@twin.org/api-auth-entity-storage-service 0.0.1 → 0.0.2-next.1

package/dist/cjs/index.cjs

@@ -388,7 +388,41 @@ function generateRestRoutesAuthentication(baseRouteName, componentName) {
             }
         ]
     };
-    return [loginRoute, logoutRoute, refreshTokenRoute];
+    const updatePasswordRoute = {
+        operationId: "authenticationUpdatePassword",
+        summary: "Update the user's password",
+        tag: tagsAuthentication[0].name,
+        method: "PUT",
+        path: `${baseRouteName}/:email/password`,
+        handler: async (httpRequestContext, request) => authenticationUpdatePassword(httpRequestContext, componentName, request),
+        requestType: {
+            type: "IUpdatePasswordRequest",
+            examples: [
+                {
+                    id: "updatePasswordRequestExample",
+                    description: "The request to update the user's password.",
+                    request: {
+                        pathParams: {
+                            email: "john:example.com"
+                        },
+                        body: {
+                            currentPassword: "MyNewPassword123!",
+                            newPassword: "MyNewPassword123!"
+                        }
+                    }
+                }
+            ]
+        },
+        responseType: [
+            {
+                type: "INoContentResponse"
+            },
+            {
+                type: "IUnauthorizedResponse"
+            }
+        ]
+    };
+    return [loginRoute, logoutRoute, refreshTokenRoute, updatePasswordRoute];
 }
 /**
  * Login to the server.
@@ -448,6 +482,23 @@ async function authenticationRefreshToken(httpRequestContext, componentName, req
         body: result
     };
 }
+/**
+ * Update the user's password.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+async function authenticationUpdatePassword(httpRequestContext, componentName, request) {
+    core.Guards.object(ROUTES_SOURCE, "request", request);
+    core.Guards.object(ROUTES_SOURCE, "request.pathParams", request.pathParams);
+    core.Guards.object(ROUTES_SOURCE, "request.body", request.body);
+    const component = core.ComponentFactory.get(componentName);
+    await component.updatePassword(request.pathParams.email, request.body.currentPassword, request.body.newPassword);
+    return {
+        statusCode: web.HttpStatusCode.noContent
+    };
+}
 
 const restEntryPoints = [
     {
@@ -495,6 +546,141 @@ class PasswordHelper {
     }
 }
 
