@nauth-toolkit/core 0.1.87 → 0.1.89
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/dto/admin-get-mfa-status.dto.d.ts +20 -0
- package/dist/dto/admin-get-mfa-status.dto.d.ts.map +1 -0
- package/dist/dto/{change-password-request.dto.js → admin-get-mfa-status.dto.js} +22 -32
- package/dist/dto/admin-get-mfa-status.dto.js.map +1 -0
- package/dist/dto/admin-get-user-auth-history.dto.d.ts +62 -0
- package/dist/dto/admin-get-user-auth-history.dto.d.ts.map +1 -0
- package/dist/dto/admin-get-user-auth-history.dto.js +87 -0
- package/dist/dto/admin-get-user-auth-history.dto.js.map +1 -0
- package/dist/dto/admin-logout-all.dto.d.ts +48 -0
- package/dist/dto/admin-logout-all.dto.d.ts.map +1 -0
- package/dist/dto/admin-logout-all.dto.js +85 -0
- package/dist/dto/admin-logout-all.dto.js.map +1 -0
- package/dist/dto/admin-remove-devices.dto.d.ts +25 -0
- package/dist/dto/admin-remove-devices.dto.d.ts.map +1 -0
- package/dist/dto/admin-remove-devices.dto.js +50 -0
- package/dist/dto/admin-remove-devices.dto.js.map +1 -0
- package/dist/dto/admin-reset-password.dto.d.ts +15 -19
- package/dist/dto/admin-reset-password.dto.d.ts.map +1 -1
- package/dist/dto/admin-reset-password.dto.js +21 -41
- package/dist/dto/admin-reset-password.dto.js.map +1 -1
- package/dist/dto/admin-revoke-session.dto.d.ts +22 -0
- package/dist/dto/admin-revoke-session.dto.d.ts.map +1 -0
- package/dist/dto/admin-revoke-session.dto.js +48 -0
- package/dist/dto/admin-revoke-session.dto.js.map +1 -0
- package/dist/dto/admin-set-password.dto.d.ts +8 -10
- package/dist/dto/admin-set-password.dto.d.ts.map +1 -1
- package/dist/dto/admin-set-password.dto.js +11 -21
- package/dist/dto/admin-set-password.dto.js.map +1 -1
- package/dist/dto/admin-set-preferred-method.dto.d.ts +25 -0
- package/dist/dto/admin-set-preferred-method.dto.d.ts.map +1 -0
- package/dist/dto/admin-set-preferred-method.dto.js +50 -0
- package/dist/dto/admin-set-preferred-method.dto.js.map +1 -0
- package/dist/dto/admin-update-user-attributes.dto.d.ts +41 -0
- package/dist/dto/admin-update-user-attributes.dto.d.ts.map +1 -0
- package/dist/dto/{update-user-attributes-request.dto.js → admin-update-user-attributes.dto.js} +12 -17
- package/dist/dto/admin-update-user-attributes.dto.js.map +1 -0
- package/dist/dto/auth-challenge.dto.d.ts +2 -2
- package/dist/dto/auth-challenge.dto.d.ts.map +1 -1
- package/dist/dto/auth-challenge.dto.js +3 -3
- package/dist/dto/auth-challenge.dto.js.map +1 -1
- package/dist/dto/auth-response.dto.d.ts +1 -1
- package/dist/dto/auth-response.dto.d.ts.map +1 -1
- package/dist/dto/auth-response.dto.js +1 -1
- package/dist/dto/auth-response.dto.js.map +1 -1
- package/dist/dto/get-mfa-status.dto.d.ts +3 -32
- package/dist/dto/get-mfa-status.dto.d.ts.map +1 -1
- package/dist/dto/get-mfa-status.dto.js +4 -55
- package/dist/dto/get-mfa-status.dto.js.map +1 -1
- package/dist/dto/get-risk-assessment-history.dto.d.ts +3 -3
- package/dist/dto/get-risk-assessment-history.dto.d.ts.map +1 -1
- package/dist/dto/get-risk-assessment-history.dto.js +5 -5
- package/dist/dto/get-risk-assessment-history.dto.js.map +1 -1
- package/dist/dto/get-suspicious-activity.dto.d.ts +3 -3
- package/dist/dto/get-suspicious-activity.dto.d.ts.map +1 -1
