@tstdl/base 0.93.178 → 0.93.180

package/authentication/server/authentication.service.js

@@ -8,38 +8,27 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 var AuthenticationService_1;
 import { ActorType, Auditor, AuditOutcome } from '../../audit/index.js';
 import { NIL_UUID } from '../../constants.js';
-import { ForbiddenError } from '../../errors/forbidden.error.js';
-import { InvalidCredentialsError } from '../../errors/index.js';
-import { InvalidTokenError } from '../../errors/invalid-token.error.js';
-import { NotFoundError } from '../../errors/not-found.error.js';
-import { NotImplementedError } from '../../errors/not-implemented.error.js';
-import { afterResolve, inject, provide, Singleton } from '../../injector/index.js';
-import { KeyValueStore } from '../../key-value-store/key-value.store.js';
+import { createJwtTokenString, deriveBytes, encodeTotpSecret, generateTotpRecoveryCodes, generateTotpSecret, generateTotpUri, hashTotpRecoveryCode, importHmacKey, importKey, injectDerivedCryptoKey, parseAndValidateJwtTokenString, verifyTotpRecoveryCode, verifyTotpToken } from '../../cryptography/index.js';
+import { ForbiddenError, InvalidCredentialsError, InvalidTokenError, NotFoundError, NotImplementedError } from '../../errors/index.js';
+import { inject, provide, Singleton } from '../../injector/index.js';
 import { Logger } from '../../logger/logger.js';
 import { TRANSACTION_TIMESTAMP } from '../../orm/index.js';
 import { DatabaseConfig, injectRepository } from '../../orm/server/index.js';
 import { Alphabet } from '../../utils/alphabet.js';
 import { asyncHook } from '../../utils/async-hook/async-hook.js';
-import { decodeBase64, encodeBase64 } from '../../utils/base64.js';
-import { deriveBytesMultiple, importPbkdf2Key } from '../../utils/cryptography.js';
-import { currentTimestamp, timestampToTimestampSeconds } from '../../utils/date-time.js';
+import { currentTimestamp, currentTimestampSeconds, timestampToTimestampSeconds } from '../../utils/date-time.js';
+import { encodeUtf8 } from '../../utils/encoding.js';
 import { timingSafeBinaryEquals } from '../../utils/equals.js';
-import { createJwtTokenString } from '../../utils/jwt.js';
 import { isUuid } from '../../utils/patterns.js';
 import { getRandomBytes, getRandomString } from '../../utils/random.js';
-import { isBinaryData, isDefined, isString, isUndefined } from '../../utils/type-guards.js';
+import { isDefined, isString, isUndefined } from '../../utils/type-guards.js';
 import { millisecondsPerDay, millisecondsPerHour, millisecondsPerMinute } from '../../utils/units.js';
-import { AuthenticationCredentials, AuthenticationSession, Subject, User } from '../models/index.js';
+import { AuthenticationPassword, AuthenticationSession, AuthenticationTotp, AuthenticationTotpRecoveryCode, AuthenticationUsedTotpToken, Subject, SubjectStatus, TotpStatus, User } from '../models/index.js';
 import { AuthenticationAncillaryService, GetTokenPayloadContextAction } from './authentication-ancillary.service.js';
-import { AuthenticationSecretRequirementsValidator } from './authentication-secret-requirements.validator.js';
-import { getRefreshTokenFromString, getSecretResetTokenFromString, getTokenFromString } from './helper.js';
+import { AuthenticationPasswordRequirementsValidator } from './authentication-password-requirements.validator.js';
+import { getPasswordResetTokenFromString, getRefreshTokenFromString, getTokenFromString } from './helper.js';
 import { AuthenticationModuleConfig } from './module.js';
 export class AuthenticationServiceOptions {
-    /**
-     * Secrets used for signing tokens and refreshTokens.
-     * If single secret is provided, multiple secrets are derived internally.
-     */
-    secret;
     /**
      * Token version, forces refresh on mismatch (useful if payload changes).
      *
@@ -65,112 +54,114 @@ export class AuthenticationServiceOptions {
      */
     rememberRefreshTokenTimeToLive;
     /**
-     * How long a secret reset token is valid in milliseconds.
+     * How long a password reset token is valid in milliseconds.
      *
      * @default 10 minutes
      */
-    secretResetTokenTimeToLive;
+    passwordResetTokenTimeToLive;
     /**
-     * Number of iterations for password hashing.
+     * How long a TOTP challenge token is valid in milliseconds.
      *
-     * @default 250000
+     * @default 5 minutes
      */
-    hashIterations;
+    totpChallengeTokenTimeToLive;
     /**
-     * Number of iterations for signing secrets derivation.
-     *
-     * @default 500000
+     * Options for brute force protection.
      */
-    signingSecretsDerivationIterations;
+    bruteForceProtection;
+    /**
+     * TOTP issuer name.
+     */
+    totpIssuer;
+    /**
+     * Options for password hashing.
+     */
+    passwordHashing;
+    /**
+     * Options for TOTP.
+     */
+    totp;
 }
-const HASH_ITERATIONS = 250000;
 const HASH_LENGTH_BITS = 512;
 const HASH_LENGTH_BYTES = HASH_LENGTH_BITS / 8;
 const JWT_ID_LENGTH = 24;
 const REFRESH_TOKEN_SECRET_LENGTH = 64;
 const SALT_LENGTH = 32;
-const SIGNING_SECRETS_DERIVATION_ITERATIONS = 500000;
-const SIGNING_SECRETS_LENGTH = 64;
+export const DEFAULT_TOTP_OPTIONS = {
+    codeHashAlgorithm: 'SHA-512',
+    recoveryCodeHashOptions: {
+        algorithm: {
+            name: 'Argon2id',
+            memory: 128 * 1024, // 128 MiB
+            parallelism: 4,
+            passes: 3,
+        },
+        length: 64,
+    },
+};
+const timingSafeFallbackPassword = { salt: new Uint8Array(SALT_LENGTH), hash: new Uint8Array(HASH_LENGTH_BYTES) };
 /**
  * Handles authentication on server side.
