@nauth-toolkit/core 0.1.109 → 0.1.111

package/dist/dto/get-user-devices.dto.d.ts

@@ -9,7 +9,7 @@
  * const devices = await mfaService.getUserDevices({});
  * ```
  */
-import { IMFADevice } from '../interfaces/entities.interface';
+import { MFADeviceResponseDTO } from './mfa-device-response.dto';
 /**
  * DTO for getting user MFA devices
  *
@@ -19,11 +19,13 @@ export declare class GetUserDevicesDTO {
 }
 /**
  * Response DTO for user MFA devices
+ *
+ * Uses outward-facing device DTOs with `isPreferred` instead of internal `isPrimary`
  */
 export declare class GetUserDevicesResponseDTO {
     /**
-     * Array of user's MFA devices
+     * Array of user's MFA devices (outward-facing format)
      */
-    devices: IMFADevice[];
+    devices: MFADeviceResponseDTO[];
 }
 //# sourceMappingURL=get-user-devices.dto.d.ts.map

package/dist/dto/get-user-devices.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"get-user-devices.dto.d.ts","sourceRoot":"","sources":["../../src/dto/get-user-devices.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAE9D;;;;GAIG;AACH,qBAAa,iBAAiB;CAE7B;AAED;;GAEG;AACH,qBAAa,yBAAyB;IACpC;;OAEG;IACH,OAAO,EAAG,UAAU,EAAE,CAAC;CACxB"}
+{"version":3,"file":"get-user-devices.dto.d.ts","sourceRoot":"","sources":["../../src/dto/get-user-devices.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AAEjE;;;;GAIG;AACH,qBAAa,iBAAiB;CAE7B;AAED;;;;GAIG;AACH,qBAAa,yBAAyB;IACpC;;OAEG;IACH,OAAO,EAAG,oBAAoB,EAAE,CAAC;CAClC"}

package/dist/dto/get-user-devices.dto.js

@@ -22,10 +22,12 @@ class GetUserDevicesDTO {
 exports.GetUserDevicesDTO = GetUserDevicesDTO;
 /**
  * Response DTO for user MFA devices
+ *
+ * Uses outward-facing device DTOs with `isPreferred` instead of internal `isPrimary`
  */
 class GetUserDevicesResponseDTO {
     /**
-     * Array of user's MFA devices
+     * Array of user's MFA devices (outward-facing format)
      */
     devices;
 }

package/dist/dto/get-user-devices.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"get-user-devices.dto.js","sourceRoot":"","sources":["../../src/dto/get-user-devices.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAIH;;;;GAIG;AACH,MAAa,iBAAiB;CAE7B;AAFD,8CAEC;AAED;;GAEG;AACH,MAAa,yBAAyB;IACpC;;OAEG;IACH,OAAO,CAAgB;CACxB;AALD,8DAKC"}
+{"version":3,"file":"get-user-devices.dto.js","sourceRoot":"","sources":["../../src/dto/get-user-devices.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;AAIH;;;;GAIG;AACH,MAAa,iBAAiB;CAE7B;AAFD,8CAEC;AAED;;;;GAIG;AACH,MAAa,yBAAyB;IACpC;;OAEG;IACH,OAAO,CAA0B;CAClC;AALD,8DAKC"}

package/dist/dto/index.d.ts

@@ -32,6 +32,7 @@ export * from './get-available-methods.dto';
 export * from './get-mfa-status.dto';
 export * from './admin-get-mfa-status.dto';
 export * from './get-user-devices.dto';
+export * from './mfa-device-response.dto';
 export * from './has-provider.dto';
 export * from './list-providers-response.dto';
 export * from './remove-device.dto';
@@ -60,6 +61,7 @@ export * from './get-user-sessions.dto';
 export * from './get-user-sessions-response.dto';
 export * from './logout-session.dto';
 export * from './logout-session-response.dto';
+export * from './verify-mfa-setup-response.dto';
 export * from './admin-revoke-session.dto';
 export * from './set-must-change-password.dto';
 export * from './set-must-change-password-response.dto';

