@solidstarters/solid-core 1.2.203 → 1.2.206

package/src/services/authentication.service.ts

@@ -1,4 +1,5 @@
 import { HttpService } from '@nestjs/axios';
+import type { SolidCoreSetting } from "src/services/settings/default-settings-provider.service";
 import {
     BadRequestException,
     ConflictException,
@@ -15,8 +16,6 @@ import { JwtService } from '@nestjs/jwt';
 import { InjectDataSource } from '@nestjs/typeorm';
 import { isEmpty, isNotEmpty } from 'class-validator';
 import { randomInt, randomUUID } from 'crypto';
-import commonConfig from 'src/config/common.config';
-import { jwtConfig } from 'src/config/jwt.config';
 import { ERROR_MESSAGES } from 'src/constants/error-messages';
 import { SUCCESS_MESSAGES } from 'src/constants/success-messages';
 import { CreateUserDto } from 'src/dtos/create-user.dto';
@@ -25,7 +24,6 @@ import { UserRepository } from 'src/repository/user.repository';
 import { Msg91OTPService } from 'src/services/sms/Msg91OTPService';
 import { DataSource, Repository } from 'typeorm';
 import { v4 as uuidv4 } from 'uuid';
-import { iamConfig } from '../config/iam.config';
 import {
     ForgotPasswordSendVerificationTokenOn,
     RegistrationValidationSource,
@@ -72,10 +70,6 @@ export class AuthenticationService {
         private readonly userRepository: UserRepository,
         private readonly hashingService: HashingService,
         private readonly jwtService: JwtService,
-        @Inject(jwtConfig.KEY)
-        private readonly jwtConfiguration: ConfigType<typeof jwtConfig>,
-        @Inject(iamConfig.KEY)
-        private readonly iamConfiguration: ConfigType<typeof iamConfig>,
         private readonly refreshTokenIdsStorage: RefreshTokenIdsStorageService,
         private readonly httpService: HttpService,
         // private readonly mailService: SMTPEMailService,
@@ -85,21 +79,16 @@ export class AuthenticationService {
         private readonly eventEmitter: EventEmitter2,
         private readonly settingService: SettingService,
         private readonly roleMetadataService: RoleMetadataService,
-        @Inject(commonConfig.KEY)
-        private readonly commonConfiguration: ConfigType<typeof commonConfig>,
         private readonly userActivityHistoryService: UserActivityHistoryService,
+
         @InjectDataSource()
         private readonly dataSource: DataSource,
     ) {
         // this.mailService = this.mailServiceFactory.getMailService();
     }
 
-    private async getConfig(key: string): Promise<any> {
-        return this.settingService.getConfigValue(key);
-    }
-
     private async getCompanyLogo(): Promise<string> {
-        return await this.settingService.getConfigValue('companylogo');
+        return this.settingService.getConfigValue<SolidCoreSetting>('companylogo');
     }
 
     async resolveUser(username: string, email: string) {
@@ -166,18 +155,21 @@ export class AuthenticationService {
 
     async signUp(signUpDto: SignUpDto, activeUser: ActiveUserData = null): Promise<User> {
         // If public registrations are disabled and no activeUser is present when invoking signUp then we throw an exception.
-        if (!(await this.settingService.getConfigValue('allowPublicRegistration')) && !activeUser) {
+        if (!(this.settingService.getConfigValue<SolidCoreSetting>('allowPublicRegistration')) && !activeUser) {
             throw new BadRequestException(ERROR_MESSAGES.PUBLIC_REGISTRATION_DISABLED);
         }
 
