@skyapp-labs/blueprint-backend-core 1.8.0 → 1.9.0

package/CHANGELOG.md

@@ -1,9 +1,9 @@
-# [1.8.0](https://github.com/Skyapp-Labs/blueprint-backend-core/compare/v1.7.0...v1.8.0) (2026-06-22)
+# [1.9.0](https://github.com/Skyapp-Labs/blueprint-backend-core/compare/v1.8.1...v1.9.0) (2026-06-23)
 
 
 ### Features
 
-* add configurable PIN length to PIN status responses ([5939b38](https://github.com/Skyapp-Labs/blueprint-backend-core/commit/5939b38bad96044363823348a26e075604ccd15e))
+* enhance authentication and OTP flow documentation ([01e5188](https://github.com/Skyapp-Labs/blueprint-backend-core/commit/01e5188a4915f6ab046d18303fd7107eab3f5aba))
 
 # Changelog
 
@@ -13,20 +13,49 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 
 ---
 
-## [1.7.1] - 2026-06-19
+## [1.8.2] - 2026-06-23
 
 ### Fixed
+
+- **PIN validation** — wired `ConfigAwareValidationPipe` on all PIN body endpoints (`set`, `change`, `verify`, `remove`) so `@IsConfiguredPinLength()` reads the runtime `pin.length` setting instead of the hardcoded default.
+- **Signup/register tokens** — clearer errors when `verifyPhoneVerifiedToken()` fails: **409** when an existing account’s login token is sent to `/auth/register`, and **401** guidance when `verificationId` is used instead of `verificationToken` or the token is expired/reused.
+
+### Changed
+
+- **Swagger documentation** — updated auth, OTP, PIN, session, and password controllers with step-by-step phone/email flows, request examples, and typed response schemas (`TokenResponseDto`, `OtpVerifyResponseDto`, etc.).
+
+### Removed
+
+- **Unused DTOs** — removed duplicate/legacy files: `login-phone`, `login-email`, `register-phone`, `register-email`, `refresh-token`, `forgot-password`, `invite`, and legacy `otp/dto/*` stubs superseded by `auth/dto/otp.dto.ts`.
+
+## [1.8.1] - 2026-06-22
+
+### Fixed
+
+- **PIN verify/change/remove** — fixed `loadPinRecord()` using `.addSelect('pin.pinHash')` instead of the DB column name `pin.pin_hash`, which left `record.pinHash` undefined and caused argon2 to throw `pchstr must be a non-empty string` on verify.
+- **PIN hash guard** — return a clear 400 when a PIN row exists but has no stored hash, instead of a 500 from argon2.
+
+### Changed
+
+- **PIN status responses** — `GET /auth/pin/status` and `GET /auth/pin/status/:type` now include a `length` field reflecting the configured `pin.length` setting so clients know how many digits to collect.
+
+## [1.8.0] - 2026-06-19
+
+### Fixed
+
 - **OTP verify/resend validation** — restored `@IsString()` / `@IsConfiguredOtpLength()` on `VerifyOtpDto.otp` and wired `verify-otp` / `resend-otp` through `ConfigAwareValidationPipe` so the `otp` field is not stripped when using a global `ValidationPipe` with `whitelist: true`.
 - **OTP length handling** — capped codes at **4–6 digits**; generation respects `otp.code_length` from settings while verify accepts test codes (e.g. `123456`) even when configured length differs.
 - **Test OTP identities** — `test.otp_identifiers` entries use their fixed configured code on send; invalid entries are skipped with a warning instead of breaking the flow.
 
 ### Changed
+
 - **OTP session code resolution** — added `resolveSessionOtpCode()` helper; clearer errors when a test setting code is outside the allowed digit range.
 - **Settings seed** — `test.otp_identifiers` schema allows 4–6 digit test codes (was fixed at 6).
 
 ## [1.7.0] - 2026-06-19
 
 ### Added
+
 - **PIN Authentication** — complete PIN-based auth module with `UserPin` entity, `PinAuthService`, and `PinController` for managing user-specific PINs (e.g., authentication, transaction PINs).
 - **PIN status by type** — `GET /auth/pin/status/:type` returns whether the authenticated user has a PIN set for a given type, including lock state and timestamps.
 - **Configurable code lengths** — new `otp.code_length` and `pin.length` app settings (default **6**); OTP generation and PIN/OTP DTO validation respect the configured lengths at runtime.
@@ -36,6 +65,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 - **Repository Structure** — documented `src/` layout and submodule setup in README.
 
 ### Changed
+
 - **Invitations** — implemented permission checks in `InvitationsController` and refactored `CreateInvitationDto` to use transformed delivery channels.
 - **Sessions** — included `UsersModule` in sessions module imports.
 - **Settings** — updated settings seed with additional test OTP entries, OTP code length, and PIN length entries.
@@ -43,24 +73,27 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 - **Validation** — `ConfigAwareValidationPipe` injects configured PIN/OTP lengths into DTOs; replaced hardcoded 4–8 digit PIN and 6-digit OTP regexes with settings-aware validators.
 
 ### Removed
+
 - Removed `CoreModule` and related files to improve project structure.
 - Removed `ManifestSyncService` from the roles module.
 - Removed hardcoded `OTP_CODE_LENGTH` constant — length is now driven by `otp.code_length` setting.
 
-
 ## [1.5.0] - 2026-05-25
 
 ### Added
+
 - **InvitationsModule** — new pluggable module for managing user invitations; wired into `CoreModule`.
 - `.dockerignore` — added to reduce Docker build context size.
 
 ### Changed
+
 - **Permissions cache** — `RolesService` now exposes a synchronous `getPermissions(roleSlug)` and `hasPermission(roleSlug, permissionSlug)` API backed by an in-memory cache loaded at boot (after manifest sync) and kept in sync on every `create`, `update`, `delete`, and `assignPermissions` mutation.
 - **PermissionsService** — `update()` and `delete()` now trigger a full `RolesService.reloadCache()` so that permission slug renames and removals are immediately reflected across all role cache entries.
 - **PermissionsGuard** — rewritten to use the synchronous `RolesService.getPermissions()` cache instead of issuing a database query per request; the guard is now fully synchronous. Fixed a broken bare module import (`modules/roles/services` → relative path) that caused `MODULE_NOT_FOUND` errors in the compiled output.
 - **Email template handling** — refactored template key usage across notification services; improved error logging when templates are missing.
 
 ### Fixed
+
 - `package-lock.json` regenerated to include missing transitive dependencies (`@emnapi/core`, `@emnapi/runtime`) that caused `npm ci` to fail inside Docker.
 
 ---
@@ -68,6 +101,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.4.0] - 2026-05-19
 
 ### Changed
+
 - **JWT payload** — enriched to include user profile details (name, avatar, etc.) and resolved permission slugs so consumers can read identity and access data directly from the token without additional API calls.
 
 ---
@@ -75,6 +109,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.3.1] - 2026-05-13
 
 ### Fixed
+
 - Auth provider test-entry lookup replaced with a more flexible strategy that is not tied to a specific credential format.
 
 ---
@@ -82,6 +117,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.3.0] - 2026-05-12
 
 ### Added
+
 - **Full-schema migration** — consolidated database schema migration (`full-schema`) covering all core entities (users, roles, permissions, settings, OTP, invitations, notifications). Removed the earlier piecemeal migration files.
 
 ---
@@ -89,6 +125,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.2.0] - 2026-05-05
 
 ### Added
+
 - `schema` column on `app_settings` table to describe the shape of complex setting values.
 - New `arrayOfObject` setting type — parsed as `JSON.parse()` and intended for arrays of structured objects; the `schema` field documents the expected shape.
 
