npm - @soapjs/soap-auth - Versions diffs - 0.3.1 → 0.3.3 - Mend

@soapjs/soap-auth 0.3.1 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (121) hide show

package/build/__tests__/soap-auth.test.d.ts +1 -0
package/build/__tests__/soap-auth.test.js +42 -0
package/build/errors.d.ts +14 -3
package/build/errors.js +29 -8
package/build/index.d.ts +1 -1
package/build/index.js +1 -1
package/build/services/__tests__/account-lock.service.test.d.ts +1 -0
package/build/services/__tests__/account-lock.service.test.js +55 -0
package/build/services/__tests__/auth-throttle.service.test.d.ts +1 -0
package/build/services/__tests__/auth-throttle.service.test.js +48 -0
package/build/services/__tests__/jwks.service.test.d.ts +1 -0
package/build/services/__tests__/jwks.service.test.js +39 -0
package/build/services/__tests__/mfa.service.test.d.ts +1 -0
package/build/services/__tests__/mfa.service.test.js +66 -0
package/build/services/__tests__/password.service.test.d.ts +1 -0
package/build/services/__tests__/password.service.test.js +66 -0
package/build/services/__tests__/pkce.service.test.d.ts +1 -0
package/build/services/__tests__/pkce.service.test.js +77 -0
package/build/services/__tests__/rate-limit.service.test.d.ts +1 -0
package/build/services/__tests__/rate-limit.service.test.js +37 -0
package/build/services/__tests__/role.service.test.d.ts +1 -0
package/build/services/__tests__/role.service.test.js +31 -0
package/build/services/account-lock.service.d.ts +12 -0
package/build/services/account-lock.service.js +39 -0
package/build/services/auth-throttle.service.d.ts +10 -0
package/build/services/auth-throttle.service.js +43 -0
package/build/services/index.d.ts +8 -0
package/build/{factories → services}/index.js +8 -3
package/build/services/jwks.service.d.ts +7 -0
package/build/services/jwks.service.js +41 -0
package/build/services/mfa.service.d.ts +12 -0
package/build/services/mfa.service.js +74 -0
package/build/services/password.service.d.ts +14 -0
package/build/services/password.service.js +78 -0
package/build/services/pkce.service.d.ts +14 -0
package/build/services/pkce.service.js +81 -0
package/build/services/rate-limit.service.d.ts +9 -0
package/build/services/rate-limit.service.js +26 -0
package/build/services/role.service.d.ts +9 -0
package/build/services/role.service.js +26 -0
package/build/session/__tests__/file.session-store.test.d.ts +1 -0
package/build/session/__tests__/file.session-store.test.js +117 -0
package/build/session/__tests__/memory.session-store.test.d.ts +1 -0
package/build/session/__tests__/memory.session-store.test.js +77 -0
package/build/session/__tests__/session-handler.test.d.ts +1 -0
package/build/session/__tests__/session-handler.test.js +337 -0
package/build/session/file.session-store.d.ts +1 -0
package/build/session/file.session-store.js +7 -0
package/build/session/memory.session-store.d.ts +4 -1
package/build/session/memory.session-store.js +11 -5
package/build/session/session-handler.d.ts +12 -7
package/build/session/session-handler.js +46 -13
package/build/session/session.errors.d.ts +6 -0
package/build/session/session.errors.js +15 -0
package/build/soap-auth.d.ts +9 -8
package/build/soap-auth.js +42 -29
package/build/strategies/__tests__/base-auth.strategy.test.d.ts +14 -0
package/build/strategies/__tests__/base-auth.strategy.test.js +137 -0
package/build/strategies/__tests__/credential-auth.strategy.test.d.ts +14 -0
package/build/strategies/__tests__/credential-auth.strategy.test.js +265 -0
package/build/strategies/__tests__/token-auth.strategy.test.d.ts +28 -0
package/build/strategies/__tests__/token-auth.strategy.test.js +298 -0
package/build/strategies/api-key/__tests__/api-key.strategy.test.d.ts +1 -0
package/build/strategies/api-key/__tests__/api-key.strategy.test.js +103 -0
package/build/strategies/api-key/api-key.strategy.d.ts +5 -2
package/build/strategies/api-key/api-key.strategy.js +43 -35
package/build/strategies/api-key/api-key.tools.d.ts +2 -0
package/build/strategies/api-key/api-key.tools.js +39 -0
package/build/strategies/api-key/api-key.types.d.ts +10 -2
package/build/strategies/base-auth.strategy.d.ts +11 -5
package/build/strategies/base-auth.strategy.js +45 -52
package/build/strategies/basic/__tests__/basic.strategy.test.d.ts +1 -0
package/build/strategies/basic/__tests__/basic.strategy.test.js +104 -0
package/build/strategies/basic/basic.strategy.d.ts +5 -7
package/build/strategies/basic/basic.strategy.js +6 -6
package/build/strategies/basic/basic.tools.d.ts +2 -0
package/build/strategies/basic/basic.tools.js +44 -0
package/build/strategies/credential-auth.strategy.d.ts +7 -17
package/build/strategies/credential-auth.strategy.js +116 -181
package/build/strategies/jwt/__tests__/jwt.strategy.test.d.ts +1 -0
package/build/strategies/jwt/__tests__/jwt.strategy.test.js +156 -0
package/build/strategies/jwt/__tests__/jwt.tools.test.d.ts +1 -0
package/build/strategies/jwt/__tests__/jwt.tools.test.js +98 -0
package/build/strategies/jwt/jwt.strategy.d.ts +13 -14
package/build/strategies/jwt/jwt.strategy.js +57 -44
package/build/strategies/jwt/jwt.tools.d.ts +20 -7
package/build/strategies/jwt/jwt.tools.js +180 -81
package/build/strategies/local/__tests__/local.strategy.test.d.ts +1 -0
package/build/strategies/local/__tests__/local.strategy.test.js +115 -0
package/build/strategies/local/local.strategy.d.ts +4 -3
package/build/strategies/local/local.strategy.js +7 -6
package/build/strategies/local/local.tools.d.ts +2 -0
package/build/strategies/local/local.tools.js +44 -0
package/build/strategies/oauth2/hybrid.oauth2.strategy.d.ts +5 -0
package/build/strategies/oauth2/hybrid.oauth2.strategy.js +92 -0
package/build/strategies/oauth2/oauth2.errors.d.ts +12 -0
package/build/strategies/oauth2/oauth2.errors.js +24 -0
package/build/strategies/oauth2/oauth2.strategy.d.ts +25 -15
package/build/strategies/oauth2/oauth2.strategy.js +131 -141
package/build/strategies/oauth2/oauth2.tools.d.ts +7 -2
package/build/strategies/oauth2/oauth2.tools.js +119 -14
package/build/strategies/oauth2/oauth2.types.d.ts +32 -1
package/build/strategies/token-auth.strategy.d.ts +14 -8
package/build/strategies/token-auth.strategy.js +162 -38
package/build/tools/index.d.ts +0 -2
package/build/tools/index.js +0 -2
package/build/tools/tools.d.ts +2 -1
package/build/tools/tools.js +9 -12
package/build/types.d.ts +88 -57
package/package.json +1 -1
package/build/factories/auth-strategy.factory.d.ts +0 -9
package/build/factories/auth-strategy.factory.js +0 -16
package/build/factories/http-auth-strategy.factory.d.ts +0 -5
package/build/factories/http-auth-strategy.factory.js +0 -41
package/build/factories/index.d.ts +0 -3
package/build/factories/socket-auth-strategy.factory.d.ts +0 -5
package/build/factories/socket-auth-strategy.factory.js +0 -27
package/build/tools/session.tools.d.ts +0 -6
package/build/tools/session.tools.js +0 -15
package/build/tools/token.tools.d.ts +0 -7
package/build/tools/token.tools.js +0 -32

