@twin.org/api-auth-entity-storage-service 0.0.3-next.9 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/es/entities/authenticationAuditEntry.js +101 -0
- package/dist/es/entities/authenticationAuditEntry.js.map +1 -0
- package/dist/es/entities/authenticationRateEntry.js +37 -0
- package/dist/es/entities/authenticationRateEntry.js.map +1 -0
- package/dist/es/entities/authenticationUser.js +17 -1
- package/dist/es/entities/authenticationUser.js.map +1 -1
- package/dist/es/index.js +11 -1
- package/dist/es/index.js.map +1 -1
- package/dist/es/models/IAuthHeaderProcessorConstructorOptions.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js +4 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js +2 -0
- package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js.map +1 -0
- package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js +0 -2
- package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js.map +1 -1
- package/dist/es/models/IEntityStorageAuthenticationServiceConstructorOptions.js.map +1 -1
- package/dist/es/processors/authHeaderProcessor.js +68 -11
- package/dist/es/processors/authHeaderProcessor.js.map +1 -1
- package/dist/es/restEntryPoints.js +17 -0
- package/dist/es/restEntryPoints.js.map +1 -1
- package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js +362 -0
- package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js.map +1 -0
- package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js +174 -0
- package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js.map +1 -0
- package/dist/es/routes/entityStorageAuthenticationRoutes.js +18 -19
- package/dist/es/routes/entityStorageAuthenticationRoutes.js.map +1 -1
- package/dist/es/schema.js +4 -0
- package/dist/es/schema.js.map +1 -1
- package/dist/es/services/entityStorageAuthenticationAdminService.js +164 -58
- package/dist/es/services/entityStorageAuthenticationAdminService.js.map +1 -1
- package/dist/es/services/entityStorageAuthenticationAuditService.js +179 -0
- package/dist/es/services/entityStorageAuthenticationAuditService.js.map +1 -0
- package/dist/es/services/entityStorageAuthenticationRateService.js +213 -0
- package/dist/es/services/entityStorageAuthenticationRateService.js.map +1 -0
- package/dist/es/services/entityStorageAuthenticationService.js +200 -19
- package/dist/es/services/entityStorageAuthenticationService.js.map +1 -1
- package/dist/es/utils/passwordHelper.js +45 -16
- package/dist/es/utils/passwordHelper.js.map +1 -1
- package/dist/es/utils/tokenHelper.js +50 -10
- package/dist/es/utils/tokenHelper.js.map +1 -1
- package/dist/types/entities/authenticationAuditEntry.d.ts +49 -0
- package/dist/types/entities/authenticationRateEntry.d.ts +17 -0
- package/dist/types/entities/authenticationUser.d.ts +8 -0
- package/dist/types/index.d.ts +11 -1
- package/dist/types/models/IAuthHeaderProcessorConstructorOptions.d.ts +10 -0
- package/dist/types/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.d.ts +5 -0
- package/dist/types/models/IEntityStorageAuthenticationAuditServiceConfig.d.ts +9 -0
- package/dist/types/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.d.ts +15 -0
- package/dist/types/models/IEntityStorageAuthenticationRateServiceConfig.d.ts +10 -0
- package/dist/types/models/IEntityStorageAuthenticationRateServiceConstructorOptions.d.ts +25 -0
- package/dist/types/models/IEntityStorageAuthenticationServiceConfig.d.ts +22 -1
- package/dist/types/models/IEntityStorageAuthenticationServiceConstructorOptions.d.ts +13 -3
- package/dist/types/processors/authHeaderProcessor.d.ts +4 -2
- package/dist/types/restEntryPoints.d.ts +3 -0
- package/dist/types/routes/entityStorageAuthenticationAdminRoutes.d.ts +61 -0
- package/dist/types/routes/entityStorageAuthenticationAuditRoutes.d.ts +29 -0
- package/dist/types/services/entityStorageAuthenticationAdminService.d.ts +26 -9
- package/dist/types/services/entityStorageAuthenticationAuditService.d.ts +53 -0
- package/dist/types/services/entityStorageAuthenticationRateService.d.ts +60 -0
- package/dist/types/services/entityStorageAuthenticationService.d.ts +10 -5
- package/dist/types/utils/passwordHelper.d.ts +13 -5
- package/dist/types/utils/tokenHelper.d.ts +10 -4
- package/docs/changelog.md +855 -85
- package/docs/examples.md +178 -1
- package/docs/reference/classes/AuthHeaderProcessor.md +15 -11
