+
527
+ expect(mockAuditService.recordEvent).toHaveBeenCalled();
528
+ const auditCall = mockAuditService.recordEvent.mock.calls[0][0];
529
+ expect(auditCall.userId).toBe(1);
530
+ expect(auditCall.eventType).toBe(AuthAuditEventType.ADAPTIVE_MFA_RISK_ASSESSED);
531
+ expect(auditCall.riskFactors).toEqual([RiskFactor.NEW_COUNTRY]);
532
+ expect(auditCall.riskFactor).toBe(35);
533
+ expect(auditCall.adaptiveMfaTriggered).toBe(true);
534
+ });
535
+
536
+ it('should handle audit logging errors gracefully', async () => {
537
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
538
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([RiskFactor.NEW_DEVICE]);
539
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(15);
540
+ mockRiskScoringService.getRiskLevel.mockReturnValue('low');
541
+ // recordEvent returns a promise that rejects - service catches it
542
+ mockAuditService.recordEvent.mockImplementation(() => Promise.reject(new Error('Audit error')));
543
+
544
+ // Should not throw
545
+ const decision = await service.evaluateAdaptiveMFA(mockUser, 'password');
546
+
547
+ expect(decision).toBeDefined();
548
+ // Service uses .catch() so error is handled internally
549
+ });
550
+ });
551
+
552
+ // ============================================================================
553
+ // isUserBlocked
554
+ // ============================================================================
555
+
556
+ describe('isUserBlocked()', () => {
557
+ it('should return blocked=false when no block exists', async () => {
558
+ mockStorageAdapter.get.mockClear();
559
+ mockStorageAdapter.get.mockResolvedValue(null);
560
+
561
+ const result = await service.isUserBlocked(1);
562
+
563
+ expect(result.blocked).toBe(false);
564
+ expect(mockStorageAdapter.get).toHaveBeenCalledWith('adaptive_mfa_block:1');
565
+ });
566
+
567
+ it('should return blocked=true when block exists', async () => {
568
+ const blockData = {
569
+ userId: 1,
570
+ userSub: 'user-123',
571
+ message: 'Sign-in blocked',
572
+ riskScore: 70,
573
+ riskFactors: [RiskFactor.IMPOSSIBLE_TRAVEL],
574
+ blockedAt: new Date().toISOString(),
575
+ expiresAt: new Date(Date.now() + 60 * 60 * 1000).toISOString(), // 1 hour from now
576
+ };
577
+
578
+ mockStorageAdapter.get.mockClear();
579
+ mockStorageAdapter.get.mockResolvedValue(JSON.stringify(blockData));
580
+
581
+ const result = await service.isUserBlocked(1);
582
+
583
+ expect(result.blocked).toBe(true);
584
+ expect(result.message).toBe('Sign-in blocked');
585
+ expect(result.expiresAt).toBeInstanceOf(Date);
586
+ });
587
+
588
+ it('should return blocked=false when block has expired', async () => {
589
+ const expiredBlockData = {
590
+ userId: 1,
591
+ userSub: 'user-123',
592
+ message: 'Sign-in blocked',
593
+ riskScore: 70,
594
+ riskFactors: [RiskFactor.IMPOSSIBLE_TRAVEL],
595
+ blockedAt: new Date(Date.now() - 2 * 60 * 60 * 1000).toISOString(), // 2 hours ago
596
+ expiresAt: new Date(Date.now() - 60 * 60 * 1000).toISOString(), // 1 hour ago (expired)
597
+ };
598
+
599
+ mockStorageAdapter.get.mockClear();
600
+ mockStorageAdapter.get.mockResolvedValue(JSON.stringify(expiredBlockData));
601
+ mockStorageAdapter.del.mockClear();
602
+ mockStorageAdapter.del.mockResolvedValue(undefined);
603
+
604
+ const result = await service.isUserBlocked(1);
605
+
606
+ expect(result.blocked).toBe(false);
607
+ expect(mockStorageAdapter.del).toHaveBeenCalledWith('adaptive_mfa_block:1');
608
+ });
609
+
610
+ it('should handle permanent blocks (no expiration)', async () => {
611
+ const permanentBlockData: any = {
612
+ userId: 1,
613
