authhero 0.274.0 → 0.275.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/authhero.cjs +1 -1
  2. package/dist/authhero.mjs +10 -11
  3. package/dist/stats.html +1 -1
  4. package/package.json +1 -1
package/dist/authhero.cjs CHANGED
@@ -82,7 +82,7 @@ ${e.join(`
82
82
  In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function Qk(t,e){if(t){if(typeof t=="string")return Og(t,e);var n={}.toString.call(t).slice(8,-1);return n==="Object"&&t.constructor&&(n=t.constructor.name),n==="Map"||n==="Set"?Array.from(t):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Og(t,e):void 0}}function Og(t,e){(e==null||e>t.length)&&(e=t.length);for(var n=0,r=Array(e);n<e;n++)r[n]=t[n];return r}var e5=["MOBILE","PREMIUM_RATE","TOLL_FREE","SHARED_COST","VOIP","PERSONAL_NUMBER","PAGER","UAN","VOICEMAIL"];function Np(t,e,n){if(e=e||{},!(!t.country&&!t.countryCallingCode)){n=new Xe(n),n.selectNumberingPlan(t.country,t.countryCallingCode);var r=e.v2?t.nationalNumber:t.phone;if(_n(r,n.nationalNumberPattern())){if(wl(r,"FIXED_LINE",n))return n.type("MOBILE")&&n.type("MOBILE").pattern()===""||!n.type("MOBILE")||wl(r,"MOBILE",n)?"FIXED_LINE_OR_MOBILE":"FIXED_LINE";for(var i=Yk(e5),s;!(s=i()).done;){var a=s.value;if(wl(r,a,n))return a}}}}function wl(t,e,n){return e=n.type(e),!e||!e.pattern()||e.possibleLengths()&&e.possibleLengths().indexOf(t.length)<0?!1:_n(t,e.pattern())}function t5(t,e,n){if(e=e||{},n=new Xe(n),n.selectNumberingPlan(t.country,t.countryCallingCode),n.hasTypes())return Np(t,e,n.metadata)!==void 0;var r=e.v2?t.nationalNumber:t.phone;return _n(r,n.nationalNumberPattern())}function n5(t,e,n){var r=new Xe(n),i=r.getCountryCodesForCallingCode(t);return i?i.filter(function(s){return r5(e,s,n)}):[]}function r5(t,e,n){var r=new Xe(n);return r.selectNumberingPlan(e),r.numberingPlan.possibleLengths().indexOf(t.length)>=0}var Ip=2,i5=17,o5=3,Ot="0-90-9٠-٩۰-۹",s5="-‐-―−ー-",a5="//",c5="..",l5="  ­​⁠ ",d5="()()[]\\[\\]",u5="~⁓∼~",Ra="".concat(s5).concat(a5).concat(c5).concat(l5).concat(d5).concat(u5),jp="++",p5=new RegExp("(["+Ot+"])");function f5(t,e,n,r){if(e){var i=new Xe(r);i.selectNumberingPlan(e,n);var s=new RegExp(i.IDDPrefix());if(t.search(s)===0){t=t.slice(t.match(s)[0].length);var a=t.match(p5);if(!(a&&a[1]!=null&&a[1].length>0&&a[1]==="0"))return t}}}function h5(t,e){if(t&&e.numberingPlan.nationalPrefixForParsing()){var n=new RegExp("^(?:"+e.numberingPlan.nationalPrefixForParsing()+")"),r=n.exec(t);if(r){var i,s,a=r.length-1,c=a>0&&r[a];if(e.nationalPrefixTransformRule()&&c)i=t.replace(n,e.nationalPrefixTransformRule()),a>1&&(s=r[1]);else{var l=r[0];i=t.slice(l.length),c&&(s=r[1])}var d;if(c){var p=t.indexOf(r[1]),f=t.slice(0,p);f===e.numberingPlan.nationalPrefix()&&(d=e.numberingPlan.nationalPrefix())}else d=r[0];return{nationalNumber:i,nationalPrefix:d,carrierCode:s}}}return{nationalNumber:t}}function g5(t,e){var n=typeof Symbol<"u"&&t[Symbol.iterator]||t["@@iterator"];if(n)return(n=n.call(t)).next.bind(n);if(Array.isArray(t)||(n=m5(t))||e){n&&(t=n);var r=0;return function(){return r>=t.length?{done:!0}:{done:!1,value:t[r++]}}}throw new TypeError(`Invalid attempt to iterate non-iterable instance.
83
83
  In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function m5(t,e){if(t){if(typeof t=="string")return Pg(t,e);var n={}.toString.call(t).slice(8,-1);return n==="Object"&&t.constructor&&(n=t.constructor.name),n==="Map"||n==="Set"?Array.from(t):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Pg(t,e):void 0}}function Pg(t,e){(e==null||e>t.length)&&(e=t.length);for(var n=0,r=Array(e);n<e;n++)r[n]=t[n];return r}function _5(t,e){var n=e.countries,r=e.metadata;r=new Xe(r);for(var i=g5(n),s;!(s=i()).done;){var a=s.value;if(r.selectNumberingPlan(a),r.leadingDigits()){if(t&&t.search(r.leadingDigits())===0)return a}else if(Np({phone:t,country:a},void 0,r.metadata))return a}}function x1(t,e){var n=e.nationalNumber,r=e.metadata,i=r.getCountryCodesForCallingCode(t);if(i)return i.length===1?i[0]:_5(n,{countries:i,metadata:r.metadata})}function ou(t,e,n){var r=h5(t,n),i=r.carrierCode,s=r.nationalNumber;if(s!==t){if(!y5(t,s,n))return{nationalNumber:t};if(n.numberingPlan.possibleLengths()&&(e||(e=x1(n.numberingPlan.callingCode(),{nationalNumber:s,metadata:n})),!w5(s,e,n)))return{nationalNumber:t}}return{nationalNumber:s,carrierCode:i}}function y5(t,e,n){return!(_n(t,n.nationalNumberPattern())&&!_n(e,n.nationalNumberPattern()))}function w5(t,e,n){switch(Cp(t,e,n)){case"TOO_SHORT":case"INVALID_LENGTH":return!1;default:return!0}}function b5(t,e,n,r,i){var s=n?Ep(n,i):r;if(t.indexOf(s)===0){i=new Xe(i),i.selectNumberingPlan(n,s);var a=t.slice(s.length),c=ou(a,e,i),l=c.nationalNumber,d=ou(t,e,i),p=d.nationalNumber;if(!_n(p,i.nationalNumberPattern())&&_n(l,i.nationalNumberPattern())||Cp(p,e,i)==="TOO_LONG")return{countryCallingCode:s,number:a}}return{number:t}}function S1(t,e,n,r,i){if(!t)return{};var s;if(t[0]!=="+"){var a=f5(t,n,r,i);if(a&&a!==t)s=!0,t="+"+a;else{if(n||r){var c=b5(t,e,n,r,i),l=c.countryCallingCode,d=c.number;if(l)return{countryCallingCodeSource:"FROM_NUMBER_WITHOUT_PLUS_SIGN",countryCallingCode:l,number:d}}return{number:t}}}if(t[1]==="0")return{};i=new Xe(i);for(var p=2;p-1<=o5&&p<=t.length;){var f=t.slice(1,p);if(i.hasCallingCode(f))return i.selectNumberingPlan(f),{countryCallingCodeSource:s?"FROM_NUMBER_WITH_IDD":"FROM_NUMBER_WITH_PLUS_SIGN",countryCallingCode:f,number:t.slice(p)};p++}return{}}function v5(t){return t.replace(new RegExp("[".concat(Ra,"]+"),"g")," ").trim()}var $5=/(\$\d)/;function k5(t,e,n){var r=n.useInternationalFormat,i=n.withNationalPrefix,s=t.replace(new RegExp(e.pattern()),r?e.internationalFormat():i&&e.nationalPrefixFormattingRule()?e.format().replace($5,e.nationalPrefixFormattingRule()):e.format());return r?v5(s):s}var x5=/^[\d]+(?:[~\u2053\u223C\uFF5E][\d]+)?$/;function S5(t,e,n){var r=new Xe(n);if(r.selectNumberingPlan(t,e),r.defaultIDDPrefix())return r.defaultIDDPrefix();if(x5.test(r.IDDPrefix()))return r.IDDPrefix()}var z5=";ext=",zr=function(e){return"([".concat(Ot,"]{1,").concat(e,"})")};function z1(t){var e="20",n="15",r="9",i="6",s="[  \\t,]*",a="[:\\..]?[  \\t,-]*",c="#?",l="(?:e?xt(?:ensi(?:ó?|ó))?n?|e?xtn?|доб|anexo)",d="(?:[xx##~~]|int|int)",p="[- ]+",f="[  \\t]*",g="(?:,{2}|;)",_=z5+zr(e),w=s+l+a+zr(e)+c,k=s+d+a+zr(r)+c,z=p+zr(i)+"#",I=f+g+a+zr(n)+c,E=f+"(?:,)+"+a+zr(r)+c;return _+"|"+w+"|"+k+"|"+z+"|"+I+"|"+E}var A5="["+Ot+"]{"+Ip+"}",E5="["+jp+"]{0,1}(?:["+Ra+"]*["+Ot+"]){3,}["+Ra+Ot+"]*",C5=new RegExp("^["+jp+"]{0,1}(?:["+Ra+"]*["+Ot+"]){1,2}$","i"),N5=E5+"(?:"+z1()+")?",I5=new RegExp("^"+A5+"$|^"+N5+"$","i");function j5(t){return t.length>=Ip&&I5.test(t)}function O5(t){return C5.test(t)}function P5(t){var e=t.number,n=t.ext;if(!e)return"";if(e[0]!=="+")throw new Error('"formatRFC3966()" expects "number" to be in E.164 format.');return"tel:".concat(e).concat(n?";ext="+n:"")}var Tg={formatExtension:function(e,n,r){return"".concat(e).concat(r.ext()).concat(n)}};function T5(t,e,n,r){if(n?n=L5({},Tg,n):n=Tg,r=new Xe(r),t.country&&t.country!=="001"){if(!r.hasCountry(t.country))throw new Error("Unknown country: ".concat(t.country));r.selectNumberingPlan(t.country)}else if(t.countryCallingCode)r.selectNumberingPlan(t.countryCallingCode);else return t.phone||"";var i=r.countryCallingCode(),s=n.v2?t.nationalNumber:t.phone,a;switch(e){case"NATIONAL":return s?(a=Ba(s,t.carrierCode,"NATIONAL",r,n),bl(a,t.ext,r,n.formatExtension)):"";case"INTERNATIONAL":return s?(a=Ba(s,null,"INTERNATIONAL",r,n),a="+".concat(i," ").concat(a),bl(a,t.ext,r,n.formatExtension)):"+".concat(i);case"E.164":return"+".concat(i).concat(s);case"RFC3966":return P5({number:"+".concat(i).concat(s),ext:t.ext});case"IDD":if(!n.fromCountry)return;var c=B5(s,t.carrierCode,i,n.fromCountry,r);return bl(c,t.ext,r,n.formatExtension);default:throw new Error('Unknown "format" argument passed to "formatNumber()": "'.concat(e,'"'))}}function Ba(t,e,n,r,i){var s=R5(r.formats(),t);return s?k5(t,s,{useInternationalFormat:n==="INTERNATIONAL",withNationalPrefix:!(s.nationalPrefixIsOptionalWhenFormattingInNationalFormat()&&i&&i.nationalPrefix===!1)}):t}function R5(t,e){return U5(t,function(n){if(n.leadingDigitsPatterns().length>0){var r=n.leadingDigitsPatterns()[n.leadingDigitsPatterns().length-1];if(e.search(r)!==0)return!1}return _n(e,n.pattern())})}function bl(t,e,n,r){return e?r(t,e,n):t}function B5(t,e,n,r,i){var s=Ep(r,i.metadata);if(s===n){var a=Ba(t,e,"NATIONAL",i);return n==="1"?n+" "+a:a}var c=S5(r,void 0,i.metadata);if(c)return"".concat(c," ").concat(n," ").concat(Ba(t,null,"INTERNATIONAL",i))}function L5(){for(var t=1,e=arguments.length,n=new Array(e),r=0;r<e;r++)n[r]=arguments[r];for(;t<n.length;){if(n[t])for(var i in n[t])n[0][i]=n[t][i];t++}return n[0]}function U5(t,e){for(var n=0;n<t.length;){if(e(t[n]))return t[n];n++}}function Co(t){"@babel/helpers - typeof";return Co=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(e){return typeof e}:function(e){return e&&typeof Symbol=="function"&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},Co(t)}function Rg(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter(function(i){return Object.getOwnPropertyDescriptor(t,i).enumerable})),n.push.apply(n,r)}return n}function Bg(t){for(var e=1;e<arguments.length;e++){var n=arguments[e]!=null?arguments[e]:{};e%2?Rg(Object(n),!0).forEach(function(r){D5(t,r,n[r])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):Rg(Object(n)).forEach(function(r){Object.defineProperty(t,r,Object.getOwnPropertyDescriptor(n,r))})}return t}function D5(t,e,n){return(e=A1(e))in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function M5(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function q5(t,e){for(var n=0;n<e.length;n++){var r=e[n];r.enumerable=r.enumerable||!1,r.configurable=!0,"value"in r&&(r.writable=!0),Object.defineProperty(t,A1(r.key),r)}}function F5(t,e,n){return e&&q5(t.prototype,e),Object.defineProperty(t,"prototype",{writable:!1}),t}function A1(t){var e=H5(t,"string");return Co(e)=="symbol"?e:e+""}function H5(t,e){if(Co(t)!="object"||!t)return t;var n=t[Symbol.toPrimitive];if(n!==void 0){var r=n.call(t,e);if(Co(r)!="object")return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return String(t)}var V5=(function(){function t(e,n,r){if(M5(this,t),!e)throw new TypeError("First argument is required");if(typeof e!="string")throw new TypeError("First argument must be a string");if(e[0]==="+"&&!n)throw new TypeError("`metadata` argument not passed");if(Fr(n)&&Fr(n.countries)){r=n;var i=e;if(!W5.test(i))throw new Error('Invalid `number` argument passed: must consist of a "+" followed by digits');var s=S1(i,void 0,void 0,void 0,r),a=s.countryCallingCode,c=s.number;if(n=c,e=a,!n)throw new Error("Invalid `number` argument passed: too short")}if(!n)throw new TypeError("`nationalNumber` argument is required");if(typeof n!="string")throw new TypeError("`nationalNumber` argument must be a string");v1(r);var l=G5(e,r),d=l.country,p=l.countryCallingCode;this.country=d,this.countryCallingCode=p,this.nationalNumber=n,this.number="+"+this.countryCallingCode+this.nationalNumber,this.getMetadata=function(){return r}}return F5(t,[{key:"setExt",value:function(n){this.ext=n}},{key:"getPossibleCountries",value:function(){return this.country?[this.country]:n5(this.countryCallingCode,this.nationalNumber,this.getMetadata())}},{key:"isPossible",value:function(){return Zk(this,{v2:!0},this.getMetadata())}},{key:"isValid",value:function(){return t5(this,{v2:!0},this.getMetadata())}},{key:"isNonGeographic",value:function(){var n=new Xe(this.getMetadata());return n.isNonGeographicCallingCode(this.countryCallingCode)}},{key:"isEqual",value:function(n){return this.number===n.number&&this.ext===n.ext}},{key:"getType",value:function(){return Np(this,{v2:!0},this.getMetadata())}},{key:"format",value:function(n,r){return T5(this,n,r?Bg(Bg({},r),{},{v2:!0}):{v2:!0},this.getMetadata())}},{key:"formatNational",value:function(n){return this.format("NATIONAL",n)}},{key:"formatInternational",value:function(n){return this.format("INTERNATIONAL",n)}},{key:"getURI",value:function(n){return this.format("RFC3966",n)}}])})(),K5=function(e){return/^[A-Z]{2}$/.test(e)};function G5(t,e){var n,r,i=new Xe(e);return K5(t)?(n=t,i.selectNumberingPlan(n),r=i.countryCallingCode()):r=t,{country:n,countryCallingCode:r}}var W5=/^\+\d+$/;function su(t){"@babel/helpers - typeof";return su=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(e){return typeof e}:function(e){return e&&typeof Symbol=="function"&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},su(t)}function J5(t,e,n){return Object.defineProperty(t,"prototype",{writable:!1}),t}function X5(t,e){if(!(t instanceof e))throw new TypeError("Cannot call a class as a function")}function Z5(t,e,n){return e=Io(e),Y5(t,Op()?Reflect.construct(e,n||[],Io(t).constructor):e.apply(t,n))}function Y5(t,e){if(e&&(su(e)=="object"||typeof e=="function"))return e;if(e!==void 0)throw new TypeError("Derived constructors may only return object or undefined");return Q5(t)}function Q5(t){if(t===void 0)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return t}function e6(t,e){if(typeof e!="function"&&e!==null)throw new TypeError("Super expression must either be null or a function");t.prototype=Object.create(e&&e.prototype,{constructor:{value:t,writable:!0,configurable:!0}}),Object.defineProperty(t,"prototype",{writable:!1}),e&&No(t,e)}function au(t){var e=typeof Map=="function"?new Map:void 0;return au=function(r){if(r===null||!n6(r))return r;if(typeof r!="function")throw new TypeError("Super expression must either be null or a function");if(e!==void 0){if(e.has(r))return e.get(r);e.set(r,i)}function i(){return t6(r,arguments,Io(this).constructor)}return i.prototype=Object.create(r.prototype,{constructor:{value:i,enumerable:!1,writable:!0,configurable:!0}}),No(i,r)},au(t)}function t6(t,e,n){if(Op())return Reflect.construct.apply(null,arguments);var r=[null];r.push.apply(r,e);var i=new(t.bind.apply(t,r));return n&&No(i,n.prototype),i}function Op(){try{var t=!Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){}))}catch{}return(Op=function(){return!!t})()}function n6(t){try{return Function.toString.call(t).indexOf("[native code]")!==-1}catch{return typeof t=="function"}}function No(t,e){return No=Object.setPrototypeOf?Object.setPrototypeOf.bind():function(n,r){return n.__proto__=r,n},No(t,e)}function Io(t){return Io=Object.setPrototypeOf?Object.getPrototypeOf.bind():function(e){return e.__proto__||Object.getPrototypeOf(e)},Io(t)}var an=(function(t){function e(n){var r;return X5(this,e),r=Z5(this,e,[n]),Object.setPrototypeOf(r,e.prototype),r.name=r.constructor.name,r}return e6(e,t),J5(e)})(au(Error)),Lg=new RegExp("(?:"+z1()+")$","i");function r6(t){var e=t.search(Lg);if(e<0)return{};for(var n=t.slice(0,e),r=t.match(Lg),i=1;i<r.length;){if(r[i])return{number:n,ext:r[i]};i++}}var i6={0:"0",1:"1",2:"2",3:"3",4:"4",5:"5",6:"6",7:"7",8:"8",9:"9","0":"0","1":"1","2":"2","3":"3","4":"4","5":"5","6":"6","7":"7","8":"8","9":"9","٠":"0","١":"1","٢":"2","٣":"3","٤":"4","٥":"5","٦":"6","٧":"7","٨":"8","٩":"9","۰":"0","۱":"1","۲":"2","۳":"3","۴":"4","۵":"5","۶":"6","۷":"7","۸":"8","۹":"9"};function o6(t){return i6[t]}function s6(t,e){var n=typeof Symbol<"u"&&t[Symbol.iterator]||t["@@iterator"];if(n)return(n=n.call(t)).next.bind(n);if(Array.isArray(t)||(n=a6(t))||e){n&&(t=n);var r=0;return function(){return r>=t.length?{done:!0}:{done:!1,value:t[r++]}}}throw new TypeError(`Invalid attempt to iterate non-iterable instance.