- package/docs/reference/classes/AuthenticationAuditEntry.md +101 -0
- package/docs/reference/classes/AuthenticationRateEntry.md +37 -0
- package/docs/reference/classes/AuthenticationUser.md +21 -5
- package/docs/reference/classes/EntityStorageAuthenticationAdminService.md +80 -20
- package/docs/reference/classes/EntityStorageAuthenticationAuditService.md +157 -0
- package/docs/reference/classes/EntityStorageAuthenticationRateService.md +227 -0
- package/docs/reference/classes/EntityStorageAuthenticationService.md +37 -17
- package/docs/reference/classes/PasswordHelper.md +37 -12
- package/docs/reference/classes/TokenHelper.md +49 -13
- package/docs/reference/functions/authenticationAdminCreateUser.md +31 -0
- package/docs/reference/functions/authenticationAdminGetUser.md +31 -0
- package/docs/reference/functions/authenticationAdminGetUserByIdentity.md +31 -0
- package/docs/reference/functions/authenticationAdminRemoveUser.md +31 -0
- package/docs/reference/functions/authenticationAdminUpdateUser.md +31 -0
- package/docs/reference/functions/authenticationAdminUpdateUserPassword.md +31 -0
- package/docs/reference/functions/authenticationAuditCreate.md +31 -0
- package/docs/reference/functions/authenticationAuditQuery.md +31 -0
- package/docs/reference/functions/generateRestRoutesAuthenticationAdmin.md +25 -0
- package/docs/reference/functions/generateRestRoutesAuthenticationAudit.md +25 -0
- package/docs/reference/index.md +20 -0
- package/docs/reference/interfaces/IAuthHeaderProcessorConfig.md +4 -4
- package/docs/reference/interfaces/IAuthHeaderProcessorConstructorOptions.md +32 -4
- package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConfig.md +2 -2
- package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConstructorOptions.md +18 -4
- package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConfig.md +11 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConstructorOptions.md +25 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConfig.md +17 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConstructorOptions.md +53 -0
- package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConfig.md +61 -5
- package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md +38 -10
- package/docs/reference/variables/restEntryPoints.md +2 -0
- package/docs/reference/variables/tagsAuthenticationAdmin.md +5 -0
- package/docs/reference/variables/tagsAuthenticationAudit.md +5 -0
- package/locales/en.json +23 -6
- package/package.json +17 -16
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
# Class: EntityStorageAuthenticationAuditService
|
|
2
|
+
|
|
3
|
+
Implementation of the authentication audit component using entity storage.
|
|
4
|
+
|
|
5
|
+
## Implements
|
|
6
|
+
|
|
7
|
+
- `IAuthenticationAuditComponent`
|
|
8
|
+
|
|
9
|
+
## Constructors
|
|
10
|
+
|
|
11
|
+
### Constructor
|
|
12
|
+
|
|
13
|
+
> **new EntityStorageAuthenticationAuditService**(`options?`): `EntityStorageAuthenticationAuditService`
|
|
14
|
+
|
|
15
|
+
Create a new instance of EntityStorageAuthenticationAuditService.
|
|
16
|
+
|
|
17
|
+
#### Parameters
|
|
18
|
+
|
|
19
|
+
##### options?
|
|
20
|
+
|
|
21
|
+
[`IEntityStorageAuthenticationAuditServiceConstructorOptions`](../interfaces/IEntityStorageAuthenticationAuditServiceConstructorOptions.md)
|
|
22
|
+
|
|
23
|
+
The dependencies for the identity connector.
|
|
24
|
+
|
|
25
|
+
#### Returns
|
|
26
|
+
|
|
27
|
+
`EntityStorageAuthenticationAuditService`
|
|
28
|
+
|
|
29
|
+
## Properties
|
|
30
|
+
|
|
31
|
+
### CLASS\_NAME {#class_name}
|
|
32
|
+
|
|
33
|
+
> `readonly` `static` **CLASS\_NAME**: `string`
|
|
34
|
+
|
|
35
|
+
Runtime name for the class.
|
|
36
|
+
|
|
37
|
+
## Methods
|
|
38
|
+
|
|
39
|
+
### className() {#classname}
|
|
40
|
+
|
|
41
|
+
> **className**(): `string`
|
|
42
|
+
|
|
43
|
+
Returns the class name of the component.
|
|
44
|
+
|
|
45
|
+
#### Returns
|
|
46
|
+
|
|
47
|
+
`string`
|
|
48
|
+
|
|
49
|
+
The class name of the component.
|
|
50
|
+
|
|
51
|
+
#### Implementation of
|
|
52
|
+
|
|
53
|
+
`IAuthenticationAuditComponent.className`
|
|
54
|
+
|
|
55
|
+
***
|
|
56
|
+
|
|
57
|
+
### create() {#create}
|
|
58
|
+
|
|
59
|
+
> **create**(`entry`): `Promise`\<`string`\>
|
|
60
|
+
|
|
61
|
+
Create a new audit entry.
