@soapjs/soap-auth 0.3.1 → 0.3.3

package/build/__tests__/soap-auth.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/__tests__/soap-auth.test.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const globals_1 = require("@jest/globals");
+const soap_auth_1 = require("../soap-auth");
+describe("SoapAuth", () => {
+    let soapAuth;
+    const mockLogger = { error: globals_1.jest.fn(), info: globals_1.jest.fn() };
+    const mockStrategy = {
+        authenticate: globals_1.jest.fn(),
+        init: globals_1.jest.fn(),
+        logout: globals_1.jest.fn(),
+    };
+    beforeEach(() => {
+        globals_1.jest.clearAllMocks();
+        soapAuth = new soap_auth_1.SoapAuth({ logger: mockLogger });
+    });
+    test("addStrategy should add a valid strategy", () => {
+        expect(() => soapAuth.addStrategy(mockStrategy, "jwt", "http")).not.toThrow();
+        expect(soapAuth.hasStrategy("jwt", "http")).toBe(true);
+    });
+    test("addStrategy should throw error if strategy is invalid", () => {
+        expect(() => soapAuth.addStrategy({}, "invalid", "http")).toThrow("Invalid authentication strategy: does not implement required methods.");
+    });
+    test("removeStrategy should remove an existing strategy", () => {
+        soapAuth.addStrategy(mockStrategy, "jwt", "http");
+        expect(soapAuth.hasStrategy("jwt", "http")).toBe(true);
+        soapAuth.removeStrategy("jwt", "http");
+        expect(soapAuth.hasStrategy("jwt", "http")).toBe(false);
+    });
+    test("getStrategy should return an existing strategy", () => {
+        soapAuth.addStrategy(mockStrategy, "jwt", "http");
+        expect(soapAuth.getStrategy("jwt", "http")).toBe(mockStrategy);
+    });
+    test("getStrategy should throw an error if strategy does not exist", () => {
+        expect(() => soapAuth.getStrategy("nonexistent", "http")).toThrow('Authentication strategy "nonexistent" not found.');
+    });
+    test("listStrategies should return all registered strategy names", () => {
+        soapAuth.addStrategy(mockStrategy, "jwt", "http");
+        soapAuth.addStrategy(mockStrategy, "oauth", "http");
+        expect(soapAuth.listStrategies("http")).toEqual(["jwt", "oauth"]);
+    });
+});

package/build/errors.d.ts

@@ -1,3 +1,6 @@
+export declare class MissingConfigError extends Error {
+    constructor(config: string);
+}
 export declare class UnauthorizedRoleError extends Error {
     constructor();
 }
@@ -34,6 +37,9 @@ export declare class InvalidTokenError extends Error {
     readonly tokenType: "Access" | "Refresh";
     constructor(tokenType?: "Access" | "Refresh");
 }
+export declare class TokenRotationLimitReachedError extends Error {
+    constructor();
+}
 export declare class UndefinedTokenSecretError extends Error {
     readonly tokenType: "Access" | "Refresh";
     constructor(tokenType?: "Access" | "Refresh");
@@ -47,7 +53,12 @@ export declare class ExpiredTokenError extends Error {
     readonly tokenType: "Access" | "Refresh";
     constructor(tokenType?: "Access" | "Refresh");
 }
-export declare class AuthError extends Error {
-    readonly error: Error;
-    constructor(error: Error, message: string);
+export declare class ExpiredResetTokenError extends Error {
+    constructor();
+}
+export declare class SessionIdNotFoundInContextError extends Error {
+    constructor();
+}
+export declare class ExpiredPasswordError extends Error {
+    constructor();
 }

