@soapjs/soap-auth 0.1.0

package/build/session/memory.session-store.d.ts

@@ -0,0 +1,7 @@
+import { SessionStore } from "../types";
+export declare class MemorySessionStore implements SessionStore {
+    getSession<SessionData>(sessionId: string): Promise<SessionData | null>;
+    setSession<SessionData>(sessionId: string, sessionData: SessionData): Promise<void>;
+    destroySession(sessionId: string): Promise<void>;
+    touchSession<SessionData>(sessionId: string, session: SessionData): Promise<void>;
+}

package/build/session/memory.session-store.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MemorySessionStore = void 0;
+const sessions = {};
+class MemorySessionStore {
+    async getSession(sessionId) {
+        return sessions[sessionId] || null;
+    }
+    async setSession(sessionId, sessionData) {
+        sessions[sessionId] = sessionData;
+    }
+    async destroySession(sessionId) {
+        delete sessions[sessionId];
+    }
+    async touchSession(sessionId, session) {
+        sessions[sessionId] = session;
+    }
+}
+exports.MemorySessionStore = MemorySessionStore;

package/build/session/session-handler.d.ts

@@ -0,0 +1,17 @@
+import { SessionConfig, SessionData } from "../types";
+export declare class SessionHandler<TContext = unknown, TData = SessionData> {
+    private config;
+    private store;
+    private sessionKey;
+    private headerKey;
+    constructor(config: SessionConfig);
+    setSessionId(context: TContext, sessionId: string): void;
+    getSessionId(context: TContext): string | null;
+    generateSessionId(): string;
+    buildSessionData(data: unknown, context?: TContext): TData;
+    get(context: TContext): Promise<TData | null>;
+    set(context: TContext, data: TData): Promise<void>;
+    touch(context: TContext, data?: Partial<TData>): Promise<void>;
+    destroy(context: TContext): Promise<void>;
+    isSessionExpired(sessionData: TData): boolean;
+}

package/build/session/session-handler.js

@@ -0,0 +1,145 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SessionHandler = void 0;
+const uuid_1 = require("uuid");
+class SessionHandler {
+    config;
+    store;
+    sessionKey;
+    headerKey;
+    constructor(config) {
+        this.config = config;
+        if (!config.store) {
+            throw new Error("Session store is required.");
+        }
+        this.store = config.store;
+        this.sessionKey = config.sessionKey || "SESSIONID";
+        this.headerKey = config.sessionHeader || "x-session-id";
+    }
+    setSessionId(context, sessionId) {
+        try {
+            if (this.config.embedSessionId) {
+                this.config.embedSessionId(context, sessionId);
+                return;
+            }
+            if (context && typeof context === "object") {
+                if ("res" in context && context.res) {
+                    if ("cookie" in context.res) {
+                        context.res.cookie(this.sessionKey, sessionId, {
+                            httpOnly: true,
+                            secure: true,
+                            sameSite: "strict",
+                        });
+                        this.config.logger?.info(`Session ID set in cookie: ${this.sessionKey}`);
+                    }
+                    else if ("setHeader" in context.res) {
+                        context.res.setHeader(this.headerKey, sessionId);
+                        this.config.logger?.info(`Session ID set in header: ${this.headerKey}`);
+                    }
+                }
+                else {
+                    context.sessionId = sessionId;
+                    this.config.logger?.info(`Session ID set in context object`);
+                }
+            }
+        }