84
84
  In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function a6(t,e){if(t){if(typeof t=="string")return Ug(t,e);var n={}.toString.call(t).slice(8,-1);return n==="Object"&&t.constructor&&(n=t.constructor.name),n==="Map"||n==="Set"?Array.from(t):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Ug(t,e):void 0}}function Ug(t,e){(e==null||e>t.length)&&(e=t.length);for(var n=0,r=Array(e);n<e;n++)r[n]=t[n];return r}function Dg(t){for(var e="",n=s6(t.split("")),r;!(r=n()).done;){var i=r.value;e+=c6(i,e)||""}return e}function c6(t,e,n){return t==="+"?e?void 0:"+":o6(t)}var E1="+",l6="[\\-\\.\\(\\)]?",Mg="(["+Ot+"]|"+l6+")",d6="^\\"+E1+Mg+"*["+Ot+"]"+Mg+"*$",u6=new RegExp(d6,"g"),cu=Ot,p6="["+cu+"]+((\\-)*["+cu+"])*",f6="a-zA-Z",h6="["+f6+"]+((\\-)*["+cu+"])*",g6="^("+p6+"\\.)*"+h6+"\\.?$",m6=new RegExp(g6,"g"),qg="tel:",lu=";phone-context=",_6=";isub=";function y6(t){var e=t.indexOf(lu);if(e<0)return null;var n=e+lu.length;if(n>=t.length)return"";var r=t.indexOf(";",n);return r>=0?t.substring(n,r):t.substring(n)}function w6(t){return t===null?!0:t.length===0?!1:u6.test(t)||m6.test(t)}function b6(t,e){var n=e.extractFormattedPhoneNumber,r=y6(t);if(!w6(r))throw new an("NOT_A_NUMBER");var i;if(r===null)i=n(t)||"";else{i="",r.charAt(0)===E1&&(i+=r);var s=t.indexOf(qg),a;s>=0?a=s+qg.length:a=0;var c=t.indexOf(lu);i+=t.substring(a,c)}var l=i.indexOf(_6);if(l>0&&(i=i.substring(0,l)),i!=="")return i}var v6=250,$6=new RegExp("["+jp+Ot+"]"),k6=new RegExp("[^"+Ot+"#]+$");function x6(t,e,n){if(e=e||{},n=new Xe(n),e.defaultCountry&&!n.hasCountry(e.defaultCountry))throw e.v2?new an("INVALID_COUNTRY"):new Error("Unknown country: ".concat(e.defaultCountry));var r=z6(t,e.v2,e.extract),i=r.number,s=r.ext,a=r.error;if(!i){if(e.v2)throw a==="TOO_SHORT"?new an("TOO_SHORT"):new an("NOT_A_NUMBER");return{}}var c=E6(i,e.defaultCountry,e.defaultCallingCode,n),l=c.country,d=c.nationalNumber,p=c.countryCallingCode,f=c.countryCallingCodeSource,g=c.carrierCode;if(!n.hasSelectedNumberingPlan()){if(e.v2)throw new an("INVALID_COUNTRY");return{}}if(!d||d.length<Ip){if(e.v2)throw new an("TOO_SHORT");return{}}if(d.length>i5){if(e.v2)throw new an("TOO_LONG");return{}}if(e.v2){var _=new V5(p,d,n.metadata);return l&&(_.country=l),g&&(_.carrierCode=g),s&&(_.ext=s),_.__countryCallingCodeSource=f,_}var w=(e.extended?n.hasSelectedNumberingPlan():l)?_n(d,n.nationalNumberPattern()):!1;return e.extended?{country:l,countryCallingCode:p,carrierCode:g,valid:w,possible:w?!0:!!(e.extended===!0&&n.possibleLengths()&&k1(d,l,n)),phone:d,ext:s}:w?A6(l,d,s):{}}function S6(t,e,n){if(t){if(t.length>v6){if(n)throw new an("TOO_LONG");return}if(e===!1)return t;var r=t.search($6);if(!(r<0))return t.slice(r).replace(k6,"")}}function z6(t,e,n){var r=b6(t,{extractFormattedPhoneNumber:function(a){return S6(a,n,e)}});if(!r)return{};if(!j5(r))return O5(r)?{error:"TOO_SHORT"}:{};var i=r6(r);return i.ext?i:{number:r}}function A6(t,e,n){var r={country:t,phone:e};return n&&(r.ext=n),r}function E6(t,e,n,r){var i=S1(Dg(t),void 0,e,n,r.metadata),s=i.countryCallingCodeSource,a=i.countryCallingCode,c=i.number,l;if(a)r.selectNumberingPlan(a);else if(c&&(e||n))r.selectNumberingPlan(e,n),e&&(l=e),a=n||Ep(e,r.metadata);else return{};if(!c)return{countryCallingCodeSource:s,countryCallingCode:a};var d=ou(Dg(c),l,r),p=d.nationalNumber,f=d.carrierCode,g=x1(a,{nationalNumber:p,metadata:r});return g&&(l=g,g==="001"||r.selectNumberingPlan(l)),{country:l,countryCallingCode:a,countryCallingCodeSource:s,nationalNumber:p,carrierCode:f}}function jo(t){"@babel/helpers - typeof";return jo=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(e){return typeof e}:function(e){return e&&typeof Symbol=="function"&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},jo(t)}function Fg(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter(function(i){return Object.getOwnPropertyDescriptor(t,i).enumerable})),n.push.apply(n,r)}return n}function Hg(t){for(var e=1;e<arguments.length;e++){var n=arguments[e]!=null?arguments[e]:{};e%2?Fg(Object(n),!0).forEach(function(r){C6(t,r,n[r])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):Fg(Object(n)).forEach(function(r){Object.defineProperty(t,r,Object.getOwnPropertyDescriptor(n,r))})}return t}function C6(t,e,n){return(e=N6(e))in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function N6(t){var e=I6(t,"string");return jo(e)=="symbol"?e:e+""}function I6(t,e){if(jo(t)!="object"||!t)return t;var n=t[Symbol.toPrimitive];if(n!==void 0){var r=n.call(t,e);if(jo(r)!="object")return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return(e==="string"?String:Number)(t)}function j6(t,e,n){return x6(t,Hg(Hg({},e),{},{v2:!0}),n)}function Oo(t){"@babel/helpers - typeof";return Oo=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(e){return typeof e}:function(e){return e&&typeof Symbol=="function"&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},Oo(t)}function Vg(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter(function(i){return Object.getOwnPropertyDescriptor(t,i).enumerable})),n.push.apply(n,r)}return n}function O6(t){for(var e=1;e<arguments.length;e++){var n=arguments[e]!=null?arguments[e]:{};e%2?Vg(Object(n),!0).forEach(function(r){P6(t,r,n[r])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):Vg(Object(n)).forEach(function(r){Object.defineProperty(t,r,Object.getOwnPropertyDescriptor(n,r))})}return t}function P6(t,e,n){return(e=T6(e))in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function T6(t){var e=R6(t,"string");return Oo(e)=="symbol"?e:e+""}function R6(t,e){if(Oo(t)!="object"||!t)return t;var n=t[Symbol.toPrimitive];if(n!==void 0){var r=n.call(t,e);if(Oo(r)!="object")return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return(e==="string"?String:Number)(t)}function B6(t,e){return M6(t)||D6(t,e)||U6(t,e)||L6()}function L6(){throw new TypeError(`Invalid attempt to destructure non-iterable instance.
85
- In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function U6(t,e){if(t){if(typeof t=="string")return Kg(t,e);var n={}.toString.call(t).slice(8,-1);return n==="Object"&&t.constructor&&(n=t.constructor.name),n==="Map"||n==="Set"?Array.from(t):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Kg(t,e):void 0}}function Kg(t,e){(e==null||e>t.length)&&(e=t.length);for(var n=0,r=Array(e);n<e;n++)r[n]=t[n];return r}function D6(t,e){var n=t==null?null:typeof Symbol<"u"&&t[Symbol.iterator]||t["@@iterator"];if(n!=null){var r,i,s,a,c=[],l=!0,d=!1;try{if(s=(n=n.call(t)).next,e!==0)for(;!(l=(r=s.call(n)).done)&&(c.push(r.value),c.length!==e);l=!0);}catch(p){d=!0,i=p}finally{try{if(!l&&n.return!=null&&(a=n.return(),Object(a)!==a))return}finally{if(d)throw i}}return c}}function M6(t){if(Array.isArray(t))return t}function q6(t){var e=Array.prototype.slice.call(t),n=B6(e,4),r=n[0],i=n[1],s=n[2],a=n[3],c,l,d;if(typeof r=="string")c=r;else throw new TypeError("A text for parsing must be a string.");if(!i||typeof i=="string")a?(l=s,d=a):(l=void 0,d=s),i&&(l=O6({defaultCountry:i},l));else if(Fr(i))s?(l=i,d=s):d=i;else throw new Error("Invalid second argument: ".concat(i));return{text:c,options:l,metadata:d}}function Po(t){"@babel/helpers - typeof";return Po=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(e){return typeof e}:function(e){return e&&typeof Symbol=="function"&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},Po(t)}function Gg(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter(function(i){return Object.getOwnPropertyDescriptor(t,i).enumerable})),n.push.apply(n,r)}return n}function Wg(t){for(var e=1;e<arguments.length;e++){var n=arguments[e]!=null?arguments[e]:{};e%2?Gg(Object(n),!0).forEach(function(r){F6(t,r,n[r])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):Gg(Object(n)).forEach(function(r){Object.defineProperty(t,r,Object.getOwnPropertyDescriptor(n,r))})}return t}function F6(t,e,n){return(e=H6(e))in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function H6(t){var e=V6(t,"string");return Po(e)=="symbol"?e:e+""}function V6(t,e){if(Po(t)!="object"||!t)return t;var n=t[Symbol.toPrimitive];if(n!==void 0){var r=n.call(t,e);if(Po(r)!="object")return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return(e==="string"?String:Number)(t)}function K6(t,e,n){e&&e.defaultCountry&&!Jk(e.defaultCountry,n)&&(e=Wg(Wg({},e),{},{defaultCountry:void 0}));try{return j6(t,e,n)}catch(r){if(!(r instanceof an))throw r}}function G6(){var t=q6(arguments),e=t.text,n=t.options,r=t.metadata;return K6(e,n,r)}function W6(){return Bk(G6,arguments)}function Xc(t,e="US"){const n=t.trim();if(n.includes("@")){const r=n.toLowerCase(),i=/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(r);return{connectionType:"email",normalized:i?r:null,isValid:i}}else if(/^\+?\d[\d\s\-().]*$/.test(n)){const r=W6(n,{defaultCountry:e});return r&&r.isValid()?{connectionType:"sms",normalized:r.number,isValid:!0}:{connectionType:"sms",normalized:null,isValid:!1}}else return{connectionType:"username",normalized:n,isValid:!0}}function Pp(t){let e=t.trim();e.startsWith("[")&&e.endsWith("]")&&(e=e.slice(1,-1));const n=e.indexOf("%");return n!==-1&&(e=e.slice(0,n)),e}function J6(t){const n=Pp(t).split(".");return n.length!==4?!1:n.every(r=>/^\d+$/.test(r)&&Number(r)>=0&&Number(r)<=255)}function X6(t){const e=Pp(t);if(e.length<2||e.indexOf(":")===-1||!/^[0-9a-fA-F:.]+$/.test(e))return!1;const n=e.split(":");return e.includes("::")?n.length<=8:n.length===8}function Z6(t){let e=t.trim();const n=/^\[([^\]]+)\](?::\d+)?$/,r=e.match(n);if(r&&r[1])return r[1];const i=e.lastIndexOf(":");if(i!==-1){const s=e.slice(0,i),a=e.slice(i+1);/^[0-9.]+$/.test(s)&&/^\d+$/.test(a)&&(e=s)}return e}function Jg(t){if(!t)return null;const e=Pp(Z6(t));return J6(e)?{family:4,normalized:e}:X6(e)?{family:6,normalized:e.toLowerCase()}:null}function Xg(t){if(t.includes("::")){let[e,n]=t.split("::"),r=e?e.split(":").filter(Boolean):[],i=n?n.split(":").filter(Boolean):[],s=8-(r.length+i.length);return[...r.map(a=>a.toLowerCase()||"0"),...Array(s).fill("0"),...i.map(a=>a.toLowerCase()||"0")]}else return t.split(":").map(e=>e.toLowerCase()||"0")}function Y6(t,e,n=!0){const r=Jg(t),i=Jg(e);if(!r||!i||r.family!==i.family)return!1;if(r.family===4)return r.normalized===i.normalized;const s=Xg(r.normalized),a=Xg(i.normalized);return n?s.length===8&&a.length===8&&s.join(":")===a.join(":"):s.slice(0,4).join(":")===a.slice(0,4).join(":")}class _r extends Error{location;status;constructor(e,n=302){super(`Redirect to ${e}`),this.name=_r.name,this.location=e,this.status=n}}const Q6=o.z.object({client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),otp:o.z.string(),authParams:uo.optional(),enforceIpCheck:o.z.boolean().optional().default(!1)});async function C1(t,{client_id:e,username:n,otp:r,authParams:i,enforceIpCheck:s=!1}){const a=t.get("ip"),c=t.get("countryCode"),{connectionType:l,normalized:d}=Xc(n,c);if(!d)throw new L(400,{message:"Invalid username format"});const p=await t.env.data.legacyClients.get(e);if(!p)throw new L(403,{message:"Client not found"});const{env:f}=t,g=await f.data.codes.get(p.tenant.id,r,"otp");if(!g)throw new L(400,{message:X("code_invalid")});if(g.expires_at<new Date().toISOString())throw new L(400,{message:X("code_expired")});if(g.used_at)throw new L(400,{message:X("code_used")});const _=await f.data.loginSessions.get(p.tenant.id,g.login_id);if(!_||_.authParams.username!==n)throw new L(400,{message:"Code not found or expired"});if(s&&_.ip&&a&&!Y6(_.ip,a))throw new _r(`${De(t.env)}invalid-session?state=${_.id}`);const w=await Xa(t,{client:p,username:d,provider:l,connection:l,isSocial:!1,ip:t.var.ip});return await f.data.codes.used(p.tenant.id,r),{user:w,client:p,loginSession:_,session_id:_.session_id,authParams:{..._.authParams,...i||{}}}}async function Tp(t,e){const n=await C1(t,e);return Kt(t,{authParams:n.authParams,client:n.client,user:n.user,loginSession:n.loginSession,authStrategy:{strategy:"email",strategy_type:"passwordless"}})}const Zg=o.z.object({client_id:o.z.string().optional(),client_secret:o.z.string().optional()}),Yg=o.z.union([b1.extend(Zg.shape),o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string(),code_verifier:o.z.string().min(43).max(128),organization:o.z.string().optional()}),o.z.object({grant_type:o.z.literal("authorization_code"),code:o.z.string(),redirect_uri:o.z.string().optional(),organization:o.z.string().optional(),...Zg.shape}),o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string().optional(),refresh_token:o.z.string(),redirect_uri:o.z.string().optional(),client_secret:o.z.string().optional()}),o.z.object({grant_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),client_id:o.z.string(),username:o.z.string(),otp:o.z.string(),realm:o.z.enum(["email","sms"])})]);function e8(t){if(!t)return{};const[e,n]=t.split(" ");if(e?.toLowerCase()==="basic"&&n){const[r,i]=atob(n).split(":");return{client_id:r,client_secret:i}}return{}}const t8=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:Yg},"application/json":{schema:Yg}}}},responses:{200:{content:{"application/json":{schema:ku}},description:"Tokens"},302:{description:"Redirect for further user interaction (e.g., MFA, consent).",headers:o.z.object({Location:o.z.string().url()}).openapi({})},400:{description:"Bad Request - The request was malformed or invalid.",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}},401:{description:"Unauthorized - Client authentication failed.",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}},403:{description:"Forbidden - User is not a member of the required organization.",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}}}}),async t=>{const n=(t.req.header("Content-Type")||"").includes("application/json")?t.req.valid("json"):t.req.valid("form"),r=e8(t.req.header("Authorization")),i={...n,...r};if(!i.client_id)throw new v(400,{message:"client_id is required"});t.set("client_id",i.client_id);let s;switch(n.grant_type){case xt.AuthorizationCode:s=await Ok(t,jk.parse(i));break;case xt.ClientCredential:s=await Ik(t,b1.parse(i));break;case xt.RefreshToken:s=await Tk(t,Pk.parse(i));break;case xt.OTP:s=await C1(t,Q6.parse(i));break;default:return t.json({error:"unsupported_grant_type",error_description:"Grant type not implemented"},400)}const a=new Headers;if(s.session_id){const d=Xs(s.client.tenant.id,s.session_id,t.var.host||"");a.set("Set-Cookie",d)}let c=[];if(s.authParams.audience)try{let d;if(n.grant_type===xt.ClientCredential)d=await Zs(t,{grantType:xt.ClientCredential,tenantId:s.client.tenant.id,clientId:s.client.client_id,audience:s.authParams.audience,requestedScopes:s.authParams.scope?.split(" ")||[],organizationId:s.organization?.id});else{if(!s.user?.user_id)throw new L(400,{error:"invalid_request",error_description:"User ID is required for user-based grants"});d=await Zs(t,{grantType:n.grant_type,tenantId:s.client.tenant.id,userId:s.user.user_id,clientId:s.client.client_id,audience:s.authParams.audience,requestedScopes:s.authParams.scope?.split(" ")||[],organizationId:s.organization?.id})}s.authParams.scope=d.scopes.join(" "),c=d.permissions}catch(d){if(d instanceof v)throw d;console.error("Error calculating scopes and permissions:",d)}const l=await Ga(t,{...s,grantType:n.grant_type,permissions:c.length>0?c:void 0});return t.json(l,{headers:a})});function n8(t){if(typeof t!