@twin.org/api-auth-entity-storage-service 0.0.3-next.9 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (106) hide show
  1. package/README.md +2 -2
  2. package/dist/es/entities/authenticationAuditEntry.js +101 -0
  3. package/dist/es/entities/authenticationAuditEntry.js.map +1 -0
  4. package/dist/es/entities/authenticationRateEntry.js +37 -0
  5. package/dist/es/entities/authenticationRateEntry.js.map +1 -0
  6. package/dist/es/entities/authenticationUser.js +17 -1
  7. package/dist/es/entities/authenticationUser.js.map +1 -1
  8. package/dist/es/index.js +11 -1
  9. package/dist/es/index.js.map +1 -1
  10. package/dist/es/models/IAuthHeaderProcessorConstructorOptions.js.map +1 -1
  11. package/dist/es/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.js.map +1 -1
  12. package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js +4 -0
  13. package/dist/es/models/IEntityStorageAuthenticationAuditServiceConfig.js.map +1 -0
  14. package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js +2 -0
  15. package/dist/es/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.js.map +1 -0
  16. package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js +2 -0
  17. package/dist/es/models/IEntityStorageAuthenticationRateServiceConfig.js.map +1 -0
  18. package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js +2 -0
  19. package/dist/es/models/IEntityStorageAuthenticationRateServiceConstructorOptions.js.map +1 -0
  20. package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js +0 -2
  21. package/dist/es/models/IEntityStorageAuthenticationServiceConfig.js.map +1 -1
  22. package/dist/es/models/IEntityStorageAuthenticationServiceConstructorOptions.js.map +1 -1
  23. package/dist/es/processors/authHeaderProcessor.js +68 -11
  24. package/dist/es/processors/authHeaderProcessor.js.map +1 -1
  25. package/dist/es/restEntryPoints.js +17 -0
  26. package/dist/es/restEntryPoints.js.map +1 -1
  27. package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js +362 -0
  28. package/dist/es/routes/entityStorageAuthenticationAdminRoutes.js.map +1 -0
  29. package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js +174 -0
  30. package/dist/es/routes/entityStorageAuthenticationAuditRoutes.js.map +1 -0
  31. package/dist/es/routes/entityStorageAuthenticationRoutes.js +18 -19
  32. package/dist/es/routes/entityStorageAuthenticationRoutes.js.map +1 -1
  33. package/dist/es/schema.js +4 -0
  34. package/dist/es/schema.js.map +1 -1
  35. package/dist/es/services/entityStorageAuthenticationAdminService.js +164 -58
  36. package/dist/es/services/entityStorageAuthenticationAdminService.js.map +1 -1
  37. package/dist/es/services/entityStorageAuthenticationAuditService.js +179 -0
  38. package/dist/es/services/entityStorageAuthenticationAuditService.js.map +1 -0
  39. package/dist/es/services/entityStorageAuthenticationRateService.js +213 -0
  40. package/dist/es/services/entityStorageAuthenticationRateService.js.map +1 -0
  41. package/dist/es/services/entityStorageAuthenticationService.js +200 -19
  42. package/dist/es/services/entityStorageAuthenticationService.js.map +1 -1
  43. package/dist/es/utils/passwordHelper.js +45 -16
  44. package/dist/es/utils/passwordHelper.js.map +1 -1
  45. package/dist/es/utils/tokenHelper.js +50 -10
  46. package/dist/es/utils/tokenHelper.js.map +1 -1
  47. package/dist/types/entities/authenticationAuditEntry.d.ts +49 -0
  48. package/dist/types/entities/authenticationRateEntry.d.ts +17 -0
  49. package/dist/types/entities/authenticationUser.d.ts +8 -0
  50. package/dist/types/index.d.ts +11 -1
  51. package/dist/types/models/IAuthHeaderProcessorConstructorOptions.d.ts +10 -0
  52. package/dist/types/models/IEntityStorageAuthenticationAdminServiceConstructorOptions.d.ts +5 -0
  53. package/dist/types/models/IEntityStorageAuthenticationAuditServiceConfig.d.ts +9 -0
  54. package/dist/types/models/IEntityStorageAuthenticationAuditServiceConstructorOptions.d.ts +15 -0