+        catch (error) {
+            this.config.logger?.error("Error setting session ID:", error);
+        }
+    }
+    getSessionId(context) {
+        try {
+            if (this.config.getSessionId) {
+                return this.config.getSessionId(context);
+            }
+            if (context && typeof context === "object") {
+                if ("cookies" in context && context.cookies[this.sessionKey]) {
+                    return context.cookies[this.sessionKey];
+                }
+                if ("headers" in context && context.headers[this.headerKey]) {
+                    return context.headers[this.headerKey];
+                }
+                if ("sessionId" in context) {
+                    return context.sessionId;
+                }
+            }
+            return null;
+        }
+        catch (error) {
+            this.config.logger?.error("Error retrieving session ID:", error);
+            return null;
+        }
+    }
+    generateSessionId() {
+        return this.config.generateSessionId?.() || (0, uuid_1.v4)();
+    }
+    buildSessionData(data, context) {
+        return this.config.createSessionData
+            ? this.config.createSessionData(data, context)
+            : { user: data };
+    }
+    async get(context) {
+        try {
+            const sessionId = this.getSessionId(context);
+            if (!sessionId)
+                return null;
+            return await this.store.getSession(sessionId);
+        }
+        catch (error) {
+            this.config.logger?.error("Error retrieving session data:", error);
+            return null;
+        }
+    }
+    async set(context, data) {
+        try {
+            const sessionId = this.getSessionId(context) || this.generateSessionId();
+            this.config.embedSessionId?.(context, sessionId);
+            await this.store.setSession(sessionId, data);
+            this.config.logger?.info(`Session set for ID: ${sessionId}`);
+        }
+        catch (error) {
+            this.config.logger?.error("Error storing session data:", error);
+        }
+    }
+    async touch(context, data) {
+        try {
+            const sessionId = this.getSessionId(context);
+            if (!sessionId) {
+                this.config.logger?.warn("No session ID found, unable to touch session.");
+                return;
+            }
+            const currentSession = await this.store.getSession(sessionId);
+            if (!currentSession) {
+                this.config.logger?.warn(`Session not found for ID: ${sessionId}`);
+                return;
+            }
+            const updatedSession = { ...currentSession, ...data };
+            await this.store.touchSession(sessionId, updatedSession);
+            this.config.logger?.info(`Session touched for ID: ${sessionId}`);
+        }
+        catch (error) {
+            this.config.logger?.error("Error touching session:", error);
+        }
+    }
+    async destroy(context) {
+        try {
+            const sessionId = this.getSessionId(context);
+            if (sessionId) {
+                await this.store.destroySession(sessionId);
+                this.config.logger?.info(`Session destroyed for ID: ${sessionId}`);
+            }
+        }
+        catch (error) {
+            this.config.logger?.error("Error destroying session:", error);
+        }
+    }
+    isSessionExpired(sessionData) {
+        if (!sessionData || !sessionData.createdAt) {
+            return false;
+        }
+        const now = Date.now();
+        const sessionExpiryMs = this.config.cookie?.maxAge || 3600000;
+        return now - sessionData.createdAt > sessionExpiryMs;
+    }
+}
+exports.SessionHandler = SessionHandler;