="string")throw new TypeError("Expected a string");return t.replace(/[|\\{}()[\]^$+*?.]/g,"\\$&").replace(/-/g,"\\x2d")}const r8=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:8},{id:2,value:"Medium",minDiversity:4,minLength:10},{id:3,value:"Strong",minDiversity:4,minLength:12}],i8=(t,e=r8,n)=>{e[0].minDiversity=0,e[0].minLength=0;const r=t??"",i=[{key:"lowercase",regex:"[a-z]"},{key:"uppercase",regex:"[A-Z]"},{key:"number",regex:"[0-9]"},{key:"symbol",regex:n?`[${n8(n)}]`:"[^a-zA-Z0-9]"}];let s={};s.contains=i.filter(c=>new RegExp(`${c.regex}`).test(r)).map(c=>c.key),s.length=r.length;let a=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,a[0]),s};function Rp(t){return i8(t).id<2?!1:t.length>=8&&/[a-z]/.test(t)&&/[A-Z]/.test(t)&&/[0-9]/.test(t)&&/[^A-Za-z0-9]/.test(t)}async function as(t,e){const n=await t.env.data.emailProviders.get(t.var.tenant_id)||(t.env.DEFAULT_TENANT_ID?await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID):null);if(!n)throw new v(500,{message:"Email provider not found"});const r=t.env.emailProviders?.[n.name];if(!r)throw new v(500,{message:"Email provider not found"});await r({emailProvider:n,...e,from:n.default_from_address||`login@${t.env.ISSUER}`})}async function N1(t,e){if(!t.var.client_id)throw new v(500,{message:"Client not found"});const n=await ki(t.env,t.var.client_id),r=n.connections.find(a=>a.strategy==="sms");if(!r)throw new v(500,{message:"SMS provider not found"});const i=r.options?.provider||"twilio",s=t.env.smsProviders?.[i];if(!s)throw new v(500,{message:"SMS provider not found"});await s({options:r.options,to:e.to,from:e.from,text:e.text,template:"auth-code",data:{code:e.code,tenantName:n.tenant.friendly_name,tenantId:n.tenant.id}})}async function I1(t,e,n,r,i){const s=await t.env.data.tenants.get(t.var.tenant_id);if(!s)throw new v(500,{message:"Tenant not found"});const a=`${De(t.env)}reset-password?state=${r}&code=${n}`,c=await t.env.data.branding.get(t.var.tenant_id),l=c?.logo_url||"",d=c?.colors?.primary||"#7d68f4",p={vendorName:s.friendly_name,lng:"en"};await as(t,{to:e,subject:X("reset_password_title",p),html:`Click here to reset your password: ${De(t.env)}reset-password?state=${r}&code=${n}`,template:"auth-password-reset",data:{vendorName:s.friendly_name,logo:l,passwordResetUrl:a,supportUrl:s.support_url||"https://support.sesamy.com",buttonColor:d,passwordResetTitle:X("password_reset_title",p),resetPasswordEmailClickToReset:X("reset_password_email_click_to_reset",p),resetPasswordEmailReset:X("reset_password_email_reset",p),supportInfo:X("support_info",p),contactUs:X("contact_us",p),copyright:X("copyright",p),tenantName:s.friendly_name,tenantId:s.id}}),se(t,s.id,{type:ne.SUCCESS_CHANGE_PASSWORD_REQUEST,description:e})}async function Bp(t,{to:e,code:n,language:r}){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new v(500,{message:"Tenant not found"});const{connectionType:s}=Xc(e),a=await t.env.data.branding.get(t.var.tenant_id),c=a?.logo_url||"",l=a?.colors?.primary||"#7d68f4",d=new URL(De(t.env)),p={vendorName:i.friendly_name,vendorId:i.id,loginDomain:d.hostname,code:n,lng:r||"en"};s==="email"?await as(t,{to:e,subject:X("code_email_subject",p),html:`Click here to validate your email: ${De(t.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:i.friendly_name,logo:c,supportUrl:i.support_url||"",buttonColor:l,welcomeToYourAccount:X("welcome_to_your_account",p),linkEmailClickToLogin:X("link_email_click_to_login",p),linkEmailLogin:X("link_email_login",p),linkEmailOrEnterCode:X("link_email_or_enter_code",p),codeValid30Mins:X("code_valid_30_minutes",p),supportInfo:X("support_info",p),contactUs:X("contact_us",p),copyright:X("copyright",p)}}):s==="sms"&&await N1(t,{to:e,text:X("sms_code_text",p),code:n,from:i.friendly_name}),se(t,i.id,{type:ne.CODE_LINK_SENT,description:e})}async function Lp(t,{to:e,code:n,authParams:r,language:i}){const s=await t.env.data.tenants.get(t.var.tenant_id);if(!s)throw new v(500,{message:"Tenant not found"});if(!r.redirect_uri)throw new v(400,{message:"redirect_uri is required"});const{connectionType:a}=Xc(e),c=await t.env.data.branding.get(t.var.tenant_id),l=c?.logo_url||"",d=c?.colors?.primary||"",p=new URL(Ee(t.env));p.pathname="passwordless/verify_redirect",p.searchParams.set("verification_code",n),p.searchParams.set("connection",a),p.searchParams.set("client_id",r.client_id),p.searchParams.set("redirect_uri",r.redirect_uri),p.searchParams.set("email",e),r.response_type&&p.searchParams.set("response_type",r.response_type),r.scope&&p.searchParams.set("scope",r.scope),r.state&&p.searchParams.set("state",r.state),r.nonce&&p.searchParams.set("nonce",r.nonce),r.code_challenge&&p.searchParams.set("code_challenge",r.code_challenge),r.code_challenge_method&&p.searchParams.set("code_challenge_method",r.code_challenge_method),r.audience&&p.searchParams.set("audience",r.audience);const f={vendorName:s.friendly_name,code:n,lng:i||"en"};if(a==="email")await as(t,{to:e,subject:X("code_email_subject",f),html:`Click here to validate your email: ${De(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:s.friendly_name,logo:l,supportUrl:s.support_url||"",magicLink:p.toString(),buttonColor:d,welcomeToYourAccount:X("welcome_to_your_account",f),linkEmailClickToLogin:X("link_email_click_to_login",f),linkEmailLogin:X("link_email_login",f),linkEmailOrEnterCode:X("link_email_or_enter_code",f),codeValid30Mins:X("code_valid_30_minutes",f),supportInfo:X("support_info",f),contactUs:X("contact_us",f),copyright:X("copyright",f)}});else if(a==="sms")await N1(t,{to:e,text:`${X("link_sms_login",f)}: ${p.toString()}`,code:n,from:s.friendly_name});else throw new v(400,{message:"Only email and SMS connections are supported for magic links"});se(t,s.id,{type:ne.CODE_LINK_SENT,description:e})}async function Up(t,e,n){const r=await t.env.data.tenants.get(t.var.tenant_id);if(!r)throw new v(500,{message:"Tenant not found"});if(!e.email)throw new v(400,{message:"User has no email"});const i=await t.env.data.branding.get(t.var.tenant_id),s=i?.logo_url||"",a=i?.colors?.primary||"#7d68f4",c={vendorName:r.friendly_name,lng:n||"en"};await as(t,{to:e.email,subject:X("welcome_to_your_account",c),html:`Click here to validate your email: ${De(t.env)}validate-email`,template:"auth-verify-email",data:{vendorName:r.friendly_name,logo:s,emailValidationUrl:`${De(t.env)}validate-email`,supportUrl:r.support_url||"https://support.sesamy.com",buttonColor:a,welcomeToYourAccount:X("welcome_to_your_account",c),verifyEmailVerify:X("verify_email_verify",c),supportInfo:X("support_info",c),contactUs:X("contact_us",c),copyright:X("copyright",c)}})}async function o8(t,e,n,r,i){const s=await t.env.data.tenants.get(t.var.tenant_id);if(!s)throw new v(500,{message:"Tenant not found"});const a=await t.env.data.branding.get(t.var.tenant_id),c=a?.logo_url||"",l=a?.colors?.primary||"#7d68f4",d={vendorName:s.friendly_name,lng:"en"},p=`${De(t.env)}signup?state=${r}&code=${n}`;await as(t,{to:e,subject:X("register_password_account",d),html:`Click here to register: ${p}`,template:"auth-pre-signup-verification",data:{vendorName:s.friendly_name,logo:c,signupUrl:p,setPassword:X("set_password",d),registerPasswordAccount:X("register_password_account",d),clickToSignUpDescription:X("click_to_sign_up_description",d),supportUrl:s.support_url||"https://support.sesamy.com",buttonColor:l,welcomeToYourAccount:X("welcome_to_your_account",d),verifyEmailVerify:X("verify_email_verify",d),supportInfo:X("support_info",d),contactUs:X("contact_us",d),copyright:X("copyright",d)}})}const s8=new o.OpenAPIHono().openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string()})}}}},responses:{200:{content:{"application/json":{schema:o.z.object({_id:o.z.string(),email:o.z.string().optional(),email_verified:o.z.boolean(),app_metadata:o.z.object({}),user_metadata:o.z.object({})})}},description:"Created user"}}}),async t=>{const{email:e,password:n,client_id:r}=t.req.valid("json"),i=await t.env.data.legacyClients.get(r);if(!i)throw new v(400,{message:"Client not found"});if(t.set("client_id",i.client_id),t.set("tenant_id",i.tenant.id),!Rp(n))throw new v(400,{message:"Password does not meet the requirements"});if(await ho({userAdapter:t.env.data.users,tenant_id:i.tenant.id,username:e,provider:"auth2"}))throw new v(400,{message:"Invalid sign up"});const a=await t.env.data.users.create(i.tenant.id,{user_id:`auth2|${Ha()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});t.set("user_id",a.user_id),t.set("username",a.email),t.set("connection",a.connection);const c=await Vr.hash(n,10);return await t.env.data.passwords.create(i.tenant.id,{user_id:a.user_id,password:c,algorithm:"bcrypt"}),await Up(t,a),se(t,i.tenant.id,{type:ne.SUCCESS_SIGNUP,description:"Successful signup"}),t.json({_id:a.user_id,email:a.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{email:e,client_id:n}=t.req.valid("json"),r=await t.env.data.legacyClients.get(n);if(!r)throw new v(400,{message:"Client not found"});if(t.set("client_id",r.client_id),t.set("tenant_id",r.tenant.id),!await di({userAdapter:t.env.data.users,tenant_id:r.tenant.id,username:e,provider:"auth2"}))return t.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:n,username:e},a=await t.env.data.loginSessions.create(r.tenant.id,{expires_at:new Date(Date.now()+nr*1e3).toISOString(),authParams:s,csrf_token:pe(),ip:t.get("ip"),useragent:t.get("useragent"),auth0Client:mn(t.get("auth0_client"))});return await I1(t,e,a.id,a.authParams.state),t.html("If an account with that email exists, we've sent instructions to reset your password.")});function Bn(){const t="1234567890";let e="";for(let n=0;n<6;n+=1)e+=t[Math.floor(Math.random()*10)];return e.toString()}const a8=new o.OpenAPIHono().openapi(o.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({connection:o.z.literal("email"),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),send:o.z.enum(["link","code"]),authParams:uo.omit({client_id:!0})}),o.z.object({client_id:o.z.string(),connection:o.z.literal("sms"),phone_number:o.z.string(),send:o.z.enum(["link","code"]),authParams:uo.omit({client_id:!0})})])}}}},responses:{200:{description:"Status"}}}),async t=>{const e=t.req.valid("json"),{env:n}=t,{client_id:r,send:i,authParams:s,connection:a}=e,c=await t.env.data.legacyClients.get(r);if(!c)throw new v(400,{message:"Client not found"});t.set("client_id",c.client_id),t.set("tenant_id",c.tenant.id);const l=a==="email"?e.email:e.phone_number,d=t.get("ip"),p=t.get("useragent"),f=t.get("auth0_client"),g=mn(f),_=await n.data.loginSessions.create(c.tenant.id,{authParams:{...s,client_id:r,username:l},expires_at:new Date(Date.now()+$s).toISOString(),csrf_token:pe(),ip:d,useragent:p,auth0Client:g}),w=await n.data.codes.create(c.tenant.id,{code_id:Bn(),code_type:"otp",login_id:_.id,expires_at:new Date(Date.now()+$s).toISOString(),redirect_uri:s.redirect_uri}),k=s?.ui_locales?.split(" ")?.map(z=>z.split("-")[0])[0];return i==="link"?await Lp(t,{to:l,code:w.code_id,authParams:{...s,client_id:r},language:k}):await Bp(t,{to:l,code:w.code_id,language:k}),t.html("OK")}).openapi(o.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:o.z.object({scope:o.z.string(),response_type:o.z.nativeEnum(mt),redirect_uri:o.z.string(),state:o.z.string(),nonce:o.z.string().optional(),verification_code:o.z.string(),connection:o.z.string(),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),audience:o.z.string().optional()})},responses:{302:{description:"Successful verification, redirecting to continue flow.",headers:o.z.object({Location:o.z.string().url()}).openapi({})},400:{description:"Bad Request (e.g., invalid client, invalid code, missing parameters).",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}},500:{description:"Internal Server Error.",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}}}}),async t=>{const{env:e}=t,{client_id:n,email:r,verification_code:i,redirect_uri:s,state:a,scope:c,audience:l,response_type:d,nonce:p}=t.req.valid("query"),f=await ki(e,n);t.set("client_id",f.client_id),t.set("tenant_id",f.tenant.id),t.set("connection","email");const g={client_id:n,redirect_uri:s,state:a,nonce:p,scope:c,audience:l,response_type:d};let _="Something went wrong. Please try again later.";try{const C=await Tp(t,{client_id:n,username:r,otp:i,authParams:g,enforceIpCheck:!0});if(C instanceof Response)return C;if(C&&typeof C=="object"&&"access_token"in C)return t.json(C)}catch(C){const N=C;"message"in N&&typeof N.message=="string"&&(_=N.message)}const w=t.get("ip"),k=t.get("useragent"),z=t.get("auth0_client"),I=mn(z),E=await e.data.loginSessions.create(f.tenant.id,{authParams:{...g,username:r},expires_at:new Date(Date.now()+$s).toISOString(),csrf_token:pe(),ip:w,useragent:k,auth0Client:I});return t.redirect(`${De(t.env)}invalid-session?state=${E.id}&error=${encodeURIComponent(_)}`,302)});class Ir extends v{_code;constructor(e,n){super(e,n),this._code=n?.code}get code(){return this._code}}async function c8(t,e,n){const r=n.app_metadata||{},i=r.failed_logins||[],s=Date.now(),a=[...i.filter(c=>s-c<1e3*60*5),s];r.failed_logins=a,await t.users.update(e,n.user_id,{app_metadata:r})}function l8(t){const n=(t.app_metadata||{}).failed_logins||[],r=Date.now();return n.filter(i=>r-i<1e3*60*5)}async function j1(t,e,n,r){const{data:i}=t.env,{username:s}=n;if(t.set("username",s),!s)throw new L(400,{message:"Username is required"});const a=await di({userAdapter:t.env.data.users,tenant_id:e.tenant.id,username:s,provider:"auth2"});if(!a)throw se(t,e.tenant.id,{type:ne.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"}),new Ir(403,{message:"User not found",code:"USER_NOT_FOUND"});const c=a.linked_to?await i.users.get(e.tenant.id,a.linked_to):a;if(!c)throw new Ir(403,{message:"User not found",code:"USER_NOT_FOUND"});t.set("connection",a.connection),t.set("user_id",c.user_id);const l=await i.passwords.get(e.tenant.id,a.user_id);if(!(l&&await Vr.compare(n.password,l.password)))throw se(t,e.tenant.id,{type:ne.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"}),c8(i,e.tenant.id,c),new Ir(403,{message:"Invalid password",code:"INVALID_PASSWORD"});if(l8(c).length>=3)throw se(t,e.tenant.id,{type:ne.FAILED_LOGIN,description:"Too many failed login attempts"}),new Ir(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"});if(!a.email_verified&&e.client_metadata?.email_validation==="enforced"){const g=r?.authParams?.ui_locales?.split(" ")?.map(_=>_.split("-")[0])[0];throw await Up(t,a,g),se(t,e.tenant.id,{type:ne.FAILED_LOGIN,description:"Email not verified"}),new Ir(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const f=c.app_metadata||{};return f.failed_logins&&f.failed_logins.length>0&&(f.failed_logins=[],i.users.update(e.tenant.id,c.user_id,{app_metadata:f})),{client:e,authParams:n,user:c,loginSession:r}}async function O1(t,e,n,r,i){const s=await j1(t,e,n,r);return Kt(t,{...s,ticketAuth:i,authStrategy:{strategy:"Username-Password-Authentication",strategy_type:"database"}})}async function d8(t,e,n,r){await Xa(t,{client:e,username:n,provider:"auth2",connection:"Username-Password-Authentication",isSocial:!1,ip:t.var.ip});let i=Bn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");for(;s;)i=Bn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");const a=t.get("ip"),c=t.get("useragent"),l=t.get("auth0_client"),d=mn(l),p=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+Qb).toISOString(),authParams:{client_id:e.client_id,username:n},csrf_token:pe(),ip:a,useragent:c,auth0Client:d}),f=await t.env.data.codes.create(e.tenant.id,{code_id:i,code_type:"password_reset",login_id:p.id,expires_at:new Date(Date.now()+Yb).toISOString()});await I1(t,n,f.code_id,r)}const u8=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:o.z.string(),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),realm:o.z.enum(["email"]),scope:o.z.string().optional()}),o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string(),realm:o.z.enum(["Username-Password-Authentication"]),scope:o.