@nauth-toolkit/core 0.1.36 → 0.1.39

package/dist/services/auth.service.js

@@ -47,7 +47,9 @@ const enable_user_dto_1 = require("../dto/enable-user.dto");
 const login_dto_1 = require("../dto/login.dto");
 const change_password_request_dto_1 = require("../dto/change-password-request.dto");
 const update_user_attributes_request_dto_1 = require("../dto/update-user-attributes-request.dto");
+const update_verified_status_request_dto_1 = require("../dto/update-verified-status-request.dto");
 const user_response_dto_1 = require("../dto/user-response.dto");
+const auth_response_dto_1 = require("../dto/auth-response.dto");
 const auth_challenge_dto_1 = require("../dto/auth-challenge.dto");
 const respond_challenge_dto_1 = require("../dto/respond-challenge.dto");
 const get_user_by_email_dto_1 = require("../dto/get-user-by-email.dto");
@@ -323,15 +325,24 @@ class AuthService {
         // This ensures proper sequential flow: email code first, then phone code after email is verified
         // This prevents user confusion from receiving multiple codes at once
         // ============================================================================
-        // Lifecycle Hook: afterSignup
+        // Lifecycle Hook: postSignup
         // ============================================================================
-        // Execute afterSignup hook immediately after account creation (non-blocking)
-        await this.hookRegistry.executeAfterSignup(savedUser, {
+        // Execute postSignup hook immediately after account creation (non-blocking)
+        await this.hookRegistry.executePostSignup(savedUser, {
             requiresVerification: verificationMethod !== 'none',
             signupType: 'password',
             adminSignup: false,
         });
         // ============================================================================
+        // refresh user data in case post signup hook has modified the user
+        // ============================================================================
+        const refreshedUser = await this.userRepository.findOne({
+            where: { id: savedUser.id },
+        });
+        if (refreshedUser) {
+            savedUser = refreshedUser;
+        }
+        // ============================================================================
         // Challenge System: Determine if user needs to complete challenges
         // ============================================================================
         const response = await this.challengeHelper.determineAuthResponse({
@@ -544,7 +555,7 @@ class AuthService {
         // Lifecycle Hook: afterSignup
         // ============================================================================
         // Execute afterSignup hook immediately after account creation (non-blocking)
-        await this.hookRegistry.executeAfterSignup(savedUser, {
+        await this.hookRegistry.executePostSignup(savedUser, {
             signupType: 'password',
             adminSignup: true,
         });
@@ -725,10 +736,16 @@ class AuthService {
             // Lifecycle Hook: afterSignup
             // ============================================================================
             // Execute afterSignup hook immediately after account creation (non-blocking)
-            await this.hookRegistry.executeAfterSignup(savedUser, {
+            // Extract profile picture from social metadata if available
+            const profilePicture = dto.socialMetadata && typeof dto.socialMetadata === 'object' && 'picture' in dto.socialMetadata
+                ? dto.socialMetadata.picture
+                : null;
+            await this.hookRegistry.executePostSignup(savedUser, {
                 signupType: 'social',
                 provider: dto.provider,
                 adminSignup: true,
+                socialMetadata: dto.socialMetadata || null,
+                profilePicture,
             });
             // ============================================================================
             // Audit: Record account creation by admin (social import)
@@ -1961,19 +1978,8 @@ class AuthService {
         // Note: deviceToken inclusion in response body is handled by CookieTokenInterceptor
         // which checks route-level @TokenDelivery decorator and global config
         // to decide whether to set as cookie and/or strip from body
-        const userDto = user_response_dto_1.UserResponseDto.fromEntity(user);
         const authResponse = {
-            user: {
-                sub: userDto.sub,
-                email: userDto.email,
-                firstName: userDto.firstName,
-                lastName: userDto.lastName,
-                phone: userDto.phone ?? undefined,
-                isEmailVerified: userDto.isEmailVerified,
-                isPhoneVerified: userDto.isPhoneVerified ?? undefined,
-                socialProviders: userDto.socialProviders && userDto.socialProviders.length > 0 ? userDto.socialProviders : undefined,
-                hasPasswordHash: userDto.hasPasswordHash,
-            },
+            user: (0, auth_response_dto_1.toAuthResponseUser)(user),
             accessToken: tokens.accessToken,
             refreshToken: tokens.refreshToken,
             accessTokenExpiresAt: accessTokenValidation.payload?.exp || 0,
@@ -3968,6 +3974,220 @@ class AuthService {