  55. package/dist/types/models/IEntityStorageAuthenticationRateServiceConfig.d.ts +10 -0
  56. package/dist/types/models/IEntityStorageAuthenticationRateServiceConstructorOptions.d.ts +25 -0
  57. package/dist/types/models/IEntityStorageAuthenticationServiceConfig.d.ts +22 -1
  58. package/dist/types/models/IEntityStorageAuthenticationServiceConstructorOptions.d.ts +13 -3
  59. package/dist/types/processors/authHeaderProcessor.d.ts +4 -2
  60. package/dist/types/restEntryPoints.d.ts +3 -0
  61. package/dist/types/routes/entityStorageAuthenticationAdminRoutes.d.ts +61 -0
  62. package/dist/types/routes/entityStorageAuthenticationAuditRoutes.d.ts +29 -0
  63. package/dist/types/services/entityStorageAuthenticationAdminService.d.ts +26 -9
  64. package/dist/types/services/entityStorageAuthenticationAuditService.d.ts +53 -0
  65. package/dist/types/services/entityStorageAuthenticationRateService.d.ts +60 -0
  66. package/dist/types/services/entityStorageAuthenticationService.d.ts +10 -5
  67. package/dist/types/utils/passwordHelper.d.ts +13 -5
  68. package/dist/types/utils/tokenHelper.d.ts +10 -4
  69. package/docs/changelog.md +855 -85
  70. package/docs/examples.md +178 -1
  71. package/docs/reference/classes/AuthHeaderProcessor.md +15 -11
  72. package/docs/reference/classes/AuthenticationAuditEntry.md +101 -0
  73. package/docs/reference/classes/AuthenticationRateEntry.md +37 -0
  74. package/docs/reference/classes/AuthenticationUser.md +21 -5
  75. package/docs/reference/classes/EntityStorageAuthenticationAdminService.md +80 -20
  76. package/docs/reference/classes/EntityStorageAuthenticationAuditService.md +157 -0
  77. package/docs/reference/classes/EntityStorageAuthenticationRateService.md +227 -0
  78. package/docs/reference/classes/EntityStorageAuthenticationService.md +37 -17
  79. package/docs/reference/classes/PasswordHelper.md +37 -12
  80. package/docs/reference/classes/TokenHelper.md +49 -13
  81. package/docs/reference/functions/authenticationAdminCreateUser.md +31 -0
  82. package/docs/reference/functions/authenticationAdminGetUser.md +31 -0
  83. package/docs/reference/functions/authenticationAdminGetUserByIdentity.md +31 -0
  84. package/docs/reference/functions/authenticationAdminRemoveUser.md +31 -0
  85. package/docs/reference/functions/authenticationAdminUpdateUser.md +31 -0
  86. package/docs/reference/functions/authenticationAdminUpdateUserPassword.md +31 -0
  87. package/docs/reference/functions/authenticationAuditCreate.md +31 -0
  88. package/docs/reference/functions/authenticationAuditQuery.md +31 -0
  89. package/docs/reference/functions/generateRestRoutesAuthenticationAdmin.md +25 -0
  90. package/docs/reference/functions/generateRestRoutesAuthenticationAudit.md +25 -0
  91. package/docs/reference/index.md +20 -0
  92. package/docs/reference/interfaces/IAuthHeaderProcessorConfig.md +4 -4
  93. package/docs/reference/interfaces/IAuthHeaderProcessorConstructorOptions.md +32 -4
  94. package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConfig.md +2 -2
  95. package/docs/reference/interfaces/IEntityStorageAuthenticationAdminServiceConstructorOptions.md +18 -4
  96. package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConfig.md +11 -0
  97. package/docs/reference/interfaces/IEntityStorageAuthenticationAuditServiceConstructorOptions.md +25 -0
  98. package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConfig.md +17 -0
  99. package/docs/reference/interfaces/IEntityStorageAuthenticationRateServiceConstructorOptions.md +53 -0
  100. package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConfig.md +61 -5
  101. package/docs/reference/interfaces/IEntityStorageAuthenticationServiceConstructorOptions.md +38 -10
  102. package/docs/reference/variables/restEntryPoints.md +2 -0
  103. package/docs/reference/variables/tagsAuthenticationAdmin.md +5 -0
  104. package/docs/reference/variables/tagsAuthenticationAudit.md +5 -0
  105. package/locales/en.json +23 -6
  106. package/package.json +17 -16
@@ -0,0 +1,157 @@
1
+ # Class: EntityStorageAuthenticationAuditService
