@spinajs/rbac-http-user 2.0.372 → 2.0.374

package/lib/cjs/2fa/Default2FaToken.d.ts

@@ -0,0 +1,20 @@
+import { User } from '@spinajs/rbac';
+import { Log } from '@spinajs/log';
+import { TwoFactorAuthProvider } from "@spinajs/rbac-http";
+export declare enum TWO_FA_METATADATA_KEYS {
+    TOKEN = "2fa:token",
+    ENABLED = "2fa:enabled"
+}
+export declare class Default2FaToken extends TwoFactorAuthProvider {
+    protected Config: any;
+    protected Log: Log;
+    constructor();
+    private _getOTP;
+    execute(_: User): Promise<void>;
+    verifyToken(token: string, user: User): Promise<boolean>;
+    initialize(user: User): Promise<any>;
+    getOtpAuthUrl(user: User): Promise<string | null>;
+    isEnabled(user: User): Promise<boolean>;
+    isInitialized(user: User): Promise<boolean>;
+}
+//# sourceMappingURL=Default2FaToken.d.ts.map

package/lib/cjs/2fa/Default2FaToken.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Default2FaToken.d.ts","sourceRoot":"","sources":["../../../src/2fa/Default2FaToken.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,OAAO,EAAE,GAAG,EAAU,MAAM,cAAc,CAAC;AAC3C,OAAO,EAAE,qBAAqB,EAAE,MAAM,oBAAoB,CAAC;AAG3D,oBAAY,sBAAsB;IAC9B,KAAK,cAAc;IACnB,OAAO,gBAAgB;CAC1B;AAED,qBACa,eAAgB,SAAQ,qBAAqB;IAEtD,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC;IAGtB,SAAS,CAAC,GAAG,EAAE,GAAG,CAAC;;IAMnB,OAAO,CAAC,OAAO;IAYR,OAAO,CAAC,CAAC,EAAE,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAMzB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAiBxD,UAAU,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC;IAiBpC,aAAa,CAAE,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAYlD,SAAS,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;IAKvC,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC;CAI3D"}

package/lib/cjs/2fa/Default2FaToken.js

@@ -0,0 +1,122 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Default2FaToken = exports.TWO_FA_METATADATA_KEYS = void 0;
+const di_1 = require("@spinajs/di");
+const configuration_1 = require("@spinajs/configuration");
+const log_1 = require("@spinajs/log");
+const rbac_http_1 = require("@spinajs/rbac-http");
+const OTPAuth = __importStar(require("otpauth"));
+var TWO_FA_METATADATA_KEYS;
+(function (TWO_FA_METATADATA_KEYS) {
+    TWO_FA_METATADATA_KEYS["TOKEN"] = "2fa:token";
+    TWO_FA_METATADATA_KEYS["ENABLED"] = "2fa:enabled";
+})(TWO_FA_METATADATA_KEYS || (exports.TWO_FA_METATADATA_KEYS = TWO_FA_METATADATA_KEYS = {}));
+let Default2FaToken = class Default2FaToken extends rbac_http_1.TwoFactorAuthProvider {
+    constructor() {
+        super();
+    }
+    _getOTP(user, secret) {
+        return new OTPAuth.TOTP({
+            issuer: this.Config.issuer,
+            label: user.Email,
+            algorithm: this.Config.algorithm,
+            digits: this.Config.digits,
+            period: this.Config.period,
+            secret: OTPAuth.Secret.fromBase32(secret),
+        });
+    }
+    execute(_) {
+        // empty, speakasy works offline eg. google authenticator
+        // we dont send any email or sms
+        return Promise.resolve();
+    }
+    async verifyToken(token, user) {
+        const twoFaToken = user.Metadata[TWO_FA_METATADATA_KEYS.TOKEN];
+        if (!twoFaToken) {
+            this.Log.trace(`Cannot verify 2fa token, no 2fa token for user ${user.Id}`);
+            return false;
+        }
+        const totp = this._getOTP(user, twoFaToken);
+        const verified = totp.validate({
+            token: token,
+            window: this.Config.window,
+        });
+        return verified == null;
+    }
+    async initialize(user) {
+        const secret = new OTPAuth.Secret({ size: this.Config.secretSize });
+        const totp = this._getOTP(user, secret.base32);
+        user.Metadata[TWO_FA_METATADATA_KEYS.TOKEN] = secret.base32;
+        await user.Metadata.sync();
+        this.Log.trace(`2fa token initialized for user ${user.Id}`, {
+            userId: user.Id,
+        });
+        /**
+         * returns: `otpauth://totp/ACME:Alice?issuer=ACME&secret=US3WHSG7X5KAPV27VANWKQHF3SH3HULL&algorithm=SHA1&digits=6&period=30`
+         */
+        return totp.toString();
+    }
+    async getOtpAuthUrl(user) {
+        const token = user.Metadata[TWO_FA_METATADATA_KEYS.TOKEN];
+        if (!token) {
+            this.Log.trace(`Cannot get 2fa auth url, no 2fa token for user ${user.Id}`);
+            return null;
+        }
+        const totp = this._getOTP(user, token);
+        return totp.toString();
+    }
+    async isEnabled(user) {
+        const val = await user.Metadata[TWO_FA_METATADATA_KEYS.ENABLED];
+        return val;
+    }
+    async isInitialized(user) {
+        const token = user.Metadata[TWO_FA_METATADATA_KEYS.TOKEN];
+        return token !== null && token !== undefined && token !== '';
+    }
+};
+exports.Default2FaToken = Default2FaToken;
+__decorate([
+    (0, configuration_1.Config)('rbac.otpauth'),
+    __metadata("design:type", Object)
+], Default2FaToken.prototype, "Config", void 0);
+__decorate([
+    (0, log_1.Logger)('2fa-token'),
+    __metadata("design:type", log_1.Log)
+], Default2FaToken.prototype, "Log", void 0);
+exports.Default2FaToken = Default2FaToken = __decorate([
+    (0, di_1.Injectable)(rbac_http_1.TwoFactorAuthProvider),
+    __metadata("design:paramtypes", [])
+], Default2FaToken);
+//# sourceMappingURL=Default2FaToken.js.map

