npm - @nauth-toolkit/core - Versions diffs - 0.1.108 → 0.1.111 - Mend

@nauth-toolkit/core 0.1.108 → 0.1.111

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

package/dist/bootstrap.d.ts.map +1 -1
package/dist/bootstrap.js.map +1 -1
package/dist/dto/admin-remove-device.dto.d.ts +22 -0
package/dist/dto/admin-remove-device.dto.d.ts.map +1 -0
package/dist/dto/{admin-remove-devices.dto.js → admin-remove-device.dto.js} +21 -21
package/dist/dto/admin-remove-device.dto.js.map +1 -0
package/dist/dto/admin-set-preferred-device.dto.d.ts +32 -0
package/dist/dto/admin-set-preferred-device.dto.d.ts.map +1 -0
package/dist/dto/admin-set-preferred-device.dto.js +64 -0
package/dist/dto/admin-set-preferred-device.dto.js.map +1 -0
package/dist/dto/admin-signup-social.dto.d.ts +2 -2
package/dist/dto/admin-signup.dto.d.ts +2 -2
package/dist/dto/challenge-response.dto.d.ts +4 -0
package/dist/dto/challenge-response.dto.d.ts.map +1 -1
package/dist/dto/disable-user.dto.d.ts +2 -2
package/dist/dto/enable-user.dto.d.ts +2 -2
package/dist/dto/get-user-devices.dto.d.ts +5 -3
package/dist/dto/get-user-devices.dto.d.ts.map +1 -1
package/dist/dto/get-user-devices.dto.js +3 -1
package/dist/dto/get-user-devices.dto.js.map +1 -1
package/dist/dto/get-user-response.dto.d.ts +1 -1
package/dist/dto/get-user-response.dto.js +1 -1
package/dist/dto/get-users.dto.d.ts +2 -2
package/dist/dto/index.d.ts +6 -4
package/dist/dto/index.d.ts.map +1 -1
package/dist/dto/index.js +6 -4
package/dist/dto/index.js.map +1 -1
package/dist/dto/mfa-device-response.dto.d.ts +68 -0
package/dist/dto/mfa-device-response.dto.d.ts.map +1 -0
package/dist/dto/mfa-device-response.dto.js +81 -0
package/dist/dto/mfa-device-response.dto.js.map +1 -0
package/dist/dto/remove-device.dto.d.ts +49 -0
package/dist/dto/remove-device.dto.d.ts.map +1 -0
package/dist/dto/remove-device.dto.js +76 -0
package/dist/dto/remove-device.dto.js.map +1 -0
package/dist/dto/respond-challenge.dto.d.ts +8 -0
package/dist/dto/respond-challenge.dto.d.ts.map +1 -1
package/dist/dto/respond-challenge.dto.js +14 -0
package/dist/dto/respond-challenge.dto.js.map +1 -1
package/dist/dto/set-preferred-device.dto.d.ts +46 -0
package/dist/dto/set-preferred-device.dto.d.ts.map +1 -0
package/dist/dto/set-preferred-device.dto.js +74 -0
package/dist/dto/set-preferred-device.dto.js.map +1 -0
package/dist/dto/setup-mfa.dto.d.ts.map +1 -1
package/dist/dto/setup-mfa.dto.js.map +1 -1
package/dist/dto/user-response.dto.d.ts +3 -3
package/dist/dto/user-response.dto.js +5 -5
package/dist/dto/verify-mfa-setup-response.dto.d.ts +18 -0
package/dist/dto/verify-mfa-setup-response.dto.d.ts.map +1 -0
package/dist/dto/verify-mfa-setup-response.dto.js +22 -0
package/dist/dto/verify-mfa-setup-response.dto.js.map +1 -0
package/dist/handlers/client-info.handler.d.ts.map +1 -1
package/dist/handlers/client-info.handler.js.map +1 -1
package/dist/interfaces/provider.interface.d.ts.map +1 -1
package/dist/openapi/components.schemas.json +112 -140
package/dist/services/admin-auth.service.d.ts +12 -5
package/dist/services/admin-auth.service.d.ts.map +1 -1
package/dist/services/admin-auth.service.js +46 -2
package/dist/services/admin-auth.service.js.map +1 -1
package/dist/services/auth-audit.service.d.ts.map +1 -1
package/dist/services/auth-audit.service.js +1 -1
package/dist/services/auth-audit.service.js.map +1 -1
package/dist/services/auth-challenge-helper.service.d.ts.map +1 -1
package/dist/services/auth-challenge-helper.service.js +34 -0
package/dist/services/auth-challenge-helper.service.js.map +1 -1
package/dist/services/auth-service-internal-helpers.d.ts.map +1 -1
package/dist/services/auth-service-internal-helpers.js +4 -0