@@ -97,9 +134,11 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.1.0] - 2026-04-18
 
 ### Changed
+
 - Security hardening across authentication flows.
 
 ### Fixed
+
 - Various bug fixes related to session handling and credential validation.
 
 ---
@@ -107,9 +146,11 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.10] - 2026-04-04
 
 ### Added
+
 - `discoverManifestsFromPaths` utility for manifest-based module discovery.
 
 ### Changed
+
 - Enabled `formatOnSave` in editor config.
 
 ---
@@ -117,6 +158,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.9] - 2026-04-04
 
 ### Fixed
+
 - Publishing target migrated from GitHub Packages to the npm registry (second attempt — registry URL corrected).
 
 ---
@@ -124,6 +166,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.8] - 2026-04-04
 
 ### Fixed
+
 - Publishing target migrated from GitHub Packages to the npm registry.
 
 ---
@@ -131,6 +174,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.7] - 2026-04-04
 
 ### Fixed
+
 - npm publish registry URL corrected (second attempt).
 
 ---
@@ -138,6 +182,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.6] - 2026-04-04
 
 ### Fixed
+
 - npm publish registry URL corrected.
 
 ---
@@ -145,6 +190,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.5] - 2026-04-04
 
 ### Fixed
+
 - Seed runner was being executed automatically on startup; now only runs when explicitly invoked.
 
 ---
@@ -152,11 +198,13 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.4] - 2026-04-03
 
 ### Changed
+
 - Major internal refactor: flattened module structure for all core modules.
 - Code formatting pass across the entire codebase.
 - Added README.
 
 ### Fixed
+
 - Added missing database migration, schema, and seed scripts.
 
 ---
@@ -164,6 +212,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.3] - 2026-04-03
 
 ### Fixed
+
 - `runSeed` was not exported from the package entry point.
 
 ---
@@ -171,6 +220,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.2] - 2026-04-03
 
 ### Fixed
+
 - Package publish access set to `public`.
 
 ---
@@ -178,6 +228,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.1] - 2026-04-03
 
 ### Changed
+
 - Package renamed to `@skyapp-labs/blueprint-backend-core`.
 
 ---
@@ -185,6 +236,7 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) and
 ## [1.0.0] - 2026-04-02
 
 ### Added
+
 - Initial release of `@skyapp-labs/blueprint-backend-core`.
 - Core pluggable NestJS modules: Auth, Users, Roles & Permissions, Notifications, OTP, Settings, Profile, Health.
 - JWT-based authentication with native (email/password) and OAuth (Google) providers.

package/dist/modules/auth/controllers/auth.controller.d.ts

@@ -13,7 +13,7 @@ export declare class AuthController {
         authMethod: "email" | "phone";
         passwordResetEnabled: boolean;
     };
-    login(body: LoginDto, req: Request): Promise<import("..").TokenResponse>;
-    register(body: RegisterDto, req: Request): Promise<import("..").TokenResponse>;
+    login(body: LoginDto, req: Request): Promise<import("../dto/token.dto").TokenResponse>;
+    register(body: RegisterDto, req: Request): Promise<import("../dto/token.dto").TokenResponse>;
 }
 //# sourceMappingURL=auth.controller.d.ts.map

package/dist/modules/auth/controllers/auth.controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.controller.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/auth.controller.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAIlC,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAG3E,qBAGa,cAAc;IAEzB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAFf,YAAY,EAAE,YAAY,EAC1B,mBAAmB,EAAE,mBAAmB,EACxC,eAAe,EAAE,eAAe;IAoBlD,SAAS;;;;IA2BT,KAAK,CAAkC,IAAI,EAAE,QAAQ,EAAS,GAAG,EAAE,OAAO;IAoB1E,QAAQ,CAAkC,IAAI,EAAE,WAAW,EAAS,GAAG,EAAE,OAAO;CAIhF"}
+{"version":3,"file":"auth.controller.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/auth.controller.ts"],"names":[],"mappings":"AAWA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAIlC,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,kCAAkC,CAAC;AACvE,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGlD,OAAO,EAAE,eAAe,EAAE,MAAM,0CAA0C,CAAC;AAG3E,qBAGa,cAAc;IAEzB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IACpC,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAFf,YAAY,EAAE,YAAY,EAC1B,mBAAmB,EAAE,mBAAmB,EACxC,eAAe,EAAE,eAAe;IAkBlD,SAAS;;;;IAuCT,KAAK,CAAkC,IAAI,EAAE,QAAQ,EAAS,GAAG,EAAE,OAAO;IA8C1E,QAAQ,CAAkC,IAAI,EAAE,WAAW,EAAS,GAAG,EAAE,OAAO;CAIhF"}

package/dist/modules/auth/controllers/auth.controller.js

@@ -22,6 +22,7 @@ const login_service_1 = require("../services/login.service");
 const registration_service_1 = require("../services/registration.service");
 const login_dto_1 = require("../dto/login.dto");
 const register_dto_1 = require("../dto/register.dto");
+const token_dto_1 = require("../dto/token.dto");
 const config_aware_validation_pipe_1 = require("../../../common/pipes/config-aware-validation.pipe");
 const settings_service_1 = require("../../settings/services/settings.service");
 const settings_keys_1 = require("../../settings/constants/settings.keys");
@@ -53,7 +54,7 @@ __decorate([
     (0, swagger_1.ApiOperation)({
         summary: 'Auth configuration',
         description: 'Returns the active authentication configuration. ' +
-            'Clients should call this on startup to determine which login/registration UI to present.',
+            'Call on app startup to determine which login/registration UI to present.',
     }),
     (0, swagger_1.ApiOkResponse)({
         schema: {
@@ -73,13 +74,26 @@ __decorate([
     (0, common_1.UseGuards)(guards_1.LoginIpRateLimitGuard),
     (0, swagger_1.ApiOperation)({
         summary: 'Login',
-        description: 'Login with phone or email and password.',
+        description: '**Phone auth (auth.method=phone):** complete OTP first, then send `{ verificationToken }` from verify-otp when hasAccount=true.\n\n' +
+            '**Email auth (auth.method=email):** send `{ email, password }`.',
     }),
-    (0, swagger_1.ApiBody)({ type: login_dto_1.LoginDto }),
-    (0, swagger_1.ApiOkResponse)({
-        schema: { example: { accessToken: 'jwt', refreshToken: 'id.secret', expiresIn: 900000 } },
+    (0, swagger_1.ApiBody)({
+        type: login_dto_1.LoginDto,
+        examples: {
+            phone: {
+                summary: 'Phone OTP login (hasAccount=true)',
+                value: { verificationToken: 'c498758c-eec1-4a3b-b496-a6eddf498d4c' },
+            },
+            email: {
+                summary: 'Email + password login',
+                value: { email: 'user@example.com', password: 'P@ssw0rd!' },
+            },
+        },
+    }),
+    (0, swagger_1.ApiOkResponse)({ type: token_dto_1.TokenResponseDto }),
+    (0, swagger_1.ApiUnauthorizedResponse)({
+        description: 'Invalid or expired verificationToken (phone), or invalid credentials (email)',
     }),
-    (0, swagger_1.ApiUnauthorizedResponse)({ description: 'Invalid or expired temporary token' }),
     (0, swagger_1.ApiTooManyRequestsResponse)({
         description: 'Too many login attempts from this IP or identifier is locked',
     }),
@@ -94,14 +108,40 @@ __decorate([
     (0, common_1.HttpCode)(common_1.HttpStatus.CREATED),
     (0, swagger_1.ApiOperation)({
         summary: 'Register new account',
-        description: 'Create a new account using the phoneVerifiedToken from verify-otp. Issues access + refresh tokens immediately.',
+        description: '**Phone auth flow:**\n' +
+            '1. POST /auth/send-otp → `verificationId`\n' +
+            '2. POST /auth/verify-otp → `verificationToken` (when hasAccount=false)\n' +
+            '3. POST /auth/register → `{ verificationToken, profile }`\n\n' +
+            'Use **verificationToken** from step 2 — not verificationId. Token is single-use and expires per tokens.temporary_ttl_seconds.\n\n' +
+            '**Email auth:** send `{ email, password, profile }` — no OTP token required.',
+    }),
+    (0, swagger_1.ApiBody)({
+        type: register_dto_1.RegisterDto,
+        examples: {
+            phone: {
+                summary: 'Phone signup (after verify-otp, hasAccount=false)',
+                value: {
+                    verificationToken: 'c498758c-eec1-4a3b-b496-a6eddf498d4c',
+                    profile: { firstName: 'Ada', lastName: 'Lovelace' },
+                },
+            },
+            email: {
+                summary: 'Email + password signup',
+                value: {
+                    email: 'new.user@example.com',
+                    password: 'P@ssw0rd!',
+                    profile: { firstName: 'Ada', lastName: 'Lovelace' },
+                },
+            },
+        },
+    }),
+    (0, swagger_1.ApiCreatedResponse)({ type: token_dto_1.TokenResponseDto }),
+    (0, swagger_1.ApiConflictResponse)({
+        description: 'Phone or email already registered, or verificationToken belongs to an existing account (use /auth/login instead)',
     }),
-    (0, swagger_1.ApiBody)({ type: register_dto_1.RegisterDto }),
-    (0, swagger_1.ApiCreatedResponse)({
-        schema: { example: { accessToken: 'jwt', refreshToken: 'id.secret', expiresIn: 900000 } },
+    (0, swagger_1.ApiUnauthorizedResponse)({
+        description: 'Invalid, expired, or already-used verificationToken. Use verificationToken from verify-otp (hasAccount=false), not verificationId.',
     }),
-    (0, swagger_1.ApiConflictResponse)({ description: 'Phone number or email already registered' }),
-    (0, swagger_1.ApiUnauthorizedResponse)({ description: 'Invalid or expired phone-verified token' }),
     __param(0, (0, common_1.Body)(config_aware_validation_pipe_1.ConfigAwareValidationPipe)),
     __param(1, (0, common_1.Req)()),
     __metadata("design:type", Function),

