@node-c/domain-iam 1.0.0-alpha9 → 1.0.0-beta1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/common/definitions/common.constants.d.ts +7 -1
- package/dist/common/definitions/common.constants.js +6 -0
- package/dist/common/definitions/common.constants.js.map +1 -1
- package/dist/module/iam.module.js.map +1 -1
- package/dist/services/authentication/iam.authentication.definitions.d.ts +79 -16
- package/dist/services/authentication/iam.authentication.definitions.js +6 -9
- package/dist/services/authentication/iam.authentication.definitions.js.map +1 -1
- package/dist/services/authentication/iam.authentication.service.d.ts +13 -5
- package/dist/services/authentication/iam.authentication.service.js +32 -3
- package/dist/services/authentication/iam.authentication.service.js.map +1 -1
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.definitions.d.ts +38 -0
- package/dist/services/{authenticationLocal/iam.authenticationLocal.definitions.js → authenticationOAuth2/iam.authenticationOAuth2.definitions.js} +1 -1
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.definitions.js.map +1 -0
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.service.d.ts +25 -0
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.service.js +300 -0
- package/dist/services/authenticationOAuth2/iam.authenticationOAuth2.service.js.map +1 -0
- package/dist/services/authenticationOAuth2/index.d.ts +2 -0
- package/dist/services/authenticationOAuth2/index.js +19 -0
- package/dist/services/authenticationOAuth2/index.js.map +1 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.d.ts +12 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.js +3 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.js.map +1 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.d.ts +15 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.js +142 -0
- package/dist/services/authenticationUserLocal/iam.authenticationUserLocal.service.js.map +1 -0
- package/dist/services/authenticationUserLocal/index.d.ts +2 -0
- package/dist/services/{authenticationLocal → authenticationUserLocal}/index.js +2 -2
- package/dist/services/authenticationUserLocal/index.js.map +1 -0
- package/dist/services/authorization/iam.authorization.definitions.d.ts +33 -23
- package/dist/services/authorization/iam.authorization.definitions.js +7 -0
- package/dist/services/authorization/iam.authorization.definitions.js.map +1 -1
- package/dist/services/authorization/iam.authorization.service.d.ts +29 -13
- package/dist/services/authorization/iam.authorization.service.js +233 -125
- package/dist/services/authorization/iam.authorization.service.js.map +1 -1
- package/dist/services/index.d.ts +4 -2
- package/dist/services/index.js +4 -2
- package/dist/services/index.js.map +1 -1
- package/dist/services/mfa/iam.mfa.definitions.d.ts +21 -0
- package/dist/services/mfa/iam.mfa.definitions.js +8 -0
- package/dist/services/mfa/iam.mfa.definitions.js.map +1 -0
- package/dist/services/mfa/iam.mfa.service.d.ts +10 -0
- package/dist/services/mfa/iam.mfa.service.js +32 -0
- package/dist/services/mfa/iam.mfa.service.js.map +1 -0
- package/dist/services/mfa/index.d.ts +2 -0
- package/dist/services/{users → mfa}/index.js +2 -2
- package/dist/services/mfa/index.js.map +1 -0
- package/dist/services/tokenManager/iam.tokenManager.definitions.d.ts +14 -3
- package/dist/services/tokenManager/iam.tokenManager.definitions.js.map +1 -1
- package/dist/services/tokenManager/iam.tokenManager.service.d.ts +24 -9
- package/dist/services/tokenManager/iam.tokenManager.service.js +113 -44
- package/dist/services/tokenManager/iam.tokenManager.service.js.map +1 -1
- package/dist/services/userManager/iam.userManager.definitions.d.ts +45 -0
- package/dist/services/userManager/iam.userManager.definitions.js +8 -0
- package/dist/services/userManager/iam.userManager.definitions.js.map +1 -0
- package/dist/services/userManager/iam.userManager.service.d.ts +33 -0
- package/dist/services/userManager/iam.userManager.service.js +332 -0
- package/dist/services/userManager/iam.userManager.service.js.map +1 -0
- package/dist/services/userManager/index.d.ts +2 -0
- package/dist/services/userManager/index.js +19 -0
- package/dist/services/userManager/index.js.map +1 -0
- package/package.json +10 -8
- package/src/common/definitions/common.constants.ts +16 -0
- package/src/common/definitions/index.ts +1 -0
- package/src/index.ts +3 -0
- package/src/module/iam.definitions.ts +15 -0
- package/src/module/iam.module.ts +29 -0
- package/src/module/index.ts +2 -0
- package/src/services/authentication/iam.authentication.definitions.ts +100 -0
- package/src/services/authentication/iam.authentication.service.ts +105 -0
- package/src/services/authentication/index.ts +2 -0
- package/src/services/authenticationOAuth2/iam.authenticationOAuth2.definitions.ts +72 -0
- package/src/services/authenticationOAuth2/iam.authenticationOAuth2.service.ts +352 -0
- package/src/services/authenticationOAuth2/index.ts +2 -0
- package/src/services/authenticationUserLocal/iam.authenticationUserLocal.definitions.ts +29 -0