                 userId: user.id,
             });
         }
+        // ============================================================================
+        // Hook: Execute user profile updated hooks
+        // ============================================================================
+        try {
+            // Build changed fields array with old/new values
+            const changedFields = [];
+            // Track all fields that were in updateFields
+            for (const fieldName of Object.keys(updateFields)) {
+                changedFields.push({
+                    fieldName,
+                    oldValue: user[fieldName],
+                    newValue: updateFields[fieldName],
+                });
+            }
+            // Get client info from ClientInfoService
+            const clientInfo = this.clientInfoService.get();
+            // Execute hooks (non-blocking)
+            await this.hookRegistry.executeUserProfileUpdated({
+                user: updatedUser,
+                changedFields,
+                updateSource: 'user_request',
+                clientInfo: {
+                    ipAddress: clientInfo.ipAddress,
+                    userAgent: clientInfo.userAgent,
+                    ipCountry: clientInfo.ipCountry,
+                    ipCity: clientInfo.ipCity,
+                },
+            });
+        }
+        catch (hookError) {
+            // Non-blocking: Log but continue
+            const errorMessage = hookError instanceof Error ? hookError.message : 'Unknown error';
+            this.logger?.error?.(`Failed to execute userProfileUpdated hooks: ${errorMessage}`, {
+                error: hookError,
+                userId: user.id,
+            });
+        }
+        // Return user response DTO
+        return user_response_dto_1.UserResponseDto.fromEntity(updatedUser);
+    }
+    /**
+     * Update email and/or phone verification status.
+     *
+     * Intended for admin use cases such as migration or offline validation.
+     * Updates verification status without requiring actual verification codes.
+     *
+     * Validation:
+     * - Cannot set verified=true if email/phone doesn't exist
+     * - Can set verified=false even if email/phone doesn't exist (default state)
+     * - Only updates provided fields (partial update)
+     *
+     * Audit:
+     * - Records EMAIL_VERIFIED or PHONE_VERIFIED audit events
+     * - Includes performedBy from authenticated admin context
+     *
+     * @param dto - Request DTO containing sub and verification status flags
+     * @returns Updated user object
+     * @throws {NAuthException} If user not found or trying to verify non-existent email/phone
+     *
+     * @example
+     * ```typescript
+     * // Update email verification only
+     * await authService.updateVerifiedStatus({
+     *   sub: 'user-uuid',
+     *   isEmailVerified: true
+     * });
+     *
+     * // Update both email and phone verification
+     * await authService.updateVerifiedStatus({
+     *   sub: 'user-uuid',
+     *   isEmailVerified: true,
+     *   isPhoneVerified: false
+     * });
+     * ```
+     */
+    async updateVerifiedStatus(dto) {
+        // Ensure DTO is validated (supports direct usage without framework validation)
+        dto = await (0, dto_validator_1.ensureValidatedDto)(update_verified_status_request_dto_1.UpdateVerifiedStatusRequestDTO, dto);
+        // Find user by sub (external identifier)
+        const user = (await this.userRepository.findOne({ where: { sub: dto.sub } }));
+        if (!user) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.NOT_FOUND, 'User not found');
+        }
+        // Validate that email exists if trying to set isEmailVerified to true
+        if (dto.isEmailVerified === true && !user.email) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.VALIDATION_FAILED, 'Cannot set email verification to true: user does not have an email address');
+        }
+        // Validate that phone exists if trying to set isPhoneVerified to true
+        if (dto.isPhoneVerified === true && !user.phone) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.VALIDATION_FAILED, 'Cannot set phone verification to true: user does not have a phone number');
+        }
+        // Prepare update object - only include fields that were provided
+        const updateFields = {};
+        if (dto.isEmailVerified !== undefined) {
+            updateFields.isEmailVerified = dto.isEmailVerified;
+        }
+        if (dto.isPhoneVerified !== undefined) {
+            updateFields.isPhoneVerified = dto.isPhoneVerified;
+        }
+        // If no fields to update, return current user
+        if (Object.keys(updateFields).length === 0) {
+            return user_response_dto_1.UserResponseDto.fromEntity(user);
+        }
+        // Update user - use internal id for database update
+        await this.userRepository.update(user.id, updateFields);
+        // Reload user to get updated values
+        const updatedUser = (await this.userRepository.findOne({ where: { id: user.id } }));
+        if (!updatedUser) {
+            throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INTERNAL_ERROR, 'Failed to reload user after update');
+        }
+        // ============================================================================
