@sync-in/server 1.5.2 → 1.6.0

package/server/authentication/auth.e2e-spec.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/authentication/auth.e2e-spec.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { ConfigService } from '@nestjs/config'\nimport { JwtService } from '@nestjs/jwt'\nimport { NestFastifyApplication } from '@nestjs/platform-fastify'\nimport { appBootstrap } from '../app.bootstrap'\nimport { USER_ROLE } from '../applications/users/constants/user'\nimport { DeleteUserDto } from '../applications/users/dto/delete-user.dto'\nimport { UserModel } from '../applications/users/models/user.model'\nimport { AdminUsersManager } from '../applications/users/services/admin-users-manager.service'\nimport { generateUserTest } from '../applications/users/utils/test'\nimport { convertHumanTimeToSeconds, transformAndValidate } from '../common/functions'\nimport { currentTimeStamp, decodeUrl } from '../common/shared'\nimport { dbCheckConnection, dbCloseConnection } from '../infrastructure/database/utils'\nimport { AuthConfig } from './auth.config'\nimport { CSRF_ERROR, TOKEN_PATHS, TOKEN_TYPES } from './constants/auth'\nimport { API_AUTH_LOGIN, API_AUTH_LOGOUT, API_AUTH_REFRESH, API_AUTH_TOKEN, API_AUTH_TOKEN_REFRESH } from './constants/routes'\nimport { TokenResponseDto } from './dto/token-response.dto'\nimport { JwtPayload } from './interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from './interfaces/token.interface'\n\ndescribe('Auth (e2e)', () => {\n  let app: NestFastifyApplication\n  let authConfig: AuthConfig\n  let jwtService: JwtService\n  let adminUsersManager: AdminUsersManager\n  let userTest: UserModel\n  let refreshToken: string\n  let csrfToken: string\n\n  beforeAll(async () => {\n    app = await appBootstrap()\n    await app.init()\n    await app.getHttpAdapter().getInstance().ready()\n    authConfig = app.get<ConfigService>(ConfigService).get<AuthConfig>('auth')\n    jwtService = app.get<JwtService>(JwtService)\n    adminUsersManager = app.get<AdminUsersManager>(AdminUsersManager)\n    userTest = new UserModel(generateUserTest(false), false)\n  })\n\n  afterAll(async () => {\n    await expect(\n      adminUsersManager.deleteUserOrGuest(userTest.id, userTest.login, { deleteSpace: true } satisfies DeleteUserDto)\n    ).resolves.not.toThrow()\n    await dbCloseConnection(app)\n    await app.close()\n  })\n\n  it('should be defined', () => {\n    expect(authConfig).toBeDefined()\n    expect(jwtService).toBeDefined()\n    expect(adminUsersManager).toBeDefined()\n    expect(userTest).toBeDefined()\n  })\n\n  it('should get the database connection', async () => {\n    expect(await dbCheckConnection(app)).toBe(true)\n  })\n\n  it(`POST ${API_AUTH_LOGIN} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGIN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_LOGIN} => 201`, async () => {\n    const userId = (await adminUsersManager.createUserOrGuest({ ...userTest }, USER_ROLE.USER)).id\n    expect(userId).toBeDefined()\n    userTest.id = userId\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGIN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(Object.keys(res.json())).toEqual(expect.arrayContaining(['user', 'token']))\n    expect(res.headers['set-cookie']).toHaveLength(4)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    /* Access cookie\n        [\n        'sync-in-access=value,\n        'Max-Age=3600',\n        'Path=/',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* Refresh cookie\n        [\n        'sync-in-refresh=value,\n        'Max-Age=14400',\n        'Path=/api/auth/refresh',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* WS cookie\n        [\n        'sync-in-ws=value,\n        'Max-Age=14400',\n        'Path=/socket.io',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* CSRF cookie\n        [\n        'sync-in-csrf=value,\n        'Max-Age=14400',\n        'Path=/',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    cookiesChecks(cookies)\n    // Verify token\n    for (const cookie of cookies) {\n      const token = cookie.content[0].substring(cookie.content[0].indexOf('=') + 1)\n      if (cookie.type === TOKEN_TYPE.CSRF) {\n        // needed for the following tests\n        csrfToken = decodeUrl(token)\n        continue\n      }\n      const decodedToken: JwtPayload = await jwtService.verifyAsync(token, {\n        secret: authConfig.token[cookie.type].secret\n      })\n      expect(decodedToken.iat).toBeCloseTo(currentTimeStamp(), -1)\n      expect(decodedToken.exp).toBeCloseTo(currentTimeStamp() + convertHumanTimeToSeconds(authConfig.token[cookie.type].expiration), -1)\n      expect(decodedToken.identity.id).toBe(userTest.id)\n      if (cookie.type === TOKEN_TYPE.REFRESH) {\n        // needed for the following tests\n        refreshToken = token\n      }\n    }\n  })\n\n  it(`POST ${API_AUTH_LOGOUT} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGOUT,\n      body: null\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(res.headers['set-cookie']).toHaveLength(4)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    /* Access cookie\n     [\n       'sync-in-access=',\n       'Max-Age=0',\n       'Path=/',\n       'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n       'HttpOnly',\n       'Secure',\n       'SameSite=Strict'\n     ]\n    */\n    /* Refresh cookie\n      [\n        'sync-in-refresh=',\n        'Max-Age=0',\n        'Path=/api/auth/refresh',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* WS cookie\n      [\n        'sync-in-ws=',\n        'Max-Age=0',\n        'Path=/socket.io',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* CSRF cookie\n      [\n        'sync-in-csrf=',\n        'Max-Age=0',\n        'Path=/api/auth/refresh',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    cookiesChecks(cookies, true)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      headers: { [authConfig.token.csrf.name]: csrfToken },\n      url: API_AUTH_REFRESH,\n      cookies: { [authConfig.token.refresh.name]: refreshToken }\n    })\n    expect(res.statusCode).toEqual(201)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    cookiesChecks(cookies)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 401 (with CSRF)`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_REFRESH,\n      headers: { [authConfig.token.csrf.name]: csrfToken },\n      cookies: { [authConfig.token.refresh.name]: 'bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 403 (without CSRF)`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_REFRESH,\n      cookies: { [authConfig.token.refresh.name]: refreshToken }\n    })\n    expect(res.statusCode).toEqual(403)\n    expect(res.json().message).toEqual(CSRF_ERROR.MISSING_HEADERS)\n  })\n\n  it(`POST ${API_AUTH_TOKEN} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN,\n      body: { login: userTest.login, password: 'bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_TOKEN} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(201)\n    const content = res.json()\n    expect(() => transformAndValidate(TokenResponseDto, content)).not.toThrow()\n    for (const type of TOKEN_TYPES.filter((p) => p === TOKEN_TYPE.ACCESS || p === TOKEN_TYPE.REFRESH)) {\n      expect(content[type]).toBeDefined()\n      expect(content[`${type}_expiration`]).toBeCloseTo(currentTimeStamp() + convertHumanTimeToSeconds(authConfig.token[type].expiration), -1)\n    }\n  })\n\n  it(`POST ${API_AUTH_TOKEN_REFRESH} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN_REFRESH,\n      headers: { authorization: 'Bearer bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_TOKEN_REFRESH} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN_REFRESH,\n      headers: { authorization: `Bearer ${refreshToken}` }\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(() => transformAndValidate(TokenResponseDto, res.json())).not.toThrow()\n  })\n\n  function getCookies(setCookie: string[]): { type: TOKEN_TYPE; content: string[] }[] {\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = []\n    for (const c of setCookie) {\n      const cookieName = c.split('=')[0]\n      const cookieValues = c.split('; ')\n      switch (cookieName) {\n        case authConfig.token.access.name:\n          cookies.push({ type: TOKEN_TYPE.ACCESS, content: cookieValues })\n          break\n        case authConfig.token.refresh.name:\n          cookies.push({ type: TOKEN_TYPE.REFRESH, content: cookieValues })\n          break\n        case authConfig.token.ws.name:\n          cookies.push({ type: TOKEN_TYPE.WS, content: cookieValues })\n          break\n        case authConfig.token.csrf.name:\n          cookies.push({ type: TOKEN_TYPE.CSRF, content: cookieValues })\n          break\n      }\n    }\n    return cookies\n  }\n\n  function cookiesChecks(cookies: { type: TOKEN_TYPE; content: string[] }[], clear = false) {\n    for (const cookie of cookies) {\n      expect(cookie.content[0].split('=')[0]).toBe(authConfig.token[cookie.type].name)\n      expect(cookie.content[2].split('=')[1]).toBe(TOKEN_PATHS[cookie.type])\n      if (cookie.type === TOKEN_TYPE.CSRF) {\n        expect(cookie.content).not.toContain('HttpOnly')\n      } else {\n        expect(cookie.content).toContain('HttpOnly')\n      }\n      expect(cookie.content).not.toContain('Secure')\n      expect(cookie.content[cookie.content.length - 1].split('=')[1].toLowerCase()).toBe(authConfig.sameSite)\n      if (clear) {\n        expect(cookie.content[0].split('=')[1]).toBe('')\n        expect(cookie.content[1].split('=')[1]).toBe('0')\n        expect(cookie.content[3].split('=')[1]).toBe('Thu, 01 Jan 1970 00:00:00 GMT')\n      } else {\n        expect(parseInt(cookie.content[1].split('=')[1])).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token[cookie.type].cookieMaxAge), -1)\n        expect(cookie.content[0].split('=')[1]).not.toBe('')\n      }\n    }\n  }\n})\n"],"names":["describe","app","authConfig","jwtService","adminUsersManager","userTest","refreshToken","csrfToken","beforeAll","appBootstrap","init","getHttpAdapter","getInstance","ready","get","ConfigService","JwtService","AdminUsersManager","UserModel","generateUserTest","afterAll","expect","deleteUserOrGuest","id","login","deleteSpace","resolves","not","toThrow","dbCloseConnection","close","it","toBeDefined","dbCheckConnection","toBe","API_AUTH_LOGIN","res","inject","method","url","body","password","statusCode","toEqual","userId","createUserOrGuest","USER_ROLE","USER","Object","keys","json","arrayContaining","headers","toHaveLength","cookies","getCookies","cookiesChecks","cookie","token","content","substring","indexOf","type","TOKEN_TYPE","CSRF","decodeUrl","decodedToken","verifyAsync","secret","iat","toBeCloseTo","currentTimeStamp","exp","convertHumanTimeToSeconds","expiration","identity","REFRESH","API_AUTH_LOGOUT","API_AUTH_REFRESH","csrf","name","refresh","message","CSRF_ERROR","MISSING_HEADERS","API_AUTH_TOKEN","transformAndValidate","TokenResponseDto","TOKEN_TYPES","filter","p","ACCESS","API_AUTH_TOKEN_REFRESH","authorization","setCookie","c","cookieName","split","cookieValues","access","push","ws","WS","clear","TOKEN_PATHS","toContain","length","toLowerCase","sameSite","parseInt","cookieMaxAge"],"mappings":"AAAA;;;;CAIC;;;;wBAE6B;qBACH;8BAEE;sBACH;2BAEA;0CACQ;sBACD;2BAC+B;wBACpB;uBACS;sBAEA;wBACqD;kCACzE;gCAEN;AAE3BA,SAAS,cAAc;IACrB,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACRP,MAAM,MAAMQ,IAAAA,0BAAY;QACxB,MAAMR,IAAIS,IAAI;QACd,MAAMT,IAAIU,cAAc,GAAGC,WAAW,GAAGC,KAAK;QAC9CX,aAAaD,IAAIa,GAAG,CAAgBC,qBAAa,EAAED,GAAG,CAAa;QACnEX,aAAaF,IAAIa,GAAG,CAAaE,eAAU;QAC3CZ,oBAAoBH,IAAIa,GAAG,CAAoBG,2CAAiB;QAChEZ,WAAW,IAAIa,oBAAS,CAACC,IAAAA,sBAAgB,EAAC,QAAQ;IACpD;IAEAC,SAAS;QACP,MAAMC,OACJjB,kBAAkBkB,iBAAiB,CAACjB,SAASkB,EAAE,EAAElB,SAASmB,KAAK,EAAE;YAAEC,aAAa;QAAK,IACrFC,QAAQ,CAACC,GAAG,CAACC,OAAO;QACtB,MAAMC,IAAAA,wBAAiB,EAAC5B;QACxB,MAAMA,IAAI6B,KAAK;IACjB;IAEAC,GAAG,qBAAqB;QACtBV,OAAOnB,YAAY8B,WAAW;QAC9BX,OAAOlB,YAAY6B,WAAW;QAC9BX,OAAOjB,mBAAmB4B,WAAW;QACrCX,OAAOhB,UAAU2B,WAAW;IAC9B;IAEAD,GAAG,sCAAsC;QACvCV,OAAO,MAAMY,IAAAA,wBAAiB,EAAChC,MAAMiC,IAAI,CAAC;IAC5C;IAEAH,GAAG,CAAC,KAAK,EAAEI,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMC,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKJ,sBAAc;YACnBK,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAEI,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMS,SAAS,AAAC,CAAA,MAAMxC,kBAAkByC,iBAAiB,CAAC;YAAE,GAAGxC,QAAQ;QAAC,GAAGyC,eAAS,CAACC,IAAI,CAAA,EAAGxB,EAAE;QAC9FF,OAAOuB,QAAQZ,WAAW;QAC1B3B,SAASkB,EAAE,GAAGqB;QACd,MAAMR,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKJ,sBAAc;YACnBK,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAO2B,OAAOC,IAAI,CAACb,IAAIc,