package/lib/cjs/2fa/Default2FaToken.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Default2FaToken.js","sourceRoot":"","sources":["../../../src/2fa/Default2FaToken.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oCAAyC;AAEzC,0DAAgD;AAChD,sCAA2C;AAC3C,kDAA2D;AAC3D,iDAAmC;AAEnC,IAAY,sBAGX;AAHD,WAAY,sBAAsB;IAC9B,6CAAmB,CAAA;IACnB,iDAAuB,CAAA;AAC3B,CAAC,EAHW,sBAAsB,sCAAtB,sBAAsB,QAGjC;AAGM,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,iCAAqB;IAOtD;QACI,KAAK,EAAE,CAAC;IACZ,CAAC;IAEO,OAAO,CAAC,IAAW,EAAE,MAAc;QACrC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;YACtB,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC1B,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;YAChC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC1B,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;YAC1B,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC;SAC5C,CAAC,CAAC;IAEP,CAAC;IAEM,OAAO,CAAC,CAAO;QAClB,yDAAyD;QACzD,gCAAgC;QAChC,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC7B,CAAC;IAEM,KAAK,CAAC,WAAW,CAAC,KAAa,EAAE,IAAU;QAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAE/D,IAAI,CAAC,UAAU,EAAE,CAAC;YACd,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kDAAkD,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5E,OAAO,KAAK,CAAC;QACjB,CAAC;QAED,MAAM,IAAI,GAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;YAC3B,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM;SAC7B,CAAC,CAAC;QAEH,OAAO,QAAS,IAAI,IAAI,CAAC;IAC7B,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,IAAU;QAC9B,MAAM,MAAM,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;QACpE,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QAE/C,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5D,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAE3B,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kCAAkC,IAAI,CAAC,EAAE,EAAE,EAAE;YACxD,MAAM,EAAE,IAAI,CAAC,EAAE;SAClB,CAAC,CAAC;QAEH;;WAEG;QACH,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,aAAa,CAAE,IAAU;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAE1D,IAAI,CAAC,KAAK,EAAE,CAAC;YACT,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,kDAAkD,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5E,OAAO,IAAI,CAAC;QAChB,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;QACvC,OAAO,IAAI,CAAC,QAAQ,EAAE,CAAC;IAC3B,CAAC;IAEM,KAAK,CAAC,SAAS,CAAC,IAAU;QAC7B,MAAM,GAAG,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;QAChE,OAAO,GAAc,CAAC;IAC1B,CAAC;IAEM,KAAK,CAAC,aAAa,CAAC,IAAU;QACjC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,sBAAsB,CAAC,KAAK,CAAC,CAAC;QAC1D,OAAO,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,IAAI,KAAK,KAAK,EAAE,CAAC;IACjE,CAAC;CACJ,CAAA;AApFY,0CAAe;AAEd;IADT,IAAA,sBAAM,EAAC,cAAc,CAAC;;+CACD;AAGZ;IADT,IAAA,YAAM,EAAC,WAAW,CAAC;8BACL,SAAG;4CAAC;0BALV,eAAe;IAD3B,IAAA,eAAU,EAAC,iCAAqB,CAAC;;GACrB,eAAe,CAoF3B"}

package/lib/cjs/actions/2fa.d.ts

@@ -0,0 +1,11 @@
+import { User } from '@spinajs/rbac';
+/**
+ *
+ * Verify 2fa token for user
+ *
+ * @param user
+ * @param token
+ * @returns
+ */
+export declare function auth2Fa(identifier: number | string | User, token: string): Promise<unknown>;
+//# sourceMappingURL=2fa.d.ts.map

package/lib/cjs/actions/2fa.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"2fa.d.ts","sourceRoot":"","sources":["../../../src/actions/2fa.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAwC,MAAM,eAAe,CAAC;AAU3E;;;;;;;GAOG;AACH,wBAAsB,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,EAAE,KAAK,EAAE,MAAM,oBAwB9E"}

