better-auth 1.2.6-beta.7 → 1.2.7-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (273) hide show
  1. package/dist/adapters/drizzle-adapter/index.cjs +186 -249
  2. package/dist/adapters/drizzle-adapter/index.d.cts +11 -49
  3. package/dist/adapters/drizzle-adapter/index.d.mts +11 -49
  4. package/dist/adapters/drizzle-adapter/index.d.ts +11 -49
  5. package/dist/adapters/drizzle-adapter/index.mjs +186 -249
  6. package/dist/adapters/index.cjs +26 -0
  7. package/dist/adapters/index.d.cts +17 -0
  8. package/dist/adapters/index.d.mts +17 -0
  9. package/dist/adapters/index.d.ts +17 -0
  10. package/dist/adapters/index.mjs +20 -0
  11. package/dist/adapters/kysely-adapter/index.cjs +7 -7
  12. package/dist/adapters/kysely-adapter/index.d.cts +17 -49
  13. package/dist/adapters/kysely-adapter/index.d.mts +17 -49
  14. package/dist/adapters/kysely-adapter/index.d.ts +17 -49
  15. package/dist/adapters/kysely-adapter/index.mjs +8 -8
  16. package/dist/adapters/memory-adapter/index.cjs +7 -8
  17. package/dist/adapters/memory-adapter/index.d.cts +9 -49
  18. package/dist/adapters/memory-adapter/index.d.mts +9 -49
  19. package/dist/adapters/memory-adapter/index.d.ts +9 -49
  20. package/dist/adapters/memory-adapter/index.mjs +8 -9
  21. package/dist/adapters/mongodb-adapter/index.cjs +2 -2
  22. package/dist/adapters/mongodb-adapter/index.d.cts +4 -4
  23. package/dist/adapters/mongodb-adapter/index.d.mts +4 -4
  24. package/dist/adapters/mongodb-adapter/index.d.ts +4 -4
  25. package/dist/adapters/mongodb-adapter/index.mjs +3 -3
  26. package/dist/adapters/prisma-adapter/index.cjs +130 -203
  27. package/dist/adapters/prisma-adapter/index.d.cts +17 -49
  28. package/dist/adapters/prisma-adapter/index.d.mts +17 -49
  29. package/dist/adapters/prisma-adapter/index.d.ts +17 -49
  30. package/dist/adapters/prisma-adapter/index.mjs +131 -204
  31. package/dist/adapters/test.cjs +710 -377
  32. package/dist/adapters/test.d.cts +64 -5
  33. package/dist/adapters/test.d.mts +64 -5
  34. package/dist/adapters/test.d.ts +64 -5
  35. package/dist/adapters/test.mjs +712 -380
  36. package/dist/api/index.cjs +61 -25
  37. package/dist/api/index.d.cts +3 -3
  38. package/dist/api/index.d.mts +3 -3
  39. package/dist/api/index.d.ts +3 -3
  40. package/dist/api/index.mjs +63 -27
  41. package/dist/client/index.d.cts +3 -3
  42. package/dist/client/index.d.mts +3 -3
  43. package/dist/client/index.d.ts +3 -3
  44. package/dist/client/plugins/index.cjs +13 -15
  45. package/dist/client/plugins/index.d.cts +80 -19
  46. package/dist/client/plugins/index.d.mts +80 -19
  47. package/dist/client/plugins/index.d.ts +80 -19
  48. package/dist/client/plugins/index.mjs +13 -16
  49. package/dist/client/react/index.cjs +4 -4
  50. package/dist/client/react/index.d.cts +3 -3
  51. package/dist/client/react/index.d.mts +3 -3
  52. package/dist/client/react/index.d.ts +3 -3
  53. package/dist/client/solid/index.d.cts +3 -3
  54. package/dist/client/solid/index.d.mts +3 -3
  55. package/dist/client/solid/index.d.ts +3 -3
  56. package/dist/client/svelte/index.d.cts +3 -3
  57. package/dist/client/svelte/index.d.mts +3 -3
  58. package/dist/client/svelte/index.d.ts +3 -3
  59. package/dist/client/vue/index.d.cts +3 -3
  60. package/dist/client/vue/index.d.mts +3 -3
  61. package/dist/client/vue/index.d.ts +3 -3
  62. package/dist/cookies/index.cjs +13 -2
  63. package/dist/cookies/index.d.cts +3 -3
  64. package/dist/cookies/index.d.mts +3 -3
  65. package/dist/cookies/index.d.ts +3 -3
  66. package/dist/cookies/index.mjs +13 -2
  67. package/dist/db/index.cjs +6 -5
  68. package/dist/db/index.d.cts +4 -4
  69. package/dist/db/index.d.mts +4 -4
  70. package/dist/db/index.d.ts +4 -4
  71. package/dist/db/index.mjs +7 -6
  72. package/dist/index.cjs +11 -7
  73. package/dist/index.d.cts +4 -4
  74. package/dist/index.d.mts +4 -4
  75. package/dist/index.d.ts +4 -4
  76. package/dist/index.mjs +14 -10
  77. package/dist/integrations/next-js.cjs +4 -5
  78. package/dist/integrations/next-js.d.cts +3 -3
  79. package/dist/integrations/next-js.d.mts +3 -3
  80. package/dist/integrations/next-js.d.ts +3 -3
  81. package/dist/integrations/next-js.mjs +5 -6
  82. package/dist/integrations/node.d.cts +3 -3
