@stackframe/stack 2.6.11 → 2.6.12

package/dist/lib/stack-app.d.mts

@@ -67,6 +67,31 @@ type StackClientAppJson<HasTokenStore extends boolean, ProjectId extends string>
     uniqueIdentifier: string;
 };
 declare const stackAppInternalsSymbol: unique symbol;
+type ContactChannel = {
+    id: string;
+    value: string;
+    type: 'email';
+    isPrimary: boolean;
+    isVerified: boolean;
+    usedForAuth: boolean;
+    sendVerificationEmail(): Promise<Result<undefined, KnownErrors["EmailAlreadyVerified"]>>;
+    update(data: ContactChannelUpdateOptions): Promise<void>;
+    delete(): Promise<void>;
+};
+type ContactChannelCreateOptions = {
+    value: string;
+    type: 'email';
+    usedForAuth: boolean;
+};
+type ContactChannelUpdateOptions = {
+    usedForAuth?: boolean;
+    value?: string;
+    isPrimary?: boolean;
+};
+type ServerContactChannel = ContactChannel;
+type ServerContactChannelCreateOptions = ContactChannelCreateOptions & {
+    isVerified?: boolean;
+};
 type Session = {
     getTokens(): Promise<{
         accessToken: string | null;
@@ -188,39 +213,47 @@ type BaseUser = {
     readonly signedUpAt: Date;
     readonly clientMetadata: any;
     readonly clientReadOnlyMetadata: any;
-    /**
-     * Whether the primary e-mail can be used for authentication.
-     */
-    readonly emailAuthEnabled: boolean;
     /**
      * Whether the user has a password set.
      */
     readonly hasPassword: boolean;
-    /**
-     * @deprecated
-     */
-    readonly oauthProviders: readonly {
-        id: string;
-    }[];
+    readonly otpAuthEnabled: boolean;
     readonly isMultiFactorRequired: boolean;
     /**
      * A shorthand method to update multiple fields of the user at once.
      */
     readonly selectedTeam: Team | null;
     toClientJson(): CurrentUserCrud["Client"]["Read"];
+    /**
+     * @deprecated, use contact channel's usedForAuth instead
+     */
+    readonly emailAuthEnabled: boolean;
+    /**
+     * @deprecated
+     */
+    readonly oauthProviders: readonly {
+        id: string;
+    }[];
 };
 type UserExtra = {
     setDisplayName(displayName: string): Promise<void>;
+    /** @deprecated Use contact channel's sendVerificationEmail instead */
     sendVerificationEmail(): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
     setClientMetadata(metadata: any): Promise<void>;
     updatePassword(options: {
         oldPassword: string;
         newPassword: string;
     }): Promise<KnownErrors["PasswordConfirmationMismatch"] | KnownErrors["PasswordRequirementsNotMet"] | void>;
+    setPassword(options: {
+        password: string;
+    }): Promise<KnownErrors["PasswordRequirementsNotMet"] | void>;
     /**
      * A shorthand method to update multiple fields of the user at once.
      */
     update(update: UserUpdateOptions): Promise<void>;
+    useContactChannels(): ContactChannel[];
+    listContactChannels(): Promise<ContactChannel[]>;
+    createContactChannel(data: ContactChannelCreateOptions): Promise<ContactChannel>;
     delete(): Promise<void>;
     getConnectedAccount(id: ProviderType, options: {
         or: 'redirect';
@@ -263,6 +296,7 @@ type UserUpdateOptions = {
     selectedTeamId?: string | null;
     totpMultiFactorSecret?: Uint8Array | null;
     profileImageUrl?: string | null;
+    otpAuthEnabled?: boolean;
 };
 type ServerBaseUser = {
     setPrimaryEmail(email: string, options?: {
@@ -272,14 +306,12 @@ type ServerBaseUser = {
     readonly serverMetadata: any;
     setServerMetadata(metadata: any): Promise<void>;
     setClientReadOnlyMetadata(metadata: any): Promise<void>;
-    updatePassword(options: {
-        oldPassword?: string;
-        newPassword: string;
-    }): Promise<KnownErrors["PasswordConfirmationMismatch"] | KnownErrors["PasswordRequirementsNotMet"] | void>;
+    useContactChannels(): ServerContactChannel[];
+    listContactChannels(): Promise<ServerContactChannel[]>;
+    createContactChannel(data: ServerContactChannelCreateOptions): Promise<ServerContactChannel>;
     update(user: ServerUserUpdateOptions): Promise<void>;
     grantPermission(scope: Team, permissionId: string): Promise<void>;
     revokePermission(scope: Team, permissionId: string): Promise<void>;
-    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
     /**
      * Creates a new session object with a refresh token for this user. Can be used to impersonate them.