package/build/errors.js

@@ -1,6 +1,12 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.AuthError = exports.ExpiredTokenError = exports.UndefinedTokenHandlerError = exports.UndefinedTokenSecretError = exports.InvalidTokenError = exports.UndefinedTokenError = exports.EmptyPayloadError = exports.MissingTokenError = exports.InvalidCredentialsError = exports.UserNotFoundError = exports.MissingCredentialsError = exports.AccountLockedError = exports.RateLimitExceededError = exports.MissingAuthorizationCodeError = exports.UnauthorizedRoleError = void 0;
+exports.ExpiredPasswordError = exports.SessionIdNotFoundInContextError = exports.ExpiredResetTokenError = exports.ExpiredTokenError = exports.UndefinedTokenHandlerError = exports.UndefinedTokenSecretError = exports.TokenRotationLimitReachedError = exports.InvalidTokenError = exports.UndefinedTokenError = exports.EmptyPayloadError = exports.MissingTokenError = exports.InvalidCredentialsError = exports.UserNotFoundError = exports.MissingCredentialsError = exports.AccountLockedError = exports.RateLimitExceededError = exports.MissingAuthorizationCodeError = exports.UnauthorizedRoleError = exports.MissingConfigError = void 0;
+class MissingConfigError extends Error {
+    constructor(config) {
+        super(`"${config}" not configured.`);
+    }
+}
+exports.MissingConfigError = MissingConfigError;
 class UnauthorizedRoleError extends Error {
     constructor() {
         super("User does not have the required role.");
@@ -80,6 +86,12 @@ class InvalidTokenError extends Error {
     }
 }
 exports.InvalidTokenError = InvalidTokenError;
+class TokenRotationLimitReachedError extends Error {
+    constructor() {
+        super(`Token rotation limit reached. Please re-authenticate.`);
+    }
+}
+exports.TokenRotationLimitReachedError = TokenRotationLimitReachedError;
 class UndefinedTokenSecretError extends Error {
     tokenType;
     constructor(tokenType = "Access") {
@@ -106,12 +118,21 @@ class ExpiredTokenError extends Error {
     }
 }
 exports.ExpiredTokenError = ExpiredTokenError;
-class AuthError extends Error {
-    error;
-    constructor(error, message) {
-        super(message || error.message);
-        this.error = error;
-        this.name = "AuthError";
+class ExpiredResetTokenError extends Error {
+    constructor() {
+        super("Invalid or expired reset token.");
+    }
+}
+exports.ExpiredResetTokenError = ExpiredResetTokenError;
+class SessionIdNotFoundInContextError extends Error {
+    constructor() {
+        super("Session ID is missing in the context.");
+    }
+}
+exports.SessionIdNotFoundInContextError = SessionIdNotFoundInContextError;
+class ExpiredPasswordError extends Error {
+    constructor() {
+        super("Password expired, please reset your password.");
     }
 }
-exports.AuthError = AuthError;
+exports.ExpiredPasswordError = ExpiredPasswordError;

package/build/index.d.ts

@@ -1,5 +1,5 @@
-export * from "./factories";
 export * from "./session";
+export * from "./services";
 export * from "./strategies";
 export * from "./tools";
 export * from "./errors";

package/build/index.js

@@ -14,8 +14,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./factories"), exports);
 __exportStar(require("./session"), exports);
+__exportStar(require("./services"), exports);
 __exportStar(require("./strategies"), exports);
 __exportStar(require("./tools"), exports);
 __exportStar(require("./errors"), exports);