package/dist/modules/auth/controllers/auth.controller.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.controller.js","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAmG;AACnG,6CASyB;AAEzB,2DAAoD;AACpD,uEAAyE;AACzE,mDAA+D;AAC/D,6DAAyD;AACzD,2EAAuE;AACvE,gDAA4C;AAC5C,sDAAkD;AAClD,qGAA+F;AAC/F,+EAA2E;AAC3E,0EAAsE;AAK/D,IAAM,cAAc,GAApB,MAAM,cAAc;IAC1B,YACkB,YAA0B,EAC1B,mBAAwC,EACxC,eAAgC;QAFhC,iBAAY,GAAZ,YAAY,CAAc;QAC1B,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,oBAAe,GAAf,eAAe,CAAiB;IAC/C,CAAC;IAmBJ,SAAS;QACR,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAS,4BAAY,CAAC,WAAW,CAElE,CAAC;QACX,OAAO;YACN,UAAU;YACV,oBAAoB,EAAE,UAAU,KAAK,OAAO;SAC5C,CAAC;IACH,CAAC;IAmBD,KAAK,CAAkC,IAAc,EAAS,GAAY;QACzE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IACtD,CAAC;IAiBD,QAAQ,CAAkC,IAAiB,EAAS,GAAY;QAC/E,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IAChE,CAAC;CACD,CAAA;AA3EY,wCAAc;AAwB1B;IAfC,IAAA,YAAG,EAAC,QAAQ,CAAC;IACb,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,oBAAoB;QAC7B,WAAW,EACV,mDAAmD;YACnD,0FAA0F;KAC3F,CAAC;IACD,IAAA,uBAAa,EAAC;QACd,MAAM,EAAE;YACP,OAAO,EAAE;gBACR,UAAU,EAAE,OAAO;gBACnB,oBAAoB,EAAE,KAAK;aAC3B;SACD;KACD,CAAC;;;;+CASD;AAmBD;IAfC,IAAA,aAAI,EAAC,OAAO,CAAC;IACb,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,kBAAS,EAAC,8BAAqB,CAAC;IAChC,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE,yCAAyC;KACtD,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,oBAAQ,EAAE,CAAC;IAC3B,IAAA,uBAAa,EAAC;QACd,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE;KACzF,CAAC;IACD,IAAA,iCAAuB,EAAC,EAAE,WAAW,EAAE,oCAAoC,EAAE,CAAC;IAC9E,IAAA,oCAA0B,EAAC;QAC3B,WAAW,EAAE,8DAA8D;KAC3E,CAAC;IACK,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;IAAkB,WAAA,IAAA,YAAG,GAAE,CAAA;;qCAAhB,oBAAQ;;2CAGpD;AAiBD;IAbC,IAAA,aAAI,EAAC,UAAU,CAAC;IAChB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,OAAO,CAAC;IAC5B,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,sBAAsB;QAC/B,WAAW,EACV,gHAAgH;KACjH,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,0BAAW,EAAE,CAAC;IAC9B,IAAA,4BAAkB,EAAC;QACnB,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,EAAE,EAAE;KACzF,CAAC;IACD,IAAA,6BAAmB,EAAC,EAAE,WAAW,EAAE,0CAA0C,EAAE,CAAC;IAChF,IAAA,iCAAuB,EAAC,EAAE,WAAW,EAAE,yCAAyC,EAAE,CAAC;IAC1E,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;IAAqB,WAAA,IAAA,YAAG,GAAE,CAAA;;qCAAnB,0BAAW;;8CAG1D;yBA1EW,cAAc;IAH1B,IAAA,iBAAO,EAAC,MAAM,CAAC;IACf,IAAA,mBAAU,EAAC,MAAM,CAAC;IAClB,IAAA,mBAAM,GAAE;qCAGwB,4BAAY;QACL,0CAAmB;QACvB,kCAAe;GAJtC,cAAc,CA2E1B"}
+{"version":3,"file":"auth.controller.js","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/auth.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAmG;AACnG,6CASyB;AAEzB,2DAAoD;AACpD,uEAAyE;AACzE,mDAA+D;AAC/D,6DAAyD;AACzD,2EAAuE;AACvE,gDAA4C;AAC5C,sDAAkD;AAClD,gDAAoD;AACpD,qGAA+F;AAC/F,+EAA2E;AAC3E,0EAAsE;AAK/D,IAAM,cAAc,GAApB,MAAM,cAAc;IAC1B,YACkB,YAA0B,EAC1B,mBAAwC,EACxC,eAAgC;QAFhC,iBAAY,GAAZ,YAAY,CAAc;QAC1B,wBAAmB,GAAnB,mBAAmB,CAAqB;QACxC,oBAAe,GAAf,eAAe,CAAiB;IAC/C,CAAC;IAiBJ,SAAS;QACR,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAS,4BAAY,CAAC,WAAW,CAElE,CAAC;QACX,OAAO;YACN,UAAU;YACV,oBAAoB,EAAE,UAAU,KAAK,OAAO;SAC5C,CAAC;IACH,CAAC;IA+BD,KAAK,CAAkC,IAAc,EAAS,GAAY;QACzE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IACtD,CAAC;IA2CD,QAAQ,CAAkC,IAAiB,EAAS,GAAY;QAC/E,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;QACnD,OAAO,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,CAAC;IAChE,CAAC;CACD,CAAA;AA/GY,wCAAc;AAsB1B;IAfC,IAAA,YAAG,EAAC,QAAQ,CAAC;IACb,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,oBAAoB;QAC7B,WAAW,EACV,mDAAmD;YACnD,0EAA0E;KAC3E,CAAC;IACD,IAAA,uBAAa,EAAC;QACd,MAAM,EAAE;YACP,OAAO,EAAE;gBACR,UAAU,EAAE,OAAO;gBACnB,oBAAoB,EAAE,KAAK;aAC3B;SACD;KACD,CAAC;;;;+CASD;AA+BD;IA7BC,IAAA,aAAI,EAAC,OAAO,CAAC;IACb,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,kBAAS,EAAC,8BAAqB,CAAC;IAChC,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,OAAO;QAChB,WAAW,EACV,qIAAqI;YACrI,iEAAiE;KAClE,CAAC;IACD,IAAA,iBAAO,EAAC;QACR,IAAI,EAAE,oBAAQ;QACd,QAAQ,EAAE;YACT,KAAK,EAAE;gBACN,OAAO,EAAE,mCAAmC;gBAC5C,KAAK,EAAE,EAAE,iBAAiB,EAAE,sCAAsC,EAAE;aACpE;YACD,KAAK,EAAE;gBACN,OAAO,EAAE,wBAAwB;gBACjC,KAAK,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE,QAAQ,EAAE,WAAW,EAAE;aAC3D;SACD;KACD,CAAC;IACD,IAAA,uBAAa,EAAC,EAAE,IAAI,EAAE,4BAAgB,EAAE,CAAC;IACzC,IAAA,iCAAuB,EAAC;QACxB,WAAW,EAAE,8EAA8E;KAC3F,CAAC;IACD,IAAA,oCAA0B,EAAC;QAC3B,WAAW,EAAE,8DAA8D;KAC3E,CAAC;IACK,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;IAAkB,WAAA,IAAA,YAAG,GAAE,CAAA;;qCAAhB,oBAAQ;;2CAGpD;AA2CD;IAzCC,IAAA,aAAI,EAAC,UAAU,CAAC;IAChB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,OAAO,CAAC;IAC5B,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,sBAAsB;QAC/B,WAAW,EACV,wBAAwB;YACxB,6CAA6C;YAC7C,0EAA0E;YAC1E,+DAA+D;YAC/D,mIAAmI;YACnI,8EAA8E;KAC/E,CAAC;IACD,IAAA,iBAAO,EAAC;QACR,IAAI,EAAE,0BAAW;QACjB,QAAQ,EAAE;YACT,KAAK,EAAE;gBACN,OAAO,EAAE,mDAAmD;gBAC5D,KAAK,EAAE;oBACN,iBAAiB,EAAE,sCAAsC;oBACzD,OAAO,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE;iBACnD;aACD;YACD,KAAK,EAAE;gBACN,OAAO,EAAE,yBAAyB;gBAClC,KAAK,EAAE;oBACN,KAAK,EAAE,sBAAsB;oBAC7B,QAAQ,EAAE,WAAW;oBACrB,OAAO,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE;iBACnD;aACD;SACD;KACD,CAAC;IACD,IAAA,4BAAkB,EAAC,EAAE,IAAI,EAAE,4BAAgB,EAAE,CAAC;IAC9C,IAAA,6BAAmB,EAAC;QACpB,WAAW,EACV,kHAAkH;KACnH,CAAC;IACD,IAAA,iCAAuB,EAAC;QACxB,WAAW,EACV,oIAAoI;KACrI,CAAC;IACQ,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;IAAqB,WAAA,IAAA,YAAG,GAAE,CAAA;;qCAAnB,0BAAW;;8CAG1D;yBA9GW,cAAc;IAH1B,IAAA,iBAAO,EAAC,MAAM,CAAC;IACf,IAAA,mBAAU,EAAC,MAAM,CAAC;IAClB,IAAA,mBAAM,GAAE;qCAGwB,4BAAY;QACL,0CAAmB;QACvB,kCAAe;GAJtC,cAAc,CA+G1B"}