      */
@@ -307,8 +339,10 @@ type ServerUserUpdateOptions = {
     password?: string;
 } & UserUpdateOptions;
 type ServerUserCreateOptions = {
-    primaryEmail: string;
-    password: string;
+    primaryEmail?: string;
+    primaryEmailAuthEnabled?: boolean;
+    password?: string;
+    otpAuthEnabled?: boolean;
     displayName?: string;
     primaryEmailVerified?: boolean;
 };

package/dist/lib/stack-app.d.ts

@@ -67,6 +67,31 @@ type StackClientAppJson<HasTokenStore extends boolean, ProjectId extends string>
     uniqueIdentifier: string;
 };
 declare const stackAppInternalsSymbol: unique symbol;
+type ContactChannel = {
+    id: string;
+    value: string;
+    type: 'email';
+    isPrimary: boolean;
+    isVerified: boolean;
+    usedForAuth: boolean;
+    sendVerificationEmail(): Promise<Result<undefined, KnownErrors["EmailAlreadyVerified"]>>;
+    update(data: ContactChannelUpdateOptions): Promise<void>;
+    delete(): Promise<void>;
+};
+type ContactChannelCreateOptions = {
+    value: string;
+    type: 'email';
+    usedForAuth: boolean;
+};
+type ContactChannelUpdateOptions = {
+    usedForAuth?: boolean;
+    value?: string;
+    isPrimary?: boolean;
+};
+type ServerContactChannel = ContactChannel;
+type ServerContactChannelCreateOptions = ContactChannelCreateOptions & {
+    isVerified?: boolean;
+};
 type Session = {
     getTokens(): Promise<{
         accessToken: string | null;
@@ -188,39 +213,47 @@ type BaseUser = {
     readonly signedUpAt: Date;
     readonly clientMetadata: any;
     readonly clientReadOnlyMetadata: any;
-    /**
-     * Whether the primary e-mail can be used for authentication.
-     */
-    readonly emailAuthEnabled: boolean;
     /**
      * Whether the user has a password set.
      */
     readonly hasPassword: boolean;
-    /**
-     * @deprecated
-     */
-    readonly oauthProviders: readonly {
-        id: string;
-    }[];
+    readonly otpAuthEnabled: boolean;
     readonly isMultiFactorRequired: boolean;
     /**
      * A shorthand method to update multiple fields of the user at once.
      */
     readonly selectedTeam: Team | null;
     toClientJson(): CurrentUserCrud["Client"]["Read"];
+    /**
+     * @deprecated, use contact channel's usedForAuth instead
+     */
+    readonly emailAuthEnabled: boolean;
+    /**
+     * @deprecated
+     */
+    readonly oauthProviders: readonly {
+        id: string;
+    }[];
 };
 type UserExtra = {
     setDisplayName(displayName: string): Promise<void>;
+    /** @deprecated Use contact channel's sendVerificationEmail instead */
     sendVerificationEmail(): Promise<KnownErrors["EmailAlreadyVerified"] | void>;
     setClientMetadata(metadata: any): Promise<void>;
     updatePassword(options: {
         oldPassword: string;
         newPassword: string;
     }): Promise<KnownErrors["PasswordConfirmationMismatch"] | KnownErrors["PasswordRequirementsNotMet"] | void>;
+    setPassword(options: {
+        password: string;
+    }): Promise<KnownErrors["PasswordRequirementsNotMet"] | void>;
     /**
      * A shorthand method to update multiple fields of the user at once.