package/dist/services/auth-service-internal-helpers.js.map +1 -1
package/dist/services/auth.service.d.ts +9 -2
package/dist/services/auth.service.d.ts.map +1 -1
package/dist/services/auth.service.js +36 -0
package/dist/services/auth.service.js.map +1 -1
package/dist/services/challenge.service.d.ts.map +1 -1
package/dist/services/challenge.service.js +1 -3
package/dist/services/challenge.service.js.map +1 -1
package/dist/services/email-verification.service.d.ts.map +1 -1
package/dist/services/email-verification.service.js +3 -9
package/dist/services/email-verification.service.js.map +1 -1
package/dist/services/mfa-base.service.d.ts +23 -6
package/dist/services/mfa-base.service.d.ts.map +1 -1
package/dist/services/mfa-base.service.js +70 -18
package/dist/services/mfa-base.service.js.map +1 -1
package/dist/services/mfa.service.d.ts +54 -35
package/dist/services/mfa.service.d.ts.map +1 -1
package/dist/services/mfa.service.js +216 -168
package/dist/services/mfa.service.js.map +1 -1
package/dist/services/phone-verification.service.d.ts.map +1 -1
package/dist/services/phone-verification.service.js +3 -8
package/dist/services/phone-verification.service.js.map +1 -1
package/dist/services/session.service.d.ts +1 -2
package/dist/services/session.service.d.ts.map +1 -1
package/dist/services/session.service.js.map +1 -1
package/dist/services/user.service.d.ts +5 -5
package/dist/services/user.service.d.ts.map +1 -1
package/dist/services/user.service.js +16 -10
package/dist/services/user.service.js.map +1 -1
package/package.json +2 -2
package/dist/dto/admin-remove-devices.dto.d.ts +0 -25
package/dist/dto/admin-remove-devices.dto.d.ts.map +0 -1
package/dist/dto/admin-remove-devices.dto.js.map +0 -1
package/dist/dto/admin-set-preferred-method.dto.d.ts +0 -25
package/dist/dto/admin-set-preferred-method.dto.d.ts.map +0 -1
package/dist/dto/admin-set-preferred-method.dto.js +0 -50
package/dist/dto/admin-set-preferred-method.dto.js.map +0 -1
package/dist/dto/remove-devices.dto.d.ts +0 -48
package/dist/dto/remove-devices.dto.d.ts.map +0 -1
package/dist/dto/remove-devices.dto.js +0 -79
package/dist/dto/remove-devices.dto.js.map +0 -1
package/dist/dto/set-preferred-method.dto.d.ts +0 -44
package/dist/dto/set-preferred-method.dto.d.ts.map +0 -1
package/dist/dto/set-preferred-method.dto.js +0 -75
package/dist/dto/set-preferred-method.dto.js.map +0 -1

package/dist/openapi/components.schemas.json CHANGED Viewed

@@ -167,30 +167,22 @@
         "additionalProperties": false,
         "description": "Request DTO for admin logout all sessions"
       },
-      "AdminRemoveDevicesDTO": {
+      "AdminRemoveDeviceDTO": {
         "type": "object",
         "properties": {
-          "methodType": {
-            "type": "string",
-            "description": "MFA method type to remove\n\nValidation:\n- Must be one of: totp, sms, email, passkey\n- Max 50 characters\n\nSanitization:\n- Trimmed and lowercased",
+          "deviceId": {
+            "type": "number",
+            "description": "MFA device numeric ID.",
             "examples": [
-              "totp"
-            ]
-          },
-          "sub": {
-            "type": "string",
-            "description": "Target user's unique identifier (UUID v4)",
-            "examples": [
-              "a21b654c-2746-4168-acee-c175083a65cd"
+              123
             ]
           }
         },
         "required": [
-          "methodType",
-          "sub"
+          "deviceId"
         ],
         "additionalProperties": false,
-        "description": "Admin DTO for removing MFA devices for a specific user\n\nAdmin APIs must explicitly target a user via `sub`. This DTO mirrors  {@link  RemoveDevicesDTO }  but adds `sub`."
