@siran/auth-core 0.9.0 → 0.14.0

package/src/auth-engine.factory.ts

@@ -1,22 +1,47 @@
-import { AuthPreferencesServicePort } from "@application/ports/auth-preference-service.port.js";
-import { AuthServicePort } from "@application/ports/auth-service.port.js";
-import { PreRegisterPolicy } from "@application/ports/pre-register-policy.port.js";
-import { AccountAlreadyExistsPolicy } from "@application/services/account-already-exists.service.js";
-import { authenticateUser } from "@application/use-cases/authenticate-user.js";
-import { registerUser } from "@application/use-cases/register-user.js";
-import { AuthEngine } from "@root/auth-engine.js";
+import { AccountAlreadyExistsPolicy } from '@application/policies/account-already-exists.policy.js';
+import { OtpCodePolicy } from '@application/policies/otp-code.policy.js';
+import { OtpIdentifierPolicy } from '@application/policies/otp-identifier.policy.js';
+import { PasswordIdentifierPolicy } from '@application/policies/password-identifier.policy.js';
+import { PasswordPresentPolicy } from '@application/policies/password-present.policy.js';
+import { PasswordStrengthPolicy } from '@application/policies/password-strength.policy.js';
+import { AuthPreferencesServicePort } from '@application/ports/auth-preference-service.port.js';
+import { AuthServicePort } from '@application/ports/auth-service.port.js';
+import { PreRegisterPolicy } from '@application/ports/pre-register-policy.port.js';
+import { UserExistencePort } from '@application/ports/user-existence.port.js';
+import { authenticateUser } from '@application/use-cases/authenticate-user.js';
+import { registerUser } from '@application/use-cases/register-user.js';
+import { AuthEngine } from '@root/auth-engine.js';
 
 export class AuthEngineFactory {
   static async create(
     authService: AuthServicePort,
     authPreferencesService: AuthPreferencesServicePort,
-    basePolicies: PreRegisterPolicy[],
+    userExistence: UserExistencePort,
+    basePolicies: PreRegisterPolicy[]
   ): Promise<AuthEngine> {
     const preferences = await authPreferencesService.getAuthPreferences();
 
     const policies = [
       ...basePolicies,
-      new AccountAlreadyExistsPolicy(authService, !preferences.allowDuplicatedAccount),
+      new AccountAlreadyExistsPolicy(
+        userExistence,
+        !preferences.allowDuplicatedAccount
+      ),
+      new PasswordStrengthPolicy(
+        !preferences.allowWeakPassword
+      ),
+      new PasswordIdentifierPolicy(
+        !preferences.allowMissingPasswordIdentifier
+      ),
+      new PasswordPresentPolicy(
+        !preferences.allowMissingPassword
+      ),
+      new OtpIdentifierPolicy(
+        !preferences.allowMissingOtpIdentifier
+      ),
+      new OtpCodePolicy(
+        !preferences.allowMissingOtpCode
+      ),
     ];
 
     return new AuthEngine({
@@ -25,4 +50,4 @@ export class AuthEngineFactory {
       logout: () => authService.logout(),
     });
   }
-}
+}

package/src/index.ts

@@ -6,11 +6,20 @@ export * from '@domain/user-account.js';
 /**
  * Application
  */
+export * from '@application/ports/auth-preference-service.port.js';
 export * from '@application/ports/auth-service.port.js';
 export * from '@application/ports/pre-register-policy.port.js';
+export * from '@application/ports/user-existence.port.js';
+export * from '@application/services/composite-auth.service.js';
+
+/**
+ * Infrastructure
+ */
+// Infrastructure adapters are provided as separate packages
 
 /**
  * Auth Engine
  */
 export * from '@root/auth-engine.factory.js';
 export * from '@root/auth-engine.js';
+