  83. package/dist/integrations/node.d.mts +3 -3
  84. package/dist/integrations/node.d.ts +3 -3
  85. package/dist/integrations/react-start.cjs +5 -6
  86. package/dist/integrations/react-start.d.cts +3 -3
  87. package/dist/integrations/react-start.d.mts +3 -3
  88. package/dist/integrations/react-start.d.ts +3 -3
  89. package/dist/integrations/react-start.mjs +6 -7
  90. package/dist/integrations/svelte-kit.d.cts +3 -3
  91. package/dist/integrations/svelte-kit.d.mts +3 -3
  92. package/dist/integrations/svelte-kit.d.ts +3 -3
  93. package/dist/oauth2/index.d.cts +5 -5
  94. package/dist/oauth2/index.d.mts +5 -5
  95. package/dist/oauth2/index.d.ts +5 -5
  96. package/dist/plugins/access/index.d.cts +1 -1
  97. package/dist/plugins/access/index.d.mts +1 -1
  98. package/dist/plugins/access/index.d.ts +1 -1
  99. package/dist/plugins/admin/access/index.d.cts +1 -1
  100. package/dist/plugins/admin/access/index.d.mts +1 -1
  101. package/dist/plugins/admin/access/index.d.ts +1 -1
  102. package/dist/plugins/admin/index.cjs +4 -4
  103. package/dist/plugins/admin/index.d.cts +74 -14
  104. package/dist/plugins/admin/index.d.mts +74 -14
  105. package/dist/plugins/admin/index.d.ts +74 -14
  106. package/dist/plugins/admin/index.mjs +5 -5
  107. package/dist/plugins/anonymous/index.cjs +4 -5
  108. package/dist/plugins/anonymous/index.d.cts +3 -3
  109. package/dist/plugins/anonymous/index.d.mts +3 -3
  110. package/dist/plugins/anonymous/index.d.ts +3 -3
  111. package/dist/plugins/anonymous/index.mjs +5 -6
  112. package/dist/plugins/bearer/index.cjs +2 -2
  113. package/dist/plugins/bearer/index.d.cts +3 -3
  114. package/dist/plugins/bearer/index.d.mts +3 -3
  115. package/dist/plugins/bearer/index.d.ts +3 -3
  116. package/dist/plugins/bearer/index.mjs +3 -3
  117. package/dist/plugins/captcha/index.cjs +110 -45
  118. package/dist/plugins/captcha/index.d.cts +26 -6
  119. package/dist/plugins/captcha/index.d.mts +26 -6
  120. package/dist/plugins/captcha/index.d.ts +26 -6
  121. package/dist/plugins/captcha/index.mjs +110 -45
  122. package/dist/plugins/custom-session/index.cjs +24 -5
  123. package/dist/plugins/custom-session/index.d.cts +25 -6
  124. package/dist/plugins/custom-session/index.d.mts +25 -6
  125. package/dist/plugins/custom-session/index.d.ts +25 -6
  126. package/dist/plugins/custom-session/index.mjs +25 -6
  127. package/dist/plugins/email-otp/index.cjs +96 -30
  128. package/dist/plugins/email-otp/index.d.cts +33 -10
  129. package/dist/plugins/email-otp/index.d.mts +33 -10
  130. package/dist/plugins/email-otp/index.d.ts +33 -10
  131. package/dist/plugins/email-otp/index.mjs +97 -31
  132. package/dist/plugins/generic-oauth/index.cjs +81 -20
  133. package/dist/plugins/generic-oauth/index.d.cts +46 -3
  134. package/dist/plugins/generic-oauth/index.d.mts +46 -3
  135. package/dist/plugins/generic-oauth/index.d.ts +46 -3
  136. package/dist/plugins/generic-oauth/index.mjs +82 -21
  137. package/dist/plugins/haveibeenpwned/index.cjs +98 -0
  138. package/dist/plugins/haveibeenpwned/index.d.cts +36 -0
  139. package/dist/plugins/haveibeenpwned/index.d.mts +36 -0
  140. package/dist/plugins/haveibeenpwned/index.d.ts +36 -0
  141. package/dist/plugins/haveibeenpwned/index.mjs +96 -0
  142. package/dist/plugins/index.cjs +583 -19
  143. package/dist/plugins/index.d.cts +7 -5
  144. package/dist/plugins/index.d.mts +7 -5
  145. package/dist/plugins/index.d.ts +7 -5
  146. package/dist/plugins/index.mjs +583 -21
  147. package/dist/plugins/jwt/index.cjs +45 -21
  148. package/dist/plugins/jwt/index.d.cts +52 -6
  149. package/dist/plugins/jwt/index.d.mts +52 -6
  150. package/dist/plugins/jwt/index.d.ts +52 -6
  151. package/dist/plugins/jwt/index.mjs +46 -22
  152. package/dist/plugins/magic-link/index.cjs +3 -3
  153. package/dist/plugins/magic-link/index.mjs +4 -4
  154. package/dist/plugins/multi-session/index.cjs +3 -3
  155. package/dist/plugins/multi-session/index.d.cts +3 -3
  156. package/dist/plugins/multi-session/index.d.mts +3 -3
  157. package/dist/plugins/multi-session/index.d.ts +3 -3
  158. package/dist/plugins/multi-session/index.mjs +4 -4
  159. package/dist/plugins/oauth-proxy/index.cjs +4 -4
  160. package/dist/plugins/oauth-proxy/index.d.cts +3 -3
