@nauth-toolkit/core 0.1.58 → 0.1.60
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +22 -0
- package/dist/bootstrap.js.map +1 -1
- package/dist/dto/admin-reset-password.dto.d.ts +277 -0
- package/dist/dto/admin-reset-password.dto.d.ts.map +1 -0
- package/dist/dto/admin-reset-password.dto.js +402 -0
- package/dist/dto/admin-reset-password.dto.js.map +1 -0
- package/dist/dto/index.d.ts +1 -0
- package/dist/dto/index.d.ts.map +1 -1
- package/dist/dto/index.js +1 -0
- package/dist/dto/index.js.map +1 -1
- package/dist/entities/verification-token.entity.d.ts +3 -2
- package/dist/entities/verification-token.entity.d.ts.map +1 -1
- package/dist/entities/verification-token.entity.js +2 -1
- package/dist/entities/verification-token.entity.js.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.d.ts +12 -0
- package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.js +12 -0
- package/dist/enums/auth-audit-event-type.enum.js.map +1 -1
- package/dist/interfaces/config.interface.d.ts +25 -0
- package/dist/interfaces/config.interface.d.ts.map +1 -1
- package/dist/interfaces/provider.interface.d.ts +10 -0
- package/dist/interfaces/provider.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.d.ts +1 -0
- package/dist/interfaces/template.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.js +1 -0
- package/dist/interfaces/template.interface.js.map +1 -1
- package/dist/services/auth.service.d.ts +79 -0
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +219 -0
- package/dist/services/auth.service.js.map +1 -1
- package/dist/services/password-reset.service.d.ts +54 -6
- package/dist/services/password-reset.service.d.ts.map +1 -1
- package/dist/services/password-reset.service.js +191 -19
- package/dist/services/password-reset.service.js.map +1 -1
- package/dist/services/password.service.d.ts.map +1 -1
- package/dist/services/password.service.js +5 -0
- package/dist/services/password.service.js.map +1 -1
- package/dist/templates/html-template.engine.d.ts.map +1 -1
- package/dist/templates/html-template.engine.js +62 -0
- package/dist/templates/html-template.engine.js.map +1 -1
- package/dist/validators/template.validator.d.ts.map +1 -1
- package/dist/validators/template.validator.js +1 -0
- package/dist/validators/template.validator.js.map +1 -1
- package/package.json +1 -1
|
@@ -13,6 +13,16 @@ export interface EmailProvider {
|
|
|
13
13
|
* Send password reset email
|
|
14
14
|
*/
|
|
15
15
|
sendPasswordResetEmail(to: string, token: string, link: string): Promise<void>;
|
|
16
|
+
/**
|
|
17
|
+
* Send admin-initiated password reset email with code AND optional link
|
|
18
|
+
* Pattern matches sendVerificationEmail (code + optional link)
|
|
19
|
+
*
|
|
20
|
+
* @param to - Recipient email address
|
|
21
|
+
* @param code - Reset code (e.g., "123456")
|
|
22
|
+
* @param link - Optional reset link with token (for consumer apps to build UI)
|
|
23
|
+
* @param expiryMinutes - Code expiry time in minutes
|
|
24
|
+
*/
|
|
25
|
+
sendAdminPasswordResetEmail(to: string, code: string, link?: string, expiryMinutes?: number): Promise<void>;
|
|
16
26
|
/**
|
|
17
27
|
* Send welcome email
|
|
18
28
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"provider.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/provider.interface.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;OAKG;IACH,qBAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9E;;OAEG;IACH,sBAAsB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/E;;OAEG;IACH,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1D;;OAEG;IACH,gBAAgB,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/E;;OAEG;IACH,kBAAkB,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjF;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhH;;;;;;;;;;;;OAYG;IACH,oBAAoB,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE;;;;;;;;;;;;;OAaG;IACH,iBAAiB,CAAC,CAAC,MAAM,EAAE,OAAO,0BAA0B,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAEvF;;;;;;;;;;;;;;;;OAgBG;IACH,kBAAkB,CAAC,CAAC,SAAS,EAAE,OAAO,0BAA0B,EAAE,oBAAoB,GAAG,IAAI,CAAC;CAC/F"}
|
|
1
|
+
{"version":3,"file":"provider.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/provider.interface.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;OAKG;IACH,qBAAqB,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE9E;;OAEG;IACH,sBAAsB,CAAC,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/E;;;;;;;;OAQG;IACH,2BAA2B,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5G;;OAEG;IACH,gBAAgB,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE1D;;OAEG;IACH,gBAAgB,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/E;;OAEG;IACH,kBAAkB,CAAC,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,EAAE,QAAQ,CAAC,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjF;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEhH;;;;;;;;;;;;OAYG;IACH,oBAAoB,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAElE;;;;;;;;;;;;;OAaG;IACH,iBAAiB,CAAC,CAAC,MAAM,EAAE,OAAO,0BAA0B,EAAE,iBAAiB,GAAG,IAAI,CAAC;IAEvF;;;;;;;;;;;;;;;;OAgBG;IACH,kBAAkB,CAAC,CAAC,SAAS,EAAE,OAAO,0BAA0B,EAAE,oBAAoB,GAAG,IAAI,CAAC;CAC/F"}
|
|
@@ -67,6 +67,7 @@ export interface EmailTemplate {
|
|
|
67
67
|
export declare enum TemplateType {
|
|
68
68
|
VERIFICATION = "verification",
|
|
69
69
|
PASSWORD_RESET = "passwordReset",
|
|
70
|
+
ADMIN_PASSWORD_RESET = "adminPasswordReset",
