@soapjs/soap-auth 0.3.3 → 0.4.0

package/build/strategies/__tests__/credential-auth.strategy.test.js

@@ -30,6 +30,7 @@ const credential_auth_strategy_1 = require("../credential-auth.strategy");
 jest.mock("../../session/session-handler");
 jest.mock("../jwt/jwt.strategy");
 class TestCredentialAuthStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
+    name = "test-credential";
     constructor(config, session, jwt, logger) {
         super(config, session, jwt, logger);
     }
@@ -92,8 +93,8 @@ describe("CredentialAuthStrategy", () => {
             passwordPolicy: {
                 updatePassword: jest.fn(),
                 generateResetToken: jest.fn(),
-                validateResetToken: jest.fn(),
-                sendResetEmail: jest.fn(),
+                validatePasswordResetToken: jest.fn(),
+                sendPasswordResetEmail: jest.fn(),
             },
             security: {
                 maxFailedLoginAttempts: 3,
@@ -189,25 +190,25 @@ describe("CredentialAuthStrategy", () => {
     describe("requestPasswordReset", () => {
         it("should throw NotImplementedError if generateResetToken is not configured", async () => {
             config.passwordPolicy.generateResetToken = undefined;
-            await expect(strategy.requestPasswordReset("testUser")).rejects.toThrow(Soap.NotImplementedError);
+            await expect(strategy.requestPasswordResetLink("testUser")).rejects.toThrow(Soap.NotImplementedError);
         });
         it("should call generateResetToken and sendResetEmail (if email is provided)", async () => {
             config.passwordPolicy.generateResetToken = jest
                 .fn()
                 .mockResolvedValue("mockToken");
-            config.passwordPolicy.sendResetEmail = jest
+            config.passwordPolicy.sendPasswordResetEmail = jest
                 .fn()
                 .mockResolvedValue(undefined);
-            await strategy.requestPasswordReset("testUser", "test@example.com");
+            await strategy.requestPasswordResetLink("testUser", "test@example.com");
             expect(config.passwordPolicy.generateResetToken).toHaveBeenCalledWith("testUser");
-            expect(config.passwordPolicy.sendResetEmail).toHaveBeenCalledWith("test@example.com", "mockToken");
+            expect(config.passwordPolicy.sendPasswordResetEmail).toHaveBeenCalledWith("test@example.com", "mockToken");
         });
         it("should call onSuccess with the correct data", async () => {
             config.passwordPolicy.generateResetToken = jest
                 .fn()
                 .mockResolvedValue("mockToken");
             const onSuccessSpy = jest.spyOn(strategy, "onSuccess");
-            await strategy.requestPasswordReset("testUser");
+            await strategy.requestPasswordResetLink("testUser");
             expect(onSuccessSpy).toHaveBeenCalledWith("request_password_reset", {
                 identifier: "testUser",
                 tokens: { reset: "mockToken" },
@@ -217,30 +218,30 @@ describe("CredentialAuthStrategy", () => {
     describe("resetPassword", () => {
         it("should throw NotImplementedError if validateResetToken or updatePassword are not configured", async () => {
             config.passwordPolicy.updatePassword = undefined;
-            await expect(strategy.resetPassword("testUser", "token", "newPass")).rejects.toThrow(Soap.NotImplementedError);
