@nauth-toolkit/core 0.1.87 → 0.1.88
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/dto/admin-get-user-auth-history.dto.d.ts +62 -0
- package/dist/dto/admin-get-user-auth-history.dto.d.ts.map +1 -0
- package/dist/dto/admin-get-user-auth-history.dto.js +87 -0
- package/dist/dto/admin-get-user-auth-history.dto.js.map +1 -0
- package/dist/dto/admin-logout-all.dto.d.ts +48 -0
- package/dist/dto/admin-logout-all.dto.d.ts.map +1 -0
- package/dist/dto/{change-password-request.dto.js → admin-logout-all.dto.js} +36 -21
- package/dist/dto/admin-logout-all.dto.js.map +1 -0
- package/dist/dto/admin-remove-devices.dto.d.ts +25 -0
- package/dist/dto/admin-remove-devices.dto.d.ts.map +1 -0
- package/dist/dto/admin-remove-devices.dto.js +50 -0
- package/dist/dto/admin-remove-devices.dto.js.map +1 -0
- package/dist/dto/admin-reset-password.dto.d.ts +15 -19
- package/dist/dto/admin-reset-password.dto.d.ts.map +1 -1
- package/dist/dto/admin-reset-password.dto.js +21 -41
- package/dist/dto/admin-reset-password.dto.js.map +1 -1
- package/dist/dto/admin-revoke-session.dto.d.ts +22 -0
- package/dist/dto/admin-revoke-session.dto.d.ts.map +1 -0
- package/dist/dto/admin-revoke-session.dto.js +48 -0
- package/dist/dto/admin-revoke-session.dto.js.map +1 -0
- package/dist/dto/admin-set-password.dto.d.ts +8 -10
- package/dist/dto/admin-set-password.dto.d.ts.map +1 -1
- package/dist/dto/admin-set-password.dto.js +11 -21
- package/dist/dto/admin-set-password.dto.js.map +1 -1
- package/dist/dto/admin-set-preferred-method.dto.d.ts +25 -0
- package/dist/dto/admin-set-preferred-method.dto.d.ts.map +1 -0
- package/dist/dto/admin-set-preferred-method.dto.js +50 -0
- package/dist/dto/admin-set-preferred-method.dto.js.map +1 -0
- package/dist/dto/admin-update-user-attributes.dto.d.ts +41 -0
- package/dist/dto/admin-update-user-attributes.dto.d.ts.map +1 -0
- package/dist/dto/{update-user-attributes-request.dto.js → admin-update-user-attributes.dto.js} +12 -17
- package/dist/dto/admin-update-user-attributes.dto.js.map +1 -0
- package/dist/dto/auth-challenge.dto.d.ts +2 -2
- package/dist/dto/auth-challenge.dto.d.ts.map +1 -1
- package/dist/dto/auth-challenge.dto.js +3 -3
- package/dist/dto/auth-challenge.dto.js.map +1 -1
- package/dist/dto/auth-response.dto.d.ts +1 -1
- package/dist/dto/auth-response.dto.d.ts.map +1 -1
- package/dist/dto/auth-response.dto.js +1 -1
- package/dist/dto/auth-response.dto.js.map +1 -1
- package/dist/dto/get-mfa-status.dto.d.ts +8 -4
- package/dist/dto/get-mfa-status.dto.d.ts.map +1 -1
- package/dist/dto/get-mfa-status.dto.js +8 -4
- package/dist/dto/get-mfa-status.dto.js.map +1 -1
- package/dist/dto/get-risk-assessment-history.dto.d.ts +3 -3
- package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -1
- package/dist/dto/get-risk-assessment-history.dto.js +5 -5
- package/dist/dto/get-risk-assessment-history.dto.js.map +1 -1
- package/dist/dto/get-suspicious-activity.dto.d.ts +3 -3
- package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -1
- package/dist/dto/get-suspicious-activity.dto.js +5 -5
- package/dist/dto/get-suspicious-activity.dto.js.map +1 -1
- package/dist/dto/get-user-auth-history.dto.d.ts +4 -39
- package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -1
- package/dist/dto/get-user-auth-history.dto.js +53 -51
- package/dist/dto/get-user-auth-history.dto.js.map +1 -1
- package/dist/dto/get-user-devices.dto.d.ts +5 -18
- package/dist/dto/get-user-devices.dto.d.ts.map +1 -1
- package/dist/dto/get-user-devices.dto.js +5 -39
- package/dist/dto/get-user-devices.dto.js.map +1 -1
- package/dist/dto/get-user-sessions-response.dto.d.ts +1 -1
- package/dist/dto/get-user-sessions-response.dto.js +1 -1
- package/dist/dto/get-user-sessions.dto.d.ts +1 -1
- package/dist/dto/get-user-sessions.dto.js +1 -1
- package/dist/dto/index.d.ts +8 -2
- package/dist/dto/index.d.ts.map +1 -1
- package/dist/dto/index.js +8 -2
- package/dist/dto/index.js.map +1 -1
- package/dist/dto/logout-all-response.dto.d.ts +1 -1
- package/dist/dto/logout-all-response.dto.js +1 -1
- package/dist/dto/logout-all.dto.d.ts +1 -18
- package/dist/dto/logout-all.dto.d.ts.map +1 -1
- package/dist/dto/logout-all.dto.js +1 -30
- package/dist/dto/logout-all.dto.js.map +1 -1
- package/dist/dto/logout-session.dto.d.ts +0 -5
- package/dist/dto/logout-session.dto.d.ts.map +1 -1
- package/dist/dto/logout-session.dto.js +0 -12
- package/dist/dto/logout-session.dto.js.map +1 -1
- package/dist/dto/logout.dto.d.ts +1 -18
- package/dist/dto/logout.dto.d.ts.map +1 -1
- package/dist/dto/logout.dto.js +1 -30
- package/dist/dto/logout.dto.js.map +1 -1
- package/dist/dto/remove-devices.dto.d.ts +4 -16
- package/dist/dto/remove-devices.dto.d.ts.map +1 -1