package/dist/dto/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":"AACA,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,uBAAuB,CAAC;AACtC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AACnD,cAAc,sCAAsC,CAAC;AACrD,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,kCAAkC,CAAC;AACjD,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mBAAmB,CAAC;AAClC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,cAAc,CAAC;AAC7B,cAAc,uBAAuB,CAAC;AACtC,cAAc,kBAAkB,CAAC;AACjC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,4BAA4B,CAAC;AAC3C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yCAAyC,CAAC;AACxD,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAE3C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kCAAkC,CAAC;AACjD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sCAAsC,CAAC;AACrD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mCAAmC,CAAC;AAClD,cAAc,mCAAmC,CAAC;AAElD,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":"AACA,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,uBAAuB,CAAC;AACtC,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,8BAA8B,CAAC;AAC7C,cAAc,oCAAoC,CAAC;AACnD,cAAc,sCAAsC,CAAC;AACrD,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,wBAAwB,CAAC;AACvC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,kCAAkC,CAAC;AACjD,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mBAAmB,CAAC;AAClC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,cAAc,CAAC;AAC7B,cAAc,uBAAuB,CAAC;AACtC,cAAc,kBAAkB,CAAC;AACjC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,wBAAwB,CAAC;AACvC,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,4BAA4B,CAAC;AAC3C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yCAAyC,CAAC;AACxD,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAE3C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kCAAkC,CAAC;AACjD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sCAAsC,CAAC;AACrD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,mCAAmC,CAAC;AAClD,cAAc,mCAAmC,CAAC;AAElD,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC"}

package/dist/dto/index.js

@@ -49,6 +49,7 @@ __exportStar(require("./get-available-methods.dto"), exports);
 __exportStar(require("./get-mfa-status.dto"), exports);
 __exportStar(require("./admin-get-mfa-status.dto"), exports);
 __exportStar(require("./get-user-devices.dto"), exports);
+__exportStar(require("./mfa-device-response.dto"), exports);
 __exportStar(require("./has-provider.dto"), exports);
 __exportStar(require("./list-providers-response.dto"), exports);
 __exportStar(require("./remove-device.dto"), exports);
@@ -77,6 +78,7 @@ __exportStar(require("./get-user-sessions.dto"), exports);
 __exportStar(require("./get-user-sessions-response.dto"), exports);
 __exportStar(require("./logout-session.dto"), exports);
 __exportStar(require("./logout-session-response.dto"), exports);
+__exportStar(require("./verify-mfa-setup-response.dto"), exports);
 __exportStar(require("./admin-revoke-session.dto"), exports);
 __exportStar(require("./set-must-change-password.dto"), exports);
 __exportStar(require("./set-must-change-password-response.dto"), exports);

package/dist/dto/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iBAAiB;AACjB,+CAA6B;AAC7B,qDAAmC;AACnC,4DAA0C;AAC1C,oDAAkC;AAClC,kDAAgC;AAChC,qDAAmC;AACnC,oDAAkC;AAClC,8CAA4B;AAC5B,wDAAsC;AACtC,iEAA+C;AAC/C,sDAAoC;AACpC,oDAAkC;AAClC,+DAA6C;AAC7C,qEAAmD;AACnD,uEAAqD;AACrD,qDAAmC;AACnC,qDAAmC;AACnC,4DAA0C;AAC1C,uDAAqC;AACrC,wDAAsC;AACtC,gEAA8C;AAC9C,sDAAoC;AACpC,sDAAoC;AACpC,uDAAqC;AACrC,2DAAyC;AACzC,0DAAwC;AACxC,uDAAqC;AACrC,gEAA8C;AAC9C,2DAAyC;AACzC,oEAAkD;AAClD,8DAA4C;AAC5C,uDAAqC;AACrC,6DAA2C;AAC3C,yDAAuC;AACvC,qDAAmC;AACnC,gEAA8C;AAC9C,sDAAoC;AACpC,4DAA0C;AAC1C,0DAAwC;AACxC,6DAA2C;AAC3C,mEAAiD;AACjD,kDAAgC;AAChC,wDAAsC;AACtC,wDAAsC;AACtC,gEAA8C;AAC9C,gEAA8C;AAC9C,kEAAgD;AAChD,gEAA8C;AAC9C,oDAAkC;AAClC,6DAA2C;AAC3C,0DAAwC;AACxC,uDAAqC;AACrC,0DAAwC;AACxC,+CAA6B;AAC7B,wDAAsC;AACtC,mDAAiC;AACjC,4DAA0C;AAC1C,yDAAuC;AACvC,0DAAwC;AACxC,mEAAiD;AACjD,uDAAqC;AACrC,gEAA8C;AAC9C,6DAA2C;AAC3C,iEAA+C;AAC/C,0EAAwD;AACxD,2DAAyC;AACzC,6DAA2C;AAC3C,+EAA+E;AAC/E,8DAA4C;AAC5C,mEAAiD;AACjD,8DAA4C;AAC5C,uEAAqD;AACrD,8DAA4C;AAC5C,oEAAkD;AAClD,oEAAkD;AAElD,oDAAkC;AAClC,wDAAsC;AAEtC,+DAA+D;AAC/D,+CAA+C;AAC/C,mCAAmC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iBAAiB;AACjB,+CAA6B;AAC7B,qDAAmC;AACnC,4DAA0C;AAC1C,oDAAkC;AAClC,kDAAgC;AAChC,qDAAmC;AACnC,oDAAkC;AAClC,8CAA4B;AAC5B,wDAAsC;AACtC,iEAA+C;AAC/C,sDAAoC;AACpC,oDAAkC;AAClC,+DAA6C;AAC7C,qEAAmD;AACnD,uEAAqD;AACrD,qDAAmC;AACnC,qDAAmC;AACnC,4DAA0C;AAC1C,uDAAqC;AACrC,wDAAsC;AACtC,gEAA8C;AAC9C,sDAAoC;AACpC,sDAAoC;AACpC,uDAAqC;AACrC,2DAAyC;AACzC,0DAAwC;AACxC,uDAAqC;AACrC,gEAA8C;AAC9C,2DAAyC;AACzC,oEAAkD;AAClD,8DAA4C;AAC5C,uDAAqC;AACrC,6DAA2C;AAC3C,yDAAuC;AACvC,4DAA0C;AAC1C,qDAAmC;AACnC,gEAA8C;AAC9C,sDAAoC;AACpC,4DAA0C;AAC1C,0DAAwC;AACxC,6DAA2C;AAC3C,mEAAiD;AACjD,kDAAgC;AAChC,wDAAsC;AACtC,wDAAsC;AACtC,gEAA8C;AAC9C,gEAA8C;AAC9C,kEAAgD;AAChD,gEAA8C;AAC9C,oDAAkC;AAClC,6DAA2C;AAC3C,0DAAwC;AACxC,uDAAqC;AACrC,0DAAwC;AACxC,+CAA6B;AAC7B,wDAAsC;AACtC,mDAAiC;AACjC,4DAA0C;AAC1C,yDAAuC;AACvC,0DAAwC;AACxC,mEAAiD;AACjD,uDAAqC;AACrC,gEAA8C;AAC9C,kEAAgD;AAChD,6DAA2C;AAC3C,iEAA+C;AAC/C,0EAAwD;AACxD,2DAAyC;AACzC,6DAA2C;AAC3C,+EAA+E;AAC/E,8DAA4C;AAC5C,mEAAiD;AACjD,8DAA4C;AAC5C,uEAAqD;AACrD,8DAA4C;AAC5C,oEAAkD;AAClD,oEAAkD;AAElD,oDAAkC;AAClC,wDAAsC;AAEtC,+DAA+D;AAC/D,+CAA+C;AAC/C,mCAAmC"}

package/dist/dto/mfa-device-response.dto.d.ts

@@ -0,0 +1,68 @@
+/**
+ * Outward-facing MFA Device Response DTO
+ *
+ * This DTO is used for all API responses that return device information.
+ * It maps internal `isPrimary` to external `isPreferred` to avoid exposing
+ * internal database field names.
+ *
+ * @example
+ * ```typescript
+ * const device: MFADeviceResponseDTO = {
+ *   id: 1,
+ *   type: 'totp',
+ *   name: 'My Phone',
+ *   isPreferred: true,
+ *   isActive: true,
+ *   createdAt: new Date()
+ * };
+ * ```
+ */
+import { MFADeviceMethod } from '../enums/mfa-method.enum';
+import { IMFADevice } from '../interfaces/entities.interface';
+/**
+ * Outward-facing MFA device information
+ *
+ * Note: Uses `isPreferred` instead of internal `isPrimary` field
+ */
+export declare class MFADeviceResponseDTO {
+    /**
+     * Unique device identifier
+     */
+    id: number;
+    /**
+     * MFA method type (totp, sms, email, passkey)
+     */
+    type: MFADeviceMethod;
+    /**
+     * Device name (user-assigned)
+     */
+    name: string;
+    /**
+     * Whether this is the preferred device for this method
+     * Maps from internal `isPrimary` field
+     */
+    isPreferred: boolean;
+    /**
+     * Whether device is currently active
+     */
+    isActive: boolean;
+    /**
+     * Device creation timestamp
+     */
+    createdAt: Date;
+    /**
+     * Convert internal device entity to outward-facing DTO
+     *
+     * @param device - Internal device entity
+     * @returns Outward-facing device DTO
+     */
+    static fromEntity(device: IMFADevice): MFADeviceResponseDTO;
+    /**
+     * Convert array of internal device entities to outward-facing DTOs
+     *
+     * @param devices - Array of internal device entities
+     * @returns Array of outward-facing device DTOs
+     */
+    static fromEntities(devices: IMFADevice[]): MFADeviceResponseDTO[];
+}
+//# sourceMappingURL=mfa-device-response.dto.d.ts.map

package/dist/dto/mfa-device-response.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa-device-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/mfa-device-response.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,UAAU,EAAE,MAAM,kCAAkC,CAAC;AAE9D;;;;GAIG;AACH,qBAAa,oBAAoB;IAC/B;;OAEG;IACH,EAAE,EAAG,MAAM,CAAC;IAEZ;;OAEG;IACH,IAAI,EAAG,eAAe,CAAC;IAEvB;;OAEG;IACH,IAAI,EAAG,MAAM,CAAC;IAEd;;;OAGG;IACH,WAAW,EAAG,OAAO,CAAC;IAEtB;;OAEG;IACH,QAAQ,EAAG,OAAO,CAAC;IAEnB;;OAEG;IACH,SAAS,EAAG,IAAI,CAAC;IAEjB;;;;;OAKG;IACH,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,GAAG,oBAAoB;IAW3D;;;;;OAKG;IACH,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,oBAAoB,EAAE;CAGnE"}

package/dist/dto/mfa-device-response.dto.js

@@ -0,0 +1,81 @@
+"use strict";
+/**
+ * Outward-facing MFA Device Response DTO
+ *
+ * This DTO is used for all API responses that return device information.