+            await expect(strategy.resetPasswordWithToken("testUser", "token", "newPass")).rejects.toThrow(Soap.NotImplementedError);
         });
         it("should throw ExpiredResetTokenError if validateResetToken returns false", async () => {
-            config.passwordPolicy.validateResetToken = jest
+            config.passwordPolicy.validatePasswordResetToken = jest
                 .fn()
                 .mockResolvedValue(false);
             config.passwordPolicy.updatePassword = jest.fn();
-            await expect(strategy.resetPassword("testUser", "token", "newPass")).rejects.toThrow(errors_1.ExpiredResetTokenError);
+            await expect(strategy.resetPasswordWithToken("testUser", "token", "newPass")).rejects.toThrow(errors_1.ExpiredResetTokenError);
         });
         it("should call updatePassword if the token is valid", async () => {
-            config.passwordPolicy.validateResetToken = jest
+            config.passwordPolicy.validatePasswordResetToken = jest
                 .fn()
                 .mockResolvedValue(true);
             config.passwordPolicy.updatePassword = jest
                 .fn()
                 .mockResolvedValue(undefined);
-            await strategy.resetPassword("testUser", "validToken", "newPass");
-            expect(config.passwordPolicy.updatePassword).toHaveBeenCalledWith("testUser", "newPass");
+            await strategy.resetPasswordWithToken("testUser", "validToken", "newPass");
+            expect(config.passwordPolicy.updatePassword).toHaveBeenCalledWith("testUser", "newPass", undefined);
         });
     });
     describe("changePassword", () => {
         it("should throw NotImplementedError if updatePassword is not configured", async () => {
             config.passwordPolicy.updatePassword = undefined;
-            await expect(strategy.changePassword("testUser", "oldPass", "newPass")).rejects.toThrow(Soap.NotImplementedError);
+            await expect(strategy.replacePassword("testUser", "oldPass", "newPass")).rejects.toThrow(Soap.NotImplementedError);
         });
         it("should throw InvalidCredentialsError if verifyCredentials returns false", async () => {
             config.passwordPolicy.updatePassword = jest
@@ -249,7 +250,7 @@ describe("CredentialAuthStrategy", () => {
             jest
                 .spyOn(strategy, "verifyCredentials")
                 .mockResolvedValueOnce(false);
-            await expect(strategy.changePassword("testUser", "oldPass", "newPass")).rejects.toThrow(errors_1.InvalidCredentialsError);
+            await expect(strategy.replacePassword("testUser", "oldPass", "newPass")).rejects.toThrow(errors_1.InvalidCredentialsError);
         });
         it("should call updatePassword with new password if old credentials are correct", async () => {
             config.passwordPolicy.updatePassword = jest
@@ -258,8 +259,8 @@ describe("CredentialAuthStrategy", () => {
             jest
                 .spyOn(strategy, "verifyCredentials")
                 .mockResolvedValueOnce(true);
-            await strategy.changePassword("testUser", "oldPass", "newPass");
-            expect(config.passwordPolicy.updatePassword).toHaveBeenCalledWith("testUser", "newPass");
+            await strategy.replacePassword("testUser", "oldPass", "newPass");
+            expect(config.passwordPolicy.updatePassword).toHaveBeenCalledWith("testUser", "newPass", undefined);
         });
     });
 });