IAAI,KAAKP,OAAO,CAACtB,OAAO8B,eAAe,CAAC;YAAC;YAAQ;SAAQ;QAChF9B,OAAOe,IAAIgB,OAAO,CAAC,aAAa,EAAEC,YAAY,CAAC;QAC/C,MAAMC,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/F;;;;;;;;;KASC,GACD;;;;;;;;;KASC,GACD;;;;;;;;;KASC,GACD;;;;;;;;KAQC,GACDI,cAAcF;QACd,eAAe;QACf,KAAK,MAAMG,UAAUH,QAAS;YAC5B,MAAMI,QAAQD,OAAOE,OAAO,CAAC,EAAE,CAACC,SAAS,CAACH,OAAOE,OAAO,CAAC,EAAE,CAACE,OAAO,CAAC,OAAO;YAC3E,IAAIJ,OAAOK,IAAI,KAAKC,0BAAU,CAACC,IAAI,EAAE;gBACnC,iCAAiC;gBACjCzD,YAAY0D,IAAAA,iBAAS,EAACP;gBACtB;YACF;YACA,MAAMQ,eAA2B,MAAM/D,WAAWgE,WAAW,CAACT,OAAO;gBACnEU,QAAQlE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACM,MAAM;YAC9C;YACA/C,OAAO6C,aAAaG,GAAG,EAAEC,WAAW,CAACC,IAAAA,wBAAgB,KAAI,CAAC;YAC1DlD,OAAO6C,aAAaM,GAAG,EAAEF,WAAW,CAACC,IAAAA,wBAAgB,MAAKE,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACY,UAAU,GAAG,CAAC;YAChIrD,OAAO6C,aAAaS,QAAQ,CAACpD,EAAE,EAAEW,IAAI,CAAC7B,SAASkB,EAAE;YACjD,IAAIkC,OAAOK,IAAI,KAAKC,0BAAU,CAACa,OAAO,EAAE;gBACtC,iCAAiC;gBACjCtE,eAAeoD;YACjB;QACF;IACF;IAEA3B,GAAG,CAAC,KAAK,EAAE8C,uBAAe,CAAC,OAAO,CAAC,EAAE;QACnC,MAAMzC,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKsC,uBAAe;YACpBrC,MAAM;QACR;QACAnB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAOe,IAAIgB,OAAO,CAAC,aAAa,EAAEC,YAAY,CAAC;QAC/C,MAAMC,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/F;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACAI,cAAcF,SAAS;IACzB;IAEAvB,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,OAAO,CAAC,EAAE;QACpC,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRc,SAAS;gBAAE,CAAClD,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI,CAAC,EAAEzE;YAAU;YACnDgC,KAAKuC,wBAAgB;YACrBxB,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE1E;YAAa;QAC3D;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/B,MAAMW,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/FI,cAAcF;IAChB;IAEAvB,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,mBAAmB,CAAC,EAAE;QAChD,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKuC,wBAAgB;YACrB1B,SAAS;gBAAE,CAAClD,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI,CAAC,EAAEzE;YAAU;YACnD+C,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE;YAAM;QACpD;QACA3D,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,sBAAsB,CAAC,EAAE;QACnD,MAAM1C,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKuC,wBAAgB;YACrBxB,SAAS;gBAAE,CAACpD,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE1E;YAAa;QAC3D;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAOe,IAAIc,IAAI,GAAGgC,OAAO,EAAEvC,OAAO,CAACwC,gBAAU,CAACC,eAAe;IAC/D;IAEArD,GAAG,CAAC,KAAK,EAAEsD,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMjD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAK8C,sBAAc;YACnB7C,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAU;YAAM;QACjD;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAEsD,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMjD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAK8C,sBAAc;YACnB7C,MAAM;gBAAEhB,OAAOnB,SAASmB,KAAK;gBAAEiB,UAAUpC,SAASoC,QAAQ;YAAC;QAC7D;QACApB,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/B,MAAMgB,UAAUvB,IAAIc,IAAI;QACxB7B,OAAO,IAAMiE,IAAAA,+BAAoB,EAACC,kCAAgB,EAAE5B,UAAUhC,GAAG,CAACC,OAAO;QACzE,KAAK,MAAMkC,QAAQ0B,iBAAW,CAACC,MAAM,CAAC,CAACC,IAAMA,MAAM3B,0BAAU,CAAC4B,MAAM,IAAID,MAAM3B,0BAAU,CAACa,OAAO,EAAG;YACjGvD,OAAOsC,OAAO,CAACG,KAAK,EAAE9B,WAAW;YACjCX,OAAOsC,OAAO,CAAC,GAAGG,KAAK,WAAW,CAAC,CAAC,EAAEQ,WAAW,CAACC,IAAAA,wBAAgB,MAAKE,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACI,KAAK,CAACY,UAAU,GAAG,CAAC;QACxI;IACF;IAEA3C,GAAG,CAAC,KAAK,EAAE6D,8BAAsB,CAAC,OAAO,CAAC,EAAE;QAC1C,MAAMxD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKqD,8BAAsB;YAC3BxC,SAAS;gBAAEyC,eAAe;YAAa;QACzC;QACAxE,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAE6D,8BAAsB,CAAC,OAAO,CAAC,EAAE;QAC1C,MAAMxD,MAAM,MAAMnC,IAAIoC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKqD,8BAAsB;YAC3BxC,SAAS;gBAAEyC,eAAe,CAAC,OAAO,EAAEvF,cAAc;YAAC;QACrD;QACAe,OAAOe,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BtB,OAAO,IAAMiE,IAAAA,+BAAoB,EAACC,kCAAgB,EAAEnD,IAAIc,IAAI,KAAKvB,GAAG,CAACC,OAAO;IAC9E;IAEA,SAAS2B,WAAWuC,SAAmB;QACrC,MAAMxC,UAAqD,EAAE;QAC7D,KAAK,MAAMyC,KAAKD,UAAW;YACzB,MAAME,aAAaD,EAAEE,KAAK,CAAC,IAAI,CAAC,EAAE;YAClC,MAAMC,eAAeH,EAAEE,KAAK,CAAC;YAC7B,OAAQD;gBACN,KAAK9F,WAAWwD,KAAK,CAACyC,MAAM,CAACnB,IAAI;oBAC/B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAAC4B,MAAM;wBAAEhC,SAASuC;oBAAa;oBAC9D;gBACF,KAAKhG,WAAWwD,KAAK,CAACuB,OAAO,CAACD,IAAI;oBAChC1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACa,OAAO;wBAAEjB,SAASuC;oBAAa;oBAC/D;gBACF,KAAKhG,WAAWwD,KAAK,CAAC2C,EAAE,CAACrB,IAAI;oBAC3B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACuC,EAAE;wBAAE3C,SAASuC;oBAAa;oBAC1D;gBACF,KAAKhG,WAAWwD,KAAK,CAACqB,IAAI,CAACC,IAAI;oBAC7B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACC,IAAI;wBAAEL,SAASuC;oBAAa;oBAC5D;YACJ;QACF;QACA,OAAO5C;IACT;IAEA,SAASE,cAAcF,OAAkD,EAAEiD,QAAQ,KAAK;QACtF,KAAK,MAAM9C,UAAUH,QAAS;YAC5BjC,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAChC,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACkB,IAAI;YAC/E3D,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAACsE,iBAAW,CAAC/C,OAAOK,IAAI,CAAC;YACrE,IAAIL,OAAOK,IAAI,KAAKC,0BAAU,CAACC,IAAI,EAAE;gBACnC3C,OAAOoC,OAAOE,OAAO,EAAEhC,GAAG,CAAC8E,SAAS,CAAC;YACvC,OAAO;gBACLpF,OAAOoC,OAAOE,OAAO,EAAE8C,SAAS,CAAC;YACnC;YACApF,OAAOoC,OAAOE,OAAO,EAAEhC,GAAG,CAAC8E,SAAS,CAAC;YACrCpF,OAAOoC,OAAOE,OAAO,CAACF,OAAOE,OAAO,CAAC+C,MAAM,GAAG,EAAE,CAACT,KAAK,CAAC,IAAI,CAAC,EAAE,CAACU,WAAW,IAAIzE,IAAI,CAAChC,WAAW0G,QAAQ;YACtG,IAAIL,OAAO;gBACTlF,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;gBAC7Cb,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;gBAC7Cb,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;YAC/C,OAAO;gBACLb,OAAOwF,SAASpD,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG3B,WAAW,CAACG,IAAAA,oCAAyB,EAACvE,WAAWwD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACgD,YAAY,GAAG,CAAC;gBACtIzF,OAAOoC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAEtE,GAAG,CAACO,IAAI,CAAC;YACnD;QACF;IACF;AACF"}
+{"version":3,"sources":["../../../backend/src/authentication/auth.e2e-spec.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { ConfigService } from '@nestjs/config'\nimport { JwtService } from '@nestjs/jwt'\nimport { NestFastifyApplication } from '@nestjs/platform-fastify'\nimport { appBootstrap } from '../app.bootstrap'\nimport { USER_ROLE } from '../applications/users/constants/user'\nimport { DeleteUserDto } from '../applications/users/dto/delete-user.dto'\nimport { UserModel } from '../applications/users/models/user.model'\nimport { AdminUsersManager } from '../applications/users/services/admin-users-manager.service'\nimport { generateUserTest } from '../applications/users/utils/test'\nimport { convertHumanTimeToSeconds, transformAndValidate } from '../common/functions'\nimport { currentTimeStamp, decodeUrl } from '../common/shared'\nimport { dbCheckConnection, dbCloseConnection } from '../infrastructure/database/utils'\nimport { AuthConfig } from './auth.config'\nimport { CSRF_ERROR, TOKEN_PATHS, TOKEN_TYPES } from './constants/auth'\nimport { API_AUTH_LOGIN, API_AUTH_LOGOUT, API_AUTH_REFRESH, API_AUTH_TOKEN, API_AUTH_TOKEN_REFRESH } from './constants/routes'\nimport { TokenResponseDto } from './dto/token-response.dto'\nimport { JwtPayload } from './interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from './interfaces/token.interface'\n\ndescribe('Auth (e2e)', () => {\n  let app: NestFastifyApplication\n  let authConfig: AuthConfig\n  let jwtService: JwtService\n  let adminUsersManager: AdminUsersManager\n  let userTest: UserModel\n  let refreshToken: string\n  let csrfToken: string\n\n  beforeAll(async () => {\n    app = await appBootstrap()\n    await app.init()\n    await app.getHttpAdapter().getInstance().ready()\n    authConfig = app.get<ConfigService>(ConfigService).get<AuthConfig>('auth')\n    jwtService = app.get<JwtService>(JwtService)\n    adminUsersManager = app.get<AdminUsersManager>(AdminUsersManager)\n    userTest = new UserModel(generateUserTest(false), false)\n  })\n\n  afterAll(async () => {\n    await expect(\n      adminUsersManager.deleteUserOrGuest(userTest.id, userTest.login, { deleteSpace: true, isGuest: false } satisfies DeleteUserDto)\n    ).resolves.not.toThrow()\n    await dbCloseConnection(app)\n    await app.close()\n  })\n\n  it('should be defined', () => {\n    expect(authConfig).toBeDefined()\n    expect(jwtService).toBeDefined()\n    expect(adminUsersManager).toBeDefined()\n    expect(userTest).toBeDefined()\n  })\n\n  it('should get the database connection', async () => {\n    expect(await dbCheckConnection(app)).toBe(true)\n  })\n\n  it(`POST ${API_AUTH_LOGIN} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGIN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_LOGIN} => 201`, async () => {\n    const userId = (await adminUsersManager.createUserOrGuest({ ...userTest }, USER_ROLE.USER)).id\n    expect(userId).toBeDefined()\n    userTest.id = userId\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGIN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(Object.keys(res.json())).toEqual(expect.arrayContaining(['user', 'token']))\n    expect(res.headers['set-cookie']).toHaveLength(4)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    /* Access cookie\n        [\n        'sync-in-access=value,\n        'Max-Age=3600',\n        'Path=/',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* Refresh cookie\n        [\n        'sync-in-refresh=value,\n        'Max-Age=14400',\n        'Path=/api/auth/refresh',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* WS cookie\n        [\n        'sync-in-ws=value,\n        'Max-Age=14400',\n        'Path=/socket.io',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    /* CSRF cookie\n        [\n        'sync-in-csrf=value,\n        'Max-Age=14400',\n        'Path=/',\n        'Secure',\n        'SameSite=Strict'\n        ]\n     */\n    cookiesChecks(cookies)\n    // Verify token\n    for (const cookie of cookies) {\n      const token = cookie.content[0].substring(cookie.content[0].indexOf('=') + 1)\n      if (cookie.type === TOKEN_TYPE.CSRF) {\n        // needed for the following tests\n        csrfToken = decodeUrl(token)\n        continue\n      }\n      const decodedToken: JwtPayload = await jwtService.verifyAsync(token, {\n        secret: authConfig.token[cookie.type].secret\n      })\n      expect(decodedToken.iat).toBeCloseTo(currentTimeStamp(), -1)\n      expect(decodedToken.exp).toBeCloseTo(currentTimeStamp() + convertHumanTimeToSeconds(authConfig.token[cookie.type].expiration), -1)\n      expect(decodedToken.identity.id).toBe(userTest.id)\n      if (cookie.type === TOKEN_TYPE.REFRESH) {\n        // needed for the following tests\n        refreshToken = token\n      }\n    }\n  })\n\n  it(`POST ${API_AUTH_LOGOUT} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_LOGOUT,\n      body: null\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(res.headers['set-cookie']).toHaveLength(4)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    /* Access cookie\n     [\n       'sync-in-access=',\n       'Max-Age=0',\n       'Path=/',\n       'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n       'HttpOnly',\n       'Secure',\n       'SameSite=Strict'\n     ]\n    */\n    /* Refresh cookie\n      [\n        'sync-in-refresh=',\n        'Max-Age=0',\n        'Path=/api/auth/refresh',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* WS cookie\n      [\n        'sync-in-ws=',\n        'Max-Age=0',\n        'Path=/socket.io',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    /* CSRF cookie\n      [\n        'sync-in-csrf=',\n        'Max-Age=0',\n        'Path=/api/auth/refresh',\n        'Expires=Thu, 01 Jan 1970 00:00:00 GMT',\n        'HttpOnly',\n        'Secure',\n        'SameSite=Strict'\n      ]\n    */\n    cookiesChecks(cookies, true)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      headers: { [authConfig.token.csrf.name]: csrfToken },\n      url: API_AUTH_REFRESH,\n      cookies: { [authConfig.token.refresh.name]: refreshToken }\n    })\n    expect(res.statusCode).toEqual(201)\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = getCookies(res.headers['set-cookie'] as string[])\n    cookiesChecks(cookies)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 401 (with CSRF)`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_REFRESH,\n      headers: { [authConfig.token.csrf.name]: csrfToken },\n      cookies: { [authConfig.token.refresh.name]: 'bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_REFRESH} => 403 (without CSRF)`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_REFRESH,\n      