+/**
+ * Implementation of the authentication component using entity storage.
+ */
+class EntityStorageAuthenticationAdminService {
+    /**
+     * The namespace supported by the authentication service.
+     */
+    static NAMESPACE = "authentication-admin-entity-storage";
+    /**
+     * The minimum password length.
+     * @internal
+     */
+    static _DEFAULT_MIN_PASSWORD_LENGTH = 8;
+    /**
+     * Runtime name for the class.
+     */
+    CLASS_NAME = "EntityStorageAuthenticationAdminService";
+    /**
+     * The entity storage for users.
+     * @internal
+     */
+    _userEntityStorage;
+    /**
+     * The minimum password length.
+     * @internal
+     */
+    _minPasswordLength;
+    /**
+     * Create a new instance of EntityStorageAuthentication.
+     * @param options The dependencies for the identity connector.
+     */
+    constructor(options) {
+        this._userEntityStorage = entityStorageModels.EntityStorageConnectorFactory.get(options?.userEntityStorageType ?? "authentication-user");
+        this._minPasswordLength =
+            options?.config?.minPasswordLength ??
+                EntityStorageAuthenticationAdminService._DEFAULT_MIN_PASSWORD_LENGTH;
+    }
+    /**
+     * Create a login for the user.
+     * @param email The email address for the user.
+     * @param password The password for the user.
+     * @param identity The DID to associate with the account.
+     * @returns Nothing.
+     */
+    async create(email, password, identity) {
+        core.Guards.stringValue(this.CLASS_NAME, "email", email);
+        core.Guards.stringValue(this.CLASS_NAME, "password", password);
+        try {
+            if (password.length < this._minPasswordLength) {
+                throw new core.GeneralError(this.CLASS_NAME, "passwordTooShort", {
+                    minLength: this._minPasswordLength
+                });
+            }
+            const user = await this._userEntityStorage.get(email);
+            if (user) {
+                throw new core.GeneralError(this.CLASS_NAME, "userExists");
+            }
+            const saltBytes = core.RandomHelper.generate(16);
+            const passwordBytes = core.Converter.utf8ToBytes(password);
+            const hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);
+            const newUser = {
+                email,
+                salt: core.Converter.bytesToBase64(saltBytes),
+                password: hashedPassword,
+                identity
+            };
+            await this._userEntityStorage.set(newUser);
+        }
+        catch (error) {
+            throw new core.GeneralError(this.CLASS_NAME, "createUserFailed", undefined, error);
+        }
+    }
+    /**
+     * Remove the current user.
+     * @param email The email address of the user to remove.
+     * @returns Nothing.
+     */
+    async remove(email) {
+        core.Guards.stringValue(this.CLASS_NAME, "email", email);
+        try {
+            const user = await this._userEntityStorage.get(email);
+            if (!user) {
+                throw new core.NotFoundError(this.CLASS_NAME, "userNotFound", email);
+            }
+            await this._userEntityStorage.remove(email);
+        }
+        catch (error) {
+            throw new core.GeneralError(this.CLASS_NAME, "removeUserFailed", undefined, error);
+        }
+    }
+    /**
+     * Update the user's password.
+     * @param email The email address of the user to update.
+     * @param newPassword The new password for the user.
+     * @param currentPassword The current password, optional, if supplied will check against existing.
+     * @returns Nothing.
+     */
+    async updatePassword(email, newPassword, currentPassword) {
+        core.Guards.stringValue(this.CLASS_NAME, "email", email);
+        core.Guards.stringValue(this.CLASS_NAME, "newPassword", newPassword);
+        try {
+            if (newPassword.length < this._minPasswordLength) {
+                throw new core.GeneralError(this.CLASS_NAME, "passwordTooShort", {
+                    minLength: this._minPasswordLength
+                });
+            }
+            const user = await this._userEntityStorage.get(email);
+            if (!user) {
+                throw new core.NotFoundError(this.CLASS_NAME, "userNotFound", email);
+            }
+            if (core.Is.stringValue(currentPassword)) {
+                const saltBytes = core.Converter.base64ToBytes(user.salt);
+                const passwordBytes = core.Converter.utf8ToBytes(currentPassword);
+                const hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);
+                if (hashedPassword !== user.password) {
+                    throw new core.GeneralError(this.CLASS_NAME, "currentPasswordMismatch");
+                }
+            }
+            const saltBytes = core.RandomHelper.generate(16);
+            const passwordBytes = core.Converter.utf8ToBytes(newPassword);
+            const hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);
+            const updatedUser = {
+                email,
+                salt: core.Converter.bytesToBase64(saltBytes),
+                password: hashedPassword,
+                identity: user.identity
+            };
+            await this._userEntityStorage.set(updatedUser);
+        }
+        catch (error) {
+            throw new core.GeneralError(this.CLASS_NAME, "updatePasswordFailed", undefined, error);
+        }
+    }
+}
+
 /**
  * Implementation of the authentication component using entity storage.
  */
@@ -512,6 +698,11 @@ class EntityStorageAuthenticationService {
      * Runtime name for the class.
      */
     CLASS_NAME = "EntityStorageAuthenticationService";
+    /**
+     * The user admin service.
+     * @internal
+     */
+    _authenticationAdminService;
     /**
      * The entity storage for users.
      * @internal
@@ -544,6 +735,7 @@ class EntityStorageAuthenticationService {
     constructor(options) {
         this._userEntityStorage = entityStorageModels.EntityStorageConnectorFactory.get(options?.userEntityStorageType ?? "authentication-user");
         this._vaultConnector = vaultModels.VaultConnectorFactory.get(options?.vaultConnectorType ?? "vault");
+        this._authenticationAdminService = core.ComponentFactory.get(options?.authenticationAdminServiceType ?? "authentication-admin");
         this._signingKeyName = options?.config?.signingKeyName ?? "auth-signing";
         this._defaultTtlMinutes =
             options?.config?.defaultTtlMinutes ?? EntityStorageAuthenticationService._DEFAULT_TTL_MINUTES;
@@ -604,15 +796,27 @@ class EntityStorageAuthenticationService {
         const refreshTokenAndExpiry = await TokenHelper.createToken(this._vaultConnector, `${this._nodeIdentity}/${this._signingKeyName}`, headerAndPayload.payload.sub ?? "", this._defaultTtlMinutes);
         return refreshTokenAndExpiry;
     }
+    /**
+     * Update the user's password.
+     * @param email The email address of the user to update.
+     * @param currentPassword The current password for the user.
+     * @param newPassword The new password for the user.
+     * @returns Nothing.
+     */
+    async updatePassword(email, currentPassword, newPassword) {
+        return this._authenticationAdminService.updatePassword(email, newPassword, currentPassword);
+    }
 }
 