- package/dist/dto/get-suspicious-activity.dto.js +5 -5
- package/dist/dto/get-suspicious-activity.dto.js.map +1 -1
- package/dist/dto/get-user-auth-history.dto.d.ts +4 -39
- package/dist/dto/get-user-auth-history.dto.d.ts.map +1 -1
- package/dist/dto/get-user-auth-history.dto.js +53 -51
- package/dist/dto/get-user-auth-history.dto.js.map +1 -1
- package/dist/dto/get-user-devices.dto.d.ts +5 -18
- package/dist/dto/get-user-devices.dto.d.ts.map +1 -1
- package/dist/dto/get-user-devices.dto.js +5 -39
- package/dist/dto/get-user-devices.dto.js.map +1 -1
- package/dist/dto/get-user-sessions-response.dto.d.ts +1 -1
- package/dist/dto/get-user-sessions-response.dto.js +1 -1
- package/dist/dto/get-user-sessions.dto.d.ts +1 -1
- package/dist/dto/get-user-sessions.dto.js +1 -1
- package/dist/dto/index.d.ts +9 -2
- package/dist/dto/index.d.ts.map +1 -1
- package/dist/dto/index.js +9 -2
- package/dist/dto/index.js.map +1 -1
- package/dist/dto/logout-all-response.dto.d.ts +1 -1
- package/dist/dto/logout-all-response.dto.js +1 -1
- package/dist/dto/logout-all.dto.d.ts +1 -18
- package/dist/dto/logout-all.dto.d.ts.map +1 -1
- package/dist/dto/logout-all.dto.js +1 -30
- package/dist/dto/logout-all.dto.js.map +1 -1
- package/dist/dto/logout-session.dto.d.ts +0 -5
- package/dist/dto/logout-session.dto.d.ts.map +1 -1
- package/dist/dto/logout-session.dto.js +0 -12
- package/dist/dto/logout-session.dto.js.map +1 -1
- package/dist/dto/logout.dto.d.ts +1 -18
- package/dist/dto/logout.dto.d.ts.map +1 -1
- package/dist/dto/logout.dto.js +1 -30
- package/dist/dto/logout.dto.js.map +1 -1
- package/dist/dto/remove-devices.dto.d.ts +4 -16
- package/dist/dto/remove-devices.dto.d.ts.map +1 -1
- package/dist/dto/remove-devices.dto.js +4 -26
- package/dist/dto/remove-devices.dto.js.map +1 -1
- package/dist/dto/set-mfa-exemption.dto.d.ts +8 -9
- package/dist/dto/set-mfa-exemption.dto.d.ts.map +1 -1
- package/dist/dto/set-mfa-exemption.dto.js +11 -13
- package/dist/dto/set-mfa-exemption.dto.js.map +1 -1
- package/dist/dto/set-must-change-password.dto.d.ts +3 -3
- package/dist/dto/set-must-change-password.dto.d.ts.map +1 -1
- package/dist/dto/set-must-change-password.dto.js +5 -5
- package/dist/dto/set-must-change-password.dto.js.map +1 -1
- package/dist/dto/set-preferred-method.dto.d.ts +4 -16
- package/dist/dto/set-preferred-method.dto.d.ts.map +1 -1
- package/dist/dto/set-preferred-method.dto.js +4 -26
- package/dist/dto/set-preferred-method.dto.js.map +1 -1
- package/dist/dto/setup-mfa.dto.d.ts +3 -18
- package/dist/dto/setup-mfa.dto.d.ts.map +1 -1
- package/dist/dto/setup-mfa.dto.js +3 -30
- package/dist/dto/setup-mfa.dto.js.map +1 -1
- package/dist/dto/social-auth.dto.d.ts +4 -34
- package/dist/dto/social-auth.dto.d.ts.map +1 -1
- package/dist/dto/social-auth.dto.js +10 -68
- package/dist/dto/social-auth.dto.js.map +1 -1
- package/dist/dto/update-user-attributes.dto.d.ts +26 -0
- package/dist/dto/update-user-attributes.dto.d.ts.map +1 -0
- package/dist/dto/update-user-attributes.dto.js +30 -0
- package/dist/dto/update-user-attributes.dto.js.map +1 -0
- package/dist/index.d.ts +5 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -1
- package/dist/interfaces/hooks.interface.d.ts +2 -1