package/dist/modules/auth/controllers/forgot-password.controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"forgot-password.controller.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/forgot-password.controller.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAGlC,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EACN,iBAAiB,EACjB,gBAAgB,EAChB,yBAAyB,EACzB,MAAM,qBAAqB,CAAC;AAE7B,qBAGa,wBAAwB;IACxB,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAAf,eAAe,EAAE,eAAe;IAe7D,cAAc,CAAS,IAAI,EAAE,iBAAiB;;;IAa9C,aAAa,CAAS,IAAI,EAAE,gBAAgB,EAAS,GAAG,EAAE,OAAO;;;IAejE,sBAAsB,CAAS,IAAI,EAAE,yBAAyB,EAAS,GAAG,EAAE,OAAO;;;CAInF"}
+{"version":3,"file":"forgot-password.controller.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/forgot-password.controller.ts"],"names":[],"mappings":"AAQA,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAGlC,OAAO,EAAE,eAAe,EAAE,MAAM,8BAA8B,CAAC;AAC/D,OAAO,EACN,iBAAiB,EACjB,gBAAgB,EAChB,yBAAyB,EACzB,MAAM,qBAAqB,CAAC;AAE7B,qBAGa,wBAAwB;IACxB,OAAO,CAAC,QAAQ,CAAC,eAAe;gBAAf,eAAe,EAAE,eAAe;IAe7D,cAAc,CAAS,IAAI,EAAE,iBAAiB;;;IAa9C,aAAa,CAAS,IAAI,EAAE,gBAAgB,EAAS,GAAG,EAAE,OAAO;;;IAkBjE,sBAAsB,CAAS,IAAI,EAAE,yBAAyB,EAAS,GAAG,EAAE,OAAO;;;CAInF"}

package/dist/modules/auth/controllers/forgot-password.controller.js

@@ -79,7 +79,9 @@ __decorate([
     }),
     (0, swagger_1.ApiBody)({ type: password_dto_1.ResetPasswordWithPhoneDto }),
     (0, swagger_1.ApiOkResponse)({ schema: { example: { message: 'Password reset successfully.' } } }),
-    (0, swagger_1.ApiUnauthorizedResponse)({ description: 'Invalid or expired phone-verified token' }),
+    (0, swagger_1.ApiUnauthorizedResponse)({
+        description: 'Invalid or expired verificationToken, or token belongs to an existing account (use /auth/login)',
+    }),
     __param(0, (0, common_1.Body)()),
     __param(1, (0, common_1.Req)()),
     __metadata("design:type", Function),