|
|
70
71
|
WELCOME = "welcome",
|
|
71
72
|
ACCOUNT_LOCKOUT = "accountLockout",
|
|
72
73
|
NEW_DEVICE = "newDevice",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"template.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/template.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAEhC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IAGnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;IAGvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAGlB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IAGrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAG1B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CACtD;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;;GAIG;AACH,oBAAY,YAAY;IACtB,YAAY,iBAAiB;IAC7B,cAAc,kBAAkB;IAChC,OAAO,YAAY;IACnB,eAAe,mBAAmB;IAClC,UAAU,cAAc;IACxB,gBAAgB,oBAAoB;IACpC,aAAa,iBAAiB;IAC9B,WAAW,eAAe;CAC3B;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,IAAI,EAAE,cAAc,CAAC;IAErB;;OAEG;IACH,IAAI,CAAC,EAAE,cAAc,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,MAAM,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,EAAE,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAE1F;;;;;;;;;;;;;;;;OAgBG;IACH,gBAAgB,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAC;IAE7E;;;;;;;;;;;;;;;;OAgBG;IACH,2BAA2B,CAAC,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,EAAE,eAAe,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzG;;;;OAIG;IACH,qBAAqB,IAAI,MAAM,EAAE,CAAC;IAElC;;;;;OAKG;IACH,WAAW,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,GAAG,OAAO,CAAC;CACnD;AAED;;;;;GAKG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE;QAC3B,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,cAAc,CAAC,EAAE;QAC7B,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAE9C;;OAEG;IACH,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAC;QACf,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE;QACzB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAEvD;;OAEG;IACH,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE;QAC5B,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CACnD;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;OAIG;IACH,MAAM,CAAC,EAAE,cAAc,CAAC;IAExB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,eAAe,CAAC,EAAE,iBAAiB,CAAC;IAEpC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkDG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAC;CAC5D"}
|
|
1
|
+
{"version":3,"file":"template.interface.d.ts","sourceRoot":"","sources":["../../src/interfaces/template.interface.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH;;;;;GAKG;AACH,MAAM,WAAW,iBAAiB;IAEhC,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IAGnB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,aAAa,CAAC,EAAE,MAAM,CAAC;IAGvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAGlB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IAGrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAG1B,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG,SAAS,CAAC;CACtD;AAED;;;;;GAKG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,OAAO,EAAE,MAAM,CAAC;IAEhB;;OAEG;IACH,IAAI,EAAE,MAAM,CAAC;IAEb;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED;;;;GAIG;AACH,oBAAY,YAAY;IACtB,YAAY,iBAAiB;IAC7B,cAAc,kBAAkB;IAChC,oBAAoB,uBAAuB;IAC3C,OAAO,YAAY;IACnB,eAAe,mBAAmB;IAClC,UAAU,cAAc;IACxB,gBAAgB,oBAAoB;IACpC,aAAa,iBAAiB;IAC9B,WAAW,eAAe;CAC3B;AAED;;;;GAIG;AACH,MAAM,WAAW,cAAc;IAC7B;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,OAAO,EAAE,cAAc,CAAC;IAExB;;OAEG;IACH,IAAI,EAAE,cAAc,CAAC;IAErB;;OAEG;IACH,IAAI,CAAC,EAAE,cAAc,CAAC;CACvB;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,MAAM,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,EAAE,SAAS,EAAE,iBAAiB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IAE1F;;;;;;;;;;;;;;;;OAgBG;IACH,gBAAgB,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAC;IAE7E;;;;;;;;;;;;;;;;OAgBG;IACH,2BAA2B,CAAC,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,EAAE,eAAe,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzG;;;;OAIG;IACH,qBAAqB,IAAI,MAAM,EAAE,CAAC;IAElC;;;;;OAKG;IACH,WAAW,CAAC,IAAI,EAAE,YAAY,GAAG,MAAM,GAAG,OAAO,CAAC;CACnD;AAED;;;;;GAKG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE;QAC3B,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,cAAc,CAAC,EAAE;QAC7B,IAAI,EAAE,MAAM,CAAC;QACb,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAE9C;;OAEG;IACH,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE;QAC9B,MAAM,EAAE,MAAM,CAAC;QACf,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,UAAU,CAAC,EAAE;QACzB,UAAU,EAAE,MAAM,CAAC;QACnB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAEvD;;OAEG;IACH,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE;QAC5B,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;IAEF;;OAEG;IACH,CAAC,YAAY,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;CACnD;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,CAAC;IAEd;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2CG;AACH,MAAM,WAAW,cAAc;IAC7B;;;;OAIG;IACH,MAAM,CAAC,EAAE,cAAc,CAAC;IAExB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6BG;IACH,eAAe,CAAC,EAAE,iBAAiB,CAAC;IAEpC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkDG;IACH,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,wBAAwB,CAAC,CAAC;CAC5D"}
|
|
@@ -18,6 +18,7 @@ var TemplateType;
|
|
|
18
18
|
(function (TemplateType) {