|
|
62
|
+
|
|
63
|
+
#### Parameters
|
|
64
|
+
|
|
65
|
+
##### entry
|
|
66
|
+
|
|
67
|
+
`Omit`\<`IAuthenticationAuditEntry`, `"id"` \| `"dateCreated"`\>
|
|
68
|
+
|
|
69
|
+
The audit entry to be logged.
|
|
70
|
+
|
|
71
|
+
#### Returns
|
|
72
|
+
|
|
73
|
+
`Promise`\<`string`\>
|
|
74
|
+
|
|
75
|
+
The unique identifier of the created audit entry.
|
|
76
|
+
|
|
77
|
+
#### Implementation of
|
|
78
|
+
|
|
79
|
+
`IAuthenticationAuditComponent.create`
|
|
80
|
+
|
|
81
|
+
***
|
|
82
|
+
|
|
83
|
+
### query() {#query}
|
|
84
|
+
|
|
85
|
+
> **query**(`options?`, `cursor?`, `limit?`): `Promise`\<\{ `entries`: `IAuthenticationAuditEntry`[]; `cursor?`: `string`; \}\>
|
|
86
|
+
|
|
87
|
+
Query the audit entries.
|
|
88
|
+
|
|
89
|
+
#### Parameters
|
|
90
|
+
|
|
91
|
+
##### options?
|
|
92
|
+
|
|
93
|
+
The query options.
|
|
94
|
+
|
|
95
|
+
###### actorId?
|
|
96
|
+
|
|
97
|
+
`string`
|
|
98
|
+
|
|
99
|
+
The actor identifier to filter the audit entries, optional.
|
|
100
|
+
|
|
101
|
+
###### organizationId?
|
|
102
|
+
|
|
103
|
+
`string`
|
|
104
|
+
|
|
105
|
+
The organization identifier to filter the audit entries, optional.
|
|
106
|
+
|
|
107
|
+
###### tenantId?
|
|
108
|
+
|
|
109
|
+
`string`
|
|
110
|
+
|
|
111
|
+
The tenant identifier to filter the audit entries, optional.
|
|
112
|
+
|
|
113
|
+
###### nodeId?
|
|
114
|
+
|
|
115
|
+
`string`
|
|
116
|
+
|
|
117
|
+
The node identifier to filter the audit entries, optional.
|
|
118
|
+
|
|
119
|
+
###### event?
|
|
120
|
+
|
|
121
|
+
`string`
|
|
122
|
+
|
|
123
|
+
The audit event to filter the audit entries, optional.
|
|
124
|
+
|
|
125
|
+
###### startDate?
|
|
126
|
+
|
|
127
|
+
`string`
|
|
128
|
+
|
|
129
|
+
The start date to filter the audit entries, optional.
|
|
130
|
+
|
|
131
|
+
###### endDate?
|
|
132
|
+
|
|
133
|
+
`string`
|
|
134
|
+
|
|
135
|
+
The end date to filter the audit entries, optional.
|
|
136
|
+
|
|
137
|
+
##### cursor?
|
|
138
|
+
|
|
139
|
+
`string`
|
|
140
|
+
|
|
141
|
+
The cursor for pagination.
|
|
142
|
+
|
|
143
|
+
##### limit?
|
|
144
|
+
|
|
145
|
+
`number`
|
|
146
|
+
|
|
147
|
+
The maximum number of entries to return.
|
|
148
|
+
|
|
149
|
+
#### Returns
|
|
150
|
+
|
|
151
|
+
`Promise`\<\{ `entries`: `IAuthenticationAuditEntry`[]; `cursor?`: `string`; \}\>
|
|
152
|
+
|
|
153
|
+
The audit entries.
|
|
154
|
+
|
|
155
|
+
#### Implementation of
|
|
156
|
+
|
|
157
|
+
`IAuthenticationAuditComponent.query`
|
|
@@ -0,0 +1,227 @@
|
|
|
1
|
+
# Class: EntityStorageAuthenticationRateService
|
|
2
|
+
|
|
3
|
+
Implementation of the authentication rate component using entity storage.
|
|
4
|
+
|
|
5
|
+
## Implements
|
|
6
|
+
|
|
7
|
+
- `IAuthenticationRateComponent`
|
|
8
|
+
|
|
9
|
+
## Constructors
|
|
10
|
+
|
|
11
|
+
### Constructor
|
|
12
|
+
|
|
13
|
+
> **new EntityStorageAuthenticationRateService**(`options?`): `EntityStorageAuthenticationRateService`
|
|
14
|
+
|
|
15
|
+
Create a new instance of EntityStorageAuthenticationRateService.