  161. package/dist/plugins/oauth-proxy/index.d.mts +3 -3
  162. package/dist/plugins/oauth-proxy/index.d.ts +3 -3
  163. package/dist/plugins/oauth-proxy/index.mjs +5 -5
  164. package/dist/plugins/oidc-provider/index.cjs +227 -8
  165. package/dist/plugins/oidc-provider/index.d.cts +215 -3
  166. package/dist/plugins/oidc-provider/index.d.mts +215 -3
  167. package/dist/plugins/oidc-provider/index.d.ts +215 -3
  168. package/dist/plugins/oidc-provider/index.mjs +228 -9
  169. package/dist/plugins/one-tap/index.cjs +5 -5
  170. package/dist/plugins/one-tap/index.mjs +6 -6
  171. package/dist/plugins/one-time-token/index.cjs +119 -0
  172. package/dist/plugins/one-time-token/index.d.cts +134 -0
  173. package/dist/plugins/one-time-token/index.d.mts +134 -0
  174. package/dist/plugins/one-time-token/index.d.ts +134 -0
  175. package/dist/plugins/one-time-token/index.mjs +117 -0
  176. package/dist/plugins/open-api/index.cjs +3 -3
  177. package/dist/plugins/open-api/index.d.cts +3 -3
  178. package/dist/plugins/open-api/index.d.mts +3 -3
  179. package/dist/plugins/open-api/index.d.ts +3 -3
  180. package/dist/plugins/open-api/index.mjs +4 -4
  181. package/dist/plugins/organization/access/index.d.cts +1 -1
  182. package/dist/plugins/organization/access/index.d.mts +1 -1
  183. package/dist/plugins/organization/access/index.d.ts +1 -1
  184. package/dist/plugins/organization/index.cjs +4 -4
  185. package/dist/plugins/organization/index.d.cts +708 -55
  186. package/dist/plugins/organization/index.d.mts +708 -55
  187. package/dist/plugins/organization/index.d.ts +708 -55
  188. package/dist/plugins/organization/index.mjs +5 -5
  189. package/dist/plugins/passkey/index.cjs +82 -8
  190. package/dist/plugins/passkey/index.d.cts +72 -3
  191. package/dist/plugins/passkey/index.d.mts +72 -3
  192. package/dist/plugins/passkey/index.d.ts +72 -3
  193. package/dist/plugins/passkey/index.mjs +83 -9
  194. package/dist/plugins/phone-number/index.cjs +194 -26
  195. package/dist/plugins/phone-number/index.d.cts +132 -8
  196. package/dist/plugins/phone-number/index.d.mts +132 -8
  197. package/dist/plugins/phone-number/index.d.ts +132 -8
  198. package/dist/plugins/phone-number/index.mjs +195 -27
  199. package/dist/plugins/sso/index.cjs +190 -7
  200. package/dist/plugins/sso/index.d.cts +181 -15
  201. package/dist/plugins/sso/index.d.mts +181 -15
  202. package/dist/plugins/sso/index.d.ts +181 -15
  203. package/dist/plugins/sso/index.mjs +191 -8
  204. package/dist/plugins/two-factor/index.cjs +443 -92
  205. package/dist/plugins/two-factor/index.d.cts +230 -396
  206. package/dist/plugins/two-factor/index.d.mts +230 -396
  207. package/dist/plugins/two-factor/index.d.ts +230 -396
  208. package/dist/plugins/two-factor/index.mjs +431 -80
  209. package/dist/plugins/username/index.cjs +34 -31
  210. package/dist/plugins/username/index.d.cts +15 -12
  211. package/dist/plugins/username/index.d.mts +15 -12
  212. package/dist/plugins/username/index.d.ts +15 -12
  213. package/dist/plugins/username/index.mjs +35 -32
  214. package/dist/shared/better-auth.1DR6suCQ.mjs +307 -0
  215. package/dist/shared/{better-auth.BSsp73pg.cjs → better-auth.B7cZ2juS.cjs} +15 -14
  216. package/dist/shared/{better-auth.bKwabe3I.d.mts → better-auth.B88xucNq.d.mts} +529 -39
  217. package/dist/shared/{better-auth.CApEjVDP.cjs → better-auth.BW8BpneG.cjs} +4 -1
  218. package/dist/shared/{better-auth.BiQsvaIP.d.cts → better-auth.BcU1Kjyq.d.cts} +2051 -518
  219. package/dist/shared/better-auth.BfG24BjZ.cjs +118 -0
  220. package/dist/shared/{better-auth.A3TjrU8G.mjs → better-auth.Bk5IMdhM.mjs} +32 -12
  221. package/dist/shared/{better-auth.D9VnBkRI.mjs → better-auth.Bm9HxIzE.mjs} +47 -24
  222. package/dist/shared/{better-auth.BRf6Iynu.d.ts → better-auth.Bwc-6kOr.d.ts} +1 -1
  223. package/dist/shared/{better-auth.D-oLmHIj.d.mts → better-auth.CA2hFK4N.d.ts} +2051 -518
  224. package/dist/shared/{better-auth.Dmhe30iW.d.mts → better-auth.CGukGrxT.d.cts} +1 -1
  225. package/dist/shared/{better-auth.CsSpq0zL.cjs → better-auth.CHUzBidy.cjs} +46 -23
  226. package/dist/shared/{better-auth.DWRligF8.d.cts → better-auth.CT9J6rD-.d.cts} +539 -7
  227. package/dist/shared/better-auth.CVCo5Z2T.cjs +310 -0