+        "description": "Admin DTO for removing a single MFA device by device ID.\n\nAdmin APIs are allowed to target any user's device. This DTO is intentionally minimal: it only requires the `deviceId`."
       },
       "AdminResetPasswordDTO": {
         "type": "object",
@@ -368,30 +360,38 @@
         "additionalProperties": false,
         "description": "Admin Set Password Response DTO\n\nResponse DTO for admin password reset operation."
       },
-      "AdminSetPreferredMethodDTO": {
+      "AdminSetPreferredDeviceDTO": {
         "type": "object",
         "properties": {
-          "methodType": {
+          "sub": {
             "type": "string",
-            "description": "MFA method type to set as preferred\n\nValidation:\n- Must be one of: totp, sms, email, passkey\n- Max 50 characters\n\nSanitization:\n- Trimmed and lowercased",
-            "examples": [
-              "totp"
-            ]
+            "description": "User identifier (UUID)."
           },
-          "sub": {
+          "deviceId": {
+            "type": "number",
+            "description": "MFA device ID to set as preferred. Automatically converted from string path parameters to number."
+          }
+        },
+        "required": [
+          "sub",
+          "deviceId"
+        ],
+        "additionalProperties": false,
+        "description": "DTO for admin setting a user's preferred MFA device."
+      },
+      "AdminSetPreferredDeviceResponseDTO": {
+        "type": "object",
+        "properties": {
+          "message": {
             "type": "string",
-            "description": "Target user's unique identifier (UUID v4)",
-            "examples": [
-              "a21b654c-2746-4168-acee-c175083a65cd"
-            ]
+            "description": "Success message."
           }
         },
         "required": [
-          "methodType",
-          "sub"
+          "message"
         ],
         "additionalProperties": false,
-        "description": "Admin DTO for setting preferred MFA method for a specific user\n\nAdmin APIs must explicitly target a user via `sub`. This DTO mirrors  {@link  SetPreferredMethodDTO }  but adds `sub`."
+        "description": "Response DTO for admin setting preferred device."
       },
       "AdminSignupDTO": {
         "type": "object",
@@ -455,7 +455,7 @@
         "type": "object",
         "properties": {
           "user": {
-            "$ref": "#/components/schemas/UserResponseDto",
+            "$ref": "#/components/schemas/UserResponseDTO",
             "description": "Created user object (sanitized)\n\nUses UserResponseDto which excludes sensitive fields:\n- No passwordHash\n- No internal database ID (uses 'sub' UUID instead)\n- No MFA secrets\n- No internal tracking fields"
           },
           "generatedPassword": {
@@ -469,7 +469,7 @@
         "additionalProperties": false,
         "description": "Response DTO for admin signup\n\nReturns the created user object (sanitized, excludes sensitive fields like passwordHash) and optionally the generated password (only if generatePassword was true in the request)."
       },
-      "UserResponseDto": {
+      "UserResponseDTO": {
         "type": "object",
         "properties": {
           "sub": {
@@ -677,7 +677,7 @@
             "description": "Social account information\n\nConfirms the social account linkage for the imported user."