package/build/strategies/local/local.strategy.js CHANGED Viewed

@@ -2,14 +2,15 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.LocalStrategy = void 0;
 const credential_auth_strategy_1 = require("../credential-auth.strategy");
+const local_tools_1 = require("./local.tools");
 class LocalStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
-    config;
     session;
+    jwt;
     logger;
-    constructor(config, session, logger) {
-        super(config, session, logger);
-        this.config = config;
+    constructor(config, session, jwt, logger) {
+        super((0, local_tools_1.prepareLocalConfig)(config), session, jwt, logger);
         this.session = session;
+        this.jwt = jwt;
         this.logger = logger;
     }
     extractCredentials(context) {
@@ -18,8 +19,8 @@ class LocalStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
     async verifyCredentials(identifier, password) {
         return this.config.credentials.verifyCredentials(identifier, password);
     }
-    async retrieveUser(credentials) {
-        return this.config.user.getUserData(credentials.identifier);
+    async fetchUser(credentials) {
+        return this.config.user.fetchUser(credentials.identifier);
     }
 }
 exports.LocalStrategy = LocalStrategy;

package/build/strategies/local/local.tools.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { LocalStrategyConfig } from "./local.types";
2	+ export declare const prepareLocalConfig: <TContext = any, TUser = any>(config: LocalStrategyConfig<TContext, TUser>) => LocalStrategyConfig<TContext, TUser>;

