npm - @tstdl/base - Versions diffs - 0.93.178 → 0.93.180 - Mend

@tstdl/base 0.93.178 → 0.93.180

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (207) hide show

package/authentication/client/http-client.middleware.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { firstValueFrom, race, timeout as rxjsTimeout } from 'rxjs';
 import { HttpError } from '../../http/index.js';
+import { supportsCookies } from '../../supports.js';
 import { timeout } from '../../utils/timing.js';
 import { isDefined } from '../../utils/type-guards.js';
 import { cacheValueOrAsyncProvider } from '../../utils/value-or-provider.js';
@@ -9,9 +10,9 @@ import { dontWaitForValidToken } from '../authentication.api.js';
  * @param authenticationServiceOrProvider The authentication service or a provider for it.
  * @returns A http client middleware.
  */
-export function waitForAuthenticationCredentialsMiddleware(authenticationServiceOrProvider) {
+export function waitForAuthenticationMiddleware(authenticationServiceOrProvider) {
     const getAuthenticationService = cacheValueOrAsyncProvider(authenticationServiceOrProvider);
-    async function waitForAuthenticationCredentialsMiddleware({ request }, next) {
+    async function waitForAuthenticationMiddleware({ request }, next) {
         const endpoint = request.context?.endpoint;
         if ((endpoint?.credentials == true) && (endpoint.data?.[dontWaitForValidToken] != true)) {
             const authenticationService = await getAuthenticationService();
@@ -31,7 +32,7 @@ export function waitForAuthenticationCredentialsMiddleware(authenticationService
         }
         await next();
     }
-    return waitForAuthenticationCredentialsMiddleware;
+    return waitForAuthenticationMiddleware;
 }
 /**
  * A http client middleware that logs out the user if a request fails with a 401 Unauthorized error.
@@ -80,7 +81,7 @@ export function authenticationMiddleware(authenticationServiceOrProvider) {
             request.headers.setIfMissing('X-Impersonator-Refresh-Token', rawImpersonatorRefreshToken);
         }
         await next();
-        if (isDefined(context.response)) {
+        if (!supportsCookies && isDefined(context.response)) {
             const { response } = context;
             const responseToken = response.headers.tryGetSingle('X-Authorization');
             const responseRefreshToken = response.headers.tryGetSingle('X-Refresh-Token');

package/authentication/client/module.d.ts CHANGED Viewed

@@ -15,7 +15,7 @@ export type AuthenticationClientModuleConfig = {
      */
     initialAuthenticationData?: unknown;
     /**
-     * Whether to register the {@link waitForAuthenticationCredentialsMiddleware} for all http clients.
+     * Whether to register the {@link waitForAuthenticationMiddleware} for all http clients.
      *
      * @default false
      */

package/authentication/client/module.js CHANGED Viewed

@@ -2,7 +2,7 @@ import { HTTP_CLIENT_MIDDLEWARE } from '../../http/client/tokens.js';
 import { forwardRef, getCurrentInjector, Injector } from '../../injector/index.js';
 import { isDefined } from '../../utils/type-guards.js';
 import { AuthenticationClientService } from './authentication.service.js';
-import { authenticationMiddleware, logoutOnUnauthorizedMiddleware, waitForAuthenticationCredentialsMiddleware } from './http-client.middleware.js';
+import { authenticationMiddleware, logoutOnUnauthorizedMiddleware, waitForAuthenticationMiddleware } from './http-client.middleware.js';
 import { AUTHENTICATION_API_CLIENT, INITIAL_AUTHENTICATION_DATA } from './tokens.js';
 /**
  * Configures authentication client services.
@@ -20,7 +20,7 @@ export function configureAuthenticationClient(config, injector = getCurrentInjec
         (injector ?? Injector).register(HTTP_CLIENT_MIDDLEWARE, {
             useFactory(_, context) {
                 const authenticationService = context.resolve(forwardRef(() => AuthenticationClientService, 'object'));
-                return waitForAuthenticationCredentialsMiddleware(authenticationService);
+                return waitForAuthenticationMiddleware(authenticationService);
             },
         }, { multi: true });
         (injector ?? Injector).register(HTTP_CLIENT_MIDDLEWARE, {