|
|
16
|
+
|
|
17
|
+
#### Parameters
|
|
18
|
+
|
|
19
|
+
##### options?
|
|
20
|
+
|
|
21
|
+
[`IEntityStorageAuthenticationRateServiceConstructorOptions`](../interfaces/IEntityStorageAuthenticationRateServiceConstructorOptions.md)
|
|
22
|
+
|
|
23
|
+
The constructor options.
|
|
24
|
+
|
|
25
|
+
#### Returns
|
|
26
|
+
|
|
27
|
+
`EntityStorageAuthenticationRateService`
|
|
28
|
+
|
|
29
|
+
## Properties
|
|
30
|
+
|
|
31
|
+
### CLASS\_NAME {#class_name}
|
|
32
|
+
|
|
33
|
+
> `readonly` `static` **CLASS\_NAME**: `string`
|
|
34
|
+
|
|
35
|
+
Runtime name for the class.
|
|
36
|
+
|
|
37
|
+
## Methods
|
|
38
|
+
|
|
39
|
+
### registerAction() {#registeraction}
|
|
40
|
+
|
|
41
|
+
> **registerAction**(`action`, `config`): `Promise`\<`void`\>
|
|
42
|
+
|
|
43
|
+
Register or update rate-limit configuration for an action.
|
|
44
|
+
|
|
45
|
+
#### Parameters
|
|
46
|
+
|
|
47
|
+
##### action
|
|
48
|
+
|
|
49
|
+
`string`
|
|
50
|
+
|
|
51
|
+
The action name.
|
|
52
|
+
|
|
53
|
+
##### config
|
|
54
|
+
|
|
55
|
+
`IAuthenticationRateActionConfig`
|
|
56
|
+
|
|
57
|
+
The action configuration.
|
|
58
|
+
|
|
59
|
+
#### Returns
|
|
60
|
+
|
|
61
|
+
`Promise`\<`void`\>
|
|
62
|
+
|
|
63
|
+
A promise that resolves when the action configuration has been stored.
|
|
64
|
+
|
|
65
|
+
#### Implementation of
|
|
66
|
+
|
|
67
|
+
`IAuthenticationRateComponent.registerAction`
|
|
68
|
+
|
|
69
|
+
***
|
|
70
|
+
|
|
71
|
+
### unregisterAction() {#unregisteraction}
|
|
72
|
+
|
|
73
|
+
> **unregisterAction**(`action`): `Promise`\<`void`\>
|
|
74
|
+
|
|
75
|
+
Unregister rate-limit configuration for an action.
|
|
76
|
+
|
|
77
|
+
#### Parameters
|
|
78
|
+
|
|
79
|
+
##### action
|
|
80
|
+
|
|
81
|
+
`string`
|
|
82
|
+
|
|
83
|
+
The action name.
|
|
84
|
+
|
|
85
|
+
#### Returns
|
|
86
|
+
|
|
87
|
+
`Promise`\<`void`\>
|
|
88
|
+
|
|
89
|
+
A promise that resolves when the action configuration has been removed.
|
|
90
|
+
|
|
91
|
+
#### Implementation of
|
|
92
|
+
|
|
93
|
+
`IAuthenticationRateComponent.unregisterAction`
|
|
94
|
+
|
|
95
|
+
***
|
|
96
|
+
|
|
97
|
+
### className() {#classname}
|
|
98
|
+
|
|
99
|
+
> **className**(): `string`
|
|
100
|
+
|
|
101
|
+
Returns the class name of the component.
|
|
102
|
+
|
|
103
|
+
#### Returns
|
|
104
|
+
|
|
105
|
+
`string`
|
|
106
|
+
|
|
107
|
+
The class name of the component.
|
|
108
|
+
|
|
109
|
+
#### Implementation of
|
|
110
|
+
|
|
111
|
+
`IAuthenticationRateComponent.className`
|
|
112
|
+
|
|
113
|
+
***
|
|
114
|
+
|
|
115
|
+
### start() {#start}
|
|
116
|
+
|
|
117
|
+
> **start**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
|
|
118
|
+
|
|
119
|
+
The service needs to be started when the application is initialized.
|
|
120
|
+
|
|
121
|
+
#### Parameters
|
|
122
|
+
|
|
123
|
+
##### nodeLoggingComponentType?
|
|
124
|
+
|
|
125
|
+
`string`
|
|
126
|
+
|
|
127
|
+
The node logging component type.
|
|
128
|
+
|
|
129
|
+
#### Returns
|
|
130
|
+
|
|
131
|
+
`Promise`\<`void`\>
|
|
132
|
+
|
|
133
|
+
A promise that resolves when the periodic cleanup task has been registered.