  228. package/dist/shared/{better-auth.D4jH-sJA.mjs → better-auth.CWwVo_61.mjs} +458 -118
  229. package/dist/shared/{better-auth.Bi8FQwDD.d.cts → better-auth.CYegVoq1.d.cts} +1 -1
  230. package/dist/shared/{better-auth.Bi8FQwDD.d.mts → better-auth.CYegVoq1.d.mts} +1 -1
  231. package/dist/shared/{better-auth.Bi8FQwDD.d.ts → better-auth.CYegVoq1.d.ts} +1 -1
  232. package/dist/shared/{better-auth.CepcSj5H.mjs → better-auth.Cc72UxUH.mjs} +1 -2
  233. package/dist/shared/{better-auth.BWp5dztg.d.ts → better-auth.CmN4mlPh.d.ts} +539 -7
  234. package/dist/shared/{better-auth.DH3YjMQH.mjs → better-auth.Cqykj82J.mjs} +1 -1
  235. package/dist/shared/{better-auth.wcdMj2cT.d.mts → better-auth.DIt2e3lu.d.mts} +539 -7
  236. package/dist/shared/{better-auth.BANAxdkL.d.ts → better-auth.DNTAFSt1.d.ts} +529 -39
  237. package/dist/shared/{better-auth.DU2QNVc_.d.ts → better-auth.DQ7OSJbI.d.mts} +2051 -518
  238. package/dist/shared/{better-auth.DLTzKoOS.cjs → better-auth.DSVbLSt7.cjs} +4 -1
  239. package/dist/shared/{better-auth.B2Fw1vhH.d.cts → better-auth.DTiSPWEk.d.cts} +529 -39
  240. package/dist/shared/better-auth.DURsStt9.mjs +116 -0
  241. package/dist/shared/{better-auth.BIjcZ_vt.cjs → better-auth.DYoLD99C.cjs} +31 -11
  242. package/dist/shared/{better-auth.CV1L7TPV.cjs → better-auth.D_ZIX1O8.cjs} +317 -47
  243. package/dist/shared/{better-auth.C5H9XEzZ.cjs → better-auth.DcWKCjjf.cjs} +1 -2
  244. package/dist/shared/{better-auth.BDYXUcLv.cjs → better-auth.Dg0siV5C.cjs} +457 -117
  245. package/dist/shared/better-auth.DjryM8pE.cjs +760 -0
  246. package/dist/shared/{better-auth.DPBQN9Fs.mjs → better-auth.Dn_Ms1Uf.mjs} +318 -48
  247. package/dist/shared/{better-auth.DiG4KL2x.mjs → better-auth.OuYYTHC7.mjs} +4 -1
  248. package/dist/shared/{better-auth.DtC8i3pf.d.cts → better-auth.S1jimRbX.d.mts} +1 -1
  249. package/dist/shared/better-auth.SPmq4a4z.d.mts +344 -0
  250. package/dist/shared/{better-auth.cOCrlspr.mjs → better-auth.bkwPl2G4.mjs} +4 -1
  251. package/dist/shared/better-auth.cp2rC2iM.d.ts +344 -0
  252. package/dist/shared/better-auth.eVy4DZvP.d.cts +344 -0
  253. package/dist/shared/{better-auth.BrOpzmqo.mjs → better-auth.iKoUsdFE.mjs} +15 -14
  254. package/dist/shared/better-auth.rSYJCd3o.mjs +758 -0
  255. package/dist/social-providers/index.cjs +75 -3
  256. package/dist/social-providers/index.d.cts +2 -2
  257. package/dist/social-providers/index.d.mts +2 -2
  258. package/dist/social-providers/index.d.ts +2 -2
  259. package/dist/social-providers/index.mjs +77 -6
  260. package/dist/types/index.d.cts +4 -4
  261. package/dist/types/index.d.mts +4 -4
  262. package/dist/types/index.d.ts +4 -4
  263. package/package.json +42 -5
  264. package/dist/chunks/server.cjs +0 -905
  265. package/dist/chunks/server.mjs +0 -895
  266. package/dist/shared/better-auth.BcoSd9tC.mjs +0 -10
  267. package/dist/shared/better-auth.BnRFp-t0.mjs +0 -405
  268. package/dist/shared/better-auth.C1-vpKly.cjs +0 -12
  269. package/dist/shared/better-auth.ClTSOgiD.mjs +0 -140
  270. package/dist/shared/better-auth.DC8JQbiE.mjs +0 -173
  271. package/dist/shared/better-auth.DWHWPllD.cjs +0 -175
  272. package/dist/shared/better-auth.DqLjzBlO.cjs +0 -408
  273. package/dist/shared/better-auth.m575EIBC.cjs +0 -144
@@ -1,11 +1,11 @@
1
1
  import { z } from 'zod';
2
- import { a as createAuthEndpoint, g as getSessionFromCtx, B as BASE_ERROR_CODES } from '../../shared/better-auth.D4jH-sJA.mjs';
2
+ import { a as createAuthEndpoint, g as getSessionFromCtx, B as BASE_ERROR_CODES } from '../../shared/better-auth.CWwVo_61.mjs';
3
3
  import { APIError } from 'better-call';
4
- import { m as mergeSchema } from '../../shared/better-auth.CepcSj5H.mjs';
4
+ import { m as mergeSchema } from '../../shared/better-auth.Cc72UxUH.mjs';
5
5
  import { g as generateRandomString } from '../../shared/better-auth.B4Qoxdgc.mjs';
6
6
  import { setSessionCookie } from '../../cookies/index.mjs';
7
7
  import '../../shared/better-auth.8zoxzg-F.mjs';
8
- import '../../shared/better-auth.DH3YjMQH.mjs';
8
+ import '../../shared/better-auth.Cqykj82J.mjs';
9
9
  import 'defu';
10
10
  import { g as getDate } from '../../shared/better-auth.CW6D9eSx.mjs';
11
11
  import '../../social-providers/index.mjs';
@@ -24,14 +24,25 @@ import '@noble/hashes/utils';