+ * It maps internal `isPrimary` to external `isPreferred` to avoid exposing
+ * internal database field names.
+ *
+ * @example
+ * ```typescript
+ * const device: MFADeviceResponseDTO = {
+ *   id: 1,
+ *   type: 'totp',
+ *   name: 'My Phone',
+ *   isPreferred: true,
+ *   isActive: true,
+ *   createdAt: new Date()
+ * };
+ * ```
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MFADeviceResponseDTO = void 0;
+/**
+ * Outward-facing MFA device information
+ *
+ * Note: Uses `isPreferred` instead of internal `isPrimary` field
+ */
+class MFADeviceResponseDTO {
+    /**
+     * Unique device identifier
+     */
+    id;
+    /**
+     * MFA method type (totp, sms, email, passkey)
+     */
+    type;
+    /**
+     * Device name (user-assigned)
+     */
+    name;
+    /**
+     * Whether this is the preferred device for this method
+     * Maps from internal `isPrimary` field
+     */
+    isPreferred;
+    /**
+     * Whether device is currently active
+     */
+    isActive;
+    /**
+     * Device creation timestamp
+     */
+    createdAt;
+    /**
+     * Convert internal device entity to outward-facing DTO
+     *
+     * @param device - Internal device entity
+     * @returns Outward-facing device DTO
+     */
+    static fromEntity(device) {
+        const dto = new MFADeviceResponseDTO();
+        dto.id = device.id;
+        dto.type = device.type;
+        dto.name = device.name;
+        dto.isPreferred = device.isPrimary === true;
+        dto.isActive = device.isActive;
+        dto.createdAt = device.createdAt;
+        return dto;
+    }
+    /**
+     * Convert array of internal device entities to outward-facing DTOs
+     *
+     * @param devices - Array of internal device entities
+     * @returns Array of outward-facing device DTOs
+     */
+    static fromEntities(devices) {
+        return devices.map((device) => MFADeviceResponseDTO.fromEntity(device));
+    }
+}
+exports.MFADeviceResponseDTO = MFADeviceResponseDTO;
+//# sourceMappingURL=mfa-device-response.dto.js.map

package/dist/dto/mfa-device-response.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mfa-device-response.dto.js","sourceRoot":"","sources":["../../src/dto/mfa-device-response.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;GAkBG;;;AAKH;;;;GAIG;AACH,MAAa,oBAAoB;IAC/B;;OAEG;IACH,EAAE,CAAU;IAEZ;;OAEG;IACH,IAAI,CAAmB;IAEvB;;OAEG;IACH,IAAI,CAAU;IAEd;;;OAGG;IACH,WAAW,CAAW;IAEtB;;OAEG;IACH,QAAQ,CAAW;IAEnB;;OAEG;IACH,SAAS,CAAQ;IAEjB;;;;;OAKG;IACH,MAAM,CAAC,UAAU,CAAC,MAAkB;QAClC,MAAM,GAAG,GAAG,IAAI,oBAAoB,EAAE,CAAC;QACvC,GAAG,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC;QACnB,GAAG,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACvB,GAAG,CAAC,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QACvB,GAAG,CAAC,WAAW,GAAG,MAAM,CAAC,SAAS,KAAK,IAAI,CAAC;QAC5C,GAAG,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC/B,GAAG,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC;QACjC,OAAO,GAAG,CAAC;IACb,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,YAAY,CAAC,OAAqB;QACvC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,oBAAoB,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAC1E,CAAC;CACF;AA1DD,oDA0DC"}

package/dist/dto/set-preferred-device.dto.d.ts

@@ -2,7 +2,8 @@
  * DTO for setting a user's preferred MFA device.