 exports.AuthHeaderProcessor = AuthHeaderProcessor;
+exports.EntityStorageAuthenticationAdminService = EntityStorageAuthenticationAdminService;
 exports.EntityStorageAuthenticationService = EntityStorageAuthenticationService;
 exports.PasswordHelper = PasswordHelper;
 exports.TokenHelper = TokenHelper;
 exports.authenticationLogin = authenticationLogin;
 exports.authenticationLogout = authenticationLogout;
 exports.authenticationRefreshToken = authenticationRefreshToken;
+exports.authenticationUpdatePassword = authenticationUpdatePassword;
 exports.generateRestRoutesAuthentication = generateRestRoutesAuthentication;
 exports.initSchema = initSchema;
 exports.restEntryPoints = restEntryPoints;

package/dist/esm/index.mjs

@@ -1,6 +1,6 @@
 import { property, entity, EntitySchemaFactory, EntitySchemaHelper } from '@twin.org/entity';
 import { HttpErrorHelper } from '@twin.org/api-models';
-import { Is, UnauthorizedError, Guards, BaseError, ComponentFactory, Converter, GeneralError } from '@twin.org/core';
+import { Is, UnauthorizedError, Guards, BaseError, ComponentFactory, Converter, GeneralError, RandomHelper, NotFoundError } from '@twin.org/core';
 import { VaultConnectorHelper, VaultConnectorFactory } from '@twin.org/vault-models';
 import { Jwt, HeaderTypes, HttpStatusCode } from '@twin.org/web';
 import { EntityStorageConnectorFactory } from '@twin.org/entity-storage-models';
@@ -386,7 +386,41 @@ function generateRestRoutesAuthentication(baseRouteName, componentName) {
             }
         ]
     };
-    return [loginRoute, logoutRoute, refreshTokenRoute];
+    const updatePasswordRoute = {
+        operationId: "authenticationUpdatePassword",
+        summary: "Update the user's password",
+        tag: tagsAuthentication[0].name,
+        method: "PUT",
+        path: `${baseRouteName}/:email/password`,
+        handler: async (httpRequestContext, request) => authenticationUpdatePassword(httpRequestContext, componentName, request),
+        requestType: {
+            type: "IUpdatePasswordRequest",
+            examples: [
+                {
+                    id: "updatePasswordRequestExample",
+                    description: "The request to update the user's password.",
+                    request: {
+                        pathParams: {
+                            email: "john:example.com"
+                        },
+                        body: {
+                            currentPassword: "MyNewPassword123!",
+                            newPassword: "MyNewPassword123!"
+                        }
+                    }
+                }
+            ]
+        },
+        responseType: [
+            {
+                type: "INoContentResponse"
+            },
+            {
+                type: "IUnauthorizedResponse"
+            }
+        ]
+    };
+    return [loginRoute, logoutRoute, refreshTokenRoute, updatePasswordRoute];
 }
 /**
  * Login to the server.
@@ -446,6 +480,23 @@ async function authenticationRefreshToken(httpRequestContext, componentName, req
         body: result
     };
 }
+/**
+ * Update the user's password.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+async function authenticationUpdatePassword(httpRequestContext, componentName, request) {
+    Guards.object(ROUTES_SOURCE, "request", request);
+    Guards.object(ROUTES_SOURCE, "request.pathParams", request.pathParams);
+    Guards.object(ROUTES_SOURCE, "request.body", request.body);
+    const component = ComponentFactory.get(componentName);
+    await component.updatePassword(request.pathParams.email, request.body.currentPassword, request.body.newPassword);
+    return {
+        statusCode: HttpStatusCode.noContent
+    };
+}
 
 const restEntryPoints = [
     {
@@ -493,6 +544,141 @@ class PasswordHelper {
     }
 }
 