         try {
-            const onForcePasswordChange = await this.getConfig('forceChangePasswordOnFirstLogin');
-            var { user, pwd, autoGeneratedPwd } = await this.populateForSignup(new User(), signUpDto, this.iamConfiguration.activateUserOnRegistration, onForcePasswordChange);
+            const onForcePasswordChange = this.settingService.getConfigValue<SolidCoreSetting>('forceChangePasswordOnFirstLogin');
+            const activateUserOnRegistration = this.settingService.getConfigValue<SolidCoreSetting>('activateUserOnRegistration');
+            const defaultRole = this.settingService.getConfigValue<SolidCoreSetting>('defaultRole');
+
+            var { user, pwd, autoGeneratedPwd } = await this.populateForSignup(new User(), signUpDto, activateUserOnRegistration, onForcePasswordChange);
             const savedUser = await this.userRepository.save(user);
             // Also assign a default role to the newly created user. 
             const userRoles = signUpDto.roles ?? [];
-            if (signUpDto.username !== 'sa' && this.iamConfiguration.defaultRole) {
-                userRoles.push(this.iamConfiguration.defaultRole);
+            if (signUpDto.username !== 'sa' && defaultRole) {
+                userRoles.push(defaultRole);
             }
             await this.handlePostSignup(savedUser, userRoles, pwd, autoGeneratedPwd);
 
@@ -195,7 +187,7 @@ export class AuthenticationService {
 
     async signupForExtensionUser<T extends User, U extends CreateUserDto>(signUpDto: SignUpDto, extensionUserDto: U, extensionUserRepo: Repository<T>): Promise<T> {
         try {
-            const onForcePasswordChange = await this.getConfig('forceChangePasswordOnFirstLogin');
+            const onForcePasswordChange = this.settingService.getConfigValue<SolidCoreSetting>('forceChangePasswordOnFirstLogin');
             // Merge the extended signUpDto attributes into the user entity 
             //@ts-ignore 
             const extensionUser = extensionUserRepo.merge(extensionUserRepo.create() as T, extensionUserDto);
@@ -218,7 +210,7 @@ export class AuthenticationService {
 
     private async populateForSignup<T extends User>(user: T, signUpDto: SignUpDto, isUserActive: boolean = true, onForcePasswordChange?: boolean) {
         // const user = new User();
-        let autoGeneratedPwdPermission = await this.settingService.getConfigValue('iamAutoGeneratedPassword');
+        let autoGeneratedPwdPermission = this.settingService.getConfigValue<SolidCoreSetting>('iamAutoGeneratedPassword');
         if (signUpDto.roles && signUpDto.roles.length > 0) {
             for (let i = 0; i < signUpDto.roles.length; i++) {
                 const roleName = signUpDto.roles[i];
@@ -254,7 +246,7 @@ export class AuthenticationService {
             else {
                 // This means that most likely the system is going to be using password-less login. 
                 // If that is not the case then we can raise a bad request exception...
-                if (!this.isPasswordlessRegistrationEnabled()) {
+                if (!await this.isPasswordlessRegistrationEnabled()) {
                     this.logger.error('User being created without password, and password less login is also not enabled in the system. Is this intentional?');
                     throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
                 }
@@ -278,7 +270,7 @@ export class AuthenticationService {
         // if forcePasswordChange is true, then we trigger an email to the user to change the password, this needs to be done using a queue. 
         // Create a new method like notifyUserOnForcePasswordChange, create a new email template we can call it on-force-password-change this template to include the random password
         if (user.forcePasswordChange && autoGeneratedPwd) {
-            this.notifyUserOnForcePasswordChange(user, autoGeneratedPwd);
+            await this.notifyUserOnForcePasswordChange(user, autoGeneratedPwd);
         }
 
         // Send welcome notifications (email/SMS) if enabled.
@@ -310,16 +302,16 @@ export class AuthenticationService {
             user.email,
             'on-force-password-change',
             {
-                solidAppName: process.env.SOLID_APP_NAME,
-                solidAppWebsiteUrl: process.env.SOLID_APP_WEBSITE_URL,
-                frontendLoginPageUrl: process.env.IAM_FRONTEND_APP_LOGIN_PAGE_URL,
+                solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
+                solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),
+                frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),
                 email: user.email,
                 fullName: user.fullName,
                 userName: user.username,
                 password: autoGeneratedPwd,
                 companyLogoUrl: companyLogo
             },
-            this.commonConfiguration.shouldQueueEmails,
+            this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),
             null,
             null,
             'user',
@@ -328,32 +320,34 @@ export class AuthenticationService {
 
     }
 
-    private isWelcomeEmailEnabled(): boolean {
-        return this.iamConfiguration.sendWelcomeEmailOnSignup;
+    private async isWelcomeEmailEnabled(): Promise<boolean> {
+        const sendWelcomeEmailOnSignup = this.settingService.getConfigValue<SolidCoreSetting>('sendWelcomeEmailOnSignup');
+        return sendWelcomeEmailOnSignup;
     }
 