|
|
19
19
|
TemplateType["VERIFICATION"] = "verification";
|
|
20
20
|
TemplateType["PASSWORD_RESET"] = "passwordReset";
|
|
21
|
+
TemplateType["ADMIN_PASSWORD_RESET"] = "adminPasswordReset";
|
|
21
22
|
TemplateType["WELCOME"] = "welcome";
|
|
22
23
|
TemplateType["ACCOUNT_LOCKOUT"] = "accountLockout";
|
|
23
24
|
TemplateType["NEW_DEVICE"] = "newDevice";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"template.interface.js","sourceRoot":"","sources":["../../src/interfaces/template.interface.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAsEH;;;;GAIG;AACH,IAAY,
|
|
1
|
+
{"version":3,"file":"template.interface.js","sourceRoot":"","sources":["../../src/interfaces/template.interface.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAsEH;;;;GAIG;AACH,IAAY,YAUX;AAVD,WAAY,YAAY;IACtB,6CAA6B,CAAA;IAC7B,gDAAgC,CAAA;IAChC,2DAA2C,CAAA;IAC3C,mCAAmB,CAAA;IACnB,kDAAkC,CAAA;IAClC,wCAAwB,CAAA;IACxB,oDAAoC,CAAA;IACpC,8CAA8B,CAAA;IAC9B,0CAA0B,CAAA;AAC5B,CAAC,EAVW,YAAY,4BAAZ,YAAY,QAUvB"}
|
|
@@ -44,6 +44,7 @@ import { ResendCodeResponseDTO } from '../dto/resend-code-response.dto';
|
|
|
44
44
|
import { SetMustChangePasswordDTO } from '../dto/set-must-change-password.dto';
|
|
45
45
|
import { SetMustChangePasswordResponseDTO } from '../dto/set-must-change-password-response.dto';
|
|
46
46
|
import { AdminSetPasswordDTO, AdminSetPasswordResponseDTO } from '../dto/admin-set-password.dto';
|
|
47
|
+
import { AdminResetPasswordDTO, AdminResetPasswordResponseDTO, ConfirmAdminResetPasswordDTO, ConfirmAdminResetPasswordResponseDTO } from '../dto/admin-reset-password.dto';
|
|
47
48
|
import { ForgotPasswordDTO, ForgotPasswordResponseDTO } from '../dto/forgot-password.dto';
|
|
48
49
|
import { ConfirmForgotPasswordDTO, ConfirmForgotPasswordResponseDTO } from '../dto/confirm-forgot-password.dto';
|
|
49
50
|
import { TrustDeviceResponseDTO } from '../dto/trust-device-response.dto';
|
|
@@ -749,6 +750,84 @@ export declare class AuthService {
|
|
|
749
750
|
* ```
|
|
750
751
|
*/
|
|
751
752
|
setMustChangePassword(dto: SetMustChangePasswordDTO): Promise<SetMustChangePasswordResponseDTO>;
|
|
753
|
+
/**
|
|
754
|
+
* Admin-only: Initiate a code-based password reset workflow.
|
|
755
|
+
*
|
|
756
|
+
* Unlike adminSetPassword(), this sends a verification code (and optional link)
|
|
757
|
+
* to the user via email/SMS and allows them to set their own password.
|
|
758
|
+
*
|
|
759
|
+
* Features:
|
|
760
|
+
* - Code + optional link delivery (like email verification)
|
|
761
|
+
* - Optional immediate session revocation
|
|
762
|
+
* - Configurable expiry (default 1 hour)
|
|
763
|
+
* - Admin-specific email template
|
|
764
|
+
* - No rate limiting (admin bypass)
|
|
765
|
+
* - Separate audit trail with reason
|
|
766
|
+
*
|
|
767
|
+
* Security:
|
|
768
|
+
* - Admin-only operation (protect route with admin guard)
|
|
769
|
+
* - Non-enumerating (throws NOT_FOUND if user doesn't exist)
|
|
770
|
+
* - Separate token type ('admin_password_reset')
|
|
771
|
+
* - Audit logging with reason
|
|
772
|
+
*
|
|
773
|
+
* @param dto - Admin reset password request
|
|
774
|
+
* @returns Response with masked destination, expiry, and sessions revoked count
|
|
775
|
+
* @throws {NAuthException} NOT_FOUND when user not found
|
|
776
|
+
*
|
|
777
|
+
* @example
|
|
778
|
+
* ```typescript
|
|
779
|
+
* // With link for custom UI
|
|
780
|
+
* const result = await authService.adminResetPassword({
|
|
781
|
+
* identifier: 'user@example.com',
|
|
782
|
+
* baseUrl: 'https://myapp.com/reset-password',
|
|
783
|
+
* revokeSessions: true,
|
|
784
|
+
* reason: 'User reported compromise'
|
|
785
|
+
* });
|
|
786
|
+
* // result: { success: true, destination: 'u***r@example.com', expiresIn: 3600, sessionsRevoked: 3 }
|
|
787
|
+
*
|
|
788
|
+
* // Code only (no link)
|
|
789
|
+
* const result = await authService.adminResetPassword({
|
|
790
|
+
* identifier: 'user@example.com'
|
|
791
|
+
* });
|
|
792
|
+
* ```
|
|
793
|
+
*/
|
|
794
|
+
adminResetPassword(dto: AdminResetPasswordDTO): Promise<AdminResetPasswordResponseDTO>;
|
|
795
|
+
/**
|
|
796
|
+
* Complete admin-initiated password reset with verification code or token.
|
|
797
|
+
*
|
|
798
|
+
* Accepts either:
|
|
799
|
+
* - code: Short numeric code from email/SMS (6-10 digits, attempt tracking)
|
|
800
|
+
* - token: Long hex token from link (64 chars, single use, no attempts)
|
|
801
|
+
*
|
|
802
|
+
* Security:
|
|
803
|
+
* - Verifies code/token via PasswordResetService
|
|
804
|
+
* - Enforces password policy and history
|
|
805
|
+
* - Always revokes all sessions on completion
|
|
806
|
+
* - Does not force password change (user already set new password)
|
|
807
|
+
* - Records audit event
|
|
808
|
+
*
|
|
809
|
+
* @param dto - Confirm admin reset password request
|
|
810
|
+
* @returns Success response
|
|
811
|
+
* @throws {NAuthException} NOT_FOUND | PASSWORD_RESET_CODE_INVALID | PASSWORD_RESET_CODE_EXPIRED | PASSWORD_RESET_MAX_ATTEMPTS | WEAK_PASSWORD | PASSWORD_REUSED | INVALID_CREDENTIALS
|
|
812
|
+
*
|
|
813
|
+
* @example
|
|
814
|
+
* ```typescript
|
|
815
|
+
* // With code
|
|
816
|
+
* await authService.confirmAdminResetPassword({
|
|
817
|
+
* identifier: 'user@example.com',
|
|
818
|
+
* code: '123456',
|
|
819
|
+
* newPassword: 'NewSecurePass123!'