package/build/strategies/__tests__/token-auth.strategy.test.d.ts

@@ -11,6 +11,7 @@ export interface MockContext {
     refreshToken?: string;
 }
 export declare class TestTokenAuthStrategy extends TokenAuthStrategy<MockContext, MockUser> {
+    readonly name = "test-token";
     protected invalidateAccessToken(token: string, context?: MockContext): Promise<void>;
     protected invalidateRefreshToken(token: string, context?: MockContext): Promise<void>;
     constructor(config: TokenAuthStrategyConfig<MockContext, MockUser>, session?: SessionHandler, logger?: Soap.Logger);

package/build/strategies/__tests__/token-auth.strategy.test.js

@@ -4,6 +4,7 @@ exports.TestTokenAuthStrategy = void 0;
 const token_auth_strategy_1 = require("../token-auth.strategy");
 const errors_1 = require("../../../src/errors");
 class TestTokenAuthStrategy extends token_auth_strategy_1.TokenAuthStrategy {
+    name = "test-token";
     async invalidateAccessToken(token, context) {
         context.accessToken = undefined;
     }

package/build/strategies/api-key/api-key.strategy.d.ts

@@ -1,17 +1,17 @@
 import * as Soap from "@soapjs/soap";
-import { AuthResult, AuthStrategy } from "../../types";
 import { ApiKeyStrategyConfig } from "./api-key.types";
 import { BaseAuthStrategy } from "../base-auth.strategy";
-export declare class ApiKeyStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> implements AuthStrategy<TContext, TUser> {
+export declare class ApiKeyStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends BaseAuthStrategy<TContext, TUser> {
     protected config: ApiKeyStrategyConfig<TContext, TUser>;
+    readonly name = "api-key";
     protected apiKeyValidity: {
         sessionDuration: number;
         longTermDuration: number;
     };
-    constructor(config: ApiKeyStrategyConfig<TContext, TUser>, logger: Soap.Logger);
+    constructor(config: ApiKeyStrategyConfig<TContext, TUser>, logger?: Soap.Logger);
     protected fetchUser(apiKey: string, context: TContext): Promise<TUser | null>;
     init(): Promise<void>;
-    authenticate(context?: TContext): Promise<AuthResult<TUser>>;
+    authenticate(context?: TContext): Promise<Soap.AuthResult<TUser> | null>;
     authorize(user: TUser, action: string, resource?: string): Promise<boolean>;
     revoke(apiKey: string): Promise<void>;
     private trackApiKeyUsage;

package/build/strategies/api-key/api-key.strategy.js

@@ -7,6 +7,7 @@ const base_auth_strategy_1 = require("../base-auth.strategy");
 const api_key_tools_1 = require("./api-key.tools");
 class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
     config;
+    name = "api-key";
     apiKeyValidity;
     constructor(config, logger) {
         super((0, api_key_tools_1.prepareApiKeyConfig)(config), null, logger);
@@ -28,7 +29,7 @@ class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
                 return user;
             }
             catch (error) {
-                this.logger.warn(`Attempt ${attempt + 1} failed: ${error}`);
+                this.logger?.warn(`Attempt ${attempt + 1} failed: ${error}`);
                 if (attempt < maxRetries) {
                     await new Promise((resolve) => setTimeout(resolve, retryDelay));
                 }
@@ -99,7 +100,7 @@ class ApiKeyStrategy extends base_auth_strategy_1.BaseAuthStrategy {
             await this.config.trackApiKeyUsage?.(apiKey);
         }
         catch (error) {
-            this.logger.warn("Failed to track API key usage:", error);
+            this.logger?.warn("Failed to track API key usage:", error);
         }
     }
 }

package/build/strategies/base-auth.strategy.d.ts

@@ -1,12 +1,12 @@
 import * as Soap from "@soapjs/soap";
-import { AuthFailureContext, AuthResult, AuthStrategy, AuthSuccessContext, BaseAuthStrategyConfig } from "../types";
+import { AuthFailureContext, AuthSuccessContext, BaseAuthStrategyConfig } from "../types";
 import { SessionHandler } from "../session/session-handler";
 import { AccountLockService } from "../services/account-lock.service";
 import { MfaService } from "../services/mfa.service";
 import { RateLimitService } from "../services/rate-limit.service";
 import { RoleService } from "../services/role.service";
 import { AuthThrottleService } from "../services/auth-throttle.service";
-export declare abstract class BaseAuthStrategy<TContext = unknown, TUser = unknown> implements AuthStrategy<TContext, TUser> {
+export declare abstract class BaseAuthStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> {
     protected config: BaseAuthStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected logger?: Soap.Logger;
@@ -15,10 +15,11 @@ export declare abstract class BaseAuthStrategy<TContext = unknown, TUser = unkno
     protected rateLimit: RateLimitService;
     protected role: RoleService<TUser>;
     protected throttle: AuthThrottleService;
-    abstract authenticate(context?: TContext): Promise<AuthResult<TUser>>;
+    abstract readonly name: string;
+    abstract authenticate(ctx: TContext): Promise<Soap.AuthResult<TUser> | null>;
     constructor(config: BaseAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, logger?: Soap.Logger);
     init(): Promise<void>;
     protected onSuccess(action: string, context: AuthSuccessContext<TUser, TContext>): Promise<void>;
     protected onFailure(action: string, context: AuthFailureContext<TContext>): Promise<void>;
-    protected authenticateWithSession(context: TContext): Promise<AuthResult<TUser>>;
+    protected authenticateWithSession(context: TContext): Promise<Soap.AuthResult<TUser>>;
 }