+/**
+ * Implementation of the authentication component using entity storage.
+ */
+class EntityStorageAuthenticationAdminService {
+    /**
+     * The namespace supported by the authentication service.
+     */
+    static NAMESPACE = "authentication-admin-entity-storage";
+    /**
+     * The minimum password length.
+     * @internal
+     */
+    static _DEFAULT_MIN_PASSWORD_LENGTH = 8;
+    /**
+     * Runtime name for the class.
+     */
+    CLASS_NAME = "EntityStorageAuthenticationAdminService";
+    /**
+     * The entity storage for users.
+     * @internal
+     */
+    _userEntityStorage;
+    /**
+     * The minimum password length.
+     * @internal
+     */
+    _minPasswordLength;
+    /**
+     * Create a new instance of EntityStorageAuthentication.
+     * @param options The dependencies for the identity connector.
+     */
+    constructor(options) {
+        this._userEntityStorage = EntityStorageConnectorFactory.get(options?.userEntityStorageType ?? "authentication-user");
+        this._minPasswordLength =
+            options?.config?.minPasswordLength ??
+                EntityStorageAuthenticationAdminService._DEFAULT_MIN_PASSWORD_LENGTH;
+    }
+    /**
+     * Create a login for the user.
+     * @param email The email address for the user.
+     * @param password The password for the user.
+     * @param identity The DID to associate with the account.
+     * @returns Nothing.
+     */
+    async create(email, password, identity) {
+        Guards.stringValue(this.CLASS_NAME, "email", email);
+        Guards.stringValue(this.CLASS_NAME, "password", password);
+        try {
+            if (password.length < this._minPasswordLength) {
+                throw new GeneralError(this.CLASS_NAME, "passwordTooShort", {
+                    minLength: this._minPasswordLength
+                });
+            }
+            const user = await this._userEntityStorage.get(email);
+            if (user) {
+                throw new GeneralError(this.CLASS_NAME, "userExists");
+            }
+            const saltBytes = RandomHelper.generate(16);
+            const passwordBytes = Converter.utf8ToBytes(password);
+            const hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);
+            const newUser = {
+                email,
+                salt: Converter.bytesToBase64(saltBytes),
+                password: hashedPassword,
+                identity
+            };
+            await this._userEntityStorage.set(newUser);
+        }
+        catch (error) {
+            throw new GeneralError(this.CLASS_NAME, "createUserFailed", undefined, error);
+        }
+    }
+    /**
+     * Remove the current user.
+     * @param email The email address of the user to remove.
+     * @returns Nothing.
+     */
+    async remove(email) {
+        Guards.stringValue(this.CLASS_NAME, "email", email);
+        try {
+            const user = await this._userEntityStorage.get(email);
+            if (!user) {
+                throw new NotFoundError(this.CLASS_NAME, "userNotFound", email);
+            }
+            await this._userEntityStorage.remove(email);
+        }
+        catch (error) {
+            throw new GeneralError(this.CLASS_NAME, "removeUserFailed", undefined, error);
+        }
+    }
+    /**
+     * Update the user's password.
+     * @param email The email address of the user to update.
+     * @param newPassword The new password for the user.
+     * @param currentPassword The current password, optional, if supplied will check against existing.
+     * @returns Nothing.
+     */
+    async updatePassword(email, newPassword, currentPassword) {
+        Guards.stringValue(this.CLASS_NAME, "email", email);
+        Guards.stringValue(this.CLASS_NAME, "newPassword", newPassword);
+        try {
+            if (newPassword.length < this._minPasswordLength) {
+                throw new GeneralError(this.CLASS_NAME, "passwordTooShort", {
+                    minLength: this._minPasswordLength
+                });
+            }
+            const user = await this._userEntityStorage.get(email);
+            if (!user) {
+                throw new NotFoundError(this.CLASS_NAME, "userNotFound", email);
+            }
+            if (Is.stringValue(currentPassword)) {
+                const saltBytes = Converter.base64ToBytes(user.salt);
+                const passwordBytes = Converter.utf8ToBytes(currentPassword);
+                const hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);
+                if (hashedPassword !== user.password) {
+                    throw new GeneralError(this.CLASS_NAME, "currentPasswordMismatch");
+                }
+            }
+            const saltBytes = RandomHelper.generate(16);
+            const passwordBytes = Converter.utf8ToBytes(newPassword);
+            const hashedPassword = await PasswordHelper.hashPassword(passwordBytes, saltBytes);
+            const updatedUser = {
+                email,
+                salt: Converter.bytesToBase64(saltBytes),
+                password: hashedPassword,
+                identity: user.identity
+            };
+            await this._userEntityStorage.set(updatedUser);
+        }
+        catch (error) {
+            throw new GeneralError(this.CLASS_NAME, "updatePasswordFailed", undefined, error);
+        }
+    }
+}
+
 /**
  * Implementation of the authentication component using entity storage.
  */
@@ -510,6 +696,11 @@ class EntityStorageAuthenticationService {
      * Runtime name for the class.
      */
     CLASS_NAME = "EntityStorageAuthenticationService";
+    /**
+     * The user admin service.
+     * @internal
+     */
+    _authenticationAdminService;
     /**
      * The entity storage for users.
      * @internal
@@ -542,6 +733,7 @@ class EntityStorageAuthenticationService {
     constructor(options) {
         this._userEntityStorage = EntityStorageConnectorFactory.get(options?.userEntityStorageType ?? "authentication-user");
         this._vaultConnector = VaultConnectorFactory.get(options?.vaultConnectorType ?? "vault");
+        this._authenticationAdminService = ComponentFactory.get(options?.authenticationAdminServiceType ?? "authentication-admin");
         this._signingKeyName = options?.config?.signingKeyName ?? "auth-signing";
         this._defaultTtlMinutes =
             options?.config?.defaultTtlMinutes ?? EntityStorageAuthenticationService._DEFAULT_TTL_MINUTES;
@@ -602,6 +794,16 @@ class EntityStorageAuthenticationService {
         const refreshTokenAndExpiry = await TokenHelper.createToken(this._vaultConnector, `${this._nodeIdentity}/${this._signingKeyName}`, headerAndPayload.payload.sub ?? "", this._defaultTtlMinutes);
         return refreshTokenAndExpiry;
     }
+    /**
+     * Update the user's password.
+     * @param email The email address of the user to update.
+     * @param currentPassword The current password for the user.
+     * @param newPassword The new password for the user.
+     * @returns Nothing.
+     */
+    async updatePassword(email, currentPassword, newPassword) {
+        return this._authenticationAdminService.updatePassword(email, newPassword, currentPassword);
+    }
 }
 