package/lib/cjs/actions/2fa.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.auth2Fa = void 0;
+const rbac_1 = require("@spinajs/rbac");
+const configuration_1 = require("@spinajs/configuration");
+const luxon_1 = require("luxon");
+const util_1 = require("@spinajs/util");
+const User2FaPassed_js_1 = require("../events/User2FaPassed.js");
+const rbac_http_1 = require("@spinajs/rbac-http");
+const rbac_2 = require("@spinajs/rbac");
+/**
+ *
+ * Verify 2fa token for user
+ *
+ * @param user
+ * @param token
+ * @returns
+ */
+async function auth2Fa(identifier, token) {
+    token = (0, util_1._check_arg)((0, util_1._trim)(), util_1._non_empty)(token, 'token');
+    return (0, util_1._chain)((0, rbac_1._user_unsafe)(identifier), (0, util_1._catch)((u) => {
+        return (0, util_1._chain)((0, configuration_1._service)('rbac.twoFactorAuth', rbac_http_1.TwoFactorAuthProvider), async (twoFa) => twoFa.verifyToken(token, u), (0, rbac_1._user_update)({ LastLoginAt: luxon_1.DateTime.now() }), (0, rbac_1._user_ev)(User2FaPassed_js_1.User2FaPassed));
+    }, (err, u) => {
+        return (0, util_1._chain)(() => u, 
+        // send event of failed login
+        (0, rbac_1._user_ev)(rbac_2.UserLoginFailed, err), 
+        // rethrow error for caller
+        () => {
+            throw err;
+        });
+    }));
+}
+exports.auth2Fa = auth2Fa;
+//# sourceMappingURL=2fa.js.map

package/lib/cjs/actions/2fa.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"2fa.js","sourceRoot":"","sources":["../../../src/actions/2fa.ts"],"names":[],"mappings":";;;AAAA,wCAA2E;AAE3E,0DAAkD;AAClD,iCAAiC;AACjC,wCAAqG;AACrG,iEAA2D;AAC3D,kDAA2D;AAC3D,wCAAgD;AAGhD;;;;;;;GAOG;AACI,KAAK,UAAU,OAAO,CAAC,UAAkC,EAAE,KAAa;IAC3E,KAAK,GAAG,IAAA,iBAAU,EAAC,IAAA,YAAK,GAAE,EAAE,iBAAU,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAExD,OAAO,IAAA,aAAM,EACT,IAAA,mBAAY,EAAC,UAAU,CAAC,EACxB,IAAA,aAAM,EACF,CAAC,CAAO,EAAE,EAAE;QACR,OAAO,IAAA,aAAM,EAAC,IAAA,wBAAQ,EAAC,oBAAoB,EAAE,iCAAqB,CAAC,EAAE,KAAK,EAAE,KAA4B,EAAE,EAAE,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC,EAAE,IAAA,mBAAY,EAAC,EAAE,WAAW,EAAE,gBAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,IAAA,eAAQ,EAAC,gCAAa,CAAC,CAAC,CAAC;IACtN,CAAC,EACD,CAAC,GAAG,EAAE,CAAO,EAAE,EAAE;QACb,OAAO,IAAA,aAAM,EACT,GAAG,EAAE,CAAC,CAAC;QAEP,6BAA6B;QAC7B,IAAA,eAAQ,EAAC,sBAAe,EAAE,GAAG,CAAC;QAE9B,2BAA2B;QAC3B,GAAG,EAAE;YACD,MAAM,GAAG,CAAC;QACd,CAAC,CACJ,CAAC;IACN,CAAC,CACJ,CACJ,CAAC;AACN,CAAC;AAxBD,0BAwBC"}

package/lib/cjs/config/rbac-http.d.ts

@@ -7,6 +7,19 @@ declare const rbacHttp: {
         };
     };
     rbac: {
+        otpauth: {
+            /**
+             * change this to your app name, it will be used as issuer in otpauth token
+             */
+            issuer: string;
+            /**
+             * recommended defaults for rest
+             */
+            algorithm: string;
+            digits: number;
+            period: number;
+            window: number;
+        };
         twoFactorAuth: {
             enabled: boolean;
             service: string;

package/lib/cjs/config/rbac-http.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rbac-http.d.ts","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":"AAQA,QAAA,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;YA2BR;;eAEG;;;QAGL;;WAEG;;;;CAQN,CAAC;AAEF,eAAe,QAAQ,CAAC"}
+{"version":3,"file":"rbac-http.d.ts","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":"AAQA,QAAA,MAAM,QAAQ;;;;;;;;;;YAUR;;eAEG;;YAGH;;eAEG;;;;;;;;;;;;;;;;;;;;;;YAwBH;;eAEG;;;QAGL;;WAEG;;;;CAQN,CAAC;AAEF,eAAe,QAAQ,CAAC"}

package/lib/cjs/config/rbac-http.js

@@ -14,9 +14,22 @@ const rbacHttp = {
         },
     },
     rbac: {
+        otpauth: {
+            /**
+             * change this to your app name, it will be used as issuer in otpauth token
+             */
+            issuer: 'Spinajs',
+            /**
+             * recommended defaults for rest
+             */
+            algorithm: 'SHA1',
+            digits: 6,
+            period: 30,
+            window: 1,
+        },
         twoFactorAuth: {
             enabled: true,
-            service: 'SpeakEasy2FaToken',
+            service: 'Default2FaToken',
         },
         fingerprint: {
             enabled: false,