cookies: { [authConfig.token.refresh.name]: refreshToken }\n    })\n    expect(res.statusCode).toEqual(403)\n    expect(res.json().message).toEqual(CSRF_ERROR.MISSING_HEADERS)\n  })\n\n  it(`POST ${API_AUTH_TOKEN} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN,\n      body: { login: userTest.login, password: 'bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_TOKEN} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN,\n      body: { login: userTest.login, password: userTest.password }\n    })\n    expect(res.statusCode).toEqual(201)\n    const content = res.json()\n    expect(() => transformAndValidate(TokenResponseDto, content)).not.toThrow()\n    for (const type of TOKEN_TYPES.filter((p) => p === TOKEN_TYPE.ACCESS || p === TOKEN_TYPE.REFRESH)) {\n      expect(content[type]).toBeDefined()\n      expect(content[`${type}_expiration`]).toBeCloseTo(currentTimeStamp() + convertHumanTimeToSeconds(authConfig.token[type].expiration), -1)\n    }\n  })\n\n  it(`POST ${API_AUTH_TOKEN_REFRESH} => 401`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN_REFRESH,\n      headers: { authorization: 'Bearer bar' }\n    })\n    expect(res.statusCode).toEqual(401)\n  })\n\n  it(`POST ${API_AUTH_TOKEN_REFRESH} => 201`, async () => {\n    const res = await app.inject({\n      method: 'POST',\n      url: API_AUTH_TOKEN_REFRESH,\n      headers: { authorization: `Bearer ${refreshToken}` }\n    })\n    expect(res.statusCode).toEqual(201)\n    expect(() => transformAndValidate(TokenResponseDto, res.json())).not.toThrow()\n  })\n\n  function getCookies(setCookie: string[]): { type: TOKEN_TYPE; content: string[] }[] {\n    const cookies: { type: TOKEN_TYPE; content: string[] }[] = []\n    for (const c of setCookie) {\n      const cookieName = c.split('=')[0]\n      const cookieValues = c.split('; ')\n      switch (cookieName) {\n        case authConfig.token.access.name:\n          cookies.push({ type: TOKEN_TYPE.ACCESS, content: cookieValues })\n          break\n        case authConfig.token.refresh.name:\n          cookies.push({ type: TOKEN_TYPE.REFRESH, content: cookieValues })\n          break\n        case authConfig.token.ws.name:\n          cookies.push({ type: TOKEN_TYPE.WS, content: cookieValues })\n          break\n        case authConfig.token.csrf.name:\n          cookies.push({ type: TOKEN_TYPE.CSRF, content: cookieValues })\n          break\n      }\n    }\n    return cookies\n  }\n\n  function cookiesChecks(cookies: { type: TOKEN_TYPE; content: string[] }[], clear = false) {\n    for (const cookie of cookies) {\n      expect(cookie.content[0].split('=')[0]).toBe(authConfig.token[cookie.type].name)\n      expect(cookie.content[2].split('=')[1]).toBe(TOKEN_PATHS[cookie.type])\n      if (cookie.type === TOKEN_TYPE.CSRF) {\n        expect(cookie.content).not.toContain('HttpOnly')\n      } else {\n        expect(cookie.content).toContain('HttpOnly')\n      }\n      expect(cookie.content).not.toContain('Secure')\n      expect(cookie.content[cookie.content.length - 1].split('=')[1].toLowerCase()).toBe(authConfig.cookieSameSite)\n      if (clear) {\n        expect(cookie.content[0].split('=')[1]).toBe('')\n        expect(cookie.content[1].split('=')[1]).toBe('0')\n        expect(cookie.content[3].split('=')[1]).toBe('Thu, 01 Jan 1970 00:00:00 GMT')\n      } else {\n        expect(parseInt(cookie.content[1].split('=')[1])).toBeCloseTo(convertHumanTimeToSeconds(authConfig.token[cookie.type].expiration), -1)\n        expect(cookie.content[0].split('=')[1]).not.toBe('')\n      }\n    }\n  }\n})\n"],"names":["describe","app","authConfig","jwtService","adminUsersManager","userTest","refreshToken","csrfToken","beforeAll","appBootstrap","init","getHttpAdapter","getInstance","ready","get","ConfigService","JwtService","AdminUsersManager","UserModel","generateUserTest","afterAll","expect","deleteUserOrGuest","id","login","deleteSpace","isGuest","resolves","not","toThrow","dbCloseConnection","close","it","toBeDefined","dbCheckConnection","toBe","API_AUTH_LOGIN","res","inject","method","url","body","password","statusCode","toEqual","userId","createUserOrGuest","USER_ROLE","USER","Object","keys","json","arrayContaining","headers","toHaveLength","cookies","getCookies","cookiesChecks","cookie","token","content","substring","indexOf","type","TOKEN_TYPE","CSRF","decodeUrl","decodedToken","verifyAsync","secret","iat","toBeCloseTo","currentTimeStamp","exp","convertHumanTimeToSeconds","expiration","identity","REFRESH","API_AUTH_LOGOUT","API_AUTH_REFRESH","csrf","name","refresh","message","CSRF_ERROR","MISSING_HEADERS","API_AUTH_TOKEN","transformAndValidate","TokenResponseDto","TOKEN_TYPES","filter","p","ACCESS","API_AUTH_TOKEN_REFRESH","authorization","setCookie","c","cookieName","split","cookieValues","access","push","ws","WS","clear","TOKEN_PATHS","toContain","length","toLowerCase","cookieSameSite","parseInt"],"mappings":"AAAA;;;;CAIC;;;;wBAE6B;qBACH;8BAEE;sBACH;2BAEA;0CACQ;sBACD;2BAC+B;wBACpB;uBACS;sBAEA;wBACqD;kCACzE;gCAEN;AAE3BA,SAAS,cAAc;IACrB,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IACJ,IAAIC;IAEJC,UAAU;QACRP,MAAM,MAAMQ,IAAAA,0BAAY;QACxB,MAAMR,IAAIS,IAAI;QACd,MAAMT,IAAIU,cAAc,GAAGC,WAAW,GAAGC,KAAK;QAC9CX,aAAaD,IAAIa,GAAG,CAAgBC,qBAAa,EAAED,GAAG,CAAa;QACnEX,aAAaF,IAAIa,GAAG,CAAaE,eAAU;QAC3CZ,oBAAoBH,IAAIa,GAAG,CAAoBG,2CAAiB;QAChEZ,WAAW,IAAIa,oBAAS,CAACC,IAAAA,sBAAgB,EAAC,QAAQ;IACpD;IAEAC,SAAS;QACP,MAAMC,OACJjB,kBAAkBkB,iBAAiB,CAACjB,SAASkB,EAAE,EAAElB,SAASmB,KAAK,EAAE;YAAEC,aAAa;YAAMC,SAAS;QAAM,IACrGC,QAAQ,CAACC,GAAG,CAACC,OAAO;QACtB,MAAMC,IAAAA,wBAAiB,EAAC7B;QACxB,MAAMA,IAAI8B,KAAK;IACjB;IAEAC,GAAG,qBAAqB;QACtBX,OAAOnB,YAAY+B,WAAW;QAC9BZ,OAAOlB,YAAY8B,WAAW;QAC9BZ,OAAOjB,mBAAmB6B,WAAW;QACrCZ,OAAOhB,UAAU4B,WAAW;IAC9B;IAEAD,GAAG,sCAAsC;QACvCX,OAAO,MAAMa,IAAAA,wBAAiB,EAACjC,MAAMkC,IAAI,CAAC;IAC5C;IAEAH,GAAG,CAAC,KAAK,EAAEI,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMC,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKJ,sBAAc;YACnBK,MAAM;gBAAEjB,OAAOnB,SAASmB,KAAK;gBAAEkB,UAAUrC,SAASqC,QAAQ;YAAC;QAC7D;QACArB,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAEI,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMS,SAAS,AAAC,CAAA,MAAMzC,kBAAkB0C,iBAAiB,CAAC;YAAE,GAAGzC,QAAQ;QAAC,GAAG0C,eAAS,CAACC,IAAI,CAAA,EAAGzB,EAAE;QAC9FF,OAAOwB,QAAQZ,WAAW;QAC1B5B,SAASkB,EAAE,GAAGsB;QACd,MAAMR,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKJ,sBAAc;YACnBK,MAAM;gBAAEjB,OAAOnB,SAASmB,KAAK;gBAAEkB,UAAUrC,SAASqC,QAAQ;YAAC;QAC7D;QACArB,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BvB,OAAO4B,OAAOC,IAAI,CAACb,IAAIc,IAAI,KAAKP,OAAO,CAACvB,OAAO+B,eAAe,CAAC;YAAC;YAAQ;SAAQ;QAChF/B,OAAOgB,IAAIgB,OAAO,CAAC,aAAa,EAAEC,YAAY,CAAC;QAC/C,MAAMC,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/F;;;;;;;;;KASC,GACD;;;;;;;;;KASC,GACD;;;;;;;;;KASC,GACD;;;;;;;;KAQC,GACDI,cAAcF;QACd,eAAe;QACf,KAAK,MAAMG,UAAUH,QAAS;YAC5B,MAAMI,QAAQD,OAAOE,OAAO,CAAC,EAAE,CAACC,SAAS,CAACH,OAAOE,OAAO,CAAC,EAAE,CAACE,OAAO,CAAC,OAAO;YAC3E,IAAIJ,OAAOK,IAAI,KAAKC,0BAAU,CAACC,IAAI,EAAE;gBACnC,iCAAiC;gBACjC1D,YAAY2D,IAAAA,iBAAS,EAACP;gBACtB;YACF;YACA,MAAMQ,eAA2B,MAAMhE,WAAWiE,WAAW,CAACT,OAAO;gBACnEU,QAAQnE,WAAWyD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACM,MAAM;YAC9C;YACAhD,OAAO8C,aAAaG,GAAG,EAAEC,WAAW,CAACC,IAAAA,wBAAgB,KAAI,CAAC;YAC1DnD,OAAO8C,aAAaM,GAAG,EAAEF,WAAW,CAACC,IAAAA,wBAAgB,MAAKE,IAAAA,oCAAyB,EAACxE,WAAWyD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACY,UAAU,GAAG,CAAC;YAChItD,OAAO8C,aAAaS,QAAQ,CAACrD,EAAE,EAAEY,IAAI,CAAC9B,SAASkB,EAAE;YACjD,IAAImC,OAAOK,IAAI,KAAKC,0BAAU,CAACa,OAAO,EAAE;gBACtC,iCAAiC;gBACjCvE,eAAeqD;YACjB;QACF;IACF;IAEA3B,GAAG,CAAC,KAAK,EAAE8C,uBAAe,CAAC,OAAO,CAAC,EAAE;QACnC,MAAMzC,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKsC,uBAAe;YACpBrC,MAAM;QACR;QACApB,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BvB,OAAOgB,IAAIgB,OAAO,CAAC,aAAa,EAAEC,YAAY,CAAC;QAC/C,MAAMC,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/F;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACA;;;;;;;;;;IAUA,GACAI,cAAcF,SAAS;IACzB;IAEAvB,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,OAAO,CAAC,EAAE;QACpC,MAAM1C,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRc,SAAS;gBAAE,CAACnD,WAAWyD,KAAK,CAACqB,IAAI,CAACC,IAAI,CAAC,EAAE1E;YAAU;YACnDiC,KAAKuC,wBAAgB;YACrBxB,SAAS;gBAAE,CAACrD,WAAWyD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE3E;YAAa;QAC3D;QACAe,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/B,MAAMW,UAAqDC,WAAWnB,IAAIgB,OAAO,CAAC,aAAa;QAC/FI,cAAcF;IAChB;IAEAvB,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,mBAAmB,CAAC,EAAE;QAChD,MAAM1C,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKuC,wBAAgB;YACrB1B,SAAS;gBAAE,CAACnD,WAAWyD,KAAK,CAACqB,IAAI,CAACC,IAAI,CAAC,EAAE1E;YAAU;YACnDgD,SAAS;gBAAE,CAACrD,WAAWyD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE;YAAM;QACpD;QACA5D,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAE+C,wBAAgB,CAAC,sBAAsB,CAAC,EAAE;QACnD,MAAM1C,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKuC,wBAAgB;YACrBxB,SAAS;gBAAE,CAACrD,WAAWyD,KAAK,CAACuB,OAAO,CAACD,IAAI,CAAC,EAAE3E;YAAa;QAC3D;QACAe,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BvB,OAAOgB,IAAIc,IAAI,GAAGgC,OAAO,EAAEvC,OAAO,CAACwC,gBAAU,CAACC,eAAe;IAC/D;IAEArD,GAAG,CAAC,KAAK,EAAEsD,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMjD,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAK8C,sBAAc;YACnB7C,MAAM;gBAAEjB,OAAOnB,SAASmB,KAAK;gBAAEkB,UAAU;YAAM;QACjD;QACArB,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAEsD,sBAAc,CAAC,OAAO,CAAC,EAAE;QAClC,MAAMjD,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAK8C,sBAAc;YACnB7C,MAAM;gBAAEjB,OAAOnB,SAASmB,KAAK;gBAAEkB,UAAUrC,SAASqC,QAAQ;YAAC;QAC7D;QACArB,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/B,MAAMgB,UAAUvB,IAAIc,IAAI;QACxB9B,OAAO,IAAMkE,IAAAA,+BAAoB,EAACC,kCAAgB,EAAE5B,UAAUhC,GAAG,CAACC,OAAO;QACzE,KAAK,MAAMkC,QAAQ0B,iBAAW,CAACC,MAAM,CAAC,CAACC,IAAMA,MAAM3B,0BAAU,CAAC4B,MAAM,IAAID,MAAM3B,0BAAU,CAACa,OAAO,EAAG;YACjGxD,OAAOuC,OAAO,CAACG,KAAK,EAAE9B,WAAW;YACjCZ,OAAOuC,OAAO,CAAC,GAAGG,KAAK,WAAW,CAAC,CAAC,EAAEQ,WAAW,CAACC,IAAAA,wBAAgB,MAAKE,IAAAA,oCAAyB,EAACxE,WAAWyD,KAAK,CAACI,KAAK,CAACY,UAAU,GAAG,CAAC;QACxI;IACF;IAEA3C,GAAG,CAAC,KAAK,EAAE6D,8BAAsB,CAAC,OAAO,CAAC,EAAE;QAC1C,MAAMxD,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKqD,8BAAsB;YAC3BxC,SAAS;gBAAEyC,eAAe;YAAa;QACzC;QACAzE,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;IACjC;IAEAZ,GAAG,CAAC,KAAK,EAAE6D,8BAAsB,CAAC,OAAO,CAAC,EAAE;QAC1C,MAAMxD,MAAM,MAAMpC,IAAIqC,MAAM,CAAC;YAC3BC,QAAQ;YACRC,KAAKqD,8BAAsB;YAC3BxC,SAAS;gBAAEyC,eAAe,CAAC,OAAO,EAAExF,cAAc;YAAC;QACrD;QACAe,OAAOgB,IAAIM,UAAU,EAAEC,OAAO,CAAC;QAC/BvB,OAAO,IAAMkE,IAAAA,+BAAoB,EAACC,kCAAgB,EAAEnD,IAAIc,IAAI,KAAKvB,GAAG,CAACC,OAAO;IAC9E;IAEA,SAAS2B,WAAWuC,SAAmB;QACrC,MAAMxC,UAAqD,EAAE;QAC7D,KAAK,MAAMyC,KAAKD,UAAW;YACzB,MAAME,aAAaD,EAAEE,KAAK,CAAC,IAAI,CAAC,EAAE;YAClC,MAAMC,eAAeH,EAAEE,KAAK,CAAC;YAC7B,OAAQD;gBACN,KAAK/F,WAAWyD,KAAK,CAACyC,MAAM,CAACnB,IAAI;oBAC/B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAAC4B,MAAM;wBAAEhC,SAASuC;oBAAa;oBAC9D;gBACF,KAAKjG,WAAWyD,KAAK,CAACuB,OAAO,CAACD,IAAI;oBAChC1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACa,OAAO;wBAAEjB,SAASuC;oBAAa;oBAC/D;gBACF,KAAKjG,WAAWyD,KAAK,CAAC2C,EAAE,CAACrB,IAAI;oBAC3B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACuC,EAAE;wBAAE3C,SAASuC;oBAAa;oBAC1D;gBACF,KAAKjG,WAAWyD,KAAK,CAACqB,IAAI,CAACC,IAAI;oBAC7B1B,QAAQ8C,IAAI,CAAC;wBAAEtC,MAAMC,0BAAU,CAACC,IAAI;wBAAEL,SAASuC;oBAAa;oBAC5D;YACJ;QACF;QACA,OAAO5C;IACT;IAEA,SAASE,cAAcF,OAAkD,EAAEiD,QAAQ,KAAK;QACtF,KAAK,MAAM9C,UAAUH,QAAS;YAC5BlC,OAAOqC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAACjC,WAAWyD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACkB,IAAI;YAC/E5D,OAAOqC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAACsE,iBAAW,CAAC/C,OAAOK,IAAI,CAAC;YACrE,IAAIL,OAAOK,IAAI,KAAKC,0BAAU,CAACC,IAAI,EAAE;gBACnC5C,OAAOqC,OAAOE,OAAO,EAAEhC,GAAG,CAAC8E,SAAS,CAAC;YACvC,OAAO;gBACLrF,OAAOqC,OAAOE,OAAO,EAAE8C,SAAS,CAAC;YACnC;YACArF,OAAOqC,OAAOE,OAAO,EAAEhC,GAAG,CAAC8E,SAAS,CAAC;YACrCrF,OAAOqC,OAAOE,OAAO,CAACF,OAAOE,OAAO,CAAC+C,MAAM,GAAG,EAAE,CAACT,KAAK,CAAC,IAAI,CAAC,EAAE,CAACU,WAAW,IAAIzE,IAAI,CAACjC,WAAW2G,cAAc;YAC5G,IAAIL,OAAO;gBACTnF,OAAOqC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;gBAC7Cd,OAAOqC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;gBAC7Cd,OAAOqC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAE/D,IAAI,CAAC;YAC/C,OAAO;gBACLd,OAAOyF,SAASpD,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG3B,WAAW,CAACG,IAAAA,oCAAyB,EAACxE,WAAWyD,KAAK,CAACD,OAAOK,IAAI,CAAC,CAACY,UAAU,GAAG,CAAC;gBACpItD,OAAOqC,OAAOE,OAAO,CAAC,EAAE,CAACsC,KAAK,CAAC,IAAI,CAAC,EAAE,EAAEtE,GAAG,CAACO,IAAI,CAAC;YACnD;QACF;IACF;AACF"}