2
+
3
+ Implementation of the authentication audit component using entity storage.
4
+
5
+ ## Implements
6
+
7
+ - `IAuthenticationAuditComponent`
8
+
9
+ ## Constructors
10
+
11
+ ### Constructor
12
+
13
+ > **new EntityStorageAuthenticationAuditService**(`options?`): `EntityStorageAuthenticationAuditService`
14
+
15
+ Create a new instance of EntityStorageAuthenticationAuditService.
16
+
17
+ #### Parameters
18
+
19
+ ##### options?
20
+
21
+ [`IEntityStorageAuthenticationAuditServiceConstructorOptions`](../interfaces/IEntityStorageAuthenticationAuditServiceConstructorOptions.md)
22
+
23
+ The dependencies for the identity connector.
24
+
25
+ #### Returns
26
+
27
+ `EntityStorageAuthenticationAuditService`
28
+
29
+ ## Properties
30
+
31
+ ### CLASS\_NAME {#class_name}
32
+
33
+ > `readonly` `static` **CLASS\_NAME**: `string`
34
+
35
+ Runtime name for the class.
36
+
37
+ ## Methods
38
+
39
+ ### className() {#classname}
40
+
41
+ > **className**(): `string`
42
+
43
+ Returns the class name of the component.
44
+
45
+ #### Returns
46
+
47
+ `string`
48
+
49
+ The class name of the component.
50
+
51
+ #### Implementation of
52
+
53
+ `IAuthenticationAuditComponent.className`
54
+
55
+ ***
56
+
57
+ ### create() {#create}
58
+
59
+ > **create**(`entry`): `Promise`\<`string`\>
60
+
61
+ Create a new audit entry.
62
+
63
+ #### Parameters
64
+
65
+ ##### entry
66
+
67
+ `Omit`\<`IAuthenticationAuditEntry`, `"id"` \| `"dateCreated"`\>
68
+
69
+ The audit entry to be logged.
70
+
71
+ #### Returns
72
+
73
+ `Promise`\<`string`\>
74
+
75
+ The unique identifier of the created audit entry.
76
+
77
+ #### Implementation of
78
+
79
+ `IAuthenticationAuditComponent.create`
80
+
81
+ ***
82
+
83
+ ### query() {#query}
84
+
85
+ > **query**(`options?`, `cursor?`, `limit?`): `Promise`\<\{ `entries`: `IAuthenticationAuditEntry`[]; `cursor?`: `string`; \}\>
86
+
87
+ Query the audit entries.
88
+
89
+ #### Parameters
90
+
91
+ ##### options?
92
+
93
+ The query options.
94
+
95
+ ###### actorId?
96
+
97
+ `string`
98
+
99
+ The actor identifier to filter the audit entries, optional.
100
+
101
+ ###### organizationId?
102
+
103
+ `string`
104
+
105
+ The organization identifier to filter the audit entries, optional.
106
+
107
+ ###### tenantId?
108
+
109
+ `string`
110
+
111
+ The tenant identifier to filter the audit entries, optional.
112
+
113
+ ###### nodeId?
114
+
115
+ `string`
116
+
117
+ The node identifier to filter the audit entries, optional.
118
+
119
+ ###### event?
120
+
121
+ `string`
122
+
123
+ The audit event to filter the audit entries, optional.
124
+
125
+ ###### startDate?
126
+
127
+ `string`
128
+
129
+ The start date to filter the audit entries, optional.
130
+
131
+ ###### endDate?
132
+
133
+ `string`
134
+
135
+ The end date to filter the audit entries, optional.
136
+
137
+ ##### cursor?
138
+
139
+ `string`
140
+
141
+ The cursor for pagination.
142
+
143
+ ##### limit?
144
+
145
+ `number`
146
+
147
+ The maximum number of entries to return.
148
+
149
+ #### Returns
150
+
151
+ `Promise`\<\{ `entries`: `IAuthenticationAuditEntry`[]; `cursor?`: `string`; \}\>
152
+
153
+ The audit entries.
154
+
155
+ #### Implementation of
156
+
157
+ `IAuthenticationAuditComponent.query`
@@ -0,0 +1,227 @@
1
+ # Class: EntityStorageAuthenticationRateService
2
+
3
+ Implementation of the authentication rate component using entity storage.
4
+
5
+ ## Implements
6
+
7
+ - `IAuthenticationRateComponent`
8
+
9
+ ## Constructors
10
+
11
+ ### Constructor
12
+
13
+ > **new EntityStorageAuthenticationRateService**(`options?`): `EntityStorageAuthenticationRateService`
14
+
15
+ Create a new instance of EntityStorageAuthenticationRateService.
16
+
17
+ #### Parameters
18
+
19
+ ##### options?
20
+
21
+ [`IEntityStorageAuthenticationRateServiceConstructorOptions`](../interfaces/IEntityStorageAuthenticationRateServiceConstructorOptions.md)
22
+
23
+ The constructor options.
24
+
25
+ #### Returns
26
+
27
+ `EntityStorageAuthenticationRateService`