24
24
  import '../../shared/better-auth.DdzSJf-n.mjs';
25
25
  import '@better-auth/utils/random';
26
26
  import '../../shared/better-auth.BdyOG_p4.mjs';
27
+ import '../../shared/better-auth.tB5eU6EY.mjs';
27
28
  import '../../shared/better-auth.BUPPRXfK.mjs';
28
29
  import '@better-auth/utils/hmac';
29
30
  import '../../shared/better-auth.DDEbWX-S.mjs';
30
31
  import '../../shared/better-auth.VTXNLFMT.mjs';
31
32
  import 'jose/errors';
32
- import '../../shared/better-auth.tB5eU6EY.mjs';
33
33
  import '@better-auth/utils/binary';
34
34
 
35
+ const ERROR_CODES = {
36
+ INVALID_PHONE_NUMBER: "Invalid phone number",
37
+ PHONE_NUMBER_EXIST: "Phone number already exist",
38
+ INVALID_PHONE_NUMBER_OR_PASSWORD: "Invalid phone number or password",
39
+ UNEXPECTED_ERROR: "Unexpected error",
40
+ OTP_NOT_FOUND: "OTP not found",
41
+ OTP_EXPIRED: "OTP expired",
42
+ INVALID_OTP: "Invalid OTP",
43
+ PHONE_NUMBER_NOT_VERIFIED: "Phone number not verified"
44
+ };
45
+
35
46
  function generateOTP(size) {
36
47
  return generateRandomString(size, "0-9");
37
48
  }
@@ -45,15 +56,6 @@ const phoneNumber = (options) => {
45
56
  code: "code",
46
57
  createdAt: "createdAt"
47
58
  };
48
- const ERROR_CODES = {
49
- INVALID_PHONE_NUMBER: "Invalid phone number",
50
- PHONE_NUMBER_EXIST: "Phone number already exist",
51
- INVALID_PHONE_NUMBER_OR_PASSWORD: "Invalid phone number or password",
52
- UNEXPECTED_ERROR: "Unexpected error",
53
- OTP_NOT_FOUND: "OTP not found",
54
- OTP_EXPIRED: "OTP expired",
55
- INVALID_OTP: "Invalid OTP"
56
- };
57
59
  return {
58
60
  id: "phone-number",
59
61
  endpoints: {
@@ -128,6 +130,23 @@ const phoneNumber = (options) => {
128
130
  message: ERROR_CODES.INVALID_PHONE_NUMBER_OR_PASSWORD
129
131
  });
130
132
  }
133
+ if (opts.requireVerification) {
134
+ if (!user.phoneNumberVerified) {
135
+ const otp = generateOTP(opts.otpLength);
136
+ await ctx.context.internalAdapter.createVerificationValue({
137
+ value: otp,
138
+ identifier: phoneNumber2,
139
+ expiresAt: getDate(opts.expiresIn, "sec")
140
+ });
141
+ await opts.sendOTP?.({
142
+ phoneNumber: phoneNumber2,
143
+ code: otp
144
+ });
145
+ throw new APIError("UNAUTHORIZED", {
146
+ message: ERROR_CODES.PHONE_NUMBER_NOT_VERIFIED
147
+ });
148
+ }
149
+ }
131
150
  const accounts = await ctx.context.internalAdapter.findAccountByUserId(user.id);
132
151
  const credentialAccount = accounts.find(
133
152
  (a) => a.providerId === "credential"
@@ -244,7 +263,7 @@ const phoneNumber = (options) => {
244
263
  }
245
264
  const code = generateOTP(opts.otpLength);
246
265
  await ctx.context.internalAdapter.createVerificationValue({
247
- value: code,
266
+ value: `${code}:0`,
248
267
  identifier: ctx.body.phoneNumber,
249
268
  expiresAt: getDate(opts.expiresIn, "sec")
250
269
  });
@@ -296,20 +315,83 @@ const phoneNumber = (options) => {
296
315
  summary: "Verify phone number",
297
316
  description: "Use this endpoint to verify phone number",
298
317
  responses: {
299
- 200: {
300
- description: "Success",
318
+ "200": {
319
+ description: "Phone number verified successfully",
301
320
  content: {
302
321
  "application/json": {
303
322
  schema: {
304
323
  type: "object",
305
324
  properties: {
306
- user: {
307
- $ref: "#/components/schemas/User"
325
+ status: {
326
+ type: "boolean",
327
+ description: "Indicates if the verification was successful",
328
+ enum: [true]
308
329
  },
309
- session: {
310
- $ref: "#/components/schemas/Session"
330
+ token: {
331
+ type: "string",
332
+ nullable: true,
333
+ description: "Session token if session is created, null if disableSession is true or no session is created"
334
+ },
335
+ user: {
336
+ type: "object",
337
+ nullable: true,
338
+ properties: {
339
+ id: {
340
+ type: "string",
341
+ description: "Unique identifier of the user"
342
+ },
343
+ email: {
344
+ type: "string",
345
+ format: "email",
346
+ nullable: true,
347
+ description: "User's email address"
348
+ },
349
+ emailVerified: {
350
+ type: "boolean",
351
+ nullable: true,
352
+ description: "Whether the email is verified"
353
+ },
354
+ name: {
355
+ type: "string",
356
+ nullable: true,
357
+ description: "User's name"
358
+ },
359
+ image: {
360
+ type: "string",
361
+ format: "uri",