package/build/strategies/local/local.tools.js ADDED Viewed

@@ -0,0 +1,44 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.prepareLocalConfig = void 0;
+const Soap = __importStar(require("@soapjs/soap"));
+const prepareLocalConfig = (config) => {
+    return Soap.removeUndefinedProperties({
+        ...config,
+        routes: {
+            ...config.routes,
+            login: {
+                path: config.routes.login.path || '/auth/local/login',
+                method: config.routes.login.method || 'POST'
+            },
+            logout: {
+                path: config.routes.logout.path || '/auth/local/logout',
+                method: config.routes.logout.method || 'POST'
+            }
+        }
+    });
+};
+exports.prepareLocalConfig = prepareLocalConfig;

package/build/strategies/oauth2/hybrid.oauth2.strategy.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { AuthResult } from "../../types";
+import { OAuth2Strategy } from "./oauth2.strategy";
+export declare abstract class HybridOAuth2Strategy<TContext = unknown, TUser = unknown> extends OAuth2Strategy<TContext, TUser> {
+    authenticate(context: TContext): Promise<AuthResult<TUser>>;
+}

package/build/strategies/oauth2/hybrid.oauth2.strategy.js ADDED Viewed

@@ -0,0 +1,92 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HybridOAuth2Strategy = void 0;
+const errors_1 = require("../../errors");
+const oauth2_strategy_1 = require("./oauth2.strategy");
+const oauth2_errors_1 = require("./oauth2.errors");
+const oauth2_tools_1 = require("./oauth2.tools");
+class HybridOAuth2Strategy extends oauth2_strategy_1.OAuth2Strategy {
+    async authenticate(context) {
+        try {
+            let tokens;
+            let session;
+            let accessToken, idToken, refreshToken;
+            if (this.jwt) {
+                try {
+                    const jwtResult = await this.jwt.authenticate(context);
+                    if (jwtResult.user) {
+                        this.logger?.info("Authenticated using JWT.");
+                        return jwtResult;
+                    }
+                }
+                catch (e) {
+                    this.logger?.warn("JWT authentication failed, proceeding with OAuth2 flow.");
+                }
+            }
+            if (this.session) {
+                try {
+                    const sessionResult = await this.authenticateWithSession(context);
+                    if (sessionResult.user) {
+                        this.logger?.info("Authenticated using session.");
+                        return sessionResult;
+                    }
+                }
+                catch (e) {
+                    this.logger?.warn("Session authentication failed, proceeding with OAuth2 flow.");
+                }
+            }
+            refreshToken = await this.extractRefreshToken(context);
+            if (refreshToken) {
+                this.logger?.info("Refreshing expired access token...");
+                try {
+                    const refreshedTokens = await this.refreshAccessToken(context);
+                    accessToken = refreshedTokens.accessToken;
+                    idToken = refreshedTokens.idToken;
+                }
+                catch (error) {
+                    this.logger?.warn("Failed to refresh access token, clearing refresh token.");
+                    await this.storeRefreshToken("", context);
+                }
+            }
+            if (!accessToken) {
+                const code = this.extractAuthorizationCode(context);
+                if (!code) {
+                    this.login(context);
+                    throw new errors_1.MissingAuthorizationCodeError();
+                }
+                const returnedState = oauth2_tools_1.OAuth2Tools.extractState(context);
+                if (!(await this.config.state?.validateState(context, returnedState))) {
+                    throw new oauth2_errors_1.InvalidStateError();
+                }
+                const exchangedTokens = await this.exchangeCodeForToken(context, code);
+                accessToken = exchangedTokens.accessToken;
+                refreshToken = exchangedTokens.refreshToken;
+                idToken = exchangedTokens.idToken;
+            }
+            const user = idToken
+                ? await this.verifyIdToken(idToken)
+                : await this.fetchUser(accessToken);
+            if (!user)
+                throw new errors_1.UserNotFoundError();
+            if (this.jwt) {
+                tokens = await this.jwt.issueTokens(user, context);
+            }
+            if (this.session) {
+                session = await this.session.issueSession(user, context);
+            }
+            return {
+                user,
+                tokens: tokens ?? { accessToken, idToken, refreshToken },
+                session,
+            };
+        }
+        catch (error) {
+            await this.onFailure("authenticate", {
+                context,
+                error,
+            });
+            throw error;
+        }
+    }
+}
+exports.HybridOAuth2Strategy = HybridOAuth2Strategy;

package/build/strategies/oauth2/oauth2.errors.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+export declare class InvalidNonceError extends Error {
+}
+export declare class InvalidStateError extends Error {
+}
+export declare class InvalidIdTokenError extends Error {
+}
+export declare class UnsupportedGrantTypeError extends Error {
+    constructor(type: string);
+}
+export declare class MissingCodeVerifierError extends Error {
+    constructor();
+}