-export { AuthHeaderProcessor, AuthenticationUser, EntityStorageAuthenticationService, PasswordHelper, TokenHelper, authenticationLogin, authenticationLogout, authenticationRefreshToken, generateRestRoutesAuthentication, initSchema, restEntryPoints, tagsAuthentication };
+export { AuthHeaderProcessor, AuthenticationUser, EntityStorageAuthenticationAdminService, EntityStorageAuthenticationService, PasswordHelper, TokenHelper, authenticationLogin, authenticationLogout, authenticationRefreshToken, authenticationUpdatePassword, generateRestRoutesAuthentication, initSchema, restEntryPoints, tagsAuthentication };

package/dist/types/index.d.ts

@@ -1,12 +1,15 @@
 export * from "./entities/authenticationUser";
 export * from "./models/IAuthHeaderProcessorConfig";
 export * from "./models/IAuthHeaderProcessorConstructorOptions";
+export * from "./models/IEntityStorageAuthenticationAdminServiceConfig";
+export * from "./models/IEntityStorageAuthenticationAdminServiceConstructorOptions";
 export * from "./models/IEntityStorageAuthenticationServiceConfig";
 export * from "./models/IEntityStorageAuthenticationServiceConstructorOptions";
 export * from "./processors/authHeaderProcessor";
 export * from "./restEntryPoints";
 export * from "./routes/entityStorageAuthenticationRoutes";
 export * from "./schema";
+export * from "./services/entityStorageAuthenticationAdminService";
 export * from "./services/entityStorageAuthenticationService";
 export * from "./utils/passwordHelper";
 export * from "./utils/tokenHelper";

package/dist/types/models/IEntityStorageAuthenticationAdminServiceConfig.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Configuration for the entity storage authentication admin service.
+ */
+export interface IEntityStorageAuthenticationAdminServiceConfig {
+    /**
+     * The minimum password length.
+     * @default 8
+     */
+    minPasswordLength?: number;
+}

package/dist/types/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.d.ts

@@ -0,0 +1,15 @@
+import type { IEntityStorageAuthenticationAdminServiceConfig } from "./IEntityStorageAuthenticationAdminServiceConfig";
+/**
+ * Options for the EntityStorageAuthenticationAdminService constructor.
+ */
+export interface IEntityStorageAuthenticationAdminServiceConstructorOptions {
+    /**
+     * The entity storage for the users.
+     * @default authentication-user
+     */
+    userEntityStorageType?: string;
+    /**
+     * The configuration for the authentication.
+     */
+    config?: IEntityStorageAuthenticationAdminServiceConfig;
+}

package/dist/types/models/IEntityStorageAuthenticationServiceConstructorOptions.d.ts

@@ -13,6 +13,11 @@ export interface IEntityStorageAuthenticationServiceConstructorOptions {
      * @default vault
      */
     vaultConnectorType?: string;
+    /**
+     * The admin service.
+     * @default authentication-admin
+     */
+    authenticationAdminServiceType?: string;
     /**
      * The configuration for the authentication.
      */

package/dist/types/routes/entityStorageAuthenticationRoutes.d.ts

@@ -1,4 +1,4 @@
-import type { ILoginRequest, ILoginResponse, ILogoutRequest, IRefreshTokenRequest, IRefreshTokenResponse } from "@twin.org/api-auth-entity-storage-models";
+import type { ILoginRequest, ILoginResponse, ILogoutRequest, IRefreshTokenRequest, IRefreshTokenResponse, IUpdatePasswordRequest } from "@twin.org/api-auth-entity-storage-models";
 import type { IHttpRequestContext, INoContentResponse, IRestRoute, IRestRouteResponseOptions, ITag } from "@twin.org/api-models";
 /**
  * The tag to associate with the routes.
@@ -35,3 +35,11 @@ export declare function authenticationLogout(httpRequestContext: IHttpRequestCon
  * @returns The response object with additional http response properties.
  */
 export declare function authenticationRefreshToken(httpRequestContext: IHttpRequestContext, componentName: string, request: IRefreshTokenRequest): Promise<IRefreshTokenResponse & IRestRouteResponseOptions>;
+/**
+ * Update the user's password.
+ * @param httpRequestContext The request context for the API.
+ * @param componentName The name of the component to use in the routes.
+ * @param request The request.
+ * @returns The response object with additional http response properties.
+ */
+export declare function authenticationUpdatePassword(httpRequestContext: IHttpRequestContext, componentName: string, request: IUpdatePasswordRequest): Promise<INoContentResponse>;