|
|
820
|
+
* });
|
|
821
|
+
*
|
|
822
|
+
* // With token from link
|
|
823
|
+
* await authService.confirmAdminResetPassword({
|
|
824
|
+
* identifier: 'user@example.com',
|
|
825
|
+
* token: '64-char-hex-token',
|
|
826
|
+
* newPassword: 'NewSecurePass123!'
|
|
827
|
+
* });
|
|
828
|
+
* ```
|
|
829
|
+
*/
|
|
830
|
+
confirmAdminResetPassword(dto: ConfirmAdminResetPasswordDTO): Promise<ConfirmAdminResetPasswordResponseDTO>;
|
|
752
831
|
/**
|
|
753
832
|
* Admin-only: Reset a user's password by identifier.
|
|
754
833
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,KAAK,EAAY,MAAM,kCAAkC,CAAC;AACnE,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,iBAAiB,EACjB,WAAW,EACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAGhE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,aAAa,EAAsB,MAAM,0BAA0B,CAAC;AAY9F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAmB,MAAM,uCAAuC,CAAC;AACpG,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,8CAA8C,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AACjG,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAAE,gCAAgC,EAAE,MAAM,oCAAoC,CAAC;AAChH,OAAO,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,uCAAuC,CAAC;AAGnF,OAAO,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAI9D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAmBpD,qBAAa,WAAW;IAKpB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,wBAAwB;IACzC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,qBAAqB;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;IAC5B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACzC,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAC5C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IA7B3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAGvB,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACpD,eAAe,EAAE,eAAe,EAChC,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,cAAc,EAC9B,gBAAgB,EAAE,gBAAgB,EAClC,eAAe,EAAE,0BAA0B,EAC3C,wBAAwB,EAAE,wBAAwB,EAClD,iBAAiB,EAAE,iBAAiB,EACpC,qBAAqB,EAAE,4BAA4B,EACnD,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,YAAY,EAAE,mBAAmB,EACjC,YAAY,CAAC,EAAE,gBAAgB,YAAA,EAAE,wEAAwE;IACzG,wBAAwB,CAAC,EAAE,wBAAwB,YAAA,EAAE,4DAA4D;IACjH,UAAU,CAAC,EAAE,UAAU,YAAA,EAAE,qDAAqD;IAC9E,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAAE,qDAAqD;IACtG,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAAE,gEAAgE;IAC7G,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAAE,iEAAiE;IAC9G,iBAAiB,CAAC,EAAE,iBAAiB,YAAA,EAAE,2DAA2D;IAClG,iBAAiB,CAAC,EAAE,UAAU,CAAC,WAAW,CAAC,YAAA,EAAE,kCAAkC;IAC/E,2BAA2B,CAAC,EAAE,UAAU,CAAC,qBAAqB,CAAC,YAAA,EAAE,kCAAkC;IACnG,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA,EAAE,kCAAkC;IAC3F,0BAA0B,CAAC,EAAE,UAAU,CAAC,oBAAoB,CAAC,YAAA,EAAE,kCAAkC;IACjG,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAAE,kCAAkC;IACnF,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA;IA4C1E;;;;;;;;;;;;;;;;;;OAkBG;IACG,MAAM,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,CAAC;IA0NtD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAoCG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiMvE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2CG;IACG,iBAAiB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,4BAA4B,CAAC;IAgQzF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACG,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAI9D;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAIvE;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAOpE;;;;;;;;;;;;;;;;;OAiBG;IACG,KAAK,CAAC,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,eAAe,CAAC;IAitBpD;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,kBAAkB,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,eAAe,CAAC;IA+D5E;;;;;;;;;;;;;;;;;;;OAmBG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAgIpE;;;;;;;;;;;;;;;OAeG;IACG,WAAW,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAiGpD;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,eAAe,IAAI,OAAO,CAAC,0BAA0B,CAAC;IAyC5D;;;;;;;;;;;;;;OAcG;IACG,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,CAAC;IAuRhE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,MAAM,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,iBAAiB,CAAC;IA8GxD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACG,SAAS,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAgIjE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACG,eAAe,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IA8DnF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAyCG;IACG,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAiF7E;;;;;;;;;;;;;;;;;;;OAmBG;IACG,cAAc,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAoDvF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,8BAA8B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIzF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,oBAAoB,CAAC,GAAG,EAAE,8BAA8B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIzF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,mBAAmB,CAAC,GAAG,EAAE,sBAAsB,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAoB/F;;;;;;;;;;;;;;;;;;;OAmBG;IACG,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAIxD;;;;;;;;;;OAUG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI7E;;;;;;;;;;;;;OAaG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IAIrG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACG,gBAAgB,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,2BAA2B,CAAC;IA4EtF;;;;;;;;;;;;;;;OAeG;IACG,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IA4EhF;;;;;;;;;;;;OAYG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;CAuCtG"}