-    private isWelcomeSmsEnabled(): boolean {
-        return this.iamConfiguration.sendWelcomeSmsOnSignup;
+    private async isWelcomeSmsEnabled(): Promise<boolean> {
+        const sendWelcomeSmsOnSignup = this.settingService.getConfigValue<SolidCoreSetting>('sendWelcomeSmsOnSignup');
+        return sendWelcomeSmsOnSignup;
     }
 
     private async notifyUserOnSignup(user: User) {
         const companyLogo = await this.getCompanyLogo();
         // Email welcome
-        if (this.isWelcomeEmailEnabled()) {
+        if (await this.isWelcomeEmailEnabled()) {
             const mailService = this.mailServiceFactory.getMailService();
             mailService.sendEmailUsingTemplate(
                 user.email,
                 'email-on-signup',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
-                    solidAppWebsiteUrl: process.env.SOLID_APP_WEBSITE_URL,
-                    frontendLoginPageUrl: process.env.IAM_FRONTEND_APP_LOGIN_PAGE_URL,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
+                    solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),
+                    frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),
                     email: user.email,
                     fullName: user.fullName,
                     userName: user.username,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueEmails,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),
                 null,
                 null,
                 'user',
@@ -362,25 +356,28 @@ export class AuthenticationService {
         }
 
         // SMS welcome
-        if (this.isWelcomeSmsEnabled() && user.mobile) {
+        const isWelcomeSmsEnabled = await this.isWelcomeSmsEnabled()
+        if (isWelcomeSmsEnabled && user.mobile) {
             const smsService = this.smsFactory.getSmsService();
             smsService.sendSMSUsingTemplate(
                 user.mobile,
                 'text-on-signup',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
-                    frontendLoginPageUrl: process.env.IAM_FRONTEND_APP_LOGIN_PAGE_URL,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
+                    frontendLoginPageUrl: this.settingService.getConfigValue<SolidCoreSetting>('frontendLoginPageUrl'),
                     firstName: user.username,
                     fullName: user.fullName ? user.fullName : user.username
                 },
-                this.commonConfiguration.shouldQueueSms,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),
+
             );
         }
     }
 
     async otpInitiateRegistration(signUpDto: OTPSignUpDto) {
         try {
-            if (!this.isPasswordlessRegistrationEnabled()) {
+            const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();
+            if (!isPasswordlessRegistrationEnabled) {
                 throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
             }
             // Validate if either mobile or email is present.
@@ -405,21 +402,23 @@ export class AuthenticationService {
             if (isNotEmpty(existingUser) && existingUser.active) {
                 throw new ConflictException(ERROR_MESSAGES.USER_ALREADY_EXISTS);
             }
-            const finalRegistrationVerificationSources = this.calculateVerificationSources(this.iamConfiguration.passwordlessRegistrationValidateWhat, signUpDto);
+            const passwordlessRegistrationValidateWhat = this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistrationValidateWhat');
+
+            const finalRegistrationVerificationSources = this.calculateVerificationSources(passwordlessRegistrationValidateWhat, signUpDto);
             let user = existingUser
             if (isEmpty(user)) {
                 user = this.createUser(signUpDto);
-                this.populateVerificationTokens(finalRegistrationVerificationSources, user);
+                await this.populateVerificationTokens(finalRegistrationVerificationSources, user);
                 await this.userRepository.save(user);
-                await this.userService.addRoleToUser(user.username, await this.settingService.getConfigValue('defaultRole'));
+                await this.userService.addRoleToUser(user.username, this.settingService.getConfigValue<SolidCoreSetting>('defaultRole'));
             }
             else {
-                this.populateVerificationTokens(finalRegistrationVerificationSources, user);
+                await this.populateVerificationTokens(finalRegistrationVerificationSources, user);
                 await this.userRepository.save(user);
             }
 
             // Send OTP to the user through email or SMS, depending on the configuration.
-            this.notifyUserOnOtpInitiateRegistration(user, finalRegistrationVerificationSources);
+            await this.notifyUserOnOtpInitiateRegistration(user, finalRegistrationVerificationSources);
             return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_REGISTRATION }
         } catch (err) {
             const pgUniqueViolationErrorCode = '23505';
@@ -450,24 +449,28 @@ export class AuthenticationService {
     }
 