           },
           "user": {
-            "$ref": "#/components/schemas/UserResponseDto",
+            "$ref": "#/components/schemas/UserResponseDTO",
             "description": "Created user object (sanitized)\n\nUses UserResponseDto which excludes sensitive fields:\n- No passwordHash\n- No internal database ID (uses 'sub' UUID instead)\n- No MFA secrets\n- No internal tracking fields"
           }
         },
@@ -1098,6 +1098,10 @@
           "code": {
             "type": "string",
             "description": "Verification code"
+          },
+          "deviceId": {
+            "type": "number",
+            "description": "Optional device ID for methods that support multiple devices (TOTP)"
           }
         },
         "required": [
@@ -1128,6 +1132,10 @@
           "credential": {
             "$ref": "#/components/schemas/Record%3Cstring%2Cunknown%3E",
             "description": "WebAuthn credential from navigator.credentials.get()"
+          },
+          "deviceId": {
+            "type": "number",
+            "description": "Optional device ID for methods that support multiple devices (Passkey)"
           }
         },
         "required": [
@@ -1489,7 +1497,7 @@
             "description": "Lock success flag"
           },
           "user": {
-            "$ref": "#/components/schemas/UserResponseDto",
+            "$ref": "#/components/schemas/UserResponseDTO",
             "description": "Sanitized user object with updated lock status"
           },
           "revokedSessions": {
@@ -1527,7 +1535,7 @@
             "description": "Unlock success flag"
           },
           "user": {
-            "$ref": "#/components/schemas/UserResponseDto",
+            "$ref": "#/components/schemas/UserResponseDTO",
             "description": "Sanitized user object with updated lock status"
           }
         },
@@ -2254,118 +2262,56 @@
           "devices": {
             "type": "array",
             "items": {
-              "$ref": "#/components/schemas/IMFADevice"
+              "$ref": "#/components/schemas/MFADeviceResponseDTO"
             },
-            "description": "Array of user's MFA devices"
+            "description": "Array of user's MFA devices (outward-facing format)"
           }
         },
         "required": [
           "devices"
         ],
         "additionalProperties": false,
-        "description": "Response DTO for user MFA devices"
+        "description": "Response DTO for user MFA devices\n\nUses outward-facing device DTOs with `isPreferred` instead of internal `isPrimary`"
       },
-      "IMFADevice": {
+      "MFADeviceResponseDTO": {
         "type": "object",
         "properties": {
           "id": {
-            "type": "number"
-          },
-          "userId": {
-            "type": "number"
+            "type": "number",
+            "description": "Unique device identifier"
           },
           "type": {
-            "$ref": "#/components/schemas/MFADeviceMethod"
+            "$ref": "#/components/schemas/MFADeviceMethod",
+            "description": "MFA method type (totp, sms, email, passkey)"
           },
           "name": {
-            "type": "string"
-          },
-          "secret": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "credentialId": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "publicKey": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "counter": {
-            "type": [
-              "number",
-              "null"
-            ]
-          },
-          "transports": {
-            "anyOf": [
-              {
-                "type": "array",
-                "items": {
-                  "type": "string"
-                }
-              },
-              {
-                "type": "null"
-              }
-            ]
-          },
-          "phoneNumber": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "email": {
-            "type": [
-              "string",
-              "null"
-            ]
+            "type": "string",
+            "description": "Device name (user-assigned)"
           },
-          "isPrimary": {
-            "type": "boolean"
+          "isPreferred": {
+            "type": "boolean",
+            "description": "Whether this is the preferred device for this method Maps from internal `isPrimary` field"
           },
           "isActive": {
-            "type": "boolean"
-          },
-          "lastUsedAt": {
-            "anyOf": [
-              {
-                "type": "string",
-                "format": "date-time"
-              },
-              {
-                "type": "null"
-              }
-            ]
+            "type": "boolean",
+            "description": "Whether device is currently active"
           },
           "createdAt": {
             "type": "string",
-            "format": "date-time"
+            "format": "date-time",
+            "description": "Device creation timestamp"
           }
         },
         "required": [
           "id",
-          "userId",
           "type",
           "name",
-          "secret",
-          "credentialId",
-          "publicKey",
-          "counter",
-          "transports",
+          "isPreferred",
           "isActive",
-          "lastUsedAt",
           "createdAt"
         ],
-        "additionalProperties": false
+        "additionalProperties": false,
+        "description": "Outward-facing MFA device information\n\nNote: Uses `isPreferred` instead of internal `isPrimary` field"
       },
       "GetUserSessionsDTO": {
         "type": "object",
@@ -2596,7 +2542,7 @@
           "users": {
             "type": "array",
             "items": {
-              "$ref": "#/components/schemas/UserResponseDto"
+              "$ref": "#/components/schemas/UserResponseDTO"
             },
             "description": "Array of sanitized user objects"
           },
@@ -2989,41 +2935,46 @@
         "additionalProperties": false,
         "description": "Refresh Token DTO\n\nUsed for refreshing access tokens with a valid refresh token.\n\nSupports both JSON and cookies token delivery modes:\n- JSON mode: refreshToken must be provided in request body\n- Cookies mode: refreshToken is optional in body (read from cookie by controller)\n\nSecurity:\n- Token length validated (prevents DoS)\n- JWT tokens can be long, but we validate input length\n- Token is validated in service layer for format and signature"
       },
-      "RemoveDevicesDTO": {
+      "RemoveDeviceDTO": {
         "type": "object",
         "properties": {
-          "methodType": {
-            "type": "string",
-            "description": "MFA method type to remove\n\nValidation:\n- Must be one of: totp, sms, email, passkey\n- Max 50 characters\n\nSanitization:\n- Trimmed and lowercased",
+          "deviceId": {
+            "type": "number",
+            "description": "MFA device ID to remove\n\nValidation:\n- Must be a positive integer\n\nSanitization:\n- Strings are converted to numbers (useful for path params)",
             "examples": [
-              "totp"
+              123
             ]
           }
         },
         "required": [
-          "methodType"
+          "deviceId"
         ],
         "additionalProperties": false,
-        "description": "DTO for removing MFA devices\n\nUser self-service DTO - no userSub field. Service gets user from authenticated context."
