npm - @sync-in/server - Versions diffs - 1.11.0 → 2.0.0 - Mend

@sync-in/server 1.11.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1040) hide show

package/server/authentication/providers/ldap/auth-provider-ldap.service.spec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../../../backend/src/authentication/providers/ldap/auth-provider-ldap.service.spec.ts"],"sourcesContent":["import { Test, TestingModule } from '@nestjs/testing'\nimport { Mocked } from 'jest-mock'\nimport { Client, InvalidCredentialsError } from 'ldapts'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { USER_PERMISSION, USER_ROLE } from '../../../applications/users/constants/user'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport * as commonFunctions from '../../../common/functions'\nimport { configuration } from '../../../configuration/config.environment'\nimport type { AuthProviderLDAPConfig } from './auth-ldap.config'\nimport { LDAP_COMMON_ATTR, LDAP_LOGIN_ATTR } from './auth-ldap.constants'\nimport { AuthProviderLDAP } from './auth-provider-ldap.service'\n\njest.mock('ldapts', () => {\n const actual = jest.requireActual('ldapts')\n const mockClientInstance = {\n bind: jest.fn(),\n search: jest.fn(),\n unbind: jest.fn()\n }\n const Client = jest.fn().mockImplementation(() => mockClientInstance)\n return { ...actual, Client }\n})\n\nconst buildUser = (overrides: Partial<UserModel> = {}) =>\n ({\n id: 0,\n login: 'john',\n email: 'old@example.org',\n password: 'hashed',\n role: USER_ROLE.USER,\n isGuest: false,\n isActive: true,\n isAdmin: false,\n makePaths: jest.fn().mockResolvedValue(undefined),\n setFullName: jest.fn(),\n ...overrides\n }) as any\n\nconst ldapClient = {\n bind: jest.fn(),\n search: jest.fn(),\n unbind: jest.fn()\n}\n;(Client as Mocked<any>).mockImplementation(() => ldapClient)\n\ndescribe(AuthProviderLDAP.name, () => {\n let authProviderLDAP: AuthProviderLDAP\n let usersManager: Mocked<UsersManager>\n let adminUsersManager: Mocked<AdminUsersManager>\n\n type LdapConfigOverrides = Omit<Partial<AuthProviderLDAPConfig>, 'attributes' | 'options'> & {\n attributes?: Partial<AuthProviderLDAPConfig['attributes']>\n options?: Partial<AuthProviderLDAPConfig['options']>\n }\n\n const setLdapConfig = (overrides: LdapConfigOverrides = {}) => {\n const base: AuthProviderLDAPConfig = {\n servers: ['ldap://localhost:389'],\n attributes: { login: LDAP_LOGIN_ATTR.UID, email: LDAP_COMMON_ATTR.MAIL },\n baseDN: 'ou=people,dc=example,dc=org',\n filter: '',\n options: {\n autoCreateUser: true,\n autoCreatePermissions: [],\n enablePasswordAuthFallback: true\n }\n }\n const next: AuthProviderLDAPConfig = {\n ...base,\n ...overrides,\n attributes: { ...base.attributes, ...(overrides.attributes || {}) },\n options: { ...base.options, ...(overrides.options || {}) }\n }\n configuration.auth.ldap = next\n ;(authProviderLDAP as any).ldapConfig = next\n ;(authProviderLDAP as any).isAD = [LDAP_LOGIN_ATTR.SAM, LDAP_LOGIN_ATTR.UPN].includes(next.attributes.login)\n ;(authProviderLDAP as any).hasServiceBind = Boolean(next.serviceBindDN && next.serviceBindPassword)\n }\n\n const mockBindResolve = () => {\n ldapClient.bind.mockResolvedValue(undefined)\n ldapClient.unbind.mockResolvedValue(undefined)\n }\n\n const mockBindRejectInvalid = (message = 'invalid') => {\n ldapClient.bind.mockRejectedValue(new InvalidCredentialsError(message))\n ldapClient.unbind.mockResolvedValue(undefined)\n }\n\n const mockSearchEntries = (entries: any[]) => {\n ldapClient.search.mockResolvedValue({ searchEntries: entries })\n }\n\n beforeAll(async () => {\n const module: TestingModule = await Test.createTestingModule({\n providers: [\n AuthProviderLDAP,\n {\n provide: UsersManager,\n useValue: {\n findUser: jest.fn(),\n logUser: jest.fn(),\n updateAccesses: jest.fn().mockResolvedValue(undefined),\n validateAppPassword: jest.fn(),\n fromUserId: jest.fn()\n }\n },\n {\n provide: AdminUsersManager,\n useValue: {\n createUserOrGuest: jest.fn(),\n updateUserOrGuest: jest.fn()\n }\n }\n ]\n }).compile()\n\n module.useLogger(['fatal'])\n authProviderLDAP = module.get<AuthProviderLDAP>(AuthProviderLDAP)\n adminUsersManager = module.get<Mocked<AdminUsersManager>>(AdminUsersManager)\n usersManager = module.get<Mocked<UsersManager>>(UsersManager)\n })\n\n beforeEach(() => {\n jest.clearAllMocks()\n setLdapConfig()\n usersManager.updateAccesses.mockResolvedValue(undefined)\n })\n\n afterEach(() => {\n jest.restoreAllMocks()\n })\n\n it('should be defined', () => {\n expect(authProviderLDAP).toBeDefined()\n expect(usersManager).toBeDefined()\n expect(adminUsersManager).toBeDefined()\n expect(ldapClient).toBeDefined()\n })\n\n it('should authenticate a guest user via database and bypass LDAP', async () => {\n const guestUser: any = { id: 1, login: 'guest1', isGuest: true, isActive: true }\n usersManager.findUser.mockResolvedValue(guestUser)\n const dbAuthResult: any = { ...guestUser, token: 'jwt' }\n usersManager.logUser.mockResolvedValue(dbAuthResult)\n\n const res = await authProviderLDAP.validateUser('guest1', 'pass', '127.0.0.1')\n\n expect(res).toEqual(dbAuthResult)\n expect(usersManager.logUser).toHaveBeenCalledWith(guestUser, 'pass', '127.0.0.1', undefined)\n expect(Client).not.toHaveBeenCalled()\n })\n\n it('should bypass LDAP when scope is provided', async () => {\n const user = buildUser({ id: 12 })\n usersManager.findUser.mockResolvedValue(user)\n usersManager.logUser.mockResolvedValue(user)\n\n const res = await authProviderLDAP.validateUser('john', 'app-password', '10.0.0.2', 'webdav' as any)\n\n expect(res).toBe(user)\n expect(usersManager.logUser).toHaveBeenCalledWith(user, 'app-password', '10.0.0.2', 'webdav')\n expect(Client).not.toHaveBeenCalled()\n })\n\n it('should throw FORBIDDEN for locked account', async () => {\n usersManager.findUser.mockResolvedValue({ login: 'john', isGuest: false, isActive: false } as UserModel)\n const loggerErrorSpy = jest.spyOn(authProviderLDAP['logger'], 'error').mockImplementation(() => undefined as any)\n\n await expect(authProviderLDAP.validateUser('john', 'pwd')).rejects.toThrow(/account locked/i)\n expect(loggerErrorSpy).toHaveBeenCalled()\n })\n\n it('should return null on invalid LDAP credentials without fallback', async () => {\n const existingUser: any = buildUser({ id: 1 })\n usersManager.findUser.mockResolvedValue(existingUser)\n mockBindRejectInvalid('invalid credentials')\n\n const res = await authProviderLDAP.validateUser('john', 'badpwd', '10.0.0.1')\n\n expect(res).toBeNull()\n expect(usersManager.logUser).not.toHaveBeenCalled()\n expect(usersManager.updateAccesses).not.toHaveBeenCalled()\n })\n\n it('should return null when LDAP search yields no entries or throws', async () => {\n const existingUser: any = buildUser({ id: 10 })\n usersManager.findUser.mockResolvedValue(existingUser)\n mockBindResolve()\n mockSearchEntries([])\n\n const resA = await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(resA).toBeNull()\n\n ldapClient.search.mockRejectedValue(new Error('search failed'))\n const resB = await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(resB).toBeNull()\n expect(usersManager.updateAccesses).not.toHaveBeenCalled()\n })\n\n it('should fallback to local auth when LDAP is unavailable and fallback is enabled', async () => {\n const existingUser: any = buildUser({ id: 2 })\n usersManager.findUser.mockResolvedValue(existingUser)\n usersManager.logUser.mockResolvedValue(existingUser)\n const err = Object.assign(new Error('connect ECONNREFUSED'), { code: Array.from(CONNECT_ERROR_CODE)[0] })\n ldapClient.bind.mockRejectedValue({ errors: [err] })\n ldapClient.unbind.mockResolvedValue(undefined)\n\n const res = await authProviderLDAP.validateUser('john', 'pwd', '10.0.0.3')\n\n expect(res).toBe(existingUser)\n expect(usersManager.logUser).toHaveBeenCalledWith(existingUser, 'pwd', '10.0.0.3')\n })\n\n it('should throw SERVICE_UNAVAILABLE when LDAP is unavailable and fallback is disabled', async () => {\n setLdapConfig({ options: { enablePasswordAuthFallback: false } })\n const existingUser: any = buildUser({ id: 3 })\n usersManager.findUser.mockResolvedValue(existingUser)\n const err = Object.assign(new Error('connect ECONNREFUSED'), { code: Array.from(CONNECT_ERROR_CODE)[0] })\n ldapClient.bind.mockRejectedValue({ errors: [err] })\n ldapClient.unbind.mockResolvedValue(undefined)\n\n await expect(authProviderLDAP.validateUser('john', 'pwd')).rejects.toThrow(/authentication service error/i)\n })\n\n it('should allow admin local fallback when LDAP is unavailable even if fallback is disabled', async () => {\n setLdapConfig({ options: { enablePasswordAuthFallback: false } })\n const existingUser: any = buildUser({ id: 4, isAdmin: true })\n usersManager.findUser.mockResolvedValue(existingUser)\n usersManager.logUser.mockResolvedValue(existingUser)\n const err = Object.assign(new Error('connect ECONNREFUSED'), { code: Array.from(CONNECT_ERROR_CODE)[0] })\n ldapClient.bind.mockRejectedValue({ errors: [err] })\n ldapClient.unbind.mockResolvedValue(undefined)\n\n const res = await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(res).toBe(existingUser)\n expect(usersManager.logUser).toHaveBeenCalledWith(existingUser, 'pwd', undefined)\n })\n\n it('should return null when LDAP entry lacks required fields', async () => {\n usersManager.findUser.mockResolvedValue(null)\n mockBindResolve()\n mockSearchEntries([{ uid: 'jane', cn: 'Jane Doe', mail: undefined }])\n const loggerErrorSpy = jest.spyOn(authProviderLDAP['logger'], 'error').mockImplementation(() => undefined as any)\n\n const res = await authProviderLDAP.validateUser('jane', 'pwd')\n\n expect(res).toBeNull()\n expect(adminUsersManager.createUserOrGuest).not.toHaveBeenCalled()\n expect(loggerErrorSpy).toHaveBeenCalled()\n })\n\n it('should throw UNAUTHORIZED when autoCreateUser is disabled', async () => {\n setLdapConfig({ options: { autoCreateUser: false } })\n usersManager.findUser.mockResolvedValue(null)\n const checkAuthSpy = jest.spyOn<any, any>(authProviderLDAP as any, 'checkAuth').mockResolvedValue({\n uid: 'john',\n mail: 'john@example.org'\n })\n\n await expect(authProviderLDAP.validateUser('john', 'pwd')).rejects.toThrow(/user not found/i)\n checkAuthSpy.mockRestore()\n })\n\n it('should create a new admin user with permissions and name parsed from LDAP', async () => {\n setLdapConfig({\n options: {\n adminGroup: 'Admins',\n autoCreatePermissions: [USER_PERMISSION.PERSONAL_SPACE, USER_PERMISSION.WEBDAV]\n }\n })\n usersManager.findUser.mockResolvedValue(null)\n mockBindResolve()\n mockSearchEntries([\n {\n uid: 'john',\n givenName: 'John',\n sn: 'Doe',\n mail: 'john@example.org',\n memberOf: ['CN=Admins,OU=Groups,DC=example,DC=org']\n }\n ])\n const createdUser: any = { id: 2, login: 'john', isGuest: false, isActive: true, makePaths: jest.fn() }\n adminUsersManager.createUserOrGuest.mockResolvedValue(createdUser)\n usersManager.fromUserId.mockResolvedValue(createdUser)\n\n const res = await authProviderLDAP.validateUser('john', 'pwd', '192.168.1.10')\n\n expect(adminUsersManager.createUserOrGuest).toHaveBeenCalledWith(\n {\n login: 'john',\n email: 'john@example.org',\n password: 'pwd',\n role: USER_ROLE.ADMINISTRATOR,\n firstName: 'John',\n lastName: 'Doe',\n permissions: 'personal_space,webdav_access'\n },\n USER_ROLE.ADMINISTRATOR\n )\n expect(res).toBe(createdUser)\n expect(usersManager.updateAccesses).toHaveBeenCalledWith(createdUser, '192.168.1.10', true)\n })\n\n it('should accept adminGroup as full DN', async () => {\n setLdapConfig({\n options: {\n adminGroup: 'CN=Admins,OU=Groups,DC=example,DC=org'\n }\n })\n usersManager.findUser.mockResolvedValue(null)\n mockBindResolve()\n mockSearchEntries([\n {\n uid: 'john',\n givenName: 'John',\n sn: 'Doe',\n mail: 'john@example.org',\n memberOf: ['CN=Admins,OU=Groups,DC=example,DC=org']\n }\n ])\n const createdUser: any = { id: 9, login: 