|
|
134
|
+
|
|
135
|
+
#### Implementation of
|
|
136
|
+
|
|
137
|
+
`IAuthenticationRateComponent.start`
|
|
138
|
+
|
|
139
|
+
***
|
|
140
|
+
|
|
141
|
+
### stop() {#stop}
|
|
142
|
+
|
|
143
|
+
> **stop**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
|
|
144
|
+
|
|
145
|
+
The component needs to be stopped when the node is closed.
|
|
146
|
+
|
|
147
|
+
#### Parameters
|
|
148
|
+
|
|
149
|
+
##### nodeLoggingComponentType?
|
|
150
|
+
|
|
151
|
+
`string`
|
|
152
|
+
|
|
153
|
+
The node logging component type.
|
|
154
|
+
|
|
155
|
+
#### Returns
|
|
156
|
+
|
|
157
|
+
`Promise`\<`void`\>
|
|
158
|
+
|
|
159
|
+
A promise that resolves when the periodic cleanup task has been removed.
|
|
160
|
+
|
|
161
|
+
#### Implementation of
|
|
162
|
+
|
|
163
|
+
`IAuthenticationRateComponent.stop`
|
|
164
|
+
|
|
165
|
+
***
|
|
166
|
+
|
|
167
|
+
### check() {#check}
|
|
168
|
+
|
|
169
|
+
> **check**(`action`, `identifier`): `Promise`\<`string`\>
|
|
170
|
+
|
|
171
|
+
Check the authentication rate for a given action and identifier.
|
|
172
|
+
|
|
173
|
+
#### Parameters
|
|
174
|
+
|
|
175
|
+
##### action
|
|
176
|
+
|
|
177
|
+
`string`
|
|
178
|
+
|
|
179
|
+
The action to be checked.
|
|
180
|
+
|
|
181
|
+
##### identifier
|
|
182
|
+
|
|
183
|
+
`string`
|
|
184
|
+
|
|
185
|
+
The identifier to be checked.
|
|
186
|
+
|
|
187
|
+
#### Returns
|
|
188
|
+
|
|
189
|
+
`Promise`\<`string`\>
|
|
190
|
+
|
|
191
|
+
The rate entry id.
|
|
192
|
+
|
|
193
|
+
#### Implementation of
|
|
194
|
+
|
|
195
|
+
`IAuthenticationRateComponent.check`
|
|
196
|
+
|
|
197
|
+
***
|
|
198
|
+
|
|
199
|
+
### clear() {#clear}
|
|
200
|
+
|
|
201
|
+
> **clear**(`action`, `identifier`): `Promise`\<`void`\>
|
|
202
|
+
|
|
203
|
+
Clear the authentication rate entry for the given action and identifier.
|
|
204
|
+
|
|
205
|
+
#### Parameters
|
|
206
|
+
|
|
207
|
+
##### action
|
|
208
|
+
|
|
209
|
+
`string`
|
|
210
|
+
|
|
211
|
+
The action to clear.
|
|
212
|
+
|
|
213
|
+
##### identifier
|
|
214
|
+
|
|
215
|
+
`string`
|
|
216
|
+
|
|
217
|
+
The identifier to clear.
|
|
218
|
+
|
|
219
|
+
#### Returns
|
|
220
|
+
|
|
221
|
+
`Promise`\<`void`\>
|
|
222
|
+
|
|
223
|
+
A promise that resolves when the rate entry has been removed.
|
|
224
|
+
|
|
225
|
+
#### Implementation of
|
|
226
|
+
|
|
227
|
+
`IAuthenticationRateComponent.clear`
|
|
@@ -28,7 +28,7 @@ The dependencies for the identity connector.
|
|
|
28
28
|
|
|
29
29
|
## Properties
|
|
30
30
|
|
|
31
|
-
### CLASS\_NAME
|
|
31
|
+
### CLASS\_NAME {#class_name}
|
|
32
32
|
|
|
33
33
|
> `readonly` `static` **CLASS\_NAME**: `string`
|
|
34
34
|
|
|
@@ -36,7 +36,7 @@ Runtime name for the class.
|
|
|
36
36
|
|
|
37
37
|
## Methods
|
|
38
38
|
|
|
39
|
-
### className()
|
|
39
|
+
### className() {#classname}
|
|
40
40
|
|
|
41
41
|
> **className**(): `string`
|
|
42
42
|
|
|
@@ -54,7 +54,7 @@ The class name of the component.