package/authentication/errors/index.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export * from './~~secret~~-requirements.error.js';
1	+ export * from './password-requirements.error.js';

package/authentication/errors/index.js CHANGED Viewed

	@@ -1 +1 @@
1	- export * from './~~secret~~-requirements.error.js';
1	+ export * from './password-requirements.error.js';

package/authentication/errors/password-requirements.error.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { CustomError } from '../../errors/custom.error.js';
+export declare class PasswordRequirementsError extends CustomError {
+    static readonly errorName = "PasswordRequirementsError";
+    constructor(message?: string);
+}

package/authentication/errors/{secret-requirements.error.js → password-requirements.error.js} RENAMED Viewed

@@ -1,6 +1,6 @@
 import { CustomError } from '../../errors/custom.error.js';
-export class SecretRequirementsError extends CustomError {
-    static errorName = 'SecretRequirementsError';
+export class PasswordRequirementsError extends CustomError {
+    static errorName = 'PasswordRequirementsError';
     constructor(message = 'Secret requirements not met.') {
         super({ message });
     }

package/authentication/models/authentication-password.model.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { TenantEntity, type Uuid } from '../../orm/index.js';
+export declare class AuthenticationPassword extends TenantEntity {
+    subjectId: Uuid;
+    /** The salt used to hash the password. */
+    salt: Uint8Array<ArrayBuffer>;
+    /** The hashed password. */
+    hash: Uint8Array<ArrayBuffer>;
+}

package/authentication/models/{authentication-credentials.model.js → authentication-password.model.js} RENAMED Viewed

@@ -8,36 +8,30 @@ var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 import { Table, TenantEntity, TenantReference, Unique, UuidProperty } from '../../orm/index.js';
-import { Integer, Uint8ArrayProperty } from '../../schema/index.js';
+import { Uint8ArrayProperty } from '../../schema/index.js';
 import { Subject } from './subject.model.js';
-let AuthenticationCredentials = class AuthenticationCredentials extends TenantEntity {
+let AuthenticationPassword = class AuthenticationPassword extends TenantEntity {
     subjectId;
-    /** The version of the hash algorithm used. */
-    hashVersion;
-    /** The salt used to hash the secret. */
+    /** The salt used to hash the password. */
     salt;
-    /** The hashed secret. */
+    /** The hashed password. */
     hash;
 };
 __decorate([
     TenantReference(() => Subject),
     UuidProperty(),
     __metadata("design:type", String)
-], AuthenticationCredentials.prototype, "subjectId", void 0);
-__decorate([
-    Integer(),
-    __metadata("design:type", Number)
-], AuthenticationCredentials.prototype, "hashVersion", void 0);
+], AuthenticationPassword.prototype, "subjectId", void 0);
 __decorate([
     Uint8ArrayProperty(),
     __metadata("design:type", Uint8Array)
-], AuthenticationCredentials.prototype, "salt", void 0);
+], AuthenticationPassword.prototype, "salt", void 0);
 __decorate([
     Uint8ArrayProperty(),
     __metadata("design:type", Uint8Array)
-], AuthenticationCredentials.prototype, "hash", void 0);
-AuthenticationCredentials = __decorate([
-    Table('credentials', { schema: 'authentication' }),
+], AuthenticationPassword.prototype, "hash", void 0);
+AuthenticationPassword = __decorate([
+    Table('password', { schema: 'authentication' }),
     Unique(['tenantId', 'subjectId'])
-], AuthenticationCredentials);
-export { AuthenticationCredentials };
+], AuthenticationPassword);
+export { AuthenticationPassword };