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async t=>{const e=t.req.valid("json"),{client_id:n,username:r}=e;t.set("username",r);const i=await t.env.data.legacyClients.get(n);if(!i)throw new v(400,{message:"Client not found"});t.set("client_id",n),t.set("tenant_id",i.tenant.id);const s=r.toLocaleLowerCase(),a=t.get("ip"),c=t.get("useragent"),l=t.get("auth0_client");let d;if("otp"in e)d=await Tp(t,{client_id:n,username:s,otp:e.otp});else if("password"in e){const p=await t.env.data.loginSessions.create(i.tenant.id,{expires_at:new Date(Date.now()+nr*1e3).toISOString(),authParams:{client_id:n,username:s},csrf_token:pe(),ip:a,useragent:c,auth0Client:mn(l)});d=await O1(t,i,{username:s,password:e.password,client_id:n},p,!0)}else throw new v(400,{message:"Code or password required"});if(!(d instanceof Response))throw new v(500,{message:"Unexpected response from loginWithPassword"});return d});function P1(t,e){if(!t||e.length===0)return!1;const n=vl(t)?.host??null;if(!n)return!1;for(const r of e){let i;if(r.startsWith("http://")||r.startsWith("https://")?i=vl(r)?.host??null:i=vl("https://"+r)?.host??null,n===i)return!0}return!1}function vl(t){try{return new URL(t)}catch{return null}}async function p8({ctx:t,session:e,client:n,authParams:r,connection:i,login_hint:s}){const a=new URL(t.req.url);t.var.custom_domain&&(a.hostname=t.var.custom_domain);const{ip:c,auth0_client:l,useragent:d}=t.var,p=mn(l),f=await t.env.data.loginSessions.create(n.tenant.id,{expires_at:new Date(Date.now()+nr*1e3).toISOString(),authParams:r,csrf_token:pe(),authorization_url:a.toString(),ip:c,useragent:d,auth0Client:p});if(e&&s){const g=await t.env.data.users.get(n.tenant.id,e.user_id);if(g?.email===s)return await t.env.data.loginSessions.update(n.tenant.id,f.id,{session_id:e.id}),Kt(t,{client:n,loginSession:{...f,session_id:e.id},authParams:r,user:g,sessionId:e.id})}if(i==="email"&&s){const g=Bn();return await t.env.data.codes.create(n.tenant.id,{code_id:g,code_type:"otp",login_id:f.id,expires_at:new Date(Date.now()+nr*1e3).toISOString(),redirect_uri:r.redirect_uri}),await Lp(t,{code:g,to:s,authParams:r}),t.redirect(`/u/enter-code?state=${f.id}`)}return e?t.redirect(`/u/check-account?state=${f.id}`):t.redirect(`/u/login/identifier?state=${f.id}`)}function f8(t){if(t==="Username-Password-Authentication")return"auth2";if(t==="email")return"email";throw new L(403,{message:"Invalid realm"})}async function h8(t,e,n,r,i){const{env:s}=t;t.set("connection",i);const a=await s.data.codes.get(e,n,"ticket");if(!a||a.used_at)throw new L(403,{message:"Ticket not found"});const c=await s.data.loginSessions.get(e,a.login_id);if(!c||!c.authParams.username)throw new L(403,{message:"Session not found"});const l=await s.data.legacyClients.get(c.authParams.client_id);if(!l)throw new L(403,{message:"Client not found"});t.set("client_id",c.authParams.client_id),await s.data.codes.used(e,n);const d=f8(i),f=l.connections.find(k=>k.name===i)?.strategy||(d==="auth2"?"Username-Password-Authentication":"email"),g=f==="Username-Password-Authentication"?"database":"passwordless";let _=await Xa(t,{username:c.authParams.username,provider:d,client:l,connection:i,isSocial:!1,ip:t.var.ip});t.set("username",_.email||_.phone_number),t.set("user_id",_.user_id);const w=await Jm(t,{user:_,client:l,loginSession:c});return Kt(t,{authParams:{scope:c.authParams?.scope,...r},loginSession:c,sessionId:w.id,user:_,client:l,authStrategy:{strategy:f,strategy_type:g}})}async function g8({ctx:t,client:e,session:n,redirect_uri:r,state:i,nonce:s,code_challenge_method:a,code_challenge:c,audience:l,scope:d,response_type:p,organization:f}){const{env:g}=t,_=new URL(r),w=`${_.protocol}//${_.host}`;async function k(W="Login required"){return se(t,e.tenant.id,{type:ne.FAILED_SILENT_AUTH,description:W}),t.html(Bl(w,JSON.stringify({error:"login_required",error_description:W,state:i})))}if(!n||n?.expires_at&&new Date(n.expires_at)<new Date||n?.idle_expires_at&&new Date(n.idle_expires_at)<new Date)return k();t.set("user_id",n.user_id);const I=await g.data.users.get(e.tenant.id,n.user_id);if(!I)return console.error("User not found",n.user_id),k("User not found");t.set("username",I.email),t.set("connection",I.connection);const E=await g.data.loginSessions.create(e.tenant.id,{csrf_token:pe(),authParams:{client_id:e.client_id,audience:l,scope:d,state:i,nonce:s,response_type:p,redirect_uri:r,organization:f},expires_at:new Date(Date.now()+300*1e3).toISOString(),session_id:n.id,ip:t.var.ip,useragent:t.var.useragent}),C={client:e,authParams:{client_id:e.client_id,audience:l,code_challenge_method:a,code_challenge:c,scope:d,state:i,nonce:s,response_type:p,redirect_uri:r},user:I,session_id:n.id},N=p===mt.CODE?await Gm(t,{user:I,client:e,authParams:C.authParams,login_id:E.id}):await Ga(t,C);await g.data.sessions.update(e.tenant.id,n.id,{used_at:new Date().toISOString(),last_interaction_at:new Date().toISOString(),login_session_id:E.id,device:{...n.device,last_ip:t.var.ip||"",last_user_agent:t.var.useragent||""},idle_expires_at:n.idle_expires_at?new Date(Date.now()+Ka*1e3).toISOString():void 0}),se(t,e.tenant.id,{type:ne.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});const O=new Headers;O.set("Server-Timing","cf-nel=0; no-cloudflare-insights=1");const G=Xs(e.tenant.id,n.id,t.req.header("host"));return O.set("set-cookie",G),t.html(Bl(w,JSON.stringify({...N,state:i})),{headers:O})}const m8=["email","sms","Username-Password-Authentication"],_8=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),vendor_id:o.z.string().optional(),redirect_uri:o.z.string(),scope:o.z.string().optional(),state:o.z.string(),prompt:o.z.string().optional(),response_mode:o.z.nativeEnum(Ht).optional(),response_type:o.z.nativeEnum(mt).optional(),audience:o.z.string().optional(),connection:o.z.string().optional(),nonce:o.z.string().optional(),max_age:o.z.string().optional(),login_ticket:o.z.string().optional(),code_challenge_method:o.z.nativeEnum(Ma).optional(),code_challenge:o.z.string().optional(),realm:o.z.string().optional(),auth0Client:o.z.string().optional(),organization:o.z.string().optional(),login_hint:o.z.string().optional(),screen_hint:o.z.string().openapi({example:"signup",description:'Optional hint for the screen to show, like "signup" or "login".'}).optional(),ui_locales:o.z.string().optional()})},responses:{200:{description:"Successful authorization response. This can be an HTML page (e.g., for silent authentication iframe or universal login page) or a JSON object containing tokens (e.g., for response_mode=web_message).",content:{"text/html":{schema:o.z.string().openapi({example:"<html>...</html>"})},"application/json":{schema:ku}}},302:{description:"Redirect to the client's redirect URI, an authentication page, or an external identity provider.",headers:o.z.object({Location:o.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:o.z.object({message:o.z.string()})}}},403:{description:"Forbidden. The request is not allowed (e.g., invalid origin).",content:{"application/json":{schema:o.z.object({message:o.z.string()})}}}}}),async t=>{const{env:e}=t,{client_id:n,vendor_id:r,redirect_uri:i,scope:s,state:a,audience:c,nonce:l,connection:d,response_type:p,response_mode:f,code_challenge:g,code_challenge_method:_,prompt:w,login_ticket:k,realm:z,auth0Client:I,login_hint:E,ui_locales:C,organization:N}=t.req.valid("query");t.set("log","authorize");const O=await ki(e,n);t.set("client_id",O.client_id),t.set("tenant_id",O.tenant.id);const G={redirect_uri:i.split("#")[0],scope:s,state:a,client_id:n,vendor_id:r,audience:c,nonce:l,prompt:w,response_type:p,response_mode:f,code_challenge:g,code_challenge_method:_,username:E,ui_locales:C,organization:N},W=t.req.header("origin");if(W&&!P1(W,O.web_origins||[]))throw new v(403,{message:`Origin ${W} not allowed`});if(G.redirect_uri){const fe=O.callbacks||[];if(t.var.host&&(fe.push(`${Fc(t.env)}/*`),fe.push(`${De(t.env)}/*`)),!Ap(G.redirect_uri,fe,{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw new v(400,{message:`Invalid redirect URI - ${G.redirect_uri}`})}const V=Kr(O.tenant.id,t.req.header("cookie")),Q=V?await e.data.sessions.get(O.tenant.id,V):void 0,re=Q&&!Q.revoked_at?Q:void 0;if(w=="none"){if(!p)throw new v(400,{message:"Missing response_type"});return g8({ctx:t,session:re||void 0,redirect_uri:i,state:a,response_type:p,client:O,nonce:l,code_challenge_method:_,code_challenge:g,audience:c,scope:s,organization:N})}if(O.connections.length===1&&O.connections[0]&&!m8.includes(O.connections[0].strategy||""))return Sg(t,O,O.connections[0].name,G);if(d&&d!=="email")return Sg(t,O,d,G);if(k){const fe=await h8(t,O.tenant.id,k,G,z);return fe instanceof Response?fe:t.json(fe)}const de=await p8({ctx:t,client:O,authParams:G,session:re||void 0,connection:d,login_hint:E});return de instanceof Response?de:t.json(de)}),y8=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),redirect_url:o.z.string().optional(),login_hint:o.z.string().toLowerCase().optional(),screen_hint:o.z.enum(["account","change-email","change-phone","change-password"]).optional().default("account")})},responses:{302:{description:"Redirect to the account page with login session state or login page",headers:o.z.object({Location:o.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:o.z.object({message:o.z.string()})}}}}}),async t=>{const{env:e}=t,{client_id:n,redirect_url:r,login_hint:i,screen_hint:s}=t.req.valid("query");t.set("log","account");const a=await ki(e,n);t.set("client_id",a.client_id),t.set("tenant_id",a.tenant.id);const c={redirect_uri:r||t.req.url,client_id:n,username:i},l=t.req.header("origin");if(l&&!P1(l,a.web_origins||[]))throw new v(403,{message:`Origin ${l} not allowed`});if(c.redirect_uri){const E=a.callbacks||[];if(t.var.host&&(E.push(`${Fc(t.env)}/*`),E.push(`${De(t.env)}/*`)),!Ap(c.redirect_uri,E,{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw new v(400,{message:`Invalid redirect URI - ${c.redirect_uri}`})}const d=Kr(a.tenant.id,t.req.header("cookie")),p=d?await e.data.sessions.get(a.tenant.id,d):void 0,f=p&&!p.revoked_at?p:void 0,g=new URL(t.req.url);t.var.custom_domain&&(g.hostname=t.var.custom_domain);const{ip:_,auth0_client:w,useragent:k}=t.var,z=mn(w),I=await e.data.loginSessions.create(a.tenant.id,{expires_at:new Date(Date.now()+nr*1e3).toISOString(),authParams:c,csrf_token:pe(),authorization_url:g.toString(),ip:_,useragent:k,auth0Client:z});if(f){if(i&&(await e.data.users.get(a.tenant.id,f.user_id))?.email!==i)return t.redirect(`${De(t.env)}login/identifier?state=${encodeURIComponent(I.id)}`);if(await e.data.loginSessions.update(a.tenant.id,I.id,{session_id:f.id}),s==="change-email"){const C=new URL("/u/account/change-email",t.req.url);return C.searchParams.set("state",I.id),t.redirect(C.toString())}const E=new URL("/u/account",t.req.url);return E.searchParams.set("state",I.id),t.redirect(E.toString())}return t.redirect(`${De(t.env)}login/identifier?state=${encodeURIComponent(I.id)}`)});function w8(t){const e=new o.OpenAPIHono;e.use(async(r,i)=>{const s=Bo(r,t.dataAdapter),a=t.dataAdapter.cache||ns({defaultTtlSeconds:0,maxEntries:100,cleanupIntervalMs:0}),c=t.dataAdapter.cache?300:0,l=Kc(s,{defaultTtl:c,cacheEntities:["tenants","connections","customDomains","clients","legacyClients","branding","themes","promptSettings","forms","resourceServers","roles","organizations","userRoles","userPermissions"],cache:a});return r.env.data=qc(r,l),i()}),e.use("/oauth/token",A0({origin:r=>r||"",allowHeaders:["Tenant-Id","Content-Type","Auth0-Client","Upgrade-Insecure-Requests"],allowMethods:["POST"],maxAge:600})),e.use(Vc).use(Hc).use(wp(e));const n=e.route("/v2/logout",Ek).route("/userinfo",Ck).route("/.well-known",Nk).route("/oauth/token",t8).route("/dbconnections",s8).route("/passwordless",a8).route("/co/authenticate",u8).route("/authorize",_8).route("/account",y8).route("/callback",zk);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"},security:[{oauth2:["openid","email","profile"]}]}),yp(n),n}async function ue(t,e,n=!1){const{env:r}=t,i=await r.data.loginSessions.get(t.var.tenant_id||"",e);if(!i)throw new L(400,{message:"Login session not found"});t.set("loginSession",i);const s=await ki(r,i.authParams.client_id);t.set("client_id",s.client_id),t.set("tenant_id",s.tenant.id);let a;try{a=y4(t,"auth_ui_style")}catch{a=void 0}let c=!1;t.req?.url&&(c=(new URL(t.req.url).searchParams.get("style")||a||"classic")==="shadcn");const l=await r.data.tenants.get(s.tenant.id);if(l){if(i.session_id&&!n){if(!i.authParams.redirect_uri)throw new L(400,{message:"Login session closed and no redirect URI available"});const g=new URL(i.authParams.redirect_uri);throw g.searchParams.set("error","access_denied"),g.searchParams.set("error_description","Login session closed"),i.authParams.state&&g.searchParams.set("state",i.authParams.state),new _r(g.toString(),302)}}else throw new L(400,{message:"Tenant not found"});const d=await r.data.themes.get(l.id,"default"),p=await r.data.branding.get(l.id),f=i.authParams?.ui_locales?.split(" ")?.map(g=>g.split("-")[0])?.find(g=>{if(Array.isArray(y.options.supportedLngs))return y.options.supportedLngs.includes(g)});return await y.changeLanguage(f||"sv"),{theme:d,branding:p,client:s,tenant:l,loginSession:i,useShadcn:c}}async function yr(t,e){const{theme:n,branding:r,client:i,tenant:s,loginSession:a,useShadcn:c}=await ue(t,e,!0),l=Kr(i.tenant.id,t.req.header("cookie")),d=l?await t.env.data.sessions.get(i.tenant.id,l):null;if(!d||!a.session_id)throw new _r(`/u/login/identifier?state=${encodeURIComponent(e)}`);const p=await t.env.data.sessions.get(i.tenant.id,a.session_id),f=await t.env.data.users.get(i.tenant.id,d.user_id);if(!f||p?.user_id!==d.user_id)throw new _r(`/u/login/identifier?state=${encodeURIComponent(e)}`);return{theme:n,branding:r,client:i,user:f,tenant:s,loginSession:a,session:p,useShadcn:c}}async function b8(t,e,n,r){if(r!==void 0)return r==="password";const i=await Cu({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:n});return i?.app_metadata.strategy?i.app_metadata.strategy==="Username-Password-Authentication":(await t.env.data.promptSettings.get(e.tenant.id)).password_first}var $l={exports:{}};var Qg;function v8(){return Qg||(Qg=1,(function(t){(function(){var e={}.hasOwnProperty;function n(){for(var s="",a=0;a<arguments.length;a++){var c=arguments[a];c&&(s=i(s,r(c)))}return s}function r(s){if(typeof s=="string"||typeof s=="number")return s;if(typeof s!