- package/src/services/authenticationUserLocal/iam.authenticationUserLocal.service.ts +173 -0
- package/src/services/authenticationUserLocal/index.ts +2 -0
- package/src/services/authorization/iam.authorization.definitions.ts +55 -0
- package/src/services/authorization/iam.authorization.service.ts +387 -0
- package/src/services/authorization/index.ts +2 -0
- package/src/services/index.ts +7 -0
- package/src/services/mfa/iam.mfa.definitions.ts +28 -0
- package/src/services/mfa/iam.mfa.service.ts +40 -0
- package/src/services/mfa/index.ts +2 -0
- package/src/services/tokenManager/iam.tokenManager.definitions.ts +61 -0
- package/src/services/tokenManager/iam.tokenManager.service.ts +292 -0
- package/src/services/tokenManager/index.ts +2 -0
- package/src/services/userManager/iam.userManager.definitions.ts +73 -0
- package/src/services/userManager/iam.userManager.service.ts +463 -0
- package/src/services/userManager/index.ts +2 -0
- package/dist/services/authenticationLocal/iam.authenticationLocal.definitions.d.ts +0 -11
- package/dist/services/authenticationLocal/iam.authenticationLocal.definitions.js.map +0 -1
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.d.ts +0 -10
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.js +0 -70
- package/dist/services/authenticationLocal/iam.authenticationLocal.service.js.map +0 -1
- package/dist/services/authenticationLocal/index.d.ts +0 -2
- package/dist/services/authenticationLocal/index.js.map +0 -1
- package/dist/services/users/iam.users.definitions.d.ts +0 -30
- package/dist/services/users/iam.users.definitions.js +0 -8
- package/dist/services/users/iam.users.definitions.js.map +0 -1
- package/dist/services/users/iam.users.service.d.ts +0 -16
- package/dist/services/users/iam.users.service.js +0 -93
- package/dist/services/users/iam.users.service.js.map +0 -1
- package/dist/services/users/index.d.ts +0 -2
- package/dist/services/users/index.js.map +0 -1
|
@@ -1,25 +1,36 @@
|
|
|
1
1
|
import { DomainCreateOptions } from '@node-c/core';
|
|
2
|
+
import { IAMAuthenticationType, IAMAuthenticationVerifyExternalAccessTokenResult } from '../authentication';
|
|
3
|
+
export interface BaseTokenEntityFields {
|
|
4
|
+
externalToken?: string;
|
|
5
|
+
externalTokenAuthService?: IAMAuthenticationType;
|
|
6
|
+
}
|
|
2
7
|
export type DecodedTokenContent<TokenEntityFields> = {
|
|
3
8
|
exp?: number;
|
|
4
9
|
iat: number;
|
|
5
|
-
data?: TokenEntityFields;
|
|
10
|
+
data?: TokenEntityFields & BaseTokenEntityFields;
|
|
6
11
|
};
|
|
7
12
|
export type TokenEntity<TokenEntityFields extends object> = {
|
|
8
13
|
token: string;
|
|
9
14
|
type: TokenType;
|
|
10
|
-
} & TokenEntityFields;
|
|
15
|
+
} & TokenEntityFields & BaseTokenEntityFields;
|
|
11
16
|
export type TokenManagerCreateData<TokenEntityFields extends object> = Partial<Omit<TokenEntity<TokenEntityFields>, 'token'>>;
|
|
12
17
|
export type TokenManagerCreateOptions = {
|
|
13
18
|
expiresInMinutes?: number;
|
|
14
19
|
identifierDataField?: string;
|
|
15
20
|
persist?: boolean;
|
|
16
|
-
|
|
21
|
+
purgeOldFromData?: boolean;
|
|
22
|
+
tokenContentOnlyFields?: string[];
|
|
17
23
|
ttl?: number;
|
|
18
24
|
} & DomainCreateOptions;
|
|
19
25
|
export declare enum TokenType {
|
|
20
26
|
Access = "access",
|
|
21
27
|
Refresh = "refresh"
|
|
22
28
|
}
|
|
29
|
+
export interface TokenManagerVerifyResult<TokenEntityFields> {
|
|
30
|
+
content?: DecodedTokenContent<TokenEntityFields>;
|
|
31
|
+
externalTokenData?: IAMAuthenticationVerifyExternalAccessTokenResult;
|
|
32
|
+
error?: unknown;
|
|
33
|
+
}
|
|
23
34
|
export interface VerifyAccessTokenOptions {
|
|
24
35
|
deleteFromStoreIfExpired?: boolean;
|
|
25
36
|
identifierDataField?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.tokenManager.definitions.js","sourceRoot":"","sources":["../../../src/services/tokenManager/iam.tokenManager.definitions.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"iam.tokenManager.definitions.js","sourceRoot":"","sources":["../../../src/services/tokenManager/iam.tokenManager.definitions.ts"],"names":[],"mappings":";;;AAkCA,IAAY,SAKX;AALD,WAAY,SAAS;IAEnB,8BAAiB,CAAA;IAEjB,gCAAmB,CAAA;AACrB,CAAC,EALW,SAAS,yBAAT,SAAS,QAKpB"}
|
|
@@ -1,14 +1,29 @@
|
|
|
1
|
-
import { ConfigProviderService, DomainCreateResult, DomainEntityService,
|
|
2
|
-
import {
|
|
3
|
-
|
|
1
|
+
import { ConfigProviderService, DataEntityService, DomainCreateResult, DomainEntityService, LoggerService } from '@node-c/core';
|
|
2
|
+
import { TokenEntity, TokenManagerCreateData, TokenManagerCreateOptions, TokenManagerVerifyResult, VerifyAccessTokenOptions, VerifyAccessTokenReturnData } from './iam.tokenManager.definitions';
|
|
3
|
+
import { IAMAuthenticationService, IAMAuthenticationType } from '../authentication';
|
|
4
|
+
import { IAMAuthenticationOAuth2Service } from '../authenticationOAuth2';
|
|
5
|
+
import { IAMAuthenticationUserLocalService } from '../authenticationUserLocal';
|
|
6
|
+
