@nauth-toolkit/core 0.1.59 → 0.1.61
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bootstrap.d.ts.map +1 -1
- package/dist/bootstrap.js +22 -0
- package/dist/bootstrap.js.map +1 -1
- package/dist/dto/admin-reset-password.dto.d.ts +277 -0
- package/dist/dto/admin-reset-password.dto.d.ts.map +1 -0
- package/dist/dto/admin-reset-password.dto.js +402 -0
- package/dist/dto/admin-reset-password.dto.js.map +1 -0
- package/dist/dto/index.d.ts +1 -0
- package/dist/dto/index.d.ts.map +1 -1
- package/dist/dto/index.js +1 -0
- package/dist/dto/index.js.map +1 -1
- package/dist/entities/verification-token.entity.d.ts +3 -2
- package/dist/entities/verification-token.entity.d.ts.map +1 -1
- package/dist/entities/verification-token.entity.js +2 -1
- package/dist/entities/verification-token.entity.js.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.d.ts +12 -0
- package/dist/enums/auth-audit-event-type.enum.d.ts.map +1 -1
- package/dist/enums/auth-audit-event-type.enum.js +12 -0
- package/dist/enums/auth-audit-event-type.enum.js.map +1 -1
- package/dist/handlers/csrf.handler.d.ts.map +1 -1
- package/dist/handlers/csrf.handler.js +12 -1
- package/dist/handlers/csrf.handler.js.map +1 -1
- package/dist/interfaces/config.interface.d.ts +25 -0
- package/dist/interfaces/config.interface.d.ts.map +1 -1
- package/dist/interfaces/provider.interface.d.ts +10 -0
- package/dist/interfaces/provider.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.d.ts +1 -0
- package/dist/interfaces/template.interface.d.ts.map +1 -1
- package/dist/interfaces/template.interface.js +1 -0
- package/dist/interfaces/template.interface.js.map +1 -1
- package/dist/services/auth.service.d.ts +79 -0
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +219 -0
- package/dist/services/auth.service.js.map +1 -1
- package/dist/services/password-reset.service.d.ts +54 -6
- package/dist/services/password-reset.service.d.ts.map +1 -1
- package/dist/services/password-reset.service.js +191 -19
- package/dist/services/password-reset.service.js.map +1 -1
- package/dist/services/password.service.d.ts.map +1 -1
- package/dist/services/password.service.js +5 -0
- package/dist/services/password.service.js.map +1 -1
- package/dist/templates/html-template.engine.d.ts.map +1 -1
- package/dist/templates/html-template.engine.js +62 -0
- package/dist/templates/html-template.engine.js.map +1 -1
- package/dist/validators/template.validator.d.ts.map +1 -1
- package/dist/validators/template.validator.js +1 -0
- package/dist/validators/template.validator.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,402 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Admin Reset Password Request DTO
|
|
4
|
+
*
|
|
5
|
+
* Request DTO for admin-initiated password reset workflow.
|
|
6
|
+
* Allows resetting a user's password by identifier (email, username, phone, or sub).
|
|
7
|
+
*
|
|
8
|
+
* Security:
|
|
9
|
+
* - Admin-only operation (should be protected by admin guard)
|
|
10
|
+
* - User identifier validated
|
|
11
|
+
* - Code + optional link delivery (like email verification)
|
|
12
|
+
* - Configurable expiry (default: 1 hour)
|
|
13
|
+
* - Optional immediate session revocation
|
|
14
|
+
* - No rate limiting (admin bypass)
|
|
15
|
+
*
|
|
16
|
+
* @example
|
|
17
|
+
* ```typescript
|
|
18
|
+
* // With link for consumer app custom UI
|
|
19
|
+
* await authService.adminResetPassword({
|
|
20
|
+
* identifier: 'user@example.com',
|
|
21
|
+
* baseUrl: 'https://myapp.com/reset-password',
|
|
22
|
+
* deliveryMethod: 'email',
|
|
23
|
+
* revokeSessions: true
|
|
24
|
+
* });
|
|
25
|
+
*
|
|
26
|
+
* // Code only (no link)
|
|
27
|
+
* await authService.adminResetPassword({
|
|
28
|
+
* identifier: 'user@example.com',
|
|
29
|
+
* deliveryMethod: 'email'
|
|
30
|
+
* });
|
|
31
|
+
* ```
|
|
32
|
+
*/
|
|
33
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
34
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
35
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
36
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
37
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
38
|
+
};
|
|
39
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
40
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
41
|
+
};
|
|
42
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
43
|
+
exports.ConfirmAdminResetPasswordResponseDTO = exports.ConfirmAdminResetPasswordDTO = exports.AdminResetPasswordResponseDTO = exports.AdminResetPasswordDTO = void 0;
|
|
44
|
+
const class_validator_1 = require("class-validator");
|
|
45
|
+
const class_transformer_1 = require("class-transformer");
|
|
46
|
+
/**
|
|
47
|
+
* Request DTO for admin password reset
|
|
48
|
+
*/
|
|
49
|
+
class AdminResetPasswordDTO {
|
|
50
|
+
/**
|
|
51
|
+
* User identifier (email, username, phone, or sub/UUID)
|
|
52
|
+
*
|
|
53
|
+
* Validation:
|
|
54
|
+
* - Must be a string
|
|
55
|
+
* - Min 1 character
|
|
56
|
+
* - Max 255 characters
|
|
57
|
+
*
|
|
58
|
+
* Sanitization:
|
|
59
|
+
* - Trimmed
|
|
60
|
+
* - Lowercased if email format detected
|
|
61
|
+
*
|
|
62
|
+
* @example "user@example.com" | "johndoe" | "+1234567890" | "uuid"
|
|
63
|
+
*/
|
|
64
|
+
identifier;
|
|
65
|
+
/**
|
|
66
|
+
* Delivery method for reset code
|
|
67
|
+
*
|
|
68
|
+
* Validation:
|
|
69
|
+
* - Must be 'email' or 'sms'
|
|
70
|
+
* - Optional (defaults to 'email')
|
|
71
|
+
*
|
|
72
|
+
* @default 'email'
|
|
73
|
+
* @example 'email' | 'sms'
|
|
74
|
+
*/
|
|
75
|
+
deliveryMethod;
|
|
76
|
+
/**
|
|
77
|
+
* Base URL for building reset link
|
|
78
|
+
*
|
|
79
|
+
* Validation:
|
|
80
|
+
* - Must be valid URL with http:// or https://
|
|
81
|
+
* - Max 2048 characters
|
|
82
|
+
* - Optional
|
|
83
|
+
*
|
|
84
|
+
* Sanitization:
|
|
85
|
+
* - Trimmed
|
|
86
|
+
*
|
|
87
|
+
* WHY: Allows consumer apps to build custom reset UI (e.g., myapp.com/reset-password?token=xxx)
|
|
88
|
+
* Like email verification, supports both code AND link delivery
|
|
89
|
+
*
|
|
90
|
+
* @example "https://myapp.com/reset-password"
|
|
91
|
+
*/
|
|
92
|
+
baseUrl;