      */
     update(update: UserUpdateOptions): Promise<void>;
+    useContactChannels(): ContactChannel[];
+    listContactChannels(): Promise<ContactChannel[]>;
+    createContactChannel(data: ContactChannelCreateOptions): Promise<ContactChannel>;
     delete(): Promise<void>;
     getConnectedAccount(id: ProviderType, options: {
         or: 'redirect';
@@ -263,6 +296,7 @@ type UserUpdateOptions = {
     selectedTeamId?: string | null;
     totpMultiFactorSecret?: Uint8Array | null;
     profileImageUrl?: string | null;
+    otpAuthEnabled?: boolean;
 };
 type ServerBaseUser = {
     setPrimaryEmail(email: string, options?: {
@@ -272,14 +306,12 @@ type ServerBaseUser = {
     readonly serverMetadata: any;
     setServerMetadata(metadata: any): Promise<void>;
     setClientReadOnlyMetadata(metadata: any): Promise<void>;
-    updatePassword(options: {
-        oldPassword?: string;
-        newPassword: string;
-    }): Promise<KnownErrors["PasswordConfirmationMismatch"] | KnownErrors["PasswordRequirementsNotMet"] | void>;
+    useContactChannels(): ServerContactChannel[];
+    listContactChannels(): Promise<ServerContactChannel[]>;
+    createContactChannel(data: ServerContactChannelCreateOptions): Promise<ServerContactChannel>;
     update(user: ServerUserUpdateOptions): Promise<void>;
     grantPermission(scope: Team, permissionId: string): Promise<void>;
     revokePermission(scope: Team, permissionId: string): Promise<void>;
-    hasPermission(scope: Team, permissionId: string): Promise<boolean>;
     /**
      * Creates a new session object with a refresh token for this user. Can be used to impersonate them.
      */
@@ -307,8 +339,10 @@ type ServerUserUpdateOptions = {
     password?: string;
 } & UserUpdateOptions;
 type ServerUserCreateOptions = {
-    primaryEmail: string;
-    password: string;
+    primaryEmail?: string;
+    primaryEmailAuthEnabled?: boolean;
+    password?: string;
+    otpAuthEnabled?: boolean;
     displayName?: string;
     primaryEmailVerified?: boolean;
 };

package/dist/lib/stack-app.js

@@ -63,7 +63,7 @@ var import_url = require("../utils/url");
 var import_auth = require("./auth");
 var import_cookie = require("./cookie");
 var NextNavigation = (0, import_compile_time.scrambleDuringCompileTime)(NextNavigationUnscrambled);
-var clientVersion = "js @stackframe/stack@2.6.11";
+var clientVersion = "js @stackframe/stack@2.6.12";
 function getUrls(partial) {
   const handler = partial.handler ?? "/handler";
   const home = partial.home ?? "/";
@@ -101,10 +101,10 @@ async function _redirectTo(url, options) {
   }
 }
 function getDefaultProjectId() {
-  return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || (0, import_errors.throwErr)(new Error("Welcome to Stack! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
+  return process.env.NEXT_PUBLIC_STACK_PROJECT_ID || (0, import_errors.throwErr)(new Error("Welcome to Stack Auth! It seems that you haven't provided a project ID. Please create a project on the Stack dashboard at https://app.stack-auth.com and put it in the NEXT_PUBLIC_STACK_PROJECT_ID environment variable."));
 }
 function getDefaultPublishableClientKey() {
-  return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || (0, import_errors.throwErr)(new Error("Welcome to Stack! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable."));
+  return process.env.NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY || (0, import_errors.throwErr)(new Error("Welcome to Stack Auth! It seems that you haven't provided a publishable client key. Please create an API key for your project on the Stack dashboard at https://app.stack-auth.com and copy your publishable client key into the NEXT_PUBLIC_STACK_PUBLISHABLE_CLIENT_KEY environment variable."));
 }
 function getDefaultSecretServerKey() {
   return process.env.STACK_SECRET_SERVER_KEY || (0, import_errors.throwErr)(new Error("No secret server key provided. Please copy your key from the Stack dashboard and put your it in the STACK_SECRET_SERVER_KEY environment variable."));
@@ -226,6 +226,11 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return await this._interface.getTeamMemberProfile({ teamId, userId: "me" }, session);
       }
     );
+    this._clientContactChannelsCache = createCacheBySession(
+      async (session) => {
+        return await this._interface.listClientContactChannels(session);
+      }
+    );
     this._memoryTokenStore = createEmptyTokenStore();
     this._requestTokenStores = /* @__PURE__ */ new WeakMap();
     this._storedCookieTokenStore = null;
@@ -589,6 +594,28 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       }
     };
   }
+  _clientContactChannelFromCrud(crud) {