- package/dist/dto/remove-devices.dto.js +4 -26
- package/dist/dto/remove-devices.dto.js.map +1 -1
- package/dist/dto/set-mfa-exemption.dto.d.ts +8 -9
- package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -1
- package/dist/dto/set-mfa-exemption.dto.js +11 -13
- package/dist/dto/set-mfa-exemption.dto.js.map +1 -1
- package/dist/dto/set-must-change-password.dto.d.ts +3 -3
- package/dist/dto/set-must-change-password.dto.d.ts.map +1 -1
- package/dist/dto/set-must-change-password.dto.js +5 -5
- package/dist/dto/set-must-change-password.dto.js.map +1 -1
- package/dist/dto/set-preferred-method.dto.d.ts +4 -16
- package/dist/dto/set-preferred-method.dto.d.ts.map +1 -1
- package/dist/dto/set-preferred-method.dto.js +4 -26
- package/dist/dto/set-preferred-method.dto.js.map +1 -1
- package/dist/dto/setup-mfa.dto.d.ts +3 -18
- package/dist/dto/setup-mfa.dto.d.ts.map +1 -1
- package/dist/dto/setup-mfa.dto.js +3 -30
- package/dist/dto/setup-mfa.dto.js.map +1 -1
- package/dist/dto/social-auth.dto.d.ts +4 -34
- package/dist/dto/social-auth.dto.d.ts.map +1 -1
- package/dist/dto/social-auth.dto.js +10 -68
- package/dist/dto/social-auth.dto.js.map +1 -1
- package/dist/dto/update-user-attributes.dto.d.ts +26 -0
- package/dist/dto/update-user-attributes.dto.d.ts.map +1 -0
- package/dist/dto/update-user-attributes.dto.js +30 -0
- package/dist/dto/update-user-attributes.dto.js.map +1 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -1
- package/dist/interfaces/hooks.interface.d.ts +2 -1
- package/dist/interfaces/hooks.interface.d.ts.map +1 -1
- package/dist/interfaces/provider.interface.d.ts +1 -1
- package/dist/interfaces/provider.interface.d.ts.map +1 -1
- package/dist/services/adaptive-mfa-decision.service.js +2 -2
- package/dist/services/adaptive-mfa-decision.service.js.map +1 -1
- package/dist/services/admin-auth.service.d.ts +307 -0
- package/dist/services/admin-auth.service.d.ts.map +1 -0
- package/dist/services/admin-auth.service.js +885 -0
- package/dist/services/admin-auth.service.js.map +1 -0
- package/dist/services/auth-audit.service.d.ts +16 -16
- package/dist/services/auth-audit.service.d.ts.map +1 -1
- package/dist/services/auth-audit.service.js +33 -33
- package/dist/services/auth-audit.service.js.map +1 -1
- package/dist/services/auth-challenge-helper.service.js +3 -3
- package/dist/services/auth-challenge-helper.service.js.map +1 -1
- package/dist/services/auth-service-internal-helpers.d.ts +2 -2
- package/dist/services/auth-service-internal-helpers.d.ts.map +1 -1
- package/dist/services/auth-service-internal-helpers.js.map +1 -1
- package/dist/services/auth.service.d.ts +122 -438
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +424 -1255
- package/dist/services/auth.service.js.map +1 -1
- package/dist/services/mfa.service.d.ts +80 -12
- package/dist/services/mfa.service.d.ts.map +1 -1
- package/dist/services/mfa.service.js +347 -261
- package/dist/services/mfa.service.js.map +1 -1
- package/dist/services/social-auth.service.d.ts +7 -0
- package/dist/services/social-auth.service.d.ts.map +1 -1
- package/dist/services/social-auth.service.js +38 -26
- package/dist/services/social-auth.service.js.map +1 -1
- package/dist/services/user.service.d.ts +3 -3
- package/dist/services/user.service.d.ts.map +1 -1
- package/dist/services/user.service.js +7 -7
- package/dist/services/user.service.js.map +1 -1
- package/dist/utils/dto-validator.d.ts.map +1 -1
- package/dist/utils/dto-validator.js +50 -4
- package/dist/utils/dto-validator.js.map +1 -1
- package/dist/utils/setup/init-services.d.ts +2 -1
- package/dist/utils/setup/init-services.d.ts.map +1 -1
- package/dist/utils/setup/init-services.js +2 -0
- package/dist/utils/setup/init-services.js.map +1 -1
- package/package.json +1 -1
- package/dist/dto/change-password-request.dto.d.ts +0 -43
- package/dist/dto/change-password-request.dto.d.ts.map +0 -1
- package/dist/dto/change-password-request.dto.js.map +0 -1
- package/dist/dto/update-user-attributes-request.dto.d.ts +0 -44
- package/dist/dto/update-user-attributes-request.dto.d.ts.map +0 -1
- package/dist/dto/update-user-attributes-request.dto.js.map +0 -1
|
@@ -4,7 +4,7 @@
|
|
|
4
4
|
* Request DTO for logging out a user from all sessions (global logout).
|
|
5
5
|
*
|
|
6
6
|
* Security:
|
|
7
|
-
* -
|
|
7
|
+
* - Uses authenticated user context for sub
|
|
8
8
|
* - Prevents unauthorized logout attempts
|
|
9
9
|
*
|
|
10
10
|
* @example
|
|
@@ -18,23 +18,6 @@
|
|
|
18
18
|
* Request DTO for logout all sessions
|
|
19
19
|
*/
|
|
20
20
|
export declare class LogoutAllDTO {
|
|
21
|
-
/**
|
|
22
|
-
* User's unique identifier (UUID v4)
|
|
23
|
-
*
|
|
24
|
-
* Optional at controller level - filled from authenticated user's JWT.
