npm - @twin.org/api-auth-entity-storage-service - Versions diffs - 0.0.3-next.4 → 0.0.3-next.40 - Mend

@twin.org/api-auth-entity-storage-service 0.0.3-next.4 → 0.0.3-next.40

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (104) hide show

package/docs/reference/classes/EntityStorageAuthenticationAuditService.md ADDED Viewed

@@ -0,0 +1,157 @@
+# Class: EntityStorageAuthenticationAuditService
+Implementation of the authentication audit component using entity storage.
+## Implements
+- `IAuthenticationAuditComponent`
+## Constructors
+### Constructor
+> **new EntityStorageAuthenticationAuditService**(`options?`): `EntityStorageAuthenticationAuditService`
+Create a new instance of EntityStorageAuthenticationAuditService.
+#### Parameters
+##### options?
+[`IEntityStorageAuthenticationAuditServiceConstructorOptions`](../interfaces/IEntityStorageAuthenticationAuditServiceConstructorOptions.md)
+The dependencies for the identity connector.
+#### Returns
+`EntityStorageAuthenticationAuditService`
+## Properties
+### CLASS\_NAME {#class_name}
+> `readonly` `static` **CLASS\_NAME**: `string`
+Runtime name for the class.
+## Methods
+### className() {#classname}
+> **className**(): `string`
+Returns the class name of the component.
+#### Returns
+`string`
+The class name of the component.
+#### Implementation of
+`IAuthenticationAuditComponent.className`
+***
+### create() {#create}
+> **create**(`entry`): `Promise`\<`string`\>
+Create a new audit entry.
+#### Parameters
+##### entry
+`Omit`\<`IAuthenticationAuditEntry`, `"id"` \| `"dateCreated"`\>
+The audit entry to be logged.
+#### Returns
+`Promise`\<`string`\>
+The unique identifier of the created audit entry.
+#### Implementation of
+`IAuthenticationAuditComponent.create`
+***
+### query() {#query}
+> **query**(`options?`, `cursor?`, `limit?`): `Promise`\<\{ `entries`: `IAuthenticationAuditEntry`[]; `cursor?`: `string`; \}\>
+Query the audit entries.
+#### Parameters
+##### options?
+The query options.
+###### actorId?
+`string`
+The actor identifier to filter the audit entries, optional.
+###### organizationId?
+`string`
+The organization identifier to filter the audit entries, optional.
+###### tenantId?
+`string`
+The tenant identifier to filter the audit entries, optional.
+###### nodeId?
+`string`
+The node identifier to filter the audit entries, optional.
+###### event?
+`string`
+The audit event to filter the audit entries, optional.
+###### startDate?
+`string`
+The start date to filter the audit entries, optional.
+###### endDate?
+`string`
+The end date to filter the audit entries, optional.
+##### cursor?
+`string`
+The cursor for pagination.
+##### limit?
+`number`
+The maximum number of entries to return.
+#### Returns
+`Promise`\<\{ `entries`: `IAuthenticationAuditEntry`[]; `cursor?`: `string`; \}\>
+The audit entries.
+#### Implementation of
+`IAuthenticationAuditComponent.query`

package/docs/reference/classes/EntityStorageAuthenticationRateService.md ADDED Viewed