package/server/authentication/auth.module.js

@@ -33,6 +33,7 @@ const _authmethod = require("./models/auth-method");
 const _authmanagerservice = require("./services/auth-manager.service");
 const _authmethoddatabaseservice = require("./services/auth-methods/auth-method-database.service");
 const _authmethodldapservice = require("./services/auth-methods/auth-method-ldap.service");
+const _authmethodtwofaservice = require("./services/auth-methods/auth-method-two-fa.service");
 function _ts_decorate(decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -69,6 +70,7 @@ AuthModule = _ts_decorate([
             _authbasicstrategy.AuthBasicStrategy,
             _authanonymousstrategy.AuthAnonymousStrategy,
             _authmanagerservice.AuthManager,
+            _authmethodtwofaservice.AuthMethod2FA,
             {
                 provide: _authmethod.AuthMethod,
                 useClass: _configenvironment.configuration.auth.method === 'ldap' ? _authmethodldapservice.AuthMethodLdapService : _authmethoddatabaseservice.AuthMethodDatabase
@@ -76,7 +78,8 @@ AuthModule = _ts_decorate([
         ],
         exports: [
             _authmanagerservice.AuthManager,
-            _authmethod.AuthMethod
+            _authmethod.AuthMethod,
+            _authmethodtwofaservice.AuthMethod2FA
         ]
     })
 ], AuthModule);

package/server/authentication/auth.module.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../backend/src/authentication/auth.module.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Global, Module } from '@nestjs/common'\nimport { APP_GUARD } from '@nestjs/core'\nimport { JwtModule } from '@nestjs/jwt'\nimport { PassportModule } from '@nestjs/passport'\nimport { UsersModule } from '../applications/users/users.module'\nimport { configuration } from '../configuration/config.environment'\nimport { AuthController } from './auth.controller'\nimport { AuthAnonymousGuard } from './guards/auth-anonymous.guard'\nimport { AuthAnonymousStrategy } from './guards/auth-anonymous.strategy'\nimport { AuthBasicGuard } from './guards/auth-basic.guard'\nimport { AuthBasicStrategy } from './guards/auth-basic.strategy'\nimport { AuthLocalGuard } from './guards/auth-local.guard'\nimport { AuthLocalStrategy } from './guards/auth-local.strategy'\nimport { AuthTokenAccessGuard } from './guards/auth-token-access.guard'\nimport { AuthTokenAccessStrategy } from './guards/auth-token-access.strategy'\nimport { AuthTokenRefreshGuard } from './guards/auth-token-refresh.guard'\nimport { AuthTokenRefreshStrategy } from './guards/auth-token-refresh.strategy'\nimport { AuthMethod } from './models/auth-method'\nimport { AuthManager } from './services/auth-manager.service'\nimport { AuthMethodDatabase } from './services/auth-methods/auth-method-database.service'\nimport { AuthMethodLdapService } from './services/auth-methods/auth-method-ldap.service'\n\n@Global()\n@Module({\n  imports: [JwtModule.register({ global: true }), UsersModule, PassportModule],\n  controllers: [AuthController],\n  providers: [\n    {\n      provide: APP_GUARD,\n      useClass: AuthTokenAccessGuard\n    },\n    AuthTokenRefreshGuard,\n    AuthLocalGuard,\n    AuthBasicGuard,\n    AuthAnonymousGuard,\n    AuthLocalStrategy,\n    AuthTokenAccessStrategy,\n    AuthTokenRefreshStrategy,\n    AuthBasicStrategy,\n    AuthAnonymousStrategy,\n    AuthManager,\n    { provide: AuthMethod, useClass: configuration.auth.method === 'ldap' ? AuthMethodLdapService : AuthMethodDatabase }\n  ],\n  exports: [AuthManager, AuthMethod]\n})\nexport class AuthModule {}\n"],"names":["AuthModule","imports","JwtModule","register","global","UsersModule","PassportModule","controllers","AuthController","providers","provide","APP_GUARD","useClass","AuthTokenAccessGuard","AuthTokenRefreshGuard","AuthLocalGuard","AuthBasicGuard","AuthAnonymousGuard","AuthLocalStrategy","AuthTokenAccessStrategy","AuthTokenRefreshStrategy","AuthBasicStrategy","AuthAnonymousStrategy","AuthManager","AuthMethod","configuration","auth","method","AuthMethodLdapService","AuthMethodDatabase","exports"],"mappings":"AAAA;;;;CAIC;;;;+BA+CYA;;;eAAAA;;;wBA7CkB;sBACL;qBACA;0BACK;6BACH;mCACE;gCACC;oCACI;uCACG;gCACP;mCACG;gCACH;mCACG;sCACG;yCACG;uCACF;0CACG;4BACd;oCACC;2CACO;uCACG;;;;;;;AAyB/B,IAAA,AAAMA,aAAN,MAAMA;AAAY;;;;QArBvBC,SAAS;YAACC,cAAS,CAACC,QAAQ,CAAC;gBAAEC,QAAQ;YAAK;YAAIC,wBAAW;YAAEC,wBAAc;SAAC;QAC5EC,aAAa;YAACC,8BAAc;SAAC;QAC7BC,WAAW;YACT;gBACEC,SAASC,eAAS;gBAClBC,UAAUC,0CAAoB;YAChC;YACAC,4CAAqB;YACrBC,8BAAc;YACdC,8BAAc;YACdC,sCAAkB;YAClBC,oCAAiB;YACjBC,gDAAuB;YACvBC,kDAAwB;YACxBC,oCAAiB;YACjBC,4CAAqB;YACrBC,+BAAW;YACX;gBAAEb,SAASc,sBAAU;gBAAEZ,UAAUa,gCAAa,CAACC,IAAI,CAACC,MAAM,KAAK,SAASC,4CAAqB,GAAGC,6CAAkB;YAAC;SACpH;QACDC,SAAS;YAACP,+BAAW;YAAEC,sBAAU;SAAC"}
+{"version":3,"sources":["../../../backend/src/authentication/auth.module.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Global, Module } from '@nestjs/common'\nimport { APP_GUARD } from '@nestjs/core'\nimport { JwtModule } from '@nestjs/jwt'\nimport { PassportModule } from '@nestjs/passport'\nimport { UsersModule } from '../applications/users/users.module'\nimport { configuration } from '../configuration/config.environment'\nimport { AuthController } from './auth.controller'\nimport { AuthAnonymousGuard } from './guards/auth-anonymous.guard'\nimport { AuthAnonymousStrategy } from './guards/auth-anonymous.strategy'\nimport { AuthBasicGuard } from './guards/auth-basic.guard'\nimport { AuthBasicStrategy } from './guards/auth-basic.strategy'\nimport { AuthLocalGuard } from './guards/auth-local.guard'\nimport { AuthLocalStrategy } from './guards/auth-local.strategy'\nimport { AuthTokenAccessGuard } from './guards/auth-token-access.guard'\nimport { AuthTokenAccessStrategy } from './guards/auth-token-access.strategy'\nimport { AuthTokenRefreshGuard } from './guards/auth-token-refresh.guard'\nimport { AuthTokenRefreshStrategy } from './guards/auth-token-refresh.strategy'\nimport { AuthMethod } from './models/auth-method'\nimport { AuthManager } from './services/auth-manager.service'\nimport { AuthMethodDatabase } from './services/auth-methods/auth-method-database.service'\nimport { AuthMethodLdapService } from './services/auth-methods/auth-method-ldap.service'\nimport { AuthMethod2FA } from './services/auth-methods/auth-method-two-fa.service'\n\n@Global()\n@Module({\n  imports: [JwtModule.register({ global: true }), UsersModule, PassportModule],\n  controllers: [AuthController],\n  providers: [\n    {\n      provide: APP_GUARD,\n      useClass: AuthTokenAccessGuard\n    },\n    AuthTokenRefreshGuard,\n    AuthLocalGuard,\n    AuthBasicGuard,\n    AuthAnonymousGuard,\n    AuthLocalStrategy,\n    AuthTokenAccessStrategy,\n    AuthTokenRefreshStrategy,\n    AuthBasicStrategy,\n    AuthAnonymousStrategy,\n    AuthManager,\n    AuthMethod2FA,\n    { provide: AuthMethod, useClass: configuration.auth.method === 'ldap' ? AuthMethodLdapService : AuthMethodDatabase }\n  ],\n  exports: [AuthManager, AuthMethod, AuthMethod2FA]\n})\nexport class AuthModule {}\n"],"names":["AuthModule","imports","JwtModule","register","global","UsersModule","PassportModule","controllers","AuthController","providers","provide","APP_GUARD","useClass","AuthTokenAccessGuard","AuthTokenRefreshGuard","AuthLocalGuard","AuthBasicGuard","AuthAnonymousGuard","AuthLocalStrategy","AuthTokenAccessStrategy","AuthTokenRefreshStrategy","AuthBasicStrategy","AuthAnonymousStrategy","AuthManager","AuthMethod2FA","AuthMethod","configuration","auth","method","AuthMethodLdapService","AuthMethodDatabase","exports"],"mappings":"AAAA;;;;CAIC;;;;+BAiDYA;;;eAAAA;;;wBA/CkB;sBACL;qBACA;0BACK;6BACH;mCACE;gCACC;oCACI;uCACG;gCACP;mCACG;gCACH;mCACG;sCACG;yCACG;uCACF;0CACG;4BACd;oCACC;2CACO;uCACG;wCACR;;;;;;;AA0BvB,IAAA,AAAMA,aAAN,MAAMA;AAAY;;;;QAtBvBC,SAAS;YAACC,cAAS,CAACC,QAAQ,CAAC;gBAAEC,QAAQ;YAAK;YAAIC,wBAAW;YAAEC,wBAAc;SAAC;QAC5EC,aAAa;YAACC,8BAAc;SAAC;QAC7BC,WAAW;YACT;gBACEC,SAASC,eAAS;gBAClBC,UAAUC,0CAAoB;YAChC;YACAC,4CAAqB;YACrBC,8BAAc;YACdC,8BAAc;YACdC,sCAAkB;YAClBC,oCAAiB;YACjBC,gDAAuB;YACvBC,kDAAwB;YACxBC,oCAAiB;YACjBC,4CAAqB;YACrBC,+BAAW;YACXC,qCAAa;YACb;gBAAEd,SAASe,sBAAU;gBAAEb,UAAUc,gCAAa,CAACC,IAAI,CAACC,MAAM,KAAK,SAASC,4CAAqB,GAAGC,6CAAkB;YAAC;SACpH;QACDC,SAAS;YAACR,+BAAW;YAAEE,sBAAU;YAAED,qCAAa;SAAC"}