|
|
1
|
+
{"version":3,"file":"auth.service.d.ts","sourceRoot":"","sources":["../../src/services/auth.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,KAAK,EAAY,MAAM,kCAAkC,CAAC;AACnE,OAAO,EACL,QAAQ,EACR,gBAAgB,EAChB,aAAa,EACb,oBAAoB,EACpB,qBAAqB,EACrB,iBAAiB,EACjB,aAAa,EACb,iBAAiB,EACjB,WAAW,EACZ,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AACnD,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAAE,0BAA0B,EAAE,MAAM,iCAAiC,CAAC;AAC7E,OAAO,EAAE,4BAA4B,EAAE,MAAM,4CAA4C,CAAC;AAC1F,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACpF,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAGhE,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAE3C,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,oBAAoB,EAAE,4BAA4B,EAAE,MAAM,gCAAgC,CAAC;AACpG,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AACxE,OAAO,EAAE,cAAc,EAAE,sBAAsB,EAAE,MAAM,yBAAyB,CAAC;AACjF,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC;AAC9E,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,yBAAyB,EAAE,MAAM,qCAAqC,CAAC;AAChF,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,eAAe,EAAE,aAAa,EAAsB,MAAM,0BAA0B,CAAC;AAY9F,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAC3D,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAClE,OAAO,EAAE,0BAA0B,EAAmB,MAAM,uCAAuC,CAAC;AACpG,OAAO,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC7D,OAAO,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AAC9E,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,qBAAqB,EAAE,MAAM,iCAAiC,CAAC;AACxE,OAAO,EAAE,wBAAwB,EAAE,MAAM,qCAAqC,CAAC;AAC/E,OAAO,EAAE,gCAAgC,EAAE,MAAM,8CAA8C,CAAC;AAChG,OAAO,EAAE,mBAAmB,EAAE,2BAA2B,EAAE,MAAM,+BAA+B,CAAC;AACjG,OAAO,EACL,qBAAqB,EACrB,6BAA6B,EAC7B,4BAA4B,EAC5B,oCAAoC,EACrC,MAAM,iCAAiC,CAAC;AACzC,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,4BAA4B,CAAC;AAC1F,OAAO,EAAE,wBAAwB,EAAE,gCAAgC,EAAE,MAAM,oCAAoC,CAAC;AAChH,OAAO,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,0BAA0B,EAAE,MAAM,uCAAuC,CAAC;AAGnF,OAAO,EAAE,sBAAsB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,8BAA8B,EAAE,MAAM,2CAA2C,CAAC;AAC3F,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAI9D,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAmBpD,qBAAa,WAAW;IAKpB,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IACvC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,UAAU;IAC3B,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,eAAe;IAChC,OAAO,CAAC,QAAQ,CAAC,wBAAwB;IACzC,OAAO,CAAC,QAAQ,CAAC,iBAAiB;IAClC,OAAO,CAAC,QAAQ,CAAC,qBAAqB;IACtC,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IAC1C,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC;IAC5B,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,oBAAoB,CAAC;IACtC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,2BAA2B,CAAC;IAC7C,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IACzC,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC;IAC5C,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC;IACrC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC;IA7B3C,OAAO,CAAC,QAAQ,CAAC,OAAO,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAGvB,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,sBAAsB,EAAE,UAAU,CAAC,gBAAgB,CAAC,EACpD,eAAe,EAAE,eAAe,EAChC,UAAU,EAAE,UAAU,EACtB,cAAc,EAAE,cAAc,EAC9B,gBAAgB,EAAE,gBAAgB,EAClC,eAAe,EAAE,0BAA0B,EAC3C,wBAAwB,EAAE,wBAAwB,EAClD,iBAAiB,EAAE,iBAAiB,EACpC,qBAAqB,EAAE,4BAA4B,EACnD,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,WAAW,EACnB,YAAY,EAAE,mBAAmB,EACjC,YAAY,CAAC,EAAE,gBAAgB,YAAA,EAAE,wEAAwE;IACzG,wBAAwB,CAAC,EAAE,wBAAwB,YAAA,EAAE,4DAA4D;IACjH,UAAU,CAAC,EAAE,UAAU,YAAA,EAAE,qDAAqD;IAC9E,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAAE,qDAAqD;IACtG,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAAE,gEAAgE;IAC7G,oBAAoB,CAAC,EAAE,oBAAoB,YAAA,EAAE,iEAAiE;IAC9G,iBAAiB,CAAC,EAAE,iBAAiB,YAAA,EAAE,2DAA2D;IAClG,iBAAiB,CAAC,EAAE,UAAU,CAAC,WAAW,CAAC,YAAA,EAAE,kCAAkC;IAC/E,2BAA2B,CAAC,EAAE,UAAU,CAAC,qBAAqB,CAAC,YAAA,EAAE,kCAAkC;IACnG,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA,EAAE,kCAAkC;IAC3F,0BAA0B,CAAC,EAAE,UAAU,CAAC,oBAAoB,CAAC,YAAA,EAAE,kCAAkC;IACjG,mBAAmB,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,YAAA,EAAE,kCAAkC;IACnF,uBAAuB,CAAC,EAAE,UAAU,CAAC,iBAAiB,CAAC,YAAA;IA4C1E;;;;;;;;;;;;;;;;;;OAkBG;IACG,MAAM,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,eAAe,CAAC;IA0NtD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAoCG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiMvE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2CG;IACG,iBAAiB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,4BAA4B,CAAC;IAgQzF;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAIpE;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACG,QAAQ,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAI9D;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAIvE;;;;;;;;;;;;;;;;;;;;;;;OAuBG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAOpE;;;;;;;;;;;;;;;;;OAiBG;IACG,KAAK,CAAC,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,eAAe,CAAC;IAitBpD;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,kBAAkB,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,eAAe,CAAC;IA+D5E;;;;;;;;;;;;;;;;;;;OAmBG;IACG,UAAU,CAAC,GAAG,EAAE,aAAa,GAAG,OAAO,CAAC,qBAAqB,CAAC;IAgIpE;;;;;;;;;;;;;;;OAeG;IACG,WAAW,IAAI,OAAO,CAAC,sBAAsB,CAAC;IAiGpD;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,eAAe,IAAI,OAAO,CAAC,0BAA0B,CAAC;IAyC5D;;;;;;;;;;;;;;OAcG;IACG,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,aAAa,CAAC;IAuRhE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,MAAM,CAAC,GAAG,EAAE,SAAS,GAAG,OAAO,CAAC,iBAAiB,CAAC;IA8GxD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACG,SAAS,CAAC,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,oBAAoB,CAAC;IAgIjE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACG,eAAe,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IA8DnF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAyCG;IACG,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAiF7E;;;;;;;;;;;;;;;;;;;OAmBG;IACG,cAAc,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAoDvF;;;;;;;;;;;OAWG;IACG,oBAAoB,CAAC,GAAG,EAAE,8BAA8B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIzF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,oBAAoB,CAAC,GAAG,EAAE,8BAA8B,GAAG,OAAO,CAAC,eAAe,CAAC;IAIzF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,mBAAmB,CAAC,GAAG,EAAE,sBAAsB,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAoB/F;;;;;;;;;;;;;;;;;;;OAmBG;IACG,qBAAqB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAAC;IAIxD;;;;;;;;;;OAUG;IACG,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAIvE;;;;;;;;;;;OAWG;IACG,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC;IAI7E;;;;;;;;;;;;;OAaG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;IAIrG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAwCG;IACG,kBAAkB,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,6BAA6B,CAAC;IA6F5F;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACG,yBAAyB,CAAC,GAAG,EAAE,4BAA4B,GAAG,OAAO,CAAC,oCAAoC,CAAC;IA4FjH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA+BG;IACG,gBAAgB,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,2BAA2B,CAAC;IA4EtF;;;;;;;;;;;;;;;OAeG;IACG,cAAc,CAAC,GAAG,EAAE,iBAAiB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IA4EhF;;;;;;;;;;;;OAYG;IACG,qBAAqB,CAAC,GAAG,EAAE,wBAAwB,GAAG,OAAO,CAAC,gCAAgC,CAAC;CAuCtG"}
|
|
@@ -53,6 +53,7 @@ const logout_session_dto_1 = require("../dto/logout-session.dto");
|
|
|
53
53
|
const refresh_token_dto_1 = require("../dto/refresh-token.dto");
|
|
54
54
|
const resend_code_dto_1 = require("../dto/resend-code.dto");
|
|
55
55
|
const admin_set_password_dto_1 = require("../dto/admin-set-password.dto");
|
|
56
|
+
const admin_reset_password_dto_1 = require("../dto/admin-reset-password.dto");
|
|
56
57
|
const forgot_password_dto_1 = require("../dto/forgot-password.dto");
|
|
57
58
|
const confirm_forgot_password_dto_1 = require("../dto/confirm-forgot-password.dto");
|
|
58
59
|
const verify_email_dto_1 = require("../dto/verify-email.dto");
|
|
@@ -2849,6 +2850,224 @@ class AuthService {
|
|
|
2849
2850
|
async setMustChangePassword(dto) {
|
|
2850
2851
|
return await this.userService.setMustChangePassword(dto);
|
|
2851
2852
|
}
|
|
2853
|
+
/**
|
|
2854
|
+
* Admin-only: Initiate a code-based password reset workflow.
|
|
2855
|
+
*
|
|
2856
|
+
* Unlike adminSetPassword(), this sends a verification code (and optional link)
|
|
2857
|
+
* to the user via email/SMS and allows them to set their own password.
|
|
2858
|
+
*
|
|
2859
|
+
* Features:
|
|
2860
|
+
* - Code + optional link delivery (like email verification)
|
|
2861
|
+
* - Optional immediate session revocation
|
|
2862
|
+
* - Configurable expiry (default 1 hour)
|
|
2863
|
+
* - Admin-specific email template
|
|
2864
|
+
* - No rate limiting (admin bypass)
|
|
2865
|
+
* - Separate audit trail with reason
|
|
2866
|
+
*
|
|
2867
|
+
* Security:
|
|
2868
|
+
* - Admin-only operation (protect route with admin guard)
|
|
2869
|
+
* - Non-enumerating (throws NOT_FOUND if user doesn't exist)
|
|
2870
|
+
* - Separate token type ('admin_password_reset')
|
|
2871
|
+
* - Audit logging with reason
|
|
2872
|
+
*
|
|
2873
|
+
* @param dto - Admin reset password request
|
|
2874
|
+
* @returns Response with masked destination, expiry, and sessions revoked count
|
|
2875
|
+
* @throws {NAuthException} NOT_FOUND when user not found
|
|
2876
|
+
*
|
|
2877
|
+
* @example
|
|
2878
|
+
* ```typescript
|
|
2879
|
+
* // With link for custom UI
|
|
2880
|
+
* const result = await authService.adminResetPassword({
|
|
2881
|
+
* identifier: 'user@example.com',
|
|
2882
|
+
* baseUrl: 'https://myapp.com/reset-password',
|
|
2883
|
+
* revokeSessions: true,
|
|
2884
|
+
* reason: 'User reported compromise'
|
|
2885
|
+
* });
|
|
2886
|
+
* // result: { success: true, destination: 'u***r@example.com', expiresIn: 3600, sessionsRevoked: 3 }
|
|
2887
|
+
*
|
|
2888
|
+
* // Code only (no link)
|
|
2889
|
+
* const result = await authService.adminResetPassword({
|
|
2890
|
+
* identifier: 'user@example.com'
|
|
2891
|
+
* });
|
|
2892
|
+
* ```
|
|
2893
|
+
*/
|
|
2894
|
+
async adminResetPassword(dto) {
|
|
2895
|
+
// Ensure DTO is validated (supports direct usage without framework validation)
|
|
2896
|
+
dto = await (0, dto_validator_1.ensureValidatedDto)(admin_reset_password_dto_1.AdminResetPasswordDTO, dto);
|
|
2897
|
+
this.logger?.log?.(`Admin password reset requested for identifier: ${dto.identifier}`);
|
|
2898
|
+
this.logger?.debug?.(`Reset details: { identifier: ${dto.identifier}, deliveryMethod: ${dto.deliveryMethod ?? 'email'}, revokeSessions: ${dto.revokeSessions ?? false}, baseUrl: ${dto.baseUrl ?? 'none'}, reason: ${dto.reason ?? 'none'} }`);
|
|
2899
|
+
// ============================================================================
|
|
2900
|
+
// Find User by Identifier
|
|
2901
|
+
// ============================================================================
|
|
2902
|
+
// Support multiple identifier types: email, username, phone, or sub (UUID)
|
|
2903
|
+
let user = null;
|
|
2904
|
+
// Try to find by sub (UUID) first if it looks like a UUID.