  *
- * Can be used to:
- * - Set credentials
- * - Authenticate
- * - Get token
- * - End session
- * - Refresh token
- * - Impersonate/unimpersonate
- * - Reset secret
- * - Check secret
- *
  * @template AdditionalTokenPayload Type of additional token payload
  * @template AuthenticationData Type of additional authentication data
- * @template AdditionalInitSecretResetData Type of additional secret reset data
+ * @template AdditionalInitPasswordResetData Type of additional password reset data
  */
 let AuthenticationService = AuthenticationService_1 = class AuthenticationService {
-    #credentialsRepository = injectRepository(AuthenticationCredentials);
+    #passwordRepository = injectRepository(AuthenticationPassword);
     #sessionRepository = injectRepository(AuthenticationSession);
     #subjectRepository = injectRepository(Subject);
     #userRepository = injectRepository(User);
-    #authenticationSecretRequirementsValidator = inject(AuthenticationSecretRequirementsValidator);
+    #totpRepository = injectRepository(AuthenticationTotp);
+    #totpRecoveryCodeRepository = injectRepository(AuthenticationTotpRecoveryCode);
+    #usedTotpTokenRepository = injectRepository(AuthenticationUsedTotpToken);
+    #authenticationPasswordRequirementsValidator = inject(AuthenticationPasswordRequirementsValidator);
     #authenticationAncillaryService = inject(AuthenticationAncillaryService, undefined, { optional: true });
-    #keyValueStore = inject((KeyValueStore), 'authentication');
-    #options = inject(AuthenticationServiceOptions);
+    #options = inject(AuthenticationServiceOptions, undefined, { optional: true }) ?? {};
     #logger = inject(Logger, 'Authentication');
+    #tokenSigningKey = injectDerivedCryptoKey('authentication:token-signing', { name: 'KMAC256' }, ['sign', 'verify']);
+    #refreshTokenSigningKey = injectDerivedCryptoKey('authentication:refresh-token-signing', { name: 'KMAC256' }, ['sign', 'verify']);
+    #passwordResetTokenSigningKey = injectDerivedCryptoKey('authentication:password-reset-token-signing', { name: 'KMAC256' }, ['sign', 'verify']);
+    #totpChallengeSigningKey = injectDerivedCryptoKey('authentication:totp-challenge-signing', { name: 'KMAC256' }, ['sign', 'verify']);
     hooks = {
         beforeLogin: asyncHook(),
         afterLogin: asyncHook(),
-        beforeChangeSecret: asyncHook(),
-        afterChangeSecret: asyncHook(),
+        beforeChangePassword: asyncHook(),
+        afterChangePassword: asyncHook(),
     };
     tokenVersion = this.#options.version ?? 1;
     tokenTimeToLive = this.#options.tokenTimeToLive ?? (5 * millisecondsPerMinute);
     refreshTokenTimeToLive = this.#options.refreshTokenTimeToLive ?? (6 * millisecondsPerHour);
     rememberRefreshTokenTimeToLive = this.#options.rememberRefreshTokenTimeToLive ?? (30 * millisecondsPerDay);
-    secretResetTokenTimeToLive = this.#options.secretResetTokenTimeToLive ?? (10 * millisecondsPerMinute);
-    derivedTokenSigningSecret;
-    derivedRefreshTokenSigningSecret;
-    derivedSecretResetTokenSigningSecret;
-    /** @internal */
-    async [afterResolve]() {
-        await this.initialize();
-    }
-    /**
-     * Initializes the service.
-     * Derives signing secrets if necessary.
-     *
-     * @internal
-     */
-    async initialize() {
-        if (isString(this.#options.secret) || isBinaryData(this.#options.secret)) {
-            await this.deriveSigningSecrets(this.#options.secret);
-        }
-        else {
-            this.derivedTokenSigningSecret = this.#options.secret.tokenSigningSecret;
-            this.derivedRefreshTokenSigningSecret = this.#options.secret.refreshTokenSigningSecret;
-            this.derivedSecretResetTokenSigningSecret = this.#options.secret.secretResetTokenSigningSecret;
-        }
+    passwordResetTokenTimeToLive = this.#options.passwordResetTokenTimeToLive ?? (10 * millisecondsPerMinute);
+    totpOptions = this.#options.totp ?? DEFAULT_TOTP_OPTIONS;
+    hashDeriveOptions = this.#options.passwordHashing?.algorithm ?? {
+        name: 'Argon2id',
+        memory: 128 * 1024, // 128 MiB
+        parallelism: 4,
+        passes: 3,
+    };
+    getTotpOptions() {
+        return this.totpOptions;
     }
     /**
-     * Sets the credentials for a subject.
-     * This method should not be exposed to the public API without an authenticated current password or secret reset token check.
-     * @param subject The subject to set the credentials for.
-     * @param secret The secret to set.
-     * @param options Options for setting the credentials.
+     * Sets the password for a subject.
+     * This method should not be exposed to the public API without an authenticated current password or password reset token check.
+     * @param subject The subject to set the password for.
+     * @param password The password to set.
+     * @param options Options for setting the password.
      */
-    async setCredentials(subject, secret, options) {
-        // We do not need to avoid information leakage here, as this is a non-public method that is only called by a public api if the secret reset token is valid.
+    async setPassword(subject, password, options) {
+        // We do not need to avoid information leakage here, as this is a non-public method that is only called by a public api if the password reset token is valid.
         if (options?.skipValidation != true) {
-            await this.#authenticationSecretRequirementsValidator.validateSecretRequirements(secret);
+            await this.#authenticationPasswordRequirementsValidator.validatePasswordRequirements(password);
         }
         const salt = getRandomBytes(SALT_LENGTH);
-        const hash = await this.getHash(secret, salt);
-        await this.#credentialsRepository.transaction(async (tx) => {
-            await this.#credentialsRepository.withTransaction(tx).upsert(['tenantId', 'subjectId'], {
+        const hash = await this.getHash(password, salt);
+        await this.#passwordRepository.transaction(async (tx) => {
+            await this.#passwordRepository.withTransaction(tx).upsert(['tenantId', 'subjectId'], {
                 tenantId: subject.tenantId,
                 subjectId: subject.id,
-                hashVersion: 1,
                 salt,
                 hash,
             });
@@ -180,28 +171,39 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         });
     }
     /**
-     * Authenticates a subject with a secret.
+     * Authenticates a subject with a password.
      * @param subject The subject to authenticate.
-     * @param secret The secret to authenticate with.
+     * @param password The password to authenticate with.
      * @returns The result of the authentication.
      */
-    async authenticate(subject, secret) {
+    async authenticateWithPassword(subject, password) {
         const actualSubject = await this.tryResolveSubject(subject);
         // we use a random uuid instead of null here to reduce timing attack surface by DB optimiziations
         const queryTenantId = actualSubject?.tenantId ?? crypto.randomUUID();
         const querySubjectId = actualSubject?.id ?? crypto.randomUUID();
-        const loadedCredentials = await this.#credentialsRepository.tryLoadByQuery({
+        const loadedPassword = await this.#passwordRepository.tryLoadByQuery({
             tenantId: queryTenantId,
             subjectId: querySubjectId,
         });
-        const credentials = loadedCredentials ?? { salt: new Uint8Array(SALT_LENGTH), hash: new Uint8Array(HASH_LENGTH_BYTES) };
-        const hash = await this.getHash(secret, credentials.salt);
-        const valid = timingSafeBinaryEquals(hash, credentials.hash);
-        if (valid && isDefined(actualSubject) && isDefined(loadedCredentials)) {
+        const passwordRecord = loadedPassword ?? timingSafeFallbackPassword;
+        const hash = await this.getHash(password, passwordRecord.salt);
+        const valid = timingSafeBinaryEquals(hash, passwordRecord.hash);
+        const subjectActive = isDefined(actualSubject) && (actualSubject.status == SubjectStatus.Active);
+        if (valid && subjectActive && isDefined(actualSubject) && isDefined(loadedPassword)) {
             return { success: true, subject: actualSubject };
         }
         return { success: false };
     }
+    /**
+     * Ensures that a subject is not suspended.
+     * @param subject The subject to check.
+     * @throws {ForbiddenError} If the subject is suspended.
+     */
+    ensureNotSuspended(subject) {
+        if (subject.status == SubjectStatus.Suspended) {
+            throw new ForbiddenError('Subject is suspended.');
+        }
+    }
     /**
      * Gets a token for a subject.