     // Generate the validation tokens for the user i.e (system configured + user provided)
-    private populateVerificationTokens(finalRegistrationValidationSources: string[], user: User) {
+    private async populateVerificationTokens(finalRegistrationValidationSources: string[], user: User) {
         if (finalRegistrationValidationSources.length === 0) {
             throw new BadRequestException(ERROR_MESSAGES.VALIDATION_SOURCE_REQUIRED);
         }
         if (finalRegistrationValidationSources.includes(TransactionalRegistrationValidationSource.EMAIL)) {
-            const { token, expiresAt } = this.otp();
+            const { token, expiresAt } = await this.otp();
             user.emailVerificationTokenOnRegistration = token;
             user.emailVerificationTokenOnRegistrationExpiresAt = expiresAt;
-            if (this.iamConfiguration.autoLoginUserOnRegistration) {
+            const autoLoginUserOnRegistration = this.settingService.getConfigValue<SolidCoreSetting>('autoLoginUserOnRegistration');
+
+            if (autoLoginUserOnRegistration) {
                 user.emailVerificationTokenOnLogin = token;
                 user.emailVerificationTokenOnLoginExpiresAt = expiresAt;
             }
         }
         if (finalRegistrationValidationSources.includes(TransactionalRegistrationValidationSource.MOBILE)) {
-            const { token, expiresAt } = this.otp();
+            const { token, expiresAt } = await this.otp();
             user.mobileVerificationTokenOnRegistration = token;
             user.mobileVerificationTokenOnRegistrationExpiresAt = expiresAt;
-            if (this.iamConfiguration.autoLoginUserOnRegistration) {
+
+            const autoLoginUserOnRegistration = this.settingService.getConfigValue<SolidCoreSetting>('autoLoginUserOnRegistration');
+            if (autoLoginUserOnRegistration) {
                 user.mobileVerificationTokenOnLogin = token;
                 user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;
             }
@@ -476,7 +479,9 @@ export class AuthenticationService {
 
     private async notifyUserOnOtpInitiateRegistration(user: User, registrationValidationSources: string[]) {
         const companyLogo = await this.getCompanyLogo();
-        if (this.iamConfiguration.dummyOtp)
+        const dummyOtp = this.settingService.getConfigValue<SolidCoreSetting>('dummyOtp');
+
+        if (dummyOtp)
             return; // Do nothing if dummy otp is configured.
         if (registrationValidationSources.includes(RegistrationValidationSource.EMAIL)) {
             const mailService = this.mailServiceFactory.getMailService();
@@ -484,14 +489,14 @@ export class AuthenticationService {
                 user.email,
                 'otp-on-register',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
-                    solidAppWebsiteUrl: process.env.SOLID_APP_WEBSITE_URL,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
+                    solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),
                     firstName: user.username,
                     fullName: user.fullName ? user.fullName : user.username,
                     emailVerificationTokenOnRegistration: user.emailVerificationTokenOnRegistration,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueEmails,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),
                 null,
                 null,
                 'user',
@@ -504,20 +509,23 @@ export class AuthenticationService {
                 user.mobile,
                 'otp-on-register',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
                     otp: user.mobileVerificationTokenOnRegistration,
                     mobileVerificationTokenOnRegistration: user.mobileVerificationTokenOnRegistration,
                     firstName: user.username,
                     fullName: user.fullName ? user.fullName : user.username,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueSms,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),
+
             );
         }
     }
 
     async otpConfirmRegistration(confirmSignUpDto: OTPConfirmOTPDto) {
-        if (!this.isPasswordlessRegistrationEnabled()) {
+        const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();
+
+        if (!isPasswordlessRegistrationEnabled) {
             throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
 
