@nauth-toolkit/core 0.1.86 → 0.1.88

package/dist/dto/admin-reset-password.dto.js

@@ -3,11 +3,11 @@
  * Admin Reset Password Request DTO
  *
  * Request DTO for admin-initiated password reset workflow.
- * Allows resetting a user's password by identifier (email, username, phone, or sub).
+ * Allows resetting a user's password by sub (UUID).
  *
  * Security:
  * - Admin-only operation (should be protected by admin guard)
- * - User identifier validated
+ * - User sub validated
  * - Code + optional link delivery (like email verification)
  * - Configurable expiry (default: 1 hour)
  * - Optional immediate session revocation
@@ -17,7 +17,7 @@
  * ```typescript
  * // With link for consumer app custom UI
  * await authService.adminResetPassword({
- *   identifier: 'user@example.com',
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
  *   baseUrl: 'https://myapp.com/reset-password',
  *   deliveryMethod: 'email',
  *   revokeSessions: true
@@ -25,7 +25,7 @@
  *
  * // Code only (no link)
  * await authService.adminResetPassword({
- *   identifier: 'user@example.com',
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
  *   deliveryMethod: 'email'
  * });
  * ```
@@ -48,20 +48,18 @@ const class_transformer_1 = require("class-transformer");
  */
 class AdminResetPasswordDTO {
     /**
-     * User identifier (email, username, phone, or sub/UUID)
+     * User sub (UUID)
      *
      * Validation:
-     * - Must be a string
-     * - Min 1 character
-     * - Max 255 characters
+     * - Must be a valid UUID v4
      *
      * Sanitization:
      * - Trimmed
-     * - Lowercased if email format detected
+     * - Lowercased for consistency
      *
-     * @example "user@example.com" | "johndoe" | "+1234567890" | "uuid"
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    identifier;
+    sub;
     /**
      * Delivery method for reset code
      *
@@ -136,23 +134,15 @@ class AdminResetPasswordDTO {
 }
 exports.AdminResetPasswordDTO = AdminResetPasswordDTO;
 __decorate([
-    (0, class_validator_1.IsString)({ message: 'Identifier must be a string' }),
-    (0, class_validator_1.IsNotEmpty)({ message: 'Identifier is required' }),
-    (0, class_validator_1.MinLength)(1, { message: 'Identifier is required' }),
-    (0, class_validator_1.MaxLength)(255, { message: 'Identifier must not exceed 255 characters' }),
+    (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
     (0, class_transformer_1.Transform)(({ value }) => {
         if (typeof value === 'string') {
-            const trimmed = value.trim();
-            // If it contains @, treat as email and lowercase
-            if (trimmed.includes('@')) {
-                return trimmed.toLowerCase();
-            }
-            return trimmed;
+            return value.trim().toLowerCase();
         }
         return value;
     }),
     __metadata("design:type", String)
-], AdminResetPasswordDTO.prototype, "identifier", void 0);
+], AdminResetPasswordDTO.prototype, "sub", void 0);
 __decorate([
     (0, class_validator_1.IsOptional)(),
     (0, class_validator_1.IsIn)(['email', 'sms'], { message: 'Delivery method must be email or sms' }),
@@ -241,56 +231,48 @@ exports.AdminResetPasswordResponseDTO = AdminResetPasswordResponseDTO;
 /**
  * Confirm Admin Reset Password DTO
  *
- * User completes admin-initiated password reset with code OR token.
- * Accepts either short code from email/SMS OR long token from link.
+ * User completes admin-initiated password reset with a verification code.
+ *
+ * NOTE:
+ * - Link support is optional, but links carry the same verification `code` as a query parameter
+ *   (e.g., `...?code=123456`) to keep consumer apps consistent (code-only).
  *
  * Security:
- * - One of code or token is required
- * - Token-based: No attempt tracking (single use, long random)
- * - Code-based: Attempt tracking (max 3 attempts)
+ * - Code is required
+ * - Attempt tracking enforced (max attempts configured in password reset service)
  * - Always revokes all sessions on completion
  * - Always sets mustChangePassword flag