  *
  * This updates which device is used by default during MFA challenges.
- * The preferred device is marked with `isPrimary` in the database.
+ * The preferred device is marked with `isPrimary` in the database (internal field).
+ * API responses expose this as `isPreferred` (outward-facing field).
  *
  * @example
  * ```typescript

package/dist/dto/set-preferred-device.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"set-preferred-device.dto.d.ts","sourceRoot":"","sources":["../../src/dto/set-preferred-device.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;GAWG;AACH,qBAAa,qBAAqB;IAChC;;;;;;;;;;OAUG;IAUH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;;;;;;;;GASG;AACH,qBAAa,6BAA6B;IACxC;;;;OAIG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB"}
+{"version":3,"file":"set-preferred-device.dto.d.ts","sourceRoot":"","sources":["../../src/dto/set-preferred-device.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;;GAYG;AACH,qBAAa,qBAAqB;IAChC;;;;;;;;;;OAUG;IAUH,QAAQ,EAAG,MAAM,CAAC;CACnB;AAED;;;;;;;;;GASG;AACH,qBAAa,6BAA6B;IACxC;;;;OAIG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB"}

package/dist/dto/set-preferred-device.dto.js

@@ -16,7 +16,8 @@ const class_transformer_1 = require("class-transformer");
  * DTO for setting a user's preferred MFA device.
  *
  * This updates which device is used by default during MFA challenges.
- * The preferred device is marked with `isPrimary` in the database.
+ * The preferred device is marked with `isPrimary` in the database (internal field).
+ * API responses expose this as `isPreferred` (outward-facing field).
  *
  * @example
  * ```typescript

package/dist/dto/set-preferred-device.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"set-preferred-device.dto.js","sourceRoot":"","sources":["../../src/dto/set-preferred-device.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAoD;AACpD,yDAA8C;AAE9C;;;;;;;;;;;GAWG;AACH,MAAa,qBAAqB;IAChC;;;;;;;;;;OAUG;IAUH,QAAQ,CAAU;CACnB;AAtBD,sDAsBC;AADC;IATC,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YAC7B,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QAClD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACD,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IAClD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;;uDACpC;AAGpB;;;;;;;;;GASG;AACH,MAAa,6BAA6B;IACxC;;;;OAIG;IACH,OAAO,CAAU;CAClB;AAPD,sEAOC"}
+{"version":3,"file":"set-preferred-device.dto.js","sourceRoot":"","sources":["../../src/dto/set-preferred-device.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAoD;AACpD,yDAA8C;AAE9C;;;;;;;;;;;;GAYG;AACH,MAAa,qBAAqB;IAChC;;;;;;;;;;OAUG;IAUH,QAAQ,CAAU;CACnB;AAtBD,sDAsBC;AADC;IATC,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;YAC7B,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;QAClD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;IACD,IAAA,uBAAK,EAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IAClD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;;uDACpC;AAGpB;;;;;;;;;GASG;AACH,MAAa,6BAA6B;IACxC;;;;OAIG;IACH,OAAO,CAAU;CAClB;AAPD,sEAOC"}

package/dist/dto/verify-mfa-setup-response.dto.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Response DTO for verifying MFA setup
+ *
+ * Returned when an authenticated user completes MFA device setup verification.
+ *
+ * @example
+ * ```typescript
+ * const result = await provider.verifySetup(setupData);
+ * // Returns: { deviceId: 123 }
+ * ```
+ */
+export declare class VerifyMFASetupResponseDTO {
+    /**
+     * ID of the newly created MFA device
+     */
+    deviceId: number;
+}
+//# sourceMappingURL=verify-mfa-setup-response.dto.d.ts.map

package/dist/dto/verify-mfa-setup-response.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-mfa-setup-response.dto.d.ts","sourceRoot":"","sources":["../../src/dto/verify-mfa-setup-response.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,qBAAa,yBAAyB;IACpC;;OAEG;IACH,QAAQ,EAAG,MAAM,CAAC;CACnB"}

package/dist/dto/verify-mfa-setup-response.dto.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VerifyMFASetupResponseDTO = void 0;
+/**
+ * Response DTO for verifying MFA setup
+ *
+ * Returned when an authenticated user completes MFA device setup verification.