+ userSub: 'user-123',
614
+ message: 'Sign-in blocked',
615
+ riskScore: 70,
616
+ riskFactors: [RiskFactor.IMPOSSIBLE_TRAVEL],
617
+ blockedAt: new Date().toISOString(),
618
+ };
619
+ // expiresAt is omitted (not set) for permanent blocks
620
+
621
+ mockStorageAdapter.get.mockClear();
622
+ mockStorageAdapter.get.mockResolvedValue(JSON.stringify(permanentBlockData));
623
+
624
+ const result = await service.isUserBlocked(1);
625
+
626
+ expect(result.blocked).toBe(true);
627
+ expect(result.expiresAt).toBeUndefined();
628
+ });
629
+
630
+ it('should handle errors gracefully', async () => {
631
+ mockStorageAdapter.get.mockRejectedValueOnce(new Error('Storage error'));
632
+
633
+ const result = await service.isUserBlocked(1);
634
+
635
+ expect(result.blocked).toBe(false); // Safer default
636
+ expect(mockLogger.warn).toHaveBeenCalled();
637
+ });
638
+ });
639
+
640
+ // ============================================================================
641
+ // blockUserSignIn
642
+ // ============================================================================
643
+
644
+ describe('blockUserSignIn()', () => {
645
+ it('should block user with temporary TTL when blockDuration configured', async () => {
646
+ const testConfig: NAuthConfig = {
647
+ ...mockConfig,
648
+ mfa: {
649
+ ...mockConfig.mfa,
650
+ adaptive: {
651
+ ...mockConfig.mfa!.adaptive!,
652
+ blockedSignIn: {
653
+ blockDuration: 60, // 60 minutes
654
+ message: 'Custom block message',
655
+ },
656
+ },
657
+ },
658
+ };
659
+
660
+ const payload: AdaptiveMFARiskEventPayload = {
661
+ user: {
662
+ sub: 'user-123',
663
+ email: 'test@example.com',
664
+ username: 'testuser',
665
+ },
666
+ riskScore: 70,
667
+ riskLevel: 'high',
668
+ riskFactors: [RiskFactor.IMPOSSIBLE_TRAVEL],
669
+ action: 'block_signin',
670
+ clientInfo: {
671
+ ipAddress: mockClientInfo.ipAddress,
672
+ ipCountry: mockClientInfo.ipCountry,
673
+ ipCity: mockClientInfo.ipCity,
674
+ deviceId: mockClientInfo.deviceToken,
675
+ deviceName: mockClientInfo.deviceName,
676
+ deviceType: mockClientInfo.deviceType,
677
+ userAgent: mockClientInfo.userAgent,
678
+ platform: mockClientInfo.platform,
679
+ browser: mockClientInfo.browser,
680
+ },
681
+ authMethod: 'password',
682
+ timestamp: new Date(),
683
+ };
684
+
685
+ const testService = new AdaptiveMFADecisionService(
686
+ mockRiskDetectionService,
687
+ mockRiskScoringService,
688
+ mockStorageAdapter,
689
+ mockClientInfoService,
690
+ testConfig,
691
+ mockLogger,
692
+ mockAuditService,
693
+ );
694
+
695
+ await testService.blockUserSignIn(mockUser, payload);
696
+
697
+ const setCall = mockStorageAdapter.set.mock.calls[0];
698
+ expect(setCall[0]).toBe('adaptive_mfa_block:1');
699
+ expect(setCall[1]).toContain('Custom block message');
700
+ expect(setCall[2]).toBe(3600); // 60 minutes in seconds
701
+ expect(mockLogger.warn).toHaveBeenCalled();
702
+ });
703
+
704
+ it('should block user permanently when blockDuration not configured', async () => {
705
+ const testConfig: NAuthConfig = {
706
+ ...mockConfig,
707
+ mfa: {
708
+ ...mockConfig.mfa,
709
+ adaptive: {
710
+ ...mockConfig.mfa!.adaptive!,
711
+ blockedSignIn: {
712
+ message: 'Sign-in blocked',
713
+ },
714
+ },
715
+ },
716
+ };
717
+
718
+ const payload: AdaptiveMFARiskEventPayload = {
719
+ user: {
720
+ sub: 'user-123',
721
+ email: 'test@example.com',
722
+ username: 'testuser',
723
+ },
724
+ riskScore: 70,
725
+ riskLevel: 'high',
726
+ riskFactors: [RiskFactor.IMPOSSIBLE_TRAVEL],
727
+ action: 'block_signin',
728
+ clientInfo: {
729
+ ipAddress: mockClientInfo.ipAddress,