'john', isGuest: false, isActive: true, makePaths: jest.fn() }\n adminUsersManager.createUserOrGuest.mockResolvedValue(createdUser)\n usersManager.fromUserId.mockResolvedValue(createdUser)\n\n const res = await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(adminUsersManager.createUserOrGuest).toHaveBeenCalledWith(\n expect.objectContaining({ role: USER_ROLE.ADMINISTRATOR }),\n USER_ROLE.ADMINISTRATOR\n )\n expect(res).toBe(createdUser)\n })\n\n it('should use groupOfNames to detect admin membership when memberOf is missing', async () => {\n setLdapConfig({ options: { adminGroup: 'Admins' } })\n usersManager.findUser.mockResolvedValue(null)\n mockBindResolve()\n ldapClient.search\n .mockResolvedValueOnce({\n searchEntries: [\n {\n uid: 'john',\n cn: 'John Doe',\n mail: 'john@example.org',\n dn: 'uid=john,ou=people,dc=example,dc=org'\n }\n ]\n })\n .mockResolvedValueOnce({ searchEntries: [{ cn: 'Admins' }] })\n const createdUser: any = { id: 3, login: 'john', isGuest: false, isActive: true, makePaths: jest.fn() }\n adminUsersManager.createUserOrGuest.mockResolvedValue(createdUser)\n usersManager.fromUserId.mockResolvedValue(createdUser)\n\n const res = await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(adminUsersManager.createUserOrGuest).toHaveBeenCalledWith(\n expect.objectContaining({ role: USER_ROLE.ADMINISTRATOR }),\n USER_ROLE.ADMINISTRATOR\n )\n expect(res).toBe(createdUser)\n })\n\n it('should use service bind for LDAP searches when configured', async () => {\n setLdapConfig({\n serviceBindDN: 'cn=svc,dc=example,dc=org',\n serviceBindPassword: 'secret'\n })\n usersManager.findUser.mockResolvedValue(null)\n mockBindResolve()\n ldapClient.search.mockResolvedValueOnce({\n searchEntries: [{ uid: 'john', cn: 'John Doe', mail: 'john@example.org', dn: 'uid=john,ou=people,dc=example,dc=org' }]\n })\n const createdUser: any = { id: 8, login: 'john', isGuest: false, isActive: true, makePaths: jest.fn() }\n adminUsersManager.createUserOrGuest.mockResolvedValue(createdUser)\n usersManager.fromUserId.mockResolvedValue(createdUser)\n\n await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(ldapClient.bind).toHaveBeenCalledWith('cn=svc,dc=example,dc=org', 'secret')\n expect(ldapClient.bind).toHaveBeenCalledWith('uid=john,ou=people,dc=example,dc=org', 'pwd')\n })\n\n it('should return null when service bind is set but user DN is not found', async () => {\n setLdapConfig({\n serviceBindDN: 'cn=svc,dc=example,dc=org',\n serviceBindPassword: 'secret'\n })\n usersManager.findUser.mockResolvedValue(null)\n mockBindResolve()\n ldapClient.search.mockResolvedValueOnce({ searchEntries: [] })\n\n const res = await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(res).toBeNull()\n expect(ldapClient.bind).toHaveBeenCalledWith('cn=svc,dc=example,dc=org', 'secret')\n expect(ldapClient.bind).not.toHaveBeenCalledWith('uid=john,ou=people,dc=example,dc=org', 'pwd')\n })\n\n it('should return null when user bind fails after service bind', async () => {\n setLdapConfig({\n serviceBindDN: 'cn=svc,dc=example,dc=org',\n serviceBindPassword: 'secret'\n })\n usersManager.findUser.mockResolvedValue(null)\n ldapClient.unbind.mockResolvedValue(undefined)\n ldapClient.bind.mockResolvedValueOnce(undefined).mockRejectedValueOnce(new InvalidCredentialsError('invalid credentials'))\n ldapClient.search.mockResolvedValueOnce({\n searchEntries: [{ dn: 'uid=john,ou=people,dc=example,dc=org', cn: 'John Doe' }]\n })\n\n const res = await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(res).toBeNull()\n expect(ldapClient.bind).toHaveBeenCalledWith('cn=svc,dc=example,dc=org', 'secret')\n expect(ldapClient.bind).toHaveBeenCalledWith('uid=john,ou=people,dc=example,dc=org', 'pwd')\n })\n\n it('should keep admin role when adminGroup is not configured', async () => {\n setLdapConfig({ options: { adminGroup: undefined } })\n const existingUser: any = buildUser({ id: 5, role: USER_ROLE.ADMINISTRATOR })\n usersManager.findUser.mockResolvedValue(existingUser)\n mockBindResolve()\n mockSearchEntries([{ uid: 'john', cn: 'John Doe', mail: 'john@example.org' }])\n jest.spyOn(commonFunctions, 'comparePassword').mockResolvedValue(true)\n\n await authProviderLDAP.validateUser('john', 'pwd')\n\n expect(adminUsersManager.updateUserOrGuest).toHaveBeenCalled()\n const updateArgs = adminUsersManager.updateUserOrGuest.mock.calls[0][1]\n expect(updateArgs).toEqual(expect.objectContaining({ email: 'john@example.org' }))\n expect(updateArgs).toEqual(expect.not.objectContaining({ role: expect.anything() }))\n })\n\n it('should update existing user and avoid reassigning password locally', async () => {\n const existingUser: any = buildUser({ id: 6 })\n usersManager.findUser.mockResolvedValue(existingUser)\n mockBindResolve()\n mockSearchEntries([{ uid: 'john', displayName: 'Jane Doe', mail: 'john@example.org' }])\n const compareSpy = jest.spyOn(commonFunctions, 'comparePassword').mockResolvedValue(false)\n const splitSpy = jest.spyOn(commonFunctions, 'splitFullName').mockReturnValue({ firstName: 'Jane', lastName: 'Doe' })\n\n const res = await authProviderLDAP.validateUser('john', 'new-plain-password', '127.0.0.2')\n\n expect(adminUsersManager.updateUserOrGuest).toHaveBeenCalledWith(\n 6,\n expect.objectContaining({\n email: 'john@example.org',\n firstName: 'Jane',\n lastName: 'Doe'\n })\n )\n expect(existingUser.password).toBe('hashed')\n expect(existingUser).toMatchObject({ email: 'john@example.org', firstName: 'Jane', lastName: 'Doe' })\n expect(existingUser.setFullName).toHaveBeenCalledWith(true)\n expect(usersManager.updateAccesses).toHaveBeenCalledWith(existingUser, '127.0.0.2', true)\n expect(res).toBe(existingUser)\n\n compareSpy.mockRestore()\n splitSpy.mockRestore()\n })\n\n it('should throw FORBIDDEN when LDAP login does not match user login', async () => {\n const existingUser: any = buildUser({ id: 7, login: 'john' })\n usersManager.findUser.mockResolvedValue(existingUser)\n mockBindResolve()\n mockSearchEntries([{ uid: 'jane', cn: 'Jane Doe', mail: 'jane@example.org' }])\n\n await expect(authProviderLDAP.validateUser('john', 'pwd')).rejects.toThrow(/account matching error/i)\n })\n\n it('should build LDAP logins and filters for AD and standard LDAP', () => {\n setLdapConfig({ attributes: { login: LDAP_LOGIN_ATTR.UPN }, upnSuffix: 'sync-in.com', filter: '(memberOf=cn=staff)' })\n const adLogin = (authProviderLDAP as any).buildLdapLogin('john')\n expect(adLogin).toBe('john@sync-in.com')\n const adFilter = (authProviderLDAP as any).buildUserFilter('SYNC-IN\\\\john', '(memberOf=cn=staff)')\n expect(adFilter).toContain('(sAMAccountName=john)')\n expect(adFilter).toContain('(userPrincipalName=john)')\n expect(adFilter).toContain('(mail=john)')\n expect(adFilter).toContain('(memberOf=cn=staff)')\n\n setLdapConfig({ attributes: { login: LDAP_LOGIN_ATTR.UID }, filter: '(department=IT)' })\n const ldapFilter = (authProviderLDAP as any).buildUserFilter('john', '(department=IT)')\n expect(ldapFilter).toContain('(uid=john)')\n expect(ldapFilter).toContain('(cn=john)')\n expect(ldapFilter).toContain('(mail=john)')\n expect(ldapFilter).toContain('(department=IT)')\n })\n\n it('should normalize LDAP entries for memberOf and array attributes', () => {\n const entry = {\n uid: ['john'],\n mail: ['john@example.org', 'john2@example.org'],\n memberOf: ['CN=Admins,OU=Groups,DC=example,DC=org', 'CN=Staff,OU=Groups,DC=example,DC=org']\n }\n\n const normalized = (authProviderLDAP as any).convertToLdapUserEntry(entry)\n\n expect(normalized.uid).toBe('john')\n expect(normalized.mail).toBe('john@example.org')\n expect(normalized.memberOf).toEqual(['CN=Admins,OU=Groups,DC=example,DC=org', 'Admins', 'CN=Staff,OU=Groups,DC=example,DC=org', 'Staff'])\n })\n\n it('should build LDAP logins for SAM account name when netbiosName is set', () => {\n setLdapConfig({ attributes: { login: LDAP_LOGIN_ATTR.SAM }, netbiosName: 'SYNC' })\n const samLogin = (authProviderLDAP as any).buildLdapLogin('john')\n expect(samLogin).toBe('SYNC\\\\john')\n })\n})\n"],"names":["jest","mock","actual","requireActual","mockClientInstance","bind","fn","search","unbind","Client","mockImplementation","buildUser","overrides","id","login","email","password","role","USER_ROLE","USER","isGuest","isActive","isAdmin","makePaths","mockResolvedValue","undefined","setFullName","ldapClient","describe","AuthProviderLDAP","name","authProviderLDAP","usersManager","adminUsersManager","setLdapConfig","base","servers","attributes","LDAP_LOGIN_ATTR","UID","LDAP_COMMON_ATTR","MAIL","baseDN","filter","options","autoCreateUser","autoCreatePermissions","enablePasswordAuthFallback","next","configuration","auth","ldap","ldapConfig","isAD","SAM","UPN","includes","hasServiceBind","Boolean","serviceBindDN","serviceBindPassword","mockBindResolve","mockBindRejectInvalid","message","mockRejectedValue","InvalidCredentialsError","mockSearchEntries","entries","searchEntries","beforeAll","module","Test","createTestingModule","providers","provide","UsersManager","useValue","findUser","logUser","updateAccesses","validateAppPassword","fromUserId","AdminUsersManager","createUserOrGuest","updateUserOrGuest","compile","useLogger","get","beforeEach","clearAllMocks","afterEach","restoreAllMocks","it","expect","toBeDefined","guestUser","dbAuthResult","token","res","validateUser","toEqual","toHaveBeenCalledWith","not","toHaveBeenCalled","user","toBe","loggerErrorSpy","spyOn","rejects","toThrow","existingUser","toBeNull","resA","Error","resB","err","Object","assign","code","Array","from","CONNECT_ERROR_CODE","errors","uid","cn","mail","checkAuthSpy","mockRestore","adminGroup","USER_PERMISSION","PERSONAL_SPACE","WEBDAV","givenName","sn","memberOf","createdUser","ADMINISTRATOR","firstName","lastName","permissions","objectContaining","mockResolvedValueOnce","dn","mockRejectedValueOnce","commonFunctions","updateArgs","calls","anything","displayName","compareSpy","splitSpy","mockReturnValue","toMatchObject","upnSuffix","adLogin","buildLdapLogin","adFilter","buildUserFilter","toContain","ldapFilter","entry","normalized","convertToLdapUserEntry","netbiosName","samLogin"],"mappings":";;;;yBAAoC;wBAEY;8BACb;sBACQ;0CAET;qCACL;mEACI;mCACH;mCAEoB;yCACjB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEjCA,KAAKC,IAAI,CAAC,UAAU;IAClB,MAAMC,SAASF,KAAKG,aAAa,CAAC;IAClC,MAAMC,qBAAqB;QACzBC,MAAML,KAAKM,EAAE;QACbC,QAAQP,KAAKM,EAAE;QACfE,QAAQR,KAAKM,EAAE;IACjB;IACA,MAAMG,SAAST,KAAKM,EAAE,GAAGI,kBAAkB,CAAC,IAAMN;IAClD,OAAO;QAAE,GAAGF,MAAM;QAAEO;IAAO;AAC7B;AAEA,MAAME,YAAY,CAACC,YAAgC,CAAC,CAAC,GAClD,CAAA;QACCC,IAAI;QACJC,OAAO;QACPC,OAAO;QACPC,UAAU;QACVC,MAAMC,eAAS,CAACC,IAAI;QACpBC,SAAS;QACTC,UAAU;QACVC,SAAS;QACTC,WAAWvB,KAAKM,EAAE,GAAGkB,iBAAiB,CAACC;QACvCC,aAAa1B,KAAKM,EAAE;QACpB,GAAGM,SAAS;IACd,CAAA;AAEF,MAAMe,aAAa;IACjBtB,MAAML,KAAKM,EAAE;IACbC,QAAQP,KAAKM,EAAE;IACfE,QAAQR,KAAKM,EAAE;AACjB;AACEG,cAAM,CAAiBC,kBAAkB,CAAC,IAAMiB;AAElDC,SAASC,yCAAgB,CAACC,IAAI,EAAE;IAC9B,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAOJ,MAAMC,gBAAgB,CAACtB,YAAiC,CAAC,CAAC;QACxD,MAAMuB,OAA+B;YACnCC,SAAS;gBAAC;aAAuB;YACjCC,YAAY;gBAAEvB,OAAOwB,kCAAe,CAACC,GAAG;gBAAExB,OAAOyB,mCAAgB,CAACC,IAAI;YAAC;YACvEC,QAAQ;YACRC,QAAQ;YACRC,SAAS;gBACPC,gBAAgB;gBAChBC,uBAAuB,EAAE;gBACzBC,4BAA4B;YAC9B;QACF;QACA,MAAMC,OAA+B;YACnC,GAAGb,IAAI;YACP,GAAGvB,SAAS;YACZyB,YAAY;gBAAE,GAAGF,KAAKE,UAAU;gBAAE,GAAIzB,UAAUyB,UAAU,IAAI,CAAC,CAAC;YAAE;YAClEO,SAAS;gBAAE,GAAGT,KAAKS,OAAO;gBAAE,GAAIhC,UAAUgC,OAAO,IAAI,CAAC,CAAC;YAAE;QAC3D;QACAK,gCAAa,CAACC,IAAI,CAACC,IAAI,GAAGH;QACxBjB,iBAAyBqB,UAAU,GAAGJ;QACtCjB,iBAAyBsB,IAAI,GAAG;YAACf,kCAAe,CAACgB,GAAG;YAAEhB,kCAAe,CAACiB,GAAG;SAAC,CAACC,QAAQ,CAACR,KAAKX,UAAU,CAACvB,KAAK;QACzGiB,iBAAyB0B,cAAc,GAAGC,QAAQV,KAAKW,aAAa,IAAIX,KAAKY,mBAAmB;IACpG;IAEA,MAAMC,kBAAkB;QACtBlC,WAAWtB,IAAI,CAACmB,iBAAiB,CAACC;QAClCE,WAAWnB,MAAM,CAACgB,iBAAiB,CAACC;IACtC;IAEA,MAAMqC,wBAAwB,CAACC,UAAU,SAAS;QAChDpC,WAAWtB,IAAI,CAAC2D,iBAAiB,CAAC,