  *
  * @example
  * ```typescript
- * // With code (from email/SMS)
  * await authService.confirmAdminResetPassword({
- *   identifier: 'user@example.com',
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
  *   code: '123456',
  *   newPassword: 'NewSecurePass123!'
  * });
- *
- * // With token (from link)
- * await authService.confirmAdminResetPassword({
- *   identifier: 'user@example.com',
- *   token: '64-char-hex-token-from-link',
- *   newPassword: 'NewSecurePass123!'
- * });
  * ```
  */
 class ConfirmAdminResetPasswordDTO {
     /**
-     * User identifier (email, username, phone, or sub/UUID)
+     * User sub (UUID)
      *
      * Validation:
-     * - Must be a string
-     * - Min 1 character
-     * - Max 255 characters
+     * - Must be a valid UUID v4
      *
      * Sanitization:
      * - Trimmed
-     * - Lowercased if email format detected
+     * - Lowercased for consistency
      *
-     * @example "user@example.com"
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    identifier;
+    sub;
     /**
      * Verification code from email/SMS (6-10 digits)
      *
      * Validation:
      * - Must be string
      * - Length 6-10 characters
-     * - Optional (token OR code required)
+     * - Required
      *
      * Sanitization:
      * - Trimmed
@@ -300,21 +282,6 @@ class ConfirmAdminResetPasswordDTO {
      * @example "123456"
      */
     code;
-    /**
-     * Verification token from link (64-char hex)
-     *
-     * Validation:
-     * - Must be string
-     * - Optional (token OR code required)
-     *
-     * Sanitization:
-     * - Trimmed
-     *
-     * WHY: Long token from link, single-use, no attempt tracking needed
-     *
-     * @example "a1b2c3d4..."
-     */
-    token;
     /**
      * New password
      *
@@ -334,26 +301,18 @@ class ConfirmAdminResetPasswordDTO {
 }
 exports.ConfirmAdminResetPasswordDTO = ConfirmAdminResetPasswordDTO;
 __decorate([
-    (0, class_validator_1.IsString)({ message: 'Identifier must be a string' }),
-    (0, class_validator_1.IsNotEmpty)({ message: 'Identifier is required' }),
-    (0, class_validator_1.MinLength)(1, { message: 'Identifier is required' }),
-    (0, class_validator_1.MaxLength)(255, { message: 'Identifier must not exceed 255 characters' }),
+    (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
     (0, class_transformer_1.Transform)(({ value }) => {
         if (typeof value === 'string') {
-            const trimmed = value.trim();
-            // If it contains @, treat as email and lowercase
-            if (trimmed.includes('@')) {
-                return trimmed.toLowerCase();
-            }
-            return trimmed;
+            return value.trim().toLowerCase();
         }
         return value;
     }),
     __metadata("design:type", String)
-], ConfirmAdminResetPasswordDTO.prototype, "identifier", void 0);
+], ConfirmAdminResetPasswordDTO.prototype, "sub", void 0);
 __decorate([
-    (0, class_validator_1.IsOptional)(),
     (0, class_validator_1.IsString)({ message: 'Code must be a string' }),
+    (0, class_validator_1.IsNotEmpty)({ message: 'Code is required' }),
     (0, class_validator_1.Length)(6, 10, { message: 'Code must be between 6 and 10 characters' }),
     (0, class_transformer_1.Transform)(({ value }) => {
         if (typeof value === 'string') {
@@ -363,17 +322,6 @@ __decorate([
     }),
     __metadata("design:type", String)
 ], ConfirmAdminResetPasswordDTO.prototype, "code", void 0);
-__decorate([
-    (0, class_validator_1.IsOptional)(),
-    (0, class_validator_1.IsString)({ message: 'Token must be a string' }),
-    (0, class_transformer_1.Transform)(({ value }) => {
-        if (typeof value === 'string') {
-            return value.trim();
-        }
-        return value;
-    }),
-    __metadata("design:type", String)
-], ConfirmAdminResetPasswordDTO.prototype, "token", void 0);
 __decorate([
     (0, class_validator_1.IsString)({ message: 'New password must be a string' }),
     (0, class_validator_1.IsNotEmpty)({ message: 'New password is required' }),