="object")return"";if(Array.isArray(s))return n.apply(null,s);if(s.toString!==Object.prototype.toString&&!s.toString.toString().includes("[native code]"))return s.toString();var a="";for(var c in s)e.call(s,c)&&s[c]&&(a=i(a,c));return a}function i(s,a){return a?s?s+" "+a:s+a:s}t.exports?(n.default=n,t.exports=n):window.classNames=n})()})($l)),$l.exports}var $8=v8();const Y=Gv($8),Yt=({children:t,className:e,style:n})=>u("div",{className:Y("rounded-lg border border-gray-200 bg-white shadow-sm dark:border-gray-700 dark:bg-gray-800",e),style:n,children:t}),Qt=({children:t,className:e})=>u("div",{className:Y("flex flex-col space-y-1.5 p-6",e),children:t}),en=({children:t,className:e,style:n})=>u("h3",{className:Y("text-2xl font-semibold leading-none tracking-tight",e),style:n,children:t}),tn=({children:t,className:e,style:n})=>u("p",{className:Y("text-sm text-gray-500 dark:text-gray-400",e),style:n,children:t}),nn=({children:t,className:e})=>u("div",{className:Y("p-6 pt-0",e),children:t}),T1=({children:t,className:e})=>u("div",{className:Y("flex items-center p-6 pt-0",e),children:t}),jt=({id:t,type:e="text",name:n,placeholder:r,className:i,required:s=!1,value:a,disabled:c=!1,error:l=!1,style:d})=>u("input",{id:t,type:e,name:n,placeholder:r,required:s,value:a,disabled:c,className:Y("flex h-10 w-full rounded-md border border-gray-300 bg-white px-3 py-2 text-sm ring-offset-white transition-colors file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-gray-500 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 dark:border-gray-600 dark:bg-gray-800 dark:ring-offset-gray-900 dark:placeholder:text-gray-400",l&&"border-red-500 focus-visible:ring-red-500",i),style:d}),Wt=({children:t,className:e,variant:n="default",size:r="default",type:i="button",disabled:s=!1,style:a})=>{const c={default:"bg-blue-600 text-white hover:bg-blue-700 dark:bg-blue-700 dark:hover:bg-blue-800",outline:"border border-gray-300 bg-transparent hover:bg-gray-100 dark:border-gray-600 dark:hover:bg-gray-800",ghost:"hover:bg-gray-100 dark:hover:bg-gray-800"},l={default:"h-10 px-4 py-2",sm:"h-9 px-3 text-sm",lg:"h-11 px-8"};return u("button",{type:i,disabled:s,className:Y("inline-flex items-center justify-center gap-2 rounded-md font-medium transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 disabled:pointer-events-none disabled:opacity-50",c[n],l[r],e),style:a,children:t})},_t=({htmlFor:t,className:e,style:n,children:r})=>u("label",{for:t,className:Y("text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70",e),style:n,children:r}),Be=({children:t,className:e})=>u("div",{className:Y("mb-2 text-sm text-red",e),children:t}),Rt=({theme:t,branding:e})=>{const n=t?.widget?.logo_url||e?.logo_url;return n?u("div",{className:"inline-flex h-9 items-center",children:u("img",{src:n,className:"h-full w-auto",alt:"Logo"})}):u(Gc,{})},Ns=({error:t,theme:e,branding:n,loginSession:r,email:i,client:s,className:a,isEmbedded:c,browserName:l})=>{const d=s.connections.map(({strategy:_e})=>_e),p=d.includes("email")||d.includes("Username-Password-Authentication"),f=d.includes("sms"),g=d.map(_e=>{const $r=w1(_e);return $r?{name:_e,...$r}:null}).filter(_e=>_e!==null).filter(_e=>!(c&&_e.disableEmbeddedBrowsers)),_=p&&f?"email_or_phone_placeholder":p?"email_placeholder":"phone_placeholder",w=y.t(_,p&&f?"Email or Phone Number":p?"Email Address":"Phone Number"),k=e?.colors?.primary_button||n?.colors?.primary||"#0066cc",z=e?.colors?.primary_button_label||"#ffffff",I=e?.colors?.body_text||"#333333",E=e?.colors?.input_background||"#ffffff",C=e?.colors?.input_border||"#d1d5db",N=e?.colors?.input_filled_text||"#111827",O=e?.colors?.error||"#dc2626",G=e?.colors?.widget_background||"#ffffff",W=e?.colors?.widget_border||"#e5e7eb",V=e?.borders?.widget_corner_radius||8,Q=e?.borders?.input_border_radius||4,re=e?.borders?.button_border_radius||4,de=e?.borders?.show_widget_shadow??!0,fe=e?.fonts?.title?.size||24,ve=e?.fonts?.title?.bold??!0,me=e?.fonts?.body_text?.size||14,rn={backgroundColor:G,borderColor:W,borderRadius:`${V}px`,boxShadow:de?"0 1px 3px 0 rgba(0, 0, 0, 0.1)":"none",color:I},He={fontSize:`${fe}px`,fontWeight:ve?"700":"400",color:e?.colors?.header||I},Ze={fontSize:`${me}px`,color:e?.colors?.input_labels_placeholders||"#6b7280"},Lt={backgroundColor:E,borderColor:t?O:C,borderRadius:`${Q}px`,color:N},on={backgroundColor:k,color:z,borderRadius:`${re}px`},sn=e?.widget?.logo_position||"center",Pe=sn==="left"?"text-left":sn==="right"?"text-right":"text-center",ht=e?.widget?.logo_url||n?.logo_url,K=sn!=="none"&&ht;return u("div",{className:Y("flex flex-col gap-6 w-full max-w-sm",a),children:[u("div",{id:"incognito-warning-container",className:"mb-4 hidden rounded-md border border-yellow-200 bg-yellow-50 p-4 text-sm text-yellow-800 dark:border-yellow-900 dark:bg-yellow-900/20 dark:text-yellow-100",role:"alert",children:u("div",{className:"flex items-start gap-3",children:[u("span",{className:"text-lg leading-none",children:"⚠️"}),u("div",{children:[u("strong",{children:y.t("incognito_mode_detected")}),u("p",{className:"mt-1 text-xs opacity-90",children:y.t("incognito_mode_warning")})]})]})}),c&&u("div",{className:"mb-4 rounded-md border border-orange-200 bg-orange-50 p-4 text-sm text-orange-800 dark:border-orange-900 dark:bg-orange-900/20 dark:text-orange-100",role:"alert",children:u("div",{className:"flex items-start gap-3",children:[u("span",{className:"text-lg leading-none",children:"⚠️"}),u("div",{children:[u("strong",{children:y.t("embedded_browser_do_you_keep_logging_in")}),u("p",{className:"mt-1 text-xs opacity-90",children:y.t("embedded_browser_warning",{browserName:l||"the app"})})]})]})}),u(Yt,{style:rn,className:"border",children:[u(Qt,{children:[K&&u("div",{className:Y("mb-4",Pe),children:u(Rt,{theme:e,branding:n})}),u(en,{style:He,children:y.t("welcome","Login")}),u(tn,{style:Ze,children:y.t("login_description_template",{authMethod:y.t(_,{defaultValue:p&&f?"email or phone number":p?"email address":"phone number"}).toLocaleLowerCase(),defaultValue:"Enter your {{authMethod}} below to login to your account"})})]}),u(nn,{children:u("form",{method:"post",children:u("div",{className:"grid gap-6",children:[u("div",{className:"grid gap-2",children:[u(_t,{htmlFor:"username",style:Ze,children:y.t(_,p&&f?"Email or Phone Number":p?"Email":"Phone Number")}),u(jt,{id:"username",name:"username",type:"text",placeholder:w,required:!0,value:i||"",error:!!t,className:"border",style:Lt}),t&&u(Be,{children:t})]}),u(Wt,{type:"submit",className:"w-full transition-colors hover:brightness-90",style:on,children:y.t("continue","Continue")}),g.length>0&&u(Gc,{children:[u("div",{className:"relative text-center",style:{color:e?.colors?.input_labels_placeholders||"#6b7280",fontSize:`${me}px`},children:[u("div",{className:"absolute left-0 right-0 top-1/2 border-b",style:{borderColor:W}}),u("div",{className:"relative inline-block px-2",style:{backgroundColor:G},children:y.t("or","Or")})]}),u("div",{className:"flex gap-4 sm:flex-col short:flex-row",children:g.map(_e=>{const $r=_e.logo;return u("a",{href:`/authorize/redirect?state=${r.id}&connection=${_e.name}`,className:"inline-flex items-center justify-center gap-2 rounded-md font-medium transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 disabled:pointer-events-none disabled:opacity-50 border bg-transparent hover:bg-gray-100 dark:hover:bg-gray-800 h-10 px-4 py-2 w-full sm:w-full short:flex-1",style:{borderColor:C,borderRadius:`${re}px`,color:I},children:[u($r,{className:"h-5 w-5"}),u("span",{className:"sm:inline short:hidden",children:y.t("continue_with","Login with {{provider}}",{provider:_e.displayName})}),u("span",{className:"hidden short:inline",children:_e.displayName})]},_e.name)})})]})]})})})]})]})},R1=t=>u("div",{className:"mt-8",children:t.client?.client_metadata?.termsAndConditionsUrl&&u("div",{className:"text-xs text-gray-300",children:[y.t("agree_to")," ",u("a",{href:t.client.client_metadata.termsAndConditionsUrl,className:"text-primary hover:underline",target:"_blank",rel:"noreferrer",children:y.t("terms")})]})}),k8=t=>t==="small"?"text-base":t==="medium"?"text-2xl":t==="large"?"text-3xl":"",Ne=({name:t,size:e,className:n=""})=>{const r=k8(e);return u("span",{className:Y(`uicon-${t}`,n,r)})},x8=(t,e)=>{const n=t.replace("#",""),r=parseInt(n,16),i=r>>16&255,s=r>>8&255,a=r&255,c=Math.min(255,Math.round(i+(255-i)*e)),l=Math.min(255,Math.round(s+(255-s)*e)),d=Math.min(255,Math.round(a+(255-a)*e));return`#${(c<<16|l<<8|d).toString(16).padStart(6,"0")}`},S8=(t,e)=>{const n=t?.colors?.primary_button||e?.colors?.primary||"#000000",r=t?.colors?.base_hover_color||x8(n,.2),i=t?.colors?.primary_button_label||"#ffffff";return`
85
+ In order to be iterable, non-array objects must have a [Symbol.iterator]() method.`)}function U6(t,e){if(t){if(typeof t=="string")return Kg(t,e);var n={}.toString.call(t).slice(8,-1);return n==="Object"&&t.constructor&&(n=t.constructor.name),n==="Map"||n==="Set"?Array.from(t):n==="Arguments"||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)?Kg(t,e):void 0}}function Kg(t,e){(e==null||e>t.length)&&(e=t.length);for(var n=0,r=Array(e);n<e;n++)r[n]=t[n];return r}function D6(t,e){var n=t==null?null:typeof Symbol<"u"&&t[Symbol.iterator]||t["@@iterator"];if(n!=null){var r,i,s,a,c=[],l=!0,d=!1;try{if(s=(n=n.call(t)).next,e!==0)for(;!(l=(r=s.call(n)).done)&&(c.push(r.value),c.length!==e);l=!0);}catch(p){d=!0,i=p}finally{try{if(!l&&n.return!=null&&(a=n.return(),Object(a)!==a))return}finally{if(d)throw i}}return c}}function M6(t){if(Array.isArray(t))return t}function q6(t){var e=Array.prototype.slice.call(t),n=B6(e,4),r=n[0],i=n[1],s=n[2],a=n[3],c,l,d;if(typeof r=="string")c=r;else throw new TypeError("A text for parsing must be a string.");if(!i||typeof i=="string")a?(l=s,d=a):(l=void 0,d=s),i&&(l=O6({defaultCountry:i},l));else if(Fr(i))s?(l=i,d=s):d=i;else throw new Error("Invalid second argument: ".concat(i));return{text:c,options:l,metadata:d}}function Po(t){"@babel/helpers - typeof";return Po=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(e){return typeof e}:function(e){return e&&typeof Symbol=="function"&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},Po(t)}function Gg(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter(function(i){return Object.getOwnPropertyDescriptor(t,i).enumerable})),n.push.apply(n,r)}return n}function Wg(t){for(var e=1;e<arguments.length;e++){var n=arguments[e]!=null?arguments[e]:{};e%2?Gg(Object(n),!0).forEach(function(r){F6(t,r,n[r])}):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):Gg(Object(n)).forEach(function(r){Object.defineProperty(t,r,Object.getOwnPropertyDescriptor(n,r))})}return t}function F6(t,e,n){return(e=H6(e))in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function H6(t){var e=V6(t,"string");return Po(e)=="symbol"?e:e+""}function V6(t,e){if(Po(t)!="object"||!t)return t;var n=t[Symbol.toPrimitive];if(n!==void 0){var r=n.call(t,e);if(Po(r)!="object")return r;throw new TypeError("@@toPrimitive must return a primitive value.")}return(e==="string"?String:Number)(t)}function K6(t,e,n){e&&e.defaultCountry&&!Jk(e.defaultCountry,n)&&(e=Wg(Wg({},e),{},{defaultCountry:void 0}));try{return j6(t,e,n)}catch(r){if(!(r instanceof an))throw r}}function G6(){var t=q6(arguments),e=t.text,n=t.options,r=t.metadata;return K6(e,n,r)}function W6(){return Bk(G6,arguments)}function Xc(t,e="US"){const n=t.trim();if(n.includes("@")){const r=n.toLowerCase(),i=/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(r);return{connectionType:"email",normalized:i?r:null,isValid:i}}else if(/^\+?\d[\d\s\-().]*$/.test(n)){const r=W6(n,{defaultCountry:e});return r&&r.isValid()?{connectionType:"sms",normalized:r.number,isValid:!0}:{connectionType:"sms",normalized:null,isValid:!1}}else return{connectionType:"username",normalized:n,isValid:!0}}function Pp(t){let e=t.trim();e.startsWith("[")&&e.endsWith("]")&&(e=e.slice(1,-1));const n=e.indexOf("%");return n!==-1&&(e=e.slice(0,n)),e}function J6(t){const n=Pp(t).split(".");return n.length!==4?!1:n.every(r=>/^\d+$/.test(r)&&Number(r)>=0&&Number(r)<=255)}function X6(t){const e=Pp(t);if(e.length<2||e.indexOf(":")===-1||!/^[0-9a-fA-F:.]+$/.test(e))return!1;const n=e.split(":");return e.includes("::")?n.length<=8:n.length===8}function Z6(t){let e=t.trim();const n=/^\[([^\]]+)\](?::\d+)?$/,r=e.match(n);if(r&&r[1])return r[1];const i=e.lastIndexOf(":");if(i!==-1){const s=e.slice(0,i),a=e.slice(i+1);/^[0-9.]+$/.test(s)&&/^\d+$/.test(a)&&(e=s)}return e}function Jg(t){if(!t)return null;const e=Pp(Z6(t));return J6(e)?{family:4,normalized:e}:X6(e)?{family:6,normalized:e.toLowerCase()}:null}function Xg(t){if(t.includes("::")){let[e,n]=t.split("::"),r=e?e.split(":").filter(Boolean):[],i=n?n.split(":").filter(Boolean):[],s=8-(r.length+i.length);return[...r.map(a=>a.toLowerCase()||"0"),...Array(s).fill("0"),...i.map(a=>a.toLowerCase()||"0")]}else return t.split(":").map(e=>e.toLowerCase()||"0")}function Y6(t,e,n=!0){const r=Jg(t),i=Jg(e);if(!r||!i||r.family!==i.family)return!1;if(r.family===4)return r.normalized===i.normalized;const s=Xg(r.normalized),a=Xg(i.normalized);return n?s.length===8&&a.length===8&&s.join(":")===a.join(":"):s.slice(0,4).join(":")===a.slice(0,4).join(":")}class _r extends Error{location;status;constructor(e,n=302){super(`Redirect to ${e}`),this.name=_r.name,this.location=e,this.status=n}}const Q6=o.z.object({client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),otp:o.z.string(),authParams:uo.optional(),enforceIpCheck:o.z.boolean().optional().default(!1)});async function C1(t,{client_id:e,username:n,otp:r,authParams:i,enforceIpCheck:s=!1}){const a=t.get("ip"),c=t.get("countryCode"),{connectionType:l,normalized:d}=Xc(n,c);if(!d)throw new L(400,{message:"Invalid username format"});const p=await t.env.data.legacyClients.get(e);if(!p)throw new L(403,{message:"Client not found"});const{env:f}=t,g=await f.data.codes.get(p.tenant.id,r,"otp");if(!g)throw new L(400,{message:X("code_invalid")});if(g.expires_at<new Date().toISOString())throw new L(400,{message:X("code_expired")});if(g.used_at)throw new L(400,{message:X("code_used")});const _=await f.data.loginSessions.get(p.tenant.id,g.login_id);if(!_||_.authParams.username!