- package/dist/interfaces/hooks.interface.d.ts.map +1 -1
- package/dist/interfaces/mfa-provider.interface.d.ts +7 -8
- package/dist/interfaces/mfa-provider.interface.d.ts.map +1 -1
- package/dist/interfaces/provider.interface.d.ts +1 -1
- package/dist/interfaces/provider.interface.d.ts.map +1 -1
- package/dist/services/adaptive-mfa-decision.service.js +2 -2
- package/dist/services/adaptive-mfa-decision.service.js.map +1 -1
- package/dist/services/admin-auth.service.d.ts +307 -0
- package/dist/services/admin-auth.service.d.ts.map +1 -0
- package/dist/services/admin-auth.service.js +885 -0
- package/dist/services/admin-auth.service.js.map +1 -0
- package/dist/services/auth-audit.service.d.ts +16 -16
- package/dist/services/auth-audit.service.d.ts.map +1 -1
- package/dist/services/auth-audit.service.js +33 -33
- package/dist/services/auth-audit.service.js.map +1 -1
- package/dist/services/auth-challenge-helper.service.js +3 -3
- package/dist/services/auth-challenge-helper.service.js.map +1 -1
- package/dist/services/auth-service-internal-helpers.d.ts +13 -2
- package/dist/services/auth-service-internal-helpers.d.ts.map +1 -1
- package/dist/services/auth-service-internal-helpers.js +39 -1
- package/dist/services/auth-service-internal-helpers.js.map +1 -1
- package/dist/services/auth.service.d.ts +94 -438
- package/dist/services/auth.service.d.ts.map +1 -1
- package/dist/services/auth.service.js +388 -1255
- package/dist/services/auth.service.js.map +1 -1
- package/dist/services/mfa-base.service.d.ts +14 -4
- package/dist/services/mfa-base.service.d.ts.map +1 -1
- package/dist/services/mfa-base.service.js +22 -1
- package/dist/services/mfa-base.service.js.map +1 -1
- package/dist/services/mfa.service.d.ts +107 -33
- package/dist/services/mfa.service.d.ts.map +1 -1
- package/dist/services/mfa.service.js +456 -333
- package/dist/services/mfa.service.js.map +1 -1
- package/dist/services/social-auth.service.d.ts +7 -0
- package/dist/services/social-auth.service.d.ts.map +1 -1
- package/dist/services/social-auth.service.js +38 -26
- package/dist/services/social-auth.service.js.map +1 -1
- package/dist/services/user.service.d.ts +3 -3
- package/dist/services/user.service.d.ts.map +1 -1
- package/dist/services/user.service.js +7 -7
- package/dist/services/user.service.js.map +1 -1
- package/dist/utils/dto-validator.d.ts.map +1 -1
- package/dist/utils/dto-validator.js +50 -4
- package/dist/utils/dto-validator.js.map +1 -1
- package/dist/utils/setup/init-services.d.ts +2 -1
- package/dist/utils/setup/init-services.d.ts.map +1 -1
- package/dist/utils/setup/init-services.js +2 -0
- package/dist/utils/setup/init-services.js.map +1 -1
- package/package.json +1 -1
- package/dist/dto/change-password-request.dto.d.ts +0 -43
- package/dist/dto/change-password-request.dto.d.ts.map +0 -1
- package/dist/dto/change-password-request.dto.js.map +0 -1
- package/dist/dto/update-user-attributes-request.dto.d.ts +0 -44
- package/dist/dto/update-user-attributes-request.dto.d.ts.map +0 -1
- package/dist/dto/update-user-attributes-request.dto.js.map +0 -1
|
@@ -7,7 +7,7 @@ import { NAuthLogger } from '../utils/nauth-logger';
|
|
|
7
7
|
import { InternalAuthAuditService as AuthAuditService } from './auth-audit.service';