package/build/strategies/basic/basic.strategy.d.ts

@@ -3,11 +3,12 @@ import { CredentialAuthStrategy } from "../credential-auth.strategy";
 import { BasicStrategyConfig } from "./basic.types";
 import { SessionHandler } from "../../session/session-handler";
 import { JwtStrategy } from "../jwt/jwt.strategy";
-export declare class BasicStrategy<TContext = unknown, TUser = unknown> extends CredentialAuthStrategy<TContext, TUser> {
+export declare class BasicStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends CredentialAuthStrategy<TContext, TUser> {
     protected config: BasicStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected jwt?: JwtStrategy<TContext, TUser>;
     protected logger?: Soap.Logger;
+    readonly name = "basic";
     constructor(config: BasicStrategyConfig<TContext, TUser>, session?: SessionHandler, jwt?: JwtStrategy<TContext, TUser>, logger?: Soap.Logger);
     protected extractCredentials(context?: TContext): {
         identifier: string;

package/build/strategies/basic/basic.strategy.js

@@ -9,6 +9,7 @@ class BasicStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
     session;
     jwt;
     logger;
+    name = "basic";
     constructor(config, session, jwt, logger) {
         super((0, basic_tools_1.prepareBasicConfig)(config), session, jwt, logger);
         this.config = config;

package/build/strategies/credential-auth.strategy.d.ts

@@ -1,10 +1,10 @@
 import * as Soap from "@soapjs/soap";
-import { AuthResult, CredentialAuthStrategyConfig } from "../types";
+import { CredentialAuthStrategyConfig, NewPasswordOptions } from "../types";
 import { BaseAuthStrategy } from "./base-auth.strategy";
 import { SessionHandler } from "../session/session-handler";
 import { JwtStrategy } from "./jwt/jwt.strategy";
 import { PasswordService } from "../services/password.service";
-export declare abstract class CredentialAuthStrategy<TContext = unknown, TUser = unknown> extends BaseAuthStrategy<TContext, TUser> {
+export declare abstract class CredentialAuthStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends BaseAuthStrategy<TContext, TUser> {
     protected config: CredentialAuthStrategyConfig<TContext, TUser>;
     protected session?: SessionHandler;
     protected jwt?: JwtStrategy<TContext, TUser>;
@@ -14,10 +14,10 @@ export declare abstract class CredentialAuthStrategy<TContext = unknown, TUser =
     protected abstract extractCredentials(context: TContext): any;
     constructor(config: CredentialAuthStrategyConfig<TContext, TUser>, session?: SessionHandler, jwt?: JwtStrategy<TContext, TUser>, logger?: Soap.Logger);
     protected fetchUser(payload: unknown): Promise<TUser | null>;
-    authenticate(context: TContext): Promise<AuthResult<TUser>>;
-    login(context: TContext): Promise<AuthResult<TUser>>;
+    authenticate(context: TContext): Promise<Soap.AuthResult<TUser> | null>;
+    login(context: TContext): Promise<Soap.AuthResult<TUser>>;
     logout(context: TContext): Promise<void>;
-    requestPasswordReset(identifier: string, email?: string): Promise<void>;
-    resetPassword(identifier: string, token: string, newPassword: string): Promise<void>;
-    changePassword(identifier: string, oldPassword: string, newPassword: string): Promise<void>;
+    requestPasswordResetLink(identifier: string, email?: string): Promise<void>;
+    resetPasswordWithToken(identifier: string, token: string, newPassword: string, passwordOptions?: NewPasswordOptions): Promise<void>;
+    replacePassword(identifier: string, oldPassword: string, newPassword: string, options?: NewPasswordOptions): Promise<void>;
 }