export declare class IAMTokenManagerService<TokenEntityFields extends object> {
|
|
7
|
+
protected authServices: {
|
|
8
|
+
[IAMAuthenticationType.OAuth2]?: IAMAuthenticationOAuth2Service<object, object>;
|
|
9
|
+
[IAMAuthenticationType.UserLocal]?: IAMAuthenticationUserLocalService<object, object>;
|
|
10
|
+
} & {
|
|
11
|
+
[serviceName: string]: IAMAuthenticationService<object, object>;
|
|
12
|
+
};
|
|
4
13
|
protected configProvider: ConfigProviderService;
|
|
14
|
+
protected domainTokensEntityService: DomainEntityService<TokenEntity<TokenEntityFields>, DataEntityService<TokenEntity<TokenEntityFields>>>;
|
|
15
|
+
protected logger: LoggerService;
|
|
5
16
|
protected moduleName: string;
|
|
6
|
-
|
|
7
|
-
|
|
17
|
+
constructor(authServices: {
|
|
18
|
+
[IAMAuthenticationType.OAuth2]?: IAMAuthenticationOAuth2Service<object, object>;
|
|
19
|
+
[IAMAuthenticationType.UserLocal]?: IAMAuthenticationUserLocalService<object, object>;
|
|
20
|
+
} & {
|
|
21
|
+
[serviceName: string]: IAMAuthenticationService<object, object>;
|
|
22
|
+
}, configProvider: ConfigProviderService, domainTokensEntityService: DomainEntityService<TokenEntity<TokenEntityFields>, DataEntityService<TokenEntity<TokenEntityFields>>>, logger: LoggerService, moduleName: string);
|
|
8
23
|
create(data: TokenManagerCreateData<TokenEntityFields>, options: TokenManagerCreateOptions): Promise<DomainCreateResult<TokenEntity<TokenEntityFields>>>;
|
|
9
24
|
verifyAccessToken(token: string, options?: VerifyAccessTokenOptions): Promise<VerifyAccessTokenReturnData<TokenEntityFields>>;
|
|
10
|
-
protected verify(token: string, secret: string
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
}
|
|
25
|
+
protected verify(token: string, secret: string, options?: {
|
|
26
|
+
forceVerifyExternal?: boolean;
|
|
27
|
+
verifyExternal?: boolean;
|
|
28
|
+
}): Promise<TokenManagerVerifyResult<TokenEntityFields>>;
|
|
14
29
|
}
|
|
@@ -52,28 +52,31 @@ var __rest = (this && this.__rest) || function (s, e) {
|
|
|
52
52
|
}
|
|
53
53
|
return t;
|
|
54
54
|
};
|
|
55
|
+
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
56
|
+
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
57
|
+
};
|
|
55
58
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
56
59
|
exports.IAMTokenManagerService = void 0;
|
|
57
60
|
const core_1 = require("@node-c/core");
|
|
58
|
-
const general_tools_1 = require("@ramster/general-tools");
|
|
59
61
|
const jwt = __importStar(require("jsonwebtoken"));
|
|
62
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
60
63
|
const iam_tokenManager_definitions_1 = require("./iam.tokenManager.definitions");
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
+
const definitions_1 = require("../../common/definitions");
|
|
65
|
+
const authentication_1 = require("../authentication");
|
|
66
|
+
class IAMTokenManagerService {
|
|
67
|
+
constructor(authServices, configProvider, domainTokensEntityService, logger, moduleName) {
|
|
68
|
+
this.authServices = authServices;
|
|
64
69
|
this.configProvider = configProvider;
|
|
70
|
+
this.domainTokensEntityService = domainTokensEntityService;
|
|
71
|
+
this.logger = logger;
|
|
65
72
|
this.moduleName = moduleName;
|
|
66
|
-
this.persistanceEntityService = persistanceEntityService;
|
|
67
73
|
}
|
|
68
74
|
create(data, options) {
|
|
69
|
-
const _super = Object.create(null, {
|
|
70
|
-
create: { get: () => super.create }
|
|
71
|
-
});
|
|
72
75
|
return __awaiter(this, void 0, void 0, function* () {
|
|
73
|
-
const { configProvider, moduleName,
|
|
76
|
+
const { configProvider, logger, moduleName, domainTokensEntityService } = this;
|
|
74
77
|
const moduleConfig = configProvider.config.domain[moduleName];
|
|
75
78
|
const { type } = data, tokenData = __rest(data, ["type"]);
|
|
76
|
-
const { expiresInMinutes, identifierDataField, persist,
|
|
79
|
+
const { expiresInMinutes, identifierDataField, persist, purgeOldFromData, tokenContentOnlyFields } = options;
|
|
77
80
|
const signOptions = {};
|
|
78
81
|
let secret;
|
|
79
82
|
if (type === iam_tokenManager_definitions_1.TokenType.Access) {
|
|
@@ -100,7 +103,7 @@ class IAMTokenManagerService extends core_1.DomainEntityService {
|
|
|
100
103
|
const token = yield new Promise((resolve, reject) => {
|
|
101
104
|
jwt.sign({ data }, secret, signOptions, (err, token) => {
|
|
102
105
|
if (err) {
|
|
103
|
-
|
|
106
|
+
logger.error(err);
|
|
104
107
|
reject(new core_1.ApplicationError('Failed to sign token.'));
|
|
105
108
|
return;
|
|
106
109
|
}
|
|
@@ -108,85 +111,137 @@ class IAMTokenManagerService extends core_1.DomainEntityService {
|
|
|
108
111
|
});
|
|
109
112
|
});
|
|
110
113
|
const objectToSave = Object.assign(Object.assign({}, tokenData), { token, type });
|
|
111
|
-
if (
|
|
112
|
-
|
|
113
|
-
|
|
114
|
+
if (tokenContentOnlyFields === null || tokenContentOnlyFields === void 0 ? void 0 : tokenContentOnlyFields.length) {
|
|
115
|
+
tokenContentOnlyFields.forEach(fieldName => (0, core_1.setNested)(objectToSave, fieldName, undefined, { removeNestedFieldEscapeSign: true }));