package/build/soap-auth.d.ts

@@ -0,0 +1,16 @@
+import { AuthResult, AuthStrategy, SoapAuthConfig } from "./types";
+export declare class SoapAuth {
+    private requiredStrategyMethods;
+    private httpStrategies;
+    private socketStrategies;
+    constructor(config: SoapAuthConfig);
+    private isAuthStrategy;
+    addStrategy(strategiesMap: Map<string, AuthStrategy>, type: string, strategyInstance: AuthStrategy | undefined): void;
+    removeStrategy(type: string): boolean;
+    hasStrategy(type: string): boolean;
+    getStrategy(strategyName: string, layer?: "http" | "socket"): AuthStrategy | undefined;
+    listStrategies(): string[];
+    init(sequential?: boolean): Promise<void>;
+    authenticate(strategyName: string, context: any): Promise<AuthResult<any>>;
+    logout(strategyName: string, context: any): Promise<void>;
+}

package/build/soap-auth.js

@@ -0,0 +1,75 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SoapAuth = void 0;
+const http_auth_strategy_factory_1 = require("./factories/http-auth-strategy.factory");
+const socket_auth_strategy_factory_1 = require("./factories/socket-auth-strategy.factory");
+class SoapAuth {
+    requiredStrategyMethods = ["authenticate", "init"];
+    httpStrategies = new Map();
+    socketStrategies = new Map();
+    constructor(config) {
+        const httpFactory = new http_auth_strategy_factory_1.HttpAuthStrategyFactory(config.logger);
+        this.httpStrategies = httpFactory.createStrategies(config);
+        const socketFactory = new socket_auth_strategy_factory_1.SocketAuthStrategyFactory(config.logger);
+        this.socketStrategies = socketFactory.createStrategies(config);
+    }
+    isAuthStrategy(strategy) {
+        const isValidStrategy = this.requiredStrategyMethods.every((method) => typeof strategy[method] === "function");
+        return isValidStrategy;
+    }
+    addStrategy(strategiesMap, type, strategyInstance) {
+        if (this.isAuthStrategy(strategyInstance)) {
+            strategiesMap.set(type, strategyInstance);
+        }
+    }
+    removeStrategy(type) {
+        if (this.httpStrategies.has(type)) {
+            this.httpStrategies.delete(type);
+            return true;
+        }
+        if (this.socketStrategies.has(type)) {
+            this.socketStrategies.delete(type);
+            return true;
+        }
+        return false;
+    }
+    hasStrategy(type) {
+        return this.httpStrategies.has(type) || this.socketStrategies.has(type);
+    }
+    getStrategy(strategyName, layer = "http") {
+        return layer === "http"
+            ? this.httpStrategies.get(strategyName)
+            : this.socketStrategies.get(strategyName);
+    }
+    listStrategies() {
+        return [...this.httpStrategies.keys(), ...this.socketStrategies.keys()];
+    }
+    async init(sequential = false) {
+        const strategies = [
+            ...this.httpStrategies.values(),
+            ...this.socketStrategies.values(),
+        ];
+        if (sequential) {
+            for (const strategy of strategies) {
+                await strategy.init();
+            }
+        }
+        else {
+            await Promise.all(strategies.map((strategy) => strategy.init()));
+        }
+    }
+    async authenticate(strategyName, context) {
+        const strategy = this.getStrategy(strategyName);
+        if (!strategy) {
+            throw new Error(`Authentication strategy "${strategyName}" not found.`);
+        }
+        return strategy.authenticate(context);
+    }
+    async logout(strategyName, context) {
+        const strategy = this.getStrategy(strategyName);
+        if (strategy?.logout) {
+            await strategy.logout(context);
+        }
+    }
+}
+exports.SoapAuth = SoapAuth;

package/build/strategies/api-key/api-key.errors.d.ts

@@ -0,0 +1,9 @@
+export declare class MissingApiKeyError extends Error {
+    constructor();
+}
+export declare class InvalidApiKeyError extends Error {
+    constructor();
+}
+export declare class ExpiredApiKeyError extends Error {
+    constructor();
+}

package/build/strategies/api-key/api-key.errors.js

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ExpiredApiKeyError = exports.InvalidApiKeyError = exports.MissingApiKeyError = void 0;
+class MissingApiKeyError extends Error {
+    constructor() {
+        super("API Key is missing in the request context.");
+        this.name = "MissingApiKeyError";
+    }
+}
+exports.MissingApiKeyError = MissingApiKeyError;
+class InvalidApiKeyError extends Error {
+    constructor() {
+        super("Invalid API Key provided.");
+        this.name = "InvalidApiKeyError";
+    }
+}
+exports.InvalidApiKeyError = InvalidApiKeyError;
+class ExpiredApiKeyError extends Error {
+    constructor() {
+        super("Expired API Key.");
+        this.name = "InvalidApiKeyError";
+    }
+}
+exports.ExpiredApiKeyError = ExpiredApiKeyError;

package/build/strategies/api-key/api-key.strategy.d.ts

@@ -0,0 +1,14 @@
+import * as Soap from "@soapjs/soap";
+import { AuthResult, AuthStrategy } from "../../types";
+import { ApiKeyStrategyConfig } from "./api-key.types";
+export declare class ApiKeyStrategy<TContext = unknown, TUser = unknown> implements AuthStrategy<TContext, TUser> {
+    private config;
+    private logger;
+    constructor(config: ApiKeyStrategyConfig<TContext, TUser>, logger: Soap.Logger);
+    init(): Promise<void>;
+    authenticate(context?: TContext): Promise<AuthResult<TUser>>;
+    authorize(user: TUser, action: string, resource?: string): Promise<boolean>;
+    revoke(apiKey: string): Promise<void>;
+    private trackApiKeyUsage;
+    private incrementRequestCount;
+}