|
|
93
|
+
/**
|
|
94
|
+
* Code expiry in seconds
|
|
95
|
+
*
|
|
96
|
+
* Validation:
|
|
97
|
+
* - Must be number
|
|
98
|
+
* - Min 300 seconds (5 minutes)
|
|
99
|
+
* - Max 86400 seconds (24 hours)
|
|
100
|
+
* - Optional
|
|
101
|
+
*
|
|
102
|
+
* @default 3600 (1 hour - longer than user-initiated 15min)
|
|
103
|
+
* @example 3600
|
|
104
|
+
*/
|
|
105
|
+
codeExpiresIn;
|
|
106
|
+
/**
|
|
107
|
+
* Revoke all active sessions immediately (before sending email)
|
|
108
|
+
*
|
|
109
|
+
* Validation:
|
|
110
|
+
* - Must be boolean
|
|
111
|
+
* - Optional
|
|
112
|
+
*
|
|
113
|
+
* WHY: Admin can lock user out immediately while sending reset email
|
|
114
|
+
* Different from confirmAdminResetPassword which always revokes on completion
|
|
115
|
+
*
|
|
116
|
+
* @default false
|
|
117
|
+
* @example true
|
|
118
|
+
*/
|
|
119
|
+
revokeSessions;
|
|
120
|
+
/**
|
|
121
|
+
* Reason for admin-initiated reset (for audit trail)
|
|
122
|
+
*
|
|
123
|
+
* Validation:
|
|
124
|
+
* - Must be string
|
|
125
|
+
* - Max 500 characters
|
|
126
|
+
* - Optional
|
|
127
|
+
*
|
|
128
|
+
* Sanitization:
|
|
129
|
+
* - Trimmed
|
|
130
|
+
*
|
|
131
|
+
* @example "User reported account compromise"
|
|
132
|
+
*/
|
|
133
|
+
reason;
|
|
134
|
+
}
|
|
135
|
+
exports.AdminResetPasswordDTO = AdminResetPasswordDTO;
|
|
136
|
+
__decorate([
|
|
137
|
+
(0, class_validator_1.IsString)({ message: 'Identifier must be a string' }),
|
|
138
|
+
(0, class_validator_1.IsNotEmpty)({ message: 'Identifier is required' }),
|
|
139
|
+
(0, class_validator_1.MinLength)(1, { message: 'Identifier is required' }),
|
|
140
|
+
(0, class_validator_1.MaxLength)(255, { message: 'Identifier must not exceed 255 characters' }),
|
|
141
|
+
(0, class_transformer_1.Transform)(({ value }) => {
|
|
142
|
+
if (typeof value === 'string') {
|
|
143
|
+
const trimmed = value.trim();
|
|
144
|
+
// If it contains @, treat as email and lowercase
|
|
145
|
+
if (trimmed.includes('@')) {
|
|
146
|
+
return trimmed.toLowerCase();
|
|
147
|
+
}
|
|
148
|
+
return trimmed;
|
|
149
|
+
}
|
|
150
|
+
return value;
|
|
151
|
+
}),
|
|
152
|
+
__metadata("design:type", String)
|
|
153
|
+
], AdminResetPasswordDTO.prototype, "identifier", void 0);
|
|
154
|
+
__decorate([
|
|
155
|
+
(0, class_validator_1.IsOptional)(),
|
|
156
|
+
(0, class_validator_1.IsIn)(['email', 'sms'], { message: 'Delivery method must be email or sms' }),
|
|
157
|
+
__metadata("design:type", String)
|
|
158
|
+
], AdminResetPasswordDTO.prototype, "deliveryMethod", void 0);
|
|
159
|
+
__decorate([
|
|
160
|
+
(0, class_validator_1.IsOptional)(),
|
|
161
|
+
(0, class_validator_1.IsUrl)({ require_protocol: true, protocols: ['http', 'https'] }, { message: 'Base URL must be valid URL with http:// or https://' }),
|
|
162
|
+
(0, class_validator_1.MaxLength)(2048, { message: 'Base URL must not exceed 2048 characters' }),
|
|
163
|
+
(0, class_transformer_1.Transform)(({ value }) => {
|
|
164
|
+
if (typeof value === 'string') {
|
|
165
|
+
return value.trim();
|
|
166
|
+
}
|
|
167
|
+
return value;
|
|
168
|
+
}),
|
|
169
|
+
__metadata("design:type", String)
|
|
170
|
+
], AdminResetPasswordDTO.prototype, "baseUrl", void 0);
|
|
171
|
+
__decorate([
|
|
172
|
+
(0, class_validator_1.IsOptional)(),
|
|
173
|
+
(0, class_validator_1.IsNumber)({}, { message: 'Code expiry must be a number' }),
|
|
174
|
+
(0, class_validator_1.Min)(300, { message: 'Code expiry must be at least 300 seconds (5 minutes)' }),
|
|
175
|
+
(0, class_validator_1.Max)(86400, { message: 'Code expiry must not exceed 86400 seconds (24 hours)' }),
|
|
176
|
+
__metadata("design:type", Number)
|
|
177
|
+
], AdminResetPasswordDTO.prototype, "codeExpiresIn", void 0);
|
|
178
|
+
__decorate([
|
|
179
|
+
(0, class_validator_1.IsOptional)(),
|
|
180
|
+
(0, class_validator_1.IsBoolean)({ message: 'revokeSessions must be a boolean' }),
|
|
181
|
+
__metadata("design:type", Boolean)
|
|
182
|
+
], AdminResetPasswordDTO.prototype, "revokeSessions", void 0);
|
|
183
|
+
__decorate([
|
|
184
|
+
(0, class_validator_1.IsOptional)(),
|
|
185
|
+
(0, class_validator_1.IsString)({ message: 'Reason must be a string' }),
|
|
186
|
+
(0, class_validator_1.MaxLength)(500, { message: 'Reason must not exceed 500 characters' }),
|
|
187
|
+
(0, class_transformer_1.Transform)(({ value }) => {
|
|
188
|
+
if (typeof value === 'string') {
|
|
189
|
+
return value.trim();
|
|
190
|
+
}
|
|
191
|
+
return value;
|
|
192
|
+
}),
|
|
193
|
+
__metadata("design:type", String)
|
|
194
|
+
], AdminResetPasswordDTO.prototype, "reason", void 0);
|
|
195
|
+
/**
|
|
196
|
+
* Admin Reset Password Response DTO
|
|
197
|
+
*
|
|
198
|
+
* Response DTO for admin-initiated password reset request.
|
|
199
|
+
*
|
|
200
|
+
* @example
|
|
201
|
+
* ```typescript
|
|
202
|
+
* {
|
|
203
|
+
* success: true,
|
|
204
|
+
* destination: 'u***r@example.com',
|
|
205
|
+
* deliveryMedium: 'email',
|
|
206
|
+
* expiresIn: 3600,
|
|
207
|
+
* sessionsRevoked: 3
|
|
208
|
+
* }
|
|
209
|
+
* ```
|
|
210
|
+
*/
|
|
211
|
+
class AdminResetPasswordResponseDTO {
|
|
212
|
+
/**
|
|
213
|
+
* Success indicator
|
|
214
|
+
* Always true on successful request
|
|
215
|
+
*/
|
|
216
|
+
success;
|
|
217
|
+
/**
|
|
218
|
+
* Masked destination where code was sent
|
|
219
|
+
* @example "u***r@example.com" | "***-***-5678"
|
|
220
|
+
*/
|
|
221
|
+
destination;
|
|
222
|
+
/**
|
|
223
|
+
* Delivery medium used
|
|
224
|
+
* @example "email" | "sms"
|
|
225
|
+
*/
|
|
226
|
+
deliveryMedium;
|
|
227
|
+
/**
|
|
228
|
+
* Code expiry in seconds
|
|
229
|
+
* @example 3600
|
|
230
|
+
*/
|
|
231
|
+
expiresIn;
|
|
232
|
+
/**
|
|
233
|
+
* Number of sessions revoked (if revokeSessions was true)
|
|
234
|
+
* @example 3
|
|
235
|
+
*/
|
|
236
|
+
sessionsRevoked;
|
|
237
|
+
}
|
|
238
|
+
exports.AdminResetPasswordResponseDTO = AdminResetPasswordResponseDTO;
|
|
239
|
+
/**
|
|
240
|
+
* Confirm Admin Reset Password DTO
|
|
241
|
+
*
|
|
242
|
+
* User completes admin-initiated password reset with code OR token.