package/build/strategies/credential-auth.strategy.js

@@ -126,7 +126,7 @@ class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
             throw error;
         }
     }
-    async requestPasswordReset(identifier, email) {
+    async requestPasswordResetLink(identifier, email) {
         try {
             const token = await this.password.generateResetToken(identifier);
             if (email) {
@@ -136,7 +136,7 @@ class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
                 identifier,
                 tokens: { reset: token },
             });
-            this.logger.info(`Password reset requested for identifier: ${identifier}`);
+            this.logger?.info(`Password reset requested for identifier: ${identifier}`);
         }
         catch (error) {
             await this.onFailure("request_password_reset", {
@@ -147,17 +147,12 @@ class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
             throw error;
         }
     }
-    async resetPassword(identifier, token, newPassword) {
+    async resetPasswordWithToken(identifier, token, newPassword, passwordOptions) {
         try {
-            if (!this.password?.validateResetToken) {
-                throw new Soap.NotImplementedError("validateResetToken");
-            }
-            if ((await this.password.validateResetToken(token)) === false) {
-                throw new errors_1.ExpiredResetTokenError();
-            }
-            await this.password.updatePassword(identifier, newPassword);
+            await this.password?.validateResetToken(token);
+            await this.password.updatePassword(identifier, newPassword, passwordOptions);
             await this.onSuccess("password_reset", { identifier });
-            this.logger.info(`Password successfully reset for identifier: ${identifier}`);
+            this.logger?.info(`Password successfully reset for identifier: ${identifier}`);
         }
         catch (error) {
             await this.onFailure("password_reset", {
@@ -168,14 +163,14 @@ class CredentialAuthStrategy extends base_auth_strategy_1.BaseAuthStrategy {
             throw error;
         }
     }
-    async changePassword(identifier, oldPassword, newPassword) {
+    async replacePassword(identifier, oldPassword, newPassword, options) {
         try {
             if (!(await this.verifyCredentials(identifier, oldPassword))) {
                 throw new errors_1.InvalidCredentialsError();
             }
-            await this.password.updatePassword(identifier, newPassword);
+            await this.password.updatePassword(identifier, newPassword, options);
             await this.onSuccess("change_password", { identifier });
-            this.logger.info(`Password changed successfully for identifier: ${identifier}`);
+            this.logger?.info(`Password changed successfully for identifier: ${identifier}`);
         }
         catch (error) {
             await this.onFailure("change_password", {

package/build/strategies/index.d.ts

@@ -13,4 +13,5 @@ export * from "./local/local.types";
 export * from "./oauth2/oauth2.strategy";
 export * from "./oauth2/oauth2.tools";
 export * from "./oauth2/oauth2.types";
+export * from "./oauth2/providers";
 export * from "./token-auth.strategy";

package/build/strategies/index.js

@@ -29,4 +29,5 @@ __exportStar(require("./local/local.types"), exports);
 __exportStar(require("./oauth2/oauth2.strategy"), exports);
 __exportStar(require("./oauth2/oauth2.tools"), exports);
 __exportStar(require("./oauth2/oauth2.types"), exports);
+__exportStar(require("./oauth2/providers"), exports);
 __exportStar(require("./token-auth.strategy"), exports);

package/build/strategies/jwt/__tests__/jwt.strategy.test.js

@@ -149,8 +149,8 @@ describe("JWTStrategy", () => {
         const token = await strategy.extractRefreshToken(mockContext);
         expect(token).toBe("mock-refresh-token");
     });
-    it("should throw UndefinedTokenSecretError if access secret key is missing", async () => {
+    it("should throw ValidationError if access secret key is missing", async () => {
         mockConfig.accessToken.issuer.secretKey = undefined;
-        expect(() => new jwt_strategy_1.JwtStrategy(mockConfig, mockLogger)).toThrow(errors_1.UndefinedTokenSecretError);
+        expect(() => new jwt_strategy_1.JwtStrategy(mockConfig, mockLogger)).toThrow("config.accessToken.issuer.secretKey is required");
     });
 });

package/build/strategies/jwt/jwt.strategy.d.ts

@@ -1,12 +1,14 @@
 import * as Soap from "@soapjs/soap";
 import { TokenAuthStrategy } from "../token-auth.strategy";
 import { TokenAuthStrategyConfig, TokenConfig } from "../../types";
-export declare class JwtStrategy<TContext = unknown, TUser = unknown> extends TokenAuthStrategy<TContext, TUser> {
+export declare class JwtStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends TokenAuthStrategy<TContext, TUser> {
     protected config: TokenAuthStrategyConfig<TContext, TUser>;
     protected logger?: Soap.Logger;
+    readonly name = "jwt";
     protected accessTokenConfig: TokenConfig<TContext>;
     protected refreshTokenConfig: TokenConfig<TContext>;
     constructor(config: TokenAuthStrategyConfig<TContext, TUser>, logger?: Soap.Logger);
+    private static validateConfig;
     protected verifyAccessToken(token: string): Promise<any>;
     protected verifyRefreshToken(token: string): Promise<any>;
     protected generateAccessToken(user: TUser, context: TContext): Promise<string>;