+ *
+ * @example
+ * ```typescript
+ * const result = await provider.verifySetup(setupData);
+ * // Returns: { deviceId: 123 }
+ * ```
+ */
+class VerifyMFASetupResponseDTO {
+    /**
+     * ID of the newly created MFA device
+     */
+    deviceId;
+}
+exports.VerifyMFASetupResponseDTO = VerifyMFASetupResponseDTO;
+//# sourceMappingURL=verify-mfa-setup-response.dto.js.map

package/dist/dto/verify-mfa-setup-response.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-mfa-setup-response.dto.js","sourceRoot":"","sources":["../../src/dto/verify-mfa-setup-response.dto.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;GAUG;AACH,MAAa,yBAAyB;IACpC;;OAEG;IACH,QAAQ,CAAU;CACnB;AALD,8DAKC"}

package/dist/openapi/components.schemas.json

@@ -2262,118 +2262,56 @@
           "devices": {
             "type": "array",
             "items": {
-              "$ref": "#/components/schemas/IMFADevice"
+              "$ref": "#/components/schemas/MFADeviceResponseDTO"
             },
-            "description": "Array of user's MFA devices"
+            "description": "Array of user's MFA devices (outward-facing format)"
           }
         },
         "required": [
           "devices"
         ],
         "additionalProperties": false,
-        "description": "Response DTO for user MFA devices"
+        "description": "Response DTO for user MFA devices\n\nUses outward-facing device DTOs with `isPreferred` instead of internal `isPrimary`"
       },
-      "IMFADevice": {
+      "MFADeviceResponseDTO": {
         "type": "object",
         "properties": {
           "id": {
-            "type": "number"
-          },
-          "userId": {
-            "type": "number"
+            "type": "number",
+            "description": "Unique device identifier"
           },
           "type": {
-            "$ref": "#/components/schemas/MFADeviceMethod"
+            "$ref": "#/components/schemas/MFADeviceMethod",
+            "description": "MFA method type (totp, sms, email, passkey)"
           },
           "name": {
-            "type": "string"
-          },
-          "secret": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "credentialId": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "publicKey": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "counter": {
-            "type": [
-              "number",
-              "null"
-            ]
-          },
-          "transports": {
-            "anyOf": [
-              {
-                "type": "array",
-                "items": {
-                  "type": "string"
-                }
-              },
-              {
-                "type": "null"
-              }
-            ]
-          },
-          "phoneNumber": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "email": {
-            "type": [
-              "string",
-              "null"
-            ]
+            "type": "string",
+            "description": "Device name (user-assigned)"
           },
-          "isPrimary": {
-            "type": "boolean"
+          "isPreferred": {
+            "type": "boolean",
+            "description": "Whether this is the preferred device for this method Maps from internal `isPrimary` field"
           },
           "isActive": {
-            "type": "boolean"
-          },
-          "lastUsedAt": {
-            "anyOf": [
-              {
-                "type": "string",
-                "format": "date-time"
-              },
-              {
-                "type": "null"
-              }
-            ]
+            "type": "boolean",
+            "description": "Whether device is currently active"
           },
           "createdAt": {
             "type": "string",
-            "format": "date-time"
+            "format": "date-time",
+            "description": "Device creation timestamp"
           }
         },
         "required": [
           "id",
-          "userId",
           "type",
           "name",
-          "secret",
-          "credentialId",
-          "publicKey",
-          "counter",
-          "transports",
+          "isPreferred",
           "isActive",
-          "lastUsedAt",
           "createdAt"
         ],
-        "additionalProperties": false
+        "additionalProperties": false,
+        "description": "Outward-facing MFA device information\n\nNote: Uses `isPreferred` instead of internal `isPrimary` field"
       },
       "GetUserSessionsDTO": {
         "type": "object",
@@ -3450,7 +3388,7 @@
           "deviceId"
         ],
         "additionalProperties": false,
-        "description": "DTO for setting a user's preferred MFA device.\n\nThis updates which device is used by default during MFA challenges. The preferred device is marked with `isPrimary` in the database."
+        "description": "DTO for setting a user's preferred MFA device.\n\nThis updates which device is used by default during MFA challenges. The preferred device is marked with `isPrimary` in the database (internal field). API responses expose this as `isPreferred` (outward-facing field)."
       },
       "SetPreferredDeviceResponseDTO": {
         "type": "object",
@@ -4030,6 +3968,20 @@
         "additionalProperties": false,
         "description": "Response DTO for MFA code verification"
       },
+      "VerifyMFASetupResponseDTO": {
+        "type": "object",
+        "properties": {
+          "deviceId": {
+            "type": "number",
+            "description": "ID of the newly created MFA device"
+          }
+        },
+        "required": [
+          "deviceId"
+        ],
+        "additionalProperties": false,
+        "description": "Response DTO for verifying MFA setup\n\nReturned when an authenticated user completes MFA device setup verification."