package/tests/application/policies/magic-link-token.policy.test.ts

@@ -0,0 +1,74 @@
+import { MagicLinkTokenPolicy } from '@application/policies/magic-link-token.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('MagicLinkTokenPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new MagicLinkTokenPolicy(false);
+    const method = {
+      type: 'magic_link' as const,
+      token: 'short',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and token meets minimum length', async () => {
+    const policy = new MagicLinkTokenPolicy(true);
+    const method = {
+      type: 'magic_link' as const,
+      token: 'valid-token-123456789',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but token is missing', async () => {
+    const policy = new MagicLinkTokenPolicy(true);
+    const method = {
+      type: 'magic_link' as const,
+      token: '',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false when policy is enabled but token is too short', async () => {
+    const policy = new MagicLinkTokenPolicy(true);
+    const method = {
+      type: 'magic_link' as const,
+      token: 'short', // 5 chars
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false when policy is enabled but token is exactly at boundary', async () => {
+    const policy = new MagicLinkTokenPolicy(true);
+    const method = {
+      type: 'magic_link' as const,
+      token: '1234567890', // exactly 10 chars
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false for non-magic link methods', async () => {
+    const policy = new MagicLinkTokenPolicy(true);
+    const passwordMethod = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(passwordMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new MagicLinkTokenPolicy(true);
+    expect(policy.code).toBe('MISSING_MAGIC_LINK_TOKEN');
+  });
+});

package/tests/application/policies/oauth-code.policy.test.ts

@@ -0,0 +1,79 @@
+import { OAuthCodePolicy } from '@application/policies/oauth-code.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('OAuthCodePolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new OAuthCodePolicy(false);
+    const method = {
+      type: 'oauth' as const,
+      provider: 'google' as const,
+      code: '',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and code meets minimum length', async () => {
+    const policy = new OAuthCodePolicy(true);
+    const method = {
+      type: 'oauth' as const,
+      provider: 'google' as const,
+      code: 'auth-code-12345',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but code is missing', async () => {
+    const policy = new OAuthCodePolicy(true);
+    const method = {
+      type: 'oauth' as const,
+      provider: 'google' as const,
+      code: '',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false when policy is enabled but code is too short', async () => {
+    const policy = new OAuthCodePolicy(true);
+    const method = {
+      type: 'oauth' as const,
+      provider: 'google' as const,
+      code: 'five', // 5 chars (too short)
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and code is exactly at boundary', async () => {
+    const policy = new OAuthCodePolicy(true);
+    const method = {
+      type: 'oauth' as const,
+      provider: 'google' as const,
+      code: '12345', // exactly 5 chars
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false for non-OAuth methods', async () => {
+    const policy = new OAuthCodePolicy(true);
+    const passwordMethod = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(passwordMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new OAuthCodePolicy(true);
+    expect(policy.code).toBe('MISSING_OAUTH_CODE');
+  });
+});

package/tests/application/policies/oauth-provider.policy.test.ts

@@ -0,0 +1,76 @@
+import { OAuthProviderPolicy } from '@application/policies/oauth-provider.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('OAuthProviderPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new OAuthProviderPolicy(false);
+    const method = {
+      type: 'oauth' as const,
+      provider: 'unsupported' as any,
+      code: 'auth-code',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and provider is supported', async () => {
+    const policy = new OAuthProviderPolicy(true);
+    const method = {
+      type: 'oauth' as const,
+      provider: 'google' as const,
+      code: 'auth-code',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return true for all supported providers', async () => {
+    const policy = new OAuthProviderPolicy(true);
+    const supportedProviders = [
+      'google',
+      'github',
+      'apple',
+      'facebook',
+    ] as const;
+
+    for (const provider of supportedProviders) {
+      const method = {
+        type: 'oauth' as const,
+        provider,
+        code: 'auth-code',
+      };
+
+      expect(await policy.isActive(method)).toBe(true);
+      expect(await policy.check(method)).toBe(true);
+    }
+  });
+
+  it('should return false when policy is enabled but provider is unsupported', async () => {
+    const policy = new OAuthProviderPolicy(true);
+    const method = {
+      type: 'oauth' as const,
+      provider: 'unsupported-provider' as any,
+      code: 'auth-code',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-OAuth methods', async () => {
+    const policy = new OAuthProviderPolicy(true);
+    const passwordMethod = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(passwordMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new OAuthProviderPolicy(true);
+    expect(policy.code).toBe('UNSUPPORTED_OAUTH_PROVIDER');
+  });
+});

package/tests/application/policies/otp-code-format.policy.test.ts

@@ -0,0 +1,90 @@
+import { OtpCodeFormatPolicy } from '@application/policies/otp-code-format.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('OtpCodeFormatPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new OtpCodeFormatPolicy(false);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: 'invalid',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and code has valid format', async () => {
+    const policy = new OtpCodeFormatPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but code format is invalid', async () => {
+    const policy = new OtpCodeFormatPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: 'abc123', // Contains letters
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false when policy is enabled but code is too short', async () => {
+    const policy = new OtpCodeFormatPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '12345', // 5 digits
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false when policy is enabled but code is too long', async () => {
+    const policy = new OtpCodeFormatPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '1234567', // 7 digits
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should handle empty code string', async () => {
+    const policy = new OtpCodeFormatPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '',
+    };
+
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-OTP methods', async () => {
+    const policy = new OtpCodeFormatPolicy(true);
+    const passwordMethod = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(passwordMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new OtpCodeFormatPolicy(true);
+    expect(policy.code).toBe('INVALID_OTP_FORMAT');
+  });
+});

