@solidxai/core 0.1.4 → 0.1.5-beta.0

package/dist/services/authentication.service.js

@@ -93,23 +93,21 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
             relations: { roles: true }
         });
     }
-    async validateUserAndRehashPasswordIfRequired(signInDto) {
-        const user = await this.resolveUser(signInDto.username, signInDto.email);
-        if (!user) {
-            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_CREDENTIALS);
-        }
+    async validateUserForPasswordLogin(user, password) {
         if (!user.active) {
             throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_ACTIVE);
         }
-        const isEqual = await this.hashingService.compare(signInDto.password, user.password, user.passwordSchemeVersion);
+        this.checkAccountBlocked(user);
+        const isEqual = await this.hashingService.compare(password, user.password, user.passwordSchemeVersion);
         if (!isEqual) {
+            await this.incrementFailedAttempts(user);
             throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_CREDENTIALS);
         }
+    }
+    async rehashPasswordIfRequired(user, password) {
         if (this.hashingService.needsRehash(user.password, user.passwordSchemeVersion)) {
-            const rehashedUser = await this.updatePasswordDetails(user, signInDto.password);
-            return rehashedUser;
+            await this.updatePasswordDetails(user, password);
         }
-        return user;
     }
     async signUp(signUpDto, activeUser = null) {
         try {
@@ -258,56 +256,61 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         }
     }
     async otpInitiateRegistration(signUpDto) {
+        const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();
+        if (!isPasswordlessRegistrationEnabled) {
+            throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
+        }
+        const validationSource = this.resolvePasswordlessValidationSource();
+        this.validateOtpRegistrationInput(signUpDto, validationSource);
+        const existingUser = await this.findExistingRegistrationUser(signUpDto);
+        if ((0, class_validator_1.isNotEmpty)(existingUser) && existingUser.active) {
+            throw new common_1.ConflictException(error_messages_1.ERROR_MESSAGES.USER_ALREADY_EXISTS);
+        }
         try {
-            const isPasswordlessRegistrationEnabled = await this.isPasswordlessRegistrationEnabled();
-            if (!isPasswordlessRegistrationEnabled) {
-                throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
-            }
-            if ((0, class_validator_1.isEmpty)(signUpDto.mobile) && (0, class_validator_1.isEmpty)(signUpDto.email)) {
-                throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.REGISTRATION_REQUIRES_CONTACT);
-            }
-            if (signUpDto.validationSources.includes(constants_1.TransactionalRegistrationValidationSource.EMAIL) && (0, class_validator_1.isEmpty)(signUpDto.email)) {
-                throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.EMAIL_REQUIRED_FOR_VALIDATION);
-            }
-            if (signUpDto.validationSources.includes(constants_1.TransactionalRegistrationValidationSource.MOBILE) && (0, class_validator_1.isEmpty)(signUpDto.mobile)) {
-                throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.MOBILE_REQUIRED_FOR_VALIDATION);
-            }
-            const existingUser = await this.userRepository.findOne({
-                where: [
-                    { email: signUpDto.email, },
-                    { mobile: signUpDto.mobile, },
-                    { username: signUpDto.username, }
-                ]
-            });
-            if ((0, class_validator_1.isNotEmpty)(existingUser) && existingUser.active) {
-                throw new common_1.ConflictException(error_messages_1.ERROR_MESSAGES.USER_ALREADY_EXISTS);
-            }
-            let passwordlessRegistrationValidateWhat = this.settingService.getConfigValue('passwordlessRegistrationValidateWhat');
-            if (!Array.isArray(passwordlessRegistrationValidateWhat)) {
-                passwordlessRegistrationValidateWhat = [passwordlessRegistrationValidateWhat];
-            }
-            const finalRegistrationVerificationSources = this.calculateVerificationSources(passwordlessRegistrationValidateWhat, signUpDto);
-            let user = existingUser;
-            if ((0, class_validator_1.isEmpty)(user)) {
-                user = this.createUser(signUpDto);