+        "description": "DTO for removing a single MFA device"
       },
-      "RemoveDevicesResponseDTO": {
+      "RemoveDeviceResponseDTO": {
         "type": "object",
         "properties": {
-          "deletedCount": {
+          "removedDeviceId": {
             "type": "number",
-            "description": "Number of devices deleted"
+            "description": "ID of the removed device"
+          },
+          "removedMethod": {
+            "$ref": "#/components/schemas/MFADeviceMethod",
+            "description": "MFA method type of the removed device"
           },
           "mfaDisabled": {
             "type": "boolean",
-            "description": "Whether MFA was disabled (if this was the last device)"
+            "description": "Whether MFA was disabled (when this was the last remaining device)"
           }
         },
         "required": [
-          "deletedCount",
+          "removedDeviceId",
+          "removedMethod",
           "mfaDisabled"
         ],
         "additionalProperties": false,
-        "description": "Response DTO for removing devices"
+        "description": "Response DTO for removing a single MFA device"
       },
       "ResendCodeDTO": {
         "type": "object",
@@ -3192,6 +3143,10 @@
             "$ref": "#/components/schemas/Record%3Cstring%2Cunknown%3E",
             "description": "Passkey credential Required for MFA_REQUIRED when method is 'passkey'\n\nValidation:\n- Must be an object\n- Contains WebAuthn credential from navigator.credentials.get()"
           },
+          "deviceId": {
+            "type": "number",
+            "description": "Optional device ID for MFA_REQUIRED when method supports multiple devices (TOTP, Passkey)\n\nValidation:\n- Must be a positive integer if provided\n- Optional field (maintains backward compatibility)"
+          },
           "setupData": {
             "$ref": "#/components/schemas/Record%3Cstring%2Cunknown%3E",
             "description": "MFA setup data (method-specific) Required for MFA_SETUP_REQUIRED challenge\n\nExpected structure by method:\n- SMS: { phone: string, code: string }\n- Email: { code: string }\n- TOTP: { code: string }\n- Passkey: { credential: Record<string, unknown> }\n\nValidation:\n- Must be an object\n- Structure validated by MFA provider services"
@@ -3418,36 +3373,39 @@
         "additionalProperties": false,
         "description": "Response DTO for setPasswordForSocialUser"
       },
-      "SetPreferredMethodDTO": {
+      "SetPreferredDeviceDTO": {
         "type": "object",
         "properties": {
-          "methodType": {
-            "type": "string",
-            "description": "MFA method type to set as preferred\n\nValidation:\n- Must be one of: totp, sms, email, passkey\n- Max 50 characters\n\nSanitization:\n- Trimmed and lowercased",
+          "deviceId": {
+            "type": "number",
+            "description": "MFA device ID to set as preferred\n\nValidation:\n- Must be a positive integer\n\nSanitization:\n- Strings are converted to numbers (useful for path params)",
             "examples": [
-              "totp"
+              123
             ]
           }
         },
         "required": [
-          "methodType"
+          "deviceId"
         ],
         "additionalProperties": false,
-        "description": "DTO for setting preferred MFA method\n\nUser self-service DTO - no userSub field. Service gets user from authenticated context."
+        "description": "DTO for setting a user's preferred MFA device.\n\nThis updates which device is used by default during MFA challenges. The preferred device is marked with `isPrimary` in the database (internal field). API responses expose this as `isPreferred` (outward-facing field)."
       },
-      "SetPreferredMethodResponseDTO": {
+      "SetPreferredDeviceResponseDTO": {
         "type": "object",
         "properties": {
           "message": {
             "type": "string",
-            "description": "Success message"
+            "description": "Success message",
+            "examples": [
+              "Preferred MFA device updated"
+            ]
           }
         },
         "required": [
           "message"
         ],
         "additionalProperties": false,
-        "description": "Response DTO for setting preferred method"
+        "description": "Response DTO for setting preferred MFA device."