package/build/strategies/jwt/jwt.strategy.js

@@ -8,12 +8,15 @@ const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const token_auth_strategy_1 = require("../token-auth.strategy");
 const errors_1 = require("../../errors");
 const jwt_tools_1 = require("./jwt.tools");
+const validation_1 = require("../../utils/validation");
 class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
     config;
     logger;
+    name = "jwt";
     accessTokenConfig;
     refreshTokenConfig;
     constructor(config, logger) {
+        JwtStrategy.validateConfig(config);
         if (!config.accessToken.issuer.secretKey) {
             throw new errors_1.UndefinedTokenSecretError("Access");
         }
@@ -24,13 +27,39 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
         this.config = config;
         this.logger = logger;
         this.accessTokenConfig = jwt_tools_1.JwtTools.prepareAccessTokenConfig(config.accessToken);
-        this.refreshTokenConfig = jwt_tools_1.JwtTools.prepareRefreshTokenConfig(config.refreshToken);
+        if (config.refreshToken) {
+            this.refreshTokenConfig = jwt_tools_1.JwtTools.prepareRefreshTokenConfig(config.refreshToken);
+        }
         this.logger?.info("JWTStrategy initialized with provided configurations.");
     }
+    static validateConfig(config) {
+        try {
+            validation_1.ValidationUtils.required(config, "config");
+            validation_1.ValidationUtils.required(config.accessToken, "config.accessToken");
+            validation_1.ValidationUtils.required(config.accessToken.issuer, "config.accessToken.issuer");
+            validation_1.ValidationUtils.required(config.accessToken.issuer.secretKey, "config.accessToken.issuer.secretKey");
+            validation_1.ValidationUtils.nonEmptyString(config.accessToken.issuer.secretKey, "config.accessToken.issuer.secretKey");
+            if (config.refreshToken) {
+                validation_1.ValidationUtils.required(config.refreshToken.issuer, "config.refreshToken.issuer");
+                validation_1.ValidationUtils.required(config.refreshToken.issuer.secretKey, "config.refreshToken.issuer.secretKey");
+                validation_1.ValidationUtils.nonEmptyString(config.refreshToken.issuer.secretKey, "config.refreshToken.issuer.secretKey");
+            }
+            if (config.user) {
+                validation_1.ValidationUtils.required(config.user.fetchUser, "config.user.fetchUser");
+                validation_1.ValidationUtils.function(config.user.fetchUser, "config.user.fetchUser");
+            }
+        }
+        catch (error) {
+            if (error instanceof validation_1.ValidationError) {
+                throw error;
+            }
+            throw new validation_1.ValidationError(`Invalid JWT configuration: ${error.message}`);
+        }
+    }
     verifyAccessToken(token) {
         try {
-            if (!token)
-                throw new errors_1.UndefinedTokenError("Access");
+            validation_1.ValidationUtils.required(token, "token");
+            validation_1.ValidationUtils.jwtToken(token, "token");
             if (!this.accessTokenConfig.issuer.secretKey)
                 throw new errors_1.UndefinedTokenSecretError("Access");
             return new Promise((resolve, reject) => {
@@ -49,8 +78,8 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
     }
     verifyRefreshToken(token) {
         try {
-            if (!token)
-                throw new errors_1.UndefinedTokenError("Refresh");
+            validation_1.ValidationUtils.required(token, "token");
+            validation_1.ValidationUtils.jwtToken(token, "token");
             if (!this.refreshTokenConfig.issuer.secretKey)
                 throw new errors_1.UndefinedTokenSecretError("Refresh");
             return new Promise((resolve, reject) => {
@@ -64,7 +93,7 @@ class JwtStrategy extends token_auth_strategy_1.TokenAuthStrategy {
         }
         catch (error) {
             this.logger?.error("JWT verification failed:", error);
-            error;
+            throw error;
         }
     }
     async generateAccessToken(user, context) {