-                await this.populateVerificationTokens(finalRegistrationVerificationSources, user);
-                await this.userRepository.save(user);
-                await this.userService.addRoleToUser(user.username, this.settingService.getConfigValue('defaultRole'));
-            }
-            else {
-                await this.populateVerificationTokens(finalRegistrationVerificationSources, user);
-                await this.userRepository.save(user);
-            }
-            await this.notifyUserOnOtpInitiateRegistration(user, finalRegistrationVerificationSources);
-            return { message: success_messages_1.SUCCESS_MESSAGES.OTP_SENT_SUCCESS_REGISTRATION };
+            const user = await this.upsertUserWithRegistrationVerificationTokens(existingUser, signUpDto, validationSource);
+            await this.notifyUserOnOtpInitiateRegistration(user, validationSource);
         }
         catch (err) {
-            const pgUniqueViolationErrorCode = '23505';
-            if (err.code === pgUniqueViolationErrorCode) {
+            if (err.code === '23505') {
                 throw new common_1.ConflictException(error_messages_1.ERROR_MESSAGES.USER_ALREADY_EXISTS);
             }
             throw err;
         }
+        return { message: success_messages_1.SUCCESS_MESSAGES.OTP_SENT_SUCCESS_REGISTRATION };
+    }
+    validateOtpRegistrationInput(signUpDto, validationSource) {
+        if (validationSource === constants_1.PasswordlessRegistrationValidateWhatSources.EMAIL && (0, class_validator_1.isEmpty)(signUpDto.email)) {
+            throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.EMAIL_REQUIRED_FOR_VALIDATION);
+        }
+        if (validationSource === constants_1.PasswordlessRegistrationValidateWhatSources.MOBILE && (0, class_validator_1.isEmpty)(signUpDto.mobile)) {
+            throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.MOBILE_REQUIRED_FOR_VALIDATION);
+        }
+    }
+    async findExistingRegistrationUser(signUpDto) {
+        return this.userRepository.findOne({
+            where: [
+                { email: signUpDto.email },
+                { mobile: signUpDto.mobile },
+                { username: signUpDto.username },
+            ]
+        });
+    }
+    resolvePasswordlessValidationSource() {
+        return this.settingService.getConfigValue('passwordlessRegistrationValidateWhat');
+    }
+    async upsertUserWithRegistrationVerificationTokens(existingUser, signUpDto, validationSource) {
+        let user = existingUser;
+        if ((0, class_validator_1.isEmpty)(user)) {
+            user = this.createUser(signUpDto);
+            await this.assignRegistrationOtp(validationSource, user);
+            await this.userRepository.save(user);
+            await this.userService.addRoleToUser(user.username, this.settingService.getConfigValue('defaultRole'));
+        }
+        else {
+            await this.assignRegistrationOtp(validationSource, user);
+            await this.userRepository.save(user);
+        }
+        return user;
     }
     createUser(signUpDto) {
         const user = new user_entity_1.User();
@@ -318,44 +321,36 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         user.lastLoginProvider = LoginProvider.OTP;
         return user;
     }
-    calculateVerificationSources(configuredRegistrationValidationSources, signUpDto) {
-        const finalRegistrationValidationSources = configuredRegistrationValidationSources.filter((source) => source !== constants_1.RegistrationValidationSource.TRANSACTIONAL);
-        if (configuredRegistrationValidationSources.includes(constants_1.RegistrationValidationSource.TRANSACTIONAL)) {
-            finalRegistrationValidationSources.push(...signUpDto.validationSources);
-        }
-        return finalRegistrationValidationSources;
-    }
-    async populateVerificationTokens(finalRegistrationValidationSources, user) {
-        if (finalRegistrationValidationSources.length === 0) {
+    async assignRegistrationOtp(passwordlessRegistrationValidateWhat, user) {
+        if (!passwordlessRegistrationValidateWhat) {
             throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.VALIDATION_SOURCE_REQUIRED);
         }
-        if (finalRegistrationValidationSources.includes(constants_1.TransactionalRegistrationValidationSource.EMAIL)) {
+        const autoLoginUserOnRegistration = this.settingService.getConfigValue('autoLoginUserOnRegistration');
+        if (passwordlessRegistrationValidateWhat === constants_1.PasswordlessRegistrationValidateWhatSources.EMAIL) {