IAAIC,+BAAuB,CAACF;QAC9DpC,WAAWnB,MAAM,CAACgB,iBAAiB,CAACC;IACtC;IAEA,MAAMyC,oBAAoB,CAACC;QACzBxC,WAAWpB,MAAM,CAACiB,iBAAiB,CAAC;YAAE4C,eAAeD;QAAQ;IAC/D;IAEAE,UAAU;QACR,MAAMC,SAAwB,MAAMC,aAAI,CAACC,mBAAmB,CAAC;YAC3DC,WAAW;gBACT5C,yCAAgB;gBAChB;oBACE6C,SAASC,iCAAY;oBACrBC,UAAU;wBACRC,UAAU7E,KAAKM,EAAE;wBACjBwE,SAAS9E,KAAKM,EAAE;wBAChByE,gBAAgB/E,KAAKM,EAAE,GAAGkB,iBAAiB,CAACC;wBAC5CuD,qBAAqBhF,KAAKM,EAAE;wBAC5B2E,YAAYjF,KAAKM,EAAE;oBACrB;gBACF;gBACA;oBACEoE,SAASQ,2CAAiB;oBAC1BN,UAAU;wBACRO,mBAAmBnF,KAAKM,EAAE;wBAC1B8E,mBAAmBpF,KAAKM,EAAE;oBAC5B;gBACF;aACD;QACH,GAAG+E,OAAO;QAEVf,OAAOgB,SAAS,CAAC;YAAC;SAAQ;QAC1BvD,mBAAmBuC,OAAOiB,GAAG,CAAmB1D,yCAAgB;QAChEI,oBAAoBqC,OAAOiB,GAAG,CAA4BL,2CAAiB;QAC3ElD,eAAesC,OAAOiB,GAAG,CAAuBZ,iCAAY;IAC9D;IAEAa,WAAW;QACTxF,KAAKyF,aAAa;QAClBvD;QACAF,aAAa+C,cAAc,CAACvD,iBAAiB,CAACC;IAChD;IAEAiE,UAAU;QACR1F,KAAK2F,eAAe;IACtB;IAEAC,GAAG,qBAAqB;QACtBC,OAAO9D,kBAAkB+D,WAAW;QACpCD,OAAO7D,cAAc8D,WAAW;QAChCD,OAAO5D,mBAAmB6D,WAAW;QACrCD,OAAOlE,YAAYmE,WAAW;IAChC;IAEAF,GAAG,iEAAiE;QAClE,MAAMG,YAAiB;YAAElF,IAAI;YAAGC,OAAO;YAAUM,SAAS;YAAMC,UAAU;QAAK;QAC/EW,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACuE;QACxC,MAAMC,eAAoB;YAAE,GAAGD,SAAS;YAAEE,OAAO;QAAM;QACvDjE,aAAa8C,OAAO,CAACtD,iBAAiB,CAACwE;QAEvC,MAAME,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,UAAU,QAAQ;QAElEN,OAAOK,KAAKE,OAAO,CAACJ;QACpBH,OAAO7D,aAAa8C,OAAO,EAAEuB,oBAAoB,CAACN,WAAW,QAAQ,aAAatE;QAClFoE,OAAOpF,cAAM,EAAE6F,GAAG,CAACC,gBAAgB;IACrC;IAEAX,GAAG,6CAA6C;QAC9C,MAAMY,OAAO7F,UAAU;YAAEE,IAAI;QAAG;QAChCmB,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACgF;QACxCxE,aAAa8C,OAAO,CAACtD,iBAAiB,CAACgF;QAEvC,MAAMN,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ,gBAAgB,YAAY;QAEpFN,OAAOK,KAAKO,IAAI,CAACD;QACjBX,OAAO7D,aAAa8C,OAAO,EAAEuB,oBAAoB,CAACG,MAAM,gBAAgB,YAAY;QACpFX,OAAOpF,cAAM,EAAE6F,GAAG,CAACC,gBAAgB;IACrC;IAEAX,GAAG,6CAA6C;QAC9C5D,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;YAAEV,OAAO;YAAQM,SAAS;YAAOC,UAAU;QAAM;QACzF,MAAMqF,iBAAiB1G,KAAK2G,KAAK,CAAC5E,gBAAgB,CAAC,SAAS,EAAE,SAASrB,kBAAkB,CAAC,IAAMe;QAEhG,MAAMoE,OAAO9D,iBAAiBoE,YAAY,CAAC,QAAQ,QAAQS,OAAO,CAACC,OAAO,CAAC;QAC3EhB,OAAOa,gBAAgBH,gBAAgB;IACzC;IAEAX,GAAG,mEAAmE;QACpE,MAAMkB,eAAoBnG,UAAU;YAAEE,IAAI;QAAE;QAC5CmB,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACsF;QACxChD,sBAAsB;QAEtB,MAAMoC,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ,UAAU;QAElEN,OAAOK,KAAKa,QAAQ;QACpBlB,OAAO7D,aAAa8C,OAAO,EAAEwB,GAAG,CAACC,gBAAgB;QACjDV,OAAO7D,aAAa+C,cAAc,EAAEuB,GAAG,CAACC,gBAAgB;IAC1D;IAEAX,GAAG,mEAAmE;QACpE,MAAMkB,eAAoBnG,UAAU;YAAEE,IAAI;QAAG;QAC7CmB,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACsF;QACxCjD;QACAK,kBAAkB,EAAE;QAEpB,MAAM8C,OAAO,MAAMjF,iBAAiBoE,YAAY,CAAC,QAAQ;QAEzDN,OAAOmB,MAAMD,QAAQ;QAErBpF,WAAWpB,MAAM,CAACyD,iBAAiB,CAAC,IAAIiD,MAAM;QAC9C,MAAMC,OAAO,MAAMnF,iBAAiBoE,YAAY,CAAC,QAAQ;QAEzDN,OAAOqB,MAAMH,QAAQ;QACrBlB,OAAO7D,aAAa+C,cAAc,EAAEuB,GAAG,CAACC,gBAAgB;IAC1D;IAEAX,GAAG,kFAAkF;QACnF,MAAMkB,eAAoBnG,UAAU;YAAEE,IAAI;QAAE;QAC5CmB,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACsF;QACxC9E,aAAa8C,OAAO,CAACtD,iBAAiB,CAACsF;QACvC,MAAMK,MAAMC,OAAOC,MAAM,CAAC,IAAIJ,MAAM,yBAAyB;YAAEK,MAAMC,MAAMC,IAAI,CAACC,gCAAkB,CAAC,CAAC,EAAE;QAAC;QACvG9F,WAAWtB,IAAI,CAAC2D,iBAAiB,CAAC;YAAE0D,QAAQ;gBAACP;aAAI;QAAC;QAClDxF,WAAWnB,MAAM,CAACgB,iBAAiB,CAACC;QAEpC,MAAMyE,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ,OAAO;QAE/DN,OAAOK,KAAKO,IAAI,CAACK;QACjBjB,OAAO7D,aAAa8C,OAAO,EAAEuB,oBAAoB,CAACS,cAAc,OAAO;IACzE;IAEAlB,GAAG,sFAAsF;QACvF1D,cAAc;YAAEU,SAAS;gBAAEG,4BAA4B;YAAM;QAAE;QAC/D,MAAM+D,eAAoBnG,UAAU;YAAEE,IAAI;QAAE;QAC5CmB,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACsF;QACxC,MAAMK,MAAMC,OAAOC,MAAM,CAAC,IAAIJ,MAAM,yBAAyB;YAAEK,MAAMC,MAAMC,IAAI,CAACC,gCAAkB,CAAC,CAAC,EAAE;QAAC;QACvG9F,WAAWtB,IAAI,CAAC2D,iBAAiB,CAAC;YAAE0D,QAAQ;gBAACP;aAAI;QAAC;QAClDxF,WAAWnB,MAAM,CAACgB,iBAAiB,CAACC;QAEpC,MAAMoE,OAAO9D,iBAAiBoE,YAAY,CAAC,QAAQ,QAAQS,OAAO,CAACC,OAAO,CAAC;IAC7E;IAEAjB,GAAG,2FAA2F;QAC5F1D,cAAc;YAAEU,SAAS;gBAAEG,4BAA4B;YAAM;QAAE;QAC/D,MAAM+D,eAAoBnG,UAAU;YAAEE,IAAI;YAAGS,SAAS;QAAK;QAC3DU,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACsF;QACxC9E,aAAa8C,OAAO,CAACtD,iBAAiB,CAACsF;QACvC,MAAMK,MAAMC,OAAOC,MAAM,CAAC,IAAIJ,MAAM,yBAAyB;YAAEK,MAAMC,MAAMC,IAAI,CAACC,gCAAkB,CAAC,CAAC,EAAE;QAAC;QACvG9F,WAAWtB,IAAI,CAAC2D,iBAAiB,CAAC;YAAE0D,QAAQ;gBAACP;aAAI;QAAC;QAClDxF,WAAWnB,MAAM,CAACgB,iBAAiB,CAACC;QAEpC,MAAMyE,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ;QAExDN,OAAOK,KAAKO,IAAI,CAACK;QACjBjB,OAAO7D,aAAa8C,OAAO,EAAEuB,oBAAoB,CAACS,cAAc,OAAOrF;IACzE;IAEAmE,GAAG,4DAA4D;QAC7D5D,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;QACxCqC;QACAK,kBAAkB;YAAC;gBAAEyD,KAAK;gBAAQC,IAAI;gBAAYC,MAAMpG;YAAU;SAAE;QACpE,MAAMiF,iBAAiB1G,KAAK2G,KAAK,CAAC5E,gBAAgB,CAAC,SAAS,EAAE,SAASrB,kBAAkB,CAAC,IAAMe;QAEhG,MAAMyE,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ;QAExDN,OAAOK,KAAKa,QAAQ;QACpBlB,OAAO5D,kBAAkBkD,iBAAiB,EAAEmB,GAAG,CAACC,gBAAgB;QAChEV,OAAOa,gBAAgBH,gBAAgB;IACzC;IAEAX,GAAG,6DAA6D;QAC9D1D,cAAc;YAAEU,SAAS;gBAAEC,gBAAgB;YAAM;QAAE;QACnDb,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;QACxC,MAAMsG,eAAe9H,KAAK2G,KAAK,CAAW5E,kBAAyB,aAAaP,iBAAiB,CAAC;YAChGmG,KAAK;YACLE,MAAM;QACR;QAEA,MAAMhC,OAAO9D,iBAAiBoE,YAAY,CAAC,QAAQ,QAAQS,OAAO,CAACC,OAAO,CAAC;QAC3EiB,aAAaC,WAAW;IAC1B;IAEAnC,GAAG,6EAA6E;QAC9E1D,cAAc;YACZU,SAAS;gBACPoF,YAAY;gBACZlF,uBAAuB;oBAACmF,qBAAe,CAACC,cAAc;oBAAED,qBAAe,CAACE,MAAM;iBAAC;YACjF;QACF;QACAnG,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;QACxCqC;QACAK,kBAAkB;YAChB;gBACEyD,KAAK;gBACLS,WAAW;gBACXC,IAAI;gBACJR,MAAM;gBACNS,UAAU;oBAAC;iBAAwC;YACrD;SACD;QACD,MAAMC,cAAmB;YAAE1H,IAAI;YAAGC,OAAO;YAAQM,SAAS;YAAOC,UAAU;YAAME,WAAWvB,KAAKM,EAAE;QAAG;QACtG2B,kBAAkBkD,iBAAiB,CAAC3D,iBAAiB,CAAC+G;QACtDvG,aAAaiD,UAAU,CAACzD,iBAAiB,CAAC+G;QAE1C,MAAMrC,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ,OAAO;QAE/DN,OAAO5D,kBAAkBkD,iBAAiB,EAAEkB,oBAAoB,CAC9D;YACEvF,OAAO;YACPC,OAAO;YACPC,UAAU;YACVC,MAAMC,eAAS,CAACsH,aAAa;YAC7BC,WAAW;YACXC,UAAU;YACVC,aAAa;QACf,GACAzH,eAAS,CAACsH,aAAa;QAEzB3C,OAAOK,KAAKO,IAAI,CAAC8B;QACjB1C,OAAO7D,aAAa+C,cAAc,EAAEsB,oBAAoB,CAACkC,aAAa,gBAAgB;IACxF;IAEA3C,GAAG,uCAAuC;QACxC1D,cAAc;YACZU,SAAS;gBACPoF,YAAY;YACd;QACF;QACAhG,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;QACxCqC;QACAK,kBAAkB;YAChB;gBACEyD,KAAK;gBACLS,WAAW;gBACXC,IAAI;gBACJR,MAAM;gBACNS,UAAU;oBAAC;iBAAwC;YACrD;SACD;QACD,MAAMC,cAAmB;YAAE1H,IAAI;YAAGC,OAAO;YAAQM,SAAS;YAAOC,UAAU;YAAME,WAAWvB,KAAKM,EAAE;QAAG;QACtG2B,kBAAkBkD,iBAAiB,CAAC3D,iBAAiB,CAAC+G;QACtDvG,aAAaiD,UAAU,CAACzD,iBAAiB,CAAC+G;QAE1C,MAAMrC,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ;QAExDN,OAAO5D,kBAAkBkD,iBAAiB,EAAEkB,oBAAoB,CAC9DR,OAAO+C,gBAAgB,CAAC;YAAE3H,MAAMC,eAAS,CAACsH,aAAa;QAAC,IACxDtH,eAAS,CAACsH,aAAa;QAEzB3C,OAAOK,KAAKO,IAAI,CAAC8B;IACnB;IAEA3C,GAAG,+EAA+E;QAChF1D,cAAc;YAAEU,SAAS;gBAAEoF,YAAY;YAAS;QAAE;QAClDhG,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;QACxCqC;QACAlC,WAAWpB,MAAM,CACdsI,qBAAqB,CAAC;YACrBzE,eAAe;gBACb;oBACEuD,KAAK;oBACLC,IAAI;oBACJC,MAAM;oBACNiB,IAAI;gBACN;aACD;QACH,GACCD,qBAAqB,CAAC;YAAEzE,eAAe;gBAAC;oBAAEwD,IAAI;gBAAS;aAAE;QAAC;QAC7D,MAAMW,cAAmB;YAAE1H,IAAI;YAAGC,OAAO;YAAQM,SAAS;YAAOC,UAAU;YAAME,WAAWvB,KAAKM,EAAE;QAAG;QACtG2B,kBAAkBkD,iBAAiB,CAAC3D,iBAAiB,CAAC+G;QACtDvG,aAAaiD,UAAU,CAACzD,iBAAiB,CAAC+G;QAE1C,MAAMrC,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ;QAExDN,OAAO5D,kBAAkBkD,iBAAiB,EAAEkB,oBAAoB,CAC9DR,OAAO+C,gBAAgB,CAAC;YAAE3H,MAAMC,eAAS,CAACsH,aAAa;QAAC,IACxDtH,eAAS,CAACsH,aAAa;QAEzB3C,OAAOK,KAAKO,IAAI,CAAC8B;IACnB;IAEA3C,GAAG,6DAA6D;QAC9D1D,cAAc;YACZyB,eAAe;YACfC,qBAAqB;QACvB;QACA5B,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;QACxCqC;QACAlC,WAAWpB,MAAM,CAACsI,qBAAqB,CAAC;YACtCzE,eAAe;gBAAC;oBAAEuD,KAAK;oBAAQC,IAAI;oBAAYC,MAAM;oBAAoBiB,IAAI;gBAAuC;aAAE;QACxH;QACA,MAAMP,cAAmB;YAAE1H,IAAI;YAAGC,OAAO;YAAQM,SAAS;YAAOC,UAAU;YAAME,WAAWvB,KAAKM,EAAE;QAAG;QACtG2B,kBAAkBkD,iBAAiB,CAAC3D,iBAAiB,CAAC+G;QACtDvG,aAAaiD,UAAU,CAACzD,iBAAiB,CAAC+G;QAE1C,MAAMxG,iBAAiBoE,YAAY,CAAC,QAAQ;QAE5CN,OAAOlE,WAAWtB,IAAI,EAAEgG,oBAAoB,CAAC,4BAA4B;QACzER,OAAOlE,WAAWtB,IAAI,EAAEgG,oBAAoB,CAAC,wCAAwC;IACvF;IAEAT,GAAG,wEAAwE;QACzE1D,cAAc;YACZyB,eAAe;YACfC,qBAAqB;QACvB;QACA5B,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;QACxCqC;QACAlC,WAAWpB,MAAM,CAACsI,qBAAqB,CAAC;YAAEzE,eAAe,EAAE;QAAC;QAE5D,MAAM8B,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ;QAExDN,OAAOK,KAAKa,QAAQ;QACpBlB,OAAOlE,WAAWtB,IAAI,EAAEgG,oBAAoB,CAAC,4BAA4B;QACzER,OAAOlE,WAAWtB,IAAI,EAAEiG,GAAG,CAACD,oBAAoB,CAAC,wCAAwC;IAC3F;IAEAT,GAAG,8DAA8D;QAC/D1D,cAAc;YACZyB,eAAe;YACfC,qBAAqB;QACvB;QACA5B,aAAa6C,QAAQ,CAACrD,iBAAiB,CAAC;QACxCG,WAAWnB,MAAM,CAACgB,iBAAiB,CAACC;QACpCE,WAAWtB,IAAI,CAACwI,qBAAqB,CAACpH,WAAWsH,qBAAqB,CAAC,IAAI9E,+BAAuB,CAAC;QACnGtC,WAAWpB,MAAM,CAACsI,qBAAqB,CAAC;YACtCzE,eAAe;gBAAC;oBAAE0E,IAAI;oBAAwClB,IAAI;gBAAW;aAAE;QACjF;QAEA,MAAM1B,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ;QAExDN,OAAOK,KAAKa,QAAQ;QACpBlB,OAAOlE,WAAWtB,IAAI,EAAEgG,oBAAoB,CAAC,4BAA4B;QACzER,OAAOlE,WAAWtB,IAAI,EAAEgG,oBAAoB,CAAC,wCAAwC;IACvF;IAEAT,GAAG,4DAA4D;QAC7D1D,cAAc;YAAEU,SAAS;gBAAEoF,YAAYvG;YAAU;QAAE;QACnD,MAAMqF,eAAoBnG,UAAU;YAAEE,IAAI;YAAGI,MAAMC,eAAS,CAACsH,aAAa;QAAC;QAC3ExG,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACsF;QACxCjD;QACAK,kBAAkB;YAAC;gBAAEyD,KAAK;gBAAQC,IAAI;gBAAYC,MAAM;YAAmB;SAAE;QAC7E7H,KAAK2G,KAAK,CAACqC,YAAiB,mBAAmBxH,iBAAiB,CAAC;QAEjE,MAAMO,iBAAiBoE,YAAY,CAAC,QAAQ;QAE5CN,OAAO5D,kBAAkBmD,iBAAiB,EAAEmB,gBAAgB;QAC5D,MAAM0C,aAAahH,kBAAkBmD,iBAAiB,CAACnF,IAAI,CAACiJ,KAAK,CAAC,EAAE,CAAC,EAAE;QACvErD,OAAOoD,YAAY7C,OAAO,CAACP,OAAO+C,gBAAgB,CAAC;YAAE7H,OAAO;QAAmB;QAC/E8E,OAAOoD,YAAY7C,OAAO,CAACP,OAAOS,GAAG,CAACsC,gBAAgB,CAAC;YAAE3H,MAAM4E,OAAOsD,QAAQ;QAAG;IACnF;IAEAvD,GAAG,sEAAsE;QACvE,MAAMkB,eAAoBnG,UAAU;YAAEE,IAAI;QAAE;QAC5CmB,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACsF;QACxCjD;QACAK,kBAAkB;YAAC;gBAAEyD,KAAK;gBAAQyB,aAAa;gBAAYvB,MAAM;YAAmB;SAAE;QACtF,MAAMwB,aAAarJ,KAAK2G,KAAK,CAACqC,YAAiB,mBAAmBxH,iBAAiB,CAAC;QACpF,MAAM8H,WAAWtJ,KAAK2G,KAAK,CAACqC,YAAiB,iBAAiBO,eAAe,CAAC;YAAEd,WAAW;YAAQC,UAAU;QAAM;QAEnH,MAAMxC,MAAM,MAAMnE,iBAAiBoE,YAAY,CAAC,QAAQ,sBAAsB;QAE9EN,OAAO5D,kBAAkBmD,iBAAiB,EAAEiB,oBAAoB,CAC9D,GACAR,OAAO+C,gBAAgB,CAAC;YACtB7H,OAAO;YACP0H,WAAW;YACXC,UAAU;QACZ;QAEF7C,OAAOiB,aAAa9F,QAAQ,EAAEyF,IAAI,CAAC;QACnCZ,OAAOiB,cAAc0C,aAAa,CAAC;YAAEzI,OAAO;YAAoB0H,WAAW;YAAQC,UAAU;QAAM;QACnG7C,OAAOiB,aAAapF,WAAW,EAAE2E,oBAAoB,CAAC;QACtDR,OAAO7D,aAAa+C,cAAc,EAAEsB,oBAAoB,CAACS,cAAc,aAAa;QACpFjB,OAAOK,KAAKO,IAAI,CAACK;QAEjBuC,WAAWtB,WAAW;QACtBuB,SAASvB,WAAW;IACtB;IAEAnC,GAAG,oEAAoE;QACrE,MAAMkB,eAAoBnG,UAAU;YAAEE,IAAI;YAAGC,OAAO;QAAO;QAC3DkB,aAAa6C,QAAQ,CAACrD,iBAAiB,CAACsF;QACxCjD;QACAK,kBAAkB;YAAC;gBAAEyD,KAAK;gBAAQC,IAAI;gBAAYC,MAAM;YAAmB;SAAE;QAE7E,MAAMhC,OAAO9D,iBAAiBoE,YAAY,CAAC,QAAQ,QAAQS,OAAO,CAACC,OAAO,CAAC;IAC7E;IAEAjB,GAAG,iEAAiE;QAClE1D,cAAc;YAAEG,YAAY;gBAAEvB,OAAOwB,kCAAe,CAACiB,GAAG;YAAC;YAAGkG,WAAW;YAAe9G,QAAQ;QAAsB;QACpH,MAAM+G,UAAU,AAAC3H,iBAAyB4H,cAAc,CAAC;QACzD9D,OAAO6D,SAASjD,IAAI,CAAC;QACrB,MAAMmD,WAAW,AAAC7H,iBAAyB8H,eAAe,CAAC,iBAAiB;QAC5EhE,OAAO+D,UAAUE,SAAS,CAAC;QAC3BjE,OAAO+D,UAAUE,SAAS,CAAC;QAC3BjE,OAAO+D,UAAUE,SAAS,CAAC;QAC3BjE,OAAO+D,UAAUE,SAAS,CAAC;QAE3B5H,cAAc;YAAEG,YAAY;gBAAEvB,OAAOwB,kCAAe,CAACC,GAAG;YAAC;YAAGI,QAAQ;QAAkB;QACtF,MAAMoH,aAAa,AAAChI,iBAAyB8H,eAAe,CAAC,QAAQ;QACrEhE,OAAOkE,YAAYD,SAAS,CAAC;QAC7BjE,OAAOkE,YAAYD,SAAS,CAAC;QAC7BjE,OAAOkE,YAAYD,SAAS,CAAC;QAC7BjE,OAAOkE,YAAYD,SAAS,CAAC;IAC/B;IAEAlE,GAAG,mEAAmE;QACpE,MAAMoE,QAAQ;YACZrC,KAAK;gBAAC;aAAO;YACbE,MAAM;gBAAC;gBAAoB;aAAoB;YAC/CS,UAAU;gBAAC;gBAAyC;aAAuC;QAC7F;QAEA,MAAM2B,aAAa,AAAClI,iBAAyBmI,sBAAsB,CAACF;QAEpEnE,OAAOoE,WAAWtC,GAAG,EAAElB,IAAI,CAAC;QAC5BZ,OAAOoE,WAAWpC,IAAI,EAAEpB,IAAI,CAAC;QAC7BZ,OAAOoE,WAAW3B,QAAQ,EAAElC,OAAO,CAAC;YAAC;YAAyC;YAAU;YAAwC;SAAQ;IAC1I;IAEAR,GAAG,yEAAyE;QAC1E1D,cAAc;YAAEG,YAAY;gBAAEvB,OAAOwB,kCAAe,CAACgB,GAAG;YAAC;YAAG6G,aAAa;QAAO;QAChF,MAAMC,WAAW,AAACrI,iBAAyB4H,cAAc,CAAC;QAC1D9D,OAAOuE,UAAU3D,IAAI,CAAC;IACxB;AACF"}