|
|
116
|
+
}
|
|
117
|
+
if (persist) {
|
|
118
|
+
if (purgeOldFromData && identifierDataField) {
|
|
119
|
+
const identifierValue = lodash_1.default.get(data, identifierDataField);
|
|
114
120
|
if (typeof identifierValue !== 'undefined' && typeof identifierValue !== 'object') {
|
|
115
|
-
yield
|
|
116
|
-
filters: { [identifierDataField]: identifierValue }
|
|
117
|
-
});
|
|
121
|
+
yield domainTokensEntityService.delete({
|
|
122
|
+
filters: { [identifierDataField]: identifierValue, type }
|
|
123
|
+
}, { requirePrimaryKeys: true });
|
|
118
124
|
}
|
|
119
125
|
}
|
|
120
|
-
yield
|
|
126
|
+
yield domainTokensEntityService.create(objectToSave, { ttl: signOptions.expiresIn });
|
|
121
127
|
}
|
|
122
128
|
return { result: objectToSave };
|
|
123
129
|
});
|
|
124
130
|
}
|
|
125
131
|
verifyAccessToken(token, options) {
|
|
126
132
|
return __awaiter(this, void 0, void 0, function* () {
|
|
127
|
-
|
|
133
|
+
var _a;
|
|
134
|
+
const { configProvider, domainTokensEntityService, logger, moduleName } = this;
|
|
128
135
|
const moduleConfig = configProvider.config.domain[moduleName];
|
|
129
136
|
const { deleteFromStoreIfExpired, identifierDataField, newTokenExpiresInMinutes, persistNewToken, purgeStoreOnRenew, refreshToken, refreshTokenAccessTokenIdentifierDataField } = options || {};
|
|
130
|
-
const { content, error } = yield this.verify(token, moduleConfig.jwtAccessSecret
|
|
131
|
-
|
|
137
|
+
const { content, error, externalTokenData } = yield this.verify(token, moduleConfig.jwtAccessSecret, {
|
|
138
|
+
verifyExternal: true
|
|
139
|
+
});
|
|
140
|
+
const externalAccessTokenExpired = !!(externalTokenData === null || externalTokenData === void 0 ? void 0 : externalTokenData.error);
|
|
141
|
+
const internalAccessTokenExpired = error === definitions_1.Constants.TOKEN_EXPIRED_ERROR;
|
|
142
|
+
let errorMessageToLog;
|
|
143
|
+
let externalRenewEnabled = false;
|
|
132
144
|
let newToken;
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
145
|
+
let refreshTokenContent;
|
|
146
|
+
let renewEnabled = false;
|
|
147
|
+
let throwError = true;
|
|
148
|
+
if (internalAccessTokenExpired || externalAccessTokenExpired) {
|
|
149
|
+
if (identifierDataField && (content === null || content === void 0 ? void 0 : content.data)) {
|
|
137
150
|
if (refreshToken && refreshTokenAccessTokenIdentifierDataField) {
|
|
138
|
-
const { content:
|
|
139
|
-
|
|
140
|
-
errorToThrow = refreshTokenError;
|
|
141
|
-
}
|
|
151
|
+
const { content: rtc, error: refreshTokenError } = yield this.verify(refreshToken, moduleConfig.jwtRefreshSecret);
|
|
152
|
+
refreshTokenContent = rtc;
|
|
142
153
|
if (!refreshTokenContent) {
|
|
143
|
-
|
|
154
|
+
errorMessageToLog = '[IAMTokenManagerService.verifyAccessToken]: Empty internal refresh token.';
|
|
155
|
+
}
|
|
156
|
+
else if (refreshTokenError) {
|
|
157
|
+
errorMessageToLog = refreshTokenError;
|
|
158
|
+
if (deleteFromStoreIfExpired && refreshTokenContent.data) {
|
|
159
|
+
const identifierValue = lodash_1.default.get(refreshTokenContent.data, refreshTokenAccessTokenIdentifierDataField);
|
|
160
|
+
if (typeof identifierValue !== 'undefined' && typeof identifierValue !== 'object') {
|
|
161
|
+
yield domainTokensEntityService.delete({
|
|
162
|
+
filters: { [refreshTokenAccessTokenIdentifierDataField]: identifierValue, token: refreshToken }
|
|
163
|
+
}, { requirePrimaryKeys: true });
|
|
164
|
+
}
|
|
165
|
+
}
|
|
144
166
|
}
|
|
145
167
|
else {
|
|
146
|
-
const refreshTokenCheckValue =
|
|
168
|
+
const refreshTokenCheckValue = lodash_1.default.get(content.data, refreshTokenAccessTokenIdentifierDataField);
|
|
147
169
|
if (refreshTokenCheckValue !== refreshToken) {
|
|
148
|
-
|
|
170
|
+
errorMessageToLog = '[IAMTokenManagerService.verifyAccessToken]: Mismatched internal refresh token.';
|
|
149
171
|
}
|
|
150
172
|
else {
|
|
151
|
-
|
|
173
|
+
renewEnabled = true;
|
|
152
174
|
throwError = false;
|
|
153
175
|
}
|
|
154
176
|
}
|
|
177
|
+
if (externalAccessTokenExpired) {
|
|
178
|
+
if ((_a = refreshTokenContent === null || refreshTokenContent === void 0 ? void 0 : refreshTokenContent.data) === null || _a === void 0 ? void 0 : _a.externalToken) {
|
|
179
|
+
externalRenewEnabled = true;
|
|
180
|
+
renewEnabled = true;
|
|
181
|
+
throwError = false;
|
|
182
|
+
}
|
|
183
|
+
else {
|
|
184
|
+
errorMessageToLog = '[IAMTokenManagerService.verifyAccessToken]: Missing external refresh token.';
|
|
185
|
+
}
|
|
186
|
+
}
|
|
155
187
|
}
|
|
156
188
|
else {
|
|
189
|
+
errorMessageToLog =
|
|
190
|
+
'[IAMTokenManagerService.verifyAccessToken]: Access token expired & no refresh token data present or configured.';
|
|
157
191
|
if (deleteFromStoreIfExpired) {
|
|
158
|
-
const identifierValue =
|
|
192
|
+
const identifierValue = lodash_1.default.get(content.data, identifierDataField);
|
|
159
193
|
if (typeof identifierValue !== 'undefined' && typeof identifierValue !== 'object') {
|
|
160
|
-
yield
|
|
161
|
-