730
+ ipCountry: mockClientInfo.ipCountry,
731
+ ipCity: mockClientInfo.ipCity,
732
+ deviceId: mockClientInfo.deviceToken,
733
+ deviceName: mockClientInfo.deviceName,
734
+ deviceType: mockClientInfo.deviceType,
735
+ userAgent: mockClientInfo.userAgent,
736
+ platform: mockClientInfo.platform,
737
+ browser: mockClientInfo.browser,
738
+ },
739
+ authMethod: 'password',
740
+ timestamp: new Date(),
741
+ };
742
+
743
+ const testService = new AdaptiveMFADecisionService(
744
+ mockRiskDetectionService,
745
+ mockRiskScoringService,
746
+ mockStorageAdapter,
747
+ mockClientInfoService,
748
+ testConfig,
749
+ mockLogger,
750
+ mockAuditService,
751
+ );
752
+
753
+ await testService.blockUserSignIn(mockUser, payload);
754
+
755
+ const setCall = mockStorageAdapter.set.mock.calls[0];
756
+ expect(setCall[0]).toBe('adaptive_mfa_block:1');
757
+ expect(typeof setCall[1]).toBe('string');
758
+ expect(setCall[2]).toBeUndefined(); // No TTL
759
+ });
760
+
761
+ it('should call onSignInBlocked lifecycle hook', async () => {
762
+ const mockHook = jest.fn().mockResolvedValue(undefined);
763
+ const testConfig: NAuthConfig = {
764
+ ...mockConfig,
765
+ hooks: {
766
+ onSignInBlocked: mockHook,
767
+ },
768
+ mfa: {
769
+ ...mockConfig.mfa,
770
+ adaptive: {
771
+ ...mockConfig.mfa!.adaptive!,
772
+ blockedSignIn: {
773
+ blockDuration: 30,
774
+ message: 'Blocked',
775
+ },
776
+ },
777
+ },
778
+ };
779
+
780
+ const payload: AdaptiveMFARiskEventPayload = {
781
+ user: {
782
+ sub: 'user-123',
783
+ email: 'test@example.com',
784
+ username: 'testuser',
785
+ },
786
+ riskScore: 70,
787
+ riskLevel: 'high',
788
+ riskFactors: [RiskFactor.IMPOSSIBLE_TRAVEL],
789
+ action: 'block_signin',
790
+ clientInfo: {
791
+ ipAddress: mockClientInfo.ipAddress,
792
+ ipCountry: mockClientInfo.ipCountry,
793
+ ipCity: mockClientInfo.ipCity,
794
+ deviceId: mockClientInfo.deviceToken,
795
+ deviceName: mockClientInfo.deviceName,
796
+ deviceType: mockClientInfo.deviceType,
797
+ userAgent: mockClientInfo.userAgent,
798
+ platform: mockClientInfo.platform,
799
+ browser: mockClientInfo.browser,
800
+ },
801
+ authMethod: 'password',
802
+ timestamp: new Date(),
803
+ };
804
+
805
+ const testService = new AdaptiveMFADecisionService(
806
+ mockRiskDetectionService,
807
+ mockRiskScoringService,
808
+ mockStorageAdapter,
809
+ mockClientInfoService,
810
+ testConfig,
811
+ mockLogger,
812
+ mockAuditService,
813
+ );
814
+
815
+ await testService.blockUserSignIn(mockUser, payload);
816
+
817
+ expect(mockHook).toHaveBeenCalledTimes(1);
818
+ const hookPayload = mockHook.mock.calls[0][0];
819
+ expect(hookPayload.user.sub).toBe('user-123');
820
+ expect(hookPayload.riskScore).toBe(70);
821
+ expect(hookPayload.blockDuration).toBe(30);
822
+ expect(hookPayload.message).toBe('Blocked');
823
+ expect(hookPayload.blockExpiresAt).toBeDefined();
824
+ });
825
+
826
+ it('should handle hook errors gracefully', async () => {
827
+ const mockHook = jest.fn().mockRejectedValue(new Error('Hook error'));
828
+ const testConfig: NAuthConfig = {
829
+ ...mockConfig,
830
+ hooks: {
831
+ onSignInBlocked: mockHook,
832
+ },
833
+ mfa: {
834
+ ...mockConfig.mfa,
835
+ adaptive: {
836
+ ...mockConfig.mfa!.adaptive!,
837
+ blockedSignIn: {
838
+ blockDuration: 30,
839
+ message: 'Blocked',
840
+ },
841
+ },
842
+ },
843
+ };
844
+
845
+ const payload: AdaptiveMFARiskEventPayload = {
846
+ user: {
847
+ sub: 'user-123',
848
+ email: 'test@example.com',
849
+ username: 'testuser',
850
+ },
851
+ riskScore: 70,
852
+ riskLevel: 'high',
853
+ riskFactors: [RiskFactor.IMPOSSIBLE_TRAVEL],
