npm - hazo_auth - Versions diffs - 1.4.1 → 1.6.0 - Mend

hazo_auth 1.4.1 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (478) hide show

package/src/lib/services/email_verification_service.ts DELETED Viewed

@@ -1,270 +0,0 @@
-// file_description: service for email verification operations using hazo_connect
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import argon2 from "argon2";
-import { create_token } from "hazo_auth/lib/services/token_service";
-import { send_template_email } from "hazo_auth/lib/services/email_service";
-import { create_app_logger } from "hazo_auth/lib/app_logger";
-// section: types
-export type EmailVerificationTokenData = {
-  token: string;
-};
-export type EmailVerificationResult = {
-  success: boolean;
-  user_id?: string;
-  email?: string;
-  error?: string;
-};
-export type ResendVerificationData = {
-  email: string;
-};
-export type ResendVerificationResult = {
-  success: boolean;
-  error?: string;
-};
-// section: helpers
-/**
- * Verifies an email verification token
- * Updates email_verified to true in hazo_users and deletes the token
- * @param adapter - The hazo_connect adapter instance
- * @param data - Email verification token data (token)
- * @returns Email verification result with success status, user_id, email, or error
- */
-export async function verify_email_token(
-  adapter: HazoConnectAdapter,
-  data: EmailVerificationTokenData,
-): Promise<EmailVerificationResult> {
-  try {
-    const { token } = data;
-    // Create CRUD service for hazo_refresh_tokens table
-    const tokens_service = createCrudService(adapter, "hazo_refresh_tokens");
-    // Find all email verification tokens
-    // If token_type column doesn't exist, query all tokens and filter manually
-    let all_tokens: unknown[] = [];
-    try {
-      all_tokens = (await tokens_service.findBy({
-        token_type: "email_verification",
-      })) as unknown[];
-    } catch (error) {
-      // If token_type column doesn't exist, get all tokens and we'll verify each one
-      const logger = create_app_logger();
-      const error_message = error instanceof Error ? error.message : "Unknown error";
-      logger.warn("email_verification_service_token_type_column_missing", {
-        filename: "email_verification_service.ts",
-        line_number: 0,
-        error: error_message,
-        note: "token_type column may not exist, querying all tokens",
-      });
-      try {
-        // Query all tokens (will need to verify each one)
-        all_tokens = (await tokens_service.findBy({})) as unknown[];
-      } catch (fallbackError) {
-        const fallback_error_message = fallbackError instanceof Error ? fallbackError.message : "Unknown error";
-        logger.error("email_verification_service_query_tokens_failed", {
-          filename: "email_verification_service.ts",
-          line_number: 0,
-          error: fallback_error_message,
-        });
-        return {
-          success: false,
-          error: "Invalid or expired verification token",
-        };
-      }
-    }
-    if (!Array.isArray(all_tokens) || all_tokens.length === 0) {
-      return {
-        success: false,
-        error: "Invalid or expired verification token",
-      };
-    }
-    // Find the matching token by verifying the hash
-    let matching_token = null;
-    let user_id: string | null = null;
-    for (const stored_token of all_tokens) {
-      try {
-        const token_hash = (stored_token as { token_hash: string }).token_hash;
-        const is_valid = await argon2.verify(token_hash, token);
-        if (is_valid) {
-          matching_token = stored_token;
-          user_id = (stored_token as { user_id: string }).user_id;
-          break;
-        }
-      } catch {
-        // Continue to next token if verification fails
-        continue;
-      }
-    }
-    if (!matching_token || !user_id) {
-      return {
-        success: false,
-        error: "Invalid or expired verification token",
-      };
-    }
-    // Check if token has expired
-    const expires_at = new Date((matching_token as { expires_at: string }).expires_at);
-    const now = new Date();
-    if (expires_at < now) {
-      // Delete expired token
-      await tokens_service.deleteById((matching_token as { id: string }).id);
-      return {
-        success: false,
-        error: "Verification token has expired",
-      };
-    }
-    // Get user email before updating
-    const users_service = createCrudService(adapter, "hazo_users");
-    const users = await users_service.findBy({
-      id: user_id,
-    });
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: false,
-        error: "User not found",
-      };
-    }
-    const user = users[0];
-    const email = user.email_address as string;
-    // Update user's email_verified status
-    const now_iso = new Date().toISOString();
-    await users_service.updateById(
-      user_id,
-      {
-        email_verified: true,
-        changed_at: now_iso,
-      },
-    );
-    // Delete the used token
-    await tokens_service.deleteById((matching_token as { id: string }).id);
-    return {
-      success: true,
-      user_id,
-      email,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}
-/**
- * Resends an email verification token for a user
- * Creates a new email verification token and stores it in hazo_refresh_tokens
- * Invalidates any existing email verification tokens for the user before creating a new one
- * @param adapter - The hazo_connect adapter instance
- * @param data - Resend verification data (email)
- * @returns Resend verification result with success status or error
- */
-export async function resend_verification_email(
-  adapter: HazoConnectAdapter,
-  data: ResendVerificationData,
-): Promise<ResendVerificationResult> {
-  try {
-    const { email } = data;
-    // Create CRUD service for hazo_users table
-    const users_service = createCrudService(adapter, "hazo_users");
-    // Find user by email
-    const users = await users_service.findBy({
-      email_address: email,
-    });
-    // If user not found, return success anyway (to prevent email enumeration)
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: true,
-      };
-    }
-    const user = users[0];
-    const user_id = user.id as string;
-    // Check if email is already verified
-    if (user.email_verified === true) {
-      return {
-        success: true,
-      };
-    }
-    // Create email verification token using shared token service
-    const token_result = await create_token({
-      adapter,
-      user_id,
-      token_type: "email_verification",
-    });
-    if (!token_result.success) {
-      return {
-        success: false,
-        error: token_result.error || "Failed to create email verification token",
-      };
-    }
-    // Send verification email if token was created successfully
-    if (token_result.raw_token) {
-      const email_result = await send_template_email("email_verification", email, {
-        token: token_result.raw_token,
-        user_email: email,
-        user_name: user.name as string | undefined,
-      });
-      if (!email_result.success) {
-        const logger = create_app_logger();
-        logger.error("email_verification_service_email_send_failed", {
-          filename: "email_verification_service.ts",
-          line_number: 0,
-          user_id,
-          email,
-          error: email_result.error,
-          note: "Verification token created but email failed to send",
-        });
-        // Return error if email sending failed (this is a technical error, not a security issue)
-        return {
-          success: false,
-          error: email_result.error || "Failed to send verification email",
-        };
-      }
-    }
-    return {
-      success: true,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}