@@ -540,7 +548,7 @@ export class AuthenticationService {
             user.emailVerifiedOnRegistrationAt = new Date();
             user.emailVerificationTokenOnRegistration = null;
             user.emailVerificationTokenOnRegistrationExpiresAt = null;
-            user.active = await this.settingService.getConfigValue('activateUserOnRegistration') && this.areRegistrationValidationSourcesVerified(user);
+            user.active = this.settingService.getConfigValue<SolidCoreSetting>('activateUserOnRegistration') && await this.areRegistrationValidationSourcesVerified(user);
             const savedUser: User = await this.userRepository.save(user);
             this.triggerRegistrationEvent(savedUser);
             return { active: savedUser.active, message: `User registration verified for ${confirmSignUpDto.type}` }
@@ -562,7 +570,7 @@ export class AuthenticationService {
             user.mobileVerifiedOnRegistrationAt = new Date();
             user.mobileVerificationTokenOnRegistration = null;
             user.mobileVerificationTokenOnRegistrationExpiresAt = null;
-            user.active = await this.settingService.getConfigValue('activateUserOnRegistration') && this.areRegistrationValidationSourcesVerified(user);
+            user.active = this.settingService.getConfigValue<SolidCoreSetting>('activateUserOnRegistration') && await this.areRegistrationValidationSourcesVerified(user);
             const savedUser: User = await this.userRepository.save(user);
             this.triggerRegistrationEvent(savedUser);
             return { active: savedUser.active, message: `User registration verified for ${confirmSignUpDto.type}` }
@@ -576,8 +584,10 @@ export class AuthenticationService {
         this.eventEmitter.emit(EventType.USER_REGISTERED, event);
     }
 
-    areRegistrationValidationSourcesVerified(user: User): boolean {
-        const registrationValidationSources = this.iamConfiguration.passwordlessRegistrationValidateWhat;
+    async areRegistrationValidationSourcesVerified(user: User): Promise<boolean> {
+        const passwordlessRegistrationValidateWhat = this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistrationValidateWhat');
+
+        const registrationValidationSources = passwordlessRegistrationValidateWhat;
         if (registrationValidationSources.includes(RegistrationValidationSource.EMAIL)) {
             if (!user.emailVerifiedOnRegistrationAt) {
                 return false;
@@ -591,11 +601,13 @@ export class AuthenticationService {
         return true;
     }
 
-    private otp(): otp {
+    private async otp(): Promise<otp> {
         const now = new Date();
-        now.setMinutes(now.getMinutes() + this.iamConfiguration.otpExpiry);
+        const otpExpiry = this.settingService.getConfigValue<SolidCoreSetting>('otpExpiry');
+        const dummyOtp = this.settingService.getConfigValue<SolidCoreSetting>('dummyOtp');
+        now.setMinutes(now.getMinutes() + otpExpiry);
         return {
-            token: this.iamConfiguration.dummyOtp ? this.iamConfiguration.dummyOtp : randomInt(100000, 999999).toString(),
+            token: dummyOtp ? dummyOtp : randomInt(100000, 999999).toString(),
             expiresAt: now,
         };
     }
@@ -621,8 +633,33 @@ export class AuthenticationService {
         }
     }
 
+    private maskEmail(email: string): string {
+        if (!email) return null;
+
+        const [localPart, domain] = email.split('@');
+        if (localPart.length <= 2) {
+            return `${localPart[0]}***@${domain}`;
+        }
+
+        const visibleStart = localPart.slice(0, 2);
+        const visibleEnd = localPart.slice(-1);
+        return `${visibleStart}***${visibleEnd}@${domain}`;
+    }
+
+    private maskMobile(mobile: string): string {
+        if (!mobile) return null;
+
+        if (mobile.length <= 4) {
+            return mobile;
+        }
+
+        const visibleEnd = mobile.slice(-4);
+        return `***${visibleEnd}`;
+    }
+
     async otpInitiateLogin(signInDto: OTPSignInDto) {
-        if (!this.isPasswordlessRegistrationEnabled()) {
+        const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();
+        if (!isPasswordlessRegistrationEnabled) {
             throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
 