package/dist/dto/admin-reset-password.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-reset-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-reset-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;;;;;;;;;;;;AAEH,qDAayB;AACzB,yDAA8C;AAE9C;;GAEG;AACH,MAAa,qBAAqB;IAChC;;;;;;;;;;;;;OAaG;IAgBH,UAAU,CAAU;IAEpB;;;;;;;;;OASG;IAGH,cAAc,CAAmB;IAEjC;;;;;;;;;;;;;;;;;OAiBG;IAaH,OAAO,CAAU;IAEjB;;;;;;;;;;;OAWG;IAKH,aAAa,CAAU;IAEvB;;;;;;;;;;;;OAYG;IAGH,cAAc,CAAW;IAEzB;;;;;;;;;;;;OAYG;IAUH,MAAM,CAAU;CACjB;AAxID,sDAwIC;AA1GC;IAfC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC7B,iDAAiD;YACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACkB;AAcpB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,sBAAI,EAAC,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;6DAC3C;AAgCjC;IAZC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EACJ,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,EAC5E,EAAE,OAAO,EAAE,qDAAqD,EAAE,CACnE;IACA,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACe;AAkBjB;IAJC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACzD,IAAA,qBAAG,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sDAAsD,EAAE,CAAC;IAC7E,IAAA,qBAAG,EAAC,KAAK,EAAE,EAAE,OAAO,EAAE,sDAAsD,EAAE,CAAC;;4DACzD;AAiBvB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;6DAClC;AAwBzB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IACpE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACc;AAGlB;;;;;;;;;;;;;;;GAeG;AACH,MAAa,6BAA6B;IACxC;;;OAGG;IACH,OAAO,CAAW;IAElB;;;OAGG;IACH,WAAW,CAAU;IAErB;;;OAGG;IACH,cAAc,CAAmB;IAEjC;;;OAGG;IACH,SAAS,CAAU;IAEnB;;;OAGG;IACH,eAAe,CAAU;CAC1B;AA9BD,sEA8BC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,MAAa,4BAA4B;IACvC;;;;;;;;;;;;;OAaG;IAgBH,UAAU,CAAU;IAEpB;;;;;;;;;;;;;;OAcG;IAUH,IAAI,CAAU;IAEd;;;;;;;;;;;;;OAaG;IASH,KAAK,CAAU;IAEf;;;;;;;;;;;;;;OAcG;IAKH,WAAW,CAAU;CACtB;AAtGD,oEAsGC;AAxEC;IAfC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC7B,iDAAiD;YACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;gEACkB;AA0BpB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,wBAAM,EAAC,CAAC,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACtE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;0DACY;AAwBd;IARC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IAC/C,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;2DACa;AAqBf;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;iEAClD;AAGvB;;;;;;;;;;;GAWG;AACH,MAAa,oCAAoC;IAC/C;;;OAGG;IACH,OAAO,CAAW;CACnB;AAND,oFAMC"}