       },
       "SetupMFADTO": {
         "type": "object",
@@ -4010,6 +3968,20 @@
         "additionalProperties": false,
         "description": "Response DTO for MFA code verification"
       },
+      "VerifyMFASetupResponseDTO": {
+        "type": "object",
+        "properties": {
+          "deviceId": {
+            "type": "number",
+            "description": "ID of the newly created MFA device"
+          }
+        },
+        "required": [
+          "deviceId"
+        ],
+        "additionalProperties": false,
+        "description": "Response DTO for verifying MFA setup\n\nReturned when an authenticated user completes MFA device setup verification."
+      },
       "VerifyPhoneResponseDTO": {
         "type": "object",
         "properties": {

package/dist/services/admin-auth.service.d.ts CHANGED Viewed

@@ -18,7 +18,7 @@ import { DisableUserDTO, DisableUserResponseDTO } from '../dto/disable-user.dto'
 import { EnableUserDTO, EnableUserResponseDTO } from '../dto/enable-user.dto';
 import { GetUserByEmailDTO } from '../dto/get-user-by-email.dto';
 import { GetUserByIdDTO } from '../dto/get-user-by-id.dto';
-import { UserResponseDto } from '../dto/user-response.dto';
+import { UserResponseDTO } from '../dto/user-response.dto';
 import { GetUserSessionsDTO } from '../dto/get-user-sessions.dto';
 import { GetUserSessionsResponseDTO } from '../dto/get-user-sessions-response.dto';
 import { LogoutAllResponseDTO } from '../dto/logout-all-response.dto';
@@ -140,7 +140,7 @@ export declare class AdminAuthService {
      * const user = await adminAuthService.getUserById({ sub: 'user-uuid' });
      * ```
      */
-    getUserById(dto: GetUserByIdDTO): Promise<UserResponseDto | null>;
+    getUserById(dto: GetUserByIdDTO): Promise<UserResponseDTO | null>;
     /**
      * Get user by email address.
      *
@@ -153,7 +153,7 @@ export declare class AdminAuthService {
      * const user = await adminAuthService.getUserByEmail({ email: 'user@example.com' });
      * ```
      */
-    getUserByEmail(dto: GetUserByEmailDTO): Promise<UserResponseDto | null>;
+    getUserByEmail(dto: GetUserByEmailDTO): Promise<UserResponseDTO | null>;
     /**
      * Require user to change password at next login.
      *
@@ -179,7 +179,7 @@ export declare class AdminAuthService {
      * await adminAuthService.updateVerifiedStatus({ sub: 'user-uuid', isEmailVerified: true });
      * ```
      */
-    updateVerifiedStatus(dto: UpdateVerifiedStatusRequestDTO): Promise<UserResponseDto>;
+    updateVerifiedStatus(dto: UpdateVerifiedStatusRequestDTO): Promise<UserResponseDTO>;
     /**
      * Administrative user creation with override capabilities
      *
@@ -263,7 +263,7 @@ export declare class AdminAuthService {
      * const user = await adminAuthService.updateUserAttributes({ sub: 'user-uuid', email: 'new@example.com' });
      * ```
      */
-    updateUserAttributes(dto: AdminUpdateUserAttributesDTO): Promise<UserResponseDto>;
+    updateUserAttributes(dto: AdminUpdateUserAttributesDTO): Promise<UserResponseDTO>;
     /**
      * Admin-only: Initiate a code-based password reset workflow.
      *
@@ -303,5 +303,12 @@ export declare class AdminAuthService {
      * ```
      */
     setPassword(dto: AdminSetPasswordDTO): Promise<AdminSetPasswordResponseDTO>;
+    /**
+     * Calculate grace period status for a user.