@@ -646,11 +683,17 @@ export class AuthenticationService {
             if (!user.active) {
                 throw new UnauthorizedException(ERROR_MESSAGES.USER_INACTIVE);
             }
-            const { token, expiresAt } = this.otp();
+            const { token, expiresAt } = await this.otp();
             user.emailVerificationTokenOnLogin = token;
             user.emailVerificationTokenOnLoginExpiresAt = expiresAt;
             await this.userRepository.save(user);
             this.notifyUserOnOtpInititateLogin(user, RegistrationValidationSource.EMAIL);
+            return {
+                message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN,
+                user: {
+                    email: this.maskEmail(user.email)
+                }
+            };
         } else if (signInDto.type === RegistrationValidationSource.MOBILE) {
             // const user = await this.userRepository.findOne({
             //     where: {
@@ -668,22 +711,28 @@ export class AuthenticationService {
                 throw new UnauthorizedException(ERROR_MESSAGES.USER_NOT_FOUND);
             }
 
-            const { token, expiresAt } = this.otp();
+            const { token, expiresAt } = await this.otp();
             user.mobileVerificationTokenOnLogin = token;
             user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;
             await this.userRepository.save(user);
             this.notifyUserOnOtpInititateLogin(user, RegistrationValidationSource.MOBILE);
+            return {
+                message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN,
+                user: {
+                    mobile: this.maskMobile(user.mobile)
+                }
+            };
         }
         else {
             throw new BadRequestException(ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
         }
-        return { message: SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN };
     }
 
     private async notifyUserOnOtpInititateLogin(user: User, loginType: RegistrationValidationSource) {
         const companyLogo = await this.getCompanyLogo();
+        const dummyOtp = this.settingService.getConfigValue<SolidCoreSetting>('dummyOtp');
 
-        if (this.iamConfiguration.dummyOtp)
+        if (dummyOtp)
             return; // Do nothing if dummy otp is configured.
         if (loginType === RegistrationValidationSource.EMAIL) {
             const mailService = this.mailServiceFactory.getMailService();
@@ -691,14 +740,14 @@ export class AuthenticationService {
                 user.email,
                 'otp-on-login',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
-                    solidAppWebsiteUrl: process.env.SOLID_APP_WEBSITE_URL,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
+                    solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),
                     firstName: user.username,
                     emailVerificationTokenOnLogin: user.emailVerificationTokenOnLogin,
                     fullName: user.fullName ? user.fullName : user.username,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueEmails,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),
                 null,
                 null,
                 'user',
@@ -711,20 +760,22 @@ export class AuthenticationService {
                 user.mobile,
                 'otp-on-login',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
                     otp: user.mobileVerificationTokenOnLogin,
                     mobileVerificationTokenOnLogin: user.mobileVerificationTokenOnLogin,
                     firstName: user.username,
                     fullName: user.fullName ? user.fullName : user.username,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueSms,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),
+
             );
         }
     }
 
     async otpConfirmLogin(confirmSignInDto: OTPConfirmOTPDto) {
-        if (!this.isPasswordlessRegistrationEnabled()) {
+        const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();
+        if (!isPasswordlessRegistrationEnabled) {
             throw new BadRequestException(ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
         if (confirmSignInDto.type === RegistrationValidationSource.EMAIL) {
@@ -859,13 +910,15 @@ export class AuthenticationService {
     }
 
     // generate uuid token for forgot password
-    private generateForgotPasswordToken() {
+    private async generateForgotPasswordToken() {
         const expiryTime = new Date();
-        expiryTime.setMinutes(expiryTime.getMinutes() + this.iamConfiguration.forgotPasswordVerificationTokenExpiry);
+        const forgotPasswordVerificationTokenExpiry = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordVerificationTokenExpiry');
+        const dummyOtp = this.settingService.getConfigValue<SolidCoreSetting>('dummyOtp');
+        expiryTime.setMinutes(expiryTime.getMinutes() + forgotPasswordVerificationTokenExpiry);
 
         return {
-            token: this.iamConfiguration.dummyOtp
-                ? this.iamConfiguration.dummyOtp
+            token: dummyOtp
+                ? dummyOtp
                 : uuidv4(),   // UUID instead of numeric OTP
             expiresAt: expiryTime,
         };
@@ -898,11 +951,11 @@ export class AuthenticationService {
         // 3. Generate a 6 digit validation token, we send this token to the user over their email & mobile number (controlled using configuration).
         // 4. Save this validation token in new fields on the user record. 
         if (isValidUser) {
-            const { token, expiresAt } = this.generateForgotPasswordToken();
+            const { token, expiresAt } = await this.generateForgotPasswordToken();
             user.verificationTokenOnForgotPassword = token;
             user.verificationTokenOnForgotPasswordExpiresAt = expiresAt;
             await this.userRepository.save(user);
-            this.notifyUserOnForgotPassword(user);
+            await this.notifyUserOnForgotPassword(user);
         }
 