362
+ nullable: true,
363
+ description: "User's profile image URL"
364
+ },
365
+ phoneNumber: {
366
+ type: "string",
367
+ description: "User's phone number"
368
+ },
369
+ phoneNumberVerified: {
370
+ type: "boolean",
371
+ description: "Whether the phone number is verified"
372
+ },
373
+ createdAt: {
374
+ type: "string",
375
+ format: "date-time",
376
+ description: "Timestamp when the user was created"
377
+ },
378
+ updatedAt: {
379
+ type: "string",
380
+ format: "date-time",
381
+ description: "Timestamp when the user was last updated"
382
+ }
383
+ },
384
+ required: [
385
+ "id",
386
+ "phoneNumber",
387
+ "phoneNumberVerified",
388
+ "createdAt",
389
+ "updatedAt"
390
+ ],
391
+ description: "User object with phone number details, null if no user is created or found"
311
392
  }
312
- }
393
+ },
394
+ required: ["status"]
313
395
  }
314
396
  }
315
397
  }
@@ -335,7 +417,18 @@ const phoneNumber = (options) => {
335
417
  message: ERROR_CODES.OTP_NOT_FOUND
336
418
  });
337
419
  }
338
- if (otp.value !== ctx.body.code) {
420
+ const [otpValue, attempts] = otp.value.split(":");
421
+ const allowedAttempts = options?.allowedAttempts || 3;
422
+ if (attempts && parseInt(attempts) >= allowedAttempts) {
423
+ await ctx.context.internalAdapter.deleteVerificationValue(otp.id);
424
+ throw new APIError("FORBIDDEN", {
425
+ message: "Too many attempts"
426
+ });
427
+ }
428
+ if (otpValue !== ctx.body.code) {
429
+ await ctx.context.internalAdapter.updateVerificationValue(otp.id, {
430
+ value: `${otpValue}:${parseInt(attempts || "0") + 1}`
431
+ });
339
432
  throw new APIError("BAD_REQUEST", {
340
433
  message: "Invalid OTP"
341
434
  });
@@ -443,7 +536,7 @@ const phoneNumber = (options) => {
443
536
  if (!ctx.body.disableSession) {
444
537
  const session = await ctx.context.internalAdapter.createSession(
445
538
  user.id,
446
- ctx.request
539
+ ctx.headers
447
540
  );
448
541
  if (!session) {
449
542
  throw new APIError("INTERNAL_SERVER_ERROR", {
@@ -493,7 +586,32 @@ const phoneNumber = (options) => {
493
586
  method: "POST",
494
587
  body: z.object({
495
588
  phoneNumber: z.string()
496
- })
589
+ }),
590
+ metadata: {
591
+ openapi: {
592
+ description: "Request OTP for password reset via phone number",
593
+ responses: {
594
+ "200": {
595
+ description: "OTP sent successfully for password reset",
596
+ content: {
597
+ "application/json": {
598
+ schema: {
599
+ type: "object",
600
+ properties: {
601
+ status: {
602
+ type: "boolean",
603
+ description: "Indicates if the OTP was sent successfully",
604
+ enum: [true]
605
+ }
606
+ },
607
+ required: ["status"]
608
+ }
609
+ }
610
+ }
611
+ }
612
+ }
613
+ }
614
+ }
497
615
  },
498
616
  async (ctx) => {
499
617
  const user = await ctx.context.adapter.findOne({
@@ -512,7 +630,7 @@ const phoneNumber = (options) => {
512
630
  }
513
631
  const code = generateOTP(opts.otpLength);
514
632
  await ctx.context.internalAdapter.createVerificationValue({
515
- value: code,
633
+ value: `${code}:0`,
516
634
  identifier: `${ctx.body.phoneNumber}-forget-password`,
517
635
  expiresAt: getDate(opts.expiresIn, "sec")
518
636
  });
@@ -536,7 +654,32 @@ const phoneNumber = (options) => {
536
654
  otp: z.string(),
537
655
  phoneNumber: z.string(),
538
656
  newPassword: z.string()
539
- })
657
+ }),
658
+ metadata: {
659
+ openapi: {
660
+ description: "Reset password using phone number OTP",
661
+ responses: {
662
+ "200": {
663
+ description: "Password reset successfully",
664
+ content: {
665
+ "application/json": {
666
+ schema: {
667
+ type: "object",
668
+ properties: {
669
+ status: {
670
+ type: "boolean",
671
+ description: "Indicates if the password was reset successfully",
672
+ enum: [true]
673
+ }
674
+ },
675
+ required: ["status"]
676
+ }
677
+ }
678
+ }
679
+ }
680
+ }
681
+ }
682
+ }
540
683
  },
541
684
  async (ctx) => {
542
685
  const verification = await ctx.context.internalAdapter.findVerificationValue(
@@ -552,7 +695,23 @@ const phoneNumber = (options) => {
552
695
  message: ERROR_CODES.OTP_EXPIRED
553
696
  });
554
697
  }
555
- if (verification.value !== ctx.body.otp) {
698
+ const [otpValue, attempts] = verification.value.split(":");
699
+ const allowedAttempts = options?.allowedAttempts || 3;