package/server/authentication/constants/auth.js

@@ -13,31 +13,60 @@ function _export(target, all) {
     });
 }
 _export(exports, {
+    get ACCESS_KEY () {
+        return ACCESS_KEY;
+    },
     get CSRF_ERROR () {
         return CSRF_ERROR;
     },
     get CSRF_KEY () {
         return CSRF_KEY;
     },
+    get REFRESH_KEY () {
+        return REFRESH_KEY;
+    },
+    get TOKEN_2FA_TYPES () {
+        return TOKEN_2FA_TYPES;
+    },
     get TOKEN_PATHS () {
         return TOKEN_PATHS;
     },
     get TOKEN_TYPES () {
         return TOKEN_TYPES;
     },
+    get TWO_FA_CODE_LENGTH () {
+        return TWO_FA_CODE_LENGTH;
+    },
+    get TWO_FA_HEADER_CODE () {
+        return TWO_FA_HEADER_CODE;
+    },
+    get TWO_FA_HEADER_PASSWORD () {
+        return TWO_FA_HEADER_PASSWORD;
+    },
+    get TWO_FA_VERIFY_EXPIRATION () {
+        return TWO_FA_VERIFY_EXPIRATION;
+    },
     get WS_KEY () {
         return WS_KEY;
     }
 });
 const _tokeninterface = require("../interfaces/token.interface");
 const _routes = require("./routes");
+const ACCESS_KEY = 'sync-in-access';
+const REFRESH_KEY = 'sync-in-refresh';
 const CSRF_KEY = 'sync-in-csrf';
 const WS_KEY = 'sync-in-ws';
+const TWO_FA_CODE_LENGTH = 6;
+const TWO_FA_VERIFY_EXPIRATION = '5m';
+const TWO_FA_HEADER_CODE = 'sync-in-two-fa-code';
+const TWO_FA_HEADER_PASSWORD = 'sync-in-two-fa-password';
 const TOKEN_PATHS = {
-    access: '/',
-    refresh: _routes.API_AUTH_REFRESH,
-    ws: _routes.API_AUTH_WS,
-    csrf: '/'
+    [_tokeninterface.TOKEN_TYPE.ACCESS]: '/',
+    [_tokeninterface.TOKEN_TYPE.REFRESH]: _routes.API_AUTH_REFRESH,
+    [_tokeninterface.TOKEN_TYPE.WS]: _routes.API_AUTH_WS,
+    [_tokeninterface.TOKEN_TYPE.CSRF]: '/',
+    [_tokeninterface.TOKEN_TYPE.ACCESS_2FA]: _routes.API_TWO_FA_LOGIN_VERIFY,
+    [_tokeninterface.TOKEN_TYPE.CSRF_2FA]: '/'
 };
 const TOKEN_TYPES = [
     _tokeninterface.TOKEN_TYPE.REFRESH,
@@ -45,6 +74,10 @@ const TOKEN_TYPES = [
     _tokeninterface.TOKEN_TYPE.WS,
     _tokeninterface.TOKEN_TYPE.CSRF
 ];
+const TOKEN_2FA_TYPES = [
+    _tokeninterface.TOKEN_TYPE.ACCESS_2FA,
+    _tokeninterface.TOKEN_TYPE.CSRF_2FA
+];
 const CSRF_ERROR = {
     MISSING_JWT: 'Missing CSRF in JWT',
     MISSING_HEADERS: 'Missing CSRF in headers',

package/server/authentication/constants/auth.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../backend/src/authentication/constants/auth.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { TOKEN_TYPE } from '../interfaces/token.interface'\nimport { API_AUTH_REFRESH, API_AUTH_WS } from './routes'\n\nexport const CSRF_KEY = 'sync-in-csrf'\nexport const WS_KEY = 'sync-in-ws'\n\nexport const TOKEN_PATHS = { access: '/', refresh: API_AUTH_REFRESH, ws: API_AUTH_WS, csrf: '/' } as const\nexport const TOKEN_TYPES: TOKEN_TYPE[] = [TOKEN_TYPE.REFRESH, TOKEN_TYPE.ACCESS, TOKEN_TYPE.WS, TOKEN_TYPE.CSRF] as const\n\nexport const CSRF_ERROR = {\n  MISSING_JWT: 'Missing CSRF in JWT',\n  MISSING_HEADERS: 'Missing CSRF in headers',\n  MISMATCH: 'CSRF mismatch'\n} as const\n"],"names":["CSRF_ERROR","CSRF_KEY","TOKEN_PATHS","TOKEN_TYPES","WS_KEY","access","refresh","API_AUTH_REFRESH","ws","API_AUTH_WS","csrf","TOKEN_TYPE","REFRESH","ACCESS","WS","CSRF","MISSING_JWT","MISSING_HEADERS","MISMATCH"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAWYA;eAAAA;;QANAC;eAAAA;;QAGAC;eAAAA;;QACAC;eAAAA;;QAHAC;eAAAA;;;gCAJc;wBACmB;AAEvC,MAAMH,WAAW;AACjB,MAAMG,SAAS;AAEf,MAAMF,cAAc;IAAEG,QAAQ;IAAKC,SAASC,wBAAgB;IAAEC,IAAIC,mBAAW;IAAEC,MAAM;AAAI;AACzF,MAAMP,cAA4B;IAACQ,0BAAU,CAACC,OAAO;IAAED,0BAAU,CAACE,MAAM;IAAEF,0BAAU,CAACG,EAAE;IAAEH,0BAAU,CAACI,IAAI;CAAC;AAEzG,MAAMf,aAAa;IACxBgB,aAAa;IACbC,iBAAiB;IACjBC,UAAU;AACZ"}
+{"version":3,"sources":["../../../../backend/src/authentication/constants/auth.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { TOKEN_TYPE } from '../interfaces/token.interface'\nimport { API_AUTH_REFRESH, API_AUTH_WS, API_TWO_FA_LOGIN_VERIFY } from './routes'\n\nexport const ACCESS_KEY = 'sync-in-access'\nexport const REFRESH_KEY = 'sync-in-refresh'\nexport const CSRF_KEY = 'sync-in-csrf'\nexport const WS_KEY = 'sync-in-ws'\n\nexport const TWO_FA_CODE_LENGTH = 6\nexport const TWO_FA_VERIFY_EXPIRATION = '5m'\nexport const TWO_FA_HEADER_CODE = 'sync-in-two-fa-code'\nexport const TWO_FA_HEADER_PASSWORD = 'sync-in-two-fa-password'\n\nexport const TOKEN_PATHS = {\n  [TOKEN_TYPE.ACCESS]: '/',\n  [TOKEN_TYPE.REFRESH]: API_AUTH_REFRESH,\n  [TOKEN_TYPE.WS]: API_AUTH_WS,\n  [TOKEN_TYPE.CSRF]: '/',\n  [TOKEN_TYPE.ACCESS_2FA]: API_TWO_FA_LOGIN_VERIFY,\n  [TOKEN_TYPE.CSRF_2FA]: '/'\n} as const\n\nexport const TOKEN_TYPES: TOKEN_TYPE[] = [TOKEN_TYPE.REFRESH, TOKEN_TYPE.ACCESS, TOKEN_TYPE.WS, TOKEN_TYPE.CSRF] as const\nexport const TOKEN_2FA_TYPES: TOKEN_TYPE[] = [TOKEN_TYPE.ACCESS_2FA, TOKEN_TYPE.CSRF_2FA] as const\n\nexport const CSRF_ERROR = {\n  MISSING_JWT: 'Missing CSRF in JWT',\n  MISSING_HEADERS: 'Missing CSRF in headers',\n  MISMATCH: 'CSRF mismatch'\n} as const\n"],"names":["ACCESS_KEY","CSRF_ERROR","CSRF_KEY","REFRESH_KEY","TOKEN_2FA_TYPES","TOKEN_PATHS","TOKEN_TYPES","TWO_FA_CODE_LENGTH","TWO_FA_HEADER_CODE","TWO_FA_HEADER_PASSWORD","TWO_FA_VERIFY_EXPIRATION","WS_KEY","TOKEN_TYPE","ACCESS","REFRESH","API_AUTH_REFRESH","WS","API_AUTH_WS","CSRF","ACCESS_2FA","API_TWO_FA_LOGIN_VERIFY","CSRF_2FA","MISSING_JWT","MISSING_HEADERS","MISMATCH"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAKYA;eAAAA;;QAsBAC;eAAAA;;QApBAC;eAAAA;;QADAC;eAAAA;;QAmBAC;eAAAA;;QAVAC;eAAAA;;QASAC;eAAAA;;QAdAC;eAAAA;;QAEAC;eAAAA;;QACAC;eAAAA;;QAFAC;eAAAA;;QAHAC;eAAAA;;;gCANc;wBAC4C;AAEhE,MAAMX,aAAa;AACnB,MAAMG,cAAc;AACpB,MAAMD,WAAW;AACjB,MAAMS,SAAS;AAEf,MAAMJ,qBAAqB;AAC3B,MAAMG,2BAA2B;AACjC,MAAMF,qBAAqB;AAC3B,MAAMC,yBAAyB;AAE/B,MAAMJ,cAAc;IACzB,CAACO,0BAAU,CAACC,MAAM,CAAC,EAAE;IACrB,CAACD,0BAAU,CAACE,OAAO,CAAC,EAAEC,wBAAgB;IACtC,CAACH,0BAAU,CAACI,EAAE,CAAC,EAAEC,mBAAW;IAC5B,CAACL,0BAAU,CAACM,IAAI,CAAC,EAAE;IACnB,CAACN,0BAAU,CAACO,UAAU,CAAC,EAAEC,+BAAuB;IAChD,CAACR,0BAAU,CAACS,QAAQ,CAAC,EAAE;AACzB;AAEO,MAAMf,cAA4B;IAACM,0BAAU,CAACE,OAAO;IAAEF,0BAAU,CAACC,MAAM;IAAED,0BAAU,CAACI,EAAE;IAAEJ,0BAAU,CAACM,IAAI;CAAC;AACzG,MAAMd,kBAAgC;IAACQ,0BAAU,CAACO,UAAU;IAAEP,0BAAU,CAACS,QAAQ;CAAC;AAElF,MAAMpB,aAAa;IACxBqB,aAAa;IACbC,iBAAiB;IACjBC,UAAU;AACZ"}

package/server/authentication/constants/routes.js

@@ -31,6 +31,18 @@ _export(exports, {
     get API_AUTH_WS () {
         return API_AUTH_WS;
     },
+    get API_TWO_FA_ADMIN_RESET_USER () {
+        return API_TWO_FA_ADMIN_RESET_USER;
+    },
+    get API_TWO_FA_DISABLE () {
+        return API_TWO_FA_DISABLE;
+    },
+    get API_TWO_FA_ENABLE () {
+        return API_TWO_FA_ENABLE;
+    },
+    get API_TWO_FA_LOGIN_VERIFY () {
+        return API_TWO_FA_LOGIN_VERIFY;
+    },
     get AUTH_ROUTE () {
         return AUTH_ROUTE;
     }
@@ -43,6 +55,11 @@ var AUTH_ROUTE = /*#__PURE__*/ function(AUTH_ROUTE) {
     AUTH_ROUTE["TOKEN"] = "token";
     AUTH_ROUTE["TOKEN_REFRESH"] = "token/refresh";
     AUTH_ROUTE["WS"] = "socket.io";
+    AUTH_ROUTE["TWO_FA_BASE"] = "2fa";
+    AUTH_ROUTE["TWO_FA_ENABLE"] = "enable";
+    AUTH_ROUTE["TWO_FA_DISABLE"] = "disable";
+    AUTH_ROUTE["TWO_FA_LOGIN_VERIFY"] = "login/verify";
+    AUTH_ROUTE["TWO_FA_ADMIN_RESET_USER"] = "reset/user";
     return AUTH_ROUTE;
 }({});
 const API_AUTH_LOGIN = `${"/api/auth"}/${"login"}`;
@@ -51,5 +68,9 @@ const API_AUTH_REFRESH = `${"/api/auth"}/${"refresh"}`;
 const API_AUTH_TOKEN = `${"/api/auth"}/${"token"}`;
 const API_AUTH_TOKEN_REFRESH = `${"/api/auth"}/${"token/refresh"}`;
 const API_AUTH_WS = `/${"socket.io"}`;
+const API_TWO_FA_ENABLE = `${"/api/auth"}/${"2fa"}/${"enable"}`;
+const API_TWO_FA_DISABLE = `${"/api/auth"}/${"2fa"}/${"disable"}`;
+const API_TWO_FA_LOGIN_VERIFY = `${"/api/auth"}/${"2fa"}/${"login/verify"}`;
+const API_TWO_FA_ADMIN_RESET_USER = `${"/api/auth"}/${"2fa"}/${"reset/user"}`;
 