package/build/services/__tests__/account-lock.service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/services/__tests__/account-lock.service.test.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const errors_1 = require("../../errors");
+const account_lock_service_1 = require("../account-lock.service");
+const mockConfig = {
+    isAccountLocked: jest.fn(),
+    lockAccount: jest.fn(),
+    hasAccountLockExpired: jest.fn(),
+    removeAccountLock: jest.fn(),
+    logFailedAttempt: jest.fn(),
+    notifyOnLockout: jest.fn(),
+};
+const mockLogger = {
+    error: jest.fn(),
+};
+describe("AccountLockService", () => {
+    let service;
+    const mockAccount = { id: "123" };
+    beforeEach(() => {
+        jest.clearAllMocks();
+        service = new account_lock_service_1.AccountLockService(mockConfig, mockLogger);
+    });
+    it("isAccountLocked throws error if account is locked", async () => {
+        mockConfig.isAccountLocked.mockResolvedValue(true);
+        await expect(service.isAccountLocked(mockAccount)).rejects.toThrow(errors_1.AccountLockedError);
+    });
+    it("isAccountLocked returns false if account is not locked", async () => {
+        mockConfig.isAccountLocked.mockResolvedValue(false);
+        await expect(service.isAccountLocked(mockAccount)).resolves.toBe(false);
+    });
+    it("lockAccount locks the account and notifies if enabled", async () => {
+        mockConfig.notifyOnLockout = jest.fn();
+        await service.lockAccount(mockAccount);
+        expect(mockConfig.lockAccount).toHaveBeenCalledWith(mockAccount);
+        expect(mockConfig.notifyOnLockout).toHaveBeenCalledWith(mockAccount);
+    });
+    it("lockAccount does not notify if notifyOnLockout is not defined", async () => {
+        mockConfig.notifyOnLockout = undefined;
+        await service.lockAccount(mockAccount);
+        expect(mockConfig.lockAccount).toHaveBeenCalledWith(mockAccount);
+    });
+    it("hasAccountLockExpired returns expected value", async () => {
+        mockConfig.hasAccountLockExpired.mockResolvedValue(true);
+        await expect(service.hasAccountLockExpired(mockAccount)).resolves.toBe(true);
+    });
+    it("removeAccountLock calls the correct method", async () => {
+        await service.removeAccountLock(mockAccount);
+        expect(mockConfig.removeAccountLock).toHaveBeenCalledWith(mockAccount);
+    });
+    it("logFailedAttempt logs action and handles error if logging fails", async () => {
+        mockConfig.logFailedAttempt.mockRejectedValue(new Error("Logging failed"));
+        await service.logFailedAttempt("LOGIN_ATTEMPT", mockAccount, {});
+        expect(mockLogger.error).toHaveBeenCalled();
+    });
+});

package/build/services/__tests__/auth-throttle.service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/services/__tests__/auth-throttle.service.test.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const errors_1 = require("../../errors");
+const auth_throttle_service_1 = require("../auth-throttle.service");
+const mockConfig = {
+    getFailedAttempts: jest.fn(),
+    incrementFailedAttempts: jest.fn(),
+    resetFailedAttempts: jest.fn(),
+    maxFailedAttempts: 3,
+};
+const mockLogger = {
+    warn: jest.fn(),
+    error: jest.fn(),
+};
+describe("AuthThrottleService", () => {
+    let service;
+    const mockIdentifier = "user123";
+    beforeEach(() => {
+        jest.clearAllMocks();
+        service = new auth_throttle_service_1.AuthThrottleService(mockConfig, mockLogger);
+    });
+    it("checkFailedAttempts throws error if max failed attempts reached", async () => {
+        mockConfig.getFailedAttempts.mockResolvedValue(3);
+        await expect(service.checkFailedAttempts(mockIdentifier)).rejects.toThrow(errors_1.AccountLockedError);
+        expect(mockLogger.warn).toHaveBeenCalledWith(`User ${mockIdentifier} is temporarily locked out.`);
+    });
+    it("checkFailedAttempts does not throw error if failed attempts are below threshold", async () => {
+        mockConfig.getFailedAttempts.mockResolvedValue(2);
+        await expect(service.checkFailedAttempts(mockIdentifier)).resolves.not.toThrow();
+    });
+    it("checkFailedAttempts logs error if an exception occurs", async () => {
+        mockConfig.getFailedAttempts.mockRejectedValue(new Error("DB error"));
+        await service.checkFailedAttempts(mockIdentifier);
+        expect(mockLogger.error).toHaveBeenCalledWith("Check failed attempts:", expect.any(Error));
+    });
+    it("incrementFailedAttempts increments counter and throws if max reached", async () => {
+        mockConfig.getFailedAttempts.mockResolvedValue(3);
+        await expect(service.incrementFailedAttempts(mockIdentifier)).rejects.toThrow(errors_1.AccountLockedError);
+    });
+    it("incrementFailedAttempts increments counter without throwing if below threshold", async () => {
+        mockConfig.getFailedAttempts.mockResolvedValue(2);
+        await expect(service.incrementFailedAttempts(mockIdentifier)).resolves.not.toThrow();
+    });
+    it("resetFailedAttempts calls the correct method", async () => {
+        await service.resetFailedAttempts(mockIdentifier);
+        expect(mockConfig.resetFailedAttempts).toHaveBeenCalledWith(mockIdentifier);
+    });
+});

package/build/services/__tests__/jwks.service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/services/__tests__/jwks.service.test.js