+{"version":3,"file":"admin-reset-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-reset-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;;;;;;;;;;;;AAEH,qDAcyB;AACzB,yDAA8C;AAE9C;;GAEG;AACH,MAAa,qBAAqB;IAChC;;;;;;;;;;;OAWG;IAQH,GAAG,CAAU;IAEb;;;;;;;;;OASG;IAGH,cAAc,CAAmB;IAEjC;;;;;;;;;;;;;;;;;OAiBG;IAaH,OAAO,CAAU;IAEjB;;;;;;;;;;;OAWG;IAKH,aAAa,CAAU;IAEvB;;;;;;;;;;;;OAYG;IAGH,cAAc,CAAW;IAEzB;;;;;;;;;;;;OAYG;IAUH,MAAM,CAAU;CACjB;AA9HD,sDA8HC;AA1GC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;kDACW;AAcb;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,sBAAI,EAAC,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;6DAC3C;AAgCjC;IAZC,IAAA,4BAAU,GAAE;IACZ,IAAA,uBAAK,EACJ,EAAE,gBAAgB,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,EAC5E,EAAE,OAAO,EAAE,qDAAqD,EAAE,CACnE;IACA,IAAA,2BAAS,EAAC,IAAI,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;sDACe;AAkBjB;IAJC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACzD,IAAA,qBAAG,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,sDAAsD,EAAE,CAAC;IAC7E,IAAA,qBAAG,EAAC,KAAK,EAAE,EAAE,OAAO,EAAE,sDAAsD,EAAE,CAAC;;4DACzD;AAiBvB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;6DAClC;AAwBzB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IACpE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACc;AAGlB;;;;;;;;;;;;;;;GAeG;AACH,MAAa,6BAA6B;IACxC;;;OAGG;IACH,OAAO,CAAW;IAElB;;;OAGG;IACH,WAAW,CAAU;IAErB;;;OAGG;IACH,cAAc,CAAmB;IAEjC;;;OAGG;IACH,SAAS,CAAU;IAEnB;;;OAGG;IACH,eAAe,CAAU;CAC1B;AA9BD,sEA8BC;AAED;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,MAAa,4BAA4B;IACvC;;;;;;;;;;;OAWG;IAQH,GAAG,CAAU;IAEb;;;;;;;;;;;;;;OAcG;IAUH,IAAI,CAAU;IAEd;;;;;;;;;;;;;;OAcG;IAKH,WAAW,CAAU;CACtB;AApED,oEAoEC;AAhDC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAsB,EAAE,EAAE;QAC3C,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;yDACW;AA0Bb;IATC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,uBAAuB,EAAE,CAAC;IAC9C,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC;IAC3C,IAAA,wBAAM,EAAC,CAAC,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,0CAA0C,EAAE,CAAC;IACtE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;0DACY;AAqBd;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;iEAClD;AAGvB;;;;;;;;;;;GAWG;AACH,MAAa,oCAAoC;IAC/C;;;OAGG;IACH,OAAO,CAAW;CACnB;AAND,oFAMC"}