package/dist/modules/auth/controllers/forgot-password.controller.js.map

@@ -1 +1 @@
-{"version":3,"file":"forgot-password.controller.js","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/forgot-password.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAmF;AACnF,6CAMyB;AAEzB,2DAAoD;AACpD,uEAAyE;AACzE,mEAA+D;AAC/D,sDAI6B;AAKtB,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IACpC,YAA6B,eAAgC;QAAhC,oBAAe,GAAf,eAAe,CAAiB;IAAG,CAAC;IAejE,cAAc,CAAS,IAAuB;QAC7C,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC;IAWD,aAAa,CAAS,IAAsB,EAAS,GAAY;QAChE,MAAM,EAAE,EAAE,EAAE,GAAG,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACrD,CAAC;IAYD,sBAAsB,CAAS,IAA+B,EAAS,GAAY;QAClF,MAAM,EAAE,EAAE,EAAE,GAAG,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,eAAe,CAAC,sBAAsB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC9D,CAAC;CACD,CAAA;AAhDY,4DAAwB;AAgBpC;IAbC,IAAA,aAAI,EAAC,iBAAiB,CAAC;IACvB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,yBAAyB;QAClC,WAAW,EACV,0GAA0G;KAC3G,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,gCAAiB,EAAE,CAAC;IACpC,IAAA,uBAAa,EAAC;QACd,MAAM,EAAE;YACP,OAAO,EAAE,EAAE,OAAO,EAAE,0DAA0D,EAAE;SAChF;KACD,CAAC;IACc,WAAA,IAAA,aAAI,GAAE,CAAA;;qCAAO,gCAAiB;;8DAE7C;AAWD;IATC,IAAA,aAAI,EAAC,gBAAgB,CAAC;IACtB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,8BAA8B;QACvC,WAAW,EAAE,+DAA+D;KAC5E,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,+BAAgB,EAAE,CAAC;IACnC,IAAA,uBAAa,EAAC,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE,EAAE,EAAE,CAAC;IACnF,IAAA,iCAAuB,EAAC,EAAE,WAAW,EAAE,gCAAgC,EAAE,CAAC;IAC5D,WAAA,IAAA,aAAI,GAAE,CAAA;IAA0B,WAAA,IAAA,YAAG,GAAE,CAAA;;qCAAxB,+BAAgB;;6DAG3C;AAYD;IAVC,IAAA,aAAI,EAAC,sBAAsB,CAAC;IAC5B,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,4BAA4B;QACrC,WAAW,EACV,oGAAoG;KACrG,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,wCAAyB,EAAE,CAAC;IAC5C,IAAA,uBAAa,EAAC,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE,EAAE,EAAE,CAAC;IACnF,IAAA,iCAAuB,EAAC,EAAE,WAAW,EAAE,yCAAyC,EAAE,CAAC;IAC5D,WAAA,IAAA,aAAI,GAAE,CAAA;IAAmC,WAAA,IAAA,YAAG,GAAE,CAAA;;qCAAjC,wCAAyB;;sEAG7D;mCA/CW,wBAAwB;IAHpC,IAAA,iBAAO,EAAC,MAAM,CAAC;IACf,IAAA,mBAAU,EAAC,MAAM,CAAC;IAClB,IAAA,mBAAM,GAAE;qCAEsC,kCAAe;GADjD,wBAAwB,CAgDpC"}
+{"version":3,"file":"forgot-password.controller.js","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/forgot-password.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAmF;AACnF,6CAMyB;AAEzB,2DAAoD;AACpD,uEAAyE;AACzE,mEAA+D;AAC/D,sDAI6B;AAKtB,IAAM,wBAAwB,GAA9B,MAAM,wBAAwB;IACpC,YAA6B,eAAgC;QAAhC,oBAAe,GAAf,eAAe,CAAiB;IAAG,CAAC;IAejE,cAAc,CAAS,IAAuB;QAC7C,OAAO,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC;IAWD,aAAa,CAAS,IAAsB,EAAS,GAAY;QAChE,MAAM,EAAE,EAAE,EAAE,GAAG,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IACrD,CAAC;IAeD,sBAAsB,CAAS,IAA+B,EAAS,GAAY;QAClF,MAAM,EAAE,EAAE,EAAE,GAAG,IAAA,kCAAkB,EAAC,GAAG,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,eAAe,CAAC,sBAAsB,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;IAC9D,CAAC;CACD,CAAA;AAnDY,4DAAwB;AAgBpC;IAbC,IAAA,aAAI,EAAC,iBAAiB,CAAC;IACvB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,yBAAyB;QAClC,WAAW,EACV,0GAA0G;KAC3G,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,gCAAiB,EAAE,CAAC;IACpC,IAAA,uBAAa,EAAC;QACd,MAAM,EAAE;YACP,OAAO,EAAE,EAAE,OAAO,EAAE,0DAA0D,EAAE;SAChF;KACD,CAAC;IACc,WAAA,IAAA,aAAI,GAAE,CAAA;;qCAAO,gCAAiB;;8DAE7C;AAWD;IATC,IAAA,aAAI,EAAC,gBAAgB,CAAC;IACtB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,8BAA8B;QACvC,WAAW,EAAE,+DAA+D;KAC5E,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,+BAAgB,EAAE,CAAC;IACnC,IAAA,uBAAa,EAAC,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE,EAAE,EAAE,CAAC;IACnF,IAAA,iCAAuB,EAAC,EAAE,WAAW,EAAE,gCAAgC,EAAE,CAAC;IAC5D,WAAA,IAAA,aAAI,GAAE,CAAA;IAA0B,WAAA,IAAA,YAAG,GAAE,CAAA;;qCAAxB,+BAAgB;;6DAG3C;AAeD;IAbC,IAAA,aAAI,EAAC,sBAAsB,CAAC;IAC5B,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,4BAA4B;QACrC,WAAW,EACV,oGAAoG;KACrG,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,wCAAyB,EAAE,CAAC;IAC5C,IAAA,uBAAa,EAAC,EAAE,MAAM,EAAE,EAAE,OAAO,EAAE,EAAE,OAAO,EAAE,8BAA8B,EAAE,EAAE,EAAE,CAAC;IACnF,IAAA,iCAAuB,EAAC;QACxB,WAAW,EACV,iGAAiG;KAClG,CAAC;IACsB,WAAA,IAAA,aAAI,GAAE,CAAA;IAAmC,WAAA,IAAA,YAAG,GAAE,CAAA;;qCAAjC,wCAAyB;;sEAG7D;mCAlDW,wBAAwB;IAHpC,IAAA,iBAAO,EAAC,MAAM,CAAC;IACf,IAAA,mBAAU,EAAC,MAAM,CAAC;IAClB,IAAA,mBAAM,GAAE;qCAEsC,kCAAe;GADjD,wBAAwB,CAmDpC"}

package/dist/modules/auth/controllers/otp.controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"otp.controller.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/otp.controller.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAkB,MAAM,gBAAgB,CAAC;AAExF,qBAGa,aAAa;IACb,OAAO,CAAC,QAAQ,CAAC,cAAc;gBAAd,cAAc,EAAE,cAAc;IAmD3D,OAAO,CAAkC,IAAI,EAAE,UAAU;IAkCzD,SAAS,CAAkC,IAAI,EAAE,YAAY;IA0B7D,SAAS,CAAkC,IAAI,EAAE,YAAY;CAG7D"}
+{"version":3,"file":"otp.controller.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/otp.controller.ts"],"names":[],"mappings":"AAaA,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EACN,UAAU,EACV,YAAY,EACZ,YAAY,EAIZ,MAAM,gBAAgB,CAAC;AAExB,qBAGa,aAAa;IACb,OAAO,CAAC,QAAQ,CAAC,cAAc;gBAAd,cAAc,EAAE,cAAc;IA2C3D,OAAO,CAAkC,IAAI,EAAE,UAAU;IAwDzD,SAAS,CAAkC,IAAI,EAAE,YAAY;IAmB7D,SAAS,CAAkC,IAAI,EAAE,YAAY;CAG7D"}