package/dist/types/services/entityStorageAuthenticationAdminService.d.ts

@@ -0,0 +1,42 @@
+import type { IAuthenticationAdminComponent } from "@twin.org/api-auth-entity-storage-models";
+import type { IEntityStorageAuthenticationAdminServiceConstructorOptions } from "../models/IEntityStorageAuthenticationAdminServiceConstructorOptions";
+/**
+ * Implementation of the authentication component using entity storage.
+ */
+export declare class EntityStorageAuthenticationAdminService implements IAuthenticationAdminComponent {
+    /**
+     * The namespace supported by the authentication service.
+     */
+    static readonly NAMESPACE: string;
+    /**
+     * Runtime name for the class.
+     */
+    readonly CLASS_NAME: string;
+    /**
+     * Create a new instance of EntityStorageAuthentication.
+     * @param options The dependencies for the identity connector.
+     */
+    constructor(options?: IEntityStorageAuthenticationAdminServiceConstructorOptions);
+    /**
+     * Create a login for the user.
+     * @param email The email address for the user.
+     * @param password The password for the user.
+     * @param identity The DID to associate with the account.
+     * @returns Nothing.
+     */
+    create(email: string, password: string, identity: string): Promise<void>;
+    /**
+     * Remove the current user.
+     * @param email The email address of the user to remove.
+     * @returns Nothing.
+     */
+    remove(email: string): Promise<void>;
+    /**
+     * Update the user's password.
+     * @param email The email address of the user to update.
+     * @param newPassword The new password for the user.
+     * @param currentPassword The current password, optional, if supplied will check against existing.
+     * @returns Nothing.
+     */
+    updatePassword(email: string, newPassword: string, currentPassword?: string): Promise<void>;
+}

package/dist/types/services/entityStorageAuthenticationService.d.ts

@@ -49,4 +49,12 @@ export declare class EntityStorageAuthenticationService implements IAuthenticati
         token: string;
         expiry: number;
     }>;
+    /**
+     * Update the user's password.
+     * @param email The email address of the user to update.
+     * @param currentPassword The current password for the user.
+     * @param newPassword The new password for the user.
+     * @returns Nothing.
+     */
+    updatePassword(email: string, currentPassword: string, newPassword: string): Promise<void>;
 }

package/docs/changelog.md

@@ -1,5 +1,23 @@
 # @twin.org/api-auth-entity-storage-service - Changelog
 
+## [0.0.2-next.1](https://github.com/twinfoundation/api/compare/api-auth-entity-storage-service-v0.0.2-next.0...api-auth-entity-storage-service-v0.0.2-next.1) (2025-07-08)
+
+
+### Features
+
+* add json-ld mime type processor and auth admin component ([8861791](https://github.com/twinfoundation/api/commit/88617916e23bfbca023dbae1976fe421983a02ff))
+* update dependencies ([1171dc4](https://github.com/twinfoundation/api/commit/1171dc416a9481737f6a640e3cf30145768f37e9))
+* use shared store mechanism ([#19](https://github.com/twinfoundation/api/issues/19)) ([32116df](https://github.com/twinfoundation/api/commit/32116df3b4380a30137f5056f242a5c99afa2df9))
+
+
+### Dependencies
+
+* The following workspace dependencies were updated
+  * dependencies
+    * @twin.org/api-auth-entity-storage-models bumped from 0.0.2-next.0 to 0.0.2-next.1
+    * @twin.org/api-core bumped from 0.0.2-next.0 to 0.0.2-next.1
+    * @twin.org/api-models bumped from 0.0.2-next.0 to 0.0.2-next.1
+
 ## 0.0.1 (2025-07-03)
 