package/dist/dto/admin-revoke-session.dto.d.ts

@@ -0,0 +1,22 @@
+/**
+ * DTO for revoking a specific user session (admin-only)
+ *
+ * @example
+ * ```typescript
+ * const dto = new AdminRevokeSessionDTO();
+ * dto.sub = 'user-uuid-123';
+ * dto.sessionId = '456';
+ * await adminAuthService.revokeUserSession(dto);
+ * ```
+ */
+export declare class AdminRevokeSessionDTO {
+    /**
+     * User sub (UUID) - must match the session owner
+     */
+    sub: string;
+    /**
+     * Session ID to revoke
+     */
+    sessionId: string;
+}
+//# sourceMappingURL=admin-revoke-session.dto.d.ts.map

package/dist/dto/admin-revoke-session.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-revoke-session.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-revoke-session.dto.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;GAUG;AACH,qBAAa,qBAAqB;IAChC;;OAEG;IAIH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IAGH,SAAS,EAAG,MAAM,CAAC;CACpB"}

package/dist/dto/admin-revoke-session.dto.js

@@ -0,0 +1,48 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AdminRevokeSessionDTO = void 0;
+const class_validator_1 = require("class-validator");
+const class_transformer_1 = require("class-transformer");
+/**
+ * DTO for revoking a specific user session (admin-only)
+ *
+ * @example
+ * ```typescript
+ * const dto = new AdminRevokeSessionDTO();
+ * dto.sub = 'user-uuid-123';
+ * dto.sessionId = '456';
+ * await adminAuthService.revokeUserSession(dto);
+ * ```
+ */
+class AdminRevokeSessionDTO {
+    /**
+     * User sub (UUID) - must match the session owner
+     */
+    sub;
+    /**
+     * Session ID to revoke
+     */
+    sessionId;
+}
+exports.AdminRevokeSessionDTO = AdminRevokeSessionDTO;
+__decorate([
+    (0, class_validator_1.IsUUID)('4'),
+    (0, class_validator_1.IsNotEmpty)(),
+    (0, class_transformer_1.Transform)(({ value }) => value?.trim().toLowerCase()),
+    __metadata("design:type", String)
+], AdminRevokeSessionDTO.prototype, "sub", void 0);
+__decorate([
+    (0, class_validator_1.IsString)(),
+    (0, class_validator_1.IsNotEmpty)(),
+    __metadata("design:type", String)
+], AdminRevokeSessionDTO.prototype, "sessionId", void 0);
+//# sourceMappingURL=admin-revoke-session.dto.js.map

package/dist/dto/admin-revoke-session.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-revoke-session.dto.js","sourceRoot":"","sources":["../../src/dto/admin-revoke-session.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAA+D;AAC/D,yDAA8C;AAE9C;;;;;;;;;;GAUG;AACH,MAAa,qBAAqB;IAChC;;OAEG;IAIH,GAAG,CAAU;IAEb;;OAEG;IAGH,SAAS,CAAU;CACpB;AAfD,sDAeC;AARC;IAHC,IAAA,wBAAM,EAAC,GAAG,CAAC;IACX,IAAA,4BAAU,GAAE;IACZ,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;;kDACzC;AAOb;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;wDACM"}