 //# sourceMappingURL=routes.js.map

package/server/authentication/constants/routes.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../backend/src/authentication/constants/routes.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nexport enum AUTH_ROUTE {\n  BASE = '/api/auth',\n  LOGIN = 'login',\n  LOGOUT = 'logout',\n  REFRESH = 'refresh',\n  TOKEN = 'token',\n  TOKEN_REFRESH = `${AUTH_ROUTE.TOKEN}/refresh`,\n  WS = 'socket.io'\n}\n\nexport const API_AUTH_LOGIN = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.LOGIN}`\nexport const API_AUTH_LOGOUT = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.LOGOUT}`\nexport const API_AUTH_REFRESH = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.REFRESH}`\nexport const API_AUTH_TOKEN = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.TOKEN}`\nexport const API_AUTH_TOKEN_REFRESH = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.TOKEN_REFRESH}`\nexport const API_AUTH_WS = `/${AUTH_ROUTE.WS}`\n"],"names":["API_AUTH_LOGIN","API_AUTH_LOGOUT","API_AUTH_REFRESH","API_AUTH_TOKEN","API_AUTH_TOKEN_REFRESH","API_AUTH_WS","AUTH_ROUTE"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAYYA;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;QAfDC;eAAAA;;;AAAL,IAAA,AAAKA,oCAAAA;;;;;;;;WAAAA;;AAUL,MAAMN,iBAAiB,eAAmB,CAAC,WAAoB;AAC/D,MAAMC,kBAAkB,eAAmB,CAAC,YAAqB;AACjE,MAAMC,mBAAmB,eAAmB,CAAC,aAAsB;AACnE,MAAMC,iBAAiB,eAAmB,CAAC,WAAoB;AAC/D,MAAMC,yBAAyB,eAAmB,CAAC,mBAA4B;AAC/E,MAAMC,cAAc,CAAC,CAAC,eAAiB"}
+{"version":3,"sources":["../../../../backend/src/authentication/constants/routes.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nexport enum AUTH_ROUTE {\n  BASE = '/api/auth',\n  LOGIN = 'login',\n  LOGOUT = 'logout',\n  REFRESH = 'refresh',\n  TOKEN = 'token',\n  TOKEN_REFRESH = `${AUTH_ROUTE.TOKEN}/refresh`,\n  WS = 'socket.io',\n  TWO_FA_BASE = '2fa',\n  TWO_FA_ENABLE = 'enable',\n  TWO_FA_DISABLE = 'disable',\n  TWO_FA_LOGIN_VERIFY = 'login/verify',\n  TWO_FA_ADMIN_RESET_USER = 'reset/user'\n}\n\nexport const API_AUTH_LOGIN = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.LOGIN}`\nexport const API_AUTH_LOGOUT = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.LOGOUT}`\nexport const API_AUTH_REFRESH = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.REFRESH}`\nexport const API_AUTH_TOKEN = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.TOKEN}`\nexport const API_AUTH_TOKEN_REFRESH = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.TOKEN_REFRESH}`\nexport const API_AUTH_WS = `/${AUTH_ROUTE.WS}`\nexport const API_TWO_FA_ENABLE = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_ENABLE}`\nexport const API_TWO_FA_DISABLE = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_DISABLE}`\nexport const API_TWO_FA_LOGIN_VERIFY = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_LOGIN_VERIFY}`\nexport const API_TWO_FA_ADMIN_RESET_USER = `${AUTH_ROUTE.BASE}/${AUTH_ROUTE.TWO_FA_BASE}/${AUTH_ROUTE.TWO_FA_ADMIN_RESET_USER}`\n"],"names":["API_AUTH_LOGIN","API_AUTH_LOGOUT","API_AUTH_REFRESH","API_AUTH_TOKEN","API_AUTH_TOKEN_REFRESH","API_AUTH_WS","API_TWO_FA_ADMIN_RESET_USER","API_TWO_FA_DISABLE","API_TWO_FA_ENABLE","API_TWO_FA_LOGIN_VERIFY","AUTH_ROUTE"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAiBYA;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;QACAC;eAAAA;;QAIAC;eAAAA;;QAFAC;eAAAA;;QADAC;eAAAA;;QAEAC;eAAAA;;QAvBDC;eAAAA;;;AAAL,IAAA,AAAKA,oCAAAA;;;;;;;;;;;;;WAAAA;;AAeL,MAAMV,iBAAiB,eAAmB,CAAC,WAAoB;AAC/D,MAAMC,kBAAkB,eAAmB,CAAC,YAAqB;AACjE,MAAMC,mBAAmB,eAAmB,CAAC,aAAsB;AACnE,MAAMC,iBAAiB,eAAmB,CAAC,WAAoB;AAC/D,MAAMC,yBAAyB,eAAmB,CAAC,mBAA4B;AAC/E,MAAMC,cAAc,CAAC,CAAC,eAAiB;AACvC,MAAMG,oBAAoB,eAAmB,CAAC,QAAyB,CAAC,YAA4B;AACpG,MAAMD,qBAAqB,eAAmB,CAAC,QAAyB,CAAC,aAA6B;AACtG,MAAME,0BAA0B,eAAmB,CAAC,QAAyB,CAAC,kBAAkC;AAChH,MAAMH,8BAA8B,eAAmB,CAAC,QAAyB,CAAC,gBAAsC"}

package/server/authentication/constants/scope.js

@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>
+ * This file is part of Sync-in | The open source file sync and share solution
+ * See the LICENSE file for licensing details
+ */ "use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "AUTH_SCOPE", {
+    enumerable: true,
+    get: function() {
+        return AUTH_SCOPE;
+    }
+});
+var AUTH_SCOPE = /*#__PURE__*/ function(AUTH_SCOPE) {
+    AUTH_SCOPE["WEBDAV"] = "webdav";
+    return AUTH_SCOPE;
+}({});
+
+//# sourceMappingURL=scope.js.map

package/server/authentication/constants/scope.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../backend/src/authentication/constants/scope.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nexport enum AUTH_SCOPE {\n  WEBDAV = 'webdav'\n}\n"],"names":["AUTH_SCOPE"],"mappings":"AAAA;;;;CAIC;;;;+BAEWA;;;eAAAA;;;AAAL,IAAA,AAAKA,oCAAAA;;WAAAA"}

package/server/authentication/dto/login-response.dto.js

@@ -6,18 +6,41 @@
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
-Object.defineProperty(exports, "LoginResponseDto", {
-    enumerable: true,
-    get: function() {
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: Object.getOwnPropertyDescriptor(all, name).get
+    });
+}
+_export(exports, {
+    get LoginResponseDto () {
         return LoginResponseDto;
+    },
+    get LoginVerify2FaDto () {
+        return LoginVerify2FaDto;
+    },
+    get TwoFaResponseDto () {
+        return TwoFaResponseDto;
     }
 });
 const _tokenresponsedto = require("./token-response.dto");
 let LoginResponseDto = class LoginResponseDto {
-    constructor(user){
+    constructor(user, serverConfig){
+        this.server = serverConfig;
         this.user = user;
         this.token = new _tokenresponsedto.TokenResponseDto();
     }
 };
+let LoginVerify2FaDto = class LoginVerify2FaDto {
+    constructor(serverConfig){
+        this.user = {
+            twoFaEnabled: true
+        };
+        this.server = serverConfig;
+        this.token = new _tokenresponsedto.TokenResponseDto();
+    }
+};
+let TwoFaResponseDto = class TwoFaResponseDto extends LoginResponseDto {
+};
 
 //# sourceMappingURL=login-response.dto.js.map

package/server/authentication/dto/login-response.dto.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../backend/src/authentication/dto/login-response.dto.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { TokenResponseDto } from './token-response.dto'\n\nexport class LoginResponseDto {\n  user: UserModel\n  token: TokenResponseDto\n\n  constructor(user: UserModel) {\n    this.user = user\n    this.token = new TokenResponseDto()\n  }\n}\n"],"names":["LoginResponseDto","user","token","TokenResponseDto"],"mappings":"AAAA;;;;CAIC;;;;+BAKYA;;;eAAAA;;;kCAFoB;AAE1B,IAAA,AAAMA,mBAAN,MAAMA;IAIX,YAAYC,IAAe,CAAE;QAC3B,IAAI,CAACA,IAAI,GAAGA;QACZ,IAAI,CAACC,KAAK,GAAG,IAAIC,kCAAgB;IACnC;AACF"}
+{"version":3,"sources":["../../../../backend/src/authentication/dto/login-response.dto.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { ServerConfig } from '../../configuration/config.interfaces'\nimport { TokenResponseDto } from './token-response.dto'\n\nexport class LoginResponseDto {\n  server: ServerConfig\n  user: UserModel\n  token: TokenResponseDto\n\n  constructor(user: UserModel, serverConfig: ServerConfig) {\n    this.server = serverConfig\n    this.user = user\n    this.token = new TokenResponseDto()\n  }\n}\n\nexport class LoginVerify2FaDto {\n  server: ServerConfig\n  user = { twoFaEnabled: true }\n  token: TokenResponseDto\n\n  constructor(serverConfig: ServerConfig) {\n    this.server = serverConfig\n    this.token = new TokenResponseDto()\n  }\n}\n\nexport class TwoFaResponseDto extends LoginResponseDto {\n  success: boolean\n  message: string\n}\n"],"names":["LoginResponseDto","LoginVerify2FaDto","TwoFaResponseDto","user","serverConfig","server","token","TokenResponseDto","twoFaEnabled"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAMYA;eAAAA;;QAYAC;eAAAA;;QAWAC;eAAAA;;;kCAzBoB;AAE1B,IAAA,AAAMF,mBAAN,MAAMA;IAKX,YAAYG,IAAe,EAAEC,YAA0B,CAAE;QACvD,IAAI,CAACC,MAAM,GAAGD;QACd,IAAI,CAACD,IAAI,GAAGA;QACZ,IAAI,CAACG,KAAK,GAAG,IAAIC,kCAAgB;IACnC;AACF;AAEO,IAAA,AAAMN,oBAAN,MAAMA;IAKX,YAAYG,YAA0B,CAAE;aAHxCD,OAAO;YAAEK,cAAc;QAAK;QAI1B,IAAI,CAACH,MAAM,GAAGD;QACd,IAAI,CAACE,KAAK,GAAG,IAAIC,kCAAgB;IACnC;AACF;AAEO,IAAA,AAAML,mBAAN,MAAMA,yBAAyBF;AAGtC"}

package/server/authentication/dto/token-response.dto.js

@@ -40,5 +40,10 @@ _ts_decorate([
     (0, _classvalidator.IsInt)(),
     _ts_metadata("design:type", Number)
 ], TokenResponseDto.prototype, "refresh_expiration", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsInt)(),
+    _ts_metadata("design:type", Number)
+], TokenResponseDto.prototype, "access_2fa_expiration", void 0);
 
 //# sourceMappingURL=token-response.dto.js.map

package/server/authentication/dto/token-response.dto.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../backend/src/authentication/dto/token-response.dto.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { IsInt, IsString } from 'class-validator'\n\nexport class TokenResponseDto {\n  @IsString()\n  access: string\n\n  @IsString()\n  refresh: string\n\n  @IsInt()\n  access_expiration: number\n\n  @IsInt()\n  refresh_expiration: number\n}\n"],"names":["TokenResponseDto"],"mappings":"AAAA;;;;CAIC;;;;+BAIYA;;;eAAAA;;;gCAFmB;;;;;;;;;;AAEzB,IAAA,AAAMA,mBAAN,MAAMA;AAYb"}
+{"version":3,"sources":["../../../../backend/src/authentication/dto/token-response.dto.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { IsInt, IsOptional, IsString } from 'class-validator'\n\nexport class TokenResponseDto {\n  @IsString()\n  access: string\n\n  @IsString()\n  refresh: string\n\n  @IsInt()\n  access_expiration: number\n\n  @IsInt()\n  refresh_expiration: number\n\n  @IsOptional()\n  @IsInt()\n  access_2fa_expiration?: number\n}\n"],"names":["TokenResponseDto"],"mappings":"AAAA;;;;CAIC;;;;+BAIYA;;;eAAAA;;;gCAF+B;;;;;;;;;;AAErC,IAAA,AAAMA,mBAAN,MAAMA;AAgBb"}

package/server/{applications/users/dto/user-password.dto.js → authentication/dto/two-fa-verify.dto.js}

@@ -6,14 +6,21 @@
 Object.defineProperty(exports, "__esModule", {
     value: true
 });
-Object.defineProperty(exports, "UserPasswordDto", {
-    enumerable: true,
-    get: function() {
-        return UserPasswordDto;
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: Object.getOwnPropertyDescriptor(all, name).get
+    });
+}
+_export(exports, {
+    get TwoFaVerifyDto () {
+        return TwoFaVerifyDto;
+    },
+    get TwoFaVerifyWithPasswordDto () {
+        return TwoFaVerifyWithPasswordDto;
     }
 });
 const _classvalidator = require("class-validator");
-const _user = require("../constants/user");
 function _ts_decorate(decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
     if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
@@ -23,13 +30,24 @@ function _ts_decorate(decorators, target, key, desc) {
 function _ts_metadata(k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 }
-let UserPasswordDto = class UserPasswordDto {
+let TwoFaVerifyDto = class TwoFaVerifyDto {
 };
 _ts_decorate([
+    (0, _classvalidator.IsString)(),
     (0, _classvalidator.IsNotEmpty)(),
+    _ts_metadata("design:type", String)
+], TwoFaVerifyDto.prototype, "code", void 0);
+_ts_decorate([
+    (0, _classvalidator.IsOptional)(),
+    (0, _classvalidator.IsBoolean)(),
+    _ts_metadata("design:type", Boolean)
+], TwoFaVerifyDto.prototype, "isRecoveryCode", void 0);
+let TwoFaVerifyWithPasswordDto = class TwoFaVerifyWithPasswordDto extends TwoFaVerifyDto {
+};
+_ts_decorate([
     (0, _classvalidator.IsString)(),
-    (0, _classvalidator.MinLength)(_user.USER_PASSWORD_MIN_LENGTH),
+    (0, _classvalidator.IsNotEmpty)(),
     _ts_metadata("design:type", String)
-], UserPasswordDto.prototype, "password", void 0);
+], TwoFaVerifyWithPasswordDto.prototype, "password", void 0);
 