filters: { [identifierDataField]: identifierValue }
|
|
162
|
-
});
|
|
194
|
+
yield domainTokensEntityService.delete({
|
|
195
|
+
filters: { [identifierDataField]: identifierValue, token }
|
|
196
|
+
}, { requirePrimaryKeys: true });
|
|
163
197
|
}
|
|
164
198
|
}
|
|
165
|
-
errorToThrow = new core_1.ApplicationError('Expired access token.');
|
|
166
199
|
}
|
|
167
200
|
}
|
|
168
|
-
|
|
169
|
-
|
|
201
|
+
else {
|
|
202
|
+
errorMessageToLog = '[IAMTokenManagerService.verify]: Internal access token expired.';
|
|
170
203
|
}
|
|
171
204
|
}
|
|
172
|
-
|
|
205
|
+
else {
|
|
206
|
+
throwError = false;
|
|
207
|
+
}
|
|
208
|
+
if (throwError) {
|
|
209
|
+
logger.error(errorMessageToLog);
|
|
210
|
+
throw new core_1.ApplicationError('Expired access token.');
|
|
211
|
+
}
|
|
212
|
+
if ((content === null || content === void 0 ? void 0 : content.data) && renewEnabled) {
|
|
173
213
|
const tokenData = Object.assign(Object.assign({}, content.data), { type: iam_tokenManager_definitions_1.TokenType.Access });
|
|
174
214
|
if (refreshToken && refreshTokenAccessTokenIdentifierDataField) {
|
|
175
215
|
tokenData[refreshTokenAccessTokenIdentifierDataField] = refreshToken;
|
|
176
216
|
}
|
|
217
|
+
if (externalRenewEnabled) {
|
|
218
|
+
const externalAccessTokenRenewalResult = yield this.authServices[refreshTokenContent.data.externalTokenAuthService].refreshExternalAccessToken({
|
|
219
|
+
accessToken: content.data.externalToken,
|
|
220
|
+
refreshToken: refreshTokenContent.data.externalToken
|
|
221
|
+
});
|
|
222
|
+
if (externalAccessTokenRenewalResult.error) {
|
|
223
|
+
logger.error(errorMessageToLog);
|
|
224
|
+
throw new core_1.ApplicationError('Expired access token.');
|
|
225
|
+
}
|
|
226
|
+
tokenData.externalToken = externalAccessTokenRenewalResult.newAccessToken;
|
|
227
|
+
}
|
|
177
228
|
const { result } = yield this.create(tokenData, {
|
|
178
229
|
expiresInMinutes: newTokenExpiresInMinutes,
|
|
179
230
|
identifierDataField,
|
|
180
231
|
persist: persistNewToken,
|
|
181
|
-
|
|
232
|
+
purgeOldFromData: purgeStoreOnRenew
|
|
182
233
|
});
|
|
183
234
|
newToken = result.token;
|
|
184
235
|
}
|
|
185
236
|
return { content, newToken };
|
|
186
237
|
});
|
|
187
238
|
}
|
|
188
|
-
verify(token, secret) {
|
|
239
|
+
verify(token, secret, options) {
|
|
189
240
|
return __awaiter(this, void 0, void 0, function* () {
|
|
241
|
+
var _a, _b;
|
|
242
|
+
const { configProvider, moduleName } = this;
|
|
243
|
+
const moduleConfig = configProvider.config.domain[moduleName];
|
|
244
|
+
const { forceVerifyExternal, verifyExternal } = options || {};
|
|
190
245
|
const data = yield new Promise(resolve => {
|
|
191
246
|
jwt.verify(token, secret, (err, decoded) => {
|
|
192
247
|
if (err) {
|
|
@@ -195,7 +250,21 @@ class IAMTokenManagerService extends core_1.DomainEntityService {
|
|
|
195
250
|
resolve({ content: decoded });
|
|
196
251
|
});
|
|
197
252
|
});
|
|
198
|
-
|
|
253
|
+
const returnData = Object.assign({}, data);
|
|
254
|
+
const tokenPayload = (_a = data.content) === null || _a === void 0 ? void 0 : _a.data;
|
|
255
|
+
if (verifyExternal && (tokenPayload === null || tokenPayload === void 0 ? void 0 : tokenPayload.externalToken) && (tokenPayload === null || tokenPayload === void 0 ? void 0 : tokenPayload.externalTokenAuthService)) {
|
|
256
|
+
const authServiceConfig = (_b = moduleConfig.authServiceSettings) === null || _b === void 0 ? void 0 : _b[tokenPayload === null || tokenPayload === void 0 ? void 0 : tokenPayload.externalTokenAuthService];
|
|
257
|
+
if ((authServiceConfig === null || authServiceConfig === void 0 ? void 0 : authServiceConfig.processExternalTokensOnVerify) || forceVerifyExternal) {
|
|
258
|
+
const authService = this.authServices[tokenPayload === null || tokenPayload === void 0 ? void 0 : tokenPayload.externalTokenAuthService];
|
|
259
|
+
if (!authService) {
|
|
260
|
+
throw new core_1.ApplicationError(`[IAMTokenManagerService.verify]: Auth service ${tokenPayload === null || tokenPayload === void 0 ? void 0 : tokenPayload.externalTokenAuthService} not configured.`);
|
|
261
|
+
}
|
|
262
|
+
returnData.externalTokenData = yield authService.verifyExternalAccessToken({
|
|
263
|
+
accessToken: tokenPayload === null || tokenPayload === void 0 ? void 0 : tokenPayload.externalToken
|
|
264
|
+
});
|
|
265
|
+
}
|
|
266
|
+
}
|
|
267
|
+
return returnData;
|
|
199
268
|
});
|
|
200
269
|
}
|
|
201
270