      * @param subject The subject to get the token for.
@@ -219,7 +221,6 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 subjectId: subject.id,
                 begin: now,
                 end,
-                refreshTokenHashVersion: 0,
                 refreshTokenSalt: new Uint8Array(),
                 refreshTokenHash: new Uint8Array(),
             });
@@ -228,7 +229,6 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
             const refreshToken = await this.createRefreshToken(subject, session.id, end, { impersonator, remember });
             await this.#sessionRepository.withTransaction(tx).update(session.id, {
                 end,
-                refreshTokenHashVersion: 1,
                 refreshTokenSalt: refreshToken.salt,
                 refreshTokenHash: refreshToken.hash,
             });
@@ -238,40 +238,52 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
     /**
      * Logs in a subject.
      * @param subjectInput The subject to log in.
-     * @param secret The secret to log in with.
+     * @param password The password to log in with.
      * @param data Additional authentication data.
      * @param auditor Auditor for auditing.
      * @param remember Whether to remember the session.
-     * @returns Token
+     * @returns Token or TOTP challenge.
      */
-    async login(subjectInput, secret, data, auditor, remember = false) {
+    async login(subjectInput, password, data, auditor, remember = false) {
         const authAuditor = auditor.fork(AuthenticationService_1.name);
-        const authenticationResult = await this.authenticate(subjectInput, secret);
+        const authenticationResult = await this.authenticateWithPassword(subjectInput, password);
         if (!authenticationResult.success) {
             const actualSubject = await this.tryResolveSubject(subjectInput);
             await authAuditor.warn('login-failure', {
                 actorType: ActorType.Anonymous,
                 tenantId: actualSubject?.tenantId ?? subjectInput.tenantId,
                 targetId: actualSubject?.id ?? NIL_UUID,
-                targetType: 'User',
+                targetType: 'Subject',
                 details: { subjectInput, resolvedSubjectId: actualSubject?.id ?? null },
             });
             throw new InvalidCredentialsError();
         }
-        await this.hooks.beforeLogin.trigger({ subject: authenticationResult.subject });
-        const token = await this.getToken(authenticationResult.subject, data, { remember });
-        await this.hooks.afterLogin.trigger({ subject: authenticationResult.subject });
+        const totp = await this.tryGetTotp(authenticationResult.subject.tenantId, authenticationResult.subject.id);
+        if (isDefined(totp) && totp.status == TotpStatus.Active) {
+            const challengeToken = await this.createTotpChallengeToken(authenticationResult.subject, data, remember);
+            return { type: 'totp', challengeToken };
+        }
+        return await this.#loginAlreadyValidatedSubject(authenticationResult.subject, data, authAuditor, remember);
+    }
+    async loginAlreadyValidatedSubject(subject, data, auditor, remember) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        return await this.#loginAlreadyValidatedSubject(subject, data, authAuditor, remember);
+    }
+    async #loginAlreadyValidatedSubject(subject, data, authAuditor, remember) {
+        await this.hooks.beforeLogin.trigger({ subject });
+        const token = await this.getToken(subject, data, { remember });
+        await this.hooks.afterLogin.trigger({ subject });
         const sessionId = token.jsonToken.payload.session;
         await authAuditor.info('login-success', {
-            tenantId: authenticationResult.subject.tenantId,
-            actor: authenticationResult.subject.id,
+            tenantId: subject.tenantId,
+            actor: subject.id,
             actorType: ActorType.Subject,
-            targetId: authenticationResult.subject.id,
-            targetType: 'User',
+            targetId: subject.id,
+            targetType: 'Subject',
             network: { sessionId },
             details: { sessionId, remember },
         });
-        return token;
+        return { type: 'success', result: token };
     }
     /**
      * Ends a session.
@@ -280,6 +292,9 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
      */
     async endSession(sessionId, auditor) {
         const authAuditor = auditor.fork(AuthenticationService_1.name);
+        await this.#endSession(sessionId, authAuditor);
+    }
+    async #endSession(sessionId, authAuditor) {
         const session = await this.#sessionRepository.tryLoad(sessionId);
         if (isUndefined(session)) {
             this.#logger.warn(`Session "${sessionId}" not found for logout.`);
@@ -292,7 +307,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
             actor: session.subjectId,
             actorType: ActorType.Subject,
             targetId: session.subjectId,
-            targetType: 'User',
+            targetType: 'Subject',
             details: { sessionId },
         });
     }
@@ -304,13 +319,40 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
      */
     async invalidateAllSessions(tenantId, subjectId, auditor) {
         const authAuditor = auditor.fork(AuthenticationService_1.name);
+        return await this.#invalidateAllSessions(tenantId, subjectId, authAuditor);
+    }
+    async #invalidateAllSessions(tenantId, subjectId, authAuditor) {
         await this.#sessionRepository.updateManyByQuery({ tenantId, subjectId, end: { $gt: TRANSACTION_TIMESTAMP } }, { end: TRANSACTION_TIMESTAMP });
         await authAuditor.info('invalidate-all-sessions', {
             tenantId,
             actor: subjectId,
             actorType: ActorType.Subject,
             targetId: subjectId,
-            targetType: 'User',
+            targetType: 'Subject',
+        });
+    }
+    /**
+     * Invalidates all sessions for a subject except the current one.
+     * @param tenantId The tenant id of the subject.
+     * @param subjectId The id of the subject.
+     * @param currentSessionId The id of the current session to keep.
+     * @param auditor Auditor for auditing.
+     */
+    async invalidateAllOtherSessions(tenantId, subjectId, currentSessionId, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        await this.#invalidateAllOtherSessions(tenantId, subjectId, currentSessionId, authAuditor);
+    }
+    async #invalidateAllOtherSessions(tenantId, subjectId, currentSessionId, authAuditor) {
+        await this.#sessionRepository.updateManyByQuery({ id: { $neq: currentSessionId }, tenantId, subjectId, end: { $gt: TRANSACTION_TIMESTAMP } }, { end: TRANSACTION_TIMESTAMP });
+        await authAuditor.info('invalidate-all-other-sessions', {
+            tenantId,
+            actor: subjectId,
+            actorType: ActorType.Subject,
+            targetId: subjectId,
+            targetType: 'Subject',
+            details: {
+                currentSessionId,
+            },
         });
     }
     /**
@@ -320,7 +362,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
      * @returns List of sessions.
      */
     async listSessions(tenantId, subjectId) {
-        return await this.#sessionRepository.loadManyByQuery({ tenantId, subjectId });
+        return await this.#sessionRepository.loadManyByQuery({ tenantId, subjectId, end: { $gt: TRANSACTION_TIMESTAMP } });
     }
     /**
      * Gets a session.
@@ -349,9 +391,25 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
      */
     async refresh(refreshToken, authenticationData, options = {}, auditor) {
         const authAuditor = auditor.fork(AuthenticationService_1.name);
+        const validatedRefreshToken = await this.validateRefreshToken(refreshToken);
+        return await this.#refreshAlreadyValidatedToken(validatedRefreshToken, authenticationData, options, authAuditor);
+    }
+    /**
+     * Refreshes a token.
+     * @param refreshToken The refresh token to use.
+     * @param authenticationData Additional authentication data.
+     * @param options Options for refreshing the token.
+     * @param auditor Auditor for auditing.