             const { token, expiresAt } = await this.otp();
             user.emailVerificationTokenOnRegistration = token;
             user.emailVerificationTokenOnRegistrationExpiresAt = expiresAt;
-            const autoLoginUserOnRegistration = this.settingService.getConfigValue('autoLoginUserOnRegistration');
             if (autoLoginUserOnRegistration) {
                 user.emailVerificationTokenOnLogin = token;
                 user.emailVerificationTokenOnLoginExpiresAt = expiresAt;
             }
         }
-        if (finalRegistrationValidationSources.includes(constants_1.TransactionalRegistrationValidationSource.MOBILE)) {
+        if (passwordlessRegistrationValidateWhat === constants_1.PasswordlessRegistrationValidateWhatSources.MOBILE) {
             const { token, expiresAt } = await this.otp();
             user.mobileVerificationTokenOnRegistration = token;
             user.mobileVerificationTokenOnRegistrationExpiresAt = expiresAt;
-            const autoLoginUserOnRegistration = this.settingService.getConfigValue('autoLoginUserOnRegistration');
             if (autoLoginUserOnRegistration) {
                 user.mobileVerificationTokenOnLogin = token;
                 user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;
             }
         }
     }
-    async notifyUserOnOtpInitiateRegistration(user, registrationValidationSources) {
+    async notifyUserOnOtpInitiateRegistration(user, registrationValidationSource) {
         const companyLogo = await this.getCompanyLogo();
         const dummyOtp = this.settingService.getConfigValue('dummyOtp');
         if (dummyOtp)
             return;
-        if (registrationValidationSources.includes(constants_1.RegistrationValidationSource.EMAIL)) {
+        if (registrationValidationSource === constants_1.PasswordlessLoginValidateWhatSources.EMAIL) {
             const mailService = this.mailServiceFactory.getMailService();
             mailService.sendEmailUsingTemplate(user.email, 'otp-on-register', {
                 solidAppName: this.settingService.getConfigValue('appTitle'),
@@ -366,7 +361,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 companyLogoUrl: companyLogo
             }, this.settingService.getConfigValue('shouldQueueEmails'), null, null, 'user', user.id);
         }
-        if (registrationValidationSources.includes(constants_1.RegistrationValidationSource.MOBILE)) {
+        if (registrationValidationSource === constants_1.PasswordlessLoginValidateWhatSources.MOBILE) {
             const smsService = this.smsFactory.getSmsService();
             smsService.sendSMSUsingTemplate(user.mobile, 'otp-on-register', {
                 solidAppName: this.settingService.getConfigValue('appTitle'),
@@ -383,67 +378,65 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         if (!isPasswordlessRegistrationEnabled) {
             throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
-        if (confirmSignUpDto.type === constants_1.RegistrationValidationSource.EMAIL) {
-            const user = await this.userRepository.findOne({
-                where: {
-                    email: confirmSignUpDto.identifier,
-                }
-            });
-            if (!user) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_FOUND);
-            }
-            if (user.emailVerificationTokenOnRegistration !== confirmSignUpDto.otp) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
-            }
-            if (user.emailVerificationTokenOnRegistrationExpiresAt < new Date()) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.OTP_EXPIRED);
-            }
+        const { type, identifier, otp } = confirmSignUpDto;
+        if (type !== constants_1.PasswordlessRegistrationValidateWhatSources.EMAIL &&
+            type !== constants_1.PasswordlessRegistrationValidateWhatSources.MOBILE) {
+            throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
+        }
+        const user = await this.findUserByRegistrationIdentifier(type, identifier);
+        this.validateRegistrationOtp(user, otp, type);
+        this.clearRegistrationOtp(user, type);
+        user.active = this.settingService.getConfigValue('activateUserOnRegistration') &&
+            await this.areAllPasswordlessRegistrationValidationSourcesVerified(user);
+        const savedUser = await this.userRepository.save(user);
+        this.triggerRegistrationEvent(savedUser);
+        return { active: savedUser.active, message: `User registration verified for ${type}` };
+    }
+    async findUserByRegistrationIdentifier(type, identifier) {