package/authentication/models/authentication-session.model.d.ts CHANGED Viewed

@@ -4,8 +4,6 @@ export declare class AuthenticationSession extends TenantEntity {
     subjectId: Uuid;
     begin: Timestamp;
     end: Timestamp;
-    /** The version of the hash algorithm used. */
-    refreshTokenHashVersion: number;
     /** The salt used to hash the refresh token. */
     refreshTokenSalt: Uint8Array<ArrayBuffer>;
     /** The hashed refresh token. */

package/authentication/models/authentication-session.model.js CHANGED Viewed

@@ -8,14 +8,12 @@ var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
 import { Table, TenantEntity, TenantReference, TimestampProperty, UuidProperty } from '../../orm/index.js';
-import { Integer, Uint8ArrayProperty } from '../../schema/index.js';
+import { Uint8ArrayProperty } from '../../schema/index.js';
 import { Subject } from './subject.model.js';
 let AuthenticationSession = class AuthenticationSession extends TenantEntity {
     subjectId;
     begin;
     end;
-    /** The version of the hash algorithm used. */
-    refreshTokenHashVersion;
     /** The salt used to hash the refresh token. */
     refreshTokenSalt;
     /** The hashed refresh token. */
@@ -34,10 +32,6 @@ __decorate([
     TimestampProperty(),
     __metadata("design:type", Number)
 ], AuthenticationSession.prototype, "end", void 0);
-__decorate([
-    Integer(),
-    __metadata("design:type", Number)
-], AuthenticationSession.prototype, "refreshTokenHashVersion", void 0);
 __decorate([
     Uint8ArrayProperty(),
     __metadata("design:type", Uint8Array)

package/authentication/models/authentication-totp-recovery-code.model.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { TenantEntity, type Uuid } from '../../orm/index.js';
+export declare class AuthenticationTotpRecoveryCode extends TenantEntity {
+    totpId: Uuid;
+    code: Uint8Array<ArrayBuffer>;
+    usedTimestamp: Date | null;
+}

package/authentication/models/authentication-totp-recovery-code.model.js ADDED Viewed

@@ -0,0 +1,34 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { Table, TenantEntity, TenantReference, TimestampProperty, UuidProperty } from '../../orm/index.js';
+import { Uint8ArrayProperty } from '../../schema/index.js';
+import { AuthenticationTotp } from './authentication-totp.model.js';
+let AuthenticationTotpRecoveryCode = class AuthenticationTotpRecoveryCode extends TenantEntity {
+    totpId;
+    code;
+    usedTimestamp;
+};
+__decorate([
+    TenantReference(() => AuthenticationTotp),
+    UuidProperty(),
+    __metadata("design:type", String)
+], AuthenticationTotpRecoveryCode.prototype, "totpId", void 0);
+__decorate([
+    Uint8ArrayProperty(),
+    __metadata("design:type", Uint8Array)
+], AuthenticationTotpRecoveryCode.prototype, "code", void 0);
+__decorate([
+    TimestampProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], AuthenticationTotpRecoveryCode.prototype, "usedTimestamp", void 0);
+AuthenticationTotpRecoveryCode = __decorate([
+    Table('totp_recovery_code', { schema: 'authentication' })
+], AuthenticationTotpRecoveryCode);
+export { AuthenticationTotpRecoveryCode };

package/authentication/models/authentication-totp.model.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import { type EnumType } from '../../enumeration/enumeration.js';
+import { TenantEntity, type Uuid } from '../../orm/index.js';
+import type { Encrypted } from '../../orm/types.js';
+/**
+ * Status of a TOTP enrollment.
+ */
+export declare const TotpStatus: {
+    /** Enrollment initiated, awaiting verification. */
+    readonly Pending: "pending";
+    /** Enrollment complete and TOTP active. */
+    readonly Active: "active";
+};
+export type TotpStatus = EnumType<typeof TotpStatus>;
+export declare class AuthenticationTotp extends TenantEntity {
+    subjectId: Uuid;
+    secret: Encrypted<Uint8Array<ArrayBuffer>>;
+    recoveryCodeSalt: Uint8Array<ArrayBuffer>;
+    status: TotpStatus;
+}