|
|
|
54
54
|
|
|
55
55
|
***
|
|
56
56
|
|
|
57
|
-
### start()
|
|
57
|
+
### start() {#start}
|
|
58
58
|
|
|
59
59
|
> **start**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
|
|
60
60
|
|
|
@@ -72,7 +72,7 @@ The node logging component type.
|
|
|
72
72
|
|
|
73
73
|
`Promise`\<`void`\>
|
|
74
74
|
|
|
75
|
-
|
|
75
|
+
A promise that resolves when rate-limit actions have been registered and the node identity cached.
|
|
76
76
|
|
|
77
77
|
#### Implementation of
|
|
78
78
|
|
|
@@ -80,7 +80,33 @@ Nothing.
|
|
|
80
80
|
|
|
81
81
|
***
|
|
82
82
|
|
|
83
|
-
###
|
|
83
|
+
### stop() {#stop}
|
|
84
|
+
|
|
85
|
+
> **stop**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
|
|
86
|
+
|
|
87
|
+
The component needs to be stopped when the node is closed.
|
|
88
|
+
|
|
89
|
+
#### Parameters
|
|
90
|
+
|
|
91
|
+
##### nodeLoggingComponentType?
|
|
92
|
+
|
|
93
|
+
`string`
|
|
94
|
+
|
|
95
|
+
The node logging component type.
|
|
96
|
+
|
|
97
|
+
#### Returns
|
|
98
|
+
|
|
99
|
+
`Promise`\<`void`\>
|
|
100
|
+
|
|
101
|
+
A promise that resolves when all rate-limit actions have been unregistered.
|
|
102
|
+
|
|
103
|
+
#### Implementation of
|
|
104
|
+
|
|
105
|
+
`IAuthenticationComponent.stop`
|
|
106
|
+
|
|
107
|
+
***
|
|
108
|
+
|
|
109
|
+
### login() {#login}
|
|
84
110
|
|
|
85
111
|
> **login**(`email`, `password`): `Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
|
|
86
112
|
|
|
@@ -112,7 +138,7 @@ The authentication token for the user, if it uses a mechanism with public access
|
|
|
112
138
|
|
|
113
139
|
***
|
|
114
140
|
|
|
115
|
-
### logout()
|
|
141
|
+
### logout() {#logout}
|
|
116
142
|
|
|
117
143
|
> **logout**(`token?`): `Promise`\<`void`\>
|
|
118
144
|
|
|
@@ -130,7 +156,7 @@ The token to logout, if it uses a mechanism with public access.
|
|
|
130
156
|
|
|
131
157
|
`Promise`\<`void`\>
|
|
132
158
|
|
|
133
|
-
|
|
159
|
+
A promise that resolves when the logout audit entry has been recorded.
|
|
134
160
|
|
|
135
161
|
#### Implementation of
|
|
136
162
|
|
|
@@ -138,7 +164,7 @@ Nothing.
|
|
|
138
164
|
|
|
139
165
|
***
|
|
140
166
|
|
|
141
|
-
### refresh()
|
|
167
|
+
### refresh() {#refresh}
|
|
142
168
|
|
|
143
169
|
> **refresh**(`token?`): `Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
|
|
144
170
|
|
|
@@ -164,20 +190,14 @@ The refreshed token, if it uses a mechanism with public access.
|
|
|
164
190
|
|
|
165
191
|
***
|
|
166
192
|
|
|
167
|
-
### updatePassword()
|
|
193
|
+
### updatePassword() {#updatepassword}
|
|
168
194
|
|
|
169
|
-
> **updatePassword**(`
|
|
195
|
+
> **updatePassword**(`currentPassword`, `newPassword`): `Promise`\<`void`\>
|
|
170
196
|
|
|
171
197
|
Update the user's password.
|
|
172
198
|
|
|
173
199
|
#### Parameters
|
|
174
200
|
|
|
175
|
-
##### email
|
|
176
|
-
|
|
177
|
-
`string`
|
|
178
|
-
|
|
179
|
-
The email address of the user to update.
|
|
180
|
-
|
|
181
201
|
##### currentPassword
|
|
182
202
|
|
|
183
203
|
`string`
|
|
@@ -194,7 +214,7 @@ The new password for the user.
|
|
|
194
214
|
|
|
195
215
|
`Promise`\<`void`\>
|
|
196
216
|
|
|
197
|
-
|
|
217
|
+
A promise that resolves when the password has been updated and the rate limit cleared.
|
|
198
218
|
|
|
199
219
|
#### Implementation of
|
|
200
220
|
|
|
@@ -14,7 +14,7 @@ Helper class for password operations.