@@ -0,0 +1,39 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const jwks_service_1 = require("../jwks.service");
+const oauth2_errors_1 = require("../../strategies/oauth2/oauth2.errors");
+describe("JwtService", () => {
+    let service;
+    let mockConfig;
+    const mockIdToken = "mock.id.token";
+    beforeEach(() => {
+        jest.clearAllMocks();
+        mockConfig = {
+            jwks: {
+                jwksUri: "https://mock-jwks-uri.com",
+                algorithms: ["RS256"],
+                issuer: "mock-issuer",
+                audience: "mock-client-id",
+            },
+        };
+        service = new jwks_service_1.JwtService(mockConfig);
+    });
+    it("verify throws error if ID token structure is invalid", async () => {
+        jest.spyOn(jsonwebtoken_1.default, "decode").mockReturnValue(null);
+        await expect(service.verify(mockIdToken)).rejects.toThrow("Invalid ID Token structure.");
+    });
+    it("verify throws error if ID token is expired", async () => {
+        jest.spyOn(jsonwebtoken_1.default, "decode").mockReturnValue({ header: { kid: "mock-kid" } });
+        jest
+            .spyOn(service.client, "getSigningKey")
+            .mockResolvedValue({ getPublicKey: () => "mock-public-key" });
+        jest
+            .spyOn(jsonwebtoken_1.default, "verify")
+            .mockReturnValue({ exp: Math.floor(Date.now() / 1000) - 10 });
+        await expect(service.verify(mockIdToken)).rejects.toThrow(oauth2_errors_1.InvalidIdTokenError);
+    });
+});

package/build/services/__tests__/mfa.service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/services/__tests__/mfa.service.test.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const mfa_service_1 = require("../mfa.service");
+const mockConfig = {
+    isMfaRequired: jest.fn(),
+    extractMfaCode: jest.fn(),
+    sendMfaCode: jest.fn(),
+    validateMfaCode: jest.fn(),
+    maxMfaAttempts: 3,
+    getMfaAttempts: jest.fn(),
+    incrementMfaAttempts: jest.fn(),
+    resetMfaAttempts: jest.fn(),
+    lockMfaOnFailure: jest.fn(),
+};
+const mockLogger = {
+    info: jest.fn(),
+    warn: jest.fn(),
+    error: jest.fn(),
+};
+describe("MfaService", () => {
+    let service;
+    const mockUser = { id: "user123" };
+    const mockContext = { token: "mock-token" };
+    beforeEach(() => {
+        jest.clearAllMocks();
+        service = new mfa_service_1.MfaService(mockConfig, mockLogger);
+    });
+    it("checkMfa sends code if required and no code provided", async () => {
+        mockConfig.isMfaRequired.mockReturnValue(true);
+        mockConfig.extractMfaCode.mockReturnValue(null);
+        await expect(service.checkMfa(mockUser, mockContext)).rejects.toThrow("2FA required. A verification code has been sent.");
+        expect(mockConfig.sendMfaCode).toHaveBeenCalledWith(mockUser, mockContext);
+    });
+    it("checkMfa locks account after too many failed attempts", async () => {
+        mockConfig.isMfaRequired.mockReturnValue(true);
+        mockConfig.extractMfaCode.mockReturnValue("wrong-code");
+        mockConfig.getMfaAttempts.mockResolvedValue(3);
+        await expect(service.checkMfa(mockUser, mockContext)).rejects.toThrow("Your account has been temporarily locked due to too many failed 2FA attempts.");
+        expect(mockLogger.warn).toHaveBeenCalledWith(`User ${mockUser} exceeded maximum MFA attempts.`);
+        expect(mockConfig.lockMfaOnFailure).toHaveBeenCalledWith(mockUser);
+    });
+    it("checkMfa rejects invalid MFA codes", async () => {
+        mockConfig.isMfaRequired.mockReturnValue(true);
+        mockConfig.extractMfaCode.mockReturnValue("invalid-code");
+        mockConfig.getMfaAttempts.mockResolvedValue(1);
+        mockConfig.validateMfaCode.mockResolvedValue(false);
+        await expect(service.checkMfa(mockUser, mockContext)).rejects.toThrow("Invalid 2FA code provided.");
+        expect(mockLogger.warn).toHaveBeenCalledWith(`Invalid MFA code attempt for user: ${mockUser}`);
+        expect(mockConfig.incrementMfaAttempts).toHaveBeenCalledWith(mockUser);
+    });
+    it("checkMfa resets attempts on successful MFA validation", async () => {
+        mockConfig.isMfaRequired.mockReturnValue(true);
+        mockConfig.extractMfaCode.mockReturnValue("valid-code");
+        mockConfig.validateMfaCode.mockResolvedValue(true);
+        await expect(service.checkMfa(mockUser, mockContext)).resolves.not.toThrow();
+        expect(mockConfig.resetMfaAttempts).toHaveBeenCalledWith(mockUser);
+        expect(mockLogger.info).toHaveBeenCalledWith(`2FA successfully validated for user: ${mockUser}`);
+    });
+    it("lockMfaOnFailure logs error if an exception occurs", async () => {
+        mockConfig.lockMfaOnFailure.mockImplementation(() => {
+            throw new Error("Lock failed");
+        });
+        service.lockMfaOnFailure(mockUser);
+        expect(mockLogger.error).toHaveBeenCalledWith(expect.any(Error));
+    });
+});