|
|
8
8
|
import { ClientInfoService } from './client-info.service';
|
|
9
9
|
import { HookRegistryService } from './hook-registry.service';
|
|
10
|
-
import { GetAvailableMethodsDTO, GetAvailableMethodsResponseDTO, GetChallengeDataDTO, GetChallengeDataResponseDTO,
|
|
10
|
+
import { GetAvailableMethodsDTO, GetAvailableMethodsResponseDTO, GetChallengeDataDTO, GetChallengeDataResponseDTO, AdminGetMFAStatusDTO, GetMFAStatusResponseDTO, GetSetupDataDTO, GetSetupDataResponseDTO, GetUserDevicesDTO, GetUserDevicesResponseDTO, HasProviderDTO, HasProviderResponseDTO, ListProvidersResponseDTO, AdminRemoveDevicesDTO, AdminSetPreferredMethodDTO, RemoveDevicesDTO, RemoveDevicesResponseDTO, SetMFAExemptionDTO, SetMFAExemptionResponseDTO, SetPreferredMethodDTO, SetPreferredMethodResponseDTO, SetupMFADTO, SetupMFAResponseDTO, VerifyMFACodeDTO, VerifyMFACodeResponseDTO } from '../dto';
|
|
11
11
|
/**
|
|
12
12
|
* MFA Service Registry
|
|
13
13
|
*
|
|
@@ -32,7 +32,7 @@ import { GetAvailableMethodsDTO, GetAvailableMethodsResponseDTO, GetChallengeDat
|
|
|
32
32
|
* @Post('mfa/verify')
|
|
33
33
|
* async verifyMFA(@Body() dto: { method: string; code: string }) {
|
|
34
34
|
* const provider = this.mfaService.getProvider(dto.method);
|
|
35
|
-
* return await provider.verify(
|
|
35
|
+
* return await provider.verify(dto.code);
|
|
36
36
|
* }
|
|
37
37
|
* }
|
|
38
38
|
* ```
|
|
@@ -47,6 +47,44 @@ export declare class MFAService {
|
|
|
47
47
|
private readonly clientInfoService?;
|
|
48
48
|
private readonly hookRegistry?;
|
|
49
49
|
private readonly providers;
|
|
50
|
+
/**
|
|
51
|
+
* Shared implementation for retrieving MFA status by target user sub.
|
|
52
|
+
*
|
|
53
|
+
* @param sub - Target user sub (UUID v4)
|
|
54
|
+
* @returns Comprehensive MFA status
|
|
55
|
+
*/
|
|
56
|
+
private getMfaStatusBySub;
|
|
57
|
+
/**
|
|
58
|
+
* Fetch active MFA devices for a given internal user ID.
|
|
59
|
+
*
|
|
60
|
+
* @param userId - Internal DB user ID
|
|
61
|
+
* @returns Active MFA devices
|
|
62
|
+
*/
|
|
63
|
+
private getActiveDevicesForUserId;
|
|
64
|
+
/**
|
|
65
|
+
* Resolve a target user by `sub` (admin-style targeting).
|
|
66
|
+
*
|
|
67
|
+
* @param sub - Target user sub (UUID v4)
|
|
68
|
+
* @returns User entity
|
|
69
|
+
* @throws {NAuthException} NOT_FOUND when user is not found
|
|
70
|
+
*/
|
|
71
|
+
private getUserBySubOrThrow;
|
|
72
|
+
/**
|
|
73
|
+
* Shared implementation for removing MFA devices.
|
|
74
|
+
*
|
|
75
|
+
* @param targetUser - Target user (self-service or admin target)
|
|
76
|
+
* @param methodType - MFA method to remove (normalized)
|
|
77
|
+
* @param removedBy - Actor performing the removal
|
|
78
|
+
*/
|
|
79
|
+
private removeDevicesInternal;
|
|
80
|
+
/**
|
|
81
|
+
* Shared implementation for setting preferred MFA method.
|
|
82
|
+
*
|
|
83
|
+
* @param targetUser - Target user (self-service or admin target)
|
|
84
|
+
* @param methodType - Preferred method (normalized)
|
|
85
|
+
* @param updatedBy - Actor performing the update
|
|
86
|
+
*/
|
|
87
|
+
private setPreferredMethodInternal;
|
|
50
88
|
/**
|
|
51
89
|
* Resolve a user entity by flexible identifier.