package/build/strategies/jwt/jwt.tools.js

@@ -189,6 +189,14 @@ exports.JwtTools = JwtTools;
 const prepareJwtConfig = (config) => {
     return Soap.removeUndefinedProperties({
         ...config,
+        user: {
+            ...config.user,
+            validateUser: config.user?.validateUser ?? (() => Promise.resolve(true)),
+        },
+        accessToken: JwtTools.prepareAccessTokenConfig(config.accessToken),
+        refreshToken: config.refreshToken
+            ? JwtTools.prepareRefreshTokenConfig(config.refreshToken)
+            : undefined,
         routes: {
             login: config.routes?.login ?? {
                 path: "/auth/jwt/login",
@@ -203,14 +211,6 @@ const prepareJwtConfig = (config) => {
                 method: "POST",
             },
             ...config.routes,
-            user: {
-                ...config.user,
-                validateUser: config.user?.validateUser ?? (() => Promise.resolve(true)),
-            },
-            accessToken: JwtTools.prepareAccessTokenConfig(config.accessToken),
-            refreshToken: config.refreshToken
-                ? JwtTools.prepareRefreshTokenConfig(config.refreshToken)
-                : undefined,
         },
     });
 };

package/build/strategies/local/__tests__/local.strategy.test.js

@@ -17,8 +17,14 @@ describe("LocalStrategy", () => {
                 fetchUser: jest.fn(),
             },
             routes: {
-                login: {},
-                logout: {},
+                login: {
+                    path: "/login",
+                    method: "POST"
+                },
+                logout: {
+                    path: "/logout",
+                    method: "POST"
+                },
             },
         };
         mockSession = {

package/build/strategies/local/local.strategy.d.ts

@@ -3,11 +3,13 @@ import { CredentialAuthStrategy } from "../credential-auth.strategy";
 import { LocalStrategyConfig } from "./local.types";
 import { SessionHandler } from "../../session/session-handler";
 import { JwtStrategy } from "../jwt/jwt.strategy";
-export declare class LocalStrategy<TContext = unknown, TUser = unknown> extends CredentialAuthStrategy<TContext, TUser> {
+export declare class LocalStrategy<TContext = Soap.HttpContext, TUser extends Soap.AuthUser = Soap.AuthUser> extends CredentialAuthStrategy<TContext, TUser> {
     protected session?: SessionHandler;
     protected jwt?: JwtStrategy<TContext, TUser>;
     protected logger?: Soap.Logger;
+    readonly name = "local";
     constructor(config: LocalStrategyConfig<TContext, TUser>, session?: SessionHandler, jwt?: JwtStrategy<TContext, TUser>, logger?: Soap.Logger);
+    private static validateConfig;
     protected extractCredentials(context?: TContext): Promise<{
         identifier: string;
         password: string;
@@ -17,4 +19,5 @@ export declare class LocalStrategy<TContext = unknown, TUser = unknown> extends
         identifier: string;
         password: string;
     }): Promise<TUser | null>;
+    changePassword(context: TContext): Promise<void>;
 }