package/authentication/models/authentication-totp.model.js ADDED Viewed

@@ -0,0 +1,51 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { defineEnum } from '../../enumeration/enumeration.js';
+import { EncryptedProperty, Table, TenantEntity, TenantReference, Unique, UuidProperty } from '../../orm/index.js';
+import { Enumeration, Uint8ArrayProperty } from '../../schema/index.js';
+import { Subject } from './subject.model.js';
+/**
+ * Status of a TOTP enrollment.
+ */
+export const TotpStatus = defineEnum('TotpStatus', {
+    /** Enrollment initiated, awaiting verification. */
+    Pending: 'pending',
+    /** Enrollment complete and TOTP active. */
+    Active: 'active',
+});
+let AuthenticationTotp = class AuthenticationTotp extends TenantEntity {
+    subjectId;
+    secret;
+    recoveryCodeSalt;
+    status;
+};
+__decorate([
+    TenantReference(() => Subject),
+    UuidProperty(),
+    __metadata("design:type", String)
+], AuthenticationTotp.prototype, "subjectId", void 0);
+__decorate([
+    EncryptedProperty(),
+    Uint8ArrayProperty(),
+    __metadata("design:type", Object)
+], AuthenticationTotp.prototype, "secret", void 0);
+__decorate([
+    Uint8ArrayProperty(),
+    __metadata("design:type", Uint8Array)
+], AuthenticationTotp.prototype, "recoveryCodeSalt", void 0);
+__decorate([
+    Enumeration(TotpStatus),
+    __metadata("design:type", String)
+], AuthenticationTotp.prototype, "status", void 0);
+AuthenticationTotp = __decorate([
+    Table('totp', { schema: 'authentication' }),
+    Unique(['tenantId', 'subjectId'])
+], AuthenticationTotp);
+export { AuthenticationTotp };

package/authentication/models/authentication-used-totp-token.model.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { TenantEntity, type Uuid } from '../../orm/index.js';
+export declare class AuthenticationUsedTotpToken extends TenantEntity {
+    subjectId: Uuid;
+    token: string;
+}

package/authentication/models/authentication-used-totp-token.model.js ADDED Viewed

@@ -0,0 +1,32 @@
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+import { Table, TenantEntity, TenantReference, TimeToLive, Unique, UuidProperty } from '../../orm/index.js';
+import { StringProperty } from '../../schema/index.js';
+import { millisecondsPerMinute } from '../../utils/units.js';
+import { Subject } from './subject.model.js';
+let AuthenticationUsedTotpToken = class AuthenticationUsedTotpToken extends TenantEntity {
+    subjectId;
+    token;
+};
+__decorate([
+    TenantReference(() => Subject),
+    UuidProperty(),
+    __metadata("design:type", String)
+], AuthenticationUsedTotpToken.prototype, "subjectId", void 0);
+__decorate([
+    StringProperty(),
+    __metadata("design:type", String)
+], AuthenticationUsedTotpToken.prototype, "token", void 0);
+AuthenticationUsedTotpToken = __decorate([
+    Table('used_totp_tokens', { schema: 'authentication' }),
+    Unique(['tenantId', 'subjectId', 'token']),
+    TimeToLive(5 * millisecondsPerMinute, 'hard') // 5 minutes
+], AuthenticationUsedTotpToken);
+export { AuthenticationUsedTotpToken };