package/tests/application/policies/otp-code.policy.test.ts

@@ -0,0 +1,55 @@
+import { OtpCodePolicy } from '@application/policies/otp-code.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('OtpCodePolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new OtpCodePolicy(false);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and code is present', async () => {
+    const policy = new OtpCodePolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but code is missing', async () => {
+    const policy = new OtpCodePolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-OTP methods', async () => {
+    const policy = new OtpCodePolicy(true);
+    const passwordMethod = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(passwordMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new OtpCodePolicy(true);
+    expect(policy.code).toBe('MISSING_OTP_CODE');
+  });
+});

package/tests/application/policies/otp-identifier.policy.test.ts

@@ -0,0 +1,55 @@
+import { OtpIdentifierPolicy } from '@application/policies/otp-identifier.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('OtpIdentifierPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new OtpIdentifierPolicy(false);
+    const method = {
+      type: 'otp' as const,
+      identifier: '',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and identifier is present', async () => {
+    const policy = new OtpIdentifierPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but identifier is missing', async () => {
+    const policy = new OtpIdentifierPolicy(true);
+    const method = {
+      type: 'otp' as const,
+      identifier: '',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-OTP methods', async () => {
+    const policy = new OtpIdentifierPolicy(true);
+    const passwordMethod = {
+      type: 'password' as const,
+      identifier: '',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(passwordMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new OtpIdentifierPolicy(true);
+    expect(policy.code).toBe('MISSING_OTP_IDENTIFIER');
+  });
+});

package/tests/application/policies/password-identifier.policy.test.ts

@@ -0,0 +1,55 @@
+import { PasswordIdentifierPolicy } from '@application/policies/password-identifier.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('PasswordIdentifierPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new PasswordIdentifierPolicy(false);
+    const method = {
+      type: 'password' as const,
+      identifier: '',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and identifier is present', async () => {
+    const policy = new PasswordIdentifierPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but identifier is missing', async () => {
+    const policy = new PasswordIdentifierPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: '',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-password methods', async () => {
+    const policy = new PasswordIdentifierPolicy(true);
+    const otpMethod = {
+      type: 'otp' as const,
+      identifier: '',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(otpMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new PasswordIdentifierPolicy(true);
+    expect(policy.code).toBe('MISSING_PASSWORD_IDENTIFIER');
+  });
+});

package/tests/application/policies/password-min-length.policy.test.ts

@@ -0,0 +1,66 @@
+import { PasswordMinLengthPolicy } from '@application/policies/password-min-length.policy.js';
+import { describe, expect, it } from 'vitest';
+
+describe('PasswordMinLengthPolicy', () => {
+  it('should return false when policy is disabled', async () => {
+    const policy = new PasswordMinLengthPolicy(false);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'short',
+    };
+
+    expect(await policy.isActive(method)).toBe(false);
+  });
+
+  it('should return true when policy is enabled and password meets minimum length', async () => {
+    const policy = new PasswordMinLengthPolicy(true, 8);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'password123',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(true);
+  });
+
+  it('should return false when policy is enabled but password is too short', async () => {
+    const policy = new PasswordMinLengthPolicy(true, 8);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: 'short',
+    };
+
+    expect(await policy.isActive(method)).toBe(true);
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should use default minimum length of 8', async () => {
+    const policy = new PasswordMinLengthPolicy(true);
+    const method = {
+      type: 'password' as const,
+      identifier: 'test@example.com',
+      password: '1234567', // 7 chars
+    };
+
+    expect(await policy.check(method)).toBe(false);
+  });
+
+  it('should return false for non-password methods', async () => {
+    const policy = new PasswordMinLengthPolicy(true, 8);
+    const otpMethod = {
+      type: 'otp' as const,
+      identifier: 'test@example.com',
+      code: '123456',
+    };
+
+    expect(await policy.isActive(otpMethod)).toBe(false);
+  });
+
+  it('should have correct error code', () => {
+    const policy = new PasswordMinLengthPolicy(true, 8);
+    expect(policy.code).toBe('PASSWORD_TOO_SHORT');
+  });
+});