|
|
243
|
+
* Accepts either short code from email/SMS OR long token from link.
|
|
244
|
+
*
|
|
245
|
+
* Security:
|
|
246
|
+
* - One of code or token is required
|
|
247
|
+
* - Token-based: No attempt tracking (single use, long random)
|
|
248
|
+
* - Code-based: Attempt tracking (max 3 attempts)
|
|
249
|
+
* - Always revokes all sessions on completion
|
|
250
|
+
* - Always sets mustChangePassword flag
|
|
251
|
+
*
|
|
252
|
+
* @example
|
|
253
|
+
* ```typescript
|
|
254
|
+
* // With code (from email/SMS)
|
|
255
|
+
* await authService.confirmAdminResetPassword({
|
|
256
|
+
* identifier: 'user@example.com',
|
|
257
|
+
* code: '123456',
|
|
258
|
+
* newPassword: 'NewSecurePass123!'
|
|
259
|
+
* });
|
|
260
|
+
*
|
|
261
|
+
* // With token (from link)
|
|
262
|
+
* await authService.confirmAdminResetPassword({
|
|
263
|
+
* identifier: 'user@example.com',
|
|
264
|
+
* token: '64-char-hex-token-from-link',
|
|
265
|
+
* newPassword: 'NewSecurePass123!'
|
|
266
|
+
* });
|
|
267
|
+
* ```
|
|
268
|
+
*/
|
|
269
|
+
class ConfirmAdminResetPasswordDTO {
|
|
270
|
+
/**
|
|
271
|
+
* User identifier (email, username, phone, or sub/UUID)
|
|
272
|
+
*
|
|
273
|
+
* Validation:
|
|
274
|
+
* - Must be a string
|
|
275
|
+
* - Min 1 character
|
|
276
|
+
* - Max 255 characters
|
|
277
|
+
*
|
|
278
|
+
* Sanitization:
|
|
279
|
+
* - Trimmed
|
|
280
|
+
* - Lowercased if email format detected
|
|
281
|
+
*
|
|
282
|
+
* @example "user@example.com"
|
|
283
|
+
*/
|
|
284
|
+
identifier;
|
|
285
|
+
/**
|
|
286
|
+
* Verification code from email/SMS (6-10 digits)
|
|
287
|
+
*
|
|
288
|
+
* Validation:
|
|
289
|
+
* - Must be string
|
|
290
|
+
* - Length 6-10 characters
|
|
291
|
+
* - Optional (token OR code required)
|
|
292
|
+
*
|
|
293
|
+
* Sanitization:
|
|
294
|
+
* - Trimmed
|
|
295
|
+
*
|
|
296
|
+
* WHY: Short code for manual entry, subject to attempt tracking
|
|
297
|
+
*
|
|
298
|
+
* @example "123456"
|
|
299
|
+
*/
|
|
300
|
+
code;
|
|
301
|
+
/**
|
|
302
|
+
* Verification token from link (64-char hex)
|
|
303
|
+
*
|
|
304
|
+
* Validation:
|
|
305
|
+
* - Must be string
|
|
306
|
+
* - Optional (token OR code required)
|
|
307
|
+
*
|
|
308
|
+
* Sanitization:
|
|
309
|
+
* - Trimmed
|
|
310
|
+
*
|
|
311
|
+
* WHY: Long token from link, single-use, no attempt tracking needed
|
|
312
|
+
*
|
|
313
|
+
* @example "a1b2c3d4..."
|
|
314
|
+
*/
|
|
315
|
+
token;
|
|
316
|
+
/**
|
|
317
|
+
* New password
|
|
318
|
+
*
|
|
319
|
+
* Validation:
|
|
320
|
+
* - Must be string
|
|
321
|
+
* - Min 8 characters (security requirement)
|
|
322
|
+
* - Max 128 characters (prevents DoS)
|
|
323
|
+
*
|
|
324
|
+
* Note: NOT trimmed (passwords can have leading/trailing spaces)
|
|
325
|
+
* Additional checks in service layer:
|
|
326
|
+
* - Password strength (if configured)
|
|
327
|
+
* - Password history (prevent reuse)
|
|
328
|
+
*
|
|
329
|
+
* @example "NewSecurePassword123!"
|
|
330
|
+
*/
|
|
331
|
+
newPassword;
|
|
332
|
+
}
|
|
333
|
+
exports.ConfirmAdminResetPasswordDTO = ConfirmAdminResetPasswordDTO;
|
|
334
|
+
__decorate([
|
|
335
|
+
(0, class_validator_1.IsString)({ message: 'Identifier must be a string' }),
|
|
336
|
+
(0, class_validator_1.IsNotEmpty)({ message: 'Identifier is required' }),
|
|
337
|
+
(0, class_validator_1.MinLength)(1, { message: 'Identifier is required' }),
|
|
338
|
+
(0, class_validator_1.MaxLength)(255, { message: 'Identifier must not exceed 255 characters' }),
|
|
339
|
+
(0, class_transformer_1.Transform)(({ value }) => {
|
|
340
|
+
if (typeof value === 'string') {
|
|
341
|
+
const trimmed = value.trim();
|
|
342
|
+
// If it contains @, treat as email and lowercase
|
|
343
|
+
if (trimmed.includes('@')) {
|
|
344
|
+
return trimmed.toLowerCase();
|
|
345
|
+
}
|
|
346
|
+
return trimmed;
|
|
347
|
+
}
|
|
348
|
+
return value;
|
|
349
|
+
}),
|
|
350
|
+
__metadata("design:type", String)
|
|
351
|
+
], ConfirmAdminResetPasswordDTO.prototype, "identifier", void 0);
|
|
352
|
+
__decorate([
|
|
353
|
+
(0, class_validator_1.IsOptional)(),
|
|
354
|
+
(0, class_validator_1.IsString)({ message: 'Code must be a string' }),
|
|
355
|
+
(0, class_validator_1.Length)(6, 10, { message: 'Code must be between 6 and 10 characters' }),
|
|
356
|
+
(0, class_transformer_1.Transform)(({ value }) => {
|
|
357
|
+
if (typeof value === 'string') {
|
|
358
|
+
return value.trim();
|
|
359
|
+
}
|
|
360
|
+
return value;
|
|
361
|
+
}),
|
|
362
|
+
__metadata("design:type", String)
|
|
363
|
+
], ConfirmAdminResetPasswordDTO.prototype, "code", void 0);
|
|
364
|
+
__decorate([
|
|
365
|
+
(0, class_validator_1.IsOptional)(),
|
|
366
|
+
(0, class_validator_1.IsString)({ message: 'Token must be a string' }),
|
|
367
|
+
(0, class_transformer_1.Transform)(({ value }) => {
|
|
368
|
+
if (typeof value === 'string') {
|
|
369
|
+
return value.trim();
|
|
370
|
+
}
|
|
371
|
+
return value;
|
|
372
|
+
}),
|
|
373
|
+
__metadata("design:type", String)
|
|
374
|
+
], ConfirmAdminResetPasswordDTO.prototype, "token", void 0);
|
|
375
|
+
__decorate([
|
|
376
|
+
(0, class_validator_1.IsString)({ message: 'New password must be a string' }),
|
|
377
|
+
(0, class_validator_1.IsNotEmpty)({ message: 'New password is required' }),
|
|
378
|
+
(0, class_validator_1.MinLength)(8, { message: 'Password must be at least 8 characters' }),
|
|
379
|
+
(0, class_validator_1.MaxLength)(128, { message: 'Password must not exceed 128 characters' }),
|
|
380
|
+
__metadata("design:type", String)
|
|
381
|
+
], ConfirmAdminResetPasswordDTO.prototype, "newPassword", void 0);
|
|
382
|
+
/**
|
|
383
|
+
* Confirm Admin Reset Password Response DTO
|
|
384
|
+
*
|
|
385
|
+
* Response DTO for successful admin password reset completion.