package/build/strategies/api-key/api-key.strategy.js

@@ -0,0 +1,95 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiKeyStrategy = void 0;
+const api_key_errors_1 = require("./api-key.errors");
+const errors_1 = require("../../errors");
+class ApiKeyStrategy {
+    config;
+    logger;
+    constructor(config, logger) {
+        this.config = config;
+        this.logger = logger;
+        if (!this.config.extractApiKey || !this.config.retrieveUserByApiKey) {
+            throw new Error("ApiKeyStrategy requires extractApiKey and retrieveUserByApiKey functions.");
+        }
+    }
+    async init() {
+        return Promise.resolve();
+    }
+    async authenticate(context) {
+        try {
+            const apiKey = this.config.extractApiKey(context);
+            if (!apiKey) {
+                throw new api_key_errors_1.MissingApiKeyError();
+            }
+            if (await this.config.isAccountLocked?.(apiKey, context)) {
+                throw new errors_1.AccountLockedError();
+            }
+            if (await this.config.isApiKeyExpired?.(apiKey)) {
+                throw new api_key_errors_1.ExpiredApiKeyError();
+            }
+            if (this.config.checkRateLimit &&
+                (await this.config.checkRateLimit(apiKey))) {
+                throw new errors_1.RateLimitExceededError();
+            }
+            const user = await this.config.retrieveUserByApiKey(apiKey);
+            if (!user) {
+                await this.config.logFailedAttempt?.(apiKey, context);
+                throw new api_key_errors_1.InvalidApiKeyError();
+            }
+            if (this.config.authorizeByRoles) {
+                const hasAccess = await this.config.authorizeByRoles(user, this.config.roles || []);
+                if (!hasAccess) {
+                    throw new errors_1.UnauthorizedRoleError();
+                }
+            }
+            await this.trackApiKeyUsage(apiKey);
+            await this.incrementRequestCount(apiKey);
+            await this.config.onSuccess?.({ user, context });
+            return { user };
+        }
+        catch (error) {
+            this.logger.error("API Key authentication error:", error);
+            try {
+                await this.config.onFailure?.({ error, context });
+            }
+            catch (callbackError) {
+                this.logger.error("onFailure callback error during authentication:", callbackError);
+            }
+            throw error;
+        }
+    }
+    async authorize(user, action, resource) {
+        if (this.config.authorize) {
+            return this.config.authorize(user, action, resource);
+        }
+        throw new Error("Authorization logic is not implemented.");
+    }
+    async revoke(apiKey) {
+        if (this.config.revokeApiKey) {
+            await this.config.revokeApiKey(apiKey);
+        }
+        else {
+            throw new Error("Revoke API key functionality is not configured.");
+        }
+    }
+    async trackApiKeyUsage(apiKey) {
+        try {
+            if (this.config.trackApiKeyUsage) {
+                await this.config.trackApiKeyUsage(apiKey);
+            }
+        }
+        catch (error) {
+            this.logger.warn("Failed to track API key usage:", error);
+        }
+    }
+    async incrementRequestCount(apiKey) {
+        try {
+            await this.config.incrementRequestCount?.(apiKey);
+        }
+        catch (error) {
+            this.logger.warn("Failed to increment request count:", error);
+        }
+    }
+}
+exports.ApiKeyStrategy = ApiKeyStrategy;

package/build/strategies/api-key/api-key.types.d.ts

@@ -0,0 +1,13 @@
+import { RateLimitConfig, RoleAuthorizationConfig, AuthFailureContext, AuthSuccessContext, AccountLockConfig } from "../../types";
+export interface ApiKeyStrategyConfig<TContext = unknown, TUser = unknown> extends ApiKeyTrackingConfig, RateLimitConfig, RoleAuthorizationConfig<TUser>, AccountLockConfig<TContext> {
+    extractApiKey: (context: TContext) => string | null;
+    retrieveUserByApiKey: (apiKey: string) => Promise<TUser | null>;
+    authorize?: (user: TUser, action: string, resource?: string) => Promise<boolean>;
+    revokeApiKey?: (apiKey: string) => Promise<void>;
+    onSuccess?: (context: AuthSuccessContext<TUser, TContext>) => Promise<void> | void;
+    onFailure?: (context: AuthFailureContext<TContext>) => Promise<void> | void;
+}
+export interface ApiKeyTrackingConfig {
+    trackApiKeyUsage?: (apiKey: string) => Promise<void>;
+    isApiKeyExpired?: (apiKey: string) => Promise<boolean>;
+}

package/build/strategies/api-key/api-key.types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/build/strategies/base-auth.strategy.d.ts

@@ -0,0 +1,17 @@
+import * as Soap from "@soapjs/soap";
+import { AuthResult, AuthStrategy, BaseAuthStrategyConfig } from "../types";
+import { SessionHandler } from "../session/session-handler";
+export declare abstract class BaseAuthStrategy<TContext = unknown, TUser = unknown> implements AuthStrategy<TContext, TUser> {
+    protected config: BaseAuthStrategyConfig<TContext, TUser>;
+    protected session?: SessionHandler;
+    protected logger?: Soap.Logger;
+    abstract authenticate(context?: TContext): Promise<AuthResult<TUser>>;
+    protected abstract retrieveUser(context: TContext): Promise<TUser | null>;
+    abstract logout(context: TContext): Promise<void>;
+    constructor(config: BaseAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
+    init(): Promise<void>;
+    protected isAccountLocked(account: any, ...args: unknown[]): Promise<boolean>;
+    protected isAuthorized(user: TUser): Promise<boolean>;
+    protected checkRateLimit(data: unknown): Promise<void>;
+    protected checkMfa(user: TUser, context: TContext): Promise<void>;
+}