|
|
52
90
|
*
|
|
@@ -58,6 +96,24 @@ export declare class MFAService {
|
|
|
58
96
|
*/
|
|
59
97
|
private findUserByIdentifier;
|
|
60
98
|
constructor(mfaDeviceRepository: Repository<BaseMFADevice>, userRepository: Repository<BaseUser>, challengeService?: ChallengeService | undefined, config?: NAuthConfig | undefined, logger?: NAuthLogger | undefined, auditService?: AuthAuditService | undefined, clientInfoService?: ClientInfoService | undefined, hookRegistry?: HookRegistryService | undefined);
|
|
99
|
+
/**
|
|
100
|
+
* Get current user from authenticated context
|
|
101
|
+
*
|
|
102
|
+
* @returns Current authenticated user
|
|
103
|
+
* @throws {NAuthException} If user not found in context
|
|
104
|
+
*/
|
|
105
|
+
private getCurrentUserOrThrow;
|
|
106
|
+
/**
|
|
107
|
+
* Execute a callback with a specific user bound into CURRENT_USER context.
|
|
108
|
+
*
|
|
109
|
+
* This is required for flows where the user is resolved outside of request auth context
|
|
110
|
+
* (e.g., challenge sessions) but providers must still derive the user from context.
|
|
111
|
+
*
|
|
112
|
+
* @param user - User to bind into context
|
|
113
|
+
* @param callback - Callback to execute
|
|
114
|
+
* @returns Callback result
|
|
115
|
+
*/
|
|
116
|
+
private withUserContext;
|
|
61
117
|
/**
|
|
62
118
|
* Register an MFA provider
|
|
63
119
|
*
|
|
@@ -180,46 +236,36 @@ export declare class MFAService {
|
|
|
180
236
|
/**
|
|
181
237
|
* Get user's MFA devices
|
|
182
238
|
*
|
|
183
|
-
*
|
|
239
|
+
* User self-service method: current user is derived from authenticated context.
|
|
240
|
+
*
|
|
241
|
+
* @param _dto - Optional (empty) DTO for validation consistency
|
|
184
242
|
* @returns Response DTO with array of MFA devices
|
|
185
243
|
*
|
|
186
244
|
* @example
|
|
187
245
|
* ```typescript
|
|
188
|
-
* const result = await this.mfaService.getUserDevices(
|
|
246
|
+
* const result = await this.mfaService.getUserDevices();
|
|
189
247
|
* // Returns: { devices: [...] }
|
|
190
248
|
* ```
|
|
191
249
|
*/
|
|
192
|
-
getUserDevices(
|
|
250
|
+
getUserDevices(_dto?: GetUserDevicesDTO): Promise<GetUserDevicesResponseDTO>;
|
|
193
251
|
/**
|
|
194
|
-
* Get comprehensive MFA status for
|
|
252
|
+
* Get comprehensive MFA status for the current authenticated user (self-service).
|
|
195
253
|
*
|
|
196
|
-
* Returns complete MFA configuration status including:
|
|
197
|
-
* - Whether MFA is enabled/required
|
|
198
|
-
* - Configured and available methods
|
|
199
|
-
* - Preferred method
|
|
200
|
-
* - Backup codes status
|
|
201
|
-
* - MFA exemption information
|
|
202
|
-
*
|
|
203
|
-
* This method encapsulates all business logic for MFA status,
|
|
204
|
-
* ensuring consumer apps don't need to query databases or build responses manually.
|
|
205
|
-
*
|
|
206
|
-
* @param dto - Request DTO with user sub
|
|
207
254
|
* @returns Response DTO with complete MFA status
|
|
255
|
+
*/
|
|
256
|
+
getMfaStatus(): Promise<GetMFAStatusResponseDTO>;
|
|
257
|
+
/**
|
|
258
|
+
* Get comprehensive MFA status for a target user (admin-only).