package/build/strategies/oauth2/oauth2.errors.js ADDED Viewed

@@ -0,0 +1,24 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MissingCodeVerifierError = exports.UnsupportedGrantTypeError = exports.InvalidIdTokenError = exports.InvalidStateError = exports.InvalidNonceError = void 0;
+class InvalidNonceError extends Error {
+}
+exports.InvalidNonceError = InvalidNonceError;
+class InvalidStateError extends Error {
+}
+exports.InvalidStateError = InvalidStateError;
+class InvalidIdTokenError extends Error {
+}
+exports.InvalidIdTokenError = InvalidIdTokenError;
+class UnsupportedGrantTypeError extends Error {
+    constructor(type) {
+        super(`Unsupported grant type: ${type}`);
+    }
+}
+exports.UnsupportedGrantTypeError = UnsupportedGrantTypeError;
+class MissingCodeVerifierError extends Error {
+    constructor() {
+        super("Missing PKCE code verifier in context.");
+    }
+}
+exports.MissingCodeVerifierError = MissingCodeVerifierError;

package/build/strategies/oauth2/oauth2.strategy.d.ts CHANGED Viewed

@@ -3,38 +3,44 @@ import { AuthResult } from "../../types";
 import { OAuth2StrategyConfig } from "./oauth2.types";
 import { SessionHandler } from "../../session/session-handler";
 import { BaseAuthStrategy } from "../base-auth.strategy";
-export declare class OAuth2Strategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
+import { JwtStrategy } from "../jwt/jwt.strategy";
+import { JwtService } from "../../services/jwks.service";
+import { PKCEService } from "../../services/pkce.service";
+export declare abstract class OAuth2Strategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
     protected config: OAuth2StrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
+    protected jwt?: JwtStrategy<TContext, TUser>;
     protected logger?: Soap.Logger;
-    constructor(config: OAuth2StrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
+    protected jwks: JwtService;
+    protected pkce: PKCEService<TContext>;
+    protected abstract extractAccessToken(context: TContext): Promise<string | undefined>;
+    protected abstract extractRefreshToken(context: TContext): Promise<string | undefined>;
+    protected abstract storeAccessToken(token: string, context: TContext): Promise<void>;
+    protected abstract storeRefreshToken(token: string, context: TContext): Promise<void>;
+    protected abstract embedAccessToken(token: string, context: TContext): any;
+    protected abstract embedRefreshToken(token: string, context: TContext): any;
+    protected abstract extractAuthorizationCode(context: TContext): string | null;
+    protected abstract redirectUser(context: TContext, authUrl: string): void;
+    constructor(config: OAuth2StrategyConfig<TContext, TUser>, session?: SessionHandler, jwt?: JwtStrategy<TContext, TUser>, logger?: Soap.Logger);
     logout(context: TContext): Promise<void>;
     protected getCredentialsForPasswordGrant(context: TContext): Promise<{
         identifier: string;
         password: string;
     }>;
-    protected retrieveAccessToken(context: TContext): Promise<string | undefined>;
-    protected retrieveRefreshToken(context: TContext): Promise<string | undefined>;
-    protected storeAccessToken(token: string, context: TContext): Promise<void>;
-    protected storeRefreshToken(token: string, context: TContext): Promise<void>;
-    protected embedAccessToken(token: string, context: TContext): void;
-    protected embedRefreshToken(token: string, context: TContext): void;
-    isTokenExpired(token: string): Promise<boolean>;
     authenticate(context: TContext): Promise<AuthResult<TUser>>;
     protected processOAuthFlow(context: TContext): Promise<{
         accessToken: string;
         refreshToken?: string;
     }>;
-    protected verifyAuthorizationCode(context: TContext, code: string): void;
-    protected extractAuthorizationCode(context: TContext): string | null;
-    protected redirectUser(context: TContext, authUrl: string): void;
-    protected buildAuthorizationUrl(context: TContext): string;
+    protected verifyAuthorizationCode(context: TContext, code: string): Promise<void>;
+    protected buildAuthorizationUrl(context: TContext): Promise<string>;
     protected exchangeCodeForToken(context: TContext, code: string): Promise<{
         accessToken: string;
+        idToken?: string;
         refreshToken?: string;
     }>;
-    handleAuthorizationRedirect(context: TContext): void;
-    protected retrieveUser(accessToken: string): Promise<TUser | null>;
+    login(context: TContext): Promise<void>;
+    protected fetchUser(accessToken: string): Promise<TUser | null>;
     protected exchangeClientCredentials(): Promise<{
         accessToken: string;
     }>;
@@ -44,6 +50,10 @@ export declare class OAuth2Strategy<TContext = unknown, TUser = unknown> extends
     refreshAccessToken(context: TContext): Promise<{
         accessToken: string;
         refreshToken?: string;
+        idToken?: string;
     }>;
+    protected handleTokenRefreshFailure(context: TContext): Promise<void>;
+    protected verifyIdToken(idToken: string): Promise<TUser | null>;
     revokeToken(token: string): Promise<void>;
+    protected isTokenExpired(token: string): boolean;
 }