package/lib/cjs/config/rbac-http.js.map

@@ -1 +1 @@
-{"version":3,"file":"rbac-http.js","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":";;AAAA,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACxI,CAAC;AAGD,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,WAAW,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACjC,OAAO,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACzB,KAAK,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;SACtB;KACF;IACD,IAAI,EAAE;QACJ,aAAa,EAAE;YACb,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,mBAAmB;SAC7B;QACD,WAAW,EAAE;YACX,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,eAAe;SACzB;QACD,OAAO,EAAC;YACN,MAAM,EAAE;gBACN,QAAQ,EAAE,KAAK;aAChB;SACF;QACD,QAAQ,EAAE;YACR,sCAAsC;YACtC,QAAQ,EAAE,EAAE;YAEZ;;eAEG;YACH,kBAAkB,EAAE,CAAC;SACtB;QACD;;WAEG;QACH,cAAc,EAAE,KAAK;KACtB;IACD,IAAI,EAAE;IACJ,iBAAiB;IACjB,+CAA+C;IAC/C,KAAK;KACN;CACF,CAAC;AAEF,kBAAe,QAAQ,CAAC"}
+{"version":3,"file":"rbac-http.js","sourceRoot":"","sources":["../../../src/config/rbac-http.ts"],"names":[],"mappings":";;AAAA,+BAAgD;AAEhD,SAAS,GAAG,CAAC,IAAY;IACvB,MAAM,UAAU,GAAG,OAAO,MAAM,KAAK,WAAW,CAAC;IACjD,OAAO,IAAA,cAAO,EAAC,IAAA,gBAAS,EAAC,IAAA,WAAI,EAAC,OAAO,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC;AACxI,CAAC;AAGD,MAAM,QAAQ,GAAG;IACf,MAAM,EAAE;QACN,IAAI,EAAE;YACJ,WAAW,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACjC,OAAO,EAAE,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YACzB,KAAK,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;SACtB;KACF;IACD,IAAI,EAAE;QACJ,OAAO,EAAE;YACP;;eAEG;YACH,MAAM,EAAE,SAAS;YAEjB;;eAEG;YACH,SAAS,EAAE,MAAM;YACjB,MAAM,EAAE,CAAC;YACT,MAAM,EAAE,EAAE;YACV,MAAM,EAAE,CAAC;SACV;QACD,aAAa,EAAE;YACb,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,iBAAiB;SAC3B;QACD,WAAW,EAAE;YACX,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,CAAC;YACb,OAAO,EAAE,eAAe;SACzB;QACD,OAAO,EAAC;YACN,MAAM,EAAE;gBACN,QAAQ,EAAE,KAAK;aAChB;SACF;QACD,QAAQ,EAAE;YACR,sCAAsC;YACtC,QAAQ,EAAE,EAAE;YAEZ;;eAEG;YACH,kBAAkB,EAAE,CAAC;SACtB;QACD;;WAEG;QACH,cAAc,EAAE,KAAK;KACtB;IACD,IAAI,EAAE;IACJ,iBAAiB;IACjB,+CAA+C;IAC/C,KAAK;KACN;CACF,CAAC;AAEF,kBAAe,QAAQ,CAAC"}

package/lib/cjs/controllers/LoginController.d.ts

@@ -8,6 +8,7 @@ export declare class LoginController extends BaseController {
     protected AuthProvider: AuthProvider;
     protected SessionProvider: SessionProvider;
     protected SessionExpirationTime: number;
+    protected TwoFactorAuthEnabled: boolean;
     protected SessionCookieConfig: any;
     protected AC: AccessControl;
     login(credentials: UserLoginDto): Promise<Ok | Unauthorized>;

package/lib/cjs/controllers/LoginController.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"LoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAwB,EAAE,EAAe,YAAY,EAAU,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAqB,aAAa,EAAiB,MAAM,eAAe,CAAC;AAE/G,OAAO,EAA6B,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAGlF,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,qBACa,eAAgB,SAAQ,cAAc;IAEjD,SAAS,CAAC,aAAa,EAAE,aAAa,CAAC;IAGvC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC;IAGrC,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAK3C,SAAS,CAAC,qBAAqB,EAAE,MAAM,CAAC;IAGxC,SAAS,CAAC,mBAAmB,EAAE,GAAG,CAAC;IAGnC,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAIf,KAAK,CAAS,WAAW,EAAE,YAAY;IAoKvC,MAAM,CAAW,IAAI,EAAE,MAAM;IA4B7B,MAAM,CAAiB,IAAI,EAAE,IAAI;CA0F/C"}
+{"version":3,"file":"LoginController.d.ts","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,cAAc,EAAwB,EAAE,EAAe,YAAY,EAAU,MAAM,eAAe,CAAC;AAC5G,OAAO,EAAE,YAAY,EAAE,eAAe,EAAqB,aAAa,EAAiB,MAAM,eAAe,CAAC;AAE/G,OAAO,EAA6B,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAGlF,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,qBACa,eAAgB,SAAQ,cAAc;IAEjD,SAAS,CAAC,aAAa,EAAE,aAAa,CAAC;IAGvC,SAAS,CAAC,YAAY,EAAE,YAAY,CAAC;IAGrC,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAK3C,SAAS,CAAC,qBAAqB,EAAE,MAAM,CAAC;IAKxC,SAAS,CAAC,oBAAoB,EAAE,OAAO,CAAC;IAKxC,SAAS,CAAC,mBAAmB,EAAE,GAAG,CAAC;IAGnC,SAAS,CAAC,EAAE,EAAE,aAAa,CAAC;IAIf,KAAK,CAAS,WAAW,EAAE,YAAY;IA0EvC,MAAM,CAAW,IAAI,EAAE,MAAM;IA4B7B,MAAM,CAAiB,IAAI,EAAE,IAAI;CA0F/C"}