package/server/authentication/{services/auth-methods/auth-method-database.service.js → providers/mysql/auth-provider-mysql.service.js} RENAMED Viewed

@@ -1,15 +1,11 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
+"use strict";
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
-Object.defineProperty(exports, "AuthMethodDatabase", {
+Object.defineProperty(exports, "AuthProviderMySQL", {
     enumerable: true,
     get: function() {
-        return AuthMethodDatabase;
+        return AuthProviderMySQL;
     }
 });
 const _common = require("@nestjs/common");
@@ -24,32 +20,38 @@ function _ts_decorate(decorators, target, key, desc) {
 function _ts_metadata(k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 }
-let AuthMethodDatabase = class AuthMethodDatabase {
+let AuthProviderMySQL = class AuthProviderMySQL {
     async validateUser(loginOrEmail, password, ip, scope) {
         let user;
         try {
             user = await this.usersManager.findUser(loginOrEmail, false);
         } catch (e) {
-            this.logger.error(`${this.validateUser.name} - ${e}`);
+            this.logger.error({
+                tag: this.validateUser.name,
+                msg: `${e}`
+            });
             throw new _common.HttpException(_appconstants.CONNECT_ERROR_CODE.has(e.cause?.code) ? 'Authentication service error' : e.cause?.code || e.message, _common.HttpStatus.INTERNAL_SERVER_ERROR);
         }
         if (!user) {
-            this.logger.warn(`${this.validateUser.name} - login or email not found for *${loginOrEmail}*`);
+            this.logger.warn({
+                tag: this.validateUser.name,
+                msg: `login or email not found for *${loginOrEmail}*`
+            });
             return null;
         }
         return await this.usersManager.logUser(user, password, ip, scope);
     }
     constructor(usersManager){
         this.usersManager = usersManager;
-        this.logger = new _common.Logger(AuthMethodDatabase.name);
+        this.logger = new _common.Logger(AuthProviderMySQL.name);
     }
 };
-AuthMethodDatabase = _ts_decorate([
+AuthProviderMySQL = _ts_decorate([
     (0, _common.Injectable)(),
     _ts_metadata("design:type", Function),
     _ts_metadata("design:paramtypes", [
         typeof _usersmanagerservice.UsersManager === "undefined" ? Object : _usersmanagerservice.UsersManager
     ])
-], AuthMethodDatabase);
+], AuthProviderMySQL);
-//# sourceMappingURL=auth-method-database.service.js.map
+//# sourceMappingURL=auth-provider-mysql.service.js.map