+     *
+     * @param user - User to check
+     * @returns Grace period status with isActive flag and endsAt date
+     */
+    private calculateGracePeriodForUser;
 }
 //# sourceMappingURL=admin-auth.service.d.ts.map

package/dist/services/admin-auth.service.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"admin-auth.service.d.ts","sourceRoot":"","sources":["../../src/services/admin-auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,iBAAiB,EACjB,WAAW,EACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAmB,MAAM,uCAAuC,CAAC;AACpG,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,8CAA8C,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AACjG,OAAO,EACL,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,oCAAoC,EACrC,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAKpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAC;AAEvF;;;;;;;;;;;GAWG;AACH,qBAAa,gBAAgB;IAKzB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,wBAAwB;IACzC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,qBAAqB;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAC1C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACzC,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAC5C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IA3B3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAGvB,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACpD,eAAe,EAAE,eAAe,EAChC,cAAc,EAAE,cAAc,EAC9B,gBAAgB,EAAE,gBAAgB,EAClC,eAAe,EAAE,0BAA0B,EAC3C,wBAAwB,EAAE,wBAAwB,EAClD,iBAAiB,EAAE,iBAAiB,EACpC,qBAAqB,EAAE,4BAA4B,EACnD,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,YAAY,EAAE,mBAAmB,EACjC,YAAY,CAAC,EAAE,gBAAgB,YAAA,EAC/B,wBAAwB,CAAC,EAAE,wBAAwB,YAAA,EACnD,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAC/C,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,iBAAiB,CAAC,EAAE,iBAAiB,YAAA,EACrC,iBAAiB,CAAC,EAAE,UAAU,CAAC,WAAW,CAAC,YAAA,EAC3C,2BAA2B,CAAC,EAAE,UAAU,CAAC,qBAAqB,CAAC,YAAA,EAC/D,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA,EACvD,0BAA0B,CAAC,EAAE,UAAU,CAAC,oBAAoB,CAAC,YAAA,EAC7D,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAC/C,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA;IAuC1E;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;OAWG;IACG,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAI9D;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI7E;;;;;;;;;;;OAWG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IAIrG;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,8BAA8B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIzF;;;;;;;;;;;OAWG;IACG,MAAM,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;~~IA8JlE~~;;;;;;;;;;;;;;;OAeG;IACG,YAAY,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,4BAA4B,CAAC;~~IAoLpF~~;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAsEtE;;;;;;;;;;;OAWG;IACG,eAAe,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAoDnF;;;;;;;;;;;;;OAaG;IACG,iBAAiB,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA+DtF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIvF;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,6BAA6B,CAAC;IA+DvF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,oCAAoC,CAAC;IAgD5G;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,2BAA2B,CAAC;~~CA+ClF~~"}
1	+ {"version":3,"file":"admin-auth.service.d.ts","sourceRoot":"","sources":["../../src/services/admin-auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,iBAAiB,EACjB,WAAW,EACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAmB,MAAM,uCAAuC,CAAC;AACpG,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,8CAA8C,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AACjG,OAAO,EACL,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,oCAAoC,EACrC,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAKpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAC;AAEvF;;;;;;;;;;;GAWG;AACH,qBAAa,gBAAgB;IAKzB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,wBAAwB;IACzC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,qBAAqB;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAC1C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACzC,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAC5C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IA3B3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAGvB,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACpD,eAAe,EAAE,eAAe,EAChC,cAAc,EAAE,cAAc,EAC9B,gBAAgB,EAAE,gBAAgB,EAClC,eAAe,EAAE,0BAA0B,EAC3C,wBAAwB,EAAE,wBAAwB,EAClD,iBAAiB,EAAE,iBAAiB,EACpC,qBAAqB,EAAE,4BAA4B,EACnD,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,YAAY,EAAE,mBAAmB,EACjC,YAAY,CAAC,EAAE,gBAAgB,YAAA,EAC/B,wBAAwB,CAAC,EAAE,wBAAwB,YAAA,EACnD,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAC/C,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,iBAAiB,CAAC,EAAE,iBAAiB,YAAA,EACrC,iBAAiB,CAAC,EAAE,UAAU,CAAC,WAAW,CAAC,YAAA,EAC3C,2BAA2B,CAAC,EAAE,UAAU,CAAC,qBAAqB,CAAC,YAAA,EAC/D,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA,EACvD,0BAA0B,CAAC,EAAE,UAAU,CAAC,oBAAoB,CAAC,YAAA,EAC7D,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAC/C,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA;IAuC1E;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;OAWG;IACG,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAI9D;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI7E;;;;;;;;;;;OAWG