+     * @returns The token result.
+     * @throws {InvalidTokenError} If the refresh token is invalid.
+     */
+    async refreshAlreadyValidatedToken(validatedRefreshToken, authenticationData, options = {}, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        return await this.#refreshAlreadyValidatedToken(validatedRefreshToken, authenticationData, options, authAuditor);
+    }
+    async #refreshAlreadyValidatedToken(validatedRefreshToken, authenticationData, options = {}, authAuditor) {
         let session;
         try {
-            const validatedRefreshToken = await this.validateRefreshToken(refreshToken);
             const sessionId = validatedRefreshToken.payload.session;
             session = await this.#sessionRepository.load(sessionId);
             const hash = await this.getHash(validatedRefreshToken.payload.secret, session.refreshTokenSalt);
@@ -359,12 +417,12 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 throw new InvalidTokenError('Session is expired.');
             }
             if (!timingSafeBinaryEquals(hash, session.refreshTokenHash)) {
-                await this.endSession(sessionId, auditor);
+                await this.#endSession(sessionId, authAuditor);
                 await authAuditor.warn('refresh-failure', {
                     actorType: ActorType.Anonymous,
                     tenantId: session.tenantId,
                     targetId: session.subjectId,
-                    targetType: 'User',
+                    targetType: 'Subject',
                     details: { sessionId, reason: 'Token reuse detected. Session revoked.' },
                 });
                 throw new InvalidTokenError('Invalid refresh token.');
@@ -375,12 +433,12 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
             const ttl = remember ? this.rememberRefreshTokenTimeToLive : this.refreshTokenTimeToLive;
             const newEnd = now + ttl;
             const subject = await this.#subjectRepository.loadByQuery({ tenantId: session.tenantId, id: session.subjectId });
+            this.ensureNotSuspended(subject);
             const tokenPayload = await this.#authenticationAncillaryService?.getTokenPayload(subject, authenticationData, { action: GetTokenPayloadContextAction.Refresh });
             const { token, jsonToken } = await this.createToken({ additionalTokenPayload: tokenPayload, subject, sessionId, refreshTokenExpiration: newEnd, impersonator, timestamp: now });
             const newRefreshToken = await this.createRefreshToken(subject, sessionId, newEnd, { impersonator, remember });
             await this.#sessionRepository.update(sessionId, {
                 end: newEnd,
-                refreshTokenHashVersion: 1,
                 refreshTokenSalt: newRefreshToken.salt,
                 refreshTokenHash: newRefreshToken.hash,
             });
@@ -389,7 +447,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 actor: session.subjectId,
                 actorType: ActorType.Subject,
                 targetId: session.subjectId,
-                targetType: 'User',
+                targetType: 'Subject',
                 details: { sessionId, remember },
             });
             return { token, jsonToken, refreshToken: newRefreshToken.token, remember, omitImpersonatorRefreshToken: options.omitImpersonator };
@@ -398,7 +456,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
             await authAuditor.warn('refresh-failure', {
                 actorType: ActorType.Anonymous,
                 targetId: session?.subjectId ?? NIL_UUID,
-                targetType: 'User',
+                targetType: 'Subject',
                 details: { sessionId: null, reason: error.message },
             });
             throw error;
@@ -427,12 +485,13 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 actor: impersonatorSubject.id,
                 actorType: ActorType.Subject,
                 targetId: subjectId,
-                targetType: 'User',
+                targetType: 'Subject',
                 details: { impersonatedSubjectId: subjectId },
             });
             throw new ForbiddenError('Impersonation forbidden.');
         }
         const subject = await this.#subjectRepository.loadByQuery({ tenantId: validatedImpersonatorToken.payload.tenant, id: subjectId });
+        this.ensureNotSuspended(subject);
         const tokenResult = await this.getToken(subject, authenticationData, { impersonator: validatedImpersonatorToken.payload.subject });
         await authAuditor.info('impersonate-success', {
             tenantId: subject.tenantId,
@@ -441,7 +500,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
             impersonator: validatedImpersonatorToken.payload.subject,
             impersonatorType: ActorType.Subject,
             targetId: tokenResult.jsonToken.payload.subject,
-            targetType: 'User',
+            targetType: 'Subject',
             details: { impersonatedSubjectId: subjectId },
         });
         return {
@@ -453,13 +512,22 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
     /**
      * Unimpersonates a subject.
      * @param impersonatorRefreshToken The refresh token of the impersonator.
+     * @param tokenString The token of the impersonated subject to end the session.
      * @param authenticationData Additional authentication data.
      * @param auditor Auditor for auditing.
      * @returns The token result.
      */
-    async unimpersonate(impersonatorRefreshToken, authenticationData, auditor) {
+    async unimpersonate(impersonatorRefreshToken, tokenString, authenticationData, auditor) {
         const authAuditor = auditor.fork(AuthenticationService_1.name);
-        const tokenResult = await this.refresh(impersonatorRefreshToken, authenticationData, { omitImpersonator: true }, auditor);
+        try {
+            const validatedToken = await this.validateToken(tokenString);
+            await this.#endSession(validatedToken.payload.session, authAuditor);
+        }
+        catch (error) {
+            this.#logger.warn(`Failed to end impersonated session: ${error.message}`);
+        }
+        const validatedRefreshToken = await this.validateRefreshToken(impersonatorRefreshToken);
+        const tokenResult = await this.#refreshAlreadyValidatedToken(validatedRefreshToken, authenticationData, { omitImpersonator: true }, authAuditor);
         await authAuditor.info('unimpersonate-success', {
             tenantId: tokenResult.jsonToken.payload.tenant,
             actor: tokenResult.jsonToken.payload.subject,
@@ -467,143 +535,157 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
             targetId: tokenResult.jsonToken.payload.subject,
             impersonatorType: ActorType.Subject,
             impersonator: tokenResult.jsonToken.payload.impersonator,
-            targetType: 'User',
+            targetType: 'Subject',
         });
         return tokenResult;
     }
     /**
-     * Initializes a secret reset. This usually involves sending an email for verification.
-     * @param subject The subject to reset the secret for.
-     * @param data Additional data for the secret reset.
+     * Initializes a password reset. This usually involves sending an email for verification.
+     * @param subject The subject to reset the password for.
+     * @param data Additional data for the password reset.
      * @param auditor Auditor for auditing.
      * @throws {NotImplementedError} If no ancillary service is registered.
      */
-    async initSecretReset(subject, data, auditor) {
+    async initPasswordReset(subject, data, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        await this.#initPasswordReset(subject, data, authAuditor);
+    }
+    async #initPasswordReset(subject, data, authAuditor) {
         if (isUndefined(this.#authenticationAncillaryService)) {
             throw new NotImplementedError('No ancillary service registered.');
         }
-        const authAuditor = auditor.fork(AuthenticationService_1.name);
         const actualSubject = await this.tryResolveSubject(subject);
         if (isUndefined(actualSubject)) {
-            this.#logger.warn(`Subject "${subject.subject}" not found for secret reset.`);
+            this.#logger.warn(`Subject "${subject.subject}" not found for password reset.`);
             /**
              * If the subject cannot be resolved, we do not throw an error here to avoid information leakage.
-             * This is to prevent attackers from discovering valid subjects by trying to reset secrets.