|
|
|
14
14
|
|
|
15
15
|
## Properties
|
|
16
16
|
|
|
17
|
-
### CLASS\_NAME
|
|
17
|
+
### CLASS\_NAME {#class_name}
|
|
18
18
|
|
|
19
19
|
> `readonly` `static` **CLASS\_NAME**: `string`
|
|
20
20
|
|
|
@@ -22,28 +22,53 @@ Runtime name for the class.
|
|
|
22
22
|
|
|
23
23
|
## Methods
|
|
24
24
|
|
|
25
|
-
###
|
|
25
|
+
### updatePassword() {#updatepassword}
|
|
26
26
|
|
|
27
|
-
> `static` **
|
|
27
|
+
> `static` **updatePassword**(`userEntityStorage`, `authenticationAuditService`, `user`, `newPassword`, `currentPassword?`, `minPasswordLength?`): `Promise`\<`void`\>
|
|
28
28
|
|
|
29
|
-
|
|
29
|
+
Update the password for a user.
|
|
30
|
+
Validates password strength, verifies the current password if provided, then hashes and stores the new password and raises an audit event.
|
|
30
31
|
|
|
31
32
|
#### Parameters
|
|
32
33
|
|
|
33
|
-
#####
|
|
34
|
+
##### userEntityStorage
|
|
34
35
|
|
|
35
|
-
`
|
|
36
|
+
`IEntityStorageConnector`\<[`AuthenticationUser`](AuthenticationUser.md)\>
|
|
36
37
|
|
|
37
|
-
The
|
|
38
|
+
The entity storage for users.
|
|
38
39
|
|
|
39
|
-
#####
|
|
40
|
+
##### authenticationAuditService
|
|
40
41
|
|
|
41
|
-
`
|
|
42
|
+
`IAuthenticationAuditComponent` \| `undefined`
|
|
42
43
|
|
|
43
|
-
The
|
|
44
|
+
The optional audit service.
|
|
45
|
+
|
|
46
|
+
##### user
|
|
47
|
+
|
|
48
|
+
[`AuthenticationUser`](AuthenticationUser.md)
|
|
49
|
+
|
|
50
|
+
The user whose password is being updated.
|
|
51
|
+
|
|
52
|
+
##### newPassword
|
|
53
|
+
|
|
54
|
+
`string`
|
|
55
|
+
|
|
56
|
+
The new password to set.
|
|
57
|
+
|
|
58
|
+
##### currentPassword?
|
|
59
|
+
|
|
60
|
+
`string`
|
|
61
|
+
|
|
62
|
+
The current password to verify against, if supplied.
|
|
63
|
+
|
|
64
|
+
##### minPasswordLength?
|
|
65
|
+
|
|
66
|
+
`number`
|
|
67
|
+
|
|
68
|
+
Optional minimum password length for validation.
|
|
44
69
|
|
|
45
70
|
#### Returns
|
|
46
71
|
|
|
47
|
-
`Promise`\<`
|
|
72
|
+
`Promise`\<`void`\>
|
|
48
73
|
|
|
49
|
-
|
|
74
|
+
A promise that resolves when the new password has been stored and the audit entry recorded.
|
|
@@ -14,7 +14,7 @@ Helper class for token operations.
|
|
|
14
14
|
|
|
15
15
|
## Properties
|
|
16
16
|
|
|
17
|
-
### CLASS\_NAME
|
|
17
|
+
### CLASS\_NAME {#class_name}
|
|
18
18
|
|
|
19
19
|
> `readonly` `static` **CLASS\_NAME**: `string`
|
|
20
20
|
|
|
@@ -22,9 +22,9 @@ Runtime name for the class.
|
|
|
22
22
|
|
|
23
23
|
## Methods
|
|
24
24
|
|
|
25
|
-
### createToken()
|
|
25
|
+
### createToken() {#createtoken}
|
|
26
26
|
|
|
27
|
-
> `static` **createToken**(`vaultConnector`, `signingKeyName`, `userIdentity`, `organizationIdentity`, `tenantId`, `ttlMinutes`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
|
|
27
|
+
> `static` **createToken**(`vaultConnector`, `nodeId`, `signingKeyName`, `userIdentity`, `organizationIdentity`, `tenantId`, `ttlMinutes`, `scope?`, `passwordVersion?`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
|
|
28
28
|
|
|
29
29
|
Create a new token.
|
|
30
30
|
|
|
@@ -36,11 +36,17 @@ Create a new token.
|
|
|
36
36
|
|
|
37
37
|
The vault connector.
|
|
38
38
|
|
|
39
|
+
##### nodeId
|
|
40
|
+
|
|
41
|
+
`string`
|
|
42
|
+
|
|
43
|
+
The node identifier, embedded as the JWT issuer claim.