package/lib/cjs/controllers/LoginController.js

@@ -25,38 +25,51 @@ let LoginController = class LoginController extends http_1.BaseController {
         try {
             const user = await (0, rbac_1.auth)(credentials.Email, credentials.Password);
             const session = new rbac_1.UserSession();
+            const coockies = [
+                {
+                    Name: 'ssid',
+                    Value: session.SessionId,
+                    Options: {
+                        signed: true,
+                        httpOnly: true,
+                        // set expiration time in ms
+                        maxAge: this.SessionExpirationTime * 1000,
+                        // any optopnal cookie options
+                        // or override default ones
+                        ...this.SessionCookieConfig
+                    },
+                },
+            ];
             session.Data.set('User', user.Uuid);
-            // TEMP
-            session.Data.set('Authorized', true);
             // set expiration time ( default val in config )
             session.extend();
             await this.SessionProvider.save(session);
-            this._log.trace('User logged in', {
+            if (this.TwoFactorAuthEnabled) {
+                this._log.trace('User logged in, 2fa required', {
+                    Uuid: user.Uuid
+                });
+                session.Data.set('Authorized', false);
+                session.Data.set('TwoFactorAuth', true);
+                return new http_1.Ok({
+                    TwoFactorAuthRequired: true,
+                    Authorized: false
+                }, {
+                    Coockies: coockies,
+                });
+            }
+            this._log.trace('User logged in, no 2fa required', {
                 Uuid: user.Uuid
             });
             const grants = this.AC.getGrants();
             const userGrants = user.Role.map(r => (0, rbac_1._unwindGrants)(r, grants));
             const combinedGrants = Object.assign({}, ...userGrants);
             return new http_1.Ok({
-                ...user.dehydrate(),
+                ...user.dehydrateWithRelations({
+                    dateTimeFormat: "iso"
+                }),
                 Grants: combinedGrants,
-                Metadata: user.Metadata.map(m => m.dehydrate())
             }, {
-                Coockies: [
-                    {
-                        Name: 'ssid',
-                        Value: session.SessionId,
-                        Options: {
-                            signed: true,
-                            httpOnly: true,
-                            // set expiration time in ms
-                            maxAge: this.SessionExpirationTime * 1000,
-                            // any optopnal cookie options
-                            // or override default ones
-                            ...this.SessionCookieConfig
-                        },
-                    },
-                ],
+                Coockies: coockies
             });
         }
         catch (err) {
@@ -69,94 +82,6 @@ let LoginController = class LoginController extends http_1.BaseController {
             });
         }
     }
-    // @Post('new-password')
-    // @Policy(NotLoggedPolicy)
-    // public async setNewPassword(@Query() token: string, @Body() pwd: RestorePasswordDto) {
-    //   const user = await User.query()
-    //     .innerJoin(UserMetadata, function () {
-    //       this.where({
-    //         Key: 'password:reset:token',
-    //         Value: token,
-    //       });
-    //     })
-    //     .populate('Metadata')
-    //     .first();
-    //   if (!user) {
-    //     return new NotFound({
-    //       error: {
-    //         code: 'ERR_USER_NOT_FOUND',
-    //         message: 'No user found for this reset token',
-    //       },
-    //     });
-    //   }
-    //   const val = (await user.Metadata['password:reset:start']) as DateTime;
-    //   const now = DateTime.now().plus({ seconds: -this.PasswordResetTokenTTL });
-    //   if (val < now) {
-    //     return new BadRequest({
-    //       error: {
-    //         code: 'ERR_RESET_TOKEN_EXPIRED',
-    //         message: 'Password reset token expired',
-    //       },
-    //     });
-    //   }
-    //   if (!this.PasswordValidationService.check(pwd.Password)) {
-    //     return new BadRequest({
-    //       error: {
-    //         code: 'ERR_PASSWORD_RULE',
-    //         message: 'Invalid password, does not match password rules',
-    //       },
-    //     });
-    //   }
-    //   if (pwd.Password !== pwd.ConfirmPassword) {
-    //     return new BadRequest({
-    //       error: {
-    //         code: 'ERR_PASSWORD_NOT_MATCH',
-    //         message: 'Password and repeat password does not match',
-    //       },
-    //     });
-    //   }
-    //   const hashedPassword = await this.PasswordProvider.hash(pwd.Password);
-    //   user.Password = hashedPassword;
-    //   await user.update();
-    //   /**
-    //    * Delete all reset related meta for user
-    //    */
-    //   await user.Metadata.delete(/password:reset.*/);
-    //   // add to action list
-    //   await user.Actions.add(
-    //     new UserAction({
-    //       Persistent: true,
-    //       Action: 'password:reset',
-    //     }),
-    //   );
-    //   // inform others
-    //   await this.Queue.emit(new UserPasswordChanged(user.Uuid));
-    // }
-    // @Post('forgot-password')
-    // @Policy(NotLoggedPolicy)
-    // public async forgotPassword(@Body() login: UserLoginDto) {
-    //   const user = await this.AuthProvider.getByEmail(login.Email);
-    //   if (!user.IsActive || user.IsBanned || user.DeletedAt !== null) {
-    //     return new InvalidOperation('User is inactive, banned or deleted. Contact system administrator');
-    //   }
-    //   const token = uuidv4();
-    //   // assign meta to user
-    //   await (user.Metadata['password:reset'] = true);
-    //   await (user.Metadata['password:reset:token'] = token);
-    //   await (user.Metadata['password:reset:start'] = DateTime.now());
-    //   await user.Actions.add(
-    //     new UserAction({
-    //       Action: 'user:password:reset',
-    //       Data: DateTime.now().toISO(),
-    //       Persistent: true,
-    //     }),
-    //   );
-    //   await this.Queue.emit(new UserPasswordRestore(user.Uuid, token));
-    //   return new Ok({
-    //     reset_token: token,
-    //     ttl: this.PasswordResetTokenTTL,
-    //   });
-    // }
     async logout(ssid) {
         if (!ssid) {
             return new http_1.Ok();
@@ -203,6 +128,12 @@ __decorate([
     }),
     __metadata("design:type", Number)
 ], LoginController.prototype, "SessionExpirationTime", void 0);
+__decorate([
+    (0, configuration_1.Config)('rbac.twoFactorAuth.enabled', {
+        defaultValue: false,
+    }),
+    __metadata("design:type", Boolean)
+], LoginController.prototype, "TwoFactorAuthEnabled", void 0);
 __decorate([
     (0, configuration_1.Config)('rbac.session.cookie', {}),
     __metadata("design:type", Object)