package/dist/modules/auth/controllers/otp.controller.js

@@ -43,17 +43,19 @@ __decorate([
     (0, common_1.UseGuards)(guards_1.OtpIpRateLimitGuard),
     (0, swagger_1.ApiOperation)({
         summary: 'Send OTP',
-        description: 'Generates an OTP using otp.code_length from settings (4–6 digits), delivers it via the requested channel (SMS or email), and returns an opaque verification ID. Test identifiers in test.otp_identifiers use their configured fixed code instead.',
+        description: 'Step 1 of phone/email verification. Generates an OTP (length from otp.code_length setting, 4–6 digits), ' +
+            'delivers it via SMS or email, and returns a **verificationId** for verify-otp/resend-otp. ' +
+            'Test identifiers in test.otp_identifiers use a fixed code in non-production environments.',
     }),
     (0, swagger_1.ApiBody)({
         type: otp_dto_1.SendOtpDto,
         examples: {
             sms_default: {
-                summary: 'Send via SMS (default when AUTH_METHOD=phone)',
+                summary: 'Send via SMS (default when auth.method=phone)',
                 value: { phone: '+2348012345678' },
             },
             email_default: {
-                summary: 'Send via email (default when AUTH_METHOD=email)',
+                summary: 'Send via email (default when auth.method=email)',
                 value: { email: 'user@example.com' },
             },
             sms_override: {
@@ -66,15 +68,7 @@ __decorate([
             },
         },
     }),
-    (0, swagger_1.ApiOkResponse)({
-        schema: {
-            example: {
-                success: true,
-                message: 'OTP generated successfully',
-                data: { verificationId: 'uuid-v4', expiresAt: 1700000300000, resendIn: 60000 },
-            },
-        },
-    }),
+    (0, swagger_1.ApiOkResponse)({ type: otp_dto_1.OtpGenerateResponseDto }),
     (0, swagger_1.ApiBadRequestResponse)({
         description: 'Invalid phone number or email format, or missing identifier for chosen channel',
     }),
@@ -93,20 +87,42 @@ __decorate([
     (0, common_1.UseGuards)(guards_1.OtpIpRateLimitGuard),
     (0, swagger_1.ApiOperation)({
         summary: 'Verify OTP',
-        description: 'Verifies the OTP code. Returns a verificationToken (existing user → proceed to login) or a verificationToken seeded with the verified identifier (new user → proceed to /auth/register).',
+        description: 'Step 2 of phone/email verification. Submit the **verificationId** from send-otp/resend-otp and the OTP code.\n\n' +
+            'Returns a **verificationToken** for the next step:\n' +
+            '- `hasAccount: true` → POST /auth/login\n' +
+            '- `hasAccount: false` → POST /auth/register (phone auth)\n\n' +
+            'Do not confuse verificationId (input) with verificationToken (output).',
     }),
     (0, swagger_1.ApiBody)({ type: otp_dto_1.VerifyOtpDto }),
     (0, swagger_1.ApiOkResponse)({
-        schema: {
-            example: {
-                success: true,
-                message: 'OTP verified successfully',
-                data: {
-                    subject: '+2348012345678',
-                    channel: 'sms',
-                    verificationToken: 'uuid-v4',
-                    expiresAt: 1700000300000,
-                    hasAccount: true,
+        type: otp_dto_1.OtpVerifyResponseDto,
+        examples: {
+            existing_user: {
+                summary: 'Existing account — proceed to login',
+                value: {
+                    success: true,
+                    message: 'OTP verified successfully',
+                    data: {
+                        subject: '+2348012345678',
+                        channel: 'sms',
+                        verificationToken: 'e860bc81-245b-470b-9fac-a484cf93f457',
+                        expiresAt: 1782245811728,
+                        hasAccount: true,
+                    },
+                },
+            },
+            new_user: {
+                summary: 'New user — proceed to register',
+                value: {
+                    success: true,
+                    message: 'OTP verified successfully',
+                    data: {
+                        subject: '+2349023456789',
+                        channel: 'sms',
+                        verificationToken: 'c498758c-eec1-4a3b-b496-a6eddf498d4c',
+                        expiresAt: 1782245803859,
+                        hasAccount: false,
+                    },
                 },
             },
         },
@@ -126,21 +142,14 @@ __decorate([
     (0, common_1.UseGuards)(guards_1.OtpIpRateLimitGuard),
     (0, swagger_1.ApiOperation)({
         summary: 'Resend OTP',
-        description: 'Invalidates the current session and sends a new OTP. Subject to 60-second cooldown.',
+        description: 'Invalidates the current OTP session and sends a new code. Returns a new **verificationId**. ' +
+            'Subject to otp.resend_cooldown_seconds between resends.',
     }),
     (0, swagger_1.ApiBody)({ type: otp_dto_1.ResendOtpDto }),
-    (0, swagger_1.ApiOkResponse)({
-        schema: {
-            example: {
-                success: true,
-                message: 'OTP generated successfully',
-                data: { verificationId: 'new-uuid-v4', expiresAt: 1700000300000, resendIn: 60000 },
-            },
-        },
-    }),
-    (0, swagger_1.ApiBadRequestResponse)({ description: 'Invalid or expired session token' }),
+    (0, swagger_1.ApiOkResponse)({ type: otp_dto_1.OtpGenerateResponseDto }),
+    (0, swagger_1.ApiBadRequestResponse)({ description: 'Invalid or expired verificationId' }),
     (0, swagger_1.ApiTooManyRequestsResponse)({
-        description: 'Resend cooldown active — must wait 60 seconds between resends',
+        description: 'Resend cooldown active — wait before requesting another code',
     }),
     __param(0, (0, common_1.Body)(config_aware_validation_pipe_1.ConfigAwareValidationPipe)),
     __metadata("design:type", Function),