|
|
386
|
+
*
|
|
387
|
+
* @example
|
|
388
|
+
* ```typescript
|
|
389
|
+
* {
|
|
390
|
+
* success: true
|
|
391
|
+
* }
|
|
392
|
+
* ```
|
|
393
|
+
*/
|
|
394
|
+
class ConfirmAdminResetPasswordResponseDTO {
|
|
395
|
+
/**
|
|
396
|
+
* Success indicator
|
|
397
|
+
* Always true on successful reset
|
|
398
|
+
*/
|
|
399
|
+
success;
|
|
400
|
+
}
|
|
401
|
+
exports.ConfirmAdminResetPasswordResponseDTO = ConfirmAdminResetPasswordResponseDTO;
|
|
402
|
+
//# sourceMappingURL=admin-reset-password.dto.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"admin-reset-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-reset-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;;;;;;;;;;;;AAEH,qDAayB;AACzB,yDAA8C;AAE9C;;GAEG;AACH,MAAa,qBAAqB;IAChC;;;;;;;;;;;;;OAaG;IAgBH,UAAU,CAAU;IAEpB;;;;;;;;;OASG;IAGH,cAAc,CAAmB;IAEjC;;;;;;;;;;;;;;;OAeG;IAaH,OAAO,CAAU;IAEjB;;;;;;;;;;;OAWG;IAKH,aAAa,CAAU;IAEvB;;;;;;;;;;;;OAYG;IAGH,cAAc,CAAW;IAEzB;;;;;;;;;;;;OAYG;IAUH,MAAM,CAAU;CACjB;AAtID,sDAsIC;AAxGC;IAfC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC7B,iDAAiD;YACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACkB;AAcpB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,sBAAI,EAAC,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;6DAC3C;AA8BjC;IAZC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EACJ,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,EACxD,EAAE,OAAO,EAAE,qDAAqD,EAAE,CACnE;IACA,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACe;AAkBjB;IAJC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACzD,IAAA,qBAAG,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sDAAsD,EAAE,CAAC;IAC7E,IAAA,qBAAG,EAAC,KAAK,EAAE,EAAE,OAAO,EAAE,sDAAsD,EAAE,CAAC;;4DACzD;AAiBvB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;6DAClC;AAwBzB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IACpE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACc;AAGlB;;;;;;;;;;;;;;;GAeG;AACH,MAAa,6BAA6B;IACxC;;;OAGG;IACH,OAAO,CAAW;IAElB;;;OAGG;IACH,WAAW,CAAU;IAErB;;;OAGG;IACH,cAAc,CAAmB;IAEjC;;;OAGG;IACH,SAAS,CAAU;IAEnB;;;OAGG;IACH,eAAe,CAAU;CAC1B;AA9BD,sEA8BC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAa,4BAA4B;IACvC;;;;;;;;;;;;;OAaG;IAgBH,UAAU,CAAU;IAEpB;;;;;;;;;;;;;;OAcG;IAUH,IAAI,CAAU;IAEd;;;;;;;;;;;;;OAaG;IASH,KAAK,CAAU;IAEf;;;;;;;;;;;;;;OAcG;IAKH,WAAW,CAAU;CACtB;AAtGD,oEAsGC;AAxEC;IAfC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC7B,iDAAiD;YACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;gEACkB;AA0BpB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,wBAAM,EAAC,CAAC,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACtE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;0DACY;AAwBd;IARC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;2DACa;AAqBf;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;iEAClD;AAGvB;;;;;;;;;;;GAWG;AACH,MAAa,oCAAoC;IAC/C;;;OAGG;IACH,OAAO,CAAW;CACnB;AAND,oFAMC"}
|
package/dist/dto/index.d.ts
CHANGED
|
@@ -59,6 +59,7 @@ export * from './logout-session-response.dto';
|
|
|
59
59
|
export * from './set-must-change-password.dto';
|
|
60
60
|
export * from './set-must-change-password-response.dto';
|
|
61
61
|
export * from './admin-set-password.dto';
|
|
62
|
+
export * from './admin-reset-password.dto';
|
|
62
63
|
export * from './trust-device-response.dto';
|
|
63
64
|
export * from './is-trusted-device-response.dto';
|
|
64
65
|
export * from './validate-access-token.dto';
|
package/dist/dto/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":"AACA,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,sCAAsC,CAAC;AACrD,cAAc,sCAAsC,CAAC;AACrD,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mBAAmB,CAAC;AAClC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,cAAc,CAAC;AAC7B,cAAc,uBAAuB,CAAC;AACtC,cAAc,kBAAkB,CAAC;AACjC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yCAAyC,CAAC;AACxD,cAAc,0BAA0B,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":"AACA,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,mBAAmB,CAAC;AAClC,cAAc,iBAAiB,CAAC;AAChC,cAAc,oBAAoB,CAAC;AACnC,cAAc,mBAAmB,CAAC;AAClC,cAAc,aAAa,CAAC;AAC5B,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,qBAAqB,CAAC;AACpC,cAAc,mBAAmB,CAAC;AAClC,cAAc,sCAAsC,CAAC;AACrD,cAAc,sCAAsC,CAAC;AACrD,cAAc,oBAAoB,CAAC;AACnC,cAAc,oBAAoB,CAAC;AACnC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,qBAAqB,CAAC;AACpC,cAAc,qBAAqB,CAAC;AACpC,cAAc,sBAAsB,CAAC;AACrC,cAAc,0BAA0B,CAAC;AACzC,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,0BAA0B,CAAC;AACzC,cAAc,mCAAmC,CAAC;AAClD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sBAAsB,CAAC;AACrC,cAAc,wBAAwB,CAAC;AACvC,cAAc,oBAAoB,CAAC;AACnC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,iBAAiB,CAAC;AAChC,cAAc,uBAAuB,CAAC;AACtC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,+BAA+B,CAAC;AAC9C,cAAc,iCAAiC,CAAC;AAChD,cAAc,+BAA+B,CAAC;AAC9C,cAAc,mBAAmB,CAAC;AAClC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,yBAAyB,CAAC;AACxC,cAAc,sBAAsB,CAAC;AACrC,cAAc,yBAAyB,CAAC;AACxC,cAAc,cAAc,CAAC;AAC7B,cAAc,uBAAuB,CAAC;AACtC,cAAc,kBAAkB,CAAC;AACjC,cAAc,2BAA2B,CAAC;AAC1C,cAAc,yBAAyB,CAAC;AACxC,cAAc,kCAAkC,CAAC;AACjD,cAAc,sBAAsB,CAAC;AACrC,cAAc,+BAA+B,CAAC;AAC9C,cAAc,gCAAgC,CAAC;AAC/C,cAAc,yCAAyC,CAAC;AACxD,cAAc,0BAA0B,CAAC;AACzC,cAAc,4BAA4B,CAAC;AAE3C,cAAc,6BAA6B,CAAC;AAC5C,cAAc,kCAAkC,CAAC;AACjD,cAAc,6BAA6B,CAAC;AAC5C,cAAc,sCAAsC,CAAC;AAErD,cAAc,mBAAmB,CAAC;AAClC,cAAc,uBAAuB,CAAC"}