+        const where = type === constants_1.PasswordlessRegistrationValidateWhatSources.EMAIL
+            ? { email: identifier }
+            : { mobile: identifier };
+        const user = await this.userRepository.findOne({ where });
+        if (!user) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_FOUND);
+        }
+        return user;
+    }
+    validateRegistrationOtp(user, otp, type) {
+        const isEmail = type === constants_1.PasswordlessRegistrationValidateWhatSources.EMAIL;
+        const token = isEmail ? user.emailVerificationTokenOnRegistration : user.mobileVerificationTokenOnRegistration;
+        const expiresAt = isEmail ? user.emailVerificationTokenOnRegistrationExpiresAt : user.mobileVerificationTokenOnRegistrationExpiresAt;
+        if (token !== otp) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
+        }
+        if (expiresAt < new Date()) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.OTP_EXPIRED);
+        }
+    }
+    clearRegistrationOtp(user, type) {
+        if (type === constants_1.PasswordlessRegistrationValidateWhatSources.EMAIL) {
             user.emailVerifiedOnRegistrationAt = new Date();
             user.emailVerificationTokenOnRegistration = null;
             user.emailVerificationTokenOnRegistrationExpiresAt = null;
-            user.active = this.settingService.getConfigValue('activateUserOnRegistration') && await this.areRegistrationValidationSourcesVerified(user);
-            const savedUser = await this.userRepository.save(user);
-            this.triggerRegistrationEvent(savedUser);
-            return { active: savedUser.active, message: `User registration verified for ${confirmSignUpDto.type}` };
         }
-        else if (confirmSignUpDto.type === constants_1.RegistrationValidationSource.MOBILE) {
-            const user = await this.userRepository.findOne({
-                where: {
-                    mobile: confirmSignUpDto.identifier,
-                }
-            });
-            if (!user) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_FOUND);
-            }
-            if (user.mobileVerificationTokenOnRegistration !== confirmSignUpDto.otp) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
-            }
-            if (user.mobileVerificationTokenOnRegistrationExpiresAt < new Date()) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
-            }
+        else {
             user.mobileVerifiedOnRegistrationAt = new Date();
             user.mobileVerificationTokenOnRegistration = null;
             user.mobileVerificationTokenOnRegistrationExpiresAt = null;
-            user.active = this.settingService.getConfigValue('activateUserOnRegistration') && await this.areRegistrationValidationSourcesVerified(user);
-            const savedUser = await this.userRepository.save(user);
-            this.triggerRegistrationEvent(savedUser);
-            return { active: savedUser.active, message: `User registration verified for ${confirmSignUpDto.type}` };
         }
-        throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
     }
     triggerRegistrationEvent(savedUser) {
         const event = new interfaces_1.EventDetails(interfaces_1.EventType.USER_REGISTERED, savedUser);
         this.eventEmitter.emit(interfaces_1.EventType.USER_REGISTERED, event);
     }
-    async areRegistrationValidationSourcesVerified(user) {
-        const passwordlessRegistrationValidateWhat = this.settingService.getConfigValue('passwordlessRegistrationValidateWhat');
-        const registrationValidationSources = passwordlessRegistrationValidateWhat;
-        if (registrationValidationSources.includes(constants_1.RegistrationValidationSource.EMAIL)) {
+    async areAllPasswordlessRegistrationValidationSourcesVerified(user) {
+        const registrationValidationSource = this.resolvePasswordlessValidationSource();
+        if (registrationValidationSource === constants_1.PasswordlessLoginValidateWhatSources.EMAIL) {
             if (!user.emailVerifiedOnRegistrationAt) {
                 return false;
             }
         }
-        if (registrationValidationSources.includes(constants_1.RegistrationValidationSource.MOBILE)) {
+        if (registrationValidationSource === constants_1.PasswordlessLoginValidateWhatSources.MOBILE) {
             if (!user.mobileVerifiedOnRegistrationAt) {
                 return false;
             }
@@ -461,7 +454,13 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         };
     }
     async signIn(signInDto) {