package/build/services/__tests__/password.service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/services/__tests__/password.service.test.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const password_service_1 = require("../password.service");
+const soap_1 = require("@soapjs/soap");
+const globals_1 = require("@jest/globals");
+describe("PasswordService", () => {
+    let service;
+    let mockConfig;
+    const mockLogger = { error: globals_1.jest.fn() };
+    const mockIdentifier = "user123";
+    const mockPassword = "SecurePass123!";
+    beforeEach(() => {
+        globals_1.jest.clearAllMocks();
+        mockConfig = {
+            validatePassword: globals_1.jest.fn(),
+            getLastPasswordChange: globals_1.jest.fn(),
+            generateResetToken: globals_1.jest.fn(),
+            sendResetEmail: globals_1.jest.fn(),
+            validateResetToken: globals_1.jest.fn(),
+            updatePassword: globals_1.jest.fn(),
+            passwordExpirationDays: 30,
+        };
+        service = new password_service_1.PasswordService(mockConfig, mockLogger);
+    });
+    it("validatePassword calls config method", async () => {
+        mockConfig.validatePassword.mockReturnValue(true);
+        await expect(service.validatePassword(mockPassword)).resolves.toBe(true);
+        expect(mockConfig.validatePassword).toHaveBeenCalledWith(mockPassword);
+    });
+    it("getLastPasswordChange calls config method", async () => {
+        const mockDate = new Date();
+        mockConfig.getLastPasswordChange.mockReturnValue(mockDate);
+        await expect(service.getLastPasswordChange(mockIdentifier)).resolves.toBe(mockDate);
+        expect(mockConfig.getLastPasswordChange).toHaveBeenCalledWith(mockIdentifier);
+    });
+    it("generateResetToken calls config method", async () => {
+        mockConfig.generateResetToken.mockResolvedValue("mock-token");
+        await expect(service.generateResetToken(mockIdentifier)).resolves.toBe("mock-token");
+    });
+    it("sendResetEmail calls config method", async () => {
+        await expect(service.sendResetEmail(mockIdentifier, "mock-token")).resolves.not.toThrow();
+        expect(mockConfig.sendResetEmail).toHaveBeenCalledWith(mockIdentifier, "mock-token");
+    });
+    it("validateResetToken calls config method", async () => {
+        mockConfig.validateResetToken.mockResolvedValue(true);
+        await expect(service.validateResetToken("mock-token")).resolves.toBe(true);
+    });
+    it("updatePassword calls config method", async () => {
+        await expect(service.updatePassword(mockIdentifier, mockPassword)).resolves.not.toThrow();
+        expect(mockConfig.updatePassword).toHaveBeenCalledWith(mockIdentifier, mockPassword);
+    });
+    it("isPasswordChangeRequired returns true if password is expired", async () => {
+        const pastDate = new Date(Date.now() - 31 * 86400000);
+        mockConfig.getLastPasswordChange.mockResolvedValue(pastDate);
+        await expect(service.isPasswordChangeRequired(mockIdentifier)).resolves.toBe(true);
+    });
+    it("isPasswordChangeRequired returns false if password is within expiration period", async () => {
+        const recentDate = new Date(Date.now() - 15 * 86400000);
+        mockConfig.getLastPasswordChange.mockResolvedValue(recentDate);
+        await expect(service.isPasswordChangeRequired(mockIdentifier)).resolves.toBe(false);
+    });
+    it("isPasswordChangeRequired throws NotImplementedError if getLastPasswordChange is not defined", async () => {
+        service = new password_service_1.PasswordService({ passwordExpirationDays: 30 }, mockLogger);
+        await expect(service.isPasswordChangeRequired(mockIdentifier)).rejects.toThrow(soap_1.NotImplementedError);
+    });
+});

package/build/services/__tests__/pkce.service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/services/__tests__/pkce.service.test.js