|
|
2905
|
+
// WHY: Many deployments treat `sub` as the primary immutable identifier.
|
|
2906
|
+
if ((0, class_validator_1.isUUID)(dto.identifier)) {
|
|
2907
|
+
this.logger?.debug?.(`Identifier appears to be UUID, searching by sub: ${dto.identifier}`);
|
|
2908
|
+
user = (await this.userRepository.findOne({ where: { sub: dto.identifier } }));
|
|
2909
|
+
}
|
|
2910
|
+
// If not found by sub, try by identifier (email, username, phone)
|
|
2911
|
+
if (!user) {
|
|
2912
|
+
this.logger?.debug?.(`Searching by identifier (email/username/phone): ${dto.identifier}`);
|
|
2913
|
+
user = await this.helpers.findUserByIdentifier(dto.identifier);
|
|
2914
|
+
}
|
|
2915
|
+
if (!user) {
|
|
2916
|
+
this.logger?.warn?.(`Admin password reset failed - user not found: ${dto.identifier}`);
|
|
2917
|
+
throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.NOT_FOUND, 'User not found');
|
|
2918
|
+
}
|
|
2919
|
+
if (!this.passwordResetService) {
|
|
2920
|
+
this.logger?.error?.('Password reset service not available');
|
|
2921
|
+
throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.SERVICE_UNAVAILABLE, 'Password reset service is not configured. Please configure an email provider.');
|
|
2922
|
+
}
|
|
2923
|
+
// ============================================================================
|
|
2924
|
+
// Optionally revoke sessions immediately (before sending reset email)
|
|
2925
|
+
// ============================================================================
|
|
2926
|
+
const revokeSessions = dto.revokeSessions ?? false;
|
|
2927
|
+
let sessionsRevoked = 0;
|
|
2928
|
+
if (revokeSessions) {
|
|
2929
|
+
sessionsRevoked = await this.sessionService.revokeAllUserSessions(user.id, 'Admin initiated password reset');
|
|
2930
|
+
this.logger?.log?.(`Revoked ${sessionsRevoked} sessions for user ${user.sub}`);
|
|
2931
|
+
}
|
|
2932
|
+
// ============================================================================
|
|
2933
|
+
// Request admin reset with code + link
|
|
2934
|
+
// ============================================================================
|
|
2935
|
+
const delivery = dto.deliveryMethod || 'email';
|
|
2936
|
+
const expiresIn = dto.codeExpiresIn || 3600; // Default 1 hour
|
|
2937
|
+
const result = await this.passwordResetService.requestAdminReset(user, delivery, {
|
|
2938
|
+
expiresIn,
|
|
2939
|
+
baseUrl: dto.baseUrl, // Consumer app can build custom UI
|
|
2940
|
+
});
|
|
2941
|
+
// ============================================================================
|
|
2942
|
+
// Audit Logging
|
|
2943
|
+
// ============================================================================
|
|
2944
|
+
await this.auditService?.recordEvent({
|
|
2945
|
+
userId: user.id,
|
|
2946
|
+
eventType: auth_audit_event_type_enum_1.AuthAuditEventType.ADMIN_PASSWORD_RESET_INITIATED,
|
|
2947
|
+
eventStatus: 'INFO',
|
|
2948
|
+
authMethod: 'password',
|
|
2949
|
+
description: dto.reason || 'Admin initiated password reset',
|
|
2950
|
+
reason: dto.reason, // Store reason in audit event
|
|
2951
|
+
metadata: {
|
|
2952
|
+
medium: delivery,
|
|
2953
|
+
expiresIn,
|
|
2954
|
+
sessionsRevoked,
|
|
2955
|
+
hasBaseUrl: !!dto.baseUrl,
|
|
2956
|
+
},
|
|
2957
|
+
});
|
|
2958
|
+
// ============================================================================
|
|
2959
|
+
// Return Response
|
|
2960
|
+
// ============================================================================
|
|
2961
|
+
return {
|
|
2962
|
+
success: true,
|
|
2963
|
+
destination: result.destination,
|
|
2964
|
+
deliveryMedium: result.deliveryMedium,
|
|
2965
|
+
expiresIn: result.expiresIn,
|
|
2966
|
+
sessionsRevoked: revokeSessions ? sessionsRevoked : undefined,
|
|
2967
|
+
};
|
|
2968
|
+
}
|
|
2969
|
+
/**
|
|
2970
|
+
* Complete admin-initiated password reset with verification code or token.
|
|
2971
|
+
*
|
|
2972
|
+
* Accepts either:
|
|
2973
|
+
* - code: Short numeric code from email/SMS (6-10 digits, attempt tracking)
|
|
2974
|
+
* - token: Long hex token from link (64 chars, single use, no attempts)
|
|
2975
|
+
*
|
|
2976
|
+
* Security:
|
|
2977
|
+
* - Verifies code/token via PasswordResetService
|
|
2978
|
+
* - Enforces password policy and history
|
|
2979
|
+
* - Always revokes all sessions on completion
|
|
2980
|
+
* - Does not force password change (user already set new password)
|
|
2981
|
+
* - Records audit event
|
|
2982
|
+
*
|
|
2983
|
+
* @param dto - Confirm admin reset password request
|
|
2984
|
+
* @returns Success response
|
|
2985
|
+
* @throws {NAuthException} NOT_FOUND | PASSWORD_RESET_CODE_INVALID | PASSWORD_RESET_CODE_EXPIRED | PASSWORD_RESET_MAX_ATTEMPTS | WEAK_PASSWORD | PASSWORD_REUSED | INVALID_CREDENTIALS
|
|
2986
|
+
*
|
|
2987
|
+
* @example
|
|
2988
|
+
* ```typescript
|
|
2989
|
+
* // With code
|
|
2990
|
+
* await authService.confirmAdminResetPassword({
|
|
2991
|
+
* identifier: 'user@example.com',
|
|
2992
|
+
* code: '123456',
|
|
2993
|
+
* newPassword: 'NewSecurePass123!'