==n)throw new L(400,{message:"Code not found or expired"});if(s&&_.ip&&a&&!Y6(_.ip,a))throw new _r(`${De(t.env)}invalid-session?state=${_.id}`);const w=await Xa(t,{client:p,username:d,provider:l,connection:l,isSocial:!1,ip:t.var.ip});return await f.data.codes.used(p.tenant.id,r),{user:w,client:p,loginSession:_,session_id:_.session_id,authParams:{..._.authParams,...i||{}}}}async function Tp(t,e){const n=await C1(t,e);return Kt(t,{authParams:n.authParams,client:n.client,user:n.user,loginSession:n.loginSession,authStrategy:{strategy:"email",strategy_type:"passwordless"}})}const Zg=o.z.object({client_id:o.z.string().optional(),client_secret:o.z.string().optional()}),Yg=o.z.union([b1.extend(Zg.shape),o.z.object({grant_type:o.z.literal("authorization_code"),client_id:o.z.string(),code:o.z.string(),redirect_uri:o.z.string(),code_verifier:o.z.string().min(43).max(128),organization:o.z.string().optional()}),o.z.object({grant_type:o.z.literal("authorization_code"),code:o.z.string(),redirect_uri:o.z.string().optional(),organization:o.z.string().optional(),...Zg.shape}),o.z.object({grant_type:o.z.literal("refresh_token"),client_id:o.z.string().optional(),refresh_token:o.z.string(),redirect_uri:o.z.string().optional(),client_secret:o.z.string().optional()}),o.z.object({grant_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),client_id:o.z.string(),username:o.z.string(),otp:o.z.string(),realm:o.z.enum(["email","sms"])})]);function e8(t){if(!t)return{};const[e,n]=t.split(" ");if(e?.toLowerCase()==="basic"&&n){const[r,i]=atob(n).split(":");return{client_id:r,client_secret:i}}return{}}const t8=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth2"],method:"post",path:"/",request:{body:{content:{"application/x-www-form-urlencoded":{schema:Yg},"application/json":{schema:Yg}}}},responses:{200:{content:{"application/json":{schema:ku}},description:"Tokens"},302:{description:"Redirect for further user interaction (e.g., MFA, consent).",headers:o.z.object({Location:o.z.string().url()}).openapi({})},400:{description:"Bad Request - The request was malformed or invalid.",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}},401:{description:"Unauthorized - Client authentication failed.",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}},403:{description:"Forbidden - User is not a member of the required organization.",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}}}}),async t=>{const n=(t.req.header("Content-Type")||"").includes("application/json")?t.req.valid("json"):t.req.valid("form"),r=e8(t.req.header("Authorization")),i={...n,...r};if(!i.client_id)throw new v(400,{message:"client_id is required"});t.set("client_id",i.client_id);let s;switch(n.grant_type){case xt.AuthorizationCode:s=await Ok(t,jk.parse(i));break;case xt.ClientCredential:s=await Ik(t,b1.parse(i));break;case xt.RefreshToken:s=await Tk(t,Pk.parse(i));break;case xt.OTP:s=await C1(t,Q6.parse(i));break;default:return t.json({error:"unsupported_grant_type",error_description:"Grant type not implemented"},400)}const a=new Headers;if(s.session_id){const d=Xs(s.client.tenant.id,s.session_id,t.var.host||"");a.set("Set-Cookie",d)}let c=[];if(s.authParams.audience)try{let d;if(n.grant_type===xt.ClientCredential)d=await Zs(t,{grantType:xt.ClientCredential,tenantId:s.client.tenant.id,clientId:s.client.client_id,audience:s.authParams.audience,requestedScopes:s.authParams.scope?.split(" ")||[],organizationId:s.organization?.id});else{if(!s.user?.user_id)throw new L(400,{error:"invalid_request",error_description:"User ID is required for user-based grants"});d=await Zs(t,{grantType:n.grant_type,tenantId:s.client.tenant.id,userId:s.user.user_id,clientId:s.client.client_id,audience:s.authParams.audience,requestedScopes:s.authParams.scope?.split(" ")||[],organizationId:s.organization?.id})}s.authParams.scope=d.scopes.join(" "),c=d.permissions}catch(d){if(d instanceof v)throw d;console.error("Error calculating scopes and permissions:",d)}const l=await Ga(t,{...s,grantType:n.grant_type,permissions:c.length>0?c:void 0});return t.json(l,{headers:a})});function n8(t){if(typeof t!="string")throw new TypeError("Expected a string");return t.replace(/[|\\{}()[\]^$+*?.]/g,"\\$&").replace(/-/g,"\\x2d")}const r8=[{id:0,value:"Too weak",minDiversity:0,minLength:0},{id:1,value:"Weak",minDiversity:2,minLength:8},{id:2,value:"Medium",minDiversity:4,minLength:10},{id:3,value:"Strong",minDiversity:4,minLength:12}],i8=(t,e=r8,n)=>{e[0].minDiversity=0,e[0].minLength=0;const r=t??"",i=[{key:"lowercase",regex:"[a-z]"},{key:"uppercase",regex:"[A-Z]"},{key:"number",regex:"[0-9]"},{key:"symbol",regex:n?`[${n8(n)}]`:"[^a-zA-Z0-9]"}];let s={};s.contains=i.filter(c=>new RegExp(`${c.regex}`).test(r)).map(c=>c.key),s.length=r.length;let a=e.filter(c=>s.contains.length>=c.minDiversity).filter(c=>s.length>=c.minLength).sort((c,l)=>l.id-c.id).map(c=>({id:c.id,value:c.value}));return Object.assign(s,a[0]),s};function Rp(t){return i8(t).id<2?!1:t.length>=8&&/[a-z]/.test(t)&&/[A-Z]/.test(t)&&/[0-9]/.test(t)&&/[^A-Za-z0-9]/.test(t)}async function as(t,e){const n=await t.env.data.emailProviders.get(t.var.tenant_id)||(t.env.DEFAULT_TENANT_ID?await t.env.data.emailProviders.get(t.env.DEFAULT_TENANT_ID):null);if(!n)throw new v(500,{message:"Email provider not found"});const r=t.env.emailProviders?.[n.name];if(!r)throw new v(500,{message:"Email provider not found"});await r({emailProvider:n,...e,from:n.default_from_address||`login@${t.env.ISSUER}`})}async function N1(t,e){if(!t.var.client_id)throw new v(500,{message:"Client not found"});const n=await ki(t.env,t.var.client_id),r=n.connections.find(a=>a.strategy==="sms");if(!r)throw new v(500,{message:"SMS provider not found"});const i=r.options?.provider||"twilio",s=t.env.smsProviders?.[i];if(!s)throw new v(500,{message:"SMS provider not found"});await s({options:r.options,to:e.to,from:e.from,text:e.text,template:"auth-code",data:{code:e.code,tenantName:n.tenant.friendly_name,tenantId:n.tenant.id}})}async function I1(t,e,n,r,i){const s=await t.env.data.tenants.get(t.var.tenant_id);if(!s)throw new v(500,{message:"Tenant not found"});const a=`${De(t.env)}reset-password?state=${r}&code=${n}`,c=await t.env.data.branding.get(t.var.tenant_id),l=c?.logo_url||"",d=c?.colors?.primary||"#7d68f4",p={vendorName:s.friendly_name,lng:"en"};await as(t,{to:e,subject:X("reset_password_title",p),html:`Click here to reset your password: ${De(t.env)}reset-password?state=${r}&code=${n}`,template:"auth-password-reset",data:{vendorName:s.friendly_name,logo:l,passwordResetUrl:a,supportUrl:s.support_url||"https://support.sesamy.com",buttonColor:d,passwordResetTitle:X("password_reset_title",p),resetPasswordEmailClickToReset:X("reset_password_email_click_to_reset",p),resetPasswordEmailReset:X("reset_password_email_reset",p),supportInfo:X("support_info",p),contactUs:X("contact_us",p),copyright:X("copyright",p),tenantName:s.friendly_name,tenantId:s.id}}),se(t,s.id,{type:ne.SUCCESS_CHANGE_PASSWORD_REQUEST,description:e})}async function Bp(t,{to:e,code:n,language:r}){const i=await t.env.data.tenants.get(t.var.tenant_id);if(!i)throw new v(500,{message:"Tenant not found"});const{connectionType:s}=Xc(e),a=await t.env.data.branding.get(t.var.tenant_id),c=a?.logo_url||"",l=a?.colors?.primary||"#7d68f4",d=new URL(De(t.env)),p={vendorName:i.friendly_name,vendorId:i.id,loginDomain:d.hostname,code:n,lng:r||"en"};s==="email"?await as(t,{to:e,subject:X("code_email_subject",p),html:`Click here to validate your email: ${De(t.env)}validate-email`,template:"auth-code",data:{code:n,vendorName:i.friendly_name,logo:c,supportUrl:i.support_url||"",buttonColor:l,welcomeToYourAccount:X("welcome_to_your_account",p),linkEmailClickToLogin:X("link_email_click_to_login",p),linkEmailLogin:X("link_email_login",p),linkEmailOrEnterCode:X("link_email_or_enter_code",p),codeValid30Mins:X("code_valid_30_minutes",p),supportInfo:X("support_info",p),contactUs:X("contact_us",p),copyright:X("copyright",p)}}):s==="sms"&&await N1(t,{to:e,text:X("sms_code_text",p),code:n,from:i.friendly_name}),se(t,i.id,{type:ne.CODE_LINK_SENT,description:e})}async function Lp(t,{to:e,code:n,authParams:r,language:i}){const s=await t.env.data.tenants.get(t.var.tenant_id);if(!s)throw new v(500,{message:"Tenant not found"});if(!r.redirect_uri)throw new v(400,{message:"redirect_uri is required"});const{connectionType:a}=Xc(e),c=await t.env.data.branding.get(t.var.tenant_id),l=c?.logo_url||"",d=c?.colors?.primary||"",p=new URL(Ee(t.env));p.pathname="passwordless/verify_redirect",p.searchParams.set("verification_code",n),p.searchParams.set("connection",a),p.searchParams.set("client_id",r.client_id),p.searchParams.set("redirect_uri",r.redirect_uri),p.searchParams.set("email",e),r.response_type&&p.searchParams.set("response_type",r.response_type),r.scope&&p.searchParams.set("scope",r.scope),r.state&&p.searchParams.set("state",r.state),r.nonce&&p.searchParams.set("nonce",r.nonce),r.code_challenge&&p.searchParams.set("code_challenge",r.code_challenge),r.code_challenge_method&&p.searchParams.set("code_challenge_method",r.code_challenge_method),r.audience&&p.searchParams.set("audience",r.audience);const f={vendorName:s.friendly_name,code:n,lng:i||"en"};if(a==="email")await as(t,{to:e,subject:X("code_email_subject",f),html:`Click here to validate your email: ${De(t.env)}validate-email`,template:"auth-link",data:{code:n,vendorName:s.friendly_name,logo:l,supportUrl:s.support_url||"",magicLink:p.toString(),buttonColor:d,welcomeToYourAccount:X("welcome_to_your_account",f),linkEmailClickToLogin:X("link_email_click_to_login",f),linkEmailLogin:X("link_email_login",f),linkEmailOrEnterCode:X("link_email_or_enter_code",f),codeValid30Mins:X("code_valid_30_minutes",f),supportInfo:X("support_info",f),contactUs:X("contact_us",f),copyright:X("copyright",f)}});else if(a==="sms")await N1(t,{to:e,text:`${X("link_sms_login",f)}: ${p.toString()}`,code:n,from:s.friendly_name});else throw new v(400,{message:"Only email and SMS connections are supported for magic links"});se(t,s.id,{type:ne.CODE_LINK_SENT,description:e})}async function Up(t,e,n){const r=await t.env.data.tenants.get(t.var.tenant_id);if(!r)throw new v(500,{message:"Tenant not found"});if(!e.email)throw new v(400,{message:"User has no email"});const i=await t.env.data.branding.get(t.var.tenant_id),s=i?.logo_url||"",a=i?.colors?.primary||"#7d68f4",c={vendorName:r.friendly_name,lng:n||"en"};await as(t,{to:e.email,subject:X("welcome_to_your_account",c),html:`Click here to validate your email: ${De(t.env)}validate-email`,template:"auth-verify-email",data:{vendorName:r.friendly_name,logo:s,emailValidationUrl:`${De(t.env)}validate-email`,supportUrl:r.support_url||"https://support.sesamy.com",buttonColor:a,welcomeToYourAccount:X("welcome_to_your_account",c),verifyEmailVerify:X("verify_email_verify",c),supportInfo:X("support_info",c),contactUs:X("contact_us",c),copyright:X("copyright",c)}})}async function o8(t,e,n,r,i){const s=await t.env.data.tenants.get(t.var.tenant_id);if(!s)throw new v(500,{message:"Tenant not found"});const a=await t.env.data.branding.get(t.var.tenant_id),c=a?.logo_url||"",l=a?.colors?.primary||"#7d68f4",d={vendorName:s.friendly_name,lng:"en"},p=`${De(t.env)}signup?state=${r}&code=${n}`;await as(t,{to:e,subject:X("register_password_account",d),html:`Click here to register: ${p}`,template:"auth-pre-signup-verification",data:{vendorName:s.friendly_name,logo:c,signupUrl:p,setPassword:X("set_password",d),registerPasswordAccount:X("register_password_account",d),clickToSignUpDescription:X("click_to_sign_up_description",d),supportUrl:s.support_url||"https://support.sesamy.com",buttonColor:l,welcomeToYourAccount:X("welcome_to_your_account",d),verifyEmailVerify:X("verify_email_verify",d),supportInfo:X("support_info",d),contactUs:X("contact_us",d),copyright:X("copyright",d)}})}const s8=new o.OpenAPIHono().openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/signup",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string()})}}}},responses:{200:{content:{"application/json":{schema:o.z.object({_id:o.z.string(),email:o.z.string().optional(),email_verified:o.z.boolean(),app_metadata:o.z.object({}),user_metadata:o.z.object({})})}},description:"Created user"}}}),async t=>{const{email:e,password:n,client_id:r}=t.req.valid("json"),i=await t.env.data.legacyClients.get(r);if(!i)throw new v(400,{message:"Client not found"});if(t.set("client_id",i.client_id),t.set("tenant_id",i.tenant.id),!Rp(n))throw new v(400,{message:"Password does not meet the requirements"});if(await ho({userAdapter:t.env.data.users,tenant_id:i.tenant.id,username:e,provider:"auth2"}))throw new v(400,{message:"Invalid sign up"});const a=await t.env.data.users.create(i.tenant.id,{user_id:`auth2|${Ha()}`,email:e,email_verified:!1,provider:"auth2",connection:"Username-Password-Authentication",is_social:!1});t.set("user_id",a.user_id),t.set("username",a.email),t.set("connection",a.connection);const c=await Vr.hash(n,10);return await t.env.data.passwords.create(i.tenant.id,{user_id:a.user_id,password:c,algorithm:"bcrypt"}),await Up(t,a),se(t,i.tenant.id,{type:ne.SUCCESS_SIGNUP,description:"Successful signup"}),t.json({_id:a.user_id,email:a.email,email_verified:!1,app_metadata:{},user_metadata:{}})}).openapi(o.createRoute({tags:["dbconnections"],method:"post",path:"/change_password",request:{body:{content:{"application/json":{schema:o.z.object({client_id:o.z.string(),connection:o.z.literal("Username-Password-Authentication"),email:o.z.string().transform(t=>t.toLowerCase())})}}}},responses:{200:{description:"Redirect to the client's redirect uri"}}}),async t=>{const{email:e,client_id:n}=t.req.valid("json"),r=await t.env.data.legacyClients.get(n);if(!r)throw new v(400,{message:"Client not found"});if(t.set("client_id",r.client_id),t.set("tenant_id",r.tenant.id),!await di({userAdapter:t.env.data.users,tenant_id:r.tenant.id,username:e,provider:"auth2"}))return t.html("If an account with that email exists, we've sent instructions to reset your password.");const s={client_id:n,username:e},a=await t.env.data.loginSessions.create(r.tenant.id,{expires_at:new Date(Date.now()+nr*1e3).toISOString(),authParams:s,csrf_token:pe(),ip:t.get("ip"),useragent:t.get("useragent"),auth0Client:mn(t.get("auth0_client"))});return await I1(t,e,a.id,a.authParams.state),t.html("If an account with that email exists, we've sent instructions to reset your password.")