 

package/docs/reference/classes/EntityStorageAuthenticationAdminService.md

@@ -0,0 +1,149 @@
+# Class: EntityStorageAuthenticationAdminService
+
+Implementation of the authentication component using entity storage.
+
+## Implements
+
+- `IAuthenticationAdminComponent`
+
+## Constructors
+
+### Constructor
+
+> **new EntityStorageAuthenticationAdminService**(`options?`): `EntityStorageAuthenticationAdminService`
+
+Create a new instance of EntityStorageAuthentication.
+
+#### Parameters
+
+##### options?
+
+[`IEntityStorageAuthenticationAdminServiceConstructorOptions`](../interfaces/IEntityStorageAuthenticationAdminServiceConstructorOptions.md)
+
+The dependencies for the identity connector.
+
+#### Returns
+
+`EntityStorageAuthenticationAdminService`
+
+## Properties
+
+### NAMESPACE
+
+> `readonly` `static` **NAMESPACE**: `string` = `"authentication-admin-entity-storage"`
+
+The namespace supported by the authentication service.
+
+***
+
+### CLASS\_NAME
+
+> `readonly` **CLASS\_NAME**: `string`
+
+Runtime name for the class.
+
+#### Implementation of
+
+`IAuthenticationAdminComponent.CLASS_NAME`
+
+## Methods
+
+### create()
+
+> **create**(`email`, `password`, `identity`): `Promise`\<`void`\>
+
+Create a login for the user.
+
+#### Parameters
+
+##### email
+
+`string`
+
+The email address for the user.
+
+##### password
+
+`string`
+
+The password for the user.
+
+##### identity
+
+`string`
+
+The DID to associate with the account.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+#### Implementation of
+
+`IAuthenticationAdminComponent.create`
+
+***
+
+### remove()
+
+> **remove**(`email`): `Promise`\<`void`\>
+
+Remove the current user.
+
+#### Parameters
+
+##### email
+
+`string`
+
+The email address of the user to remove.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+#### Implementation of
+
+`IAuthenticationAdminComponent.remove`
+
+***
+
+### updatePassword()
+
+> **updatePassword**(`email`, `newPassword`, `currentPassword?`): `Promise`\<`void`\>
+
+Update the user's password.
+
+#### Parameters
+
+##### email
+
+`string`
+
+The email address of the user to update.
+
+##### newPassword
+
+`string`
+
+The new password for the user.
+
+##### currentPassword?
+
+`string`
+
+The current password, optional, if supplied will check against existing.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+#### Implementation of
+
+`IAuthenticationAdminComponent.updatePassword`

package/docs/reference/classes/EntityStorageAuthenticationService.md

@@ -161,3 +161,41 @@ The refreshed token, if it uses a mechanism with public access.
 #### Implementation of
 
 `IAuthenticationComponent.refresh`
+
+***
+
+### updatePassword()
+
+> **updatePassword**(`email`, `currentPassword`, `newPassword`): `Promise`\<`void`\>
+
+Update the user's password.
+
+#### Parameters
+
+##### email
+
+`string`
+
+The email address of the user to update.
+
+##### currentPassword
+
+`string`
+
+The current password for the user.
+
+##### newPassword
+
+`string`
+
+The new password for the user.
+
+#### Returns
+
+`Promise`\<`void`\>
+
+Nothing.
+
+#### Implementation of
+
+`IAuthenticationComponent.updatePassword`

package/docs/reference/functions/authenticationUpdatePassword.md

@@ -0,0 +1,31 @@
+# Function: authenticationUpdatePassword()
+
+> **authenticationUpdatePassword**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`INoContentResponse`\>
+
+Update the user's password.
+
+## Parameters
+
+### httpRequestContext
+
+`IHttpRequestContext`
+
+The request context for the API.
+
+### componentName
+
+`string`
+
+The name of the component to use in the routes.
+
+### request
+
+`IUpdatePasswordRequest`
+
+The request.
+
+## Returns
+
+`Promise`\<`INoContentResponse`\>
+
+The response object with additional http response properties.

package/docs/reference/index.md

@@ -4,6 +4,7 @@
 
 - [AuthenticationUser](classes/AuthenticationUser.md)
 - [AuthHeaderProcessor](classes/AuthHeaderProcessor.md)
+- [EntityStorageAuthenticationAdminService](classes/EntityStorageAuthenticationAdminService.md)
 - [EntityStorageAuthenticationService](classes/EntityStorageAuthenticationService.md)
 - [PasswordHelper](classes/PasswordHelper.md)
 - [TokenHelper](classes/TokenHelper.md)
@@ -12,6 +13,8 @@
 
 - [IAuthHeaderProcessorConfig](interfaces/IAuthHeaderProcessorConfig.md)
 - [IAuthHeaderProcessorConstructorOptions](interfaces/IAuthHeaderProcessorConstructorOptions.md)
+- [IEntityStorageAuthenticationAdminServiceConfig](interfaces/IEntityStorageAuthenticationAdminServiceConfig.md)
+- [IEntityStorageAuthenticationAdminServiceConstructorOptions](interfaces/IEntityStorageAuthenticationAdminServiceConstructorOptions.md)
 - [IEntityStorageAuthenticationServiceConfig](interfaces/IEntityStorageAuthenticationServiceConfig.md)
 - [IEntityStorageAuthenticationServiceConstructorOptions](interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md)
 