package/authentication/models/index.d.ts CHANGED Viewed

@@ -1,7 +1,10 @@
-export * from './authentication-credentials.model.js';
+export * from './authentication-password.model.js';
 export * from './authentication-session.model.js';
-export * from './init-secret-reset-data.model.js';
-export * from './secret-check-result.model.js';
+export * from './authentication-totp-recovery-code.model.js';
+export * from './authentication-totp.model.js';
+export * from './authentication-used-totp-token.model.js';
+export * from './init-password-reset-data.model.js';
+export * from './password-check-result.model.js';
 export * from './service-account.model.js';
 export * from './subject.model.js';
 export * from './system-account.model.js';

package/authentication/models/index.js CHANGED Viewed

@@ -1,7 +1,10 @@
-export * from './authentication-credentials.model.js';
+export * from './authentication-password.model.js';
 export * from './authentication-session.model.js';
-export * from './init-secret-reset-data.model.js';
-export * from './secret-check-result.model.js';
+export * from './authentication-totp-recovery-code.model.js';
+export * from './authentication-totp.model.js';
+export * from './authentication-used-totp-token.model.js';
+export * from './init-password-reset-data.model.js';
+export * from './password-check-result.model.js';
 export * from './service-account.model.js';
 export * from './subject.model.js';
 export * from './system-account.model.js';

package/authentication/models/{init-secret-reset-data.model.d.ts → init-password-reset-data.model.d.ts} RENAMED Viewed

@@ -1,14 +1,14 @@
 /**
- * Data for initializing a secret reset.
+ * Data for initializing a password reset.
  */
-export declare class InitSecretResetData {
+export declare class InitPasswordResetData {
     /**
      * The subject for which to reset the secret.
      * Note: The existence of the subject is not checked to avoid data leaks.
      */
     subject: string;
     /**
-     * The secret reset token.
+     * The password reset token.
      */
     token: string;
 }

package/authentication/models/{init-secret-reset-data.model.js → init-password-reset-data.model.js} RENAMED Viewed

@@ -9,24 +9,24 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 };
 import { StringProperty } from '../../schema/index.js';
 /**
- * Data for initializing a secret reset.
+ * Data for initializing a password reset.
  */
-export class InitSecretResetData {
+export class InitPasswordResetData {
     /**
      * The subject for which to reset the secret.
      * Note: The existence of the subject is not checked to avoid data leaks.
      */
     subject;
     /**
-     * The secret reset token.
+     * The password reset token.
      */
     token;
 }
 __decorate([
     StringProperty(),
     __metadata("design:type", String)
-], InitSecretResetData.prototype, "subject", void 0);
+], InitPasswordResetData.prototype, "subject", void 0);
 __decorate([
     StringProperty(),
     __metadata("design:type", String)
-], InitSecretResetData.prototype, "token", void 0);
+], InitPasswordResetData.prototype, "token", void 0);

package/authentication/models/password-check-result.model.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { PasswordCheckResult as BasePasswordCheckResult } from '../../password/password-check-result.model.js';
+export declare class PasswordCheckResult extends BasePasswordCheckResult {
+}

package/authentication/models/{secret-check-result.model.js → password-check-result.model.js} RENAMED Viewed

@@ -4,11 +4,11 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
     else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
     return c > 3 && r && Object.defineProperty(target, key, r), r;
 };
-import { PasswordCheckResult } from '../../password/password-check-result.model.js';
-import { Class } from '../../schema/decorators/class.js';
-let SecretCheckResult = class SecretCheckResult extends PasswordCheckResult {
+import { PasswordCheckResult as BasePasswordCheckResult } from '../../password/password-check-result.model.js';
+import { Class } from '../../schema/index.js';
+let PasswordCheckResult = class PasswordCheckResult extends BasePasswordCheckResult {
 };
-SecretCheckResult = __decorate([
+PasswordCheckResult = __decorate([
     Class()
-], SecretCheckResult);
-export { SecretCheckResult };
+], PasswordCheckResult);
+export { PasswordCheckResult };