+        // Audit: Record verification status changes
+        // ============================================================================
+        if (this.auditService) {
+            // Record email verification change if provided
+            if (dto.isEmailVerified !== undefined) {
+                try {
+                    await this.auditService.recordEvent({
+                        userId: user.id,
+                        eventType: auth_audit_event_type_enum_1.AuthAuditEventType.EMAIL_VERIFIED,
+                        eventStatus: dto.isEmailVerified ? 'SUCCESS' : 'INFO',
+                        description: dto.isEmailVerified
+                            ? 'Email verification status set to verified (admin action)'
+                            : 'Email verification status set to unverified (admin action)',
+                        reason: 'admin_verification_update',
+                        metadata: {
+                            previousStatus: user.isEmailVerified,
+                            newStatus: dto.isEmailVerified,
+                            updateMethod: 'admin_direct',
+                            // Client info automatically included from context (performedBy auto-populated)
+                        },
+                    });
+                }
+                catch (auditError) {
+                    // Non-blocking: Log but continue
+                    const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+                    this.logger?.error?.(`Failed to record EMAIL_VERIFIED audit event: ${errorMessage}`, {
+                        error: auditError,
+                        userId: user.id,
+                    });
+                }
+            }
+            // Record phone verification change if provided
+            if (dto.isPhoneVerified !== undefined) {
+                try {
+                    await this.auditService.recordEvent({
+                        userId: user.id,
+                        eventType: auth_audit_event_type_enum_1.AuthAuditEventType.PHONE_VERIFIED,
+                        eventStatus: dto.isPhoneVerified ? 'SUCCESS' : 'INFO',
+                        description: dto.isPhoneVerified
+                            ? 'Phone verification status set to verified (admin action)'
+                            : 'Phone verification status set to unverified (admin action)',
+                        reason: 'admin_verification_update',
+                        metadata: {
+                            previousStatus: user.isPhoneVerified,
+                            newStatus: dto.isPhoneVerified,
+                            updateMethod: 'admin_direct',
+                            // Client info automatically included from context (performedBy auto-populated)
+                        },
+                    });
+                }
+                catch (auditError) {
+                    // Non-blocking: Log but continue
+                    const errorMessage = auditError instanceof Error ? auditError.message : 'Unknown error';
+                    this.logger?.error?.(`Failed to record PHONE_VERIFIED audit event: ${errorMessage}`, {
+                        error: auditError,
+                        userId: user.id,
+                    });
+                }
+            }
+        }
+        // ============================================================================
+        // Hook: Execute user profile updated hooks
+        // ============================================================================
+        try {
+            // Build changed fields array with old/new values
+            const changedFields = [];
+            if (dto.isEmailVerified !== undefined) {
+                changedFields.push({
+                    fieldName: 'isEmailVerified',
+                    oldValue: user.isEmailVerified,
+                    newValue: dto.isEmailVerified,
+                });
+            }
+            if (dto.isPhoneVerified !== undefined) {
+                changedFields.push({
+                    fieldName: 'isPhoneVerified',
+                    oldValue: user.isPhoneVerified,
+                    newValue: dto.isPhoneVerified,
+                });
+            }
+            // Get client info from ClientInfoService
+            const clientInfo = this.clientInfoService.get();
+            // Execute hooks (non-blocking)
+            await this.hookRegistry.executeUserProfileUpdated({
+                user: updatedUser,
+                changedFields,
+                updateSource: 'admin_action',
+                clientInfo: {
+                    ipAddress: clientInfo.ipAddress,
+                    userAgent: clientInfo.userAgent,
+                    ipCountry: clientInfo.ipCountry,
+                    ipCity: clientInfo.ipCity,
+                },
+            });
+        }
+        catch (hookError) {
+            // Non-blocking: Log but continue
+            const errorMessage = hookError instanceof Error ? hookError.message : 'Unknown error';
+            this.logger?.error?.(`Failed to execute userProfileUpdated hooks: ${errorMessage}`, {
+                error: hookError,
+                userId: user.id,
+            });
+        }
         // Return user response DTO
         return user_response_dto_1.UserResponseDto.fromEntity(updatedUser);
     }