-        const user = await this.validateUserAndRehashPasswordIfRequired(signInDto);
+        const user = await this.resolveUser(signInDto.username, signInDto.email);
+        if (!user) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_CREDENTIALS);
+        }
+        await this.validateUserForPasswordLogin(user, signInDto.password);
+        await this.rehashPasswordIfRequired(user, signInDto.password);
+        await this.resetFailedAttempts(user);
         const tokens = await this.generateTokens(user);
         await this.userActivityHistoryService.logEvent('login', user);
         return {
@@ -501,63 +500,67 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         if (!isPasswordlessRegistrationEnabled) {
             throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
-        if (signInDto.type === constants_1.RegistrationValidationSource.EMAIL) {
-            const user = await this.userRepository.findOne({
-                where: [
-                    { username: signInDto.identifier },
-                    { email: signInDto.identifier },
-                ]
-            });
-            if (!user) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_FOUND);
-            }
-            if (!user.active) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_INACTIVE);
+        const type = this.resolveLoginType(signInDto);
+        const user = await this.findUserForLogin(type, signInDto.identifier);
+        await this.assignLoginOtp(user, type);
+        this.notifyUserOnOtpInititateLogin(user, type);
+        return this.buildLoginOtpResponse(user, type);
+    }
+    resolveLoginType(signInDto) {
+        const setting = this.settingService.getConfigValue('passwordlessLoginValidateWhat');
+        if (setting === constants_1.PasswordlessLoginValidateWhatSources.SELECTABLE) {
+            if (signInDto.type !== constants_1.PasswordlessLoginValidateWhatSources.EMAIL &&
+                signInDto.type !== constants_1.PasswordlessLoginValidateWhatSources.MOBILE) {
+                throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
             }
-            const { token, expiresAt } = await this.otp();
+            return signInDto.type;
+        }
+        if (setting === constants_1.PasswordlessLoginValidateWhatSources.EMAIL ||
+            setting === constants_1.PasswordlessLoginValidateWhatSources.MOBILE) {
+            return setting;
+        }
+        throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
+    }
+    async findUserForLogin(type, identifier, options = {}) {
+        const typeWhere = type === constants_1.PasswordlessLoginValidateWhatSources.EMAIL
+            ? { email: identifier }
+            : { mobile: identifier };
+        const user = await this.userRepository.findOne({
+            where: [{ username: identifier }, typeWhere],
+            ...(options.withRoles ? { relations: { roles: true } } : {}),
+        });
+        if (!user) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_FOUND);
+        }
+        if (!user.active) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_INACTIVE);
+        }
+        return user;
+    }
+    async assignLoginOtp(user, type) {
+        const { token, expiresAt } = await this.otp();
+        if (type === constants_1.PasswordlessLoginValidateWhatSources.EMAIL) {
             user.emailVerificationTokenOnLogin = token;
             user.emailVerificationTokenOnLoginExpiresAt = expiresAt;
-            await this.userRepository.save(user);
-            this.notifyUserOnOtpInititateLogin(user, constants_1.RegistrationValidationSource.EMAIL);
-            return {
-                message: success_messages_1.SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN,
-                user: {
-                    email: this.maskEmail(user.email)
-                }
-            };
         }
-        else if (signInDto.type === constants_1.RegistrationValidationSource.MOBILE) {
-            const user = await this.userRepository.findOne({
-                where: [
-                    { username: signInDto.identifier },
-                    { mobile: signInDto.identifier },
-                ]
-            });
-            if (!user) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_FOUND);
-            }
-            const { token, expiresAt } = await this.otp();
+        else {
             user.mobileVerificationTokenOnLogin = token;
             user.mobileVerificationTokenOnLoginExpiresAt = expiresAt;
-            await this.userRepository.save(user);
-            this.notifyUserOnOtpInititateLogin(user, constants_1.RegistrationValidationSource.MOBILE);