+      },
       "VerifyPhoneResponseDTO": {
         "type": "object",
         "properties": {

package/dist/services/admin-auth.service.d.ts

@@ -303,5 +303,12 @@ export declare class AdminAuthService {
      * ```
      */
     setPassword(dto: AdminSetPasswordDTO): Promise<AdminSetPasswordResponseDTO>;
+    /**
+     * Calculate grace period status for a user.
+     *
+     * @param user - User to check
+     * @returns Grace period status with isActive flag and endsAt date
+     */
+    private calculateGracePeriodForUser;
 }
 //# sourceMappingURL=admin-auth.service.d.ts.map

package/dist/services/admin-auth.service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin-auth.service.d.ts","sourceRoot":"","sources":["../../src/services/admin-auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,iBAAiB,EACjB,WAAW,EACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAmB,MAAM,uCAAuC,CAAC;AACpG,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,8CAA8C,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AACjG,OAAO,EACL,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,oCAAoC,EACrC,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAKpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAC;AAEvF;;;;;;;;;;;GAWG;AACH,qBAAa,gBAAgB;IAKzB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,wBAAwB;IACzC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,qBAAqB;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAC1C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACzC,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAC5C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IA3B3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAGvB,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACpD,eAAe,EAAE,eAAe,EAChC,cAAc,EAAE,cAAc,EAC9B,gBAAgB,EAAE,gBAAgB,EAClC,eAAe,EAAE,0BAA0B,EAC3C,wBAAwB,EAAE,wBAAwB,EAClD,iBAAiB,EAAE,iBAAiB,EACpC,qBAAqB,EAAE,4BAA4B,EACnD,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,YAAY,EAAE,mBAAmB,EACjC,YAAY,CAAC,EAAE,gBAAgB,YAAA,EAC/B,wBAAwB,CAAC,EAAE,wBAAwB,YAAA,EACnD,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAC/C,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,iBAAiB,CAAC,EAAE,iBAAiB,YAAA,EACrC,iBAAiB,CAAC,EAAE,UAAU,CAAC,WAAW,CAAC,YAAA,EAC3C,2BAA2B,CAAC,EAAE,UAAU,CAAC,qBAAqB,CAAC,YAAA,EAC/D,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA,EACvD,0BAA0B,CAAC,EAAE,UAAU,CAAC,oBAAoB,CAAC,YAAA,EAC7D,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAC/C,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA;IAuC1E;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;OAWG;IACG,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAI9D;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI7E;;;;;;;;;;;OAWG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IAIrG;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,8BAA8B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIzF;;;;;;;;;;;OAWG;IACG,MAAM,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA8JlE;;;;;;;;;;;;;;;OAeG;IACG,YAAY,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,4BAA4B,CAAC;IAoLpF;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAsEtE;;;;;;;;;;;OAWG;IACG,eAAe,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAoDnF;;;;;;;;;;;;;OAaG;IACG,iBAAiB,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA+DtF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIvF;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,6BAA6B,CAAC;IA+DvF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,oCAAoC,CAAC;IAgD5G;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,2BAA2B,CAAC;CA+ClF"}
+{"version":3,"file":"admin-auth.service.d.ts","sourceRoot":"","sources":["../../src/services/admin-auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAErC,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,iBAAiB,EACjB,WAAW,EACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAEhE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAmB,MAAM,uCAAuC,CAAC;AACpG,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AAChE,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,8CAA8C,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AACjG,OAAO,EACL,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,oCAAoC,EACrC,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAKpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAG1D,OAAO,EAAE,4BAA4B,EAAE,MAAM,yCAAyC,CAAC;AAEvF;;;;;;;;;;;GAWG;AACH,qBAAa,gBAAgB;IAKzB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,wBAAwB;IACzC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,qBAAqB;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAC1C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACzC,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAC5C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IA3B3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAGvB,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACpD,eAAe,EAAE,eAAe,EAChC,cAAc,EAAE,cAAc,EAC9B,gBAAgB,EAAE,gBAAgB,EAClC,eAAe,EAAE,0BAA0B,EAC3C,wBAAwB,EAAE,wBAAwB,EAClD,iBAAiB,EAAE,iBAAiB,EACpC,qBAAqB,EAAE,4BAA4B,EACnD,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,YAAY,EAAE,mBAAmB,EACjC,YAAY,CAAC,EAAE,gBAAgB,YAAA,EAC/B,wBAAwB,CAAC,EAAE,wBAAwB,YAAA,EACnD,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAC/C,