+             * This is to prevent attackers from discovering valid subjects by trying to reset passwords.
              * Instead, we simply log the attempt and return without performing any action.
              */
             return;
         }
-        const secretResetToken = await this.createSecretResetToken(actualSubject, currentTimestamp() + this.secretResetTokenTimeToLive);
-        const initSecretResetData = {
+        if (actualSubject.status == SubjectStatus.Suspended) {
+            this.#logger.warn(`Subject "${actualSubject.id}" is suspended. Skipping password reset initialization.`);
+            return;
+        }
+        const passwordResetToken = await this.createPasswordResetToken(actualSubject, currentTimestamp() + this.passwordResetTokenTimeToLive);
+        const initPasswordResetData = {
             subject: actualSubject.id,
-            token: secretResetToken.token,
+            token: passwordResetToken.token,
             ...data,
         };
-        await this.#authenticationAncillaryService.handleInitSecretReset(initSecretResetData);
-        await authAuditor.info('init-secret-reset', {
+        await this.#authenticationAncillaryService.handleInitPasswordReset(initPasswordResetData);
+        await authAuditor.info('init-password-reset', {
             tenantId: actualSubject.tenantId,
             targetId: actualSubject.id,
-            targetType: 'User',
+            targetType: 'Subject',
         });
     }
     /**
-     * Changes a subject's secret.
-     * @param subjectInput The subject to change the secret for.
-     * @param currentSecret The current secret.
-     * @param newSecret The new secret.
+     * Changes a subject's password.
+     * @param subjectInput The subject to change the password for.
+     * @param currentPassword The current password.
+     * @param newPassword The new password.
      * @param auditor Auditor for auditing.
      */
-    async changeSecret(subjectInput, currentSecret, newSecret, auditor) {
+    async changePassword(subjectInput, currentPassword, newPassword, auditor) {
         const authAuditor = auditor.fork(AuthenticationService_1.name);
-        const authenticationResult = await this.authenticate(subjectInput, currentSecret);
+        await this.#changePassword(subjectInput, currentPassword, newPassword, authAuditor);
+    }
+    async #changePassword(subjectInput, currentPassword, newPassword, authAuditor) {
+        const authenticationResult = await this.authenticateWithPassword(subjectInput, currentPassword);
         if (!authenticationResult.success) {
             const resolvedSubject = await this.tryResolveSubject(subjectInput);
-            await authAuditor.warn('change-secret-failure', {
+            await authAuditor.warn('change-password-failure', {
                 actorType: ActorType.Anonymous,
                 tenantId: resolvedSubject?.tenantId,
                 targetId: resolvedSubject?.id ?? NIL_UUID,
-                targetType: 'User',
+                targetType: 'Subject',
                 details: { subjectInput, resolvedSubjectId: resolvedSubject?.id ?? null },
             });
             throw new InvalidCredentialsError();
         }
-        await this.hooks.beforeChangeSecret.trigger({ subject: authenticationResult.subject });
-        await this.setCredentials(authenticationResult.subject, newSecret);
-        await this.hooks.afterChangeSecret.trigger({ subject: authenticationResult.subject });
-        await authAuditor.info('change-secret-success', {
+        await this.hooks.beforeChangePassword.trigger({ subject: authenticationResult.subject });
+        await this.setPassword(authenticationResult.subject, newPassword);
+        await this.hooks.afterChangePassword.trigger({ subject: authenticationResult.subject });
+        await authAuditor.info('change-password-success', {
             tenantId: authenticationResult.subject.tenantId,
             actor: authenticationResult.subject.id,
             actorType: ActorType.Subject,
             targetId: authenticationResult.subject.id,
-            targetType: 'User',
+            targetType: 'Subject',
         });
     }
     /**
-     * Resets a secret.
-     * @param tokenString The secret reset token.
-     * @param newSecret The new secret.
+     * Resets a password.
+     * @param tokenString The password reset token.
+     * @param newPassword The new password.
      * @param auditor Auditor for auditing.
      * @throws {InvalidTokenError} If the token is invalid.
      */
-    async resetSecret(tokenString, newSecret, auditor) {
+    async resetPassword(tokenString, newPassword, auditor) {
         const authAuditor = auditor.fork(AuthenticationService_1.name);
+        await this.#resetPassword(tokenString, newPassword, authAuditor);
+    }
+    async #resetPassword(tokenString, newPassword, authAuditor) {
         try {
-            const token = await this.validateSecretResetToken(tokenString);
-            const credentials = await this.#credentialsRepository.tryLoadByQuery({
+            const token = await this.validatePasswordResetToken(tokenString);
+            const passwordRecord = await this.#passwordRepository.tryLoadByQuery({
                 tenantId: token.payload.tenant,
                 subjectId: token.payload.subject,
             });
-            if (isDefined(credentials)) {
-                const lastUpdateSeconds = timestampToTimestampSeconds(credentials.metadata.revisionTimestamp);
+            if (isDefined(passwordRecord)) {
+                const lastUpdateSeconds = timestampToTimestampSeconds(passwordRecord.metadata.revisionTimestamp);
                 if (token.payload.iat < lastUpdateSeconds) {
-                    await authAuditor.info('reset-secret-failure', {
+                    await authAuditor.info('reset-password-failure', {
                         targetId: token.payload.subject,
-                        targetType: 'User',
-                        details: { reason: 'Token is invalid (credentials have already been changed).' },
+                        targetType: 'Subject',
+                        details: { reason: 'Token is invalid (password has already been changed).' },
                     });
                     throw new InvalidTokenError();
                 }
             }
             const subject = await this.#subjectRepository.loadByQuery({ tenantId: token.payload.tenant, id: token.payload.subject });
-            await this.setCredentials(subject, newSecret);
-            await authAuditor.info('reset-secret-success', {
+            this.ensureNotSuspended(subject);
+            await this.setPassword(subject, newPassword);
+            await authAuditor.info('reset-password-success', {
                 tenantId: token.payload.tenant,
                 targetId: token.payload.subject,
-                targetType: 'User',
+                targetType: 'Subject',
             });
         }
         catch (error) {
-            await authAuditor.warn('reset-secret-failure', {
+            await authAuditor.warn('reset-password-failure', {
                 targetId: NIL_UUID,
-                targetType: 'User',
+                targetType: 'Subject',
                 details: { reason: error.message },
             });
             throw error;
         }
     }
     /**
-     * Checks a secret against the requirements.
-     * @param secret The secret to check.
+     * Checks a password against the requirements.
+     * @param password The password to check.
      * @returns The result of the check.
      */
-    async checkSecret(secret) {
-        return await this.#authenticationSecretRequirementsValidator.checkSecretRequirements(secret);
+    async checkPassword(password) {
+        return await this.#authenticationPasswordRequirementsValidator.checkPasswordRequirements(password);
     }
     /**
-     * Tests a secret against the requirements.
-     * @param secret The secret to test.
+     * Tests a password against the requirements.
+     * @param password The password to test.
      * @returns The result of the test.
      */
-    async testSecret(secret) {
-        return await this.#authenticationSecretRequirementsValidator.testSecretRequirements(secret);
+    async testPassword(password) {
+        return await this.#authenticationPasswordRequirementsValidator.testPasswordRequirements(password);
     }
     /**
-     * Validates a secret against the requirements. Throws an error if the requirements are not met.