package/dist/dto/admin-set-password.dto.d.ts

@@ -2,18 +2,18 @@
  * Admin Set Password Request DTO
  *
  * Request DTO for admin-initiated password reset.
- * Allows resetting a user's password by identifier (email, username, phone, or sub).
+ * Allows resetting a user's password by sub (UUID).
  *
  * Security:
  * - Admin-only operation (should be protected by admin guard)
- * - User identifier validated
+ * - User sub validated
  * - Password policy enforced
  * - Session revocation configurable
  *
  * @example
  * ```typescript
  * await authService.adminSetPassword({
- *   identifier: 'user@example.com',
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
  *   newPassword: 'NewSecurePassword123!',
  *   mustChangePassword: true,
  *   revokeSessions: true
@@ -25,20 +25,18 @@
  */
 export declare class AdminSetPasswordDTO {
     /**
-     * User identifier (email, username, phone, or sub/UUID)
+     * User sub (UUID)
      *
      * Validation:
-     * - Must be a string
-     * - Min 1 character
-     * - Max 255 characters
+     * - Must be a valid UUID v4
      *
      * Sanitization:
      * - Trimmed
-     * - Lowercased if email format detected
+     * - Lowercased for consistency
      *
-     * @example "user@example.com" | "johndoe" | "+1234567890" | "a21b654c-2746-4168-acee-c175083a65cd"
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    identifier: string;
+    sub: string;
     /**
      * New password
      *

package/dist/dto/admin-set-password.dto.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin-set-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAKH;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;;;;;;;OAaG;IAgBH,UAAU,EAAG,MAAM,CAAC;IAEpB;;;;;;;;;;;;OAYG;IAKH,WAAW,EAAG,MAAM,CAAC;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,EAAG,OAAO,CAAC;IAElB;;OAEG;IACH,kBAAkB,EAAG,OAAO,CAAC;IAE7B;;OAEG;IACH,eAAe,EAAG,MAAM,CAAC;CAC1B"}
+{"version":3,"file":"admin-set-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AAKH;;GAEG;AACH,qBAAa,mBAAmB;IAC9B;;;;;;;;;;;OAWG;IAQH,GAAG,EAAG,MAAM,CAAC;IAEb;;;;;;;;;;;;OAYG;IAKH,WAAW,EAAG,MAAM,CAAC;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAC,EAAE,OAAO,CAAC;CAC1B;AAED;;;;;;;;;;;;;GAaG;AACH,qBAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,EAAG,OAAO,CAAC;IAElB;;OAEG;IACH,kBAAkB,EAAG,OAAO,CAAC;IAE7B;;OAEG;IACH,eAAe,EAAG,MAAM,CAAC;CAC1B"}

package/dist/dto/admin-set-password.dto.js

@@ -3,18 +3,18 @@
  * Admin Set Password Request DTO
  *
  * Request DTO for admin-initiated password reset.
- * Allows resetting a user's password by identifier (email, username, phone, or sub).
+ * Allows resetting a user's password by sub (UUID).
  *
  * Security:
  * - Admin-only operation (should be protected by admin guard)
- * - User identifier validated
+ * - User sub validated
  * - Password policy enforced
  * - Session revocation configurable
  *
  * @example
  * ```typescript
  * await authService.adminSetPassword({
- *   identifier: 'user@example.com',
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
  *   newPassword: 'NewSecurePassword123!',
  *   mustChangePassword: true,
  *   revokeSessions: true
@@ -39,20 +39,18 @@ const class_transformer_1 = require("class-transformer");
  */
 class AdminSetPasswordDTO {
     /**
-     * User identifier (email, username, phone, or sub/UUID)
+     * User sub (UUID)
      *
      * Validation:
-     * - Must be a string
-     * - Min 1 character
-     * - Max 255 characters
+     * - Must be a valid UUID v4
      *
      * Sanitization:
      * - Trimmed
-     * - Lowercased if email format detected
+     * - Lowercased for consistency
      *
-     * @example "user@example.com" | "johndoe" | "+1234567890" | "a21b654c-2746-4168-acee-c175083a65cd"
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
      */
-    identifier;
+    sub;
     /**
      * New password
      *
@@ -86,23 +84,15 @@ class AdminSetPasswordDTO {
 }
 exports.AdminSetPasswordDTO = AdminSetPasswordDTO;
 __decorate([
-    (0, class_validator_1.IsString)({ message: 'Identifier must be a string' }),
-    (0, class_validator_1.IsNotEmpty)({ message: 'Identifier is required' }),
-    (0, class_validator_1.MinLength)(1, { message: 'Identifier is required' }),
-    (0, class_validator_1.MaxLength)(255, { message: 'Identifier must not exceed 255 characters' }),
+    (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
     (0, class_transformer_1.Transform)(({ value }) => {
         if (typeof value === 'string') {
-            const trimmed = value.trim();
-            // If it contains @, treat as email and lowercase
-            if (trimmed.includes('@')) {
-                return trimmed.toLowerCase();
-            }
-            return trimmed;
+            return value.trim().toLowerCase();
         }
         return value;
     }),
     __metadata("design:type", String)
-], AdminSetPasswordDTO.prototype, "identifier", void 0);
+], AdminSetPasswordDTO.prototype, "sub", void 0);
 __decorate([
     (0, class_validator_1.IsString)({ message: 'New password must be a string' }),
     (0, class_validator_1.IsNotEmpty)({ message: 'New password is required' }),