@@ -26,4 +29,5 @@
 - [authenticationLogin](functions/authenticationLogin.md)
 - [authenticationLogout](functions/authenticationLogout.md)
 - [authenticationRefreshToken](functions/authenticationRefreshToken.md)
+- [authenticationUpdatePassword](functions/authenticationUpdatePassword.md)
 - [initSchema](functions/initSchema.md)

package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConfig.md

@@ -0,0 +1,17 @@
+# Interface: IEntityStorageAuthenticationAdminServiceConfig
+
+Configuration for the entity storage authentication admin service.
+
+## Properties
+
+### minPasswordLength?
+
+> `optional` **minPasswordLength**: `number`
+
+The minimum password length.
+
+#### Default
+
+```ts
+8
+```

package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConstructorOptions.md

@@ -0,0 +1,25 @@
+# Interface: IEntityStorageAuthenticationAdminServiceConstructorOptions
+
+Options for the EntityStorageAuthenticationAdminService constructor.
+
+## Properties
+
+### userEntityStorageType?
+
+> `optional` **userEntityStorageType**: `string`
+
+The entity storage for the users.
+
+#### Default
+
+```ts
+authentication-user
+```
+
+***
+
+### config?
+
+> `optional` **config**: [`IEntityStorageAuthenticationAdminServiceConfig`](IEntityStorageAuthenticationAdminServiceConfig.md)
+
+The configuration for the authentication.

package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md

@@ -32,6 +32,20 @@ vault
 
 ***
 
+### authenticationAdminServiceType?
+
+> `optional` **authenticationAdminServiceType**: `string`
+
+The admin service.
+
+#### Default
+
+```ts
+authentication-admin
+```
+
+***
+
 ### config?
 
 > `optional` **config**: [`IEntityStorageAuthenticationServiceConfig`](IEntityStorageAuthenticationServiceConfig.md)

package/locales/en.json

@@ -6,6 +6,15 @@
 			"userNotFound": "The user with the specified e-mail could not be found",
 			"passwordMismatch": "The password does not match the user's password"
 		},
+		"entityStorageAuthenticationAdminService": {
+			"userExists": "The user with the specified e-mail already exists",
+			"createFailed": "Creating the user failed",
+			"removeFailed": "Removing the user failed",
+			"updatePasswordFailed": "Updating the user's password failed",
+			"passwordTooShort": "The password is too short, it must be at least {minLength} characters long",
+			"userNotFound": "The user with the specified e-mail could not be found \"{notFoundId}\"",
+			"currentPasswordMismatch": "The current password is incorrect"
+		},
 		"entityStorageAuthenticationProcessor": {
 			"initializeFailed": "The JSON Web token authentication processor could not be initialized"
 		},

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@twin.org/api-auth-entity-storage-service",
-	"version": "0.0.1",
+	"version": "0.0.2-next.1",
 	"description": "Auth Entity Storage contract implementation and REST endpoint definitions",
 	"repository": {
 		"type": "git",
@@ -14,17 +14,17 @@
 		"node": ">=20.0.0"
 	},
 	"dependencies": {
-		"@twin.org/api-auth-entity-storage-models": "^0.0.1",
-		"@twin.org/api-core": "^0.0.1",
-		"@twin.org/api-models": "^0.0.1",
-		"@twin.org/core": "^0.0.1",
-		"@twin.org/crypto": "^0.0.1",
-		"@twin.org/entity": "^0.0.1",
-		"@twin.org/entity-storage-models": "^0.0.1-next.2",
-		"@twin.org/logging-models": "^0.0.1-next.2",
-		"@twin.org/nameof": "^0.0.1",
-		"@twin.org/vault-models": "^0.0.1-next.2",
-		"@twin.org/web": "^0.0.1"
+		"@twin.org/api-auth-entity-storage-models": "0.0.2-next.1",
+		"@twin.org/api-core": "0.0.2-next.1",
+		"@twin.org/api-models": "0.0.2-next.1",
+		"@twin.org/core": "next",
+		"@twin.org/crypto": "next",
+		"@twin.org/entity": "next",
+		"@twin.org/entity-storage-models": "next",
+		"@twin.org/logging-models": "next",
+		"@twin.org/nameof": "next",
+		"@twin.org/vault-models": "next",
+		"@twin.org/web": "next"
 	},
 	"main": "./dist/cjs/index.cjs",
 	"module": "./dist/esm/index.mjs",