});function Bn(){const t="1234567890";let e="";for(let n=0;n<6;n+=1)e+=t[Math.floor(Math.random()*10)];return e.toString()}const a8=new o.OpenAPIHono().openapi(o.createRoute({tags:["passwordless"],method:"post",path:"/start",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({connection:o.z.literal("email"),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),send:o.z.enum(["link","code"]),authParams:uo.omit({client_id:!0})}),o.z.object({client_id:o.z.string(),connection:o.z.literal("sms"),phone_number:o.z.string(),send:o.z.enum(["link","code"]),authParams:uo.omit({client_id:!0})})])}}}},responses:{200:{description:"Status"}}}),async t=>{const e=t.req.valid("json"),{env:n}=t,{client_id:r,send:i,authParams:s,connection:a}=e,c=await t.env.data.legacyClients.get(r);if(!c)throw new v(400,{message:"Client not found"});t.set("client_id",c.client_id),t.set("tenant_id",c.tenant.id);const l=a==="email"?e.email:e.phone_number,d=t.get("ip"),p=t.get("useragent"),f=t.get("auth0_client"),g=mn(f),_=await n.data.loginSessions.create(c.tenant.id,{authParams:{...s,client_id:r,username:l},expires_at:new Date(Date.now()+$s).toISOString(),csrf_token:pe(),ip:d,useragent:p,auth0Client:g}),w=await n.data.codes.create(c.tenant.id,{code_id:Bn(),code_type:"otp",login_id:_.id,expires_at:new Date(Date.now()+$s).toISOString(),redirect_uri:s.redirect_uri}),k=s?.ui_locales?.split(" ")?.map(z=>z.split("-")[0])[0];return i==="link"?await Lp(t,{to:l,code:w.code_id,authParams:{...s,client_id:r},language:k}):await Bp(t,{to:l,code:w.code_id,language:k}),t.html("OK")}).openapi(o.createRoute({tags:["passwordless"],method:"get",path:"/verify_redirect",request:{query:o.z.object({scope:o.z.string(),response_type:o.z.nativeEnum(mt),redirect_uri:o.z.string(),state:o.z.string(),nonce:o.z.string().optional(),verification_code:o.z.string(),connection:o.z.string(),client_id:o.z.string(),email:o.z.string().transform(t=>t.toLowerCase()),audience:o.z.string().optional()})},responses:{302:{description:"Successful verification, redirecting to continue flow.",headers:o.z.object({Location:o.z.string().url()}).openapi({})},400:{description:"Bad Request (e.g., invalid client, invalid code, missing parameters).",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}},500:{description:"Internal Server Error.",content:{"application/json":{schema:o.z.object({error:o.z.string(),error_description:o.z.string().optional()})}}}}}),async t=>{const{env:e}=t,{client_id:n,email:r,verification_code:i,redirect_uri:s,state:a,scope:c,audience:l,response_type:d,nonce:p}=t.req.valid("query"),f=await ki(e,n);t.set("client_id",f.client_id),t.set("tenant_id",f.tenant.id),t.set("connection","email");const g={client_id:n,redirect_uri:s,state:a,nonce:p,scope:c,audience:l,response_type:d};let _="Something went wrong. Please try again later.";try{const C=await Tp(t,{client_id:n,username:r,otp:i,authParams:g,enforceIpCheck:!0});if(C instanceof Response)return C;if(C&&typeof C=="object"&&"access_token"in C)return t.json(C)}catch(C){const N=C;"message"in N&&typeof N.message=="string"&&(_=N.message)}const w=t.get("ip"),k=t.get("useragent"),z=t.get("auth0_client"),I=mn(z),E=await e.data.loginSessions.create(f.tenant.id,{authParams:{...g,username:r},expires_at:new Date(Date.now()+$s).toISOString(),csrf_token:pe(),ip:w,useragent:k,auth0Client:I});return t.redirect(`${De(t.env)}invalid-session?state=${E.id}&error=${encodeURIComponent(_)}`,302)});class Ir extends v{_code;constructor(e,n){super(e,n),this._code=n?.code}get code(){return this._code}}async function c8(t,e,n){const r=n.app_metadata||{},i=r.failed_logins||[],s=Date.now(),a=[...i.filter(c=>s-c<1e3*60*5),s];r.failed_logins=a,await t.users.update(e,n.user_id,{app_metadata:r})}function l8(t){const n=(t.app_metadata||{}).failed_logins||[],r=Date.now();return n.filter(i=>r-i<1e3*60*5)}async function j1(t,e,n,r){const{data:i}=t.env,{username:s}=n;if(t.set("username",s),!s)throw new L(400,{message:"Username is required"});const a=await di({userAdapter:t.env.data.users,tenant_id:e.tenant.id,username:s,provider:"auth2"});if(!a)throw se(t,e.tenant.id,{type:ne.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid user"}),new Ir(403,{message:"User not found",code:"USER_NOT_FOUND"});const c=a.linked_to?await i.users.get(e.tenant.id,a.linked_to):a;if(!c)throw new Ir(403,{message:"User not found",code:"USER_NOT_FOUND"});if(t.set("connection",a.connection),t.set("user_id",c.user_id),l8(c).length>=3)throw se(t,e.tenant.id,{type:ne.FAILED_LOGIN,description:"Too many failed login attempts"}),new Ir(403,{message:"Too many failed login attempts",code:"TOO_MANY_FAILED_LOGINS"});const d=await i.passwords.get(e.tenant.id,a.user_id);if(!(d&&await Vr.compare(n.password,d.password)))throw se(t,e.tenant.id,{type:ne.FAILED_LOGIN_INCORRECT_PASSWORD,description:"Invalid password"}),c8(i,e.tenant.id,c),new Ir(403,{message:"Invalid password",code:"INVALID_PASSWORD"});if(!a.email_verified&&e.client_metadata?.email_validation==="enforced"){const g=r?.authParams?.ui_locales?.split(" ")?.map(_=>_.split("-")[0])[0];throw await Up(t,a,g),se(t,e.tenant.id,{type:ne.FAILED_LOGIN,description:"Email not verified"}),new Ir(403,{message:"Email not verified",code:"EMAIL_NOT_VERIFIED"})}const f=c.app_metadata||{};return f.failed_logins&&f.failed_logins.length>0&&(f.failed_logins=[],i.users.update(e.tenant.id,c.user_id,{app_metadata:f})),{client:e,authParams:n,user:c,loginSession:r}}async function O1(t,e,n,r,i){const s=await j1(t,e,n,r);return Kt(t,{...s,ticketAuth:i,authStrategy:{strategy:"Username-Password-Authentication",strategy_type:"database"}})}async function d8(t,e,n,r){await Xa(t,{client:e,username:n,provider:"auth2",connection:"Username-Password-Authentication",isSocial:!1,ip:t.var.ip});let i=Bn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");for(;s;)i=Bn(),s=await t.env.data.codes.get(e.tenant.id,i,"password_reset");const a=t.get("ip"),c=t.get("useragent"),l=t.get("auth0_client"),d=mn(l),p=await t.env.data.loginSessions.create(e.tenant.id,{expires_at:new Date(Date.now()+Qb).toISOString(),authParams:{client_id:e.client_id,username:n},csrf_token:pe(),ip:a,useragent:c,auth0Client:d}),f=await t.env.data.codes.create(e.tenant.id,{code_id:i,code_type:"password_reset",login_id:p.id,expires_at:new Date(Date.now()+Yb).toISOString()});await I1(t,n,f.code_id,r)}const u8=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"post",path:"/",request:{body:{content:{"application/json":{schema:o.z.union([o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/passwordless/otp"),otp:o.z.string(),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),realm:o.z.enum(["email"]),scope:o.z.string().optional()}),o.z.object({credential_type:o.z.literal("http://auth0.com/oauth/grant-type/password-realm"),client_id:o.z.string(),username:o.z.string().transform(t=>t.toLowerCase()),password:o.z.string(),realm:o.z.enum(["Username-Password-Authentication"]),scope:o.z.string().optional()})])}}}},responses:{200:{description:"List of tenants"}}}),async t=>{const e=t.req.valid("json"),{client_id:n,username:r}=e;t.set("username",r);const i=await t.env.data.legacyClients.get(n);if(!i)throw new v(400,{message:"Client not found"});t.set("client_id",n),t.set("tenant_id",i.tenant.id);const s=r.toLocaleLowerCase(),a=t.get("ip"),c=t.get("useragent"),l=t.get("auth0_client");let d;if("otp"in e)d=await Tp(t,{client_id:n,username:s,otp:e.otp});else if("password"in e){const p=await t.env.data.loginSessions.create(i.tenant.id,{expires_at:new Date(Date.now()+nr*1e3).toISOString(),authParams:{client_id:n,username:s},csrf_token:pe(),ip:a,useragent:c,auth0Client:mn(l)});d=await O1(t,i,{username:s,password:e.password,client_id:n},p,!0)}else throw new v(400,{message:"Code or password required"});if(!(d instanceof Response))throw new v(500,{message:"Unexpected response from loginWithPassword"});return d});function P1(t,e){if(!t||e.length===0)return!1;const n=vl(t)?.host??null;if(!n)return!1;for(const r of e){let i;if(r.startsWith("http://")||r.startsWith("https://")?i=vl(r)?.host??null:i=vl("https://"+r)?.host??null,n===i)return!0}return!1}function vl(t){try{return new URL(t)}catch{return null}}async function p8({ctx:t,session:e,client:n,authParams:r,connection:i,login_hint:s}){const a=new URL(t.req.url);t.var.custom_domain&&(a.hostname=t.var.custom_domain);const{ip:c,auth0_client:l,useragent:d}=t.var,p=mn(l),f=await t.env.data.loginSessions.create(n.tenant.id,{expires_at:new Date(Date.now()+nr*1e3).toISOString(),authParams:r,csrf_token:pe(),authorization_url:a.toString(),ip:c,useragent:d,auth0Client:p});if(e&&s){const g=await t.env.data.users.get(n.tenant.id,e.user_id);if(g?.email===s)return await t.env.data.loginSessions.update(n.tenant.id,f.id,{session_id:e.id}),Kt(t,{client:n,loginSession:{...f,session_id:e.id},authParams:r,user:g,sessionId:e.id})}if(i==="email"&&s){const g=Bn();return await t.env.data.codes.create(n.tenant.id,{code_id:g,code_type:"otp",login_id:f.id,expires_at:new Date(Date.now()+nr*1e3).toISOString(),redirect_uri:r.redirect_uri}),await Lp(t,{code:g,to:s,authParams:r}),t.redirect(`/u/enter-code?state=${f.id}`)}return e?t.redirect(`/u/check-account?state=${f.id}`):t.redirect(`/u/login/identifier?state=${f.id}`)}function f8(t){if(t==="Username-Password-Authentication")return"auth2";if(t==="email")return"email";throw new L(403,{message:"Invalid realm"})}async function h8(t,e,n,r,i){const{env:s}=t;t.set("connection",i);const a=await s.data.codes.get(e,n,"ticket");if(!a||a.used_at)throw new L(403,{message:"Ticket not found"});const c=await s.data.loginSessions.get(e,a.login_id);if(!c||!c.authParams.username)throw new L(403,{message:"Session not found"});const l=await s.data.legacyClients.get(c.authParams.client_id);if(!l)throw new L(403,{message:"Client not found"});t.set("client_id",c.authParams.client_id),await s.data.codes.used(e,n);const d=f8(i),f=l.connections.find(k=>k.name===i)?.strategy||(d==="auth2"?"Username-Password-Authentication":"email"),g=f==="Username-Password-Authentication"?"database":"passwordless";let _=await Xa(t,{username:c.authParams.username,provider:d,client:l,connection:i,isSocial:!1,ip:t.var.ip});t.set("username",_.email||_.phone_number),t.set("user_id",_.user_id);const w=await Jm(t,{user:_,client:l,loginSession:c});return Kt(t,{authParams:{scope:c.authParams?.scope,...r},loginSession:c,sessionId:w.id,user:_,client:l,authStrategy:{strategy:f,strategy_type:g}})}async function g8({ctx:t,client:e,session:n,redirect_uri:r,state:i,nonce:s,code_challenge_method:a,code_challenge:c,audience:l,scope:d,response_type:p,organization:f}){const{env:g}=t,_=new URL(r),w=`${_.protocol}//${_.host}`;async function k(W="Login required"){return se(t,e.tenant.id,{type:ne.FAILED_SILENT_AUTH,description:W}),t.html(Bl(w,JSON.stringify({error:"login_required",error_description:W,state:i})))}if(!n||n?.expires_at&&new Date(n.expires_at)<new Date||n?.idle_expires_at&&new Date(n.idle_expires_at)<new Date)return k();t.set("user_id",n.user_id);const I=await g.data.users.get(e.tenant.id,n.user_id);if(!I)return console.error("User not found",n.user_id),k("User not found");t.set("username",I.email),t.set("connection",I.connection);const E=await g.data.loginSessions.create(e.tenant.id,{csrf_token:pe(),authParams:{client_id:e.client_id,audience:l,scope:d,state:i,nonce:s,response_type:p,redirect_uri:r,organization:f},expires_at:new Date(Date.now()+300*1e3).toISOString(),session_id:n.id,ip:t.var.ip,useragent:t.var.useragent}),C={client:e,authParams:{client_id:e.client_id,audience:l,code_challenge_method:a,code_challenge:c,scope:d,state:i,nonce:s,response_type:p,redirect_uri:r},user:I,session_id:n.id},N=p===mt.CODE?await Gm(t,{user:I,client:e,authParams:C.authParams,login_id:E.id}):await Ga(t,C);await g.data.sessions.update(e.tenant.id,n.id,{used_at:new Date().toISOString(),last_interaction_at:new Date().toISOString(),login_session_id:E.id,device:{...n.device,last_ip:t.var.ip||"",last_user_agent:t.var.useragent||""},idle_expires_at:n.idle_expires_at?new Date(Date.now()+Ka*1e3).toISOString():void 0}),se(t,e.tenant.id,{type:ne.SUCCESS_SILENT_AUTH,description:"Successful silent authentication"});const O=new Headers;O.set("Server-Timing","cf-nel=0; no-cloudflare-insights=1");const G=Xs(e.tenant.id,n.id,t.req.header("host"));return O.set("set-cookie",G),t.html(Bl(w,JSON.stringify({...N,state:i})),{headers:O})}const m8=["email","sms","Username-Password-Authentication"],_8=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),vendor_id:o.z.string().optional(),redirect_uri:o.z.string(),scope:o.z.string().optional(),state:o.z.string(),prompt:o.z.string().optional(),response_mode:o.z.nativeEnum(Ht).optional(),response_type:o.z.nativeEnum(mt).optional(),audience:o.z.string().optional(),connection:o.z.string().optional(),nonce:o.z.string().optional(),max_age:o.z.string().optional(),login_ticket:o.z.string().optional(),code_challenge_method:o.z.nativeEnum(Ma).optional(),code_challenge:o.z.string().optional(),realm:o.z.string().optional(),auth0Client:o.z.string().optional(),organization:o.z.string().optional(),login_hint:o.z.string().optional(),screen_hint:o.z.string().openapi({example:"signup",description:'Optional hint for the screen to show, like "signup" or "login".'}).optional(),ui_locales:o.z.string().optional()})},responses:{200:{description:"Successful authorization response. This can be an HTML page (e.g., for silent authentication iframe or universal login page) or a JSON object containing tokens (e.g., for response_mode=web_message).",content:{"text/html":{schema:o.z.string().openapi({example:"<html>...</html>"})},"application/json":{schema:ku}}},302:{description:"Redirect to the client's redirect URI, an authentication page, or an external identity provider.",headers:o.z.object({Location:o.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:o.z.object({message:o.z.string()})}}},403:{description:"Forbidden. The request is not allowed (e.g., invalid origin).",content:{"application/json":{schema:o.z.object({message:o.z.string()})}}}}}),async t=>{const{env:e}=t,{client_id:n,vendor_id:r,redirect_uri:i,scope:s,state:a,audience:c,nonce:l,connection:d,response_type:p,response_mode:f,code_challenge:g,code_challenge_method:_,prompt:w,login_ticket:k,realm:z,auth0Client:I,login_hint:E,ui_locales:C,organization:N}=t.req.valid("query");t.set("log","authorize");const O=await ki(e,n);t.set("client_id",O.client_id),t.set("tenant_id",O.tenant.id);const G={redirect_uri:i.split("#")[0],scope:s,state:a,client_id:n,vendor_id:r,audience:c,nonce:l,prompt:w,response_type:p,response_mode:f,code_challenge:g,code_challenge_method:_,username:E,ui_locales:C,organization:N},W=t.req.header("origin");if(W&&!P1(W,O.web_origins||[]))throw new v(403,{message:`Origin ${W} not allowed`});if(G.redirect_uri){const fe=O.callbacks||[];if(t.var.host&&(fe.push(`${Fc(t.env)}/*`),fe.push(`${De(t.env)}/*`)),!Ap(G.redirect_uri,fe,{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw new v(400,{message:`Invalid redirect URI - ${G.redirect_uri}`})}const V=Kr(O.tenant.id,t.req.header("cookie")),Q=V?await e.data.sessions.get(O.tenant.id,V):void 0,re=Q&&!Q.revoked_at?Q:void 0;if(w=="none"){if(!p)throw new v(400,{message:"Missing response_type"});return g8({ctx:t,session:re||void 0,redirect_uri:i,state:a,response_type:p,client:O,nonce:l,code_challenge_method:_,code_challenge:g,audience:c,scope:s,organization:N})}if(O.connections.length===1&&O.connections[0]&&!m8.includes(O.connections[0].strategy||""))return Sg(t,O,O.connections[0].name,G);if(d&&d!=="email")return Sg(t,O,d,G);if(k){const fe=await h8(t,O.tenant.id,k,G,z);return fe instanceof Response?fe:t.json(fe)}const de=await p8({ctx:t,client:O,authParams:G,session:re||void 0,connection:d,login_hint:E});return de instanceof Response?de:t.json(de)}),y8=new o.OpenAPIHono().openapi(o.createRoute({tags:["oauth"],method:"get",path:"/",request:{query:o.z.object({client_id:o.z.string(),redirect_url:o.z.string().optional(),login_hint:o.z.string().toLowerCase().optional(),screen_hint:o.z.enum(["account","change-email","change-phone","change-password"]).optional().default("account")})},responses:{302:{description:"Redirect to the account page with login session state or login page",headers:o.z.object({Location:o.z.string().url()})},400:{description:"Bad Request. Invalid parameters or other client-side errors.",content:{"application/json":{schema:o.z.object({message:o.z.string()})}}}}}),async t=>{const{env:e}=t,{client_id:n,redirect_url:r,login_hint:i,screen_hint:s}=t.req.valid("query");t.set("log","account");const a=await ki(e,n);t.set("client_id",a.client_id),t.set("tenant_id",a.tenant.id);const c={redirect_uri:r||t.req.url,client_id:n,username:i},l=t.req.header("origin");if(l&&!P1(l,a.web_origins||[]))throw new v(403,{message:`Origin ${l} not allowed`});if(c.redirect_uri){const E=a.callbacks||[];if(t.var.host&&(E.push(`${Fc(t.env)}/*`),E.push(`${De(t.env)}/*`)),!Ap(c.redirect_uri,E,{allowPathWildcards:!0,allowSubDomainWildcards:!0}))throw new v(400,{message:`Invalid redirect URI - ${c.redirect_uri}`})}const d=Kr(a.tenant.id,t.req.header("cookie")),p=d?await e.data.sessions.get(a.tenant.id,d):void 0,f=p&&!p.revoked_at?p:void 0,g=new URL(t.req.url);t.var.custom_domain&&(g.hostname=t.var.custom_domain);const{ip:_,auth0_client:w,useragent:k}=t.var,z=mn(w),I=await e.data.loginSessions.create(a.tenant.id,{expires_at:new Date(Date.now()+nr*1e3).toISOString(),authParams:c,csrf_token:pe(),authorization_url:g.toString(),ip:_,useragent:k,auth0Client:z});if(f){if(i&&(await e.data.users.get(a.tenant.id,f.user_id))?.email!