package/src/lib/services/index.ts DELETED Viewed

@@ -1,15 +0,0 @@
-// file_description: barrel export for all services
-// section: service_exports
-export * from "./email_service";
-export * from "./email_verification_service";
-export * from "./login_service";
-export * from "./password_change_service";
-export * from "./password_reset_service";
-export * from "./profile_picture_remove_service";
-export * from "./profile_picture_service";
-export * from "./profile_picture_source_mapper";
-export * from "./registration_service";
-export * from "./token_service";
-export * from "./user_profiles_service";
-export * from "./user_update_service";

package/src/lib/services/login_service.ts DELETED Viewed

@@ -1,134 +0,0 @@
-// file_description: service for user login operations using hazo_connect
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import argon2 from "argon2";
-import { create_app_logger } from "hazo_auth/lib/app_logger";
-import { sanitize_error_for_user } from "hazo_auth/lib/utils/error_sanitizer";
-import { get_filename, get_line_number } from "hazo_auth/lib/utils/api_route_helpers";
-// section: types
-export type LoginData = {
-  email: string;
-  password: string;
-};
-export type LoginResult = {
-  success: boolean;
-  user_id?: string;
-  error?: string;
-  email_not_verified?: boolean;
-  stored_url_on_logon?: string | null;
-};
-// section: helpers
-/**
- * Authenticates a user by verifying email and password against hazo_users table
- * @param adapter - The hazo_connect adapter instance
- * @param data - Login data (email, password)
- * @returns Login result with success status and user_id or error
- */
-export async function authenticate_user(
-  adapter: HazoConnectAdapter,
-  data: LoginData,
-): Promise<LoginResult> {
-  try {
-    const { email, password } = data;
-    // Create CRUD service for hazo_users table
-    const users_service = createCrudService(adapter, "hazo_users");
-    // Find user by email
-    const users = await users_service.findBy({
-      email_address: email,
-    });
-    // Check if user exists
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: false,
-        error: "Invalid email or password",
-      };
-    }
-    const user = users[0];
-    // Check if user is active
-    if (user.is_active === false) {
-      return {
-        success: false,
-        error: "Account is inactive. Please contact support.",
-      };
-    }
-    // Verify password using argon2
-    const password_hash = user.password_hash as string;
-    const is_password_valid = await argon2.verify(password_hash, password);
-    if (!is_password_valid) {
-      // Increment login attempts on failed password
-      const current_attempts = (user.login_attempts as number) || 0;
-      const now = new Date().toISOString();
-      await users_service.updateById(
-        user.id,
-        {
-          login_attempts: current_attempts + 1,
-          changed_at: now,
-        }
-      );
-      return {
-        success: false,
-        error: "Invalid email or password",
-      };
-    }
-    // Check if email is verified
-    const email_verified = user.email_verified as boolean;
-    if (!email_verified) {
-      return {
-        success: false,
-        error: "Email address not verified. Please verify your email before logging in.",
-        email_not_verified: true,
-      };
-    }
-    // Password is valid and email is verified - update last_logon and reset login_attempts
-    const now = new Date().toISOString();
-    await users_service.updateById(
-      user.id,
-      {
-        last_logon: now,
-        login_attempts: 0,
-        changed_at: now,
-        url_on_logon: null, // Clear the stored redirect URL after successful login
-      }
-    );
-    return {
-      success: true,
-      user_id: user.id as string,
-      stored_url_on_logon: user.url_on_logon as string | null | undefined,
-    };
-  } catch (error) {
-    const logger = create_app_logger();
-    const user_friendly_error = sanitize_error_for_user(error, {
-      logToConsole: true,
-      logToLogger: true,
-      logger,
-      context: {
-        filename: "login_service.ts",
-        line_number: get_line_number(),
-        email: data.email,
-        operation: "authenticate_user",
-      },
-    });
-    return {
-      success: false,
-      error: user_friendly_error,
-    };
-  }
-}