854
+ action: 'block_signin',
855
+ clientInfo: {
856
+ ipAddress: mockClientInfo.ipAddress,
857
+ ipCountry: mockClientInfo.ipCountry,
858
+ ipCity: mockClientInfo.ipCity,
859
+ deviceId: mockClientInfo.deviceToken,
860
+ deviceName: mockClientInfo.deviceName,
861
+ deviceType: mockClientInfo.deviceType,
862
+ userAgent: mockClientInfo.userAgent,
863
+ platform: mockClientInfo.platform,
864
+ browser: mockClientInfo.browser,
865
+ },
866
+ authMethod: 'password',
867
+ timestamp: new Date(),
868
+ };
869
+
870
+ const testService = new AdaptiveMFADecisionService(
871
+ mockRiskDetectionService,
872
+ mockRiskScoringService,
873
+ mockStorageAdapter,
874
+ mockClientInfoService,
875
+ testConfig,
876
+ mockLogger,
877
+ mockAuditService,
878
+ );
879
+
880
+ // Should not throw
881
+ await testService.blockUserSignIn(mockUser, payload);
882
+
883
+ expect(mockLogger.error).toHaveBeenCalled();
884
+ });
885
+
886
+ it('should use default message when not configured', async () => {
887
+ const testConfig: NAuthConfig = {
888
+ ...mockConfig,
889
+ mfa: {
890
+ ...mockConfig.mfa,
891
+ adaptive: {
892
+ ...mockConfig.mfa!.adaptive!,
893
+ blockedSignIn: {},
894
+ },
895
+ },
896
+ };
897
+
898
+ const payload: AdaptiveMFARiskEventPayload = {
899
+ user: {
900
+ sub: 'user-123',
901
+ email: 'test@example.com',
902
+ username: 'testuser',
903
+ },
904
+ riskScore: 70,
905
+ riskLevel: 'high',
906
+ riskFactors: [RiskFactor.IMPOSSIBLE_TRAVEL],
907
+ action: 'block_signin',
908
+ clientInfo: {
909
+ ipAddress: mockClientInfo.ipAddress,
910
+ ipCountry: mockClientInfo.ipCountry,
911
+ ipCity: mockClientInfo.ipCity,
912
+ deviceId: mockClientInfo.deviceToken,
913
+ deviceName: mockClientInfo.deviceName,
914
+ deviceType: mockClientInfo.deviceType,
915
+ userAgent: mockClientInfo.userAgent,
916
+ platform: mockClientInfo.platform,
917
+ browser: mockClientInfo.browser,
918
+ },
919
+ authMethod: 'password',
920
+ timestamp: new Date(),
921
+ };
922
+
923
+ const testService = new AdaptiveMFADecisionService(
924
+ mockRiskDetectionService,
925
+ mockRiskScoringService,
926
+ mockStorageAdapter,
927
+ mockClientInfoService,
928
+ testConfig,
929
+ mockLogger,
930
+ mockAuditService,
931
+ );
932
+
933
+ await testService.blockUserSignIn(mockUser, payload);
934
+
935
+ const setCall = mockStorageAdapter.set.mock.calls[0];
936
+ const blockData = JSON.parse(setCall[1] as string);
937
+ expect(blockData.message).toContain('suspicious activity');
938
+ });
939
+ });
940
+
941
+ // ============================================================================
942
+ // evaluateAdaptiveMFA - Error Handling
943
+ // ============================================================================
944
+
945
+ describe('evaluateAdaptiveMFA() - error handling', () => {
946
+ it('should handle risk detection errors gracefully', async () => {
947
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
948
+ // Risk detection returns empty array on error (handled internally)
949
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([]);
950
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(0);
951
+ mockRiskScoringService.getRiskLevel.mockReturnValue('low');
952
+ mockAuditService.recordEvent.mockResolvedValue(null);
953
+
954
+ const decision = await service.evaluateAdaptiveMFA(mockUser, 'password');
955
+
956
+ expect(decision).toBeDefined();
957
+ expect(decision.action).toBe('allow');
958
+ });
959
+
960
+ it('should handle missing client info gracefully', async () => {
961
+ mockClientInfoService.get.mockReturnValue({
962
+ ipAddress: 'unknown',
963