-//# sourceMappingURL=user-password.dto.js.map
+//# sourceMappingURL=two-fa-verify.dto.js.map

package/server/authentication/dto/two-fa-verify.dto.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../../../backend/src/authentication/dto/two-fa-verify.dto.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { IsBoolean, IsNotEmpty, IsOptional, IsString } from 'class-validator'\n\nexport class TwoFaVerifyDto {\n  @IsString()\n  @IsNotEmpty()\n  code!: string\n\n  @IsOptional()\n  @IsBoolean()\n  isRecoveryCode?: boolean\n}\n\nexport class TwoFaVerifyWithPasswordDto extends TwoFaVerifyDto {\n  @IsString()\n  @IsNotEmpty()\n  password!: string\n}\n"],"names":["TwoFaVerifyDto","TwoFaVerifyWithPasswordDto"],"mappings":"AAAA;;;;CAIC;;;;;;;;;;;QAIYA;eAAAA;;QAUAC;eAAAA;;;gCAZ+C;;;;;;;;;;AAErD,IAAA,AAAMD,iBAAN,MAAMA;AAQb;;;;;;;;;;;AAEO,IAAA,AAAMC,6BAAN,MAAMA,mCAAmCD;AAIhD"}

package/server/authentication/guards/auth-basic.strategy.js

@@ -20,6 +20,7 @@ const _passporthttp = require("passport-http");
 const _appconstants = require("../../app.constants");
 const _usermodel = require("../../applications/users/models/user.model");
 const _cacheservice = require("../../infrastructure/cache/services/cache.service");
+const _scope = require("../constants/scope");
 const _authmethod = require("../models/auth-method");
 function _ts_decorate(decorators, target, key, desc) {
     var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
@@ -35,7 +36,7 @@ let AuthBasicStrategy = class AuthBasicStrategy extends (0, _passport.PassportSt
         this.logger.assign({
             user: loginOrEmail
         });
-        const authBasicUser = `auth-webdav-${req.headers['authorization'].split(' ').at(-1).toLowerCase()}`;
+        const authBasicUser = `${this.CACHE_KEY_PREFIX}-${req.headers['authorization'].split(' ').at(-1).toLowerCase()}`;
         const userFromCache = await this.cache.get(authBasicUser);
         if (userFromCache === null) {
             // not authorized
@@ -43,9 +44,10 @@ let AuthBasicStrategy = class AuthBasicStrategy extends (0, _passport.PassportSt
         }
         if (userFromCache !== undefined) {
             // cached
+            // warning: plainToInstance do not use constructor to instantiate class
             return (0, _classtransformer.plainToInstance)(_usermodel.UserModel, userFromCache);
         }
-        const userFromDB = await this.authMethod.validateUser(loginOrEmail, password, req.ip);
+        const userFromDB = await this.authMethod.validateUser(loginOrEmail, password, req.ip, _scope.AUTH_SCOPE.WEBDAV);
         if (userFromDB !== null) {
             userFromDB.removePassword();
         }
@@ -54,17 +56,16 @@ let AuthBasicStrategy = class AuthBasicStrategy extends (0, _passport.PassportSt
                 '_'
             ]
         }) : null;
-        this.cache.set(authBasicUser, userToCache, AuthBasicStrategy.CACHE_TTL).catch((e)=>this.logger.error(`${this.validate.name} - ${e}`));
+        this.cache.set(authBasicUser, userToCache, this.CACHE_TTL).catch((e)=>this.logger.error(`${this.validate.name} - ${e}`));
         return userFromDB;
     }
     constructor(authMethod, cache, logger){
         super({
             passReqToCallback: true,
             realm: _appconstants.SERVER_NAME
-        }), this.authMethod = authMethod, this.cache = cache, this.logger = logger;
+        }), this.authMethod = authMethod, this.cache = cache, this.logger = logger, this.CACHE_TTL = 900, this.CACHE_KEY_PREFIX = 'auth-webdav';
     }
 };
-AuthBasicStrategy.CACHE_TTL = 900;
 AuthBasicStrategy = _ts_decorate([
     (0, _common.Injectable)(),
     _ts_metadata("design:type", Function),

package/server/authentication/guards/auth-basic.strategy.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../backend/src/authentication/guards/auth-basic.strategy.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { AbstractStrategy, PassportStrategy } from '@nestjs/passport'\nimport { instanceToPlain, plainToInstance } from 'class-transformer'\nimport { FastifyRequest } from 'fastify'\nimport { PinoLogger } from 'nestjs-pino'\nimport { BasicStrategy } from 'passport-http'\nimport { SERVER_NAME } from '../../app.constants'\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { Cache } from '../../infrastructure/cache/services/cache.service'\nimport { AuthMethod } from '../models/auth-method'\n\n@Injectable()\nexport class AuthBasicStrategy extends PassportStrategy(BasicStrategy, 'basic') implements AbstractStrategy {\n  static readonly CACHE_TTL = 900\n\n  constructor(\n    private readonly authMethod: AuthMethod,\n    private readonly cache: Cache,\n    private readonly logger: PinoLogger\n  ) {\n    super({ passReqToCallback: true, realm: SERVER_NAME })\n  }\n\n  async validate(req: FastifyRequest, loginOrEmail: string, password: string): Promise<Omit<UserModel, 'password'> | null> {\n    this.logger.assign({ user: loginOrEmail })\n    const authBasicUser = `auth-webdav-${req.headers['authorization'].split(' ').at(-1).toLowerCase()}`\n    const userFromCache: any = await this.cache.get(authBasicUser)\n    if (userFromCache === null) {\n      // not authorized\n      return null\n    }\n    if (userFromCache !== undefined) {\n      // cached\n      return plainToInstance(UserModel, userFromCache)\n    }\n    const userFromDB: UserModel = await this.authMethod.validateUser(loginOrEmail, password, req.ip)\n    if (userFromDB !== null) {\n      userFromDB.removePassword()\n    }\n    const userToCache: Record<string, any> | null = userFromDB ? instanceToPlain(userFromDB, { excludePrefixes: ['_'] }) : null\n    this.cache.set(authBasicUser, userToCache, AuthBasicStrategy.CACHE_TTL).catch((e: Error) => this.logger.error(`${this.validate.name} - ${e}`))\n    return userFromDB\n  }\n}\n"],"names":["AuthBasicStrategy","PassportStrategy","BasicStrategy","validate","req","loginOrEmail","password","logger","assign","user","authBasicUser","headers","split","at","toLowerCase","userFromCache","cache","get","undefined","plainToInstance","UserModel","userFromDB","authMethod","validateUser","ip","removePassword","userToCache","instanceToPlain","excludePrefixes","set","CACHE_TTL","catch","e","error","name","passReqToCallback","realm","SERVER_NAME"],"mappings":"AAAA;;;;CAIC;;;;+BAcYA;;;eAAAA;;;wBAZc;0BACwB;kCACF;4BAEtB;8BACG;8BACF;2BACF;8BACJ;4BACK;;;;;;;;;;AAGpB,IAAA,AAAMA,oBAAN,MAAMA,0BAA0BC,IAAAA,0BAAgB,EAACC,2BAAa,EAAE;IAWrE,MAAMC,SAASC,GAAmB,EAAEC,YAAoB,EAAEC,QAAgB,EAA+C;QACvH,IAAI,CAACC,MAAM,CAACC,MAAM,CAAC;YAAEC,MAAMJ;QAAa;QACxC,MAAMK,gBAAgB,CAAC,YAAY,EAAEN,IAAIO,OAAO,CAAC,gBAAgB,CAACC,KAAK,CAAC,KAAKC,EAAE,CAAC,CAAC,GAAGC,WAAW,IAAI;QACnG,MAAMC,gBAAqB,MAAM,IAAI,CAACC,KAAK,CAACC,GAAG,CAACP;QAChD,IAAIK,kBAAkB,MAAM;YAC1B,iBAAiB;YACjB,OAAO;QACT;QACA,IAAIA,kBAAkBG,WAAW;YAC/B,SAAS;YACT,OAAOC,IAAAA,iCAAe,EAACC,oBAAS,EAAEL;QACpC;QACA,MAAMM,aAAwB,MAAM,IAAI,CAACC,UAAU,CAACC,YAAY,CAAClB,cAAcC,UAAUF,IAAIoB,EAAE;QAC/F,IAAIH,eAAe,MAAM;YACvBA,WAAWI,cAAc;QAC3B;QACA,MAAMC,cAA0CL,aAAaM,IAAAA,iCAAe,EAACN,YAAY;YAAEO,iBAAiB;gBAAC;aAAI;QAAC,KAAK;QACvH,IAAI,CAACZ,KAAK,CAACa,GAAG,CAACnB,eAAegB,aAAa1B,kBAAkB8B,SAAS,EAAEC,KAAK,CAAC,CAACC,IAAa,IAAI,CAACzB,MAAM,CAAC0B,KAAK,CAAC,GAAG,IAAI,CAAC9B,QAAQ,CAAC+B,IAAI,CAAC,GAAG,EAAEF,GAAG;QAC5I,OAAOX;IACT;IA3BA,YACE,AAAiBC,UAAsB,EACvC,AAAiBN,KAAY,EAC7B,AAAiBT,MAAkB,CACnC;QACA,KAAK,CAAC;YAAE4B,mBAAmB;YAAMC,OAAOC,yBAAW;QAAC,SAJnCf,aAAAA,iBACAN,QAAAA,YACAT,SAAAA;IAGnB;AAsBF;AA/BaP,kBACK8B,YAAY"}
+{"version":3,"sources":["../../../../backend/src/authentication/guards/auth-basic.strategy.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { AbstractStrategy, PassportStrategy } from '@nestjs/passport'\nimport { instanceToPlain, plainToInstance } from 'class-transformer'\nimport { FastifyRequest } from 'fastify'\nimport { PinoLogger } from 'nestjs-pino'\nimport { BasicStrategy } from 'passport-http'\nimport { SERVER_NAME } from '../../app.constants'\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { Cache } from '../../infrastructure/cache/services/cache.service'\nimport { AUTH_SCOPE } from '../constants/scope'\nimport { AuthMethod } from '../models/auth-method'\n\n@Injectable()\nexport class AuthBasicStrategy extends PassportStrategy(BasicStrategy, 'basic') implements AbstractStrategy {\n  private readonly CACHE_TTL = 900\n  private readonly CACHE_KEY_PREFIX = 'auth-webdav'\n\n  constructor(\n    private readonly authMethod: AuthMethod,\n    private readonly cache: Cache,\n    private readonly logger: PinoLogger\n  ) {\n    super({ passReqToCallback: true, realm: SERVER_NAME })\n  }\n\n  async validate(req: FastifyRequest, loginOrEmail: string, password: string): Promise<Omit<UserModel, 'password'> | null> {\n    this.logger.assign({ user: loginOrEmail })\n    const authBasicUser = `${this.CACHE_KEY_PREFIX}-${req.headers['authorization'].split(' ').at(-1).toLowerCase()}`\n    const userFromCache: any = await this.cache.get(authBasicUser)\n    if (userFromCache === null) {\n      // not authorized\n      return null\n    }\n    if (userFromCache !== undefined) {\n      // cached\n      // warning: plainToInstance do not use constructor to instantiate class\n      return plainToInstance(UserModel, userFromCache)\n    }\n    const userFromDB: UserModel = await this.authMethod.validateUser(loginOrEmail, password, req.ip, AUTH_SCOPE.WEBDAV)\n    if (userFromDB !== null) {\n      userFromDB.removePassword()\n    }\n    const userToCache: Record<string, any> | null = userFromDB ? instanceToPlain(userFromDB, { excludePrefixes: ['_'] }) : null\n    this.cache.set(authBasicUser, userToCache, this.CACHE_TTL).catch((e: Error) => this.logger.error(`${this.validate.name} - ${e}`))\n    return userFromDB\n  }\n}\n"],"names":["AuthBasicStrategy","PassportStrategy","BasicStrategy","validate","req","loginOrEmail","password","logger","assign","user","authBasicUser","CACHE_KEY_PREFIX","headers","split","at","toLowerCase","userFromCache","cache","get","undefined","plainToInstance","UserModel","userFromDB","authMethod","validateUser","ip","AUTH_SCOPE","WEBDAV","removePassword","userToCache","instanceToPlain","excludePrefixes","set","CACHE_TTL","catch","e","error","name","passReqToCallback","realm","SERVER_NAME"],"mappings":"AAAA;;;;CAIC;;;;+BAeYA;;;eAAAA;;;wBAbc;0BACwB;kCACF;4BAEtB;8BACG;8BACF;2BACF;8BACJ;uBACK;4BACA;;;;;;;;;;AAGpB,IAAA,AAAMA,oBAAN,MAAMA,0BAA0BC,IAAAA,0BAAgB,EAACC,2BAAa,EAAE;IAYrE,MAAMC,SAASC,GAAmB,EAAEC,YAAoB,EAAEC,QAAgB,EAA+C;QACvH,IAAI,CAACC,MAAM,CAACC,MAAM,CAAC;YAAEC,MAAMJ;QAAa;QACxC,MAAMK,gBAAgB,GAAG,IAAI,CAACC,gBAAgB,CAAC,CAAC,EAAEP,IAAIQ,OAAO,CAAC,gBAAgB,CAACC,KAAK,CAAC,KAAKC,EAAE,CAAC,CAAC,GAAGC,WAAW,IAAI;QAChH,MAAMC,gBAAqB,MAAM,IAAI,CAACC,KAAK,CAACC,GAAG,CAACR;QAChD,IAAIM,kBAAkB,MAAM;YAC1B,iBAAiB;YACjB,OAAO;QACT;QACA,IAAIA,kBAAkBG,WAAW;YAC/B,SAAS;YACT,uEAAuE;YACvE,OAAOC,IAAAA,iCAAe,EAACC,oBAAS,EAAEL;QACpC;QACA,MAAMM,aAAwB,MAAM,IAAI,CAACC,UAAU,CAACC,YAAY,CAACnB,cAAcC,UAAUF,IAAIqB,EAAE,EAAEC,iBAAU,CAACC,MAAM;QAClH,IAAIL,eAAe,MAAM;YACvBA,WAAWM,cAAc;QAC3B;QACA,MAAMC,cAA0CP,aAAaQ,IAAAA,iCAAe,EAACR,YAAY;YAAES,iBAAiB;gBAAC;aAAI;QAAC,KAAK;QACvH,IAAI,CAACd,KAAK,CAACe,GAAG,CAACtB,eAAemB,aAAa,IAAI,CAACI,SAAS,EAAEC,KAAK,CAAC,CAACC,IAAa,IAAI,CAAC5B,MAAM,CAAC6B,KAAK,CAAC,GAAG,IAAI,CAACjC,QAAQ,CAACkC,IAAI,CAAC,GAAG,EAAEF,GAAG;QAC/H,OAAOb;IACT;IA5BA,YACE,AAAiBC,UAAsB,EACvC,AAAiBN,KAAY,EAC7B,AAAiBV,MAAkB,CACnC;QACA,KAAK,CAAC;YAAE+B,mBAAmB;YAAMC,OAAOC,yBAAW;QAAC,SAJnCjB,aAAAA,iBACAN,QAAAA,YACAV,SAAAA,aANF0B,YAAY,UACZtB,mBAAmB;IAQpC;AAuBF"}