package/authentication/models/subject.model.d.ts CHANGED Viewed

@@ -13,14 +13,8 @@ export type SubjectType = EnumType<typeof SubjectType>;
 export declare const SubjectStatus: {
     /** Subject is active and can perform actions. */
     readonly Active: "active";
-    /** Subject is inactive and cannot perform actions. Usually set by the user or a default state. */
-    readonly Inactive: "inactive";
     /** Subject is suspended and cannot perform actions. Usually set by an administrator for security or policy reasons. */
     readonly Suspended: "suspended";
-    /** Subject is pending approval from an administrator. */
-    readonly PendingApproval: "pending-approval";
-    /** Subject has been invited but has not yet accepted or completed setup. */
-    readonly Invited: "invited";
 };
 export type SubjectStatus = EnumType<typeof SubjectStatus>;
 export declare class Subject extends TenantEntity {

package/authentication/models/subject.model.js CHANGED Viewed

@@ -25,14 +25,8 @@ export const SubjectType = defineEnum('SubjectType', {
 export const SubjectStatus = defineEnum('SubjectStatus', {
     /** Subject is active and can perform actions. */
     Active: 'active',
-    /** Subject is inactive and cannot perform actions. Usually set by the user or a default state. */
-    Inactive: 'inactive',
     /** Subject is suspended and cannot perform actions. Usually set by an administrator for security or policy reasons. */
     Suspended: 'suspended',
-    /** Subject is pending approval from an administrator. */
-    PendingApproval: 'pending-approval',
-    /** Subject has been invited but has not yet accepted or completed setup. */
-    Invited: 'invited',
 });
 let Subject = class Subject extends TenantEntity {
     type;

package/authentication/models/token.model.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
+import type { JwtToken, JwtTokenHeader } from '../../cryptography/index.js';
 import type { Record } from '../../types/index.js';
-import type { JwtToken, JwtTokenHeader } from '../../utils/jwt.js';
 import type { TokenPayloadBase } from './token-payload-base.model.js';
 export type TokenHeader = {
     /** Token version. */
@@ -31,7 +31,7 @@ export type RefreshToken = JwtToken<{
     /** The secret to use for refreshing the token. */
     secret: string;
 }>;
-export type SecretResetToken = JwtToken<{
+export type PasswordResetToken = JwtToken<{
     /** Issued at timestamp in seconds. */
     iat: number;
     /** Expiration timestamp in seconds. */
@@ -41,3 +41,17 @@ export type SecretResetToken = JwtToken<{
     /** The subject for which to reset the secret. */
     subject: string;
 }>;
+export type TotpChallengeToken<AuthenticationData = unknown> = JwtToken<{
+    /** Issued at timestamp in seconds. */
+    iat: number;
+    /** Expiration timestamp in seconds. */
+    exp: number;
+    /** The tenant id. */
+    tenant: string;
+    /** The subject. */
+    subject: string;
+    /** Whether to remember the session. */
+    remember: boolean;
+    /** Additional authentication data. */
+    data: AuthenticationData;
+}>;