|
|
44
|
+
|
|
39
45
|
##### signingKeyName
|
|
40
46
|
|
|
41
47
|
`string`
|
|
42
48
|
|
|
43
|
-
The signing key name.
|
|
49
|
+
The signing key name, embedded as the JWT key identifier.
|
|
44
50
|
|
|
45
51
|
##### userIdentity
|
|
46
52
|
|
|
@@ -50,15 +56,15 @@ The subject for the token.
|
|
|
50
56
|
|
|
51
57
|
##### organizationIdentity
|
|
52
58
|
|
|
53
|
-
|
|
59
|
+
`string` \| `undefined`
|
|
54
60
|
|
|
55
|
-
|
|
61
|
+
The organization for the token.
|
|
56
62
|
|
|
57
63
|
##### tenantId
|
|
58
64
|
|
|
59
|
-
|
|
65
|
+
`string` \| `undefined`
|
|
60
66
|
|
|
61
|
-
|
|
67
|
+
The tenant id for the token.
|
|
62
68
|
|
|
63
69
|
##### ttlMinutes
|
|
64
70
|
|
|
@@ -66,6 +72,18 @@ The tenant id for the token.
|
|
|
66
72
|
|
|
67
73
|
The time to live for the token in minutes.
|
|
68
74
|
|
|
75
|
+
##### scope?
|
|
76
|
+
|
|
77
|
+
`string`
|
|
78
|
+
|
|
79
|
+
The scopes for the token.
|
|
80
|
+
|
|
81
|
+
##### passwordVersion?
|
|
82
|
+
|
|
83
|
+
`number`
|
|
84
|
+
|
|
85
|
+
The user's current password version counter, embedded in the token so that a password change invalidates existing tokens.
|
|
86
|
+
|
|
69
87
|
#### Returns
|
|
70
88
|
|
|
71
89
|
`Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
|
|
@@ -74,9 +92,9 @@ The new token and its expiry date.
|
|
|
74
92
|
|
|
75
93
|
***
|
|
76
94
|
|
|
77
|
-
### verify()
|
|
95
|
+
### verify() {#verify}
|
|
78
96
|
|
|
79
|
-
> `static` **verify**(`vaultConnector`, `signingKeyName`, `token`): `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>
|
|
97
|
+
> `static` **verify**(`vaultConnector`, `nodeId`, `signingKeyName`, `token`, `requiredScopes?`, `verifyUser?`): `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>
|
|
80
98
|
|
|
81
99
|
Verify the token.
|
|
82
100
|
|
|
@@ -88,17 +106,35 @@ Verify the token.
|
|
|
88
106
|
|
|
89
107
|
The vault connector.
|
|
90
108
|
|
|
109
|
+
##### nodeId
|
|
110
|
+
|
|
111
|
+
`string`
|
|
112
|
+
|
|
113
|
+
The node identifier, expected to match the JWT issuer claim.
|
|
114
|
+
|
|
91
115
|
##### signingKeyName
|
|
92
116
|
|
|
93
117
|
`string`
|
|
94
118
|
|
|
95
|
-
The signing key name.
|
|
119
|
+
The signing key name, expected to match the JWT key identifier.
|
|
96
120
|
|
|
97
121
|
##### token
|
|
98
122
|
|
|
123
|
+
`string` \| `undefined`
|
|
124
|
+
|
|
99
125
|
The token to verify.
|
|
100
126
|
|
|
101
|
-
|
|
127
|
+
##### requiredScopes?
|
|
128
|
+
|
|
129
|
+
`string`[]
|
|
130
|
+
|
|
131
|
+
The required scopes.
|
|
132
|
+
|
|
133
|
+
##### verifyUser?
|
|
134
|
+
|
|
135
|
+
(`sub`, `org`, `tid`, `passwordVersion`) => `Promise`\<`string`[]\>
|
|
136
|
+
|
|
137
|
+
A function to verify the user identity and organization. The password version counter embedded in the token (pver claim) is passed so callers can detect if the password has changed since the token was issued.
|
|
102
138
|
|
|
103
139
|
#### Returns
|
|
104
140
|
|
|
@@ -112,7 +148,7 @@ UnauthorizedError if the token is missing, invalid or expired.
|
|
|
112
148
|
|
|
113
149
|
***
|
|
114
150
|
|
|
115
|
-
### extractTokenFromHeaders()
|
|
151
|
+
### extractTokenFromHeaders() {#extracttokenfromheaders}
|
|
116
152
|
|
|
117
153
|
> `static` **extractTokenFromHeaders**(`headers?`, `cookieName?`): \{ `token`: `string`; `location`: `"authorization"` \| `"cookie"`; \} \| `undefined`
|
|
118
154
|
|