-     * @param secret The secret to validate.
-     * @throws {SecretRequirementsError} If the secret does not meet the requirements.
+     * Validates a password against the requirements. Throws an error if the requirements are not met.
+     * @param password The password to validate.
+     * @throws {PasswordRequirementsError} If the password does not meet the requirements.
      */
-    async validateSecret(secret) {
-        await this.#authenticationSecretRequirementsValidator.validateSecretRequirements(secret);
+    async validatePassword(password) {
+        await this.#authenticationPasswordRequirementsValidator.validatePasswordRequirements(password);
     }
     /**
      * Validates a token.
@@ -612,7 +694,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
      * @throws {InvalidTokenError} If the token is invalid.
      */
     async validateToken(token) {
-        return await getTokenFromString(token, this.tokenVersion, this.derivedTokenSigningSecret);
+        return await getTokenFromString(token, this.tokenVersion, await this.#tokenSigningKey.getKey());
     }
     /**
      * Validates a refresh token.
@@ -621,16 +703,16 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
      * @throws {InvalidTokenError} If the refresh token is invalid.
      */
     async validateRefreshToken(token) {
-        return await getRefreshTokenFromString(token, this.derivedRefreshTokenSigningSecret);
+        return await getRefreshTokenFromString(token, await this.#refreshTokenSigningKey.getKey());
     }
     /**
-     * Validates a secret reset token.
-     * @param token The secret reset token to validate.
-     * @returns The validated secret reset token.
-     * @throws {InvalidTokenError} If the secret reset token is invalid.
+     * Validates a password reset token.
+     * @param token The password reset token to validate.
+     * @returns The validated password reset token.
+     * @throws {InvalidTokenError} If the password reset token is invalid.
      */
-    async validateSecretResetToken(token) {
-        return await getSecretResetTokenFromString(token, this.derivedSecretResetTokenSigningSecret);
+    async validatePasswordResetToken(token) {
+        return await getPasswordResetTokenFromString(token, await this.#passwordResetTokenSigningKey.getKey());
     }
     /**
      * Tries to resolve a subject.
@@ -682,7 +764,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
     async createToken({ tokenVersion, jwtId, issuedAt, expiration, additionalTokenPayload, subject, sessionId, refreshTokenExpiration, impersonator: impersonatedBy, timestamp = currentTimestamp() }) {
         const header = {
             v: tokenVersion ?? this.tokenVersion,
-            alg: 'HS256',
+            alg: 'KMAC256',
             typ: 'JWT',
         };
         const payload = {
@@ -700,7 +782,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
             header,
             payload,
         };
-        const token = await createJwtTokenString(jsonToken, this.derivedTokenSigningSecret);
+        const token = await createJwtTokenString(jsonToken, await this.#tokenSigningKey.getKey());
         return { token, jsonToken };
     }
     /**
@@ -718,7 +800,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         const hash = await this.getHash(secret, salt);
         const jsonToken = {
             header: {
-                alg: 'HS256',
+                alg: 'KMAC256',
                 typ: 'JWT',
             },
             payload: {
@@ -731,7 +813,7 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 secret,
             },
         };
-        const token = await createJwtTokenString(jsonToken, this.derivedRefreshTokenSigningSecret);
+        const token = await createJwtTokenString(jsonToken, await this.#refreshTokenSigningKey.getKey());
         return { token, jsonToken, salt, hash: new Uint8Array(hash) };
     }
     async defaultResolveSubjects({ tenantId, subject }) {
@@ -751,11 +833,11 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
         }
         return subjects[0];
     }
-    async createSecretResetToken(subject, expirationTimestamp) {
-        const iat = timestampToTimestampSeconds(currentTimestamp());
+    async createPasswordResetToken(subject, expirationTimestamp) {
+        const iat = currentTimestampSeconds();
         const jsonToken = {
             header: {
-                alg: 'HS256',
+                alg: 'KMAC256',
                 typ: 'JWT',
             },
             payload: {
@@ -765,23 +847,363 @@ let AuthenticationService = AuthenticationService_1 = class AuthenticationServic
                 tenant: subject.tenantId,
             },
         };
-        const token = await createJwtTokenString(jsonToken, this.derivedSecretResetTokenSigningSecret);
+        const token = await createJwtTokenString(jsonToken, await this.#passwordResetTokenSigningKey.getKey());
         return { token, jsonToken };
     }
-    async deriveSigningSecrets(secret) {
-        const key = await importPbkdf2Key(secret);
-        const saltBase64 = await this.#keyValueStore.getOrSet('derivationSalt', encodeBase64(getRandomBytes(SALT_LENGTH)));
-        const salt = decodeBase64(saltBase64);
-        const algorithm = { name: 'PBKDF2', hash: 'SHA-512', iterations: this.#options.signingSecretsDerivationIterations ?? SIGNING_SECRETS_DERIVATION_ITERATIONS, salt };
-        const [derivedTokenSigningSecret, derivedRefreshTokenSigningSecret, derivedSecretResetTokenSigningSecret] = await deriveBytesMultiple(algorithm, key, 3, SIGNING_SECRETS_LENGTH);
-        this.derivedTokenSigningSecret = derivedTokenSigningSecret;
-        this.derivedRefreshTokenSigningSecret = derivedRefreshTokenSigningSecret;
-        this.derivedSecretResetTokenSigningSecret = derivedSecretResetTokenSigningSecret;
-    }
-    async getHash(secret, salt) {
-        const key = await importPbkdf2Key(secret);
-        const hash = await globalThis.crypto.subtle.deriveBits({ name: 'PBKDF2', hash: 'SHA-512', iterations: this.#options.hashIterations ?? HASH_ITERATIONS, salt }, key, HASH_LENGTH_BITS);
-        return new Uint8Array(hash);
+    async getHash(password, salt) {
+        const keyData = isString(password) ? encodeUtf8(password) : password;
+        const derviveAlgorithm = { ...this.hashDeriveOptions, nonce: salt };
+        const key = await importKey('raw-secret', keyData, derviveAlgorithm, false, ['deriveBits']);
+        return await deriveBytes(derviveAlgorithm, key, HASH_LENGTH_BYTES);
+    }
+    async tryGetTotp(tenantId, subjectId) {
+        return await this.#totpRepository.tryLoadByQuery({ tenantId, subjectId });
+    }
+    async getTotpStatus(tenantId, subjectId) {
+        const totp = await this.tryGetTotp(tenantId, subjectId);
+        return { active: totp?.status == TotpStatus.Active };
+    }
+    async initEnrollTotp(tenantId, subjectId, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        return await this.#initEnrollTotp(tenantId, subjectId, authAuditor);
+    }
+    async #initEnrollTotp(tenantId, subjectId, authAuditor) {
+        const subject = await this.#subjectRepository.loadByQuery({ tenantId, id: subjectId });
+        const existingTotp = await this.tryGetTotp(tenantId, subjectId);
+        if (isDefined(existingTotp) && existingTotp.status == TotpStatus.Active) {
+            throw new ForbiddenError('TOTP already active');
+        }
+        const secret = generateTotpSecret(this.totpOptions.codeHashAlgorithm);
+        const recoveryCodeSalt = getRandomBytes(16);
+        const issuer = this.#options.totpIssuer ?? 'tstdl';