|
package/dist/dto/index.js
CHANGED
|
@@ -76,6 +76,7 @@ __exportStar(require("./logout-session-response.dto"), exports);
|
|
|
76
76
|
__exportStar(require("./set-must-change-password.dto"), exports);
|
|
77
77
|
__exportStar(require("./set-must-change-password-response.dto"), exports);
|
|
78
78
|
__exportStar(require("./admin-set-password.dto"), exports);
|
|
79
|
+
__exportStar(require("./admin-reset-password.dto"), exports);
|
|
79
80
|
// Note: trust-device.dto.ts removed - trustDevice() no longer takes parameters
|
|
80
81
|
__exportStar(require("./trust-device-response.dto"), exports);
|
|
81
82
|
__exportStar(require("./is-trusted-device-response.dto"), exports);
|
package/dist/dto/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iBAAiB;AACjB,+CAA6B;AAC7B,qDAAmC;AACnC,4DAA0C;AAC1C,oDAAkC;AAClC,kDAAgC;AAChC,qDAAmC;AACnC,oDAAkC;AAClC,8CAA4B;AAC5B,wDAAsC;AACtC,gEAA8C;AAC9C,iEAA+C;AAC/C,sDAAoC;AACpC,oDAAkC;AAClC,uEAAqD;AACrD,uEAAqD;AACrD,qDAAmC;AACnC,qDAAmC;AACnC,4DAA0C;AAC1C,uDAAqC;AACrC,wDAAsC;AACtC,gEAA8C;AAC9C,sDAAoC;AACpC,sDAAoC;AACpC,uDAAqC;AACrC,2DAAyC;AACzC,0DAAwC;AACxC,uDAAqC;AACrC,gEAA8C;AAC9C,2DAAyC;AACzC,oEAAkD;AAClD,8DAA4C;AAC5C,uDAAqC;AACrC,yDAAuC;AACvC,qDAAmC;AACnC,gEAA8C;AAC9C,uDAAqC;AACrC,0DAAwC;AACxC,6DAA2C;AAC3C,kDAAgC;AAChC,wDAAsC;AACtC,wDAAsC;AACtC,gEAA8C;AAC9C,gEAA8C;AAC9C,kEAAgD;AAChD,gEAA8C;AAC9C,oDAAkC;AAClC,6DAA2C;AAC3C,0DAAwC;AACxC,uDAAqC;AACrC,0DAAwC;AACxC,+CAA6B;AAC7B,wDAAsC;AACtC,mDAAiC;AACjC,4DAA0C;AAC1C,0DAAwC;AACxC,mEAAiD;AACjD,uDAAqC;AACrC,gEAA8C;AAC9C,iEAA+C;AAC/C,0EAAwD;AACxD,2DAAyC;AACzC,+EAA+E;AAC/E,8DAA4C;AAC5C,mEAAiD;AACjD,8DAA4C;AAC5C,uEAAqD;AAErD,oDAAkC;AAClC,wDAAsC;AAEtC,+DAA+D;AAC/D,+CAA+C;AAC/C,mCAAmC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/dto/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iBAAiB;AACjB,+CAA6B;AAC7B,qDAAmC;AACnC,4DAA0C;AAC1C,oDAAkC;AAClC,kDAAgC;AAChC,qDAAmC;AACnC,oDAAkC;AAClC,8CAA4B;AAC5B,wDAAsC;AACtC,gEAA8C;AAC9C,iEAA+C;AAC/C,sDAAoC;AACpC,oDAAkC;AAClC,uEAAqD;AACrD,uEAAqD;AACrD,qDAAmC;AACnC,qDAAmC;AACnC,4DAA0C;AAC1C,uDAAqC;AACrC,wDAAsC;AACtC,gEAA8C;AAC9C,sDAAoC;AACpC,sDAAoC;AACpC,uDAAqC;AACrC,2DAAyC;AACzC,0DAAwC;AACxC,uDAAqC;AACrC,gEAA8C;AAC9C,2DAAyC;AACzC,oEAAkD;AAClD,8DAA4C;AAC5C,uDAAqC;AACrC,yDAAuC;AACvC,qDAAmC;AACnC,gEAA8C;AAC9C,uDAAqC;AACrC,0DAAwC;AACxC,6DAA2C;AAC3C,kDAAgC;AAChC,wDAAsC;AACtC,wDAAsC;AACtC,gEAA8C;AAC9C,gEAA8C;AAC9C,kEAAgD;AAChD,gEAA8C;AAC9C,oDAAkC;AAClC,6DAA2C;AAC3C,0DAAwC;AACxC,uDAAqC;AACrC,0DAAwC;AACxC,+CAA6B;AAC7B,wDAAsC;AACtC,mDAAiC;AACjC,4DAA0C;AAC1C,0DAAwC;AACxC,mEAAiD;AACjD,uDAAqC;AACrC,gEAA8C;AAC9C,iEAA+C;AAC/C,0EAAwD;AACxD,2DAAyC;AACzC,6DAA2C;AAC3C,+EAA+E;AAC/E,8DAA4C;AAC5C,mEAAiD;AACjD,8DAA4C;AAC5C,uEAAqD;AAErD,oDAAkC;AAClC,wDAAsC;AAEtC,+DAA+D;AAC/D,+CAA+C;AAC/C,mCAAmC"}
|
|
@@ -30,9 +30,10 @@ export declare class BaseVerificationToken {
|
|
|
30
30
|
* Token type
|
|
31
31
|
* - 'email': Email verification
|
|
32
32
|
* - 'phone': Phone verification
|
|
33
|
-
* - 'password_reset': Password reset
|
|
33
|
+
* - 'password_reset': Password reset (user-initiated)
|
|
34
|
+
* - 'admin_password_reset': Password reset (admin-initiated)
|
|
34
35
|
*/
|
|
35
|
-
type: 'email' | 'phone' | 'password_reset';
|
|
36
|
+
type: 'email' | 'phone' | 'password_reset' | 'admin_password_reset';
|
|
36
37
|
/**
|
|
37
38
|
* Verification token (hashed for security)
|
|
38
39
|
* Used for magic links and password reset
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verification-token.entity.d.ts","sourceRoot":"","sources":["../../src/entities/verification-token.entity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,qBAAa,qBAAqB;IAChC;;OAEG;IACH,EAAE,EAAG,MAAM,CAAC;IAEZ;;;OAGG;IACH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC
|
|
1
|
+
{"version":3,"file":"verification-token.entity.d.ts","sourceRoot":"","sources":["../../src/entities/verification-token.entity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,qBAAa,qBAAqB;IAChC;;OAEG;IACH,EAAE,EAAG,MAAM,CAAC;IAEZ;;;OAGG;IACH,MAAM,EAAG,MAAM,CAAC;IAEhB;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEnC;;;;;;OAMG;IACH,IAAI,EAAG,OAAO,GAAG,OAAO,GAAG,gBAAgB,GAAG,sBAAsB,CAAC;IAErE;;;OAGG;IACH,KAAK,EAAG,MAAM,CAAC;IAEf;;;OAGG;IACH,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAErB;;;OAGG;IACH,SAAS,EAAG,IAAI,CAAC;IAEjB;;;OAGG;IACH,QAAQ,EAAG,MAAM,CAAC;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,IAAI,GAAG,IAAI,CAAC;IAErB;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B;;;OAGG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAE1C;;OAEG;IACH,SAAS,EAAG,IAAI,CAAC;IAEjB;;;;;;;;;;;OAWG;IACH,SAAS,IAAI,OAAO;IAIpB;;;;;;;;;;;OAWG;IACH,MAAM,IAAI,OAAO;IAIjB;;;;;;;;;;;;OAYG;IACH,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO;CAGlD"}
|
|
@@ -33,7 +33,8 @@ class BaseVerificationToken {
|
|
|
33
33
|
* Token type
|
|
34
34
|
* - 'email': Email verification
|
|
35
35
|
* - 'phone': Phone verification
|
|
36
|
-
* - 'password_reset': Password reset
|
|
36
|
+
* - 'password_reset': Password reset (user-initiated)
|
|
37
|
+
* - 'admin_password_reset': Password reset (admin-initiated)
|
|
37
38
|
*/
|
|
38
39
|
type;
|
|
39
40