|
|
208
259
|
*
|
|
209
|
-
* @
|
|
210
|
-
*
|
|
211
|
-
* @Get('mfa/status')
|
|
212
|
-
* async getMFAStatus(@CurrentUser() user: IUser) {
|
|
213
|
-
* return await this.mfaService.getMFAStatus({ sub: user.sub });
|
|
214
|
-
* }
|
|
215
|
-
* ```
|
|
260
|
+
* @param dto - Admin request DTO with target user sub
|
|
261
|
+
* @returns Response DTO with complete MFA status
|
|
216
262
|
*/
|
|
217
|
-
|
|
263
|
+
adminGetMfaStatus(dto: AdminGetMFAStatusDTO): Promise<GetMFAStatusResponseDTO>;
|
|
218
264
|
/**
|
|
219
265
|
* Remove MFA devices by method type
|
|
220
266
|
*
|
|
221
267
|
* Comprehensive method that handles all aspects of MFA device removal:
|
|
222
|
-
* -
|
|
268
|
+
* - Uses the authenticated user context (self-service)
|
|
223
269
|
* - Validates method type
|
|
224
270
|
* - Removes all active devices of the specified method type
|
|
225
271
|
* - Updates user's preferred method if the removed method was preferred
|
|
@@ -230,7 +276,7 @@ export declare class MFAService {
|
|
|
230
276
|
* This method encapsulates all database operations related to MFA device removal,
|
|
231
277
|
* ensuring the consumer app doesn't need to directly manipulate nauth_* tables.
|
|
232
278
|
*
|
|
233
|
-
* @param dto - Request DTO with
|
|
279
|
+
* @param dto - Request DTO with method type
|
|
234
280
|
* @returns Response DTO with deletedCount and whether MFA was disabled
|
|
235
281
|
* @throws {NAuthException} If user not found, invalid method type, or no devices found
|
|
236
282
|
*
|
|
@@ -239,12 +285,26 @@ export declare class MFAService {
|
|
|
239
285
|
* // Consumer app controller
|
|
240
286
|
* @Delete('mfa/devices/:method')
|
|
241
287
|
* async removeMFAMethod(@CurrentUser() user: IUser, @Param('method') method: string) {
|
|
242
|
-
* const result = await this.mfaService.removeDevices({
|
|
288
|
+
* const result = await this.mfaService.removeDevices({ methodType: method });
|
|
243
289
|
* return { message: 'MFA method removed successfully', ...result };
|
|
244
290
|
* }
|
|
245
291
|
* ```
|
|
246
292
|
*/
|
|
247
293
|
removeDevices(dto: RemoveDevicesDTO): Promise<RemoveDevicesResponseDTO>;
|
|
294
|
+
/**
|
|
295
|
+
* Admin: Remove MFA devices for a specific user by `sub`.
|
|
296
|
+
*
|
|
297
|
+
* @param dto - Admin DTO containing target `sub` and method type
|
|
298
|
+
* @returns Removal result
|
|
299
|
+
* @throws {NAuthException} NOT_FOUND when user is not found
|
|
300
|
+
* @throws {NAuthException} VALIDATION_FAILED on invalid method type
|
|
301
|
+
*
|
|
302
|
+
* @example
|
|
303
|
+
* ```typescript
|
|
304
|
+
* await mfaService.adminRemoveDevices({ sub: 'user-uuid', methodType: 'totp' });
|
|
305
|
+
* ```
|
|
306
|
+
*/
|
|
307
|
+
adminRemoveDevices(dto: AdminRemoveDevicesDTO): Promise<RemoveDevicesResponseDTO>;
|
|
248
308
|
/**
|
|
249
309
|
* Set preferred MFA method for a user
|
|
250
310
|
*
|
|
@@ -254,7 +314,7 @@ export declare class MFAService {
|
|
|
254
314
|
* This method encapsulates all database operations related to preferred method updates,
|
|
255
315
|
* ensuring the consumer app doesn't need to directly manipulate nauth_* tables.
|
|
256
316
|
*
|
|
257
|
-
* @param dto - Request DTO with
|
|
317
|
+
* @param dto - Request DTO with method type
|
|
258
318
|
* @returns Response DTO with success message
|
|
259
319
|
* @throws {NAuthException} If user not found, invalid method type, or method not configured
|
|
260
320
|
*
|
|
@@ -263,18 +323,32 @@ export declare class MFAService {
|
|
|
263
323
|
* // Consumer app controller
|
|
264
324
|
* @Put('mfa/preferred')
|
|
265
325
|
* async setPreferredMFAMethod(@CurrentUser() user: IUser, @Body() body: { method: string }) {
|
|
266
|
-
* return await this.mfaService.setPreferredMethod({
|
|
326
|
+
* return await this.mfaService.setPreferredMethod({ methodType: body.method });
|
|
267
327
|
* }
|
|
268
328
|
* ```
|
|
269
329
|
*/
|
|
270
330
|
setPreferredMethod(dto: SetPreferredMethodDTO): Promise<SetPreferredMethodResponseDTO>;
|
|
331
|
+
/**
|
|
332
|
+
* Admin: Set preferred MFA method for a specific user by `sub`.