28
+
29
+ ## Properties
30
+
31
+ ### CLASS\_NAME {#class_name}
32
+
33
+ > `readonly` `static` **CLASS\_NAME**: `string`
34
+
35
+ Runtime name for the class.
36
+
37
+ ## Methods
38
+
39
+ ### registerAction() {#registeraction}
40
+
41
+ > **registerAction**(`action`, `config`): `Promise`\<`void`\>
42
+
43
+ Register or update rate-limit configuration for an action.
44
+
45
+ #### Parameters
46
+
47
+ ##### action
48
+
49
+ `string`
50
+
51
+ The action name.
52
+
53
+ ##### config
54
+
55
+ `IAuthenticationRateActionConfig`
56
+
57
+ The action configuration.
58
+
59
+ #### Returns
60
+
61
+ `Promise`\<`void`\>
62
+
63
+ A promise that resolves when the action configuration has been stored.
64
+
65
+ #### Implementation of
66
+
67
+ `IAuthenticationRateComponent.registerAction`
68
+
69
+ ***
70
+
71
+ ### unregisterAction() {#unregisteraction}
72
+
73
+ > **unregisterAction**(`action`): `Promise`\<`void`\>
74
+
75
+ Unregister rate-limit configuration for an action.
76
+
77
+ #### Parameters
78
+
79
+ ##### action
80
+
81
+ `string`
82
+
83
+ The action name.
84
+
85
+ #### Returns
86
+
87
+ `Promise`\<`void`\>
88
+
89
+ A promise that resolves when the action configuration has been removed.
90
+
91
+ #### Implementation of
92
+
93
+ `IAuthenticationRateComponent.unregisterAction`
94
+
95
+ ***
96
+
97
+ ### className() {#classname}
98
+
99
+ > **className**(): `string`
100
+
101
+ Returns the class name of the component.
102
+
103
+ #### Returns
104
+
105
+ `string`
106
+
107
+ The class name of the component.
108
+
109
+ #### Implementation of
110
+
111
+ `IAuthenticationRateComponent.className`
112
+
113
+ ***
114
+
115
+ ### start() {#start}
116
+
117
+ > **start**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
118
+
119
+ The service needs to be started when the application is initialized.
120
+
121
+ #### Parameters
122
+
123
+ ##### nodeLoggingComponentType?
124
+
125
+ `string`
126
+
127
+ The node logging component type.
128
+
129
+ #### Returns
130
+
131
+ `Promise`\<`void`\>
132
+
133
+ A promise that resolves when the periodic cleanup task has been registered.
134
+
135
+ #### Implementation of
136
+
137
+ `IAuthenticationRateComponent.start`
138
+
139
+ ***
140
+
141
+ ### stop() {#stop}
142
+
143
+ > **stop**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
144
+
145
+ The component needs to be stopped when the node is closed.
146
+
147
+ #### Parameters
148
+
149
+ ##### nodeLoggingComponentType?
150
+
151
+ `string`
152
+
153
+ The node logging component type.
154
+
155
+ #### Returns
156
+
157
+ `Promise`\<`void`\>
158
+
159
+ A promise that resolves when the periodic cleanup task has been removed.
160
+
161
+ #### Implementation of
162
+
163
+ `IAuthenticationRateComponent.stop`
164
+
165
+ ***
166
+
167
+ ### check() {#check}
168
+
169
+ > **check**(`action`, `identifier`): `Promise`\<`string`\>
170
+
171
+ Check the authentication rate for a given action and identifier.
172
+
173
+ #### Parameters
174
+
175
+ ##### action
176
+
177
+ `string`
178
+
179
+ The action to be checked.
180
+
181
+ ##### identifier
182
+
183
+ `string`
184
+
185
+ The identifier to be checked.
186
+
187
+ #### Returns
188
+
189
+ `Promise`\<`string`\>
190
+
191
+ The rate entry id.
192
+
193
+ #### Implementation of
194
+
195
+ `IAuthenticationRateComponent.check`
196
+
197
+ ***
198
+
199
+ ### clear() {#clear}
200
+
201
+ > **clear**(`action`, `identifier`): `Promise`\<`void`\>
202
+
203
+ Clear the authentication rate entry for the given action and identifier.
204
+
205
+ #### Parameters
206
+
207
+ ##### action
208
+
209
+ `string`
210
+
211
+ The action to clear.
212
+
213
+ ##### identifier
214
+
215
+ `string`
216
+
217
+ The identifier to clear.
218
+
219
+ #### Returns
220
+
221
+ `Promise`\<`void`\>
222
+
223
+ A promise that resolves when the rate entry has been removed.
224
+
225
+ #### Implementation of
226
+
227
+ `IAuthenticationRateComponent.clear`
@@ -28,7 +28,7 @@ The dependencies for the identity connector.
28
28
 