package/authentication/server/authentication-ancillary.service.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import { type EnumType } from '../../enumeration/enumeration.js';
 import type { Record } from '../../types/index.js';
 import { Subject, type TokenPayload } from '../models/index.js';
-import type { InitSecretResetData } from '../models/init-secret-reset-data.model.js';
+import type { InitPasswordResetData } from '../models/init-password-reset-data.model.js';
 import type { SubjectInput } from '../types.js';
 export declare const GetTokenPayloadContextAction: {
     readonly GetToken: "get-token";
@@ -19,9 +19,9 @@ export type GetTokenPayloadContext = {
  *
  * @param AdditionalTokenPayload Type of additional token payload
  * @param AuthenticationData Type of additional authentication data
- * @param AdditionalInitSecretResetData Type of additional secret reset data
+ * @param AdditionalInitPasswordResetData Type of additional password reset data
  */
-export declare abstract class AuthenticationAncillaryService<AdditionalTokenPayload extends Record = Record<never>, AuthenticationData = void, AdditionalInitSecretResetData = void> {
+export declare abstract class AuthenticationAncillaryService<AdditionalTokenPayload extends Record = Record<never>, AuthenticationData = void, AdditionalInitPasswordResetData = void> {
     readonly subjectRepository: import("../../orm/server/repository.js").EntityRepository<Subject>;
     /**
      * Resolve a provided subject (like what was entered into login form) to all matching actual subjects.
@@ -42,10 +42,10 @@ export declare abstract class AuthenticationAncillaryService<AdditionalTokenPayl
      */
     abstract getTokenPayload(subject: Subject, authenticationData: AuthenticationData, context: GetTokenPayloadContext): AdditionalTokenPayload | Promise<AdditionalTokenPayload>;
     /**
-     * Handle the initialization of a secret reset.
-     * @param data Data for initializing the secret reset.
+     * Handle the initialization of a password reset.
+     * @param data Data for initializing the password reset.
      */
-    abstract handleInitSecretReset(data: InitSecretResetData & AdditionalInitSecretResetData): void | Promise<void>;
+    abstract handleInitPasswordReset(data: InitPasswordResetData & AdditionalInitPasswordResetData): void | Promise<void>;
     /**
      * Check if token is allowed to impersonate subject.
      * @param token Token which tries to impersonate.

package/authentication/server/authentication-ancillary.service.js CHANGED Viewed

@@ -10,7 +10,7 @@ export const GetTokenPayloadContextAction = defineEnum('GetTokenPayloadContextAc
  *
  * @param AdditionalTokenPayload Type of additional token payload
  * @param AuthenticationData Type of additional authentication data
- * @param AdditionalInitSecretResetData Type of additional secret reset data
+ * @param AdditionalInitPasswordResetData Type of additional password reset data
  */
 export class AuthenticationAncillaryService {
     subjectRepository = injectRepository(Subject);

package/authentication/server/authentication-password-requirements.validator.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+import type { PasswordCheckResult } from '../models/password-check-result.model.js';
+export type PasswordTestResult = {
+    success: true;
+    reason?: undefined;
+} | {
+    success: false;
+    reason: string;
+};
+export declare abstract class AuthenticationPasswordRequirementsValidator {
+    /**
+     * Checks the password against the requirements.
+     * @param password The password to check.
+     * @returns The result of the check.
+     */
+    abstract checkPasswordRequirements(password: string): Promise<PasswordCheckResult>;
+    /**
+     * Tests the password against the requirements.
+     * @param password The password to test.
+     * @returns The result of the test.
+     */
+    abstract testPasswordRequirements(password: string): Promise<PasswordTestResult>;
+    /**
+     * Validates the password against the requirements. Throws an error if the requirements are not met.
+     * @param password The password to validate.
+     * @throws {PasswordRequirementsError} If the password does not meet the requirements.
+     */
+    abstract validatePasswordRequirements(password: string): Promise<void>;
+}
+/**
+ * Default validator for password requirements.
+ *
+ * Checks for pwned passwords and password strength.
+ * - Pwned passwords are not allowed.
+ * - Password strength must be at least 'medium'.
+ */
+export declare class DefaultAuthenticationPasswordRequirementsValidator extends AuthenticationPasswordRequirementsValidator {
+    /**
+     * Checks the password against the requirements.
+     * @param password The password to check.
+     * @returns The result of the check.
+     */
+    checkPasswordRequirements(password: string): Promise<PasswordCheckResult>;
+    /**
+     * Tests the password against the requirements.
+     * @param password The password to test.
+     * @returns The result of the test.
+     */
+    testPasswordRequirements(password: string): Promise<PasswordTestResult>;
+    /**
+     * Validates the password against the requirements. Throws an error if the requirements are not met.
+     * @param password The password to validate.
+     * @throws {PasswordRequirementsError} If the password does not meet the requirements.
+     */
+    validatePasswordRequirements(password: string): Promise<void>;
+}