package/server/authentication/providers/mysql/auth-provider-mysql.service.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../../../backend/src/authentication/providers/mysql/auth-provider-mysql.service.ts"],"sourcesContent":["import { HttpException, HttpStatus, Injectable, Logger } from '@nestjs/common'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { AUTH_SCOPE } from '../../constants/scope'\nimport { AuthProvider } from '../auth-providers.models'\n\n@Injectable()\nexport class AuthProviderMySQL implements AuthProvider {\n private readonly logger = new Logger(AuthProviderMySQL.name)\n\n constructor(private readonly usersManager: UsersManager) {}\n\n async validateUser(loginOrEmail: string, password: string, ip?: string, scope?: AUTH_SCOPE): Promise<UserModel> {\n let user: UserModel\n try {\n user = await this.usersManager.findUser(loginOrEmail, false)\n } catch (e) {\n this.logger.error({ tag: this.validateUser.name, msg: `${e}` })\n throw new HttpException(\n CONNECT_ERROR_CODE.has(e.cause?.code) ? 'Authentication service error' : e.cause?.code || e.message,\n HttpStatus.INTERNAL_SERVER_ERROR\n )\n }\n if (!user) {\n this.logger.warn({ tag: this.validateUser.name, msg: `login or email not found for *${loginOrEmail}*` })\n return null\n }\n return await this.usersManager.logUser(user, password, ip, scope)\n }\n}\n"],"names":["AuthProviderMySQL","validateUser","loginOrEmail","password","ip","scope","user","usersManager","findUser","e","logger","error","tag","name","msg","HttpException","CONNECT_ERROR_CODE","has","cause","code","message","HttpStatus","INTERNAL_SERVER_ERROR","warn","logUser","Logger"],"mappings":";;;;+BAQaA;;;eAAAA;;;wBARiD;8BAC3B;qCAEN;;;;;;;;;;AAKtB,IAAA,AAAMA,oBAAN,MAAMA;IAKX,MAAMC,aAAaC,YAAoB,EAAEC,QAAgB,EAAEC,EAAW,EAAEC,KAAkB,EAAsB;QAC9G,IAAIC;QACJ,IAAI;YACFA,OAAO,MAAM,IAAI,CAACC,YAAY,CAACC,QAAQ,CAACN,cAAc;QACxD,EAAE,OAAOO,GAAG;YACV,IAAI,CAACC,MAAM,CAACC,KAAK,CAAC;gBAAEC,KAAK,IAAI,CAACX,YAAY,CAACY,IAAI;gBAAEC,KAAK,GAAGL,GAAG;YAAC;YAC7D,MAAM,IAAIM,qBAAa,CACrBC,gCAAkB,CAACC,GAAG,CAACR,EAAES,KAAK,EAAEC,QAAQ,iCAAiCV,EAAES,KAAK,EAAEC,QAAQV,EAAEW,OAAO,EACnGC,kBAAU,CAACC,qBAAqB;QAEpC;QACA,IAAI,CAAChB,MAAM;YACT,IAAI,CAACI,MAAM,CAACa,IAAI,CAAC;gBAAEX,KAAK,IAAI,CAACX,YAAY,CAACY,IAAI;gBAAEC,KAAK,CAAC,8BAA8B,EAAEZ,aAAa,CAAC,CAAC;YAAC;YACtG,OAAO;QACT;QACA,OAAO,MAAM,IAAI,CAACK,YAAY,CAACiB,OAAO,CAAClB,MAAMH,UAAUC,IAAIC;IAC7D;IAlBA,YAAY,AAAiBE,YAA0B,CAAE;aAA5BA,eAAAA;aAFZG,SAAS,IAAIe,cAAM,CAACzB,kBAAkBa,IAAI;IAED;AAmB5D"}

package/server/authentication/{services/auth-methods/auth-method-database.service.spec.js → providers/mysql/auth-provider-mysql.service.spec.js} RENAMED Viewed