+        const user = await this.#userRepository.tryLoadByQuery({ tenantId, id: subjectId });
+        const accountName = user?.email ?? subjectId;
+        const encodedSecret = encodeTotpSecret(secret);
+        const uri = generateTotpUri(encodedSecret, accountName, issuer, this.totpOptions);
+        if (isDefined(existingTotp)) {
+            await this.#totpRepository.updateByQuery({ tenantId, id: existingTotp.id }, {
+                secret,
+                recoveryCodeSalt,
+                status: TotpStatus.Pending,
+            });
+        }
+        else {
+            await this.#totpRepository.insert({
+                tenantId,
+                subjectId,
+                secret,
+                recoveryCodeSalt,
+                status: TotpStatus.Pending,
+            });
+        }
+        await authAuditor.info('totp-enroll-init', {
+            tenantId,
+            actor: subjectId,
+            actorType: ActorType.Subject,
+            targetId: subjectId,
+            targetType: 'Subject',
+            details: { subjectId },
+        });
+        return { secret: encodedSecret, uri };
+    }
+    async completeEnrollTotp(tenantId, subjectId, token, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        return await this.#completeEnrollTotp(tenantId, subjectId, token, authAuditor);
+    }
+    async #completeEnrollTotp(tenantId, subjectId, token, authAuditor) {
+        const totp = await this.#totpRepository.loadByQuery({ tenantId, subjectId });
+        if (totp.status == TotpStatus.Active) {
+            throw new ForbiddenError('TOTP already active');
+        }
+        const isValid = await this.verifyAndRecordTotpToken(totp, token, authAuditor);
+        if (!isValid) {
+            await authAuditor.warn('totp-enroll-failure', {
+                tenantId,
+                actor: subjectId,
+                actorType: ActorType.Subject,
+                targetId: subjectId,
+                targetType: 'Subject',
+                details: { reason: 'Invalid TOTP token' },
+            });
+            throw new ForbiddenError('Invalid TOTP token');
+        }
+        const recoveryCodes = generateTotpRecoveryCodes();
+        const hashingOptions = this.#getTotpRecoveryCodeHashingOptions(totp.recoveryCodeSalt);
+        const hashedRecoveryCodes = await Promise.all(recoveryCodes.map(async (code) => {
+            const hashedCode = await hashTotpRecoveryCode(code, hashingOptions);
+            return {
+                tenantId,
+                totpId: totp.id,
+                code: hashedCode,
+                usedTimestamp: null,
+            };
+        }));
+        await this.#totpRepository.transaction(async (tx) => {
+            await this.#totpRepository.withTransaction(tx).updateByQuery({ tenantId, id: totp.id }, { status: TotpStatus.Active });
+            await this.#totpRecoveryCodeRepository.withTransaction(tx).insertMany(hashedRecoveryCodes);
+        });
+        await authAuditor.info('totp-enroll-success', {
+            tenantId,
+            actor: subjectId,
+            actorType: ActorType.Subject,
+            targetId: subjectId,
+            targetType: 'Subject',
+        });
+        return { recoveryCodes };
+    }
+    async disableTotp(tenantId, subjectId, token, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        await this.#disableTotp(tenantId, subjectId, token, authAuditor);
+    }
+    async disableTotpWithRecoveryCode(tenantId, subjectId, recoveryCode, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        await this.#disableTotpWithRecoveryCode(tenantId, subjectId, recoveryCode, authAuditor);
+    }
+    async regenerateRecoveryCodes(tenantId, subjectId, token, auditor, options) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        return await this.#regenerateRecoveryCodes(tenantId, subjectId, token, authAuditor, options);
+    }
+    async #regenerateRecoveryCodes(tenantId, subjectId, token, authAuditor, options) {
+        const totp = await this.#totpRepository.loadByQuery({ tenantId, subjectId });
+        if (totp.status != TotpStatus.Active) {
+            throw new ForbiddenError('TOTP not active');
+        }
+        const isValid = await this.verifyAndRecordTotpToken(totp, token, authAuditor);
+        if (!isValid) {
+            await authAuditor.warn('totp-verify-failure', {
+                tenantId,
+                actor: subjectId,
+                actorType: ActorType.Subject,
+                targetId: subjectId,
+                targetType: 'Subject',
+                details: { reason: 'Invalid TOTP token' },
+            });
+            throw new ForbiddenError('Invalid TOTP token');
+        }
+        const recoveryCodes = generateTotpRecoveryCodes();
+        const hashingOptions = this.#getTotpRecoveryCodeHashingOptions(totp.recoveryCodeSalt);
+        const hashedRecoveryCodes = await Promise.all(recoveryCodes.map(async (code) => {
+            const hashedCode = await hashTotpRecoveryCode(code, hashingOptions);
+            return {
+                tenantId,
+                totpId: totp.id,
+                code: hashedCode,
+                usedTimestamp: null,
+            };
+        }));
+        await this.#totpRepository.transaction(async (transaction) => {
+            const totpRecoveryCodeRepository = this.#totpRecoveryCodeRepository.withTransaction(transaction);
+            await totpRecoveryCodeRepository.deleteByQuery({ tenantId, totpId: totp.id });
+            await totpRecoveryCodeRepository.insertMany(hashedRecoveryCodes);
+            if (options?.invalidateOtherSessions == true) {
+                await this.#invalidateAllOtherSessions(tenantId, subjectId, NIL_UUID, authAuditor);
+            }
+        });
+        await authAuditor.info('recovery-codes-regenerated', {
+            tenantId,
+            actor: subjectId,
+            actorType: ActorType.Subject,
+            targetId: subjectId,
+            targetType: 'Subject',
+            details: { count: recoveryCodes.length },
+        });
+        return { recoveryCodes };
+    }
+    async #disableTotp(tenantId, subjectId, token, authAuditor) {
+        const totp = await this.#totpRepository.loadByQuery({ tenantId, subjectId });
+        if (totp.status != TotpStatus.Active) {
+            throw new ForbiddenError('TOTP not active');
+        }
+        const isValid = await this.verifyAndRecordTotpToken(totp, token, authAuditor);
+        if (!isValid) {
+            await authAuditor.warn('totp-disable-failure', {
+                tenantId,
+                actor: subjectId,
+                actorType: ActorType.Subject,
+                targetId: subjectId,
+                targetType: 'Subject',
+                details: { reason: 'Invalid token' },
+            });
+            throw new ForbiddenError('Invalid TOTP token');
+        }
+        await this.#totpRepository.deleteByQuery({ tenantId, id: totp.id });
+        await authAuditor.info('totp-disable-success', {
+            tenantId,
+            actor: subjectId,
+            actorType: ActorType.Subject,
+            targetId: subjectId,
+            targetType: 'Subject',
+        });
+    }
+    async #disableTotpWithRecoveryCode(tenantId, subjectId, recoveryCode, authAuditor) {
+        const totp = await this.#totpRepository.loadByQuery({ tenantId, subjectId });
+        if (totp.status != TotpStatus.Active) {
+            throw new ForbiddenError('TOTP not active');
+        }
+        const isRecoveryCodeValid = await this.verifyAndUseRecoveryCode(totp, recoveryCode);
+        if (!isRecoveryCodeValid) {