|
|
25
|
-
* Validated only when provided (service layer will ensure it's set).
|
|
26
|
-
*
|
|
27
|
-
* Validation:
|
|
28
|
-
* - Must be a valid UUID v4 format when provided
|
|
29
|
-
* - Matches DB constraint: char(36) or uuid
|
|
30
|
-
*
|
|
31
|
-
* Sanitization:
|
|
32
|
-
* - Trimmed
|
|
33
|
-
* - Lowercased for consistency
|
|
34
|
-
*
|
|
35
|
-
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
36
|
-
*/
|
|
37
|
-
sub?: string;
|
|
38
21
|
/**
|
|
39
22
|
* Whether to also forget/revoke all trusted devices
|
|
40
23
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout-all.dto.d.ts","sourceRoot":"","sources":["../../src/dto/logout-all.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH;;GAEG;AACH,qBAAa,YAAY;IACvB
|
|
1
|
+
{"version":3,"file":"logout-all.dto.d.ts","sourceRoot":"","sources":["../../src/dto/logout-all.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH;;GAEG;AACH,qBAAa,YAAY;IACvB;;;;;;;;;OASG;IAQH,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB"}
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* Request DTO for logging out a user from all sessions (global logout).
|
|
6
6
|
*
|
|
7
7
|
* Security:
|
|
8
|
-
* -
|
|
8
|
+
* - Uses authenticated user context for sub
|
|
9
9
|
* - Prevents unauthorized logout attempts
|
|
10
10
|
*
|
|
11
11
|
* @example
|
|
@@ -32,23 +32,6 @@ const class_transformer_1 = require("class-transformer");
|
|
|
32
32
|
* Request DTO for logout all sessions
|
|
33
33
|
*/
|
|
34
34
|
class LogoutAllDTO {
|
|
35
|
-
/**
|
|
36
|
-
* User's unique identifier (UUID v4)
|
|
37
|
-
*
|
|
38
|
-
* Optional at controller level - filled from authenticated user's JWT.
|
|
39
|
-
* Validated only when provided (service layer will ensure it's set).
|
|
40
|
-
*
|
|
41
|
-
* Validation:
|
|
42
|
-
* - Must be a valid UUID v4 format when provided
|
|
43
|
-
* - Matches DB constraint: char(36) or uuid
|
|
44
|
-
*
|
|
45
|
-
* Sanitization:
|
|
46
|
-
* - Trimmed
|
|
47
|
-
* - Lowercased for consistency
|
|
48
|
-
*
|
|
49
|
-
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
50
|
-
*/
|
|
51
|
-
sub;
|
|
52
35
|
/**
|
|
53
36
|
* Whether to also forget/revoke all trusted devices
|
|
54
37
|
*
|
|
@@ -62,18 +45,6 @@ class LogoutAllDTO {
|
|
|
62
45
|
forgetDevices;
|
|
63
46
|
}
|
|
64
47
|
exports.LogoutAllDTO = LogoutAllDTO;
|
|
65
|
-
__decorate([
|
|
66
|
-
(0, class_validator_1.ValidateIf)((o) => o.sub !== undefined && o.sub !== null && o.sub !== ''),
|
|
67
|
-
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
68
|
-
(0, class_transformer_1.Transform)(({ value }) => {
|
|
69
|
-
if (typeof value === 'string') {
|
|
70
|
-
return value.trim().toLowerCase();
|
|
71
|
-
}
|
|
72
|
-
return value;
|
|
73
|
-
}),
|
|
74
|
-
(0, class_validator_1.IsOptional)(),
|
|
75
|
-
__metadata("design:type", String)
|
|
76
|
-
], LogoutAllDTO.prototype, "sub", void 0);
|
|
77
48
|
__decorate([
|
|
78
49
|
(0, class_validator_1.IsOptional)(),
|
|
79
50
|
(0, class_validator_1.IsBoolean)(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout-all.dto.js","sourceRoot":"","sources":["../../src/dto/logout-all.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"logout-all.dto.js","sourceRoot":"","sources":["../../src/dto/logout-all.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,qDAAwD;AACxD,yDAA8C;AAE9C;;GAEG;AACH,MAAa,YAAY;IACvB;;;;;;;;;OASG;IAQH,aAAa,CAAW;CACzB;AAnBD,oCAmBC;AADC;IAPC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,GAAE;IACX,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QACnD,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,GAAG;YAAE,OAAO,KAAK,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;mDACsB"}
|
|
@@ -4,16 +4,11 @@
|
|
|
4
4
|
* @example
|
|
5
5
|
* ```typescript
|
|
6
6
|
* const dto = new LogoutSessionDTO();
|
|
7
|
-
* dto.sub = 'user-uuid-123';
|
|
8
7
|
* dto.sessionId = '456';
|
|
9
8
|
* await authService.logoutSession(dto);
|
|
10
9
|
* ```
|
|
11
10
|
*/
|
|
12
11
|
export declare class LogoutSessionDTO {
|
|
13
|
-
/**
|
|
14
|
-
* User sub (UUID) - must match the session owner
|
|
15
|
-
*/
|
|
16
|
-
sub: string;
|
|
17
12
|
/**
|
|
18
13
|
* Session ID to revoke
|
|
19
14
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout-session.dto.d.ts","sourceRoot":"","sources":["../../src/dto/logout-session.dto.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"logout-session.dto.d.ts","sourceRoot":"","sources":["../../src/dto/logout-session.dto.ts"],"names":[],"mappings":"AAEA;;;;;;;;;GASG;AACH,qBAAa,gBAAgB;IAC3B;;OAEG;IAGH,SAAS,EAAG,MAAM,CAAC;CACpB"}