package/build/strategies/base-auth.strategy.js

@@ -0,0 +1,69 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BaseAuthStrategy = void 0;
+const errors_1 = require("../errors");
+class BaseAuthStrategy {
+    config;
+    session;
+    logger;
+    constructor(config, session, logger) {
+        this.config = config;
+        this.session = session;
+        this.logger = logger;
+    }
+    async init() {
+        return Promise.resolve();
+    }
+    async isAccountLocked(account, ...args) {
+        if (await this.config.isAccountLocked?.(account, ...args)) {
+            throw new errors_1.AccountLockedError();
+        }
+        return false;
+    }
+    async isAuthorized(user) {
+        if (this.config.authorizeByRoles && this.config.roles) {
+            const hasAccess = await this.config.authorizeByRoles(user, this.config.roles);
+            if (!hasAccess) {
+                throw new errors_1.UnauthorizedRoleError();
+            }
+        }
+        return true;
+    }
+    async checkRateLimit(data) {
+        if (this.config.checkRateLimit &&
+            (await this.config.checkRateLimit(data))) {
+            throw new errors_1.RateLimitExceededError();
+        }
+    }
+    async checkMfa(user, context) {
+        try {
+            if (this.config.mfa?.isMfaRequired?.(user)) {
+                const mfaCode = this.config.mfa?.extractMfaCode?.(context);
+                if (!mfaCode) {
+                    await this.config.mfa.sendMfaCode?.(user, context);
+                    throw new Error("2FA required. A verification code has been sent.");
+                }
+                const attempts = (await this.config.mfa.getMfaAttempts?.(user)) || 0;
+                if (this.config.mfa.maxMfaAttempts &&
+                    attempts >= this.config.mfa.maxMfaAttempts) {
+                    this.logger?.warn(`User ${user} exceeded maximum MFA attempts.`);
+                    await this.config.mfa.lockMfaOnFailure?.(user);
+                    throw new Error("Your account has been temporarily locked due to too many failed 2FA attempts.");
+                }
+                const isValidMfa = await this.config.mfa.validateMfaCode?.(user, mfaCode);
+                if (!isValidMfa) {
+                    this.logger?.warn(`Invalid MFA code attempt for user: ${user}`);
+                    await this.config.mfa.incrementMfaAttempts?.(user);
+                    throw new Error("Invalid 2FA code provided.");
+                }
+                await this.config.mfa.resetMfaAttempts?.(user);
+                this.logger?.info(`2FA successfully validated for user: ${user}`);
+            }
+        }
+        catch (error) {
+            this.logger?.error(`2FA validation error for user: ${user}`, error);
+            throw error;
+        }
+    }
+}
+exports.BaseAuthStrategy = BaseAuthStrategy;

package/build/strategies/basic/basic.strategy.d.ts

@@ -0,0 +1,25 @@
+import * as Soap from "@soapjs/soap";
+import { CredentialBasedAuthStrategy } from "../credential-based-auth.strategy";
+import { BasicContext, BasicStrategyConfig } from "./basic.types";
+import { SessionHandler } from "../../session/session-handler";
+export declare class BasicStrategy<TContext extends BasicContext = BasicContext, TUser = unknown> extends CredentialBasedAuthStrategy<TContext, TUser> {
+    protected config: BasicStrategyConfig<TContext, TUser>;
+    protected session?: SessionHandler;
+    protected logger?: Soap.Logger;
+    constructor(config: BasicStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
+    protected extractCredentials(context?: TContext): Promise<{
+        identifier: string;
+        password: string;
+    }>;
+    protected verifyCredentials(credentials: {
+        identifier: string;
+        password: string;
+    }): Promise<boolean>;
+    protected retrieveUser(credentials: {
+        identifier: string;
+        password: string;
+    }): Promise<TUser | null>;
+    requestPasswordReset(email: string): Promise<void>;
+    resetPassword(email: string, token: string, newPassword: string): Promise<void>;
+    changePassword(email: string, oldPassword: string, newPassword: string): Promise<void>;
+}