+ userAgent: 'unknown',
964
+ } as ClientInfo);
965
+
966
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([]);
967
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(0);
968
+ mockRiskScoringService.getRiskLevel.mockReturnValue('low');
969
+
970
+ const decision = await service.evaluateAdaptiveMFA(mockUser, 'password');
971
+
972
+ expect(decision.action).toBe('allow');
973
+ });
974
+
975
+ it('should throw error when user email is missing', async () => {
976
+ const userWithoutEmail: IUser = {
977
+ ...mockUser,
978
+ email: '', // Empty email
979
+ };
980
+
981
+ try {
982
+ await service.evaluateAdaptiveMFA(userWithoutEmail, 'password');
983
+ fail('Expected evaluateAdaptiveMFA to throw error for missing email');
984
+ } catch (error) {
985
+ expect(error).toBeInstanceOf(Error);
986
+ expect((error as Error).message).toBe('User email is required for adaptive MFA evaluation');
987
+ }
988
+ });
989
+
990
+ it('should throw error when user email is null', async () => {
991
+ const userWithoutEmail: IUser = {
992
+ ...mockUser,
993
+ email: null as unknown as string, // Force null for test
994
+ };
995
+
996
+ try {
997
+ await service.evaluateAdaptiveMFA(userWithoutEmail, 'password');
998
+ fail('Expected evaluateAdaptiveMFA to throw error for null email');
999
+ } catch (error) {
1000
+ expect(error).toBeInstanceOf(Error);
1001
+ expect((error as Error).message).toBe('User email is required for adaptive MFA evaluation');
1002
+ }
1003
+ });
1004
+ });
1005
+
1006
+ // ============================================================================
1007
+ // clearUserBlock
1008
+ // ============================================================================
1009
+
1010
+ describe('clearUserBlock()', () => {
1011
+ it('should clear user block successfully', async () => {
1012
+ mockStorageAdapter.del.mockResolvedValue(undefined);
1013
+
1014
+ await service.clearUserBlock(1);
1015
+
1016
+ expect(mockStorageAdapter.del).toHaveBeenCalledWith('adaptive_mfa_block:1');
1017
+ expect(mockLogger.log).toHaveBeenCalledWith((expect as any).stringContaining('User block cleared'));
1018
+ });
1019
+
1020
+ it('should handle errors gracefully', async () => {
1021
+ mockStorageAdapter.del.mockRejectedValue(new Error('Storage error'));
1022
+
1023
+ await service.clearUserBlock(1);
1024
+
1025
+ expect(mockLogger.warn).toHaveBeenCalled();
1026
+ // Should not throw
1027
+ });
1028
+ });
1029
+
1030
+ // ============================================================================
1031
+ // Service Without Optional Dependencies
1032
+ // ============================================================================
1033
+
1034
+ describe('Service without optional dependencies', () => {
1035
+ it('should work without audit service', async () => {
1036
+ const serviceWithoutAudit = new AdaptiveMFADecisionService(
1037
+ mockRiskDetectionService,
1038
+ mockRiskScoringService,
1039
+ mockStorageAdapter,
1040
+ mockClientInfoService,
1041
+ mockConfig,
1042
+ mockLogger,
1043
+ undefined, // No audit service
1044
+ );
1045
+
1046
+ mockClientInfoService.get.mockReturnValue(mockClientInfo);
1047
+ mockRiskDetectionService.detectRiskFactors.mockResolvedValue([]);
1048
+ mockRiskScoringService.calculateRiskScore.mockReturnValue(0);
1049
+ mockRiskScoringService.getRiskLevel.mockReturnValue('low');
1050
+
1051
+ const decision = await serviceWithoutAudit.evaluateAdaptiveMFA(mockUser, 'password');
1052
+
1053
+ // Should not throw error
1054
+ expect(decision).toBeDefined();
1055
+ expect(decision.action).toBe('allow');
1056
+ });
1057
+ });
1058
+ });