700
+ if (attempts && parseInt(attempts) >= allowedAttempts) {
701
+ await ctx.context.internalAdapter.deleteVerificationValue(
702
+ verification.id
703
+ );
704
+ throw new APIError("FORBIDDEN", {
705
+ message: "Too many attempts"
706
+ });
707
+ }
708
+ if (ctx.body.otp !== otpValue) {
709
+ await ctx.context.internalAdapter.updateVerificationValue(
710
+ verification.id,
711
+ {
712
+ value: `${otpValue}:${parseInt(attempts || "0") + 1}`
713
+ }
714
+ );
556
715
  throw new APIError("BAD_REQUEST", {
557
716
  message: ERROR_CODES.INVALID_OTP
558
717
  });
@@ -585,6 +744,15 @@ const phoneNumber = (options) => {
585
744
  )
586
745
  },
587
746
  schema: mergeSchema(schema, options?.schema),
747
+ rateLimit: [
748
+ {
749
+ pathMatcher(path) {
750
+ return path.startsWith("/phone-number");
751
+ },
752
+ window: 60 * 1e3,
753
+ max: 10
754
+ }
755
+ ],
588
756
  $ERROR_CODES: ERROR_CODES
589
757
  };
590
758
  };
@@ -2,9 +2,9 @@
2
2
 
3
3
  const zod = require('zod');
4
4
  const betterCall = require('better-call');
5
- const refreshToken = require('../../shared/better-auth.BDYXUcLv.cjs');
5
+ const refreshToken = require('../../shared/better-auth.Dg0siV5C.cjs');
6
6
  const cookies_index = require('../../cookies/index.cjs');
7
- require('../../shared/better-auth.C5H9XEzZ.cjs');
7
+ require('../../shared/better-auth.DcWKCjjf.cjs');
8
8
  require('../../shared/better-auth.DiSjtgs9.cjs');
9
9
  require('../../shared/better-auth.GpOOav9x.cjs');
10
10
  require('defu');
@@ -25,13 +25,13 @@ require('@noble/hashes/utils');
25
25
  require('../../shared/better-auth.CYeOI8C-.cjs');
26
26
  require('@better-auth/utils/random');
27
27
  require('../../shared/better-auth.ANpbi45u.cjs');
28
+ require('../../shared/better-auth.D3mtHEZg.cjs');
28
29
  require('../../shared/better-auth.C1hdVENX.cjs');
29
30
  require('../../shared/better-auth.Bg6iw3ig.cjs');
30
31
  require('@better-auth/utils/hmac');
31
32
  require('../../shared/better-auth.BMYo0QR-.cjs');
32
33
  require('../../shared/better-auth.C-R0J0n1.cjs');
33
34
  require('jose/errors');
34
- require('../../shared/better-auth.D3mtHEZg.cjs');
35
35
  require('@better-auth/utils/binary');
36
36
 
37
37
  const sso = (options) => {
@@ -98,7 +98,10 @@ const sso = (options) => {
98
98
  }).optional(),
99
99
  organizationId: zod.z.string({
100
100
  description: "If organization plugin is enabled, the organization id to link the provider to"
101
- }).optional()
101
+ }).optional(),
102
+ overrideUserInfo: zod.z.boolean({
103
+ description: "Override user info with the provider info. Defaults to false"
104
+ }).default(false).optional()
102
105
  }),
103
106
  use: [refreshToken.sessionMiddleware],
104
107
  metadata: {
@@ -107,7 +110,160 @@ const sso = (options) => {
107
110
  description: "This endpoint is used to register an OIDC provider. This is used to configure the provider and link it to an organization",
108
111
  responses: {
109
112
  "200": {
110
- description: "The created provider"
113
+ description: "OIDC provider created successfully",
114
+ content: {
115
+ "application/json": {
116
+ schema: {
117
+ type: "object",
118
+ properties: {
119
+ issuer: {
120
+ type: "string",
121
+ format: "uri",
122
+ description: "The issuer URL of the provider"
123
+ },
124
+ domain: {
125
+ type: "string",
126
+ description: "The domain of the provider, used for email matching"
127
+ },
128
+ oidcConfig: {
129
+ type: "object",
130
+ properties: {
131
+ issuer: {
132
+ type: "string",
133
+ format: "uri",
134
+ description: "The issuer URL of the provider"
135
+ },
136
+ pkce: {
137
+ type: "boolean",
138
+ description: "Whether PKCE is enabled for the authorization flow"
139
+ },
140
+ clientId: {
141
+ type: "string",
142
+ description: "The client ID for the provider"
143
+ },
144
+ clientSecret: {
145
+ type: "string",
146
+ description: "The client secret for the provider"
147
+ },
148
+ authorizationEndpoint: {
149
+ type: "string",
150
+ format: "uri",
151
+ nullable: true,
152
+ description: "The authorization endpoint URL"
153
+ },
154
+ discoveryEndpoint: {
155
+ type: "string",
156
+ format: "uri",
157
+ description: "The discovery endpoint URL"
158
+ },
159
+ userInfoEndpoint: {
160
+ type: "string",
161
+ format: "uri",