package/dist/modules/auth/controllers/otp.controller.js.map

@@ -1 +1 @@
-{"version":3,"file":"otp.controller.js","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/otp.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAyF;AACzF,6CAQyB;AACzB,2DAAoD;AACpD,mDAA6D;AAC7D,qGAA+F;AAC/F,mEAA8D;AAC9D,4CAAwF;AAKjF,IAAM,aAAa,GAAnB,MAAM,aAAa;IACzB,YAA6B,cAA8B;QAA9B,mBAAc,GAAd,cAAc,CAAgB;IAAG,CAAC;IAmD/D,OAAO,CAAkC,IAAgB;QACxD,MAAM,OAAO,GAAG,IAAA,wBAAc,EAAC,IAAI,CAAC,CAAC;QACrC,MAAM,UAAU,GAAG,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAM,CAAC;QACjE,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IA8BD,SAAS,CAAkC,IAAkB;QAC5D,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IACrE,CAAC;IAwBD,SAAS,CAAkC,IAAkB;QAC5D,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3D,CAAC;CACD,CAAA;AAnHY,sCAAa;AAoDzB;IA/CC,IAAA,aAAI,EAAC,UAAU,CAAC;IAChB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,kBAAS,EAAC,4BAAmB,CAAC;IAC9B,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,UAAU;QACnB,WAAW,EACV,mPAAmP;KACpP,CAAC;IACD,IAAA,iBAAO,EAAC;QACR,IAAI,EAAE,oBAAU;QAChB,QAAQ,EAAE;YACT,WAAW,EAAE;gBACZ,OAAO,EAAE,+CAA+C;gBACxD,KAAK,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE;aAClC;YACD,aAAa,EAAE;gBACd,OAAO,EAAE,iDAAiD;gBAC1D,KAAK,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE;aACpC;YACD,YAAY,EAAE;gBACb,OAAO,EAAE,gDAAgD;gBACzD,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE;aAClD;YACD,cAAc,EAAE;gBACf,OAAO,EAAE,kDAAkD;gBAC3D,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE;aACtD;SACD;KACD,CAAC;IACD,IAAA,uBAAa,EAAC;QACd,MAAM,EAAE;YACP,OAAO,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,4BAA4B;gBACrC,IAAI,EAAE,EAAE,cAAc,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE;aAC9E;SACD;KACD,CAAC;IACD,IAAA,+BAAqB,EAAC;QACtB,WAAW,EACV,gFAAgF;KACjF,CAAC;IACD,IAAA,oCAA0B,EAAC;QAC3B,WAAW,EACV,mFAAmF;KACpF,CAAC;IACD,IAAA,uCAA6B,EAAC,EAAE,WAAW,EAAE,uCAAuC,EAAE,CAAC;IAC/E,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;;qCAAO,oBAAU;;4CAIxD;AA8BD;IA5BC,IAAA,aAAI,EAAC,YAAY,CAAC;IAClB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,kBAAS,EAAC,4BAAmB,CAAC;IAC9B,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,YAAY;QACrB,WAAW,EACV,0LAA0L;KAC3L,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,sBAAY,EAAE,CAAC;IAC/B,IAAA,uBAAa,EAAC;QACd,MAAM,EAAE;YACP,OAAO,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,2BAA2B;gBACpC,IAAI,EAAE;oBACL,OAAO,EAAE,gBAAgB;oBACzB,OAAO,EAAE,KAAK;oBACd,iBAAiB,EAAE,SAAS;oBAC5B,SAAS,EAAE,aAAa;oBACxB,UAAU,EAAE,IAAI;iBAChB;aACD;SACD;KACD,CAAC;IACD,IAAA,+BAAqB,EAAC;QACtB,WAAW,EAAE,kEAAkE;KAC/E,CAAC;IACD,IAAA,oCAA0B,EAAC,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;IAC3D,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;;qCAAO,sBAAY;;8CAE5D;AAwBD;IAtBC,IAAA,aAAI,EAAC,YAAY,CAAC;IAClB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,kBAAS,EAAC,4BAAmB,CAAC;IAC9B,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,YAAY;QACrB,WAAW,EACV,qFAAqF;KACtF,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,sBAAY,EAAE,CAAC;IAC/B,IAAA,uBAAa,EAAC;QACd,MAAM,EAAE;YACP,OAAO,EAAE;gBACR,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,4BAA4B;gBACrC,IAAI,EAAE,EAAE,cAAc,EAAE,aAAa,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE;aAClF;SACD;KACD,CAAC;IACD,IAAA,+BAAqB,EAAC,EAAE,WAAW,EAAE,kCAAkC,EAAE,CAAC;IAC1E,IAAA,oCAA0B,EAAC;QAC3B,WAAW,EAAE,+DAA+D;KAC5E,CAAC;IACS,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;;qCAAO,sBAAY;;8CAE5D;wBAlHW,aAAa;IAHzB,IAAA,iBAAO,EAAC,MAAM,CAAC;IACf,IAAA,mBAAU,EAAC,MAAM,CAAC;IAClB,IAAA,mBAAM,GAAE;qCAEqC,iCAAc;GAD/C,aAAa,CAmHzB"}
+{"version":3,"file":"otp.controller.js","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/otp.controller.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,2CAAyF;AACzF,6CAQyB;AACzB,2DAAoD;AACpD,mDAA6D;AAC7D,qGAA+F;AAC/F,mEAA8D;AAC9D,4CAOwB;AAKjB,IAAM,aAAa,GAAnB,MAAM,aAAa;IACzB,YAA6B,cAA8B;QAA9B,mBAAc,GAAd,cAAc,CAAgB;IAAG,CAAC;IA2C/D,OAAO,CAAkC,IAAgB;QACxD,MAAM,OAAO,GAAG,IAAA,wBAAc,EAAC,IAAI,CAAC,CAAC;QACrC,MAAM,UAAU,GAAG,OAAO,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,KAAM,CAAC,CAAC,CAAC,IAAI,CAAC,KAAM,CAAC;QACjE,OAAO,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;IACzD,CAAC;IAoDD,SAAS,CAAkC,IAAkB;QAC5D,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IACrE,CAAC;IAiBD,SAAS,CAAkC,IAAkB;QAC5D,OAAO,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3D,CAAC;CACD,CAAA;AA1HY,sCAAa;AA4CzB;IAzCC,IAAA,aAAI,EAAC,UAAU,CAAC;IAChB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,kBAAS,EAAC,4BAAmB,CAAC;IAC9B,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,UAAU;QACnB,WAAW,EACV,0GAA0G;YAC1G,4FAA4F;YAC5F,2FAA2F;KAC5F,CAAC;IACD,IAAA,iBAAO,EAAC;QACR,IAAI,EAAE,oBAAU;QAChB,QAAQ,EAAE;YACT,WAAW,EAAE;gBACZ,OAAO,EAAE,+CAA+C;gBACxD,KAAK,EAAE,EAAE,KAAK,EAAE,gBAAgB,EAAE;aAClC;YACD,aAAa,EAAE;gBACd,OAAO,EAAE,iDAAiD;gBAC1D,KAAK,EAAE,EAAE,KAAK,EAAE,kBAAkB,EAAE;aACpC;YACD,YAAY,EAAE;gBACb,OAAO,EAAE,gDAAgD;gBACzD,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE;aAClD;YACD,cAAc,EAAE;gBACf,OAAO,EAAE,kDAAkD;gBAC3D,KAAK,EAAE,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE;aACtD;SACD;KACD,CAAC;IACD,IAAA,uBAAa,EAAC,EAAE,IAAI,EAAE,gCAAsB,EAAE,CAAC;IAC/C,IAAA,+BAAqB,EAAC;QACtB,WAAW,EACV,gFAAgF;KACjF,CAAC;IACD,IAAA,oCAA0B,EAAC;QAC3B,WAAW,EACV,mFAAmF;KACpF,CAAC;IACD,IAAA,uCAA6B,EAAC,EAAE,WAAW,EAAE,uCAAuC,EAAE,CAAC;IAC/E,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;;qCAAO,oBAAU;;4CAIxD;AAoDD;IAlDC,IAAA,aAAI,EAAC,YAAY,CAAC;IAClB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,kBAAS,EAAC,4BAAmB,CAAC;IAC9B,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,YAAY;QACrB,WAAW,EACV,kHAAkH;YAClH,sDAAsD;YACtD,2CAA2C;YAC3C,8DAA8D;YAC9D,wEAAwE;KACzE,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,sBAAY,EAAE,CAAC;IAC/B,IAAA,uBAAa,EAAC;QACd,IAAI,EAAE,8BAAoB;QAC1B,QAAQ,EAAE;YACT,aAAa,EAAE;gBACd,OAAO,EAAE,qCAAqC;gBAC9C,KAAK,EAAE;oBACN,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,2BAA2B;oBACpC,IAAI,EAAE;wBACL,OAAO,EAAE,gBAAgB;wBACzB,OAAO,EAAE,KAAK;wBACd,iBAAiB,EAAE,sCAAsC;wBACzD,SAAS,EAAE,aAAa;wBACxB,UAAU,EAAE,IAAI;qBAChB;iBACD;aACD;YACD,QAAQ,EAAE;gBACT,OAAO,EAAE,gCAAgC;gBACzC,KAAK,EAAE;oBACN,OAAO,EAAE,IAAI;oBACb,OAAO,EAAE,2BAA2B;oBACpC,IAAI,EAAE;wBACL,OAAO,EAAE,gBAAgB;wBACzB,OAAO,EAAE,KAAK;wBACd,iBAAiB,EAAE,sCAAsC;wBACzD,SAAS,EAAE,aAAa;wBACxB,UAAU,EAAE,KAAK;qBACjB;iBACD;aACD;SACD;KACD,CAAC;IACD,IAAA,+BAAqB,EAAC;QACtB,WAAW,EAAE,kEAAkE;KAC/E,CAAC;IACD,IAAA,oCAA0B,EAAC,EAAE,WAAW,EAAE,wBAAwB,EAAE,CAAC;IAC3D,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;;qCAAO,sBAAY;;8CAE5D;AAiBD;IAfC,IAAA,aAAI,EAAC,YAAY,CAAC;IAClB,IAAA,iBAAQ,EAAC,mBAAU,CAAC,EAAE,CAAC;IACvB,IAAA,kBAAS,EAAC,4BAAmB,CAAC;IAC9B,IAAA,sBAAY,EAAC;QACb,OAAO,EAAE,YAAY;QACrB,WAAW,EACV,8FAA8F;YAC9F,yDAAyD;KAC1D,CAAC;IACD,IAAA,iBAAO,EAAC,EAAE,IAAI,EAAE,sBAAY,EAAE,CAAC;IAC/B,IAAA,uBAAa,EAAC,EAAE,IAAI,EAAE,gCAAsB,EAAE,CAAC;IAC/C,IAAA,+BAAqB,EAAC,EAAE,WAAW,EAAE,mCAAmC,EAAE,CAAC;IAC3E,IAAA,oCAA0B,EAAC;QAC3B,WAAW,EAAE,8DAA8D;KAC3E,CAAC;IACS,WAAA,IAAA,aAAI,EAAC,wDAAyB,CAAC,CAAA;;qCAAO,sBAAY;;8CAE5D;wBAzHW,aAAa;IAHzB,IAAA,iBAAO,EAAC,MAAM,CAAC;IACf,IAAA,mBAAU,EAAC,MAAM,CAAC;IAClB,IAAA,mBAAM,GAAE;qCAEqC,iCAAc;GAD/C,aAAa,CA0HzB"}