@@ -1,8 +1,4 @@
-/*
- * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
- * This file is part of Sync-in | The open source file sync and share solution
- * See the LICENSE file for licensing details
- */ "use strict";
+"use strict";
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
@@ -18,22 +14,22 @@ const _test = require("../../../applications/users/utils/test");
 const _functions = require("../../../common/functions");
 const _cacheservice = require("../../../infrastructure/cache/services/cache.service");
 const _constants = require("../../../infrastructure/database/constants");
-const _authmanagerservice = require("../auth-manager.service");
-const _authmethoddatabaseservice = require("./auth-method-database.service");
-describe(_authmethoddatabaseservice.AuthMethodDatabase.name, ()=>{
-    let authMethodDatabase;
+const _authservice = require("../../auth.service");
+const _authprovidermysqlservice = require("./auth-provider-mysql.service");
+describe(_authprovidermysqlservice.AuthProviderMySQL.name, ()=>{
+    let authProviderMySQL;
     let usersManager;
     let userTest;
     beforeAll(async ()=>{
         const module = await _testing.Test.createTestingModule({
             providers: [
-                _authmethoddatabaseservice.AuthMethodDatabase,
+                _authprovidermysqlservice.AuthProviderMySQL,
                 _usersmanagerservice.UsersManager,
                 _usersqueriesservice.UsersQueries,
                 _adminusersmanagerservice.AdminUsersManager,
                 _adminusersqueriesservice.AdminUsersQueries,
                 {
-                    provide: _authmanagerservice.AuthManager,
+                    provide: _authservice.AuthManager,
                     useValue: {}
                 },
                 {
@@ -50,7 +46,7 @@ describe(_authmethoddatabaseservice.AuthMethodDatabase.name, ()=>{
                 }
             ]
         }).compile();
-        authMethodDatabase = module.get(_authmethoddatabaseservice.AuthMethodDatabase);
+        authProviderMySQL = module.get(_authprovidermysqlservice.AuthProviderMySQL);
         usersManager = module.get(_usersmanagerservice.UsersManager);
         module.useLogger([
             'fatal'
@@ -60,7 +56,7 @@ describe(_authmethoddatabaseservice.AuthMethodDatabase.name, ()=>{
         usersManager.updateAccesses = jest.fn(()=>Promise.resolve());
     });
     it('should be defined', ()=>{
-        expect(authMethodDatabase).toBeDefined();
+        expect(authProviderMySQL).toBeDefined();
         expect(usersManager).toBeDefined();
         expect(userTest).toBeDefined();
     });
@@ -70,7 +66,7 @@ describe(_authmethoddatabaseservice.AuthMethodDatabase.name, ()=>{
             ...userTest,
             password: await (0, _functions.hashPassword)(userTest.password)
         });
-        expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeDefined();
+        expect(await authProviderMySQL.validateUser(userTest.login, userTest.password)).toBeDefined();
         expect(userTest.makePaths).toHaveBeenCalled();
     });
     it('should not validate the user', async ()=>{
@@ -85,11 +81,11 @@ describe(_authmethoddatabaseservice.AuthMethodDatabase.name, ()=>{
                 code: Array.from(_appconstants.CONNECT_ERROR_CODE)[0]
             }
         }));
-        expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull();
-        expect(await authMethodDatabase.validateUser(userTest.login, userTest.password)).toBeNull();
-        await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow(/db error/i);
-        await expect(authMethodDatabase.validateUser(userTest.login, userTest.password)).rejects.toThrow(/authentication service/i);
+        expect(await authProviderMySQL.validateUser(userTest.login, userTest.password)).toBeNull();
+        expect(await authProviderMySQL.validateUser(userTest.login, userTest.password)).toBeNull();
+        await expect(authProviderMySQL.validateUser(userTest.login, userTest.password)).rejects.toThrow(/db error/i);
+        await expect(authProviderMySQL.validateUser(userTest.login, userTest.password)).rejects.toThrow(/authentication service/i);
     });
 });
-//# sourceMappingURL=auth-method-database.service.spec.js.map
+//# sourceMappingURL=auth-provider-mysql.service.spec.js.map

package/server/authentication/providers/mysql/auth-provider-mysql.service.spec.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../../../backend/src/authentication/providers/mysql/auth-provider-mysql.service.spec.ts"],"sourcesContent":["import { Test, TestingModule } from '@nestjs/testing'\nimport { CONNECT_ERROR_CODE } from '../../../app.constants'\nimport { NotificationsManager } from '../../../applications/notifications/services/notifications-manager.service'\nimport { UserModel } from '../../../applications/users/models/user.model'\nimport { AdminUsersManager } from '../../../applications/users/services/admin-users-manager.service'\nimport { AdminUsersQueries } from '../../../applications/users/services/admin-users-queries.service'\nimport { UsersManager } from '../../../applications/users/services/users-manager.service'\nimport { UsersQueries } from '../../../applications/users/services/users-queries.service'\nimport { generateUserTest } from '../../../applications/users/utils/test'\nimport { hashPassword } from '../../../common/functions'\nimport { Cache } from '../../../infrastructure/cache/services/cache.service'\nimport { DB_TOKEN_PROVIDER } from '../../../infrastructure/database/constants'\nimport { AuthManager } from '../../auth.service'\nimport { AuthProviderMySQL } from './auth-provider-mysql.service'\n\ndescribe(AuthProviderMySQL.name, () => {\n let authProviderMySQL: AuthProviderMySQL\n let usersManager: UsersManager\n let userTest: UserModel\n\n beforeAll(async () => {\n const module: TestingModule = await Test.createTestingModule({\n providers: [\n AuthProviderMySQL,\n UsersManager,\n UsersQueries,\n AdminUsersManager,\n AdminUsersQueries,\n { provide: AuthManager, useValue: {} },\n { provide: DB_TOKEN_PROVIDER, useValue: {} },\n { provide: Cache, useValue: {} },\n { provide: NotificationsManager, useValue: {} }\n ]\n }).compile()\n\n authProviderMySQL = module.get<AuthProviderMySQL>(AuthProviderMySQL)\n usersManager = module.get<UsersManager>(UsersManager)\n module.useLogger(['fatal'])\n // mocks\n userTest = new UserModel(generateUserTest(), false)\n usersManager.updateAccesses = jest.fn(() => Promise.resolve())\n })\n\n it('should be defined', () => {\n expect(authProviderMySQL).toBeDefined()\n expect(usersManager).toBeDefined()\n expect(userTest).toBeDefined()\n })\n\n it('should validate the user', async () => {\n userTest.makePaths = jest.fn()\n usersManager.findUser = jest.fn().mockReturnValue({ ...userTest, password: await hashPassword(userTest.password) })\n expect(await authProviderMySQL.validateUser(userTest.login, userTest.password)).toBeDefined()\n expect(userTest.makePaths).toHaveBeenCalled()\n })\n\n it('should not validate the user', async () => {\n usersManager.findUser = jest\n .fn()\n .mockReturnValueOnce(null)\n .mockReturnValueOnce({ ...userTest, password: await hashPassword('bar') })\n .mockRejectedValueOnce({ message: 'db error', code: 'OTHER' })\n .mockRejectedValueOnce(\n new Error('Authentication service error', {\n cause: { code: Array.from(CONNECT_ERROR_CODE)[0] }\n })\n )\n expect(await authProviderMySQL.validateUser(userTest.login, userTest.password)).toBeNull()\n expect(await authProviderMySQL.validateUser(userTest.login, userTest.password)).toBeNull()\n await expect(authProviderMySQL.validateUser(userTest.login, userTest.password)).rejects.toThrow(/db error/i)\n await expect(authProviderMySQL.validateUser(userTest.login, userTest.password)).rejects.toThrow(/authentication service/i)\n })\n})\n"],"names":["describe","AuthProviderMySQL","name","authProviderMySQL","usersManager","userTest","beforeAll","module","Test","createTestingModule","providers","UsersManager","UsersQueries","AdminUsersManager","AdminUsersQueries","provide","AuthManager","useValue","DB_TOKEN_PROVIDER","Cache","NotificationsManager","compile","get","useLogger","UserModel","generateUserTest","updateAccesses","jest","fn","Promise","resolve","it","expect","toBeDefined","makePaths","findUser","mockReturnValue","password","hashPassword","validateUser","login","toHaveBeenCalled","mockReturnValueOnce","mockRejectedValueOnce","message","code","Error","cause","Array","from","CONNECT_ERROR_CODE","toBeNull","rejects","toThrow"],"mappings":";;;;yBAAoC;8BACD;6CACE;2BACX;0CACQ;0CACA;qCACL;qCACA;sBACI;2BACJ;8BACP;2BACY;6BACN;0CACM;AAElCA,SAASC,2CAAiB,CAACC,IAAI,EAAE;IAC/B,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACR,MAAMC,SAAwB,MAAMC,aAAI,CAACC,mBAAmB,CAAC;YAC3DC,WAAW;gBACTT,2CAAiB;gBACjBU,iCAAY;gBACZC,iCAAY;gBACZC,2CAAiB;gBACjBC,2CAAiB;gBACjB;oBAAEC,SAASC,wBAAW;oBAAEC,UAAU,CAAC;gBAAE;gBACrC;oBAAEF,SAASG,4BAAiB;oBAAED,UAAU,CAAC;gBAAE;gBAC3C;oBAAEF,SAASI,mBAAK;oBAAEF,UAAU,CAAC;gBAAE;gBAC/B;oBAAEF,SAASK,iDAAoB;oBAAEH,UAAU,CAAC;gBAAE;aAC/C;QACH,GAAGI,OAAO;QAEVlB,oBAAoBI,OAAOe,GAAG,CAAoBrB,2CAAiB;QACnEG,eAAeG,OAAOe,GAAG,CAAeX,iCAAY;QACpDJ,OAAOgB,SAAS,CAAC;YAAC;SAAQ;QAC1B,QAAQ;QACRlB,WAAW,IAAImB,oBAAS,CAACC,IAAAA,sBAAgB,KAAI;QAC7CrB,aAAasB,cAAc,GAAGC,KAAKC,EAAE,CAAC,IAAMC,QAAQC,OAAO;IAC7D;IAEAC,GAAG,qBAAqB;QACtBC,OAAO7B,mBAAmB8B,WAAW;QACrCD,OAAO5B,cAAc6B,WAAW;QAChCD,OAAO3B,UAAU4B,WAAW;IAC9B;IAEAF,GAAG,4BAA4B;QAC7B1B,SAAS6B,SAAS,GAAGP,KAAKC,EAAE;QAC5BxB,aAAa+B,QAAQ,GAAGR,KAAKC,EAAE,GAAGQ,eAAe,CAAC;YAAE,GAAG/B,QAAQ;YAAEgC,UAAU,MAAMC,IAAAA,uBAAY,EAACjC,SAASgC,QAAQ;QAAE;QACjHL,OAAO,MAAM7B,kBAAkBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGJ,WAAW;QAC3FD,OAAO3B,SAAS6B,SAAS,EAAEO,gBAAgB;IAC7C;IAEAV,GAAG,gCAAgC;QACjC3B,aAAa+B,QAAQ,GAAGR,KACrBC,EAAE,GACFc,mBAAmB,CAAC,MACpBA,mBAAmB,CAAC;YAAE,GAAGrC,QAAQ;YAAEgC,UAAU,MAAMC,IAAAA,uBAAY,EAAC;QAAO,GACvEK,qBAAqB,CAAC;YAAEC,SAAS;YAAYC,MAAM;QAAQ,GAC3DF,qBAAqB,CACpB,IAAIG,MAAM,gCAAgC;YACxCC,OAAO;gBAAEF,MAAMG,MAAMC,IAAI,CAACC,gCAAkB,CAAC,CAAC,EAAE;YAAC;QACnD;QAEJlB,OAAO,MAAM7B,kBAAkBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGc,QAAQ;QACxFnB,OAAO,MAAM7B,kBAAkBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGc,QAAQ;QACxF,MAAMnB,OAAO7B,kBAAkBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGe,OAAO,CAACC,OAAO,CAAC;QAChG,MAAMrB,OAAO7B,kBAAkBoC,YAAY,CAAClC,SAASmC,KAAK,EAAEnC,SAASgC,QAAQ,GAAGe,OAAO,CAACC,OAAO,CAAC;IAClG;AACF"}

package/server/authentication/providers/oidc/auth-oidc-desktop.constants.js ADDED Viewed