@@ -0,0 +1,77 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const pkce_service_1 = require("../pkce.service");
+class InMemoryPKCEPersistence {
+    storeMap = new Map();
+    async store(key, meta) {
+        this.storeMap.set(key, meta || {});
+    }
+    async read(verifierOrChallenge) {
+        return this.storeMap.get(verifierOrChallenge);
+    }
+    async remove(key) {
+        this.storeMap.delete(key);
+    }
+}
+describe("PKCEService", () => {
+    let service;
+    let config;
+    beforeEach(() => {
+        config = {
+            verifier: {
+                expiresIn: 1,
+                embed: jest.fn(),
+                extract: jest.fn().mockImplementation((ctx) => ctx.verifier),
+                persistence: new InMemoryPKCEPersistence(),
+            },
+            challenge: {
+                expiresIn: 1,
+                embed: jest.fn(),
+                extract: jest.fn().mockImplementation((ctx) => ctx.challenge),
+                persistence: new InMemoryPKCEPersistence(),
+            },
+        };
+        service = new pkce_service_1.PKCEService(config);
+    });
+    it("should generate and store a code verifier", async () => {
+        const context = { key: "code_verifier_test" };
+        const verifier = await service.generateCodeVerifier(context);
+        expect(verifier).toBeDefined();
+        expect(config.verifier.embed).toHaveBeenCalledWith(context, verifier);
+    });
+    it("should generate and store a code challenge", async () => {
+        const context = { key: "code_challenge_test" };
+        const challenge = await service.generateCodeChallenge("test_verifier", context);
+        expect(challenge).toBeDefined();
+        expect(config.challenge.embed).toHaveBeenCalledWith(context, challenge);
+    });
+    it("should detect expired code verifier", async () => {
+        config.verifier.embed = (ctx, cv) => {
+            ctx.verifier = cv;
+        };
+        const context = { key: "expired_verifier_test" };
+        await service.generateCodeVerifier(context);
+        await new Promise((resolve) => setTimeout(resolve, 1500));
+        const isExpired = await service.isCodeVerifierExpired(context);
+        expect(isExpired).toBe(true);
+    });
+    it("should detect not-expired code verifier", async () => {
+        config.verifier.embed = (ctx, cv) => {
+            ctx.verifier = cv;
+        };
+        const context = {
+            key: "not_expired_verifier_test",
+        };
+        await service.generateCodeVerifier(context);
+        await new Promise((resolve) => setTimeout(resolve, 500));
+        const isExpired = await service.isCodeVerifierExpired(context);
+        expect(isExpired).toBe(false);
+    });
+    it("should clear code verifier", async () => {
+        const context = {
+            key: "clear_verifier_test",
+            verifier: "test_verifier_value",
+        };
+        await service.clearCodeVerifier(context);
+    });
+});