29
29
  ## Properties
30
30
 
31
- ### CLASS\_NAME
31
+ ### CLASS\_NAME {#class_name}
32
32
 
33
33
  > `readonly` `static` **CLASS\_NAME**: `string`
34
34
 
@@ -36,7 +36,7 @@ Runtime name for the class.
36
36
 
37
37
  ## Methods
38
38
 
39
- ### className()
39
+ ### className() {#classname}
40
40
 
41
41
  > **className**(): `string`
42
42
 
@@ -54,7 +54,7 @@ The class name of the component.
54
54
 
55
55
  ***
56
56
 
57
- ### start()
57
+ ### start() {#start}
58
58
 
59
59
  > **start**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
60
60
 
@@ -72,7 +72,7 @@ The node logging component type.
72
72
 
73
73
  `Promise`\<`void`\>
74
74
 
75
- Nothing.
75
+ A promise that resolves when rate-limit actions have been registered and the node identity cached.
76
76
 
77
77
  #### Implementation of
78
78
 
@@ -80,7 +80,33 @@ Nothing.
80
80
 
81
81
  ***
82
82
 
83
- ### login()
83
+ ### stop() {#stop}
84
+
85
+ > **stop**(`nodeLoggingComponentType?`): `Promise`\<`void`\>
86
+
87
+ The component needs to be stopped when the node is closed.
88
+
89
+ #### Parameters
90
+
91
+ ##### nodeLoggingComponentType?
92
+
93
+ `string`
94
+
95
+ The node logging component type.
96
+
97
+ #### Returns
98
+
99
+ `Promise`\<`void`\>
100
+
101
+ A promise that resolves when all rate-limit actions have been unregistered.
102
+
103
+ #### Implementation of
104
+
105
+ `IAuthenticationComponent.stop`
106
+
107
+ ***
108
+
109
+ ### login() {#login}
84
110
 
85
111
  > **login**(`email`, `password`): `Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
86
112
 
@@ -112,7 +138,7 @@ The authentication token for the user, if it uses a mechanism with public access
112
138
 
113
139
  ***
114
140
 
115
- ### logout()
141
+ ### logout() {#logout}
116
142
 
117
143
  > **logout**(`token?`): `Promise`\<`void`\>
118
144
 
@@ -130,7 +156,7 @@ The token to logout, if it uses a mechanism with public access.
130
156
 
131
157
  `Promise`\<`void`\>
132
158
 
133
- Nothing.
159
+ A promise that resolves when the logout audit entry has been recorded.
134
160
 
135
161
  #### Implementation of
136
162
 
@@ -138,7 +164,7 @@ Nothing.
138
164
 
139
165
  ***
140
166
 
141
- ### refresh()
167
+ ### refresh() {#refresh}
142
168
 
143
169
  > **refresh**(`token?`): `Promise`\<\{ `token?`: `string`; `expiry`: `number`; \}\>
144
170
 