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"iam.tokenManager.service.js","sourceRoot":"","sources":["../../../src/services/tokenManager/iam.tokenManager.service.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"iam.tokenManager.service.js","sourceRoot":"","sources":["../../../src/services/tokenManager/iam.tokenManager.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAWsB;AAEtB,kDAAoC;AACpC,oDAAwB;AAExB,iFASwC;AAExC,0DAAqD;AACrD,sDAAoF;AAOpF,MAAa,sBAAsB;IACjC,YAIY,YAG6D,EAE7D,cAAqC,EAErC,yBAGT,EAES,MAAqB,EAErB,UAAkB;QAdlB,iBAAY,GAAZ,YAAY,CAGiD;QAE7D,mBAAc,GAAd,cAAc,CAAuB;QAErC,8BAAyB,GAAzB,yBAAyB,CAGlC;QAES,WAAM,GAAN,MAAM,CAAe;QAErB,eAAU,GAAV,UAAU,CAAQ;IAC3B,CAAC;IAEE,MAAM,CACV,IAA+C,EAC/C,OAAkC;;YAElC,MAAM,EAAE,cAAc,EAAE,MAAM,EAAE,UAAU,EAAE,yBAAyB,EAAE,GAAG,IAAI,CAAC;YAC/E,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EAAE,IAAI,KAAmB,IAAI,EAAlB,SAAS,UAAK,IAAI,EAA7B,QAAsB,CAAO,CAAC;YACpC,MAAM,EAAE,gBAAgB,EAAE,mBAAmB,EAAE,OAAO,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,GAAG,OAAO,CAAC;YAC7G,MAAM,WAAW,GAAG,EAAqB,CAAC;YAC1C,IAAI,MAAc,CAAC;YAEnB,IAAI,IAAI,KAAK,wCAAS,CAAC,MAAM,EAAE,CAAC;gBAC9B,MAAM,GAAG,YAAY,CAAC,eAAe,CAAC;gBACtC,IAAI,gBAAgB,EAAE,CAAC;oBACrB,WAAW,CAAC,SAAS,GAAG,gBAAgB,GAAG,EAAE,CAAC;gBAChD,CAAC;qBAAM,IAAI,YAAY,CAAC,8BAA8B,EAAE,CAAC;oBACvD,WAAW,CAAC,SAAS,GAAG,YAAY,CAAC,8BAA8B,GAAG,EAAE,CAAC;gBAC3E,CAAC;YACH,CAAC;iBAAM,IAAI,IAAI,KAAK,wCAAS,CAAC,OAAO,EAAE,CAAC;gBACtC,MAAM,GAAG,YAAY,CAAC,gBAAgB,CAAC;gBACvC,IAAI,gBAAgB,EAAE,CAAC;oBACrB,WAAW,CAAC,SAAS,GAAG,gBAAgB,GAAG,EAAE,CAAC;gBAChD,CAAC;qBAAM,IAAI,YAAY,CAAC,+BAA+B,EAAE,CAAC;oBACxD,WAAW,CAAC,SAAS,GAAG,YAAY,CAAC,+BAA+B,GAAG,EAAE,CAAC;gBAC5E,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,uBAAgB,CAAC,gDAAgD,IAAI,IAAI,CAAC,CAAC;YACvF,CAAC;YACD,MAAM,KAAK,GAAG,MAAM,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBAC1D,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE;oBACrD,IAAI,GAAG,EAAE,CAAC;wBACR,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;wBAClB,MAAM,CAAC,IAAI,uBAAgB,CAAC,uBAAuB,CAAC,CAAC,CAAC;wBACtD,OAAO;oBACT,CAAC;oBACD,OAAO,CAAC,KAAe,CAAC,CAAC;gBAC3B,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YACH,MAAM,YAAY,GAAG,gCAAK,SAAS,KAAE,KAAK,EAAE,IAAI,GAAoC,CAAC;YACrF,IAAI,sBAAsB,aAAtB,sBAAsB,uBAAtB,sBAAsB,CAAE,MAAM,EAAE,CAAC;gBACnC,sBAAsB,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CACzC,IAAA,gBAAS,EAAC,YAAY,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,2BAA2B,EAAE,IAAI,EAAE,CAAC,CACrF,CAAC;YACJ,CAAC;YAGD,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,gBAAgB,IAAI,mBAAmB,EAAE,CAAC;oBAC5C,MAAM,eAAe,GAAG,gBAAE,CAAC,GAAG,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;oBAC1D,IAAI,OAAO,eAAe,KAAK,WAAW,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;wBAClF,MAAM,yBAAyB,CAAC,MAAM,CACpC;4BACE,OAAO,EAAE,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EAAE,IAAI,EAAE;yBAC1D,EACD,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAC7B,CAAC;oBACJ,CAAC;gBACH,CAAC;gBACD,MAAM,yBAAyB,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,GAAG,EAAE,WAAW,CAAC,SAAS,EAAyB,CAAC,CAAC;YAC9G,CAAC;YACD,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC;QAClC,CAAC;KAAA;IAGK,iBAAiB,CACrB,KAAa,EACb,OAAkC;;;YAElC,MAAM,EAAE,cAAc,EAAE,yBAAyB,EAAE,MAAM,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;YAC/E,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EACJ,wBAAwB,EACxB,mBAAmB,EACnB,wBAAwB,EACxB,eAAe,EACf,iBAAiB,EACjB,YAAY,EACZ,0CAA0C,EAC3C,GAAG,OAAO,IAAI,EAAE,CAAC;YAElB,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,eAAe,EAAE;gBAEnG,cAAc,EAAE,IAAI;aACrB,CAAC,CAAC;YACH,MAAM,0BAA0B,GAAG,CAAC,CAAC,CAAA,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,KAAK,CAAA,CAAC;YAC9D,MAAM,0BAA0B,GAAG,KAAK,KAAK,uBAAS,CAAC,mBAAmB,CAAC;YAC3E,IAAI,iBAAqC,CAAC;YAC1C,IAAI,oBAAoB,GAAG,KAAK,CAAC;YACjC,IAAI,QAA4B,CAAC;YACjC,IAAI,mBAA4D,CAAC;YACjE,IAAI,YAAY,GAAG,KAAK,CAAC;YACzB,IAAI,UAAU,GAAG,IAAI,CAAC;YAEtB,IAAI,0BAA0B,IAAI,0BAA0B,EAAE,CAAC;gBAE7D,IAAI,mBAAmB,KAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,CAAA,EAAE,CAAC;oBACzC,IAAI,YAAY,IAAI,0CAA0C,EAAE,CAAC;wBAE/D,MAAM,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,iBAAiB,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAClE,YAAY,EACZ,YAAY,CAAC,gBAAgB,CAC9B,CAAC;wBACF,mBAAmB,GAAG,GAAG,CAAC;wBAC1B,IAAI,CAAC,mBAAmB,EAAE,CAAC;4BACzB,iBAAiB,GAAG,2EAA2E,CAAC;wBAClG,CAAC;6BAAM,IAAI,iBAAiB,EAAE,CAAC;4BAC7B,iBAAiB,GAAG,iBAA2B,CAAC;4BAEhD,IAAI,wBAAwB,IAAI,mBAAmB,CAAC,IAAI,EAAE,CAAC;gCACzD,MAAM,eAAe,GAAG,gBAAE,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,0CAA0C,CAAC,CAAC;gCACrG,IAAI,OAAO,eAAe,KAAK,WAAW,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;oCAClF,MAAM,yBAAyB,CAAC,MAAM,CACpC;wCACE,OAAO,EAAE,EAAE,CAAC,0CAA0C,CAAC,EAAE,eAAe,EAAE,KAAK,EAAE,YAAY,EAAE;qCAChG,EACD,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAC7B,CAAC;gCACJ,CAAC;4BACH,CAAC;wBACH,CAAC;6BAAM,CAAC;4BACN,MAAM,sBAAsB,GAAG,gBAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,0CAA0C,CAAC,CAAC;4BAChG,IAAI,sBAAsB,KAAK,YAAY,EAAE,CAAC;gCAC5C,iBAAiB,GAAG,gFAAgF,CAAC;4BACvG,CAAC;iCAAM,CAAC;gCACN,YAAY,GAAG,IAAI,CAAC;gCACpB,UAAU,GAAG,KAAK,CAAC;4BACrB,CAAC;wBACH,CAAC;wBAED,IAAI,0BAA0B,EAAE,CAAC;4BAC/B,IAAI,MAAA,mBAAmB,aAAnB,mBAAmB,uBAAnB,mBAAmB,CAAE,IAAI,0CAAE,aAAa,EAAE,CAAC;gCAC7C,oBAAoB,GAAG,IAAI,CAAC;gCAC5B,YAAY,GAAG,IAAI,CAAC;gCACpB,UAAU,GAAG,KAAK,CAAC;4BACrB,CAAC;iCAAM,CAAC;gCACN,iBAAiB,GAAG,6EAA6E,CAAC;4BACpG,CAAC;wBACH,CAAC;oBACH,CAAC;yBAEI,CAAC;wBACJ,iBAAiB;4BACf,iHAAiH,CAAC;wBACpH,IAAI,wBAAwB,EAAE,CAAC;4BAC7B,MAAM,eAAe,GAAG,gBAAE,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;4BAClE,IAAI,OAAO,eAAe,KAAK,WAAW,IAAI,OAAO,eAAe,KAAK,QAAQ,EAAE,CAAC;gCAClF,MAAM,yBAAyB,CAAC,MAAM,CACpC;oCACE,OAAO,EAAE,EAAE,CAAC,mBAAmB,CAAC,EAAE,eAAe,EAAE,KAAK,EAAE;iCAC3D,EACD,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAC7B,CAAC;4BACJ,CAAC;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;qBAEI,CAAC;oBACJ,iBAAiB,GAAG,iEAAiE,CAAC;gBACxF,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,UAAU,GAAG,KAAK,CAAC;YACrB,CAAC;YACD,IAAI,UAAU,EAAE,CAAC;gBACf,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBAChC,MAAM,IAAI,uBAAgB,CAAC,uBAAuB,CAAC,CAAC;YACtD,CAAC;YAED,IAAI,CAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,IAAI,KAAI,YAAY,EAAE,CAAC;gBAClC,MAAM,SAAS,mCAAwD,OAAO,CAAC,IAAI,KAAE,IAAI,EAAE,wCAAS,CAAC,MAAM,GAAE,CAAC;gBAC9G,IAAI,YAAY,IAAI,0CAA0C,EAAE,CAAC;oBAC/D,SAAS,CAAC,0CAA0C,CAAC,GAAG,YAAY,CAAC;gBACvE,CAAC;gBACD,IAAI,oBAAoB,EAAE,CAAC;oBACzB,MAAM,gCAAgC,GAAG,MAAM,IAAI,CAAC,YAAY,CAC9D,mBAAoB,CAAC,IAAK,CAAC,wBAAyB,CACpD,CAAC,0BAA0B,CAAC;wBAC5B,WAAW,EAAE,OAAO,CAAC,IAAK,CAAC,aAAc;wBACzC,YAAY,EAAE,mBAAoB,CAAC,IAAK,CAAC,aAAc;qBACxD,CAAC,CAAC;oBACH,IAAI,gCAAgC,CAAC,KAAK,EAAE,CAAC;wBAE3C,MAAM,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC;wBAChC,MAAM,IAAI,uBAAgB,CAAC,uBAAuB,CAAC,CAAC;oBACtD,CAAC;oBAED,SAAS,CAAC,aAAa,GAAG,gCAAgC,CAAC,cAAc,CAAC;gBAC5E,CAAC;gBACD,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAsD,EAAE;oBAC3F,gBAAgB,EAAE,wBAAwB;oBAC1C,mBAAmB;oBACnB,OAAO,EAAE,eAAe;oBACxB,gBAAgB,EAAE,iBAAiB;iBACpC,CAAC,CAAC;gBACH,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC;YAC1B,CAAC;YACD,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC;QAC/B,CAAC;KAAA;IAEe,MAAM,CACpB,KAAa,EACb,MAAc,EACd,OAAqE;;;YAErE,MAAM,EAAE,cAAc,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;YAC5C,MAAM,YAAY,GAAG,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,UAAU,CAAuB,CAAC;YACpF,MAAM,EAAE,mBAAmB,EAAE,cAAc,EAAE,GAAG,OAAO,IAAI,EAAE,CAAC;YAC9D,MAAM,IAAI,GAAG,MAAM,IAAI,OAAO,CAAwE,OAAO,CAAC,EAAE;gBAC9G,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,OAAO,EAAE,EAAE;oBACzC,IAAI,GAAG,EAAE,CAAC;wBACR,OAAO,CAAC,EAAE,OAAO,EAAE,OAAiD,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;oBACtF,CAAC;oBACD,OAAO,CAAC,EAAE,OAAO,EAAE,OAAiD,EAAE,CAAC,CAAC;gBAC1E,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,MAAM,UAAU,qBAAqD,IAAI,CAAE,CAAC;YAC5E,MAAM,YAAY,GAAG,MAAA,IAAI,CAAC,OAAO,0CAAE,IAAI,CAAC;YACxC,IAAI,cAAc,KAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,aAAa,CAAA,KAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,wBAAwB,CAAA,EAAE,CAAC;gBAC5F,MAAM,iBAAiB,GAAG,MAAA,YAAY,CAAC,mBAAmB,0CAAG,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,wBAAwB,CAAC,CAAC;gBACrG,IAAI,CAAA,iBAAiB,aAAjB,iBAAiB,uBAAjB,iBAAiB,CAAE,6BAA6B,KAAI,mBAAmB,EAAE,CAAC;oBAC5E,MAAM,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,wBAAwB,CAAC,CAAC;oBAC9E,IAAI,CAAC,WAAW,EAAE,CAAC;wBACjB,MAAM,IAAI,uBAAgB,CACxB,iDAAiD,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,wBAAwB,kBAAkB,CAC1G,CAAC;oBACJ,CAAC;oBACD,UAAU,CAAC,iBAAiB,GAAG,MAAM,WAAW,CAAC,yBAAyB,CAAC;wBACzE,WAAW,EAAE,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,aAAa;qBACzC,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;KAAA;CACF;AAhQD,wDAgQC"}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import { AppConfigCommonDomainIAMAuthServiceConfigCompleteSettings, AppConfigCommonDomainIAMAuthServiceConfigInitiateSettings, AppConfigDomainIAMAuthenticationStep, DomainFindOnePrivateOptions, GenericObject } from '@node-c/core';
|
|
2
|
+
import { IAMAuthenticationCompleteResult, IAMAuthenticationInitiateResult, IAMAuthenticationService, IAMAuthenticationType } from '../authentication';
|
|
3
|
+
import { AuthorizationUser } from '../authorization';
|
|
4
|
+
import { IAMMFAType } from '../mfa';
|
|
5
|
+
export interface IAMUserManagerCreateAccessTokenOptions<AuthData = unknown> {
|
|
6
|
+
auth: {
|
|
7
|
+
mfaType?: IAMMFAType;
|
|
8
|
+
type: IAMAuthenticationType | string;
|
|
9
|
+
} & AuthData;
|
|
10
|
+
filters?: GenericObject;
|
|
11
|
+
mainFilterField: string;
|
|
12
|
+
rememberUser?: boolean;
|
|
13
|
+
step?: AppConfigDomainIAMAuthenticationStep;
|
|
14
|
+
}
|
|
15
|
+
export type IAMUserManagerCreateAccessTokenReturnData<UserData> = {
|
|
16
|
+
accessToken: string;
|
|
17
|
+
refreshToken?: string;
|
|
18
|
+
user: UserData;
|
|
19
|
+
} | {
|
|
20
|
+
nextStepsRequired: boolean;
|
|
21
|
+
};
|
|
22
|
+
export type IAMUserManagerExecuteStepData<AuthData = unknown> = Omit<IAMUserManagerCreateAccessTokenOptions<AuthData>, 'rememberUser' | 'step'>;
|
|
23
|
+
export interface IAMUserManagerExecuteStepOptions<User extends object> {
|
|
24
|
+
authService: IAMAuthenticationService<User, User>;
|
|
25
|
+
name: AppConfigDomainIAMAuthenticationStep;
|
|
26
|
+
stepConfig: AppConfigCommonDomainIAMAuthServiceConfigCompleteSettings | AppConfigCommonDomainIAMAuthServiceConfigInitiateSettings;
|
|
27
|
+
}
|
|
28
|
+
export interface IAMUserManagerExecuteStepResult<User extends object> {
|
|
29
|
+
stepResult: IAMAuthenticationCompleteResult | IAMAuthenticationInitiateResult;