package/dist/modules/auth/controllers/pin.controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pin.controller.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/pin.controller.ts"],"names":[],"mappings":"AA2BA,OAAO,EAAE,IAAI,EAAE,MAAM,kCAAkC,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnG,qBAIa,aAAa;IACb,OAAO,CAAC,QAAQ,CAAC,cAAc;gBAAd,cAAc,EAAE,cAAc;IA4B3D,SAAS,CAAgB,IAAI,EAAE,IAAI;IA+BnC,gBAAgB,CAAgB,IAAI,EAAE,IAAI,EAAiB,IAAI,EAAE,MAAM;IAoBvE,MAAM,CAAgB,IAAI,EAAE,IAAI,EAAU,GAAG,EAAE,SAAS;;;IAkBxD,SAAS,CAAgB,IAAI,EAAE,IAAI,EAAU,GAAG,EAAE,YAAY;;;IAuB9D,SAAS,CAAgB,IAAI,EAAE,IAAI,EAAU,GAAG,EAAE,YAAY;;;IAoB9D,SAAS,CAAgB,IAAI,EAAE,IAAI,EAAU,GAAG,EAAE,YAAY;;;CAG9D"}
+{"version":3,"file":"pin.controller.d.ts","sourceRoot":"","sources":["../../../../src/modules/auth/controllers/pin.controller.ts"],"names":[],"mappings":"AA4BA,OAAO,EAAE,IAAI,EAAE,MAAM,kCAAkC,CAAC;AACxD,OAAO,EAAE,cAAc,EAAE,MAAM,8BAA8B,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAEnG,qBAIa,aAAa;IACb,OAAO,CAAC,QAAQ,CAAC,cAAc;gBAAd,cAAc,EAAE,cAAc;IA4B3D,SAAS,CAAgB,IAAI,EAAE,IAAI;IA+BnC,gBAAgB,CAAgB,IAAI,EAAE,IAAI,EAAiB,IAAI,EAAE,MAAM;IAsBvE,MAAM,CAAgB,IAAI,EAAE,IAAI,EAAmC,GAAG,EAAE,SAAS;;;IAoBjF,SAAS,CAAgB,IAAI,EAAE,IAAI,EAAmC,GAAG,EAAE,YAAY;;;IAyBvF,SAAS,CAAgB,IAAI,EAAE,IAAI,EAAmC,GAAG,EAAE,YAAY;;;IAsBvF,SAAS,CAAgB,IAAI,EAAE,IAAI,EAAmC,GAAG,EAAE,YAAY;;;CAGvF"}

package/dist/modules/auth/controllers/pin.controller.js

@@ -17,6 +17,7 @@ const common_1 = require("@nestjs/common");
 const swagger_1 = require("@nestjs/swagger");
 const auth_guard_1 = require("../../../common/guards/auth.guard");
 const decorators_1 = require("../../../common/decorators");
+const config_aware_validation_pipe_1 = require("../../../common/pipes/config-aware-validation.pipe");
 const user_entity_1 = require("../../users/entities/user.entity");
 const pin_auth_service_1 = require("../services/pin-auth.service");
 const pin_dto_1 = require("../dto/pin.dto");
@@ -119,9 +120,11 @@ __decorate([
         schema: { example: { message: 'authentication PIN set successfully.' } },
     }),
     (0, swagger_1.ApiConflictResponse)({ description: 'A PIN for this type is already set' }),
-    (0, swagger_1.ApiBadRequestResponse)({ description: 'Invalid PIN type or PIN format' }),
+    (0, swagger_1.ApiBadRequestResponse)({
+        description: 'Invalid PIN type, or PIN length does not match pin.length setting',
+    }),
     __param(0, (0, decorators_1.CurrentUser)()),
-    __param(1, (0, common_1.Body)()),
+    __param(1, (0, common_1.Body)(config_aware_validation_pipe_1.ConfigAwareValidationPipe)),
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [user_entity_1.User, pin_dto_1.SetPinDto]),
     __metadata("design:returntype", void 0)
@@ -138,9 +141,11 @@ __decorate([
     (0, swagger_1.ApiUnauthorizedResponse)({ description: 'Current PIN is incorrect' }),
     (0, swagger_1.ApiForbiddenResponse)({ description: 'PIN is locked due to too many failed attempts' }),
     (0, swagger_1.ApiNotFoundResponse)({ description: 'No PIN found for this type — use /auth/pin/set first' }),
-    (0, swagger_1.ApiBadRequestResponse)({ description: 'Invalid PIN type or PIN format' }),
+    (0, swagger_1.ApiBadRequestResponse)({
+        description: 'Invalid PIN type, or PIN length does not match pin.length setting',
+    }),
     __param(0, (0, decorators_1.CurrentUser)()),
-    __param(1, (0, common_1.Body)()),
+    __param(1, (0, common_1.Body)(config_aware_validation_pipe_1.ConfigAwareValidationPipe)),
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [user_entity_1.User, pin_dto_1.ChangePinDto]),
     __metadata("design:returntype", void 0)
@@ -161,9 +166,11 @@ __decorate([
     (0, swagger_1.ApiUnauthorizedResponse)({ description: 'Incorrect PIN' }),
     (0, swagger_1.ApiForbiddenResponse)({ description: 'PIN is locked — too many wrong attempts' }),
     (0, swagger_1.ApiNotFoundResponse)({ description: 'No PIN found for this type' }),
-    (0, swagger_1.ApiBadRequestResponse)({ description: 'Invalid PIN type or PIN format' }),
+    (0, swagger_1.ApiBadRequestResponse)({
+        description: 'Invalid PIN type, or PIN length does not match pin.length setting',
+    }),
     __param(0, (0, decorators_1.CurrentUser)()),
-    __param(1, (0, common_1.Body)()),
+    __param(1, (0, common_1.Body)(config_aware_validation_pipe_1.ConfigAwareValidationPipe)),
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [user_entity_1.User, pin_dto_1.VerifyPinDto]),
     __metadata("design:returntype", void 0)
@@ -181,9 +188,11 @@ __decorate([
     (0, swagger_1.ApiUnauthorizedResponse)({ description: 'Current PIN is incorrect' }),
     (0, swagger_1.ApiForbiddenResponse)({ description: 'PIN is locked' }),
     (0, swagger_1.ApiNotFoundResponse)({ description: 'No PIN found for this type' }),
-    (0, swagger_1.ApiBadRequestResponse)({ description: 'Invalid PIN type or PIN format' }),
+    (0, swagger_1.ApiBadRequestResponse)({
+        description: 'Invalid PIN type, or PIN length does not match pin.length setting',
+    }),
     __param(0, (0, decorators_1.CurrentUser)()),
-    __param(1, (0, common_1.Body)()),
+    __param(1, (0, common_1.Body)(config_aware_validation_pipe_1.ConfigAwareValidationPipe)),
     __metadata("design:type", Function),
     __metadata("design:paramtypes", [user_entity_1.User, pin_dto_1.RemovePinDto]),
     __metadata("design:returntype", void 0)