package/lib/cjs/controllers/LoginController.js.map

@@ -1 +1 @@
-{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8DAAuD;AACvD,wCAA4G;AAC5G,wCAA+G;AAC/G,oCAAyC;AACzC,0DAAkF;AAElF,kDAAyF;AACzF,wCAAqC;AAE9B,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,qBAAc;IAuBpC,AAAN,KAAK,CAAC,KAAK,CAAS,WAAyB;QAClD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,kBAAW,EAAE,CAAC;YAClC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACpC,OAAO;YACP,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;YAErC,gDAAgD;YAChD,OAAO,CAAC,MAAM,EAAE,CAAC;YAEjB,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,gBAAgB,EAAE;gBAChC,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,oBAAa,EAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;YAChE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;YAExD,OAAO,IAAI,SAAE,CAAC;gBACZ,GAAG,IAAI,CAAC,SAAS,EAAE;gBACnB,MAAM,EAAE,cAAc;gBACtB,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,SAAS,EAAE,CAAC;aAChD,EAAE;gBACD,QAAQ,EAAE;oBACR;wBACE,IAAI,EAAE,MAAM;wBACZ,KAAK,EAAE,OAAO,CAAC,SAAS;wBACxB,OAAO,EAAE;4BACP,MAAM,EAAE,IAAI;4BACZ,QAAQ,EAAE,IAAI;4BAEd,4BAA4B;4BAC5B,MAAM,EAAE,IAAI,CAAC,qBAAqB,GAAG,IAAI;4BAEzC,8BAA8B;4BAC9B,2BAA2B;4BAC3B,GAAG,IAAI,CAAC,mBAAmB;yBAC5B;qBACF;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,mBAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,2BAA2B;IAC3B,yFAAyF;IACzF,oCAAoC;IACpC,6CAA6C;IAC7C,qBAAqB;IACrB,uCAAuC;IACvC,wBAAwB;IACxB,YAAY;IACZ,SAAS;IACT,4BAA4B;IAC5B,gBAAgB;IAEhB,iBAAiB;IACjB,4BAA4B;IAC5B,iBAAiB;IACjB,sCAAsC;IACtC,yDAAyD;IACzD,WAAW;IACX,UAAU;IACV,MAAM;IAEN,2EAA2E;IAC3E,+EAA+E;IAE/E,qBAAqB;IACrB,8BAA8B;IAC9B,iBAAiB;IACjB,2CAA2C;IAC3C,mDAAmD;IACnD,WAAW;IACX,UAAU;IACV,MAAM;IAEN,+DAA+D;IAC/D,8BAA8B;IAC9B,iBAAiB;IACjB,qCAAqC;IACrC,sEAAsE;IACtE,WAAW;IACX,UAAU;IACV,MAAM;IAEN,gDAAgD;IAChD,8BAA8B;IAC9B,iBAAiB;IACjB,0CAA0C;IAC1C,kEAAkE;IAClE,WAAW;IACX,UAAU;IACV,MAAM;IAEN,2EAA2E;IAC3E,oCAAoC;IAEpC,yBAAyB;IAEzB,QAAQ;IACR,8CAA8C;IAC9C,QAAQ;IACR,oDAAoD;IAEpD,0BAA0B;IAC1B,4BAA4B;IAC5B,uBAAuB;IACvB,0BAA0B;IAC1B,kCAAkC;IAClC,UAAU;IACV,OAAO;IAEP,qBAAqB;IACrB,+DAA+D;IAC/D,IAAI;IAEJ,2BAA2B;IAC3B,2BAA2B;IAC3B,6DAA6D;IAC7D,kEAAkE;IAElE,sEAAsE;IACtE,wGAAwG;IACxG,MAAM;IAEN,4BAA4B;IAE5B,2BAA2B;IAC3B,oDAAoD;IACpD,2DAA2D;IAC3D,oEAAoE;IAEpE,4BAA4B;IAC5B,uBAAuB;IACvB,uCAAuC;IACvC,sCAAsC;IACtC,0BAA0B;IAC1B,UAAU;IACV,OAAO;IAEP,sEAAsE;IAEtE,oBAAoB;IACpB,0BAA0B;IAC1B,uCAAuC;IACvC,QAAQ;IACR,IAAI;IAIS,AAAN,KAAK,CAAC,MAAM,CAAW,IAAY;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,SAAE,EAAE,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,gDAAgD;QAChD,OAAO,IAAI,SAAE,CAAC,IAAI,EAAE;YAClB,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;wBAET,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAiB,IAAU;QAE5C,kCAAkC;QAClC,OAAO,IAAI,SAAE,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;CAsFF,CAAA;AAjTY,0CAAe;AAEhB;IADT,IAAA,eAAU,GAAE;8BACY,6BAAa;sDAAC;AAG7B;IADT,IAAA,iCAAiB,EAAC,WAAW,CAAC;8BACP,mBAAY;qDAAC;AAG3B;IADT,IAAA,iCAAiB,EAAC,cAAc,CAAC;8BACP,sBAAe;wDAAC;AAKjC;IAHT,IAAA,sBAAM,EAAC,yBAAyB,EAAE;QACjC,YAAY,EAAE,GAAG;KAClB,CAAC;;8DACsC;AAG9B;IADT,IAAA,sBAAM,EAAC,qBAAqB,EAAE,EAAE,CAAC;;4DACC;AAGzB;IADT,IAAA,eAAU,EAAC,oBAAa,CAAC;8BACZ,oBAAa;2CAAC;AAIf;IAFZ,IAAA,WAAI,GAAE;IACN,IAAA,aAAM,EAAC,2BAAe,CAAC;IACJ,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAAc,+BAAY;;4CAsDnD;AA8GY;IAFZ,IAAA,UAAG,GAAE;IACL,IAAA,aAAM,EAAC,wBAAY,CAAC;IACA,WAAA,IAAA,aAAM,GAAE,CAAA;;;;6CAwB5B;AAIY;IAFZ,IAAA,UAAG,GAAE;IACL,IAAA,aAAM,EAAC,wBAAY,CAAC;IACA,WAAA,IAAA,gBAAY,GAAE,CAAA;;qCAAO,WAAI;;6CAI7C;0BA3NU,eAAe;IAD3B,IAAA,eAAQ,EAAC,MAAM,CAAC;GACJ,eAAe,CAiT3B"}