package/dist/dto/admin-set-password.dto.js.map

@@ -1 +1 @@
-{"version":3,"file":"admin-set-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;;;;;;;;;;AAEH,qDAAoG;AACpG,yDAA8C;AAE9C;;GAEG;AACH,MAAa,mBAAmB;IAC9B;;;;;;;;;;;;;OAaG;IAgBH,UAAU,CAAU;IAEpB;;;;;;;;;;;;OAYG;IAKH,WAAW,CAAU;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAW;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAW;CAC1B;AAxED,kDAwEC;AA1CC;IAfC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACjD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC;YAC7B,iDAAiD;YACjD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,OAAO,OAAO,CAAC,WAAW,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,OAAO,CAAC;QACjB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;uDACkB;AAmBpB;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;wDAClD;AAWrB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;+DAClC;AAW7B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;2DAClC;AAG3B;;;;;;;;;;;;;GAaG;AACH,MAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,CAAW;IAElB;;OAEG;IACH,kBAAkB,CAAW;IAE7B;;OAEG;IACH,eAAe,CAAU;CAC1B;AAhBD,kEAgBC"}
+{"version":3,"file":"admin-set-password.dto.js","sourceRoot":"","sources":["../../src/dto/admin-set-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;;;;;;;;;;;;AAEH,qDAA4G;AAC5G,yDAA8C;AAE9C;;GAEG;AACH,MAAa,mBAAmB;IAC9B;;;;;;;;;;;OAWG;IAQH,GAAG,CAAU;IAEb;;;;;;;;;;;;OAYG;IAKH,WAAW,CAAU;IAErB;;;;;;OAMG;IAGH,kBAAkB,CAAW;IAE7B;;;;;;OAMG;IAGH,cAAc,CAAW;CAC1B;AA9DD,kDA8DC;AA1CC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;gDACW;AAmBb;IAJC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,+BAA+B,EAAE,CAAC;IACtD,IAAA,4BAAU,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;IACnD,IAAA,2BAAS,EAAC,CAAC,EAAE,EAAE,OAAO,EAAE,wCAAwC,EAAE,CAAC;IACnE,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;;wDAClD;AAWrB;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,sCAAsC,EAAE,CAAC;;+DAClC;AAW7B;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,kCAAkC,EAAE,CAAC;;2DAClC;AAG3B;;;;;;;;;;;;;GAaG;AACH,MAAa,2BAA2B;IACtC;;;OAGG;IACH,OAAO,CAAW;IAElB;;OAEG;IACH,kBAAkB,CAAW;IAE7B;;OAEG;IACH,eAAe,CAAU;CAC1B;AAhBD,kEAgBC"}

package/dist/dto/admin-set-preferred-method.dto.d.ts

@@ -0,0 +1,25 @@
+import { SetPreferredMethodDTO, SetPreferredMethodResponseDTO } from './set-preferred-method.dto';
+/**
+ * Admin DTO for setting preferred MFA method for a specific user
+ *
+ * Admin APIs must explicitly target a user via `sub`.
+ * This DTO mirrors {@link SetPreferredMethodDTO} but adds `sub`.
+ *
+ * @example
+ * ```typescript
+ * const result = await mfaService.adminSetPreferredMethod({
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
+ *   methodType: 'sms',
+ * });
+ * ```
+ */
+export declare class AdminSetPreferredMethodDTO extends SetPreferredMethodDTO {
+    /**
+     * Target user's unique identifier (UUID v4)
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
+    sub: string;
+}
+export { SetPreferredMethodResponseDTO };
+//# sourceMappingURL=admin-set-preferred-method.dto.d.ts.map

package/dist/dto/admin-set-preferred-method.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-set-preferred-method.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-set-preferred-method.dto.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,6BAA6B,EAAE,MAAM,4BAA4B,CAAC;AAElG;;;;;;;;;;;;;GAaG;AACH,qBAAa,0BAA2B,SAAQ,qBAAqB;IACnE;;;;OAIG;IAQH,GAAG,EAAG,MAAM,CAAC;CACd;AAED,OAAO,EAAE,6BAA6B,EAAE,CAAC"}