162
+ nullable: true,
163
+ description: "The user info endpoint URL"
164
+ },
165
+ scopes: {
166
+ type: "array",
167
+ items: { type: "string" },
168
+ nullable: true,
169
+ description: "The scopes requested from the provider"
170
+ },
171
+ tokenEndpoint: {
172
+ type: "string",
173
+ format: "uri",
174
+ nullable: true,
175
+ description: "The token endpoint URL"
176
+ },
177
+ tokenEndpointAuthentication: {
178
+ type: "string",
179
+ enum: [
180
+ "client_secret_post",
181
+ "client_secret_basic"
182
+ ],
183
+ nullable: true,
184
+ description: "Authentication method for the token endpoint"
185
+ },
186
+ jwksEndpoint: {
187
+ type: "string",
188
+ format: "uri",
189
+ nullable: true,
190
+ description: "The JWKS endpoint URL"
191
+ },
192
+ mapping: {
193
+ type: "object",
194
+ nullable: true,
195
+ properties: {
196
+ id: {
197
+ type: "string",
198
+ description: "Field mapping for user ID (defaults to 'sub')"
199
+ },
200
+ email: {
201
+ type: "string",
202
+ description: "Field mapping for email (defaults to 'email')"
203
+ },
204
+ emailVerified: {
205
+ type: "string",
206
+ nullable: true,
207
+ description: "Field mapping for email verification (defaults to 'email_verified')"
208
+ },
209
+ name: {
210
+ type: "string",
211
+ description: "Field mapping for name (defaults to 'name')"
212
+ },
213
+ image: {
214
+ type: "string",
215
+ nullable: true,
216
+ description: "Field mapping for image (defaults to 'picture')"
217
+ },
218
+ extraFields: {
219
+ type: "object",
220
+ additionalProperties: { type: "string" },
221
+ nullable: true,
222
+ description: "Additional field mappings"
223
+ }
224
+ },
225
+ required: ["id", "email", "name"]
226
+ }
227
+ },
228
+ required: [
229
+ "issuer",
230
+ "pkce",
231
+ "clientId",
232
+ "clientSecret",
233
+ "discoveryEndpoint"
234
+ ],
235
+ description: "OIDC configuration for the provider"
236
+ },
237
+ organizationId: {
238
+ type: "string",
239
+ nullable: true,
240
+ description: "ID of the linked organization, if any"
241
+ },
242
+ userId: {
243
+ type: "string",
244
+ description: "ID of the user who registered the provider"
245
+ },
246
+ providerId: {
247
+ type: "string",
248
+ description: "Unique identifier for the provider"
249
+ },
250
+ redirectURI: {
251
+ type: "string",
252
+ format: "uri",
253
+ description: "The redirect URI for the provider callback"
254
+ }
255
+ },
256
+ required: [
257
+ "issuer",
258
+ "domain",
259
+ "oidcConfig",
260
+ "userId",
261
+ "providerId",
262
+ "redirectURI"
263
+ ]
264
+ }
265
+ }
266
+ }
111
267
  }
112
268
  }
113
269
  }
@@ -138,7 +294,8 @@ const sso = (options) => {
138
294
  discoveryEndpoint: body.discoveryEndpoint || `${body.issuer}/.well-known/openid-configuration`,
139
295
  mapping: body.mapping,
140
296
  scopes: body.scopes,
141
- userinfoEndpoint: body.userInfoEndpoint
297
+ userinfoEndpoint: body.userInfoEndpoint,
298
+ overrideUserInfo: ctx.body.overrideUserInfo || options?.defaultOverrideUserInfo || false
142
299
  }),
143
300
  organizationId: body.organizationId,
144
301
  userId: ctx.context.session.user.id,
@@ -224,6 +381,31 @@ const sso = (options) => {
224
381
  }
225
382
  }
226
383
  }
384
+ },
385
+ responses: {
386
+ "200": {
387
+ description: "Authorization URL generated successfully for SSO sign-in",
388
+ content: {
389
+ "application/json": {
390
+ schema: {
391
+ type: "object",
392
+ properties: {
393
+ url: {
394
+ type: "string",
395
+ format: "uri",
396
+ description: "The authorization URL to redirect the user to for SSO sign-in"
397
+ },
398
+ redirect: {
399
+ type: "boolean",
400
+ description: "Indicates that the client should redirect to the provided URL",
401
+ enum: [true]
402
+ }
403
+ },
404
+ required: ["url", "redirect"]
405
+ }
406
+ }
407
+ }
408
+ }
227
409
  }
228
410
  }
229
411
  }
@@ -479,7 +661,8 @@ const sso = (options) => {
479
661
  refreshTokenExpiresAt: tokenResponse.refreshTokenExpiresAt,
480
662
  scope: tokenResponse.scopes?.join(",")
481
663
  },
482
- disableSignUp: options?.disableImplicitSignUp && !requestSignUp
664
+ disableSignUp: options?.disableImplicitSignUp && !requestSignUp,
665
+ overrideUserInfo: config.overrideUserInfo
483
666
  });
484
667
  if (linked.error) {
485
668
  throw ctx.redirect(