|
|
@@ -11,35 +11,23 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
11
11
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
12
12
|
exports.LogoutSessionDTO = void 0;
|
|
13
13
|
const class_validator_1 = require("class-validator");
|
|
14
|
-
const class_transformer_1 = require("class-transformer");
|
|
15
14
|
/**
|
|
16
15
|
* DTO for logging out a specific session
|
|
17
16
|
*
|
|
18
17
|
* @example
|
|
19
18
|
* ```typescript
|
|
20
19
|
* const dto = new LogoutSessionDTO();
|
|
21
|
-
* dto.sub = 'user-uuid-123';
|
|
22
20
|
* dto.sessionId = '456';
|
|
23
21
|
* await authService.logoutSession(dto);
|
|
24
22
|
* ```
|
|
25
23
|
*/
|
|
26
24
|
class LogoutSessionDTO {
|
|
27
|
-
/**
|
|
28
|
-
* User sub (UUID) - must match the session owner
|
|
29
|
-
*/
|
|
30
|
-
sub;
|
|
31
25
|
/**
|
|
32
26
|
* Session ID to revoke
|
|
33
27
|
*/
|
|
34
28
|
sessionId;
|
|
35
29
|
}
|
|
36
30
|
exports.LogoutSessionDTO = LogoutSessionDTO;
|
|
37
|
-
__decorate([
|
|
38
|
-
(0, class_validator_1.IsUUID)('4'),
|
|
39
|
-
(0, class_validator_1.IsNotEmpty)(),
|
|
40
|
-
(0, class_transformer_1.Transform)(({ value }) => value?.trim().toLowerCase()),
|
|
41
|
-
__metadata("design:type", String)
|
|
42
|
-
], LogoutSessionDTO.prototype, "sub", void 0);
|
|
43
31
|
__decorate([
|
|
44
32
|
(0, class_validator_1.IsString)(),
|
|
45
33
|
(0, class_validator_1.IsNotEmpty)(),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout-session.dto.js","sourceRoot":"","sources":["../../src/dto/logout-session.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,
|
|
1
|
+
{"version":3,"file":"logout-session.dto.js","sourceRoot":"","sources":["../../src/dto/logout-session.dto.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,qDAAuD;AAEvD;;;;;;;;;GASG;AACH,MAAa,gBAAgB;IAC3B;;OAEG;IAGH,SAAS,CAAU;CACpB;AAPD,4CAOC;AADC;IAFC,IAAA,0BAAQ,GAAE;IACV,IAAA,4BAAU,GAAE;;mDACM"}
|
package/dist/dto/logout.dto.d.ts
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
*
|
|
6
6
|
* Security:
|
|
7
7
|
* - Session ID is automatically extracted from JWT token context (via ClientInfoService)
|
|
8
|
-
* -
|
|
8
|
+
* - Uses authenticated user context for sub
|
|
9
9
|
* - Prevents unauthorized logout attempts
|
|
10
10
|
*
|
|
11
11
|
* @example
|
|
@@ -19,23 +19,6 @@
|
|
|
19
19
|
* Request DTO for logout
|
|
20
20
|
*/
|
|
21
21
|
export declare class LogoutDTO {
|
|
22
|
-
/**
|
|
23
|
-
* User's unique identifier (UUID v4) - Optional
|
|
24
|
-
*
|
|
25
|
-
* If provided, validates that the authenticated user matches this sub.
|
|
26
|
-
* Session ID is automatically extracted from JWT token context.
|
|
27
|
-
*
|
|
28
|
-
* Validation:
|
|
29
|
-
* - Must be a valid UUID v4 format if provided
|
|
30
|
-
* - Matches DB constraint: char(36) or uuid
|
|
31
|
-
*
|
|
32
|
-
* Sanitization:
|
|
33
|
-
* - Trimmed
|
|
34
|
-
* - Lowercased for consistency
|
|
35
|
-
*
|
|
36
|
-
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
37
|
-
*/
|
|
38
|
-
sub?: string;
|
|
39
22
|
/**
|
|
40
23
|
* If true, also removes trusted device
|
|
41
24
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout.dto.d.ts","sourceRoot":"","sources":["../../src/dto/logout.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;
|
|
1
|
+
{"version":3,"file":"logout.dto.d.ts","sourceRoot":"","sources":["../../src/dto/logout.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;GAgBG;AAIH;;GAEG;AACH,qBAAa,SAAS;IACpB;;;;;;;;OAQG;IAGH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB"}
|
package/dist/dto/logout.dto.js
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
*
|
|
7
7
|
* Security:
|
|
8
8
|
* - Session ID is automatically extracted from JWT token context (via ClientInfoService)
|
|
9
|
-
* -
|
|
9
|
+
* - Uses authenticated user context for sub
|
|
10
10
|
* - Prevents unauthorized logout attempts
|
|
11
11
|
*
|
|
12
12
|
* @example
|
|
@@ -28,28 +28,10 @@ var __metadata = (this && this.__metadata) || function (k, v) {
|
|
|
28
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
29
|
exports.LogoutDTO = void 0;
|
|
30
30
|
const class_validator_1 = require("class-validator");
|
|
31
|
-
const class_transformer_1 = require("class-transformer");
|
|
32
31
|
/**
|
|
33
32
|
* Request DTO for logout
|
|
34
33
|
*/
|
|
35
34
|
class LogoutDTO {
|
|
36
|
-
/**
|
|
37
|
-
* User's unique identifier (UUID v4) - Optional
|
|
38
|
-
*
|
|
39
|
-
* If provided, validates that the authenticated user matches this sub.
|
|
40
|
-
* Session ID is automatically extracted from JWT token context.