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verification-token.entity.js","sourceRoot":"","sources":["../../src/entities/verification-token.entity.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;GAUG;AACH,MAAa,qBAAqB;IAChC;;OAEG;IACH,EAAE,CAAU;IAEZ;;;OAGG;IACH,MAAM,CAAU;IAEhB;;;;;OAKG;IACH,kBAAkB,CAAiB;IAEnC
|
|
1
|
+
{"version":3,"file":"verification-token.entity.js","sourceRoot":"","sources":["../../src/entities/verification-token.entity.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;GAUG;AACH,MAAa,qBAAqB;IAChC;;OAEG;IACH,EAAE,CAAU;IAEZ;;;OAGG;IACH,MAAM,CAAU;IAEhB;;;;;OAKG;IACH,kBAAkB,CAAiB;IAEnC;;;;;;OAMG;IACH,IAAI,CAAiE;IAErE;;;OAGG;IACH,KAAK,CAAU;IAEf;;;OAGG;IACH,IAAI,CAAiB;IAErB;;;OAGG;IACH,SAAS,CAAQ;IAEjB;;;OAGG;IACH,QAAQ,CAAU;IAElB;;;OAGG;IACH,MAAM,CAAe;IAErB;;;OAGG;IACH,SAAS,CAAiB;IAE1B;;;OAGG;IACH,SAAS,CAAiB;IAE1B;;;OAGG;IACH,QAAQ,CAAkC;IAE1C;;OAEG;IACH,SAAS,CAAQ;IAEjB;;;;;;;;;;;OAWG;IACH,SAAS;QACP,OAAO,IAAI,IAAI,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;IACrC,CAAC;IAED;;;;;;;;;;;OAWG;IACH,MAAM;QACJ,OAAO,IAAI,CAAC,MAAM,KAAK,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,SAAS,CAAC;IAC3D,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,mBAAmB,CAAC,WAAmB;QACrC,OAAO,IAAI,CAAC,QAAQ,IAAI,WAAW,CAAC;IACtC,CAAC;CACF;AAlID,sDAkIC"}
|
|
@@ -95,6 +95,18 @@ export declare enum AuthAuditEventType {
|
|
|
95
95
|
* Force password change completed
|
|
96
96
|
*/
|
|
97
97
|
PASSWORD_FORCE_CHANGE_COMPLETED = "PASSWORD_FORCE_CHANGE_COMPLETED",
|
|
98
|
+
/**
|
|
99
|
+
* Admin initiated password reset (code sent to user)
|
|
100
|
+
*/
|
|
101
|
+
ADMIN_PASSWORD_RESET_INITIATED = "ADMIN_PASSWORD_RESET_INITIATED",
|
|
102
|
+
/**
|
|
103
|
+
* Admin-initiated password reset completed successfully
|
|
104
|
+
*/
|
|
105
|
+
ADMIN_PASSWORD_RESET_COMPLETED = "ADMIN_PASSWORD_RESET_COMPLETED",
|
|
106
|
+
/**
|
|
107
|
+
* Admin-initiated password reset failed (invalid code, expired, etc.)
|
|
108
|
+
*/
|
|
109
|
+
ADMIN_PASSWORD_RESET_FAILED = "ADMIN_PASSWORD_RESET_FAILED",
|
|
98
110
|
/**
|
|
99
111
|
* MFA enabled for user account
|
|
100
112
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-audit-event-type.enum.d.ts","sourceRoot":"","sources":["../../src/enums/auth-audit-event-type.enum.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,oBAAY,kBAAkB;IAK5B;;;;;;;;;;OAUG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,YAAY,iBAAiB;IAE7B;;;;;OAKG;IACH,aAAa,kBAAkB;IAM/B;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;;;;OAKG;IACH,cAAc,mBAAmB;IAMjC;;OAEG;IACH,gBAAgB,qBAAqB;IAErC;;OAEG;IACH,wBAAwB,6BAA6B;IAErD;;OAEG;IACH,wBAAwB,6BAA6B;IAErD;;OAEG;IACH,yBAAyB,8BAA8B;IAEvD;;OAEG;IACH,+BAA+B,oCAAoC;
|
|
1
|
+
{"version":3,"file":"auth-audit-event-type.enum.d.ts","sourceRoot":"","sources":["../../src/enums/auth-audit-event-type.enum.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,oBAAY,kBAAkB;IAK5B;;;;;;;;;;OAUG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,YAAY,iBAAiB;IAE7B;;;;;OAKG;IACH,aAAa,kBAAkB;IAM/B;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;;;;OAKG;IACH,cAAc,mBAAmB;IAMjC;;OAEG;IACH,gBAAgB,qBAAqB;IAErC;;OAEG;IACH,wBAAwB,6BAA6B;IAErD;;OAEG;IACH,wBAAwB,6BAA6B;IAErD;;OAEG;IACH,yBAAyB,8BAA8B;IAEvD;;OAEG;IACH,+BAA+B,oCAAoC;IAEnE;;OAEG;IACH,8BAA8B,mCAAmC;IAEjE;;OAEG;IACH,8BAA8B,mCAAmC;IAEjE;;OAEG;IACH,2BAA2B,gCAAgC;IAM3D;;OAEG;IACH,WAAW,gBAAgB;IAE3B;;OAEG;IACH,YAAY,iBAAiB;IAE7B;;OAEG;IACH,gBAAgB,qBAAqB;IAErC;;OAEG;IACH,kBAAkB,uBAAuB;IAEzC;;OAEG;IACH,kBAAkB,uBAAuB;IAEzC;;OAEG;IACH,wBAAwB,6BAA6B;IAErD;;OAEG;IACH,uBAAuB,4BAA4B;IAEnD;;OAEG;IACH,qBAAqB,0BAA0B;IAE/C;;OAEG;IACH,qBAAqB,0BAA0B;IAE/C;;OAEG;IACH,0BAA0B,+BAA+B;IAEzD;;OAEG;IACH,oBAAoB,yBAAyB;IAE7C;;OAEG;IACH,4BAA4B,iCAAiC;IAE7D;;OAEG;IACH,cAAc,mBAAmB;IAEjC;;OAEG;IACH,gBAAgB,qBAAqB;IAMrC;;;;;OAKG;IACH,0BAA0B,+BAA+B;IAEzD;;;;OAIG;IACH,sBAAsB,2BAA2B;IAEjD;;;;OAIG;IACH,qBAAqB,0BAA0B;IAM/C;;OAEG;IACH,cAAc,mBAAmB;IAEjC;;OAEG;IACH,4BAA4B,iCAAiC;IAE7D;;OAEG;IACH,yBAAyB,8BAA8B;IAEvD;;OAEG;IACH,cAAc,mBAAmB;IAEjC;;OAEG;IACH,4BAA4B,iCAAiC;IAE7D;;OAEG;IACH,yBAAyB,8BAA8B;IAMvD;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;OAEG;IACH,iBAAiB,sBAAsB;IAEvC;;OAEG;IACH,mBAAmB,wBAAwB;IAE3C;;OAEG;IACH,cAAc,mBAAmB;IAEjC;;OAEG;IACH,gBAAgB,qBAAqB;IAErC;;OAEG;IACH,gBAAgB,qBAAqB;IACrC,eAAe,oBAAoB;IAEnC;;OAEG;IACH,eAAe,oBAAoB;IAMnC;;OAEG;IACH,eAAe,oBAAoB;IAEnC;;OAEG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,aAAa,kBAAkB;IAE/B;;OAEG;IACH,gBAAgB,qBAAqB;IAMrC;;OAEG;IACH,YAAY,iBAAiB;IAE7B;;OAEG;IACH,qBAAqB,0BAA0B;IAE/C;;OAEG;IACH,uBAAuB,4BAA4B;IAMnD;;OAEG;IACH,iBAAiB,sBAAsB;IAEvC;;OAEG;IACH,mBAAmB,wBAAwB;IAE3C;;OAEG;IACH,wBAAwB,6BAA6B;IAMrD;;OAEG;IACH,mBAAmB,wBAAwB;CAC5C"}
|
|
@@ -108,6 +108,18 @@ var AuthAuditEventType;
|
|
|
108
108
|
* Force password change completed
|
|
109
109
|
*/
|
|
110
110
|
AuthAuditEventType["PASSWORD_FORCE_CHANGE_COMPLETED"] = "PASSWORD_FORCE_CHANGE_COMPLETED";
|
|
111
|
+
/**
|
|
112
|
+
* Admin initiated password reset (code sent to user)
|
|
113
|
+
*/
|
|
114
|
+
AuthAuditEventType["ADMIN_PASSWORD_RESET_INITIATED"] = "ADMIN_PASSWORD_RESET_INITIATED";
|
|
115
|
+
/**
|
|
116
|
+
* Admin-initiated password reset completed successfully
|
|
117
|
+
*/
|
|
118
|
+
AuthAuditEventType["ADMIN_PASSWORD_RESET_COMPLETED"] = "ADMIN_PASSWORD_RESET_COMPLETED";
|
|
119
|
+
/**
|
|
120
|
+
* Admin-initiated password reset failed (invalid code, expired, etc.)