+            await authAuditor.warn('totp-disable-failure', {
+                tenantId,
+                actor: subjectId,
+                actorType: ActorType.Subject,
+                targetId: subjectId,
+                targetType: 'Subject',
+                details: { reason: 'Invalid recovery code' },
+            });
+            throw new ForbiddenError('Invalid recovery code');
+        }
+        await this.#totpRepository.deleteByQuery({ tenantId, id: totp.id });
+        await authAuditor.info('totp-disable-success', {
+            tenantId,
+            actor: subjectId,
+            actorType: ActorType.Subject,
+            targetId: subjectId,
+            targetType: 'Subject',
+        });
+    }
+    async loginVerifyTotp(challengeTokenString, token, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        return await this.#loginVerifyTotp(challengeTokenString, token, authAuditor);
+    }
+    async loginRecovery(challengeTokenString, recoveryCode, auditor) {
+        const authAuditor = auditor.fork(AuthenticationService_1.name);
+        return await this.#loginRecovery(challengeTokenString, recoveryCode, authAuditor);
+    }
+    async #loginRecovery(challengeTokenString, recoveryCode, authAuditor) {
+        const challengeToken = await this.validateTotpChallengeToken(challengeTokenString);
+        const { tenant, subject: subjectId, remember, data } = challengeToken.payload;
+        const totp = await this.#totpRepository.loadByQuery({ tenantId: tenant, subjectId });
+        const isRecoveryCodeValid = await this.verifyAndUseRecoveryCode(totp, recoveryCode);
+        if (!isRecoveryCodeValid) {
+            await authAuditor.warn('recovery-login-failure', {
+                actorType: ActorType.Anonymous,
+                tenantId: tenant,
+                targetId: subjectId,
+                targetType: 'Subject',
+                details: {
+                    subjectInput: { tenantId: tenant, subject: subjectId },
+                    resolvedSubjectId: subjectId,
+                },
+            });
+            throw new ForbiddenError('Invalid recovery code');
+        }
+        const subject = await this.#subjectRepository.loadByQuery({ tenantId: tenant, id: subjectId });
+        const loginResult = await this.#loginAlreadyValidatedSubject(subject, data, authAuditor, remember);
+        const unusedRecoveryCodesCount = await this.#totpRecoveryCodeRepository.countByQuery({ tenantId: tenant, totpId: totp.id, usedTimestamp: null });
+        await authAuditor.info('recovery-login-success', {
+            tenantId: tenant,
+            actor: subjectId,
+            actorType: ActorType.Subject,
+            targetId: subjectId,
+            targetType: 'Subject',
+            network: { sessionId: loginResult.result.jsonToken.payload.session },
+            details: {
+                sessionId: loginResult.result.jsonToken.payload.session,
+                remember,
+            },
+        });
+        return {
+            ...loginResult,
+            lowRecoveryCodesWarning: unusedRecoveryCodesCount <= 3,
+        };
+    }
+    async #loginVerifyTotp(challengeTokenString, token, authAuditor) {
+        const challengeToken = await this.validateTotpChallengeToken(challengeTokenString);
+        const { tenant, subject: subjectId, remember, data } = challengeToken.payload;
+        const totp = await this.#totpRepository.loadByQuery({ tenantId: tenant, subjectId });
+        const isValid = await this.verifyAndRecordTotpToken(totp, token, authAuditor);
+        if (!isValid) {
+            await authAuditor.warn('totp-verify-failure', {
+                tenantId: tenant,
+                actor: subjectId,
+                actorType: ActorType.Subject,
+                targetId: subjectId,
+                targetType: 'Subject',
+                details: { reason: 'Invalid token' },
+            });
+            throw new ForbiddenError('Invalid TOTP token');
+        }
+        const subject = await this.#subjectRepository.loadByQuery({ tenantId: tenant, id: subjectId });
+        return await this.#loginAlreadyValidatedSubject(subject, data, authAuditor, remember);
+    }
+    async validateTotpChallengeToken(tokenString) {
+        const validatedToken = await parseAndValidateJwtTokenString(tokenString, 'KMAC256', await this.#totpChallengeSigningKey.getKey());
+        if (validatedToken.payload.exp <= currentTimestampSeconds()) {
+            throw new InvalidTokenError('Challenge token expired');
+        }
+        return validatedToken;
+    }
+    async createTotpChallengeToken(subject, data, remember) {
+        const iat = currentTimestampSeconds();
+        const expiration = this.#options.totpChallengeTokenTimeToLive ?? (5 * millisecondsPerMinute);
+        const exp = iat + timestampToTimestampSeconds(expiration);
+        const jsonToken = {
+            header: {
+                alg: 'KMAC256',
+                typ: 'JWT',
+            },
+            payload: {
+                iat,
+                exp,
+                tenant: subject.tenantId,
+                subject: subject.id,
+                remember,
+                data,
+            },
+        };
+        return await createJwtTokenString(jsonToken, await this.#totpChallengeSigningKey.getKey());
+    }
+    async verifyAndUseRecoveryCode(totp, code) {
+        const recoveryCodes = await this.#totpRecoveryCodeRepository.loadManyByQuery({ tenantId: totp.tenantId, totpId: totp.id, usedTimestamp: null });
+        const hashingOptions = this.#getTotpRecoveryCodeHashingOptions(totp.recoveryCodeSalt);
+        const hash = await hashTotpRecoveryCode(code, hashingOptions);
+        for (const recoveryCode of recoveryCodes) {
+            const isValid = await verifyTotpRecoveryCode(hash, recoveryCode.code, hashingOptions);
+            if (isValid) {
+                await this.#totpRecoveryCodeRepository.updateByQuery({ tenantId: recoveryCode.tenantId, id: recoveryCode.id }, { usedTimestamp: TRANSACTION_TIMESTAMP });
+                return true;
+            }
+        }
+        return false;
+    }
+    async verifyAndRecordTotpToken(totp, token, authAuditor) {
+        const secret = await importHmacKey('raw-secret', this.totpOptions.codeHashAlgorithm, totp.secret, false);
+        const isValid = await verifyTotpToken(secret, token, this.#getTotpOptions(totp.recoveryCodeSalt));
+        if (!isValid) {
+            return false;
+        }
+        const inserted = await this.#usedTotpTokenRepository.tryInsert({
+            tenantId: totp.tenantId,
+            subjectId: totp.subjectId,
+            token,
+        });
+        if (isUndefined(inserted)) {
+            await authAuditor.warn('totp-token-reused', {
+                tenantId: totp.tenantId,
+                actor: totp.subjectId,
+                actorType: ActorType.Subject,
+                targetId: totp.subjectId,
+                targetType: 'Subject',
+                details: { token },
+            });
+            return false;
+        }
+        return true;
+    }
+    #getTotpOptions(salt) {
+        return {
+            ...this.totpOptions,
+            recoveryCodeHashOptions: this.#getTotpRecoveryCodeHashingOptions(salt),
+        };
+    }
+    #getTotpRecoveryCodeHashingOptions(salt) {
+        return {
+            algorithm: {
+                ...this.totpOptions.recoveryCodeHashOptions.algorithm,
+                nonce: salt,
+            },
+            length: this.totpOptions.recoveryCodeHashOptions.length,
+        };
     }
 };
 AuthenticationService = AuthenticationService_1 = __decorate([