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAC3C,iBAAiB,CAAC,EAAE,iBAAiB,YAAA,EACrC,iBAAiB,CAAC,EAAE,UAAU,CAAC,WAAW,CAAC,YAAA,EAC3C,2BAA2B,CAAC,EAAE,UAAU,CAAC,qBAAqB,CAAC,YAAA,EAC/D,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA,EACvD,0BAA0B,CAAC,EAAE,UAAU,CAAC,oBAAoB,CAAC,YAAA,EAC7D,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAC/C,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA;IAuC1E;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;OAWG;IACG,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAI9D;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI7E;;;;;;;;;;;OAWG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IAIrG;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,8BAA8B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIzF;;;;;;;;;;;OAWG;IACG,MAAM,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAuKlE;;;;;;;;;;;;;;;OAeG;IACG,YAAY,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,4BAA4B,CAAC;IA6LpF;;;;;;;;;;;OAWG;IACG,SAAS,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAsEtE;;;;;;;;;;;OAWG;IACG,eAAe,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAoDnF;;;;;;;;;;;;;OAaG;IACG,iBAAiB,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IA+DtF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIvF;;;;;;;;;;;OAWG;IACG,aAAa,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,6BAA6B,CAAC;IA+DvF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,oCAAoC,CAAC;IAgD5G;;;;;;;;;;;OAWG;IACG,WAAW,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,2BAA2B,CAAC;IAgDjF;;;;;OAKG;IACH,OAAO,CAAC,2BAA2B;CA4BpC"}

package/dist/services/admin-auth.service.js

@@ -294,6 +294,8 @@ class AdminAuthService {
             savedUser = (await this.userRepository.save(user));
             this.logger?.log?.(`Admin user created successfully: ${dto.email} (sub: ${savedUser.sub})`);
             try {
+                // Calculate grace period status for metadata
+                const gracePeriodData = this.calculateGracePeriodForUser(savedUser);
                 await this.auditService?.recordEvent({
                     userId: savedUser.id,
                     eventType: auth_audit_event_type_enum_1.AuthAuditEventType.ACCOUNT_CREATED,
@@ -308,6 +310,12 @@ class AdminAuthService {
                         isPhoneVerified: savedUser.isPhoneVerified,
                         mustChangePassword: savedUser.mustChangePassword,
                         passwordGenerated: !!generatedPassword,
+                        ...(gracePeriodData.isActive
+                            ? {
+                                gracePeriodActive: true,
+                                gracePeriodEndsAt: gracePeriodData.endsAt?.toISOString(),
+                            }
+                            : {}),
                     },
                 });
             }
@@ -448,6 +456,8 @@ class AdminAuthService {
             await this.socialAuthService.createOrUpdateSocialAccount(savedUser.id, dto.provider, dto.providerId, dto.providerEmail, dto.socialMetadata);
             this.logger?.log?.(`Admin social user created successfully: ${dto.email} (sub: ${savedUser.sub})`);
             try {
+                // Calculate grace period status for metadata
+                const gracePeriodData = this.calculateGracePeriodForUser(savedUser);
                 await this.auditService?.recordEvent({
                     userId: savedUser.id,
                     eventType: auth_audit_event_type_enum_1.AuthAuditEventType.ACCOUNT_CREATED,
@@ -465,6 +475,12 @@ class AdminAuthService {
                         providerId: dto.providerId,
                         hasPassword: !!dto.password,
                         socialImport: true,
+                        ...(gracePeriodData.isActive
+                            ? {
+                                gracePeriodActive: true,
+                                gracePeriodEndsAt: gracePeriodData.endsAt?.toISOString(),
+                            }
+                            : {}),
                     },
                 });
             }
@@ -881,6 +897,34 @@ class AdminAuthService {
             sessionsRevoked,
         };
     }
+    /**
+     * Calculate grace period status for a user.
+     *
+     * @param user - User to check
+     * @returns Grace period status with isActive flag and endsAt date
+     */
+    calculateGracePeriodForUser(user) {
+        const gracePeriod = this.config.mfa?.gracePeriod ?? 7;
+        // No grace period
+        if (gracePeriod === 0) {
+            return { isActive: false };
+        }
+        // Access createdAt from user interface
+        const userWithDates = user;
+        const createdAt = userWithDates.createdAt;
+        if (!createdAt) {
+            // No creation date - grace period not active
+            return { isActive: false };
+        }
+        const gracePeriodEnd = new Date(createdAt);
+        gracePeriodEnd.setDate(gracePeriodEnd.getDate() + gracePeriod);
+        const now = new Date();
+        const isActive = now < gracePeriodEnd;
+        return {
+            isActive,
+            endsAt: isActive ? gracePeriodEnd : undefined,
+        };
+    }
 }
 exports.AdminAuthService = AdminAuthService;
 //# sourceMappingURL=admin-auth.service.js.map