@@ -164,20 +190,14 @@ The refreshed token, if it uses a mechanism with public access.
164
190
 
165
191
  ***
166
192
 
167
- ### updatePassword()
193
+ ### updatePassword() {#updatepassword}
168
194
 
169
- > **updatePassword**(`email`, `currentPassword`, `newPassword`): `Promise`\<`void`\>
195
+ > **updatePassword**(`currentPassword`, `newPassword`): `Promise`\<`void`\>
170
196
 
171
197
  Update the user's password.
172
198
 
173
199
  #### Parameters
174
200
 
175
- ##### email
176
-
177
- `string`
178
-
179
- The email address of the user to update.
180
-
181
201
  ##### currentPassword
182
202
 
183
203
  `string`
@@ -194,7 +214,7 @@ The new password for the user.
194
214
 
195
215
  `Promise`\<`void`\>
196
216
 
197
- Nothing.
217
+ A promise that resolves when the password has been updated and the rate limit cleared.
198
218
 
199
219
  #### Implementation of
200
220
 
@@ -14,7 +14,7 @@ Helper class for password operations.
14
14
 
15
15
  ## Properties
16
16
 
17
- ### CLASS\_NAME
17
+ ### CLASS\_NAME {#class_name}
18
18
 
19
19
  > `readonly` `static` **CLASS\_NAME**: `string`
20
20
 
@@ -22,28 +22,53 @@ Runtime name for the class.
22
22
 
23
23
  ## Methods
24
24
 
25
- ### hashPassword()
25
+ ### updatePassword() {#updatepassword}
26
26
 
27
- > `static` **hashPassword**(`passwordBytes`, `saltBytes`): `Promise`\<`string`\>
27
+ > `static` **updatePassword**(`userEntityStorage`, `authenticationAuditService`, `user`, `newPassword`, `currentPassword?`, `minPasswordLength?`): `Promise`\<`void`\>
28
28
 
29
- Hash the password for the user.
29
+ Update the password for a user.
30
+ Validates password strength, verifies the current password if provided, then hashes and stores the new password and raises an audit event.
30
31
 
31
32
  #### Parameters
32
33
 
33
- ##### passwordBytes
34
+ ##### userEntityStorage
34
35
 
35
- `Uint8Array`
36
+ `IEntityStorageConnector`\<[`AuthenticationUser`](AuthenticationUser.md)\>
36
37
 
37
- The password bytes.
38
+ The entity storage for users.
38
39
 
39
- ##### saltBytes
40
+ ##### authenticationAuditService
40
41
 
41
- `Uint8Array`
42
+ `IAuthenticationAuditComponent` \| `undefined`
42
43
 
43
- The salt bytes.
44
+ The optional audit service.
45
+
46
+ ##### user
47
+
48
+ [`AuthenticationUser`](AuthenticationUser.md)
49
+
50
+ The user whose password is being updated.
51
+
52
+ ##### newPassword
53
+
54
+ `string`
55
+
56
+ The new password to set.
57
+
58
+ ##### currentPassword?
59
+
60
+ `string`
61
+
62
+ The current password to verify against, if supplied.
63
+
64
+ ##### minPasswordLength?
65
+
66
+ `number`
67
+
68
+ Optional minimum password length for validation.
44
69
 
45
70
  #### Returns
46
71
 
47
- `Promise`\<`string`\>
72
+ `Promise`\<`void`\>
48
73
 
49
- The hashed password.
74
+ A promise that resolves when the new password has been stored and the audit entry recorded.
@@ -14,7 +14,7 @@ Helper class for token operations.
14
14
 
15
15
  ## Properties
16
16
 
17
- ### CLASS\_NAME
17
+ ### CLASS\_NAME {#class_name}
18
18
 
19
19
  > `readonly` `static` **CLASS\_NAME**: `string`
20
20
 
@@ -22,9 +22,9 @@ Runtime name for the class.
22
22
 
23
23
  ## Methods
24
24
 
25
- ### createToken()
25
+ ### createToken() {#createtoken}
26
26
 
27
- > `static` **createToken**(`vaultConnector`, `signingKeyName`, `userIdentity`, `organizationIdentity`, `tenantId`, `ttlMinutes`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
27
+ > `static` **createToken**(`vaultConnector`, `nodeId`, `signingKeyName`, `userIdentity`, `organizationIdentity`, `tenantId`, `ttlMinutes`, `scope?`, `passwordVersion?`): `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
28
28
 