+{"version":3,"file":"LoginController.js","sourceRoot":"","sources":["../../../src/controllers/LoginController.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;AAAA,8DAAuD;AACvD,wCAA4G;AAC5G,wCAA+G;AAC/G,oCAAyC;AACzC,0DAAkF;AAElF,kDAAyF;AACzF,wCAAqC;AAE9B,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,qBAAc;IA8BpC,AAAN,KAAK,CAAC,KAAK,CAAS,WAAyB;QAClD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAA,WAAI,EAAC,WAAW,CAAC,KAAK,EAAE,WAAW,CAAC,QAAQ,CAAC,CAAC;YACjE,MAAM,OAAO,GAAG,IAAI,kBAAW,EAAE,CAAC;YAClC,MAAM,QAAQ,GAAG;gBACf;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,OAAO,CAAC,SAAS;oBACxB,OAAO,EAAE;wBACP,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE,IAAI;wBAEd,4BAA4B;wBAC5B,MAAM,EAAE,IAAI,CAAC,qBAAqB,GAAG,IAAI;wBAEzC,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF,CAAC;YACF,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YACpC,gDAAgD;YAChD,OAAO,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEzC,IAAI,IAAI,CAAC,oBAAoB,EAAE,CAAC;gBAE9B,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,8BAA8B,EAAE;oBAC9C,IAAI,EAAE,IAAI,CAAC,IAAI;iBAChB,CAAC,CAAC;gBAEH,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;gBACtC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;gBAExC,OAAO,IAAI,SAAE,CAAC;oBACZ,qBAAqB,EAAE,IAAI;oBAC3B,UAAU,EAAE,KAAK;iBAClB,EAAE;oBACD,QAAQ,EAAE,QAAQ;iBACnB,CAAC,CAAA;YACJ,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,iCAAiC,EAAE;gBACjD,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YAEH,MAAM,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC;YACnC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAA,oBAAa,EAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;YAChE,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC;YAExD,OAAO,IAAI,SAAE,CAAC;gBACZ,GAAG,IAAI,CAAC,sBAAsB,CAAC;oBAC7B,cAAc,EAAE,KAAK;iBACtB,CAAC;gBACF,MAAM,EAAE,cAAc;aACvB,EAAE;gBACD,QAAQ,EAAE,QAAQ;aACnB,CAAC,CAAC;QAEL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAErB,OAAO,IAAI,mBAAY,CAAC;gBACtB,KAAK,EAAE;oBACL,IAAI,EAAE,eAAe;oBACrB,OAAO,EAAE,6BAA6B;iBACvC;aACF,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAW,IAAY;QACxC,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,SAAE,EAAE,CAAC;QAClB,CAAC;QAED,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAExC,gDAAgD;QAChD,OAAO,IAAI,SAAE,CAAC,IAAI,EAAE;YAClB,QAAQ,EAAE;gBACR;oBACE,IAAI,EAAE,MAAM;oBACZ,KAAK,EAAE,EAAE;oBACT,OAAO,EAAE;wBACP,QAAQ,EAAE,IAAI;wBACd,MAAM,EAAE,CAAC;wBAET,8BAA8B;wBAC9B,2BAA2B;wBAC3B,GAAG,IAAI,CAAC,mBAAmB;qBAC5B;iBACF;aACF;SACF,CAAC,CAAC;IACL,CAAC;IAIY,AAAN,KAAK,CAAC,MAAM,CAAiB,IAAU;QAE5C,kCAAkC;QAClC,OAAO,IAAI,SAAE,CAAC,IAAI,CAAC,CAAC;IACtB,CAAC;CAsFF,CAAA;AA9NY,0CAAe;AAEhB;IADT,IAAA,eAAU,GAAE;8BACY,6BAAa;sDAAC;AAG7B;IADT,IAAA,iCAAiB,EAAC,WAAW,CAAC;8BACP,mBAAY;qDAAC;AAG3B;IADT,IAAA,iCAAiB,EAAC,cAAc,CAAC;8BACP,sBAAe;wDAAC;AAKjC;IAHT,IAAA,sBAAM,EAAC,yBAAyB,EAAE;QACjC,YAAY,EAAE,GAAG;KAClB,CAAC;;8DACsC;AAK9B;IAHT,IAAA,sBAAM,EAAC,4BAA4B,EAAE;QACpC,YAAY,EAAE,KAAK;KACpB,CAAC;;6DACsC;AAK9B;IADT,IAAA,sBAAM,EAAC,qBAAqB,EAAE,EAAE,CAAC;;4DACC;AAGzB;IADT,IAAA,eAAU,EAAC,oBAAa,CAAC;8BACZ,oBAAa;2CAAC;AAIf;IAFZ,IAAA,WAAI,GAAE;IACN,IAAA,aAAM,EAAC,2BAAe,CAAC;IACJ,WAAA,IAAA,WAAI,GAAE,CAAA;;qCAAc,+BAAY;;4CAsEnD;AAIY;IAFZ,IAAA,UAAG,GAAE;IACL,IAAA,aAAM,EAAC,wBAAY,CAAC;IACA,WAAA,IAAA,aAAM,GAAE,CAAA;;;;6CAwB5B;AAIY;IAFZ,IAAA,UAAG,GAAE;IACL,IAAA,aAAM,EAAC,wBAAY,CAAC;IACA,WAAA,IAAA,gBAAY,GAAE,CAAA;;qCAAO,WAAI;;6CAI7C;0BAxIU,eAAe;IAD3B,IAAA,eAAQ,EAAC,MAAM,CAAC;GACJ,eAAe,CA8N3B"}