package/build/strategies/basic/basic.strategy.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BasicStrategy = void 0;
+const credential_based_auth_strategy_1 = require("../credential-based-auth.strategy");
+const errors_1 = require("../../errors");
+class BasicStrategy extends credential_based_auth_strategy_1.CredentialBasedAuthStrategy {
+    config;
+    session;
+    logger;
+    constructor(config, session, logger) {
+        super(config, session, logger);
+        this.config = config;
+        this.session = session;
+        this.logger = logger;
+    }
+    async extractCredentials(context) {
+        const authHeader = context?.headers?.authorization || context?.headers?.["x-custom-auth"];
+        if (!authHeader) {
+            throw new errors_1.MissingCredentialsError();
+        }
+        const parts = authHeader.split(" ");
+        if (parts.length !== 2 || parts[0] !== "Basic") {
+            throw new errors_1.InvalidCredentialsError();
+        }
+        try {
+            const decoded = Buffer.from(parts[1], "base64").toString("utf-8");
+            const [username, password] = decoded.split(":");
+            if (!username || !password) {
+                throw new errors_1.InvalidCredentialsError();
+            }
+            return { identifier: username, password };
+        }
+        catch {
+            throw new errors_1.InvalidCredentialsError();
+        }
+    }
+    async verifyCredentials(credentials) {
+        return this.config.login.verifyUserCredentials(credentials.identifier, credentials.password);
+    }
+    async retrieveUser(credentials) {
+        return this.config.login.retrieveUserData(credentials.identifier);
+    }
+    async requestPasswordReset(email) {
+        await super.requestPasswordReset(email);
+    }
+    async resetPassword(email, token, newPassword) {
+        await super.resetPassword(email, token, newPassword);
+    }
+    async changePassword(email, oldPassword, newPassword) {
+        await super.changePassword(email, oldPassword, newPassword);
+    }
+}
+exports.BasicStrategy = BasicStrategy;

package/build/strategies/basic/basic.types.d.ts

@@ -0,0 +1,10 @@
+import { CredentialBasedAuthStrategyConfig } from "../../types";
+export interface BasicStrategyConfig<TContext = unknown, TUser = unknown> extends CredentialBasedAuthStrategyConfig<TContext, TUser> {
+}
+export type BasicContext = {
+    headers: {
+        authorization: string;
+        [key: string]: string;
+    };
+    [key: string]: unknown;
+};

package/build/strategies/basic/basic.types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/build/strategies/credential-based-auth.strategy.d.ts

@@ -0,0 +1,30 @@
+import * as Soap from "@soapjs/soap";
+import { AuthResult, CredentialBasedAuthStrategyConfig } from "../types";
+import { BaseAuthStrategy } from "./base-auth.strategy";
+import { SessionHandler } from "../session/session-handler";
+export declare abstract class CredentialBasedAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
+    protected config: CredentialBasedAuthStrategyConfig<TContext, TUser>;
+    protected session?: SessionHandler;
+    protected logger?: Soap.Logger;
+    protected abstract extractCredentials(context?: TContext): Promise<{
+        identifier: string;
+        password: string;
+    }>;
+    protected abstract verifyCredentials(credentials: any): Promise<boolean>;
+    protected abstract retrieveUser(credentials: any): Promise<TUser | null>;
+    constructor(config: CredentialBasedAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
+    authenticate(context?: TContext): Promise<AuthResult<TUser>>;
+    protected handleSession(user: TUser, context?: TContext): Promise<void>;
+    logout(context?: TContext): Promise<void>;
+    requestPasswordReset(identifier: string, email?: string): Promise<void>;
+    resetPassword(identifier: string, token: string, newPassword: string): Promise<void>;
+    changePassword(identifier: string, oldPassword: string, newPassword: string): Promise<void>;
+    protected auditLoginAttempt(identifier: string, success: boolean, context?: TContext): Promise<void>;
+    protected auditPasswordChange(identifier: string, context?: TContext): Promise<void>;
+    protected validatePasswordPolicy(password: string): boolean;
+    protected checkFailedAttempts(identifier: string): Promise<void>;
+    protected isAccountLocked(account: any, ...args: unknown[]): Promise<boolean>;
+    protected incrementFailedAttempts(account: any): Promise<void>;
+    protected notifyAccountLocked(identifier: string): Promise<void>;
+    protected checkPasswordExpiry(identifier: string): Promise<void>;
+}