-            return {
-                message: success_messages_1.SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN,
-                user: {
-                    mobile: this.maskMobile(user.mobile)
-                }
-            };
-        }
-        else {
-            throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
         }
+        await this.userRepository.save(user);
+    }
+    buildLoginOtpResponse(user, type) {
+        const maskedIdentifier = type === constants_1.PasswordlessLoginValidateWhatSources.EMAIL
+            ? { email: this.maskEmail(user.email) }
+            : { mobile: this.maskMobile(user.mobile) };
+        return { message: success_messages_1.SUCCESS_MESSAGES.OTP_SENT_SUCCESS_LOGIN, user: maskedIdentifier };
     }
     async notifyUserOnOtpInititateLogin(user, loginType) {
         const companyLogo = await this.getCompanyLogo();
         const dummyOtp = this.settingService.getConfigValue('dummyOtp');
         if (dummyOtp)
             return;
-        if (loginType === constants_1.RegistrationValidationSource.EMAIL) {
+        if (loginType === constants_1.PasswordlessLoginValidateWhatSources.EMAIL) {
             const mailService = this.mailServiceFactory.getMailService();
             mailService.sendEmailUsingTemplate(user.email, 'otp-on-login', {
                 solidAppName: this.settingService.getConfigValue('appTitle'),
@@ -568,7 +571,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 companyLogoUrl: companyLogo
             }, this.settingService.getConfigValue('shouldQueueEmails'), null, null, 'user', user.id);
         }
-        if (loginType === constants_1.RegistrationValidationSource.MOBILE) {
+        if (loginType === constants_1.PasswordlessLoginValidateWhatSources.MOBILE) {
             const smsService = this.smsFactory.getSmsService();
             smsService.sendSMSUsingTemplate(user.mobile, 'otp-on-login', {
                 solidAppName: this.settingService.getConfigValue('appTitle'),
@@ -585,69 +588,53 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         if (!isPasswordlessRegistrationEnabled) {
             throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.PASSWORDLESS_REGISTRATION_DISABLED);
         }
-        if (confirmSignInDto.type === constants_1.RegistrationValidationSource.EMAIL) {
-            const user = await this.userRepository.findOne({
-                where: [
-                    { username: confirmSignInDto.identifier },
-                    { email: confirmSignInDto.identifier },
-                ],
-                relations: {
-                    roles: true
-                }
-            });
-            if (!user) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_FOUND);
-            }
-            if (!user.active) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_INACTIVE);
-            }
-            if (user.emailVerificationTokenOnLogin !== confirmSignInDto.otp) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
-            }
-            if (user.emailVerificationTokenOnLoginExpiresAt < new Date()) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
-            }
+        const { type, identifier, otp } = confirmSignInDto;
+        if (type !== constants_1.PasswordlessLoginValidateWhatSources.EMAIL &&
+            type !== constants_1.PasswordlessLoginValidateWhatSources.MOBILE) {
+            throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
+        }
+        const user = await this.findUserForLogin(type, identifier, { withRoles: true });
+        this.checkAccountBlocked(user);
+        try {
+            this.validateLoginOtp(user, otp, type);
+        }
+        catch (e) {
+            await this.incrementFailedAttempts(user);
+            throw e;
+        }
+        this.clearLoginOtp(user, type);
+        user.failedLoginAttempts = 0;
+        await this.userRepository.save(user);
+        return this.buildLoginTokenResponse(user);
+    }
+    validateLoginOtp(user, otp, type) {
+        const isEmail = type === constants_1.PasswordlessLoginValidateWhatSources.EMAIL;
+        const token = isEmail ? user.emailVerificationTokenOnLogin : user.mobileVerificationTokenOnLogin;
+        const expiresAt = isEmail ? user.emailVerificationTokenOnLoginExpiresAt : user.mobileVerificationTokenOnLoginExpiresAt;
+        if (token !== otp) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
+        }
+        if (expiresAt < new Date()) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.OTP_EXPIRED);