|
|
333
|
+
*
|
|
334
|
+
* @param dto - Admin DTO containing target `sub` and method type
|
|
335
|
+
* @returns Success response
|
|
336
|
+
* @throws {NAuthException} NOT_FOUND when user is not found
|
|
337
|
+
* @throws {NAuthException} VALIDATION_FAILED when method is invalid or not configured
|
|
338
|
+
*
|
|
339
|
+
* @example
|
|
340
|
+
* ```typescript
|
|
341
|
+
* await mfaService.adminSetPreferredMethod({ sub: 'user-uuid', methodType: 'sms' });
|
|
342
|
+
* ```
|
|
343
|
+
*/
|
|
344
|
+
adminSetPreferredMethod(dto: AdminSetPreferredMethodDTO): Promise<SetPreferredMethodResponseDTO>;
|
|
271
345
|
/**
|
|
272
346
|
* Grant or revoke a user's exemption from multi-factor authentication (MFA) requirements.
|
|
273
347
|
*
|
|
274
348
|
* SECURITY: This admin-only operation updates the user's MFA exemption status, logs the action,
|
|
275
349
|
* and records an audit event. MFA exemption bypasses MFA at login, but all other security controls remain enforced.
|
|
276
350
|
*
|
|
277
|
-
* @param dto - Request DTO with
|
|
351
|
+
* @param dto - Request DTO with sub, exempt flag, reason, and grantedBy
|
|
278
352
|
* @returns Response DTO with updated exemption fields
|
|
279
353
|
* @throws {NAuthException} If the user is not found
|
|
280
354
|
*
|
|
@@ -282,7 +356,7 @@ export declare class MFAService {
|
|
|
282
356
|
* ```typescript
|
|
283
357
|
* // Grant MFA exemption
|
|
284
358
|
* await mfaService.setMFAExemption({
|
|
285
|
-
*
|
|
359
|
+
* sub: 'a21b654c-2746-4168-acee-c175083a65cd',
|
|
286
360
|
* exempt: true,
|
|
287
361
|
* reason: 'Business partner requires MFA bypass',
|
|
288
362
|
* grantedBy: 'admin@example.com'
|
|
@@ -290,7 +364,7 @@ export declare class MFAService {
|
|
|
290
364
|
*
|
|
291
365
|
* // Revoke MFA exemption
|
|
292
366
|
* await mfaService.setMFAExemption({
|
|
293
|
-
*
|
|
367
|
+
* sub: 'a21b654c-2746-4168-acee-c175083a65cd',
|
|
294
368
|
* exempt: false,
|
|
295
369
|
* reason: 'MFA now mandatory for this user',
|
|
296
370
|
* grantedBy: 'admin@example.com'
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mfa.service.d.ts","sourceRoot":"","sources":["../../src/services/mfa.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAI3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAEpF,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;
|
|
1
|
+
{"version":3,"file":"mfa.service.d.ts","sourceRoot":"","sources":["../../src/services/mfa.service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,aAAa,EAAE,QAAQ,EAAE,MAAM,aAAa,CAAC;AAEtD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sCAAsC,CAAC;AAI3E,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAC;AAEvD,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,wBAAwB,IAAI,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AAEpF,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAI9D,OAAO,EACL,sBAAsB,EACtB,8BAA8B,EAC9B,mBAAmB,EACnB,2BAA2B,EAC3B,oBAAoB,EACpB,uBAAuB,EACvB,eAAe,EACf,uBAAuB,EACvB,iBAAiB,EACjB,yBAAyB,EACzB,cAAc,EACd,sBAAsB,EACtB,wBAAwB,EACxB,qBAAqB,EACrB,0BAA0B,EAC1B,gBAAgB,EAChB,wBAAwB,EACxB,kBAAkB,EAClB,0BAA0B,EAC1B,qBAAqB,EACrB,6BAA6B,EAC7B,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,wBAAwB,EACzB,MAAM,QAAQ,CAAC;AAEhB;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,qBAAa,UAAU;IAibnB,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAC;IAClC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;IACxB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAC;IACxB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC;IACnC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAC;IAvbhC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA0C;IAMpE;;;;;OAKG;YACW,iBAAiB;IAsE/B;;;;;OAKG;YACW,yBAAyB;IASvC;;;;;;OAMG;YACW,mBAAmB;IAYjC;;;;;;OAMG;YACW,qBAAqB;IA6LnC;;;;;;OAMG;YACW,0BAA0B;IA+DxC;;;;;;;;OAQG;YACW,oBAAoB;gBAyCf,mBAAmB,EAAE,UAAU,CAAC,aAAa,CAAC,EAC9C,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EACpC,gBAAgB,CAAC,EAAE,gBAAgB,YAAA,EACnC,MAAM,CAAC,EAAE,WAAW,YAAA,EACpB,MAAM,CAAC,EAAE,WAAW,YAAA,EACpB,YAAY,CAAC,EAAE,gBAAgB,YAAA,EAC/B,iBAAiB,CAAC,EAAE,iBAAiB,YAAA,EACrC,YAAY,CAAC,EAAE,mBAAmB,YAAA;IAGrD;;;;;OAKG;IACH,OAAO,CAAC,qBAAqB;IAQ7B;;;;;;;;;OASG;YACW,eAAe;IAsB7B;;;;;;;;;;;;;;OAcG;IACH,gBAAgB,CAAC,QAAQ,EAAE,mBAAmB,GAAG,IAAI;IAQrD;;;;;;;;;;;;OAYG;IACH,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,mBAAmB;IAWpD;;;;;;;;;;;;;OAaG;IACH,WAAW,CAAC,GAAG,EAAE,cAAc,GAAG,sBAAsB;IAOxD;;;;;;;;;OASG;IACH,aAAa,IAAI,wBAAwB;IAMzC;;;;;;;;;;;;;;;;;;OAkBG;IACG,mBAAmB,CAAC,GAAG,EAAE,sBAAsB,GAAG,OAAO,CAAC,8BAA8B,CAAC;IAyB/F;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACG,UAAU,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAgC1E;;;;;;;;;;;;;;OAcG;IACG,KAAK,CAAC,GAAG,EAAE,WAAW,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAU3D;;;;;;;;;;;;;OAaG;IACG,cAAc,CAAC,IAAI,GAAE,iBAAsB,GAAG,OAAO,CAAC,yBAAyB,CAAC;IAUtF;;;;OAIG;IACG,YAAY,IAAI,OAAO,CAAC,uBAAuB,CAAC;IAKtD;;;;;OAKG;IACG,iBAAiB,CAAC,GAAG,EAAE,oBAAoB,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAKpF;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACG,aAAa,CAAC,GAAG,EAAE,gBAAgB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAe7E;;;;;;;;;;;;OAYG;IACG,kBAAkB,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,wBAAwB,CAAC;IAevF;;;;;;;;;;;;;;;;;;;;;OAqBG;IACG,kBAAkB,CAAC,GAAG,EAAE,qBAAqB,GAAG,OAAO,CAAC,6BAA6B,CAAC;IAgB5F;;;;;;;;;;;;OAYG;IACG,uBAAuB,CAAC,GAAG,EAAE,0BAA0B,GAAG,OAAO,CAAC,6BAA6B,CAAC;IAetG;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA4BG;IACG,eAAe,CAAC,GAAG,EAAE,kBAAkB,GAAG,OAAO,CAAC,0BAA0B,CAAC;IAqFnF;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACG,YAAY,CAAC,GAAG,EAAE,eAAe,GAAG,OAAO,CAAC,uBAAuB,CAAC;IA2C1E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAsCG;IACG,gBAAgB,CAAC,GAAG,EAAE,mBAAmB,GAAG,OAAO,CAAC,2BAA2B,CAAC;CAwDvF"}
|