|
|
121
|
+
*/
|
|
122
|
+
AuthAuditEventType["ADMIN_PASSWORD_RESET_FAILED"] = "ADMIN_PASSWORD_RESET_FAILED";
|
|
111
123
|
// ============================================================================
|
|
112
124
|
// Multi-Factor Authentication (MFA) Events
|
|
113
125
|
// ============================================================================
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth-audit-event-type.enum.js","sourceRoot":"","sources":["../../src/enums/auth-audit-event-type.enum.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,IAAY,
|
|
1
|
+
{"version":3,"file":"auth-audit-event-type.enum.js","sourceRoot":"","sources":["../../src/enums/auth-audit-event-type.enum.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,IAAY,kBA0VX;AA1VD,WAAY,kBAAkB;IAC5B,+EAA+E;IAC/E,eAAe;IACf,+EAA+E;IAE/E;;;;;;;;;;OAUG;IACH,qDAA+B,CAAA;IAE/B;;OAEG;IACH,qDAA+B,CAAA;IAE/B;;OAEG;IACH,mDAA6B,CAAA;IAE7B;;;;;OAKG;IACH,qDAA+B,CAAA;IAE/B,+EAA+E;IAC/E,iBAAiB;IACjB,+EAA+E;IAE/E;;OAEG;IACH,yDAAmC,CAAA;IAEnC;;OAEG;IACH,yDAAmC,CAAA;IAEnC;;;;;OAKG;IACH,uDAAiC,CAAA;IAEjC,+EAA+E;IAC/E,kBAAkB;IAClB,+EAA+E;IAE/E;;OAEG;IACH,2DAAqC,CAAA;IAErC;;OAEG;IACH,2EAAqD,CAAA;IAErD;;OAEG;IACH,2EAAqD,CAAA;IAErD;;OAEG;IACH,6EAAuD,CAAA;IAEvD;;OAEG;IACH,yFAAmE,CAAA;IAEnE;;OAEG;IACH,uFAAiE,CAAA;IAEjE;;OAEG;IACH,uFAAiE,CAAA;IAEjE;;OAEG;IACH,iFAA2D,CAAA;IAE3D,+EAA+E;IAC/E,2CAA2C;IAC3C,+EAA+E;IAE/E;;OAEG;IACH,iDAA2B,CAAA;IAE3B;;OAEG;IACH,mDAA6B,CAAA;IAE7B;;OAEG;IACH,2DAAqC,CAAA;IAErC;;OAEG;IACH,+DAAyC,CAAA;IAEzC;;OAEG;IACH,+DAAyC,CAAA;IAEzC;;OAEG;IACH,2EAAqD,CAAA;IAErD;;OAEG;IACH,yEAAmD,CAAA;IAEnD;;OAEG;IACH,qEAA+C,CAAA;IAE/C;;OAEG;IACH,qEAA+C,CAAA;IAE/C;;OAEG;IACH,+EAAyD,CAAA;IAEzD;;OAEG;IACH,mEAA6C,CAAA;IAE7C;;OAEG;IACH,mFAA6D,CAAA;IAE7D;;OAEG;IACH,uDAAiC,CAAA;IAEjC;;OAEG;IACH,2DAAqC,CAAA;IAErC,+EAA+E;IAC/E,mCAAmC;IACnC,+EAA+E;IAE/E;;;;;OAKG;IACH,+EAAyD,CAAA;IAEzD;;;;OAIG;IACH,uEAAiD,CAAA;IAEjD;;;;OAIG;IACH,qEAA+C,CAAA;IAE/C,+EAA+E;IAC/E,sBAAsB;IACtB,+EAA+E;IAE/E;;OAEG;IACH,uDAAiC,CAAA;IAEjC;;OAEG;IACH,mFAA6D,CAAA;IAE7D;;OAEG;IACH,6EAAuD,CAAA;IAEvD;;OAEG;IACH,uDAAiC,CAAA;IAEjC;;OAEG;IACH,mFAA6D,CAAA;IAE7D;;OAEG;IACH,6EAAuD,CAAA;IAEvD,+EAA+E;IAC/E,4BAA4B;IAC5B,+EAA+E;IAE/E;;OAEG;IACH,yDAAmC,CAAA;IAEnC;;OAEG;IACH,6DAAuC,CAAA;IAEvC;;OAEG;IACH,iEAA2C,CAAA;IAE3C;;OAEG;IACH,uDAAiC,CAAA;IAEjC;;OAEG;IACH,2DAAqC,CAAA;IAErC;;OAEG;IACH,2DAAqC,CAAA;IACrC,yDAAmC,CAAA;IAEnC;;OAEG;IACH,yDAAmC,CAAA;IAEnC,+EAA+E;IAC/E,wBAAwB;IACxB,+EAA+E;IAE/E;;OAEG;IACH,yDAAmC,CAAA;IAEnC;;OAEG;IACH,qDAA+B,CAAA;IAE/B;;OAEG;IACH,qDAA+B,CAAA;IAE/B;;OAEG;IACH,2DAAqC,CAAA;IAErC,+EAA+E;IAC/E,+BAA+B;IAC/B,+EAA+E;IAE/E;;OAEG;IACH,mDAA6B,CAAA;IAE7B;;OAEG;IACH,qEAA+C,CAAA;IAE/C;;OAEG;IACH,yEAAmD,CAAA;IAEnD,+EAA+E;IAC/E,wBAAwB;IACxB,+EAA+E;IAE/E;;OAEG;IACH,6DAAuC,CAAA;IAEvC;;OAEG;IACH,iEAA2C,CAAA;IAE3C;;OAEG;IACH,2EAAqD,CAAA;IAErD,+EAA+E;IAC/E,kBAAkB;IAClB,+EAA+E;IAE/E;;OAEG;IACH,iEAA2C,CAAA;AAC7C,CAAC,EA1VW,kBAAkB,kCAAlB,kBAAkB,QA0V7B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAKrE;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAGvC;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"csrf.handler.d.ts","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,WAAW,EAAiC,WAAW,EAAE,MAAM,UAAU,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAKrE;;;;GAIG;AACH,qBAAa,WAAW;IAEpB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAC5B,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;gBAFP,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,WAAW,EACnB,MAAM,CAAC,EAAE,WAAW,YAAA;IAGvC;;;;OAIG;IACU,MAAM,CAAC,GAAG,EAAE,YAAY,EAAE,GAAG,EAAE,aAAa,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IA8C3G;;OAEG;YACW,sBAAsB;IAsCpC;;;;;OAKG;YACW,aAAa;CA0C5B"}
|
|
@@ -16,7 +16,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
16
16
|
exports.CsrfHandler = void 0;
|
|
17
17
|
const index_1 = require("../index");
|
|
18
18
|
/** HTTP methods that don't require CSRF validation */
|
|
19
|
-
const SAFE_METHODS = ['GET', 'HEAD'
|
|
19
|
+
const SAFE_METHODS = ['GET', 'HEAD'];
|
|
20
20
|
/**
|
|
21
21
|
* CsrfHandler
|
|
22
22
|
*
|
|
@@ -43,6 +43,17 @@ class CsrfHandler {
|
|
|
43
43
|
await next();
|
|
44
44
|
return;
|
|
45
45
|
}
|
|
46
|
+
// ============================================================================
|
|
47
|
+
// IMPORTANT: Never generate CSRF cookies on CORS preflight (OPTIONS)
|
|
48
|
+
// ============================================================================
|
|
49
|
+
// Browsers typically do NOT include cookies on preflight requests.