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: Object.getOwnPropertyDescriptor(all, name).get
+    });
+}
+_export(exports, {
+    get OAuthDesktopCallBackURI () {
+        return OAuthDesktopCallBackURI;
+    },
+    get OAuthDesktopLoopbackPorts () {
+        return OAuthDesktopLoopbackPorts;
+    },
+    get OAuthDesktopPortParam () {
+        return OAuthDesktopPortParam;
+    }
+});
+const OAuthDesktopPortParam = 'desktop_port';
+const OAuthDesktopCallBackURI = '/oidc/callback';
+const OAuthDesktopLoopbackPorts = new Set([
+    49152,
+    49153,
+    49154
+]);
+//# sourceMappingURL=auth-oidc-desktop.constants.js.map

package/server/authentication/providers/oidc/auth-oidc-desktop.constants.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../../../backend/src/authentication/providers/oidc/auth-oidc-desktop.constants.ts"],"sourcesContent":["export const OAuthDesktopPortParam = 'desktop_port' as const\nexport const OAuthDesktopCallBackURI = '/oidc/callback' as const\nexport const OAuthDesktopLoopbackPorts = new Set<number>([49152, 49153, 49154])\n"],"names":["OAuthDesktopCallBackURI","OAuthDesktopLoopbackPorts","OAuthDesktopPortParam","Set"],"mappings":";;;;;;;;;;;QACaA;eAAAA;;QACAC;eAAAA;;QAFAC;eAAAA;;;AAAN,MAAMA,wBAAwB;AAC9B,MAAMF,0BAA0B;AAChC,MAAMC,4BAA4B,IAAIE,IAAY;IAAC;IAAO;IAAO;CAAM"}

package/server/authentication/providers/oidc/auth-oidc.config.js ADDED Viewed

@@ -0,0 +1,149 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: Object.getOwnPropertyDescriptor(all, name).get
+    });
+}
+_export(exports, {
+    get AuthProviderOIDCConfig () {
+        return AuthProviderOIDCConfig;
+    },
+    get AuthProviderOIDCOptionsConfig () {
+        return AuthProviderOIDCOptionsConfig;
+    },
+    get AuthProviderOIDCSecurityConfig () {
+        return AuthProviderOIDCSecurityConfig;
+    }
+});
+const _classtransformer = require("class-transformer");
+const _classvalidator = require("class-validator");
+const _user = require("../../../applications/users/constants/user");
+const _authoidcconstants = require("./auth-oidc.constants");
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+let AuthProviderOIDCSecurityConfig = class AuthProviderOIDCSecurityConfig {
+    constructor(){
+        this.scope = 'openid email profile';
+        this.tokenEndpointAuthMethod = _authoidcconstants.OAuthTokenEndpoint.ClientSecretBasic;
+        this.tokenSigningAlg = 'RS256';
+        this.userInfoSigningAlg = undefined;
+        this.skipSubjectCheck = false;
+    }
+};
+_ts_decorate([
+    (0, _classvalidator.IsString)(),
+    (0, _classvalidator.Matches)(/\bopenid\b/, {
+        message: 'OIDC scope must include "openid"'
+    })
+], AuthProviderOIDCSecurityConfig.prototype, "scope", void 0);
+_ts_decorate([
+    (0, _classtransformer.Transform)(({ value })=>value || _authoidcconstants.OAuthTokenEndpoint.ClientSecretBasic),
+    (0, _classvalidator.IsEnum)(_authoidcconstants.OAuthTokenEndpoint),
+    _ts_metadata("design:type", typeof _authoidcconstants.OAuthTokenEndpoint === "undefined" ? Object : _authoidcconstants.OAuthTokenEndpoint)
+], AuthProviderOIDCSecurityConfig.prototype, "tokenEndpointAuthMethod", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsString)(),
+    (0, _classvalidator.IsNotEmpty)()
+], AuthProviderOIDCSecurityConfig.prototype, "tokenSigningAlg", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsString)()
+], AuthProviderOIDCSecurityConfig.prototype, "userInfoSigningAlg", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsBoolean)()
+], AuthProviderOIDCSecurityConfig.prototype, "skipSubjectCheck", void 0);
+let AuthProviderOIDCOptionsConfig = class AuthProviderOIDCOptionsConfig {
+    constructor(){
+        this.autoCreateUser = true;
+        this.autoCreatePermissions = [];
+        this.autoRedirect = false;
+        this.enablePasswordAuth = true;
+        this.buttonText = 'Continue with OpenID Connect';
+    }
+};
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsBoolean)()
+], AuthProviderOIDCOptionsConfig.prototype, "autoCreateUser", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsArray)(),
+    (0, _classvalidator.IsEnum)(_user.USER_PERMISSION, {
+        each: true
+    }),
+    _ts_metadata("design:type", Array)
+], AuthProviderOIDCOptionsConfig.prototype, "autoCreatePermissions", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsBoolean)()
+], AuthProviderOIDCOptionsConfig.prototype, "autoRedirect", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsBoolean)()
+], AuthProviderOIDCOptionsConfig.prototype, "enablePasswordAuth", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsString)(),
+    _ts_metadata("design:type", String)
+], AuthProviderOIDCOptionsConfig.prototype, "adminRoleOrGroup", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsString)(),
+    (0, _classvalidator.IsNotEmpty)(),
+    _ts_metadata("design:type", String)
+], AuthProviderOIDCOptionsConfig.prototype, "buttonText", void 0);
+let AuthProviderOIDCConfig = class AuthProviderOIDCConfig {
+    constructor(){
+        this.options = new AuthProviderOIDCOptionsConfig();
+        this.security = new AuthProviderOIDCSecurityConfig();
+    }
+};
+_ts_decorate([
+    (0, _classvalidator.IsString)(),
+    (0, _classvalidator.IsNotEmpty)(),
+    _ts_metadata("design:type", String)
+], AuthProviderOIDCConfig.prototype, "issuerUrl", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsString)(),
+    (0, _classvalidator.IsNotEmpty)(),
+    _ts_metadata("design:type", String)
+], AuthProviderOIDCConfig.prototype, "clientId", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsString)(),
+    (0, _classvalidator.IsNotEmpty)(),
+    _ts_metadata("design:type", String)
+], AuthProviderOIDCConfig.prototype, "clientSecret", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsString)(),
+    (0, _classvalidator.IsNotEmpty)(),
+    _ts_metadata("design:type", String)
+], AuthProviderOIDCConfig.prototype, "redirectUri", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsDefined)(),
+    (0, _classvalidator.IsNotEmptyObject)(),
+    (0, _classvalidator.IsObject)(),
+    (0, _classvalidator.ValidateNested)(),
+    (0, _classtransformer.Type)(()=>AuthProviderOIDCOptionsConfig),
+    _ts_metadata("design:type", typeof AuthProviderOIDCOptionsConfig === "undefined" ? Object : AuthProviderOIDCOptionsConfig)
+], AuthProviderOIDCConfig.prototype, "options", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsDefined)(),
+    (0, _classvalidator.IsNotEmptyObject)(),
+    (0, _classvalidator.IsObject)(),
+    (0, _classvalidator.ValidateNested)(),
+    (0, _classtransformer.Type)(()=>AuthProviderOIDCSecurityConfig),
+    _ts_metadata("design:type", typeof AuthProviderOIDCSecurityConfig === "undefined" ? Object : AuthProviderOIDCSecurityConfig)
+], AuthProviderOIDCConfig.prototype, "security", void 0);
+//# sourceMappingURL=auth-oidc.config.js.map

package/server/authentication/providers/oidc/auth-oidc.config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../../../backend/src/authentication/providers/oidc/auth-oidc.config.ts"],"sourcesContent":["import { Transform, Type } from 'class-transformer'\nimport {\n IsArray,\n IsBoolean,\n IsDefined,\n IsEnum,\n IsNotEmpty,\n IsNotEmptyObject,\n IsObject,\n IsOptional,\n IsString,\n Matches,\n ValidateNested\n} from 'class-validator'\nimport { USER_PERMISSION } from '../../../applications/users/constants/user'\nimport { OAuthTokenEndpoint } from './auth-oidc.constants'\n\nexport class AuthProviderOIDCSecurityConfig {\n @IsString()\n @Matches(/\\bopenid\\b/, { message: 'OIDC scope must include \"openid\"' })\n scope = 'openid email profile'\n\n @Transform(({ value }) => value || OAuthTokenEndpoint.ClientSecretBasic)\n @IsEnum(OAuthTokenEndpoint)\n tokenEndpointAuthMethod: OAuthTokenEndpoint = OAuthTokenEndpoint.ClientSecretBasic\n\n @IsString()\n @IsNotEmpty()\n tokenSigningAlg = 'RS256'\n\n @IsOptional()\n @IsString()\n userInfoSigningAlg? = undefined\n\n @IsOptional()\n @IsBoolean()\n skipSubjectCheck? = false\n}\n\nexport class AuthProviderOIDCOptionsConfig {\n @IsOptional()\n @IsBoolean()\n autoCreateUser? = true\n\n @IsOptional()\n @IsArray()\n @IsEnum(USER_PERMISSION, { each: true })\n autoCreatePermissions?: USER_PERMISSION[] = []\n\n @IsOptional()\n @IsBoolean()\n autoRedirect? = false\n\n @IsOptional()\n @IsBoolean()\n enablePasswordAuth? = true\n\n @IsOptional()\n @IsString()\n adminRoleOrGroup?: string\n\n @IsString()\n @IsNotEmpty()\n buttonText: string = 'Continue with OpenID Connect'\n}\n\nexport class AuthProviderOIDCConfig {\n @IsString()\n @IsNotEmpty()\n issuerUrl: string\n\n @IsString()\n @IsNotEmpty()\n clientId: string\n\n @IsString()\n @IsNotEmpty()\n clientSecret: string\n\n @IsString()\n @IsNotEmpty()\n redirectUri: string\n\n @IsDefined()\n @IsNotEmptyObject()\n @IsObject()\n @ValidateNested()\n @Type(() => AuthProviderOIDCOptionsConfig)\n options: AuthProviderOIDCOptionsConfig = new AuthProviderOIDCOptionsConfig()\n\n @IsDefined()\n @IsNotEmptyObject()\n @IsObject()\n @ValidateNested()\n @Type(() => AuthProviderOIDCSecurityConfig)\n security: AuthProviderOIDCSecurityConfig = new AuthProviderOIDCSecurityConfig()\n}\n"],"names":["AuthProviderOIDCConfig","AuthProviderOIDCOptionsConfig","AuthProviderOIDCSecurityConfig","scope","tokenEndpointAuthMethod","OAuthTokenEndpoint","ClientSecretBasic","tokenSigningAlg","userInfoSigningAlg","undefined","skipSubjectCheck","message","value","autoCreateUser","autoCreatePermissions","autoRedirect","enablePasswordAuth","buttonText","each","options","security"],"mappings":";;;;;;;;;;;QAkEaA;eAAAA;;QA3BAC;eAAAA;;QAtBAC;eAAAA;;;kCAjBmB;gCAazB;sBACyB;mCACG;;;;;;;;;;AAE5B,IAAA,AAAMA,iCAAN,MAAMA;;aAGXC,QAAQ;aAIRC,0BAA8CC,qCAAkB,CAACC,iBAAiB;aAIlFC,kBAAkB;aAIlBC,qBAAsBC;aAItBC,mBAAoB;;AACtB;;;;QAlB2BC,SAAS;;;;sCAGtB,EAAEC,KAAK,EAAE,GAAKA,SAASP,qCAAkB,CAACC,iBAAiB;;;;;;;;;;;;;;;;AAiBlE,IAAA,AAAML,gCAAN,MAAMA;;aAGXY,iBAAkB;aAKlBC,wBAA4C,EAAE;aAI9CC,eAAgB;aAIhBC,qBAAsB;aAQtBC,aAAqB;;AACvB;;;;;;;;;QAlB6BC,MAAM;;;;;;;;;;;;;;;;;;;;;;AAoB5B,IAAA,AAAMlB,yBAAN,MAAMA;;aAsBXmB,UAAyC,IAAIlB;aAO7CmB,WAA2C,IAAIlB;;AACjD;;;;;;;;;;;;;;;;;;;;;;;;;;oCATcD;;;;;;;;oCAOAC"}