|
|
2994
|
+
* });
|
|
2995
|
+
*
|
|
2996
|
+
* // With token from link
|
|
2997
|
+
* await authService.confirmAdminResetPassword({
|
|
2998
|
+
* identifier: 'user@example.com',
|
|
2999
|
+
* token: '64-char-hex-token',
|
|
3000
|
+
* newPassword: 'NewSecurePass123!'
|
|
3001
|
+
* });
|
|
3002
|
+
* ```
|
|
3003
|
+
*/
|
|
3004
|
+
async confirmAdminResetPassword(dto) {
|
|
3005
|
+
// Ensure DTO is validated (supports direct usage without framework validation)
|
|
3006
|
+
dto = await (0, dto_validator_1.ensureValidatedDto)(admin_reset_password_dto_1.ConfirmAdminResetPasswordDTO, dto);
|
|
3007
|
+
this.logger?.log?.(`Confirm admin password reset for identifier: ${dto.identifier}`);
|
|
3008
|
+
// ============================================================================
|
|
3009
|
+
// Validate that either code or token is provided
|
|
3010
|
+
// ============================================================================
|
|
3011
|
+
if (!dto.code && !dto.token) {
|
|
3012
|
+
throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INVALID_CREDENTIALS, 'Either code or token is required to confirm password reset');
|
|
3013
|
+
}
|
|
3014
|
+
// ============================================================================
|
|
3015
|
+
// Find User by Identifier
|
|
3016
|
+
// ============================================================================
|
|
3017
|
+
let user = null;
|
|
3018
|
+
if ((0, class_validator_1.isUUID)(dto.identifier)) {
|
|
3019
|
+
this.logger?.debug?.(`Identifier appears to be UUID, searching by sub: ${dto.identifier}`);
|
|
3020
|
+
user = (await this.userRepository.findOne({ where: { sub: dto.identifier } }));
|
|
3021
|
+
}
|
|
3022
|
+
if (!user) {
|
|
3023
|
+
this.logger?.debug?.(`Searching by identifier (email/username/phone): ${dto.identifier}`);
|
|
3024
|
+
user = await this.helpers.findUserByIdentifier(dto.identifier);
|
|
3025
|
+
}
|
|
3026
|
+
if (!user) {
|
|
3027
|
+
this.logger?.warn?.(`Confirm admin reset failed - user not found: ${dto.identifier}`);
|
|
3028
|
+
throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.NOT_FOUND, 'User not found');
|
|
3029
|
+
}
|
|
3030
|
+
if (!this.passwordResetService) {
|
|
3031
|
+
this.logger?.error?.('Password reset service not available');
|
|
3032
|
+
throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.SERVICE_UNAVAILABLE, 'Password reset service is not configured. Please configure an email provider.');
|
|
3033
|
+
}
|
|
3034
|
+
// ============================================================================
|
|
3035
|
+
// Verify code or token
|
|
3036
|
+
// ============================================================================
|
|
3037
|
+
const codeOrToken = dto.code || dto.token;
|
|
3038
|
+
if (!codeOrToken) {
|
|
3039
|
+
throw new nauth_exception_1.NAuthException(error_codes_enum_1.AuthErrorCode.INVALID_CREDENTIALS, 'Either code or token is required to confirm password reset');
|
|
3040
|
+
}
|
|
3041
|
+
await this.passwordResetService.consumeValidCode(user, codeOrToken, 'admin_password_reset');
|
|
3042
|
+
// ============================================================================
|
|
3043
|
+
// Update password
|
|
3044
|
+
// ============================================================================
|
|
3045
|
+
// WHY: User already set a new password via this reset flow, so no need to force
|
|
3046
|
+
// another password change on next login (unlike adminSetPassword where admin sets
|
|
3047
|
+
// a password the user doesn't know)
|
|
3048
|
+
await this.helpers.updateUserPassword({
|
|
3049
|
+
user,
|
|
3050
|
+
newPassword: dto.newPassword,
|
|
3051
|
+
mustChangePassword: false, // User already set new password, no need to force change again
|
|
3052
|
+
revokeSessions: true, // Always revoke on completion
|
|
3053
|
+
revokeReason: 'Admin-initiated password reset completed',
|
|
3054
|
+
audit: {
|
|
3055
|
+
eventType: auth_audit_event_type_enum_1.AuthAuditEventType.ADMIN_PASSWORD_RESET_COMPLETED,
|
|
3056
|
+
eventStatus: 'SUCCESS',
|
|
3057
|
+
description: 'User completed admin-initiated password reset',
|
|
3058
|
+
metadata: {
|
|
3059
|
+
usedCode: !!dto.code,
|
|
3060
|
+
usedToken: !!dto.token,
|
|
3061
|
+
},
|
|
3062
|
+
},
|
|
3063
|
+
}, this.passwordService, this.auditService);
|
|
3064
|
+
// ============================================================================
|
|
3065
|
+
// Return Response
|
|
3066
|
+
// ============================================================================
|
|
3067
|
+
return {
|
|
3068
|
+
success: true,
|
|
3069
|
+
};
|
|
3070
|
+
}
|
|
2852
3071
|
/**
|
|
2853
3072
|
* Admin-only: Reset a user's password by identifier.
|
|
2854
3073
|
*
|