         // 5. Return. 
@@ -924,7 +977,7 @@ export class AuthenticationService {
     private async notifyUserOnForgotPassword(user: User) {
         const companyLogo = await this.getCompanyLogo();
 
-        const forgotPasswordSendVerificationTokenOn = this.iamConfiguration.forgotPasswordSendVerificationTokenOn;
+        const forgotPasswordSendVerificationTokenOn = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordSendVerificationTokenOn');
 
         if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.EMAIL) {
             const mailService = this.mailServiceFactory.getMailService();
@@ -932,15 +985,15 @@ export class AuthenticationService {
                 user.email,
                 'forgot-password',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
-                    solidAppWebsiteUrl: process.env.SOLID_APP_WEBSITE_URL,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
+                    solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),
                     firstName: user.username,
                     fullName: user.fullName,
                     // TODO: Need to prefix this with the page url where the forgot password page will open up.
-                    passwordResetLink: `${process.env.IAM_FRONTEND_APP_FORGOT_PASSWORD_PAGE_URL}?token=${user.verificationTokenOnForgotPassword}`,
+                    passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>('frontendForgotPasswordPageUrl')}?token=${user.verificationTokenOnForgotPassword}`,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueEmails,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),
                 null,
                 null,
                 'user',
@@ -954,13 +1007,13 @@ export class AuthenticationService {
                 user.mobile,
                 'forgot-password',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
                     otp: user.verificationTokenOnForgotPassword,
                     verificationTokenOnForgotPassword: user.verificationTokenOnForgotPassword,
                     firstName: user.username,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueSms,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),
             );
         }
     }
@@ -999,7 +1052,7 @@ export class AuthenticationService {
 
             // Check reuse with your existing method (ensure it looks at hashes).
             await m.getRepository(User).update({ id: user.id }, { password: pwdHash, passwordScheme: pwdScheme, passwordSchemeVersion: pwdSchemeVersion });
-            this.notifyUserOnPasswordChanged(user);
+            await this.notifyUserOnPasswordChanged(user);
 
             return {
                 status: 'success',
@@ -1013,8 +1066,7 @@ export class AuthenticationService {
 
     private async notifyUserOnPasswordChanged(user: User) {
         const companyLogo = await this.getCompanyLogo();
-
-        const forgotPasswordSendVerificationTokenOn = this.iamConfiguration.forgotPasswordSendVerificationTokenOn;
+        const forgotPasswordSendVerificationTokenOn = this.settingService.getConfigValue<SolidCoreSetting>('forgotPasswordSendVerificationTokenOn');
 
         if (forgotPasswordSendVerificationTokenOn == ForgotPasswordSendVerificationTokenOn.EMAIL) {
             const mailService = this.mailServiceFactory.getMailService();
@@ -1022,16 +1074,16 @@ export class AuthenticationService {
                 user.email,
                 'password-changed',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
-                    solidAppWebsiteUrl: process.env.SOLID_APP_WEBSITE_URL,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
+                    solidAppWebsiteUrl: this.settingService.getConfigValue<SolidCoreSetting>('solidAppWebsiteUrl'),
                     email: user.email,
                     firstName: user.username,
                     fullName: user.fullName,
                     // TODO: Need to prefix this with the page url where the forgot password page will open up.
-                    passwordResetLink: `${process.env.IAM_FRONTEND_APP_FORGOT_PASSWORD_PAGE_URL}?token=${user.verificationTokenOnForgotPassword}`,
+                    passwordResetLink: `${this.settingService.getConfigValue<SolidCoreSetting>('frontendForgotPasswordPageUrl')}?token=${user.verificationTokenOnForgotPassword}`,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueEmails,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueEmails'),
                 null,
                 null,
                 'user',
@@ -1045,13 +1097,13 @@ export class AuthenticationService {
                 user.mobile,
                 'forgot-password',
                 {
-                    solidAppName: process.env.SOLID_APP_NAME,
+                    solidAppName: this.settingService.getConfigValue<SolidCoreSetting>('appTitle'),
                     otp: user.verificationTokenOnForgotPassword,
                     verificationTokenOnForgotPassword: user.verificationTokenOnForgotPassword,
                     firstName: user.username,
                     companyLogoUrl: companyLogo
                 },
-                this.commonConfiguration.shouldQueueSms,
+                this.settingService.getConfigValue<SolidCoreSetting>('shouldQueueSms'),
             );
         }
     }
@@ -1059,8 +1111,8 @@ export class AuthenticationService {
     async generateTokens(user: User) {
 