29
29
  Create a new token.
30
30
 
@@ -36,11 +36,17 @@ Create a new token.
36
36
 
37
37
  The vault connector.
38
38
 
39
+ ##### nodeId
40
+
41
+ `string`
42
+
43
+ The node identifier, embedded as the JWT issuer claim.
44
+
39
45
  ##### signingKeyName
40
46
 
41
47
  `string`
42
48
 
43
- The signing key name.
49
+ The signing key name, embedded as the JWT key identifier.
44
50
 
45
51
  ##### userIdentity
46
52
 
@@ -50,15 +56,15 @@ The subject for the token.
50
56
 
51
57
  ##### organizationIdentity
52
58
 
53
- The organization for the token.
59
+ `string` \| `undefined`
54
60
 
55
- `string` | `undefined`
61
+ The organization for the token.
56
62
 
57
63
  ##### tenantId
58
64
 
59
- The tenant id for the token.
65
+ `string` \| `undefined`
60
66
 
61
- `string` | `undefined`
67
+ The tenant id for the token.
62
68
 
63
69
  ##### ttlMinutes
64
70
 
@@ -66,6 +72,18 @@ The tenant id for the token.
66
72
 
67
73
  The time to live for the token in minutes.
68
74
 
75
+ ##### scope?
76
+
77
+ `string`
78
+
79
+ The scopes for the token.
80
+
81
+ ##### passwordVersion?
82
+
83
+ `number`
84
+
85
+ The user's current password version counter, embedded in the token so that a password change invalidates existing tokens.
86
+
69
87
  #### Returns
70
88
 
71
89
  `Promise`\<\{ `token`: `string`; `expiry`: `number`; \}\>
@@ -74,9 +92,9 @@ The new token and its expiry date.
74
92
 
75
93
  ***
76
94
 
77
- ### verify()
95
+ ### verify() {#verify}
78
96
 
79
- > `static` **verify**(`vaultConnector`, `signingKeyName`, `token`): `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>
97
+ > `static` **verify**(`vaultConnector`, `nodeId`, `signingKeyName`, `token`, `requiredScopes?`, `verifyUser?`): `Promise`\<\{ `header`: `JWTHeaderParameters`; `payload`: `JWTPayload`; \}\>
80
98
 
81
99
  Verify the token.
82
100
 
@@ -88,17 +106,35 @@ Verify the token.
88
106
 
89
107
  The vault connector.
90
108
 
109
+ ##### nodeId
110
+
111
+ `string`
112
+
113
+ The node identifier, expected to match the JWT issuer claim.
114
+
91
115
  ##### signingKeyName
92
116
 
93
117
  `string`
94
118
 
95
- The signing key name.
119
+ The signing key name, expected to match the JWT key identifier.
96
120
 
97
121
  ##### token
98
122
 
123
+ `string` \| `undefined`
124
+
99
125
  The token to verify.
100
126
 
101
- `string` | `undefined`
127
+ ##### requiredScopes?
128
+
129
+ `string`[]
130
+
131
+ The required scopes.
132
+
133
+ ##### verifyUser?
134
+
135
+ (`sub`, `org`, `tid`, `passwordVersion`) => `Promise`\<`string`[]\>
136
+
137
+ A function to verify the user identity and organization. The password version counter embedded in the token (pver claim) is passed so callers can detect if the password has changed since the token was issued.
102
138
 
103
139
  #### Returns
104
140
 
@@ -112,7 +148,7 @@ UnauthorizedError if the token is missing, invalid or expired.
112
148
 
113
149
  ***
114
150
 
115
- ### extractTokenFromHeaders()
151
+ ### extractTokenFromHeaders() {#extracttokenfromheaders}
116
152
 
117
153
  > `static` **extractTokenFromHeaders**(`headers?`, `cookieName?`): \{ `token`: `string`; `location`: `"authorization"` \| `"cookie"`; \} \| `undefined`
118
154