package/lib/cjs/controllers/TwoFactorAuthController.d.ts

@@ -1 +1,10 @@
+import { TokenDto } from './../dto/token-dto.js';
+import { BaseController, Ok, Unauthorized } from '@spinajs/http';
+import { ISession, SessionProvider, User as UserModel } from '@spinajs/rbac';
+import { QueueService } from '@spinajs/queue';
+export declare class TwoFactorAuthController extends BaseController {
+    protected Queue: QueueService;
+    protected SessionProvider: SessionProvider;
+    verifyToken(logged: UserModel, token: TokenDto, session: ISession): Promise<Ok | Unauthorized>;
+}
 //# sourceMappingURL=TwoFactorAuthController.d.ts.map

package/lib/cjs/controllers/TwoFactorAuthController.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"TwoFactorAuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":""}
+{"version":3,"file":"TwoFactorAuthController.d.ts","sourceRoot":"","sources":["../../../src/controllers/TwoFactorAuthController.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AACjD,OAAO,EAAE,cAAc,EAAY,EAAE,EAAQ,YAAY,EAAE,MAAM,eAAe,CAAC;AACjF,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,IAAI,SAAS,EAAyC,MAAM,eAAe,CAAC;AAOpH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAK9C,qBAEa,uBAAwB,SAAQ,cAAc;IAEvD,SAAS,CAAC,KAAK,EAAE,YAAY,CAAC;IAG9B,SAAS,CAAC,eAAe,EAAE,eAAe,CAAC;IAG9B,WAAW,CAAS,MAAM,EAAE,SAAS,EAAU,KAAK,EAAE,QAAQ,EAAa,OAAO,EAAE,QAAQ;CAuC5G"}