         const [accessToken, refreshToken] = await Promise.all([
-            this.generateAccessToken(user),
-            this.generateRefreshToken(user),
+            await this.generateAccessToken(user),
+            await this.generateRefreshToken(user),
         ]);
 
         return {
@@ -1074,9 +1126,10 @@ export class AuthenticationService {
         // const userRoleNames = user.roles.map((role) => role.name).join(';')
         const userRoleNames = user.roles.map((role) => role.name);
 
+        const accessTokenTtl = this.settingService.getConfigValue<SolidCoreSetting>("accessTokenTtl");
         const accessToken = await this.signToken<Partial<ActiveUserData>>(
             user.id,
-            this.jwtConfiguration.accessTokenTtl,
+            accessTokenTtl,
             { username: user.username, email: user.email, roles: userRoleNames },
         );
 
@@ -1085,8 +1138,8 @@ export class AuthenticationService {
 
     async generateRefreshToken(user: User, previousRefreshToken?: string) {
         const refreshTokenId = randomUUID();
-
-        const refreshToken = await this.signToken(user.id, this.jwtConfiguration.refreshTokenTtl, {
+        const refreshTokenTtl = this.settingService.getConfigValue<SolidCoreSetting>("refreshTokenTtl");
+        const refreshToken = await this.signToken(user.id, refreshTokenTtl, {
             refreshTokenId,
         })
 
@@ -1098,10 +1151,14 @@ export class AuthenticationService {
 
     async refreshTokens(refreshTokenDto: RefreshTokenDto) {
         try {
+            const secret = this.settingService.getConfigValue<SolidCoreSetting>("secret");
+            const audience = this.settingService.getConfigValue<SolidCoreSetting>("audience");
+            const issuer = this.settingService.getConfigValue<SolidCoreSetting>("issuer");
+
             const { sub } = await this.jwtService.verifyAsync<Pick<ActiveUserData, 'sub'> & { refreshTokenId: string }>(refreshTokenDto.refreshToken, {
-                secret: this.jwtConfiguration.secret,
-                audience: this.jwtConfiguration.audience,
-                issuer: this.jwtConfiguration.issuer,
+                secret,
+                audience,
+                issuer,
             });
             // const user = await this.userRepository.findOneByOrFail({ id: sub });
             const user = await this.userRepository.findOne({
@@ -1144,15 +1201,20 @@ export class AuthenticationService {
     }
 
     private async signToken<T>(userId: number, expiresIn: number, payload?: T) {
+        const audience = this.settingService.getConfigValue<SolidCoreSetting>("audience");
+        const issuer = this.settingService.getConfigValue<SolidCoreSetting>("issuer");
+        const secret = this.settingService.getConfigValue<SolidCoreSetting>("secret");
+
+
         return await this.jwtService.signAsync(
             {
                 sub: userId,
                 ...payload,
             },
             {
-                audience: this.jwtConfiguration.audience,
-                issuer: this.jwtConfiguration.issuer,
-                secret: this.jwtConfiguration.secret,
+                audience,
+                issuer,
+                secret,
                 expiresIn,
             },
         );
@@ -1204,11 +1266,11 @@ export class AuthenticationService {
             },
             ...tokens
         }
-
     }
 
     private async isPasswordlessRegistrationEnabled() {
-        return this.settingService.getConfigValue('passwordlessRegistration');
+        // return this.settingService.getConfigValue<SolidCoreSetting>('passwordlessRegistration');
+        return this.settingService.getConfigValue<SolidCoreSetting>('passwordLessAuth');
     }
 
     //FIXME - Pending implementation