|
|
50
|
+
// If we generated a CSRF cookie here, we'd rotate the token between the time
|
|
51
|
+
// the client reads document.cookie (to set the header) and the actual request
|
|
52
|
+
// is sent, causing intermittent CSRF mismatches.
|
|
53
|
+
if (req.method === 'OPTIONS') {
|
|
54
|
+
await next();
|
|
55
|
+
return;
|
|
56
|
+
}
|
|
46
57
|
// Safe methods: Generate token if missing
|
|
47
58
|
if (SAFE_METHODS.includes(req.method)) {
|
|
48
59
|
await this.generateTokenIfMissing(req, res);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,oCAAmF;AAInF,sDAAsD;AACtD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"csrf.handler.js","sourceRoot":"","sources":["../../src/handlers/csrf.handler.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;AAEH,oCAAmF;AAInF,sDAAsD;AACtD,MAAM,YAAY,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AAErC;;;;GAIG;AACH,MAAa,WAAW;IAEH;IACA;IACA;IAHnB,YACmB,WAAwB,EACxB,MAAmB,EACnB,MAAoB;QAFpB,gBAAW,GAAX,WAAW,CAAa;QACxB,WAAM,GAAN,MAAM,CAAa;QACnB,WAAM,GAAN,MAAM,CAAc;IACpC,CAAC;IAEJ;;;;OAIG;IACI,KAAK,CAAC,MAAM,CAAC,GAAiB,EAAE,GAAkB,EAAE,IAAgC;QACzF,kDAAkD;QAClD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,MAAM,IAAI,MAAM,CAAC;QAC3D,IAAI,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YAChD,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,+EAA+E;QAC/E,qEAAqE;QACrE,+EAA+E;QAC/E,mEAAmE;QACnE,6EAA6E;QAC7E,8EAA8E;QAC9E,iDAAiD;QACjD,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,0CAA0C;QAC1C,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YACtC,MAAM,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YAC5C,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,yCAAyC;QACzC,IAAI,GAAG,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAC/B,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,sBAAsB;QACtB,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,aAAa,IAAI,EAAE,CAAC;QACtE,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAC9D,MAAM,IAAI,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,mEAAmE;QACnE,MAAM,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC;QAE9B,MAAM,IAAI,EAAE,CAAC;IACf,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,sBAAsB,CAAC,GAAiB,EAAE,GAAkB;QACxE,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,aAAa,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE9C,IAAI,aAAa,EAAE,CAAC;YAClB,+CAA+C;YAC/C,OAAO,GAAG,CAAC,UAAU,CAAC,cAAc,CAAC;YACrC,OAAO;QACT,CAAC;QAED,qBAAqB;QACrB,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAE/C,wEAAwE;QACxE,iEAAiE;QACjE,MAAM,iBAAiB,GAAG,IAAI,CAAC,WAAW,CAAC,gBAAgB,EAAE,CAAC;QAE9D,uBAAuB;QACvB,MAAM,aAAa,GAAG;YACpB,gFAAgF;YAChF,0FAA0F;YAC1F,QAAQ,EAAE,iBAAiB,CAAC,QAAQ,IAAI,KAAK;YAC7C,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM,IAAI,IAAI;YAChE,QAAQ,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,QAAQ,IAAI,QAAQ,CAA8B;YACvG,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,aAAa,EAAE,MAAM;YACxD,IAAI,EAAE,GAAG;YACT,GAAG,iBAAiB;SACrB,CAAC;QAEF,aAAa;QACb,GAAG,CAAC,SAAS,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAEhD,kEAAkE;QAClE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,EAAE,KAAK,CAAC,CAAC;QAEpD,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,8BAA8B,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,aAAa,CAAC,GAAiB;QAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,EAAE,CAAC;QAEpD,gCAAgC;QAChC,IAAI,gBAAgB,GAAG,GAAG,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QACjD,IAAI,CAAC,gBAAgB,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YAClC,2BAA2B;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,IAA+B,CAAC;YACjD,gBAAgB,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,CAAuB,CAAC;QACpG,CAAC;QAED,wBAAwB;QACxB,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE5C,iCAAiC;QACjC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,gCAAgC,UAAU,0DAA0D,UAAU,UAAU,CACzH,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAChD,qBAAa,CAAC,kBAAkB,EAChC,kEAAkE,CACnE,CAAC;YACF,OAAO;QACT,CAAC;QAED,yBAAyB;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,WAAW,CAAC,aAAa,CAAC,MAAM,CAAC,gBAAgB,CAAC,EAAE,WAAW,CAAC,CAAC;QAEtF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,UAAU,CAAC,cAAc,GAAG,IAAI,sBAAc,CAAC,qBAAa,CAAC,kBAAkB,EAAE,sBAAsB,CAAC,CAAC;YAC7G,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,CAAC,mCAAmC,CAAC,CAAC;IAC5D,CAAC;CACF;AAnJD,kCAmJC"}
|
|
@@ -793,6 +793,31 @@ export interface PasswordConfig {
|
|
|
793
793
|
*/
|
|
794
794
|
maxAttempts?: number;
|
|
795
795
|
};
|
|
796
|
+
/**
|
|
797
|
+
* Admin password reset configuration
|
|
798
|
+
*
|
|
799
|
+
* Controls admin-initiated password reset verification code behavior.
|
|
800
|
+
* Admin resets have longer expiry (default 1 hour vs 15 min) and no rate limiting.
|
|
801
|
+
*
|
|
802
|
+
* Note: Defaults are applied in service layer when not provided.
|
|
803
|
+
*/
|
|
804
|
+
adminPasswordReset?: {
|
|
805
|
+
/**
|
|
806
|
+
* Verification code length
|
|
807
|
+
* @default 6
|
|
808
|
+
*/
|
|
809
|
+
codeLength?: number;
|
|
810
|
+
/**
|
|
811
|
+
* Code expiry in seconds
|
|
812
|
+
* @default 3600 (1 hour - longer than user-initiated 15 min)
|
|
813
|
+
*/
|
|
814
|
+
expiresIn?: number;
|
|
815
|
+
/**
|
|
816
|
+
* Maximum code verification attempts per code
|
|
817
|
+
* @default 3
|
|
818
|
+
*/
|
|
819
|
+
maxAttempts?: number;
|
|
820
|
+
};
|
|
796
821
|
}
|
|
797
822
|
export interface LockoutConfig {
|
|
798
823
|
/**
|