package/server/authentication/providers/oidc/auth-oidc.constants.js ADDED Viewed

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: Object.getOwnPropertyDescriptor(all, name).get
+    });
+}
+_export(exports, {
+    get OAuthCookie () {
+        return OAuthCookie;
+    },
+    get OAuthCookieSettings () {
+        return OAuthCookieSettings;
+    },
+    get OAuthTokenEndpoint () {
+        return OAuthTokenEndpoint;
+    }
+});
+var OAuthTokenEndpoint = /*#__PURE__*/ function(OAuthTokenEndpoint) {
+    OAuthTokenEndpoint["ClientSecretPost"] = "client_secret_post";
+    OAuthTokenEndpoint["ClientSecretBasic"] = "client_secret_basic";
+    return OAuthTokenEndpoint;
+}({});
+const OAuthCookie = {
+    State: 'oidc_state',
+    Nonce: 'oidc_nonce',
+    CodeVerifier: 'oidc_code_verifier'
+};
+const OAuthCookieSettings = {
+    httpOnly: true,
+    path: '/',
+    maxAge: 600,
+    sameSite: 'lax'
+};
+//# sourceMappingURL=auth-oidc.constants.js.map

package/server/authentication/providers/oidc/auth-oidc.constants.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../../../backend/src/authentication/providers/oidc/auth-oidc.constants.ts"],"sourcesContent":["export enum OAuthTokenEndpoint {\n ClientSecretPost = 'client_secret_post',\n ClientSecretBasic = 'client_secret_basic'\n}\n\nexport const OAuthCookie = {\n State: 'oidc_state',\n Nonce: 'oidc_nonce',\n CodeVerifier: 'oidc_code_verifier'\n} as const\n\nexport const OAuthCookieSettings = { httpOnly: true, path: '/', maxAge: 600, sameSite: 'lax' } as const\n"],"names":["OAuthCookie","OAuthCookieSettings","OAuthTokenEndpoint","State","Nonce","CodeVerifier","httpOnly","path","maxAge","sameSite"],"mappings":";;;;;;;;;;;QAKaA;eAAAA;;QAMAC;eAAAA;;QAXDC;eAAAA;;;AAAL,IAAA,AAAKA,4CAAAA;;;WAAAA;;AAKL,MAAMF,cAAc;IACzBG,OAAO;IACPC,OAAO;IACPC,cAAc;AAChB;AAEO,MAAMJ,sBAAsB;IAAEK,UAAU;IAAMC,MAAM;IAAKC,QAAQ;IAAKC,UAAU;AAAM"}

package/server/authentication/providers/oidc/auth-oidc.controller.js ADDED Viewed

@@ -0,0 +1,83 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "AuthOIDCController", {
+    enumerable: true,
+    get: function() {
+        return AuthOIDCController;
+    }
+});
+const _common = require("@nestjs/common");
+const _fastify = require("fastify");
+const _authservice = require("../../auth.service");
+const _routes = require("../../constants/routes");
+const _authtokenskipdecorator = require("../../decorators/auth-token-skip.decorator");
+const _authoidcdesktopconstants = require("./auth-oidc-desktop.constants");
+const _authprovideroidcservice = require("./auth-provider-oidc.service");
+function _ts_decorate(decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for(var i = decorators.length - 1; i >= 0; i--)if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+}
+function _ts_metadata(k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+}
+function _ts_param(paramIndex, decorator) {
+    return function(target, key) {
+        decorator(target, key, paramIndex);
+    };
+}
+let AuthOIDCController = class AuthOIDCController {
+    async oidcLogin(desktopPort, res) {
+        const url = await this.authProviderOIDC.getAuthorizationUrl(res, desktopPort);
+        // Redirect to OIDC provider
+        return res.redirect(url, _common.HttpStatus.FOUND);
+    }
+    async oidcCallback(query, req, res) {
+        const user = await this.authProviderOIDC.handleCallback(req, res, query);
+        const r = await this.authManager.setCookies(user, res, false);
+        return res.redirect(this.authProviderOIDC.getRedirectCallbackUrl(r.token.access_expiration, r.token.refresh_expiration), _common.HttpStatus.FOUND);
+    }
+    constructor(authManager, authProviderOIDC){
+        this.authManager = authManager;
+        this.authProviderOIDC = authProviderOIDC;
+    }
+};
+_ts_decorate([
+    (0, _common.Get)(_routes.AUTH_ROUTE.OIDC_LOGIN),
+    (0, _authtokenskipdecorator.AuthTokenSkip)(),
+    _ts_param(0, (0, _common.Query)(_authoidcdesktopconstants.OAuthDesktopPortParam)),
+    _ts_param(1, (0, _common.Res)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        Number,
+        typeof _fastify.FastifyReply === "undefined" ? Object : _fastify.FastifyReply
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], AuthOIDCController.prototype, "oidcLogin", null);
+_ts_decorate([
+    (0, _common.Get)(_routes.AUTH_ROUTE.OIDC_CALLBACK),
+    (0, _authtokenskipdecorator.AuthTokenSkip)(),
+    _ts_param(0, (0, _common.Query)()),
+    _ts_param(1, (0, _common.Req)()),
+    _ts_param(2, (0, _common.Res)()),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof Record === "undefined" ? Object : Record,
+        typeof _fastify.FastifyRequest === "undefined" ? Object : _fastify.FastifyRequest,
+        typeof _fastify.FastifyReply === "undefined" ? Object : _fastify.FastifyReply
+    ]),
+    _ts_metadata("design:returntype", Promise)
+], AuthOIDCController.prototype, "oidcCallback", null);
+AuthOIDCController = _ts_decorate([
+    (0, _common.Controller)(_routes.AUTH_ROUTE.BASE),
+    _ts_metadata("design:type", Function),
+    _ts_metadata("design:paramtypes", [
+        typeof _authservice.AuthManager === "undefined" ? Object : _authservice.AuthManager,
+        typeof _authprovideroidcservice.AuthProviderOIDC === "undefined" ? Object : _authprovideroidcservice.AuthProviderOIDC
+    ])
+], AuthOIDCController);
+//# sourceMappingURL=auth-oidc.controller.js.map

package/server/authentication/providers/oidc/auth-oidc.controller.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../../../../backend/src/authentication/providers/oidc/auth-oidc.controller.ts"],"sourcesContent":["import { Controller, Get, HttpStatus, Query, Req, Res } from '@nestjs/common'\nimport { FastifyReply, FastifyRequest } from 'fastify'\nimport type { UserModel } from '../../../applications/users/models/user.model'\nimport { AuthManager } from '../../auth.service'\nimport { AUTH_ROUTE } from '../../constants/routes'\nimport { AuthTokenSkip } from '../../decorators/auth-token-skip.decorator'\nimport type { LoginResponseDto } from '../../dto/login-response.dto'\nimport { OAuthDesktopPortParam } from './auth-oidc-desktop.constants'\nimport { AuthProviderOIDC } from './auth-provider-oidc.service'\n\n@Controller(AUTH_ROUTE.BASE)\nexport class AuthOIDCController {\n constructor(\n private readonly authManager: AuthManager,\n private readonly authProviderOIDC: AuthProviderOIDC\n ) {}\n\n @Get(AUTH_ROUTE.OIDC_LOGIN)\n @AuthTokenSkip()\n async oidcLogin(@Query(OAuthDesktopPortParam) desktopPort: number, @Res() res: FastifyReply): Promise<void> {\n const url = await this.authProviderOIDC.getAuthorizationUrl(res, desktopPort)\n // Redirect to OIDC provider\n return res.redirect(url, HttpStatus.FOUND)\n }\n\n @Get(AUTH_ROUTE.OIDC_CALLBACK)\n @AuthTokenSkip()\n async oidcCallback(@Query() query: Record<string, string>, @Req() req: FastifyRequest, @Res() res: FastifyReply): Promise<void> {\n const user: UserModel = await this.authProviderOIDC.handleCallback(req, res, query)\n const r: LoginResponseDto = await this.authManager.setCookies(user, res, false)\n return res.redirect(this.authProviderOIDC.getRedirectCallbackUrl(r.token.access_expiration, r.token.refresh_expiration), HttpStatus.FOUND)\n }\n}\n"],"names":["AuthOIDCController","oidcLogin","desktopPort","res","url","authProviderOIDC","getAuthorizationUrl","redirect","HttpStatus","FOUND","oidcCallback","query","req","user","handleCallback","r","authManager","setCookies","getRedirectCallbackUrl","token","access_expiration","refresh_expiration","OIDC_LOGIN","OIDC_CALLBACK","BASE"],"mappings":";;;;+BAWaA;;;eAAAA;;;wBAXgD;yBAChB;6BAEjB;wBACD;wCACG;0CAEQ;yCACL;;;;;;;;;;;;;;;AAG1B,IAAA,AAAMA,qBAAN,MAAMA;IAMX,MAEMC,UAAU,AAA8BC,WAAmB,EAAE,AAAOC,GAAiB,EAAiB;QAC1G,MAAMC,MAAM,MAAM,IAAI,CAACC,gBAAgB,CAACC,mBAAmB,CAACH,KAAKD;QACjE,4BAA4B;QAC5B,OAAOC,IAAII,QAAQ,CAACH,KAAKI,kBAAU,CAACC,KAAK;IAC3C;IAEA,MAEMC,aAAa,AAASC,KAA6B,EAAE,AAAOC,GAAmB,EAAE,AAAOT,GAAiB,EAAiB;QAC9H,MAAMU,OAAkB,MAAM,IAAI,CAACR,gBAAgB,CAACS,cAAc,CAACF,KAAKT,KAAKQ;QAC7E,MAAMI,IAAsB,MAAM,IAAI,CAACC,WAAW,CAACC,UAAU,CAACJ,MAAMV,KAAK;QACzE,OAAOA,IAAII,QAAQ,CAAC,IAAI,CAACF,gBAAgB,CAACa,sBAAsB,CAACH,EAAEI,KAAK,CAACC,iBAAiB,EAAEL,EAAEI,KAAK,CAACE,kBAAkB,GAAGb,kBAAU,CAACC,KAAK;IAC3I;IAnBA,YACE,AAAiBO,WAAwB,EACzC,AAAiBX,gBAAkC,CACnD;aAFiBW,cAAAA;aACAX,mBAAAA;IAChB;AAiBL;;wCAfkBiB;;;;;;;;;;;;wCAQAC;;;;;;;;;;;;;;+CAfKC"}

package/server/authentication/providers/oidc/auth-oidc.interfaces.js ADDED Viewed

@@ -0,0 +1,6 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+//# sourceMappingURL=auth-oidc.interfaces.js.map

package/server/authentication/providers/oidc/auth-oidc.interfaces.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"sources":["../../../../../backend/src/authentication/providers/oidc/auth-oidc.interfaces.ts"],"names":[],"mappings":""}