|
|
41
|
-
*
|
|
42
|
-
* Validation:
|
|
43
|
-
* - Must be a valid UUID v4 format if provided
|
|
44
|
-
* - Matches DB constraint: char(36) or uuid
|
|
45
|
-
*
|
|
46
|
-
* Sanitization:
|
|
47
|
-
* - Trimmed
|
|
48
|
-
* - Lowercased for consistency
|
|
49
|
-
*
|
|
50
|
-
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
51
|
-
*/
|
|
52
|
-
sub;
|
|
53
35
|
/**
|
|
54
36
|
* If true, also removes trusted device
|
|
55
37
|
*
|
|
@@ -62,17 +44,6 @@ class LogoutDTO {
|
|
|
62
44
|
forgetMe;
|
|
63
45
|
}
|
|
64
46
|
exports.LogoutDTO = LogoutDTO;
|
|
65
|
-
__decorate([
|
|
66
|
-
(0, class_validator_1.IsOptional)(),
|
|
67
|
-
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
68
|
-
(0, class_transformer_1.Transform)(({ value }) => {
|
|
69
|
-
if (typeof value === 'string') {
|
|
70
|
-
return value.trim().toLowerCase();
|
|
71
|
-
}
|
|
72
|
-
return value;
|
|
73
|
-
}),
|
|
74
|
-
__metadata("design:type", String)
|
|
75
|
-
], LogoutDTO.prototype, "sub", void 0);
|
|
76
47
|
__decorate([
|
|
77
48
|
(0, class_validator_1.IsOptional)(),
|
|
78
49
|
(0, class_validator_1.IsBoolean)({ message: 'forgetMe must be a boolean' }),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logout.dto.js","sourceRoot":"","sources":["../../src/dto/logout.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"logout.dto.js","sourceRoot":"","sources":["../../src/dto/logout.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;GAgBG;;;;;;;;;;;;AAEH,qDAAwD;AAExD;;GAEG;AACH,MAAa,SAAS;IACpB;;;;;;;;OAQG;IAGH,QAAQ,CAAW;CACpB;AAbD,8BAaC;AADC;IAFC,IAAA,4BAAU,GAAE;IACZ,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,4BAA4B,EAAE,CAAC;;2CAClC"}
|
|
@@ -1,35 +1,23 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* DTO for removing MFA devices
|
|
3
3
|
*
|
|
4
|
-
* Used to remove all MFA devices of a specific method type for
|
|
4
|
+
* Used to remove all MFA devices of a specific method type for the current authenticated user.
|
|
5
5
|
* Automatically disables MFA if this was the last device.
|
|
6
|
+
* User sub is obtained from authenticated context automatically.
|
|
6
7
|
*
|
|
7
8
|
* @example
|
|
8
9
|
* ```typescript
|
|
9
10
|
* const result = await mfaService.removeDevices({
|
|
10
|
-
* userSub: 'user-uuid',
|
|
11
11
|
* methodType: 'totp'
|
|
12
12
|
* });
|
|
13
13
|
* ```
|
|
14
14
|
*/
|
|
15
15
|
/**
|
|
16
16
|
* DTO for removing MFA devices
|
|
17
|
+
*
|
|
18
|
+
* User self-service DTO - no userSub field. Service gets user from authenticated context.
|
|
17
19
|
*/
|
|
18
20
|
export declare class RemoveDevicesDTO {
|
|
19
|
-
/**
|
|
20
|
-
* User's unique identifier (UUID v4)
|
|
21
|
-
*
|
|
22
|
-
* Validation:
|
|
23
|
-
* - Must be a valid UUID v4 format
|
|
24
|
-
* - Matches DB constraint: char(36) or uuid
|
|
25
|
-
*
|
|
26
|
-
* Sanitization:
|
|
27
|
-
* - Trimmed
|
|
28
|
-
* - Lowercased for consistency
|
|
29
|
-
*
|
|
30
|
-
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
31
|
-
*/
|
|
32
|
-
userSub: string;
|
|
33
21
|
/**
|
|
34
22
|
* MFA method type to remove
|
|
35
23
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remove-devices.dto.d.ts","sourceRoot":"","sources":["../../src/dto/remove-devices.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH
|
|
1
|
+
{"version":3,"file":"remove-devices.dto.d.ts","sourceRoot":"","sources":["../../src/dto/remove-devices.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH;;;;GAIG;AACH,qBAAa,gBAAgB;IAE3B;;;;;;;;;;;OAWG;IAYH,UAAU,EAAG,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,qBAAa,wBAAwB;IACnC;;OAEG;IACH,YAAY,EAAG,MAAM,CAAC;IAEtB;;OAEG;IACH,WAAW,EAAG,OAAO,CAAC;CACvB"}
|
|
@@ -2,13 +2,13 @@
|
|
|
2
2
|
/**
|
|
3
3
|
* DTO for removing MFA devices
|
|
4
4
|
*
|
|
5
|
-
* Used to remove all MFA devices of a specific method type for
|
|
5
|
+
* Used to remove all MFA devices of a specific method type for the current authenticated user.
|
|
6
6
|
* Automatically disables MFA if this was the last device.
|
|
7
|
+
* User sub is obtained from authenticated context automatically.
|
|
7
8
|
*
|
|
8
9
|
* @example
|
|
9
10
|
* ```typescript
|
|
10
11
|
* const result = await mfaService.removeDevices({
|
|
11
|
-
* userSub: 'user-uuid',
|
|
12
12
|
* methodType: 'totp'
|
|
13
13
|
* });
|
|
14
14
|
* ```
|
|
@@ -29,22 +29,10 @@ const class_transformer_1 = require("class-transformer");
|
|
|
29
29
|
const mfa_method_enum_1 = require("../enums/mfa-method.enum");
|
|
30
30
|
/**
|
|
31
31
|
* DTO for removing MFA devices
|
|
32
|
+
*
|
|
33
|
+
* User self-service DTO - no userSub field. Service gets user from authenticated context.