+    const app = this;
+    return {
+      id: crud.id,
+      value: crud.value,
+      type: crud.type,
+      isVerified: crud.is_verified,
+      isPrimary: crud.is_primary,
+      usedForAuth: crud.used_for_auth,
+      async sendVerificationEmail() {
+        return await app._interface.sendCurrentUserContactChannelVerificationEmail(crud.id, (0, import_url.constructRedirectUrl)(app.urls.emailVerification), app._getSession());
+      },
+      async update(data) {
+        await app._interface.updateClientContactChannel(crud.id, contactChannelUpdateOptionsToCrud(data), app._getSession());
+        await app._clientContactChannelsCache.refresh([app._getSession()]);
+      },
+      async delete() {
+        await app._interface.deleteClientContactChannel(crud.id, app._getSession());
+        await app._clientContactChannelsCache.refresh([app._getSession()]);
+      }
+    };
+  }
   _createAuth(session) {
     const app = this;
     return {
@@ -631,6 +658,7 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       clientReadOnlyMetadata: crud.client_read_only_metadata,
       hasPassword: crud.has_password,
       emailAuthEnabled: crud.auth_with_email,
+      otpAuthEnabled: crud.otp_auth_enabled,
       oauthProviders: crud.oauth_providers,
       selectedTeam: crud.selected_team && this._clientTeamFromCrud(crud.selected_team),
       isMultiFactorRequired: crud.requires_totp_mfa,
@@ -739,7 +767,14 @@ var _StackClientAppImpl = class __StackClientAppImpl {
         return await app._sendVerificationEmail(crud.primary_email, session);
       },
       async updatePassword(options) {
-        return await app._updatePassword(options, session);
+        const result = await app._interface.updatePassword(options, session);
+        await app._currentUserCache.refresh([session]);
+        return result;
+      },
+      async setPassword(options) {
+        const result = await app._interface.setPassword(options, session);
+        await app._currentUserCache.refresh([session]);
+        return result;
       },
       async getTeamProfile(team) {
         const result = await app._currentUserTeamProfileCache.getOrWait([session, team.id], "write-only");
@@ -752,6 +787,19 @@ var _StackClientAppImpl = class __StackClientAppImpl {
       async delete() {
         await app._interface.deleteCurrentUser(session);
         session.markInvalid();
+      },
+      async listContactChannels() {
+        const result = await app._clientContactChannelsCache.getOrWait([session], "write-only");
+        return result.map((crud2) => app._clientContactChannelFromCrud(crud2));
+      },
+      useContactChannels() {
+        const result = useAsyncCache(app._clientContactChannelsCache, [session], "user.useContactChannels()");
+        return result.map((crud2) => app._clientContactChannelFromCrud(crud2));
+      },
+      async createContactChannel(data) {
+        const crud2 = await app._interface.createClientContactChannel(contactChannelCreateOptionsToCrud("me", data), session);
+        await app._clientContactChannelsCache.refresh([session]);
+        return app._clientContactChannelFromCrud(crud2);
       }
     };
   }
@@ -934,7 +982,10 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     }
   }
   async verifyEmail(code) {
-    return await this._interface.verifyEmail(code);
+    const result = await this._interface.verifyEmail(code);
+    await this._currentUserCache.refresh([this._getSession()]);
+    await this._clientContactChannelsCache.refresh([this._getSession()]);
+    return result;
   }
   async getUser(options) {
     this._ensurePersistentTokenStore(options?.tokenStore);
@@ -1131,9 +1182,6 @@ var _StackClientAppImpl = class __StackClientAppImpl {
     const emailVerificationRedirectUrl = (0, import_url.constructRedirectUrl)(this.urls.emailVerification);
     return await this._interface.sendVerificationEmail(email, emailVerificationRedirectUrl, session);
   }
-  async _updatePassword(options, session) {
-    return await this._interface.updatePassword(options, session);
-  }
   async signOut() {
     const user = await this.getUser();
     if (user) {
@@ -1303,6 +1351,11 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         return await this._interface.getServerTeamMemberProfile({ teamId, userId });
       }
     );
+    this._serverContactChannelsCache = createCache(
+      async ([userId]) => {
+        return await this._interface.listServerContactChannels(userId);
+      }
+    );
   }
   async _updateServerUser(userId, update) {
     const result = await this._interface.updateServerUser(userId, serverUserUpdateOptionsToCrud(update));
@@ -1320,6 +1373,21 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       }