package/build/strategies/local/local.strategy.js

@@ -3,24 +3,105 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.LocalStrategy = void 0;
 const credential_auth_strategy_1 = require("../credential-auth.strategy");
 const local_tools_1 = require("./local.tools");
+const errors_1 = require("../../errors");
+const validation_1 = require("../../utils/validation");
 class LocalStrategy extends credential_auth_strategy_1.CredentialAuthStrategy {
     session;
     jwt;
     logger;
+    name = "local";
     constructor(config, session, jwt, logger) {
+        LocalStrategy.validateConfig(config);
         super((0, local_tools_1.prepareLocalConfig)(config), session, jwt, logger);
         this.session = session;
         this.jwt = jwt;
         this.logger = logger;
     }
+    static validateConfig(config) {
+        try {
+            validation_1.ValidationUtils.required(config, "config");
+            if (config.credentials) {
+                validation_1.ValidationUtils.required(config.credentials.extractCredentials, "config.credentials.extractCredentials");
+                validation_1.ValidationUtils.function(config.credentials.extractCredentials, "config.credentials.extractCredentials");
+                validation_1.ValidationUtils.required(config.credentials.verifyCredentials, "config.credentials.verifyCredentials");
+                validation_1.ValidationUtils.function(config.credentials.verifyCredentials, "config.credentials.verifyCredentials");
+            }
+            if (config.user) {
+                validation_1.ValidationUtils.required(config.user.fetchUser, "config.user.fetchUser");
+                validation_1.ValidationUtils.function(config.user.fetchUser, "config.user.fetchUser");
+            }
+            if (config.routes) {
+                validation_1.ValidationUtils.required(config.routes.login, "config.routes.login");
+                validation_1.ValidationUtils.required(config.routes.logout, "config.routes.logout");
+                validation_1.ValidationUtils.object(config.routes.login, "config.routes.login");
+                validation_1.ValidationUtils.object(config.routes.logout, "config.routes.logout");
+                if (config.routes.login) {
+                    validation_1.ValidationUtils.nonEmptyString(config.routes.login.path, "config.routes.login.path");
+                    validation_1.ValidationUtils.nonEmptyString(config.routes.login.method, "config.routes.login.method");
+                }
+                if (config.routes.logout) {
+                    validation_1.ValidationUtils.nonEmptyString(config.routes.logout.path, "config.routes.logout.path");
+                    validation_1.ValidationUtils.nonEmptyString(config.routes.logout.method, "config.routes.logout.method");
+                }
+            }
+        }
+        catch (error) {
+            if (error instanceof validation_1.ValidationError) {
+                throw error;
+            }
+            throw new validation_1.ValidationError(`Invalid Local strategy configuration: ${error.message}`);
+        }
+    }
     extractCredentials(context) {
+        validation_1.ValidationUtils.required(context, "context");
         return this.config.credentials.extractCredentials(context);
     }
     async verifyCredentials(identifier, password) {
+        validation_1.ValidationUtils.nonEmptyString(identifier, "identifier");
+        validation_1.ValidationUtils.nonEmptyString(password, "password");
         return this.config.credentials.verifyCredentials(identifier, password);
     }
     async fetchUser(credentials) {
+        validation_1.ValidationUtils.required(credentials, "credentials");
+        if (credentials && typeof credentials === "object" && !Array.isArray(credentials)) {
+            validation_1.ValidationUtils.nonEmptyString(credentials.identifier, "credentials.identifier");
+            validation_1.ValidationUtils.nonEmptyString(credentials.password, "credentials.password");
+        }
         return this.config.user.fetchUser(credentials.identifier);
     }
+    async changePassword(context) {
+        try {
+            const credentials = await this.config.credentials.extractCredentials(context);
+            if (!credentials) {
+                throw new errors_1.MissingCredentialsError();
+            }
+            if (!credentials.identifier ||
+                !credentials.password ||
+                !credentials.newPassword) {
+                throw new errors_1.InvalidCredentialsError();
+            }
+            await this.accountLock?.isAccountLocked(credentials.identifier);
+            await this.throttle?.checkFailedAttempts(credentials.identifier);
+            const user = await this.fetchUser(credentials);
+            if (!user) {
+                throw new errors_1.UserNotFoundError();
+            }
+            if ((await this.verifyCredentials(credentials.identifier, credentials.password)) === false) {
+                await this.throttle?.incrementFailedAttempts(credentials.identifier);
+                throw new errors_1.InvalidCredentialsError();
+            }
+            await this.password.validatePassword(credentials.newPassword, credentials.password);
+            await this.password.updatePassword(credentials.identifier, credentials.newPassword);
+            await this.throttle?.resetFailedAttempts(credentials.identifier);
+            await this.onSuccess("change_password", {
+                identifier: credentials.identifier,
+            });
+            this.logger?.info(`User password ${credentials.identifier} changed.`);
+        }
+        catch (error) {
+            await this.onFailure("change_password", { context, error });
+            throw error;
+        }
+    }
 }
 exports.LocalStrategy = LocalStrategy;

package/build/strategies/oauth2/__tests__/oauth2.strategy.test.d.ts

@@ -0,0 +1 @@
+export {};