|
|
32
34
|
*/
|
|
33
35
|
class RemoveDevicesDTO {
|
|
34
|
-
/**
|
|
35
|
-
* User's unique identifier (UUID v4)
|
|
36
|
-
*
|
|
37
|
-
* Validation:
|
|
38
|
-
* - Must be a valid UUID v4 format
|
|
39
|
-
* - Matches DB constraint: char(36) or uuid
|
|
40
|
-
*
|
|
41
|
-
* Sanitization:
|
|
42
|
-
* - Trimmed
|
|
43
|
-
* - Lowercased for consistency
|
|
44
|
-
*
|
|
45
|
-
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
46
|
-
*/
|
|
47
|
-
userSub;
|
|
48
36
|
/**
|
|
49
37
|
* MFA method type to remove
|
|
50
38
|
*
|
|
@@ -60,16 +48,6 @@ class RemoveDevicesDTO {
|
|
|
60
48
|
methodType;
|
|
61
49
|
}
|
|
62
50
|
exports.RemoveDevicesDTO = RemoveDevicesDTO;
|
|
63
|
-
__decorate([
|
|
64
|
-
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
65
|
-
(0, class_transformer_1.Transform)(({ value }) => {
|
|
66
|
-
if (typeof value === 'string') {
|
|
67
|
-
return value.trim().toLowerCase();
|
|
68
|
-
}
|
|
69
|
-
return value;
|
|
70
|
-
}),
|
|
71
|
-
__metadata("design:type", String)
|
|
72
|
-
], RemoveDevicesDTO.prototype, "userSub", void 0);
|
|
73
51
|
__decorate([
|
|
74
52
|
(0, class_validator_1.IsString)({ message: 'Method type must be a string' }),
|
|
75
53
|
(0, class_validator_1.IsEnum)([mfa_method_enum_1.MFAMethod.TOTP, mfa_method_enum_1.MFAMethod.SMS, mfa_method_enum_1.MFAMethod.EMAIL, mfa_method_enum_1.MFAMethod.PASSKEY], {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"remove-devices.dto.js","sourceRoot":"","sources":["../../src/dto/remove-devices.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"remove-devices.dto.js","sourceRoot":"","sources":["../../src/dto/remove-devices.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;GAaG;;;;;;;;;;;;AAEH,qDAA8D;AAC9D,yDAA8C;AAC9C,8DAAqD;AAErD;;;;GAIG;AACH,MAAa,gBAAgB;IAE3B;;;;;;;;;;;OAWG;IAYH,UAAU,CAAU;CACrB;AA1BD,4CA0BC;AADC;IAXC,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAC;IACrD,IAAA,wBAAM,EAAC,CAAC,2BAAS,CAAC,IAAI,EAAE,2BAAS,CAAC,GAAG,EAAE,2BAAS,CAAC,KAAK,EAAE,2BAAS,CAAC,OAAO,CAAC,EAAE;QAC3E,OAAO,EAAE,uDAAuD;KACjE,CAAC;IACD,IAAA,2BAAS,EAAC,EAAE,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACvE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;oDACkB;AAGtB;;GAEG;AACH,MAAa,wBAAwB;IACnC;;OAEG;IACH,YAAY,CAAU;IAEtB;;OAEG;IACH,WAAW,CAAW;CACvB;AAVD,4DAUC"}
|
|
@@ -7,7 +7,7 @@
|
|
|
7
7
|
* @example
|
|
8
8
|
* ```typescript
|
|
9
9
|
* const result = await mfaService.setMFAExemption({
|
|
10
|
-
*
|
|
10
|
+
* sub: 'a21b654c-2746-4168-acee-c175083a65cd', // User sub (UUID v4)
|
|
11
11
|
* exempt: true,
|
|
12
12
|
* reason: 'Business partner requires MFA bypass',
|
|
13
13
|
* grantedBy: 'admin@example.com'
|
|
@@ -21,20 +21,19 @@
|
|
|
21
21
|
*/
|
|
22
22
|
export declare class SetMFAExemptionDTO {
|
|
23
23
|
/**
|
|
24
|
-
*
|
|
24
|
+
* User's unique identifier (UUID v4)
|
|
25
25
|
*
|
|
26
|
-
*
|
|
27
|
-
* -
|
|
28
|
-
* -
|
|
29
|
-
* - username
|
|
30
|
-
* - phone (E.164)
|
|
26
|
+
* Validation:
|
|
27
|
+
* - Must be a valid UUID v4 format
|
|
28
|
+
* - Matches DB constraint: char(36) or uuid
|
|
31
29
|
*
|
|
32
30
|
* Sanitization:
|
|
33
31
|
* - Trimmed
|
|
32
|
+
* - Lowercased for consistency
|
|
34
33
|
*
|
|
35
|
-
* @example "
|
|
34
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
36
35
|
*/
|
|
37
|
-
|
|
36
|
+
sub: string;
|
|
38
37
|
/**
|
|
39
38
|
* Whether to grant exemption (true) or revoke exemption (false)
|
|
40
39
|
*/
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"set-mfa-exemption.dto.d.ts","sourceRoot":"","sources":["../../src/dto/set-mfa-exemption.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH;;;;GAIG;AACH,qBAAa,kBAAkB;IAC7B
|
|
1
|
+
{"version":3,"file":"set-mfa-exemption.dto.d.ts","sourceRoot":"","sources":["../../src/dto/set-mfa-exemption.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH;;;;GAIG;AACH,qBAAa,kBAAkB;IAC7B;;;;;;;;;;;;OAYG;IAQH,GAAG,EAAG,MAAM,CAAC;IAEb;;OAEG;IAEH,MAAM,EAAG,OAAO,CAAC;IAEjB;;;;;;;;OAQG;IAUH,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEvB;;;;;;;;OAQG;IAUH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AAED;;GAEG;AACH,qBAAa,0BAA0B;IACrC;;OAEG;IACH,SAAS,EAAG,OAAO,CAAC;IAEpB;;OAEG;IACH,eAAe,EAAG,MAAM,GAAG,IAAI,CAAC;IAEhC;;OAEG;IACH,kBAAkB,EAAG,IAAI,GAAG,IAAI,CAAC;CAClC"}
|
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* @example
|
|
9
9
|
* ```typescript
|
|
10
10
|
* const result = await mfaService.setMFAExemption({
|
|
11
|
-
*
|
|
11
|
+
* sub: 'a21b654c-2746-4168-acee-c175083a65cd', // User sub (UUID v4)
|
|
12
12
|
* exempt: true,
|
|
13
13