package/build/services/__tests__/rate-limit.service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/services/__tests__/rate-limit.service.test.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const errors_1 = require("../../errors");
+const rate_limit_service_1 = require("../rate-limit.service");
+const mockConfig = {
+    incrementRequestCount: jest.fn(),
+    checkRateLimit: jest.fn(),
+};
+const mockLogger = {
+    error: jest.fn(),
+};
+describe("RateLimitService", () => {
+    let service;
+    const mockData = { userId: "user123" };
+    beforeEach(() => {
+        jest.clearAllMocks();
+        service = new rate_limit_service_1.RateLimitService(mockConfig, mockLogger);
+    });
+    it("incrementRequestCount calls config method and handles errors", async () => {
+        mockConfig.incrementRequestCount.mockResolvedValue(undefined);
+        await expect(service.incrementRequestCount(mockData)).resolves.not.toThrow();
+        expect(mockConfig.incrementRequestCount).toHaveBeenCalledWith(mockData);
+    });
+    it("incrementRequestCount logs error if an exception occurs", async () => {
+        mockConfig.incrementRequestCount.mockRejectedValue(new Error("Increment failed"));
+        await expect(service.incrementRequestCount(mockData)).resolves.not.toThrow();
+        expect(mockLogger.error).toHaveBeenCalledWith(expect.any(Error));
+    });
+    it("checkRateLimit throws RateLimitExceededError if limit is exceeded", async () => {
+        mockConfig.checkRateLimit.mockResolvedValue(true);
+        await expect(service.checkRateLimit(mockData)).rejects.toThrow(errors_1.RateLimitExceededError);
+    });
+    it("checkRateLimit does not throw error if limit is not exceeded", async () => {
+        mockConfig.checkRateLimit.mockResolvedValue(false);
+        await expect(service.checkRateLimit(mockData)).resolves.not.toThrow();
+    });
+});

package/build/services/__tests__/role.service.test.d.ts

@@ -0,0 +1 @@
+export {};

package/build/services/__tests__/role.service.test.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const errors_1 = require("../../errors");
+const role_service_1 = require("../role.service");
+const mockConfig = {
+    authorizeByRoles: jest.fn(),
+    roles: ["admin", "editor"],
+};
+const mockLogger = {
+    error: jest.fn(),
+};
+describe("RoleService", () => {
+    let service;
+    const mockUser = { id: "user123", role: "viewer" };
+    beforeEach(() => {
+        jest.clearAllMocks();
+        service = new role_service_1.RoleService(mockConfig, mockLogger);
+    });
+    it("isAuthorized throws UnauthorizedRoleError if user is not authorized", async () => {
+        mockConfig.authorizeByRoles.mockResolvedValue(false);
+        await expect(service.isAuthorized(mockUser)).rejects.toThrow(errors_1.UnauthorizedRoleError);
+    });
+    it("isAuthorized returns true if user is authorized", async () => {
+        mockConfig.authorizeByRoles.mockResolvedValue(true);
+        await expect(service.isAuthorized(mockUser)).resolves.toBe(true);
+    });
+    it("isAuthorized bypasses role check if authorizeByRoles is not defined", async () => {
+        service = new role_service_1.RoleService({ roles: [] }, mockLogger);
+        await expect(service.isAuthorized(mockUser)).resolves.toBe(true);
+    });
+});

package/build/services/account-lock.service.d.ts

@@ -0,0 +1,12 @@
+import * as Soap from "@soapjs/soap";
+import { AccountLockConfig } from "../types";
+export declare class AccountLockService<TContext = unknown> {
+    private config;
+    private logger;
+    constructor(config: AccountLockConfig<TContext>, logger: Soap.Logger);
+    isAccountLocked(account: any): Promise<boolean>;
+    lockAccount(account: any): Promise<void>;
+    hasAccountLockExpired(account: any): Promise<boolean>;
+    removeAccountLock(account: any): Promise<void>;
+    logFailedAttempt(id: string, context?: TContext): Promise<void>;
+}

package/build/services/account-lock.service.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AccountLockService = void 0;
+const errors_1 = require("../errors");
+class AccountLockService {
+    config;
+    logger;
+    constructor(config, logger) {
+        this.config = config;
+        this.logger = logger;
+    }
+    async isAccountLocked(account) {
+        if (await this.config.isAccountLocked(account)) {
+            throw new errors_1.AccountLockedError();
+        }
+        return false;
+    }
+    async lockAccount(account) {
+        await this.config.lockAccount(account);
+        if (this.config?.notifyOnLockout) {
+            await this.config.notifyOnLockout(account);
+        }
+    }
+    async hasAccountLockExpired(account) {
+        return this.config.hasAccountLockExpired(account);
+    }
+    async removeAccountLock(account) {
+        return this.config.removeAccountLock(account);
+    }
+    async logFailedAttempt(id, context) {
+        try {
+            await this.config.logFailedAttempt?.(id, context);
+        }
+        catch (error) {
+            this.logger?.error(error);
+        }
+    }
+}
+exports.AccountLockService = AccountLockService;