|
|
30
|
+
user: IAMUserManagerUserWithPermissionsData<User, unknown> | null;
|
|
31
|
+
userFilterField?: string | undefined;
|
|
32
|
+
userFilterValue?: unknown | undefined;
|
|
33
|
+
}
|
|
34
|
+
export interface IAMUserManagerGetUserWithPermissionsDataOptions extends DomainFindOnePrivateOptions {
|
|
35
|
+
keepPassword?: boolean;
|
|
36
|
+
}
|
|
37
|
+
export type IAMUserManagerUserWithPermissionsData<UserData, AuthorizationPointId> = AuthorizationUser<AuthorizationPointId> & UserData;
|
|
38
|
+
export interface IAMUserManagerUserTokenEnityFields<UserId = unknown> {
|
|
39
|
+
refreshToken?: string;
|
|
40
|
+
userId: UserId;
|
|
41
|
+
user?: IAMUserManagerUserWithPermissionsData<object, unknown>;
|
|
42
|
+
}
|
|
43
|
+
export declare enum IAMUserManagerUserTokenUserIdentifier {
|
|
44
|
+
FieldName = "userId"
|
|
45
|
+
}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.IAMUserManagerUserTokenUserIdentifier = void 0;
|
|
4
|
+
var IAMUserManagerUserTokenUserIdentifier;
|
|
5
|
+
(function (IAMUserManagerUserTokenUserIdentifier) {
|
|
6
|
+
IAMUserManagerUserTokenUserIdentifier["FieldName"] = "userId";
|
|
7
|
+
})(IAMUserManagerUserTokenUserIdentifier || (exports.IAMUserManagerUserTokenUserIdentifier = IAMUserManagerUserTokenUserIdentifier = {}));
|
|
8
|
+
//# sourceMappingURL=iam.userManager.definitions.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"iam.userManager.definitions.js","sourceRoot":"","sources":["../../../src/services/userManager/iam.userManager.definitions.ts"],"names":[],"mappings":";;;AAqEA,IAAY,qCAGX;AAHD,WAAY,qCAAqC;IAE/C,6DAAoB,CAAA;AACtB,CAAC,EAHW,qCAAqC,qDAArC,qCAAqC,QAGhD"}
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
import { ConfigProviderService, DataDefaultData, DataEntityService, DataFindOneOptions, DomainEntityService, DomainEntityServiceDefaultData, GenericObject, LoggerService } from '@node-c/core';
|
|
2
|
+
import { IAMUserManagerCreateAccessTokenOptions, IAMUserManagerCreateAccessTokenReturnData, IAMUserManagerGetUserWithPermissionsDataOptions, IAMUserManagerUserTokenEnityFields, IAMUserManagerUserWithPermissionsData } from './iam.userManager.definitions';
|
|
3
|
+
import { IAMAuthenticationService, IAMAuthenticationType } from '../authentication';
|
|
4
|
+
import { IAMAuthenticationOAuth2Service } from '../authenticationOAuth2';
|
|
5
|
+
import { IAMAuthenticationUserLocalService } from '../authenticationUserLocal';
|
|
6
|
+
import { IAMTokenManagerService } from '../tokenManager';
|
|
7
|
+
export declare class IAMUserManagerService<User extends object, Data extends DomainEntityServiceDefaultData<Partial<User>> = DomainEntityServiceDefaultData<Partial<User>>, DataEntityServiceData extends DataDefaultData<Partial<User>> = DataDefaultData<Partial<User>>> {
|
|
8
|
+
protected authServices: {
|
|
9
|
+
[IAMAuthenticationType.OAuth2]?: IAMAuthenticationOAuth2Service<object, object>;
|
|
10
|
+
[IAMAuthenticationType.UserLocal]?: IAMAuthenticationUserLocalService<object, object>;
|
|
11
|
+
} & {
|
|
12
|
+
[serviceName: string]: IAMAuthenticationService<object, object>;
|
|
13
|
+
};
|
|
14
|
+
protected configProvider: ConfigProviderService;
|
|
15
|
+
protected dataUsersAuthCacheService: DataEntityService<GenericObject>;
|
|
16
|
+
protected domainUsersEntityService: DomainEntityService<User, DataEntityService<User, DataEntityServiceData>, Data, Record<string, DataEntityService<Partial<User>, DataDefaultData<object>>> | undefined>;
|
|
17
|
+
protected logger: LoggerService;
|
|
18
|
+
protected moduleName: string;
|
|
19
|
+
protected tokenManager: IAMTokenManagerService<IAMUserManagerUserTokenEnityFields>;
|
|
20
|
+
constructor(authServices: {
|
|
21
|
+
[IAMAuthenticationType.OAuth2]?: IAMAuthenticationOAuth2Service<object, object>;
|
|
22
|
+
[IAMAuthenticationType.UserLocal]?: IAMAuthenticationUserLocalService<object, object>;
|
|
23
|
+
} & {
|
|
24
|
+
[serviceName: string]: IAMAuthenticationService<object, object>;
|
|
25
|
+
}, configProvider: ConfigProviderService, dataUsersAuthCacheService: DataEntityService<GenericObject>, domainUsersEntityService: DomainEntityService<User, DataEntityService<User, DataEntityServiceData>, Data, Record<string, DataEntityService<Partial<User>, DataDefaultData<object>>> | undefined>, logger: LoggerService, moduleName: string, tokenManager: IAMTokenManagerService<IAMUserManagerUserTokenEnityFields>);
|
|
26
|
+
createAccessToken<AuthData = unknown>(options: IAMUserManagerCreateAccessTokenOptions<AuthData>): Promise<IAMUserManagerCreateAccessTokenReturnData<User>>;
|
|
27
|
+
private executeStep;
|
|
28
|
+
protected getUserForStepExecution(options: {
|
|
29
|
+
filters: GenericObject;
|
|
30
|
+
mainFilterField: string;
|
|
31
|
+
}): Promise<IAMUserManagerUserWithPermissionsData<User, unknown> | null>;
|
|
32
|
+
getUserWithPermissionsData(_options: DataFindOneOptions, _privateOptions?: IAMUserManagerGetUserWithPermissionsDataOptions): Promise<IAMUserManagerUserWithPermissionsData<User, unknown> | null>;
|
|
33
|
+
}
|