package/dist/dto/admin-set-preferred-method.dto.js

@@ -0,0 +1,50 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SetPreferredMethodResponseDTO = exports.AdminSetPreferredMethodDTO = void 0;
+const class_validator_1 = require("class-validator");
+const class_transformer_1 = require("class-transformer");
+const set_preferred_method_dto_1 = require("./set-preferred-method.dto");
+Object.defineProperty(exports, "SetPreferredMethodResponseDTO", { enumerable: true, get: function () { return set_preferred_method_dto_1.SetPreferredMethodResponseDTO; } });
+/**
+ * Admin DTO for setting preferred MFA method for a specific user
+ *
+ * Admin APIs must explicitly target a user via `sub`.
+ * This DTO mirrors {@link SetPreferredMethodDTO} but adds `sub`.
+ *
+ * @example
+ * ```typescript
+ * const result = await mfaService.adminSetPreferredMethod({
+ *   sub: 'a21b654c-2746-4168-acee-c175083a65cd',
+ *   methodType: 'sms',
+ * });
+ * ```
+ */
+class AdminSetPreferredMethodDTO extends set_preferred_method_dto_1.SetPreferredMethodDTO {
+    /**
+     * Target user's unique identifier (UUID v4)
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
+    sub;
+}
+exports.AdminSetPreferredMethodDTO = AdminSetPreferredMethodDTO;
+__decorate([
+    (0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
+    (0, class_transformer_1.Transform)(({ value }) => {
+        if (typeof value === 'string') {
+            return value.trim().toLowerCase();
+        }
+        return value;
+    }),
+    __metadata("design:type", String)
+], AdminSetPreferredMethodDTO.prototype, "sub", void 0);
+//# sourceMappingURL=admin-set-preferred-method.dto.js.map

package/dist/dto/admin-set-preferred-method.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-set-preferred-method.dto.js","sourceRoot":"","sources":["../../src/dto/admin-set-preferred-method.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAyC;AACzC,yDAA8C;AAC9C,yEAAkG;AAgCzF,8GAhCuB,wDAA6B,OAgCvB;AA9BtC;;;;;;;;;;;;;GAaG;AACH,MAAa,0BAA2B,SAAQ,gDAAqB;IACnE;;;;OAIG;IAQH,GAAG,CAAU;CACd;AAdD,gEAcC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;uDACW"}

package/dist/dto/admin-update-user-attributes.dto.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Admin Update User Attributes DTO
+ *
+ * Request DTO for administrators to update a user's profile information.
+ *
+ * Security:
+ * - Requires target user sub (UUID)
+ * - All fields validated according to UserUpdateDTO rules
+ * - Uniqueness constraints enforced
+ *
+ * @example
+ * ```typescript
+ * const result = await adminAuthService.updateUserAttributes({
+ *   sub: 'user-uuid',
+ *   username: 'newusername',
+ *   firstName: 'John',
+ *   lastName: 'Doe',
+ * });
+ * ```
+ */
+import { UserUpdateDTO } from './user-update.dto';
+/**
+ * Request DTO for admin updating user attributes (includes sub)
+ */
+export declare class AdminUpdateUserAttributesDTO extends UserUpdateDTO {
+    /**
+     * User's unique identifier (UUID v4)
+     *
+     * Validation:
+     * - Must be a valid UUID v4 format
+     * - Matches DB constraint: char(36) or uuid
+     *
+     * Sanitization:
+     * - Trimmed
+     * - Lowercased for consistency
+     *
+     * @example "a21b654c-2746-4168-acee-c175083a65cd"
+     */
+    sub: string;
+}
+//# sourceMappingURL=admin-update-user-attributes.dto.d.ts.map

package/dist/dto/admin-update-user-attributes.dto.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"admin-update-user-attributes.dto.d.ts","sourceRoot":"","sources":["../../src/dto/admin-update-user-attributes.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;GAmBG;AAIH,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD;;GAEG;AACH,qBAAa,4BAA6B,SAAQ,aAAa;IAC7D;;;;;;;;;;;;OAYG;IAQH,GAAG,EAAG,MAAM,CAAC;CACd"}