     };
   }
+  _serverContactChannelFromCrud(userId, crud) {
+    const app = this;
+    return {
+      ...this._clientContactChannelFromCrud(crud),
+      async sendVerificationEmail() {
+        return await app._interface.sendServerContactChannelVerificationEmail(userId, crud.id, (0, import_url.constructRedirectUrl)(app.urls.emailVerification));
+      },
+      async update(data) {
+        await app._interface.updateServerContactChannel(userId, crud.id, serverContactChannelUpdateOptionsToCrud(data));
+      },
+      async delete() {
+        await app._interface.deleteServerContactChannel(userId, crud.id);
+      }
+    };
+  }
   _serverUserFromCrud(crud) {
     const app = this;
     async function getConnectedAccount(id, options) {
@@ -1436,7 +1504,14 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
         return await app._checkFeatureSupport("sendVerificationEmail() on ServerUser", {});
       },
       async updatePassword(options) {
-        return await this.update({ password: options.newPassword });
+        const result = await this.update({ password: options.newPassword });
+        await app._serverUserCache.refresh([crud.id]);
+        return result;
+      },
+      async setPassword(options) {
+        const result = await this.update(options);
+        await app._serverUserCache.refresh([crud.id]);
+        return result;
       },
       async getTeamProfile(team) {
         const result = await app._serverUserTeamProfileCache.getOrWait([team.id, crud.id], "write-only");
@@ -1445,6 +1520,19 @@ var _StackServerAppImpl = class extends _StackClientAppImpl {
       useTeamProfile(team) {
         const result = useAsyncCache(app._serverUserTeamProfileCache, [team.id, crud.id], "user.useTeamProfile()");
         return (0, import_react2.useMemo)(() => app._serverEditableTeamProfileFromCrud(result), [result]);
+      },
+      async listContactChannels() {
+        const result = await app._serverContactChannelsCache.getOrWait([crud.id], "write-only");
+        return result.map((data) => app._serverContactChannelFromCrud(crud.id, data));
+      },
+      useContactChannels() {
+        const result = useAsyncCache(app._serverContactChannelsCache, [crud.id], "user.useContactChannels()");
+        return (0, import_react2.useMemo)(() => result.map((data) => app._serverContactChannelFromCrud(crud.id, data)), [result]);
+      },
+      createContactChannel: async (data) => {
+        const contactChannel = await app._interface.createServerContactChannel(serverContactChannelCreateOptionsToCrud(crud.id, data));
+        await app._serverContactChannelsCache.refresh([crud.id]);
+        return app._serverContactChannelFromCrud(crud.id, contactChannel);
       }
     };
   }
@@ -1893,13 +1981,45 @@ var _StackAdminAppImpl = class extends _StackServerAppImpl {
     await this._apiKeysCache.refresh([]);
   }
 };
+function contactChannelCreateOptionsToCrud(userId, options) {
+  return {
+    value: options.value,
+    type: options.type,
+    used_for_auth: options.usedForAuth,
+    user_id: userId
+  };
+}
+function contactChannelUpdateOptionsToCrud(options) {
+  return {
+    value: options.value,
+    used_for_auth: options.usedForAuth,
+    is_primary: options.isPrimary
+  };
+}
+function serverContactChannelUpdateOptionsToCrud(options) {
+  return {
+    value: options.value,
+    is_verified: options.isVerified,
+    used_for_auth: options.usedForAuth
+  };
+}
+function serverContactChannelCreateOptionsToCrud(userId, options) {
+  return {
+    type: options.type,
+    value: options.value,
+    is_verified: options.isVerified,
+    user_id: userId,
+    used_for_auth: options.usedForAuth
+  };
+}
 function userUpdateOptionsToCrud(options) {
   return {
     display_name: options.displayName,
     client_metadata: options.clientMetadata,
     selected_team_id: options.selectedTeamId,
     totp_secret_base64: options.totpMultiFactorSecret != null ? (0, import_bytes.encodeBase64)(options.totpMultiFactorSecret) : options.totpMultiFactorSecret,
-    profile_image_url: options.profileImageUrl
+    profile_image_url: options.profileImageUrl,
+    otp_auth_enabled: options.otpAuthEnabled
   };
 }
 function serverUserUpdateOptionsToCrud(options) {
@@ -1921,7 +2041,8 @@ function serverUserCreateOptionsToCrud(options) {
   return {
     primary_email: options.primaryEmail,
     password: options.password,
-    primary_email_auth_enabled: true,
+    otp_auth_enabled: options.otpAuthEnabled,
+    primary_email_auth_enabled: options.primaryEmailAuthEnabled,
     display_name: options.displayName,
     primary_email_verified: options.primaryEmailVerified
   };