@@ -0,0 +1,227 @@
+# Class: EntityStorageAuthenticationRateService
+Implementation of the authentication rate component using entity storage.
+## Implements
+- `IAuthenticationRateComponent`
+## Constructors
+### Constructor
+> **new EntityStorageAuthenticationRateService**(`options?`): `EntityStorageAuthenticationRateService`
+Create a new instance of EntityStorageAuthenticationRateService.
+#### Parameters
+##### options?
+[`IEntityStorageAuthenticationRateServiceConstructorOptions`](../interfaces/IEntityStorageAuthenticationRateServiceConstructorOptions.md)
+The constructor options.
+#### Returns
+`EntityStorageAuthenticationRateService`
+## Properties
+### CLASS\_NAME {#class_name}
+> `readonly` `static` **CLASS\_NAME**: `string`
+Runtime name for the class.
+## Methods
+### registerAction() {#registeraction}
+> **registerAction**(`action`, `config`): `Promise`\<`void`\>
+Register or update rate-limit configuration for an action.
+#### Parameters
+##### action
+`string`
+The action name.
+##### config
+`IAuthenticationRateActionConfig`
+The action configuration.
+#### Returns
+`Promise`\<`void`\>
+Nothing.
+#### Implementation of
+`IAuthenticationRateComponent.registerAction`
+***
+### unregisterAction() {#unregisteraction}
+> **unregisterAction**(`action`): `Promise`\<`void`\>
+Unregister rate-limit configuration for an action.
+#### Parameters
+##### action
+`string`
+The action name.
+#### Returns
+`Promise`\<`void`\>
+Nothing.
+#### Implementation of
+`IAuthenticationRateComponent.unregisterAction`
+***
+### className() {#classname}
+> **className**(): `string`
+Returns the class name of the component.
+#### Returns
+`string`
+The class name of the component.
+#### Implementation of
+`IAuthenticationRateComponent.className`
+***
+### start() {#start}
+> **start**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
+The service needs to be started when the application is initialized.
+#### Parameters
+##### nodeLoggingComponentType?
+`string`
+The node logging component type.
+#### Returns
+`Promise`\<`void`\>
+Nothing.
+#### Implementation of
+`IAuthenticationRateComponent.start`
+***
+### stop() {#stop}
+> **stop**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
+The component needs to be stopped when the node is closed.
+#### Parameters
+##### nodeLoggingComponentType?
+`string`
+The node logging component type.
+#### Returns
+`Promise`\<`void`\>
+Nothing.
+#### Implementation of
+`IAuthenticationRateComponent.stop`
+***
+### check() {#check}
+> **check**(`action`, `identifier`): `Promise`\<`string`\>
+Check the authentication rate for a given action and identifier.
+#### Parameters
+##### action
+`string`
+The action to be checked.
+##### identifier
+`string`
+The identifier to be checked.
+#### Returns
+`Promise`\<`string`\>
+The rate entry id.
+#### Implementation of
+`IAuthenticationRateComponent.check`
+***
+### clear() {#clear}
+> **clear**(`action`, `identifier`): `Promise`\<`void`\>
+Clear the authentication rate entry for the given action and identifier.
+#### Parameters
+##### action
+`string`
+The action to clear.
+##### identifier
+`string`
+The identifier to clear.
+#### Returns
+`Promise`\<`void`\>
+Nothing.
+#### Implementation of
+`IAuthenticationRateComponent.clear`

package/docs/reference/classes/EntityStorageAuthenticationService.md CHANGED Viewed

@@ -28,7 +28,7 @@ The dependencies for the identity connector.
 ## Properties
-### CLASS\_NAME
+### CLASS\_NAME {#class_name}
 > `readonly` `static` **CLASS\_NAME**: `string`
@@ -36,7 +36,7 @@ Runtime name for the class.
 ## Methods
-### className()
+### className() {#classname}
 > **className**(): `string`
@@ -54,7 +54,7 @@ The class name of the component.
 ***
-### start()
+### start() {#start}
 > **start**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
@@ -80,7 +80,33 @@ Nothing.
 ***
-### login()
+### stop() {#stop}
+> **stop**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
+The component needs to be stopped when the node is closed.
+#### Parameters
+##### nodeLoggingComponentType?
+`string`
+The node logging component type.
+#### Returns
+`Promise`\<`void`\>
+Nothing.
+#### Implementation of
+`IAuthenticationComponent.stop`
+***
+### login() {#login}
 > **login**(`email`, `password`): `Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
@@ -112,7 +138,7 @@ The authentication token for the user, if it uses a mechanism with public access
 ***
-### logout()
+### logout() {#logout}
 > **logout**(`token?`): `Promise`\<`void`\>
@@ -138,9 +164,9 @@ Nothing.
 ***
-### refresh()
+### refresh() {#refresh}
-> **refresh**(`token?`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
+> **refresh**(`token?`): `Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
 Refresh the token.
@@ -154,7 +180,7 @@ The token to refresh, if it uses a mechanism with public access.
 #### Returns
-`Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
+`Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
 The refreshed token, if it uses a mechanism with public access.
@@ -164,20 +190,14 @@ The refreshed token, if it uses a mechanism with public access.
 ***
-### updatePassword()
+### updatePassword() {#updatepassword}
-> **updatePassword**(`email`, `currentPassword`, `newPassword`): `Promise`\<`void`\>
+> **updatePassword**(`currentPassword`, `newPassword`): `Promise`\<`void`\>
 Update the user's password.
 #### Parameters
-##### email
-`string`
-The email address of the user to update.
 ##### currentPassword
 `string`