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IAIrG;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,8BAA8B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIzF;;;;;;;;;;;OAWG;IACG,MAAM,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAuKlE;;;;;;;;;;;;;;;OAeG;IACG,YAAY,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,4BAA4B,CAAC;IA6LpF;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAsEtE;;;;;;;;;;;OAWG;IACG,eAAe,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAoDnF;;;;;;;;;;;;;OAaG;IACG,iBAAiB,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA+DtF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIvF;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,6BAA6B,CAAC;IA+DvF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,oCAAoC,CAAC;IAgD5G;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,2BAA2B,CAAC;IAgDjF;;;;;OAKG;IACH,OAAO,CAAC,2BAA2B;CA4BpC"}

package/dist/services/admin-auth.service.js CHANGED Viewed

@@ -294,6 +294,8 @@ class AdminAuthService {
             savedUser = (await this.userRepository.save(user));
             this.logger?.log?.(`Admin user created successfully: ${dto.email} (sub: ${savedUser.sub})`);
             try {
+                // Calculate grace period status for metadata
+                const gracePeriodData = this.calculateGracePeriodForUser(savedUser);
                 await this.auditService?.recordEvent({
                     userId: savedUser.id,
                     eventType: auth_audit_event_type_enum_1.AuthAuditEventType.ACCOUNT_CREATED,
@@ -308,6 +310,12 @@ class AdminAuthService {
                         isPhoneVerified: savedUser.isPhoneVerified,
                         mustChangePassword: savedUser.mustChangePassword,
                         passwordGenerated: !!generatedPassword,
+                        ...(gracePeriodData.isActive
+                            ? {
+                                gracePeriodActive: true,
+                                gracePeriodEndsAt: gracePeriodData.endsAt?.toISOString(),
+                            }
+                            : {}),
                     },
                 });
             }
@@ -349,7 +357,7 @@ class AdminAuthService {
             signupType: 'password',
             adminSignup: true,
         });
-        const userDto = user_response_dto_1.UserResponseDto.fromEntity(savedUser);
+        const userDto = user_response_dto_1.UserResponseDTO.fromEntity(savedUser);
         return {
             user: userDto,
             generatedPassword,
@@ -448,6 +456,8 @@ class AdminAuthService {
             await this.socialAuthService.createOrUpdateSocialAccount(savedUser.id, dto.provider, dto.providerId, dto.providerEmail, dto.socialMetadata);
             this.logger?.log?.(`Admin social user created successfully: ${dto.email} (sub: ${savedUser.sub})`);
             try {
+                // Calculate grace period status for metadata
+                const gracePeriodData = this.calculateGracePeriodForUser(savedUser);
                 await this.auditService?.recordEvent({
                     userId: savedUser.id,
                     eventType: auth_audit_event_type_enum_1.AuthAuditEventType.ACCOUNT_CREATED,
@@ -465,6 +475,12 @@ class AdminAuthService {
                         providerId: dto.providerId,
                         hasPassword: !!dto.password,
                         socialImport: true,
+                        ...(gracePeriodData.isActive
+                            ? {
+                                gracePeriodActive: true,
+                                gracePeriodEndsAt: gracePeriodData.endsAt?.toISOString(),
+                            }
+                            : {}),
                     },
                 });
             }
@@ -510,7 +526,7 @@ class AdminAuthService {
             signupType: 'social',
             adminSignup: true,
         });
-        const userDto = user_response_dto_1.UserResponseDto.fromEntity(savedUser);
+        const userDto = user_response_dto_1.UserResponseDTO.fromEntity(savedUser);
         return {
             user: userDto,
             socialAccount: {
@@ -881,6 +897,34 @@ class AdminAuthService {
             sessionsRevoked,
         };
     }
+    /**
+     * Calculate grace period status for a user.
+     *
+     * @param user - User to check
+     * @returns Grace period status with isActive flag and endsAt date
+     */
+    calculateGracePeriodForUser(user) {
+        const gracePeriod = this.config.mfa?.gracePeriod ?? 7;
+        // No grace period
+        if (gracePeriod === 0) {
+            return { isActive: false };
+        }
+        // Access createdAt from user interface
+        const userWithDates = user;
+        const createdAt = userWithDates.createdAt;
+        if (!createdAt) {
+            // No creation date - grace period not active
+            return { isActive: false };
+        }
+        const gracePeriodEnd = new Date(createdAt);
+        gracePeriodEnd.setDate(gracePeriodEnd.getDate() + gracePeriod);
+        const now = new Date();
+        const isActive = now < gracePeriodEnd;
+        return {
+            isActive,
+            endsAt: isActive ? gracePeriodEnd : undefined,
+        };
+    }
 }
 exports.AdminAuthService = AdminAuthService;
 //# sourceMappingURL=admin-auth.service.js.map