|
* reason: 'Business partner requires MFA bypass',
|
|
14
14
|
* grantedBy: 'admin@example.com'
|
|
@@ -35,20 +35,19 @@ const class_transformer_1 = require("class-transformer");
|
|
|
35
35
|
*/
|
|
36
36
|
class SetMFAExemptionDTO {
|
|
37
37
|
/**
|
|
38
|
-
*
|
|
38
|
+
* User's unique identifier (UUID v4)
|
|
39
39
|
*
|
|
40
|
-
*
|
|
41
|
-
* -
|
|
42
|
-
* -
|
|
43
|
-
* - username
|
|
44
|
-
* - phone (E.164)
|
|
40
|
+
* Validation:
|
|
41
|
+
* - Must be a valid UUID v4 format
|
|
42
|
+
* - Matches DB constraint: char(36) or uuid
|
|
45
43
|
*
|
|
46
44
|
* Sanitization:
|
|
47
45
|
* - Trimmed
|
|
46
|
+
* - Lowercased for consistency
|
|
48
47
|
*
|
|
49
|
-
* @example "
|
|
48
|
+
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
50
49
|
*/
|
|
51
|
-
|
|
50
|
+
sub;
|
|
52
51
|
/**
|
|
53
52
|
* Whether to grant exemption (true) or revoke exemption (false)
|
|
54
53
|
*/
|
|
@@ -76,16 +75,15 @@ class SetMFAExemptionDTO {
|
|
|
76
75
|
}
|
|
77
76
|
exports.SetMFAExemptionDTO = SetMFAExemptionDTO;
|
|
78
77
|
__decorate([
|
|
79
|
-
(0, class_validator_1.
|
|
80
|
-
(0, class_validator_1.MaxLength)(255, { message: 'Identifier must not exceed 255 characters' }),
|
|
78
|
+
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
81
79
|
(0, class_transformer_1.Transform)(({ value }) => {
|
|
82
80
|
if (typeof value === 'string') {
|
|
83
|
-
return value.trim();
|
|
81
|
+
return value.trim().toLowerCase();
|
|
84
82
|
}
|
|
85
83
|
return value;
|
|
86
84
|
}),
|
|
87
85
|
__metadata("design:type", String)
|
|
88
|
-
], SetMFAExemptionDTO.prototype, "
|
|
86
|
+
], SetMFAExemptionDTO.prototype, "sub", void 0);
|
|
89
87
|
__decorate([
|
|
90
88
|
(0, class_validator_1.IsBoolean)({ message: 'Exempt must be a boolean' }),
|
|
91
89
|
__metadata("design:type", Boolean)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"set-mfa-exemption.dto.js","sourceRoot":"","sources":["../../src/dto/set-mfa-exemption.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,
|
|
1
|
+
{"version":3,"file":"set-mfa-exemption.dto.js","sourceRoot":"","sources":["../../src/dto/set-mfa-exemption.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,qDAAqF;AACrF,yDAA8C;AAE9C;;;;GAIG;AACH,MAAa,kBAAkB;IAC7B;;;;;;;;;;;;OAYG;IAQH,GAAG,CAAU;IAEb;;OAEG;IAEH,MAAM,CAAW;IAEjB;;;;;;;;OAQG;IAUH,MAAM,CAAiB;IAEvB;;;;;;;;OAQG;IAUH,SAAS,CAAiB;CAC3B;AApED,gDAoEC;AA/CC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;+CACW;AAMb;IADC,IAAA,2BAAS,EAAC,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAC;;kDAClC;AAoBjB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,yBAAyB,EAAE,CAAC;IAChD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;IACpE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;kDACqB;AAoBvB;IATC,IAAA,4BAAU,GAAE;IACZ,IAAA,0BAAQ,EAAC,EAAE,OAAO,EAAE,6BAA6B,EAAE,CAAC;IACpD,IAAA,2BAAS,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,2CAA2C,EAAE,CAAC;IACxE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC;QACtB,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACwB;AAG5B;;GAEG;AACH,MAAa,0BAA0B;IACrC;;OAEG;IACH,SAAS,CAAW;IAEpB;;OAEG;IACH,eAAe,CAAiB;IAEhC;;OAEG;IACH,kBAAkB,CAAe;CAClC;AAfD,gEAeC"}
|
|
@@ -4,13 +4,13 @@
|
|
|
4
4
|
* Request DTO for requiring a user to change their password on next login.
|
|
5
5
|
*
|
|
6
6
|
* Security:
|
|
7
|
-
* - User
|
|
7
|
+
* - User sub validated (UUID)
|
|
8
8
|
* - Prevents unauthorized password change requirements
|
|
9
9
|
*
|
|
10
10
|
* @example
|
|
11
11
|
* ```typescript
|
|
12
12
|
* await authService.setMustChangePassword({
|
|
13
|
-
*
|
|
13
|
+
* sub: 'user-uuid'
|
|
14
14
|
* });
|
|
15
15
|
* ```
|
|
16
16
|
*/
|
|
@@ -31,6 +31,6 @@ export declare class SetMustChangePasswordDTO {
|
|
|
31
31
|
*
|
|
32
32
|
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
33
33
|
*/
|
|
34
|
-
|
|
34
|
+
sub: string;
|
|
35
35
|
}
|
|
36
36
|
//# sourceMappingURL=set-must-change-password.dto.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"set-must-change-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/set-must-change-password.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH;;GAEG;AACH,qBAAa,wBAAwB;IACnC;;;;;;;;;;;;OAYG;IAQH,
|
|
1
|
+
{"version":3,"file":"set-must-change-password.dto.d.ts","sourceRoot":"","sources":["../../src/dto/set-must-change-password.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH;;GAEG;AACH,qBAAa,wBAAwB;IACnC;;;;;;;;;;;;OAYG;IAQH,GAAG,EAAG,MAAM,CAAC;CACd"}
|
|
@@ -5,13 +5,13 @@
|
|
|
5
5
|
* Request DTO for requiring a user to change their password on next login.