package/server/authentication/guards/auth-token-access.strategy.js

@@ -17,6 +17,7 @@ const _passport = require("@nestjs/passport");
 const _nestjspino = require("nestjs-pino");
 const _passportjwt = require("passport-jwt");
 const _usermodel = require("../../applications/users/models/user.model");
+const _configenvironment = require("../../configuration/config.environment");
 const _tokeninterface = require("../interfaces/token.interface");
 const _authmanagerservice = require("../services/auth-manager.service");
 function _ts_decorate(decorators, target, key, desc) {
@@ -48,11 +49,11 @@ let AuthTokenAccessStrategy = class AuthTokenAccessStrategy extends (0, _passpor
                 AuthTokenAccessStrategy.extractJWTFromCookie,
                 _passportjwt.ExtractJwt.fromAuthHeaderAsBearerToken()
             ]),
-            secretOrKey: authManager.authConfig.token.access.secret,
+            secretOrKey: _configenvironment.configuration.auth.token.access.secret,
             ignoreExpiration: false,
             passReqToCallback: true
         }), this.authManager = authManager, this.logger = logger;
-        AuthTokenAccessStrategy.accessCookieName = authManager.authConfig.token.access.name;
+        AuthTokenAccessStrategy.accessCookieName = _configenvironment.configuration.auth.token.access.name;
     }
 };
 AuthTokenAccessStrategy = _ts_decorate([

package/server/authentication/guards/auth-token-access.strategy.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../backend/src/authentication/guards/auth-token-access.strategy.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { AbstractStrategy, PassportStrategy } from '@nestjs/passport'\nimport { FastifyRequest } from 'fastify'\nimport { PinoLogger } from 'nestjs-pino'\nimport { ExtractJwt, Strategy } from 'passport-jwt'\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { JwtPayload } from '../interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from '../interfaces/token.interface'\nimport { AuthManager } from '../services/auth-manager.service'\n\n@Injectable()\nexport class AuthTokenAccessStrategy extends PassportStrategy(Strategy, 'tokenAccess') implements AbstractStrategy {\n  private static accessCookieName: string\n\n  constructor(\n    private readonly authManager: AuthManager,\n    private readonly logger: PinoLogger\n  ) {\n    super({\n      jwtFromRequest: ExtractJwt.fromExtractors([AuthTokenAccessStrategy.extractJWTFromCookie, ExtractJwt.fromAuthHeaderAsBearerToken()]),\n      secretOrKey: authManager.authConfig.token.access.secret,\n      ignoreExpiration: false,\n      passReqToCallback: true\n    })\n    AuthTokenAccessStrategy.accessCookieName = authManager.authConfig.token.access.name\n  }\n\n  validate(req: FastifyRequest, jwtPayload: JwtPayload): UserModel {\n    this.logger.assign({ user: jwtPayload.identity.login })\n    this.authManager.csrfValidation(req, jwtPayload, TOKEN_TYPE.ACCESS)\n    return new UserModel(jwtPayload.identity)\n  }\n\n  static extractJWTFromCookie(req: FastifyRequest): string | null {\n    if (typeof req.cookies === 'object' && req.cookies[AuthTokenAccessStrategy.accessCookieName] !== undefined) {\n      return req.cookies[AuthTokenAccessStrategy.accessCookieName]\n    }\n    return null\n  }\n}\n"],"names":["AuthTokenAccessStrategy","PassportStrategy","Strategy","validate","req","jwtPayload","logger","assign","user","identity","login","authManager","csrfValidation","TOKEN_TYPE","ACCESS","UserModel","extractJWTFromCookie","cookies","accessCookieName","undefined","jwtFromRequest","ExtractJwt","fromExtractors","fromAuthHeaderAsBearerToken","secretOrKey","authConfig","token","access","secret","ignoreExpiration","passReqToCallback","name"],"mappings":"AAAA;;;;CAIC;;;;+BAaYA;;;eAAAA;;;wBAXc;0BACwB;4BAExB;6BACU;2BACX;gCAEC;oCACC;;;;;;;;;;AAGrB,IAAA,AAAMA,0BAAN,MAAMA,gCAAgCC,IAAAA,0BAAgB,EAACC,qBAAQ,EAAE;IAgBtEC,SAASC,GAAmB,EAAEC,UAAsB,EAAa;QAC/D,IAAI,CAACC,MAAM,CAACC,MAAM,CAAC;YAAEC,MAAMH,WAAWI,QAAQ,CAACC,KAAK;QAAC;QACrD,IAAI,CAACC,WAAW,CAACC,cAAc,CAACR,KAAKC,YAAYQ,0BAAU,CAACC,MAAM;QAClE,OAAO,IAAIC,oBAAS,CAACV,WAAWI,QAAQ;IAC1C;IAEA,OAAOO,qBAAqBZ,GAAmB,EAAiB;QAC9D,IAAI,OAAOA,IAAIa,OAAO,KAAK,YAAYb,IAAIa,OAAO,CAACjB,wBAAwBkB,gBAAgB,CAAC,KAAKC,WAAW;YAC1G,OAAOf,IAAIa,OAAO,CAACjB,wBAAwBkB,gBAAgB,CAAC;QAC9D;QACA,OAAO;IACT;IAxBA,YACE,AAAiBP,WAAwB,EACzC,AAAiBL,MAAkB,CACnC;QACA,KAAK,CAAC;YACJc,gBAAgBC,uBAAU,CAACC,cAAc,CAAC;gBAACtB,wBAAwBgB,oBAAoB;gBAAEK,uBAAU,CAACE,2BAA2B;aAAG;YAClIC,aAAab,YAAYc,UAAU,CAACC,KAAK,CAACC,MAAM,CAACC,MAAM;YACvDC,kBAAkB;YAClBC,mBAAmB;QACrB,SARiBnB,cAAAA,kBACAL,SAAAA;QAQjBN,wBAAwBkB,gBAAgB,GAAGP,YAAYc,UAAU,CAACC,KAAK,CAACC,MAAM,CAACI,IAAI;IACrF;AAcF"}
+{"version":3,"sources":["../../../../backend/src/authentication/guards/auth-token-access.strategy.ts"],"sourcesContent":["/*\n * Copyright (C) 2012-2025 Johan Legrand <johan.legrand@sync-in.com>\n * This file is part of Sync-in | The open source file sync and share solution\n * See the LICENSE file for licensing details\n */\n\nimport { Injectable } from '@nestjs/common'\nimport { AbstractStrategy, PassportStrategy } from '@nestjs/passport'\nimport { FastifyRequest } from 'fastify'\nimport { PinoLogger } from 'nestjs-pino'\nimport { ExtractJwt, Strategy } from 'passport-jwt'\nimport { UserModel } from '../../applications/users/models/user.model'\nimport { configuration } from '../../configuration/config.environment'\nimport { JwtPayload } from '../interfaces/jwt-payload.interface'\nimport { TOKEN_TYPE } from '../interfaces/token.interface'\nimport { AuthManager } from '../services/auth-manager.service'\n\n@Injectable()\nexport class AuthTokenAccessStrategy extends PassportStrategy(Strategy, 'tokenAccess') implements AbstractStrategy {\n  private static accessCookieName: string\n\n  constructor(\n    private readonly authManager: AuthManager,\n    private readonly logger: PinoLogger\n  ) {\n    super({\n      jwtFromRequest: ExtractJwt.fromExtractors([AuthTokenAccessStrategy.extractJWTFromCookie, ExtractJwt.fromAuthHeaderAsBearerToken()]),\n      secretOrKey: configuration.auth.token.access.secret,\n      ignoreExpiration: false,\n      passReqToCallback: true\n    })\n    AuthTokenAccessStrategy.accessCookieName = configuration.auth.token.access.name\n  }\n\n  validate(req: FastifyRequest, jwtPayload: JwtPayload): UserModel {\n    this.logger.assign({ user: jwtPayload.identity.login })\n    this.authManager.csrfValidation(req, jwtPayload, TOKEN_TYPE.ACCESS)\n    return new UserModel(jwtPayload.identity)\n  }\n\n  static extractJWTFromCookie(req: FastifyRequest): string | null {\n    if (typeof req.cookies === 'object' && req.cookies[AuthTokenAccessStrategy.accessCookieName] !== undefined) {\n      return req.cookies[AuthTokenAccessStrategy.accessCookieName]\n    }\n    return null\n  }\n}\n"],"names":["AuthTokenAccessStrategy","PassportStrategy","Strategy","validate","req","jwtPayload","logger","assign","user","identity","login","authManager","csrfValidation","TOKEN_TYPE","ACCESS","UserModel","extractJWTFromCookie","cookies","accessCookieName","undefined","jwtFromRequest","ExtractJwt","fromExtractors","fromAuthHeaderAsBearerToken","secretOrKey","configuration","auth","token","access","secret","ignoreExpiration","passReqToCallback","name"],"mappings":"AAAA;;;;CAIC;;;;+BAcYA;;;eAAAA;;;wBAZc;0BACwB;4BAExB;6BACU;2BACX;mCACI;gCAEH;oCACC;;;;;;;;;;AAGrB,IAAA,AAAMA,0BAAN,MAAMA,gCAAgCC,IAAAA,0BAAgB,EAACC,qBAAQ,EAAE;IAgBtEC,SAASC,GAAmB,EAAEC,UAAsB,EAAa;QAC/D,IAAI,CAACC,MAAM,CAACC,MAAM,CAAC;YAAEC,MAAMH,WAAWI,QAAQ,CAACC,KAAK;QAAC;QACrD,IAAI,CAACC,WAAW,CAACC,cAAc,CAACR,KAAKC,YAAYQ,0BAAU,CAACC,MAAM;QAClE,OAAO,IAAIC,oBAAS,CAACV,WAAWI,QAAQ;IAC1C;IAEA,OAAOO,qBAAqBZ,GAAmB,EAAiB;QAC9D,IAAI,OAAOA,IAAIa,OAAO,KAAK,YAAYb,IAAIa,OAAO,CAACjB,wBAAwBkB,gBAAgB,CAAC,KAAKC,WAAW;YAC1G,OAAOf,IAAIa,OAAO,CAACjB,wBAAwBkB,gBAAgB,CAAC;QAC9D;QACA,OAAO;IACT;IAxBA,YACE,AAAiBP,WAAwB,EACzC,AAAiBL,MAAkB,CACnC;QACA,KAAK,CAAC;YACJc,gBAAgBC,uBAAU,CAACC,cAAc,CAAC;gBAACtB,wBAAwBgB,oBAAoB;gBAAEK,uBAAU,CAACE,2BAA2B;aAAG;YAClIC,aAAaC,gCAAa,CAACC,IAAI,CAACC,KAAK,CAACC,MAAM,CAACC,MAAM;YACnDC,kBAAkB;YAClBC,mBAAmB;QACrB,SARiBpB,cAAAA,kBACAL,SAAAA;QAQjBN,wBAAwBkB,gBAAgB,GAAGO,gCAAa,CAACC,IAAI,CAACC,KAAK,CAACC,MAAM,CAACI,IAAI;IACjF;AAcF"}

package/server/authentication/guards/auth-token-refresh.strategy.js

@@ -17,6 +17,7 @@ const _passport = require("@nestjs/passport");
 const _nestjspino = require("nestjs-pino");
 const _passportjwt = require("passport-jwt");
 const _usermodel = require("../../applications/users/models/user.model");
+const _configenvironment = require("../../configuration/config.environment");
 const _tokeninterface = require("../interfaces/token.interface");
 const _authmanagerservice = require("../services/auth-manager.service");
 function _ts_decorate(decorators, target, key, desc) {
@@ -52,11 +53,11 @@ let AuthTokenRefreshStrategy = class AuthTokenRefreshStrategy extends (0, _passp
                 AuthTokenRefreshStrategy.extractJWTFromCookie,
                 _passportjwt.ExtractJwt.fromAuthHeaderAsBearerToken()
             ]),
-            secretOrKey: authManager.authConfig.token.refresh.secret,
+            secretOrKey: _configenvironment.configuration.auth.token.refresh.secret,
             ignoreExpiration: false,
             passReqToCallback: true
         }), this.authManager = authManager, this.logger = logger;
-        AuthTokenRefreshStrategy.refreshCookieName = authManager.authConfig.token.refresh.name;
+        AuthTokenRefreshStrategy.refreshCookieName = _configenvironment.configuration.auth.token.refresh.name;
     }
 };
 AuthTokenRefreshStrategy = _ts_decorate([