+        }
+    }
+    clearLoginOtp(user, type) {
+        if (type === constants_1.PasswordlessLoginValidateWhatSources.EMAIL) {
             user.emailVerifiedOnLoginAt = new Date();
             user.emailVerificationTokenOnLogin = null;
             user.emailVerificationTokenOnLoginExpiresAt = null;
-            await this.userRepository.save(user);
-            const { accessToken, refreshToken } = await this.generateTokens(user);
-            const { id, username, email, mobile, lastLoginProvider } = user;
-            const roles = user.roles.map((role) => role.name);
-            return { accessToken, refreshToken, user: { id, username, email, mobile, lastLoginProvider, roles } };
         }
-        else if (confirmSignInDto.type === constants_1.RegistrationValidationSource.MOBILE) {
-            const user = await this.userRepository.findOne({
-                where: [
-                    { username: confirmSignInDto.identifier },
-                    { mobile: confirmSignInDto.identifier },
-                ],
-                relations: {
-                    roles: true
-                }
-            });
-            if (!user) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_ACTIVE);
-            }
-            if (!user.active) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_INACTIVE);
-            }
-            if (user.mobileVerificationTokenOnLogin !== confirmSignInDto.otp) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
-            }
-            if (user.mobileVerificationTokenOnLoginExpiresAt < new Date()) {
-                throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.INVALID_OTP);
-            }
+        else {
             user.mobileVerifiedOnLoginAt = new Date();
             user.mobileVerificationTokenOnLogin = null;
             user.mobileVerificationTokenOnLoginExpiresAt = null;
-            await this.userRepository.save(user);
-            const { accessToken, refreshToken } = await this.generateTokens(user);
-            const { id, username, email, mobile, lastLoginProvider } = user;
-            const roles = user.roles.map((role) => role.name);
-            return { accessToken, refreshToken, user: { id, username, email, mobile, lastLoginProvider, roles } };
         }
-        throw new common_1.BadRequestException(error_messages_1.ERROR_MESSAGES.INVALID_VERIFICATION_TYPE);
+    }
+    async buildLoginTokenResponse(user) {
+        const { accessToken, refreshToken } = await this.generateTokens(user);
+        const { id, username, email, mobile, lastLoginProvider } = user;
+        const roles = user.roles.map((role) => role.name);
+        return { accessToken, refreshToken, user: { id, username, email, mobile, lastLoginProvider, roles } };
     }
     async changePassword(changePasswordDto, activeUser) {
         const user = await this.userRepository.findOne({
@@ -911,7 +898,18 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 roles: true
             }
         });
-        await this.validateUserUsingGoogle(user);
+        if (!user) {
+            throw new common_1.UnauthorizedException(error_messages_1.ERROR_MESSAGES.USER_NOT_FOUND);
+        }
+        this.checkAccountBlocked(user);
+        try {
+            await this.validateUserUsingGoogle(user);
+        }
+        catch (e) {
+            await this.incrementFailedAttempts(user);
+            throw e;
+        }
+        await this.resetFailedAttempts(user);
         const tokens = await this.generateTokens(user);
         return {
             user: {
@@ -927,6 +925,22 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
     async isPasswordlessRegistrationEnabled() {
         return this.settingService.getConfigValue('passwordLessAuth');
     }
+    checkAccountBlocked(user) {
+        const maxFailedAttempts = this.settingService.getConfigValue('maxFailedLoginAttempts');
+        if (maxFailedAttempts > 0 && user.failedLoginAttempts >= maxFailedAttempts) {
+            throw new common_1.ForbiddenException(error_messages_1.ERROR_MESSAGES.ACCOUNT_BLOCKED);
+        }
+    }
+    async incrementFailedAttempts(user) {
+        user.failedLoginAttempts += 1;
+        await this.userRepository.save(user);
+    }
+    async resetFailedAttempts(user) {
+        if (user.failedLoginAttempts === 0)
+            return;
+        user.failedLoginAttempts = 0;
+        await this.userRepository.save(user);
+    }
     async logout(refreshToken) {
         try {
             const payload = this.jwtService.decode(refreshToken);