|
|
6
6
|
*
|
|
7
7
|
* Security:
|
|
8
|
-
* - User
|
|
8
|
+
* - User sub validated (UUID)
|
|
9
9
|
* - Prevents unauthorized password change requirements
|
|
10
10
|
*
|
|
11
11
|
* @example
|
|
12
12
|
* ```typescript
|
|
13
13
|
* await authService.setMustChangePassword({
|
|
14
|
-
*
|
|
14
|
+
* sub: 'user-uuid'
|
|
15
15
|
* });
|
|
16
16
|
* ```
|
|
17
17
|
*/
|
|
@@ -45,11 +45,11 @@ class SetMustChangePasswordDTO {
|
|
|
45
45
|
*
|
|
46
46
|
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
47
47
|
*/
|
|
48
|
-
|
|
48
|
+
sub;
|
|
49
49
|
}
|
|
50
50
|
exports.SetMustChangePasswordDTO = SetMustChangePasswordDTO;
|
|
51
51
|
__decorate([
|
|
52
|
-
(0, class_validator_1.IsUUID)('4', { message: 'User
|
|
52
|
+
(0, class_validator_1.IsUUID)('4', { message: 'User sub must be a valid UUID v4 format' }),
|
|
53
53
|
(0, class_transformer_1.Transform)(({ value }) => {
|
|
54
54
|
if (typeof value === 'string') {
|
|
55
55
|
return value.trim().toLowerCase();
|
|
@@ -57,5 +57,5 @@ __decorate([
|
|
|
57
57
|
return value;
|
|
58
58
|
}),
|
|
59
59
|
__metadata("design:type", String)
|
|
60
|
-
], SetMustChangePasswordDTO.prototype, "
|
|
60
|
+
], SetMustChangePasswordDTO.prototype, "sub", void 0);
|
|
61
61
|
//# sourceMappingURL=set-must-change-password.dto.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"set-must-change-password.dto.js","sourceRoot":"","sources":["../../src/dto/set-must-change-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,qDAAyC;AACzC,yDAA8C;AAE9C;;GAEG;AACH,MAAa,wBAAwB;IACnC;;;;;;;;;;;;OAYG;IAQH,
|
|
1
|
+
{"version":3,"file":"set-must-change-password.dto.js","sourceRoot":"","sources":["../../src/dto/set-must-change-password.dto.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;GAeG;;;;;;;;;;;;AAEH,qDAAyC;AACzC,yDAA8C;AAE9C;;GAEG;AACH,MAAa,wBAAwB;IACnC;;;;;;;;;;;;OAYG;IAQH,GAAG,CAAU;CACd;AAtBD,4DAsBC;AADC;IAPC,IAAA,wBAAM,EAAC,GAAG,EAAE,EAAE,OAAO,EAAE,yCAAyC,EAAE,CAAC;IACnE,IAAA,6BAAS,EAAC,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE;QACvB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC9B,OAAO,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACpC,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC,CAAC;;qDACW"}
|
|
@@ -1,35 +1,23 @@
|
|
|
1
1
|
/**
|
|
2
2
|
* DTO for setting preferred MFA method
|
|
3
3
|
*
|
|
4
|
-
* Used to set the preferred MFA method for
|
|
4
|
+
* Used to set the preferred MFA method for the current authenticated user.
|
|
5
5
|
* Updates the user's preferred method and device primary flags.
|
|
6
|
+
* User sub is obtained from authenticated context automatically.
|
|
6
7
|
*
|
|
7
8
|
* @example
|
|
8
9
|
* ```typescript
|
|
9
10
|
* await mfaService.setPreferredMethod({
|
|
10
|
-
* userSub: 'user-uuid',
|
|
11
11
|
* methodType: 'totp'
|
|
12
12
|
* });
|
|
13
13
|
* ```
|
|
14
14
|
*/
|
|
15
15
|
/**
|
|
16
16
|
* DTO for setting preferred MFA method
|
|
17
|
+
*
|
|
18
|
+
* User self-service DTO - no userSub field. Service gets user from authenticated context.
|
|
17
19
|
*/
|
|
18
20
|
export declare class SetPreferredMethodDTO {
|
|
19
|
-
/**
|
|
20
|
-
* User's unique identifier (UUID v4)
|
|
21
|
-
*
|
|
22
|
-
* Validation:
|
|
23
|
-
* - Must be a valid UUID v4 format
|
|
24
|
-
* - Matches DB constraint: char(36) or uuid
|
|
25
|
-
*
|
|
26
|
-
* Sanitization:
|
|
27
|
-
* - Trimmed
|
|
28
|
-
* - Lowercased for consistency
|
|
29
|
-
*
|
|
30
|
-
* @example "a21b654c-2746-4168-acee-c175083a65cd"
|
|
31
|
-
*/
|
|
32
|
-
userSub: string;
|
|
33
21
|
/**
|
|
34
22
|
* MFA method type to set as preferred
|
|
35
23
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"set-preferred-method.dto.d.ts","sourceRoot":"","sources":["../../src/dto/set-preferred-method.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH
|
|
1
|
+
{"version":3,"file":"set-preferred-method.dto.d.ts","sourceRoot":"","sources":["../../src/dto/set-preferred-method.dto.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAMH;;;;GAIG;AACH,qBAAa,qBAAqB;IAChC;;;;;;;;;;;OAWG;IAYH,UAAU,EAAG,MAAM,CAAC;CACrB;AAED;;GAEG;AACH,qBAAa,6BAA6B;IACxC;;OAEG;IACH,OAAO,EAAG,MAAM,CAAC;CAClB"}
|