package/src/lib/services/password_change_service.ts DELETED Viewed

@@ -1,154 +0,0 @@
-// file_description: service for changing user password using hazo_connect
-// section: imports
-import type { HazoConnectAdapter } from "hazo_connect";
-import { createCrudService } from "hazo_connect/server";
-import argon2 from "argon2";
-import { get_password_requirements_config } from "hazo_auth/lib/password_requirements_config.server";
-import { send_template_email } from "hazo_auth/lib/services/email_service";
-import { create_app_logger } from "hazo_auth/lib/app_logger";
-// section: types
-export type PasswordChangeData = {
-  current_password: string;
-  new_password: string;
-};
-export type PasswordChangeResult = {
-  success: boolean;
-  error?: string;
-};
-// section: helpers
-/**
- * Changes a user's password
- * Verifies the current password, validates the new password, and updates the password hash
- * @param adapter - The hazo_connect adapter instance
- * @param user_id - The user ID to update
- * @param data - Password change data (current_password, new_password)
- * @returns Password change result with success status or error
- */
-export async function change_password(
-  adapter: HazoConnectAdapter,
-  user_id: string,
-  data: PasswordChangeData,
-): Promise<PasswordChangeResult> {
-  try {
-    const { current_password, new_password } = data;
-    // Create CRUD service for hazo_users table
-    const users_service = createCrudService(adapter, "hazo_users");
-    // Get current user data
-    const users = await users_service.findBy({
-      id: user_id,
-    });
-    if (!Array.isArray(users) || users.length === 0) {
-      return {
-        success: false,
-        error: "User not found",
-      };
-    }
-    const user = users[0];
-    const password_hash = user.password_hash as string;
-    const email = user.email_address as string;
-    const user_name = user.name as string | undefined;
-    // Verify current password
-    try {
-      const is_valid = await argon2.verify(password_hash, current_password);
-      if (!is_valid) {
-        return {
-          success: false,
-          error: "Current password is incorrect",
-        };
-      }
-    } catch (error) {
-      return {
-        success: false,
-        error: "Failed to verify current password",
-      };
-    }
-    // Get password requirements from config
-    const password_requirements = get_password_requirements_config();
-    // Validate new password
-    if (!new_password || new_password.length < password_requirements.minimum_length) {
-      return {
-        success: false,
-        error: `Password must be at least ${password_requirements.minimum_length} characters long`,
-      };
-    }
-    if (password_requirements.require_uppercase && !/[A-Z]/.test(new_password)) {
-      return {
-        success: false,
-        error: "Password must contain at least one uppercase letter",
-      };
-    }
-    if (password_requirements.require_lowercase && !/[a-z]/.test(new_password)) {
-      return {
-        success: false,
-        error: "Password must contain at least one lowercase letter",
-      };
-    }
-    if (password_requirements.require_number && !/[0-9]/.test(new_password)) {
-      return {
-        success: false,
-        error: "Password must contain at least one number",
-      };
-    }
-    if (password_requirements.require_special && !/[^A-Za-z0-9]/.test(new_password)) {
-      return {
-        success: false,
-        error: "Password must contain at least one special character",
-      };
-    }
-    // Hash the new password
-    const new_password_hash = await argon2.hash(new_password);
-    // Update password hash in database
-    const now = new Date().toISOString();
-    await users_service.updateById(user_id, {
-      password_hash: new_password_hash,
-      changed_at: now,
-    });
-    // Send password changed notification email
-    const email_result = await send_template_email("password_changed", email, {
-      user_email: email,
-      user_name: user_name,
-    });
-    if (!email_result.success) {
-      const logger = create_app_logger();
-      logger.error("password_change_service_email_failed", {
-        filename: "password_change_service.ts",
-        line_number: 0,
-        user_id,
-        email,
-        error: email_result.error,
-        note: "Password was changed successfully but notification email failed to send",
-      });
-    }
-    return {
-      success: true,
-    };
-  } catch (error) {
-    const error_message =
-      error instanceof Error ? error.message : "Unknown error";
-    return {
-      success: false,
-      error: error_message,
-    };
-  }
-}