==i)return t.redirect(`${De(t.env)}login/identifier?state=${encodeURIComponent(I.id)}`);if(await e.data.loginSessions.update(a.tenant.id,I.id,{session_id:f.id}),s==="change-email"){const C=new URL("/u/account/change-email",t.req.url);return C.searchParams.set("state",I.id),t.redirect(C.toString())}const E=new URL("/u/account",t.req.url);return E.searchParams.set("state",I.id),t.redirect(E.toString())}return t.redirect(`${De(t.env)}login/identifier?state=${encodeURIComponent(I.id)}`)});function w8(t){const e=new o.OpenAPIHono;e.use(async(r,i)=>{const s=Bo(r,t.dataAdapter),a=t.dataAdapter.cache||ns({defaultTtlSeconds:0,maxEntries:100,cleanupIntervalMs:0}),c=t.dataAdapter.cache?300:0,l=Kc(s,{defaultTtl:c,cacheEntities:["tenants","connections","customDomains","clients","legacyClients","branding","themes","promptSettings","forms","resourceServers","roles","organizations","userRoles","userPermissions"],cache:a});return r.env.data=qc(r,l),i()}),e.use("/oauth/token",A0({origin:r=>r||"",allowHeaders:["Tenant-Id","Content-Type","Auth0-Client","Upgrade-Insecure-Requests"],allowMethods:["POST"],maxAge:600})),e.use(Vc).use(Hc).use(wp(e));const n=e.route("/v2/logout",Ek).route("/userinfo",Ck).route("/.well-known",Nk).route("/oauth/token",t8).route("/dbconnections",s8).route("/passwordless",a8).route("/co/authenticate",u8).route("/authorize",_8).route("/account",y8).route("/callback",zk);return n.doc("/spec",{openapi:"3.0.0",info:{version:"1.0.0",title:"Oauth API"},security:[{oauth2:["openid","email","profile"]}]}),yp(n),n}async function ue(t,e,n=!1){const{env:r}=t,i=await r.data.loginSessions.get(t.var.tenant_id||"",e);if(!i)throw new L(400,{message:"Login session not found"});t.set("loginSession",i);const s=await ki(r,i.authParams.client_id);t.set("client_id",s.client_id),t.set("tenant_id",s.tenant.id);let a;try{a=y4(t,"auth_ui_style")}catch{a=void 0}let c=!1;t.req?.url&&(c=(new URL(t.req.url).searchParams.get("style")||a||"classic")==="shadcn");const l=await r.data.tenants.get(s.tenant.id);if(l){if(i.session_id&&!n){if(!i.authParams.redirect_uri)throw new L(400,{message:"Login session closed and no redirect URI available"});const g=new URL(i.authParams.redirect_uri);throw g.searchParams.set("error","access_denied"),g.searchParams.set("error_description","Login session closed"),i.authParams.state&&g.searchParams.set("state",i.authParams.state),new _r(g.toString(),302)}}else throw new L(400,{message:"Tenant not found"});const d=await r.data.themes.get(l.id,"default"),p=await r.data.branding.get(l.id),f=i.authParams?.ui_locales?.split(" ")?.map(g=>g.split("-")[0])?.find(g=>{if(Array.isArray(y.options.supportedLngs))return y.options.supportedLngs.includes(g)});return await y.changeLanguage(f||"sv"),{theme:d,branding:p,client:s,tenant:l,loginSession:i,useShadcn:c}}async function yr(t,e){const{theme:n,branding:r,client:i,tenant:s,loginSession:a,useShadcn:c}=await ue(t,e,!0),l=Kr(i.tenant.id,t.req.header("cookie")),d=l?await t.env.data.sessions.get(i.tenant.id,l):null;if(!d||!a.session_id)throw new _r(`/u/login/identifier?state=${encodeURIComponent(e)}`);const p=await t.env.data.sessions.get(i.tenant.id,a.session_id),f=await t.env.data.users.get(i.tenant.id,d.user_id);if(!f||p?.user_id!==d.user_id)throw new _r(`/u/login/identifier?state=${encodeURIComponent(e)}`);return{theme:n,branding:r,client:i,user:f,tenant:s,loginSession:a,session:p,useShadcn:c}}async function b8(t,e,n,r){if(r!==void 0)return r==="password";const i=await Cu({userAdapter:t.env.data.users,tenant_id:e.tenant.id,email:n});return i?.app_metadata.strategy?i.app_metadata.strategy==="Username-Password-Authentication":(await t.env.data.promptSettings.get(e.tenant.id)).password_first}var $l={exports:{}};var Qg;function v8(){return Qg||(Qg=1,(function(t){(function(){var e={}.hasOwnProperty;function n(){for(var s="",a=0;a<arguments.length;a++){var c=arguments[a];c&&(s=i(s,r(c)))}return s}function r(s){if(typeof s=="string"||typeof s=="number")return s;if(typeof s!="object")return"";if(Array.isArray(s))return n.apply(null,s);if(s.toString!==Object.prototype.toString&&!s.toString.toString().includes("[native code]"))return s.toString();var a="";for(var c in s)e.call(s,c)&&s[c]&&(a=i(a,c));return a}function i(s,a){return a?s?s+" "+a:s+a:s}t.exports?(n.default=n,t.exports=n):window.classNames=n})()})($l)),$l.exports}var $8=v8();const Y=Gv($8),Yt=({children:t,className:e,style:n})=>u("div",{className:Y("rounded-lg border border-gray-200 bg-white shadow-sm dark:border-gray-700 dark:bg-gray-800",e),style:n,children:t}),Qt=({children:t,className:e})=>u("div",{className:Y("flex flex-col space-y-1.5 p-6",e),children:t}),en=({children:t,className:e,style:n})=>u("h3",{className:Y("text-2xl font-semibold leading-none tracking-tight",e),style:n,children:t}),tn=({children:t,className:e,style:n})=>u("p",{className:Y("text-sm text-gray-500 dark:text-gray-400",e),style:n,children:t}),nn=({children:t,className:e})=>u("div",{className:Y("p-6 pt-0",e),children:t}),T1=({children:t,className:e})=>u("div",{className:Y("flex items-center p-6 pt-0",e),children:t}),jt=({id:t,type:e="text",name:n,placeholder:r,className:i,required:s=!1,value:a,disabled:c=!1,error:l=!1,style:d})=>u("input",{id:t,type:e,name:n,placeholder:r,required:s,value:a,disabled:c,className:Y("flex h-10 w-full rounded-md border border-gray-300 bg-white px-3 py-2 text-sm ring-offset-white transition-colors file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-gray-500 focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 dark:border-gray-600 dark:bg-gray-800 dark:ring-offset-gray-900 dark:placeholder:text-gray-400",l&&"border-red-500 focus-visible:ring-red-500",i),style:d}),Wt=({children:t,className:e,variant:n="default",size:r="default",type:i="button",disabled:s=!1,style:a})=>{const c={default:"bg-blue-600 text-white hover:bg-blue-700 dark:bg-blue-700 dark:hover:bg-blue-800",outline:"border border-gray-300 bg-transparent hover:bg-gray-100 dark:border-gray-600 dark:hover:bg-gray-800",ghost:"hover:bg-gray-100 dark:hover:bg-gray-800"},l={default:"h-10 px-4 py-2",sm:"h-9 px-3 text-sm",lg:"h-11 px-8"};return u("button",{type:i,disabled:s,className:Y("inline-flex items-center justify-center gap-2 rounded-md font-medium transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 disabled:pointer-events-none disabled:opacity-50",c[n],l[r],e),style:a,children:t})},_t=({htmlFor:t,className:e,style:n,children:r})=>u("label",{for:t,className:Y("text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70",e),style:n,children:r}),Be=({children:t,className:e})=>u("div",{className:Y("mb-2 text-sm text-red",e),children:t}),Rt=({theme:t,branding:e})=>{const n=t?.widget?.logo_url||e?.logo_url;return n?u("div",{className:"inline-flex h-9 items-center",children:u("img",{src:n,className:"h-full w-auto",alt:"Logo"})}):u(Gc,{})},Ns=({error:t,theme:e,branding:n,loginSession:r,email:i,client:s,className:a,isEmbedded:c,browserName:l})=>{const d=s.connections.map(({strategy:_e})=>_e),p=d.includes("email")||d.includes("Username-Password-Authentication"),f=d.includes("sms"),g=d.map(_e=>{const $r=w1(_e);return $r?{name:_e,...$r}:null}).filter(_e=>_e!==null).filter(_e=>!(c&&_e.disableEmbeddedBrowsers)),_=p&&f?"email_or_phone_placeholder":p?"email_placeholder":"phone_placeholder",w=y.t(_,p&&f?"Email or Phone Number":p?"Email Address":"Phone Number"),k=e?.colors?.primary_button||n?.colors?.primary||"#0066cc",z=e?.colors?.primary_button_label||"#ffffff",I=e?.colors?.body_text||"#333333",E=e?.colors?.input_background||"#ffffff",C=e?.colors?.input_border||"#d1d5db",N=e?.colors?.input_filled_text||"#111827",O=e?.colors?.error||"#dc2626",G=e?.colors?.widget_background||"#ffffff",W=e?.colors?.widget_border||"#e5e7eb",V=e?.borders?.widget_corner_radius||8,Q=e?.borders?.input_border_radius||4,re=e?.borders?.button_border_radius||4,de=e?.borders?.show_widget_shadow??!0,fe=e?.fonts?.title?.size||24,ve=e?.fonts?.title?.bold??!0,me=e?.fonts?.body_text?.size||14,rn={backgroundColor:G,borderColor:W,borderRadius:`${V}px`,boxShadow:de?"0 1px 3px 0 rgba(0, 0, 0, 0.1)":"none",color:I},He={fontSize:`${fe}px`,fontWeight:ve?"700":"400",color:e?.colors?.header||I},Ze={fontSize:`${me}px`,color:e?.colors?.input_labels_placeholders||"#6b7280"},Lt={backgroundColor:E,borderColor:t?O:C,borderRadius:`${Q}px`,color:N},on={backgroundColor:k,color:z,borderRadius:`${re}px`},sn=e?.widget?.logo_position||"center",Pe=sn==="left"?"text-left":sn==="right"?"text-right":"text-center",ht=e?.widget?.logo_url||n?.logo_url,K=sn!=="none"&&ht;return u("div",{className:Y("flex flex-col gap-6 w-full max-w-sm",a),children:[u("div",{id:"incognito-warning-container",className:"mb-4 hidden rounded-md border border-yellow-200 bg-yellow-50 p-4 text-sm text-yellow-800 dark:border-yellow-900 dark:bg-yellow-900/20 dark:text-yellow-100",role:"alert",children:u("div",{className:"flex items-start gap-3",children:[u("span",{className:"text-lg leading-none",children:"⚠️"}),u("div",{children:[u("strong",{children:y.t("incognito_mode_detected")}),u("p",{className:"mt-1 text-xs opacity-90",children:y.t("incognito_mode_warning")})]})]})}),c&&u("div",{className:"mb-4 rounded-md border border-orange-200 bg-orange-50 p-4 text-sm text-orange-800 dark:border-orange-900 dark:bg-orange-900/20 dark:text-orange-100",role:"alert",children:u("div",{className:"flex items-start gap-3",children:[u("span",{className:"text-lg leading-none",children:"⚠️"}),u("div",{children:[u("strong",{children:y.t("embedded_browser_do_you_keep_logging_in")}),u("p",{className:"mt-1 text-xs opacity-90",children:y.t("embedded_browser_warning",{browserName:l||"the app"})})]})]})}),u(Yt,{style:rn,className:"border",children:[u(Qt,{children:[K&&u("div",{className:Y("mb-4",Pe),children:u(Rt,{theme:e,branding:n})}),u(en,{style:He,children:y.t("welcome","Login")}),u(tn,{style:Ze,children:y.t("login_description_template",{authMethod:y.t(_,{defaultValue:p&&f?"email or phone number":p?"email address":"phone number"}).toLocaleLowerCase(),defaultValue:"Enter your {{authMethod}} below to login to your account"})})]}),u(nn,{children:u("form",{method:"post",children:u("div",{className:"grid gap-6",children:[u("div",{className:"grid gap-2",children:[u(_t,{htmlFor:"username",style:Ze,children:y.t(_,p&&f?"Email or Phone Number":p?"Email":"Phone Number")}),u(jt,{id:"username",name:"username",type:"text",placeholder:w,required:!0,value:i||"",error:!!t,className:"border",style:Lt}),t&&u(Be,{children:t})]}),u(Wt,{type:"submit",className:"w-full transition-colors hover:brightness-90",style:on,children:y.t("continue","Continue")}),g.length>0&&u(Gc,{children:[u("div",{className:"relative text-center",style:{color:e?.colors?.input_labels_placeholders||"#6b7280",fontSize:`${me}px`},children:[u("div",{className:"absolute left-0 right-0 top-1/2 border-b",style:{borderColor:W}}),u("div",{className:"relative inline-block px-2",style:{backgroundColor:G},children:y.t("or","Or")})]}),u("div",{className:"flex gap-4 sm:flex-col short:flex-row",children:g.map(_e=>{const $r=_e.logo;return u("a",{href:`/authorize/redirect?state=${r.id}&connection=${_e.name}`,className:"inline-flex items-center justify-center gap-2 rounded-md font-medium transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-blue-500 disabled:pointer-events-none disabled:opacity-50 border bg-transparent hover:bg-gray-100 dark:hover:bg-gray-800 h-10 px-4 py-2 w-full sm:w-full short:flex-1",style:{borderColor:C,borderRadius:`${re}px`,color:I},children:[u($r,{className:"h-5 w-5"}),u("span",{className:"sm:inline short:hidden",children:y.t("continue_with","Login with {{provider}}",{provider:_e.displayName})}),u("span",{className:"hidden short:inline",children:_e.displayName})]},_e.name)})})]})]})})})]})]})},R1=t=>u("div",{className:"mt-8",children:t.client?.client_metadata?.termsAndConditionsUrl&&u("div",{className:"text-xs text-gray-300",children:[y.t("agree_to")," ",u("a",{href:t.client.client_metadata.termsAndConditionsUrl,className:"text-primary hover:underline",target:"_blank",rel:"noreferrer",children:y.t("terms")})]})}),k8=t=>t==="small"?"text-base":t==="medium"?"text-2xl":t==="large"?"text-3xl":"",Ne=({name:t,size:e,className:n=""})=>{const r=k8(e);return u("span",{className:Y(`uicon-${t}`,n,r)})},x8=(t,e)=>{const n=t.replace("#",""),r=parseInt(n,16),i=r>>16&255,s=r>>8&255,a=r&255,c=Math.min(255,Math.round(i+(255-i)*e)),l=Math.min(255,Math.round(s+(255-s)*e)),d=Math.min(255,Math.round(a+(255-a)*e));return`#${(c<<16|l<<8|d).toString(16).padStart(6,"0")}`},S8=(t,e)=>{const n=t?.colors?.primary_button||e?.colors?.primary||"#000000",r=t?.colors?.base_hover_color||x8(n,.2),i=t?.colors?.primary_button_label||"#ffffff";return`
86
86
  body {
87
87
  --primary-color: ${n};
88
88
  --primary-hover: ${r};
package/dist/authhero.mjs CHANGED
@@ -27460,17 +27460,7 @@ async function By(t, e, n, r) {
27460
27460
  message: "User not found",
27461
27461
  code: "USER_NOT_FOUND"
27462
27462
  });
27463
- t.set("connection", a.connection), t.set("user_id", c.user_id);
27464
- const l = await i.passwords.get(e.tenant.id, a.user_id);
27465
- if (!(l && await Fr.compare(n.password, l.password)))
27466
- throw ce(t, e.tenant.id, {
27467
- type: ie.FAILED_LOGIN_INCORRECT_PASSWORD,
27468
- description: "Invalid password"
27469
- }), R6(i, e.tenant.id, c), new Nr(403, {
27470
- message: "Invalid password",
27471
- code: "INVALID_PASSWORD"
27472
- });
27473
- if (B6(c).length >= 3)
27463
+ if (t.set("connection", a.connection), t.set("user_id", c.user_id), B6(c).length >= 3)
27474
27464
  throw ce(t, e.tenant.id, {
27475
27465
  // TODO: change to BLOCKED_ACCOUNT_EMAIL
27476
27466
  type: ie.FAILED_LOGIN,
@@ -27479,6 +27469,15 @@ async function By(t, e, n, r) {
27479
27469
  message: "Too many failed login attempts",
27480
27470
  code: "TOO_MANY_FAILED_LOGINS"
27481
27471
  });
27472
+ const d = await i.passwords.get(e.tenant.id, a.user_id);
27473
+ if (!(d && await Fr.compare(n.password, d.password)))
27474
+ throw ce(t, e.tenant.id, {
27475
+ type: ie.FAILED_LOGIN_INCORRECT_PASSWORD,
27476
+ description: "Invalid password"
27477
+ }), R6(i, e.tenant.id, c), new Nr(403, {
27478
+ message: "Invalid password",
27479
+ code: "INVALID_PASSWORD"
27480
+ });
27482
27481
  if (!a.email_verified && e.client_metadata?.email_validation === "enforced") {
27483
27482
  const g = r?.authParams?.ui_locales?.split(" ")?.map((_) => _.split("-")[0])[0];
27484
27483
  throw await Np(t, a, g), ce(t, e.tenant.id, {