package/docs/reference/classes/PasswordHelper.md CHANGED Viewed

@@ -14,7 +14,7 @@ Helper class for password operations.
 ## Properties
-### CLASS\_NAME
+### CLASS\_NAME {#class_name}
 > `readonly` `static` **CLASS\_NAME**: `string`
@@ -22,28 +22,53 @@ Runtime name for the class.
 ## Methods
-### hashPassword()
+### updatePassword() {#updatepassword}
-> `static` **hashPassword**(`passwordBytes`, `saltBytes`): `Promise`\<`string`\>
+> `static` **updatePassword**(`userEntityStorage`, `authenticationAuditService`, `user`, `newPassword`, `currentPassword?`, `minPasswordLength?`): `Promise`\<`void`\>
-Hash the password for the user.
+Update the password for a user.
+Validates password strength, verifies the current password if provided, then hashes and stores the new password and raises an audit event.
 #### Parameters
-##### passwordBytes
+##### userEntityStorage
-`Uint8Array`
+`IEntityStorageConnector`\<[`AuthenticationUser`](AuthenticationUser.md)\>
-The password bytes.
+The entity storage for users.
-##### saltBytes
+##### authenticationAuditService
-`Uint8Array`
+`IAuthenticationAuditComponent` \| `undefined`
-The salt bytes.
+The optional audit service.
+##### user
+[`AuthenticationUser`](AuthenticationUser.md)
+The user whose password is being updated.
+##### newPassword
+`string`
+The new password to set.
+##### currentPassword?
+`string`
+The current password to verify against, if supplied.
+##### minPasswordLength?
+`number`
+Optional minimum password length for validation.
 #### Returns
-`Promise`\<`string`\>
+`Promise`\<`void`\>
-The hashed password.
+Nothing.

package/docs/reference/classes/TokenHelper.md CHANGED Viewed

@@ -14,7 +14,7 @@ Helper class for token operations.
 ## Properties
-### CLASS\_NAME
+### CLASS\_NAME {#class_name}
 > `readonly` `static` **CLASS\_NAME**: `string`
@@ -22,9 +22,9 @@ Runtime name for the class.
 ## Methods
-### createToken()
+### createToken() {#createtoken}
-> `static` **createToken**(`vaultConnector`, `signingKeyName`, `userIdentity`, `organizationIdentity`, `ttlMinutes`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
+> `static` **createToken**(`vaultConnector`, `urlTransformerComponent`, `signingKeyName`, `userIdentity`, `organizationIdentity`, `tenantId`, `ttlMinutes`, `scope?`, `passwordVersion?`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
 Create a new token.
@@ -36,6 +36,12 @@ Create a new token.
 The vault connector.
+##### urlTransformerComponent
+`IUrlTransformerComponent`
+The URL transformer component, used to encrypt the tenant ID for inclusion in the token.
 ##### signingKeyName
 `string`
@@ -50,9 +56,15 @@ The subject for the token.
 ##### organizationIdentity
+`string` \| `undefined`
 The organization for the token.
-`string` | `undefined`
+##### tenantId
+`string` \| `undefined`
+The tenant id for the token.
 ##### ttlMinutes
@@ -60,6 +72,18 @@ The organization for the token.
 The time to live for the token in minutes.
+##### scope?
+`string`
+The scopes for the token.
+##### passwordVersion?
+`number`
+The user's current password version counter, embedded in the token so that a password change invalidates existing tokens.
 #### Returns
 `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
@@ -68,9 +92,9 @@ The new token and its expiry date.
 ***
-### verify()
+### verify() {#verify}
-> `static` **verify**(`vaultConnector`, `signingKeyName`, `token`): `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>
+> `static` **verify**(`vaultConnector`, `signingKeyName`, `token`, `requiredScopes?`, `verifyUser?`): `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>
 Verify the token.
@@ -90,9 +114,21 @@ The signing key name.
 ##### token
+`string` \| `undefined`
 The token to verify.
-`string` | `undefined`
+##### requiredScopes?
+`string`[]
+The required scopes.
+##### verifyUser?
+(`userIdentity`, `organizationIdentity`, `encryptedTenantId`, `passwordVersion`) => `Promise`\<`string`[]\>
+A function to verify the user identity and organization. The password version counter embedded in the token (pver claim) is passed so callers can detect if the password has changed since the token was issued.
 #### Returns
@@ -106,7 +142,7 @@ UnauthorizedError if the token is missing, invalid or expired.
 ***
-### extractTokenFromHeaders()
+### extractTokenFromHeaders() {#extracttokenfromheaders}
 > `static` **extractTokenFromHeaders**(`headers?`, `cookieName?`): \{ `token`: `string`; `location`: `"authorization"` \| `"cookie"`; \} \| `undefined`

package/docs/reference/functions/authenticationAdminCreateUser.md ADDED Viewed

@@ -0,0 +1,31 @@
+# Function: authenticationAdminCreateUser()
+> **authenticationAdminCreateUser**(`httpRequestContext`, `componentName`, `request`): `Promise`\<`ICreatedResponse`\>
+Create a new user.
+## Parameters
+### httpRequestContext
+`IHttpRequestContext`
+The request context for the API.
+### componentName
+`string`
+The name of the component to use in the routes.
+### request
+`IAdminUserCreateRequest`
+The request.
+## Returns
+`Promise`\<`ICreatedResponse`\>
+The response object with additional http response properties.