npm - hazo_auth - Versions diffs - 7.0.1 → 8.0.1 - Mend

hazo_auth 7.0.1 → 8.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (274) hide show

package/README.md +96 -319
package/SETUP_CHECKLIST.md +59 -248
package/cli-src/cli/generate.ts +1 -10
package/cli-src/cli/validate.ts +0 -4
package/cli-src/lib/auth/auth_types.ts +15 -21
package/cli-src/lib/auth/hazo_get_auth.server.ts +19 -0
package/cli-src/lib/auth/hazo_get_tenant_auth.server.ts +24 -25
package/cli-src/lib/auth/index.ts +2 -2
package/cli-src/lib/auth/nextauth_config.ts +27 -67
package/cli-src/lib/auth/with_auth.server.ts +15 -15
package/cli-src/lib/config/default_config.ts +8 -0
package/cli-src/lib/cookies_config.server.ts +1 -1
package/cli-src/lib/email_verification_config.server.ts +34 -0
package/cli-src/lib/forgot_password_config.server.ts +34 -0
package/cli-src/lib/legal/legal_docs_config.server.ts +61 -0
package/cli-src/lib/legal/legal_docs_reader.server.ts +36 -0
package/cli-src/lib/legal/legal_docs_service.ts +196 -0
package/cli-src/lib/legal/legal_docs_types.ts +31 -0
package/cli-src/lib/login_config.server.ts +29 -14
package/cli-src/lib/my_settings_config.server.ts +3 -0
package/cli-src/lib/oauth_config.server.ts +31 -57
package/cli-src/lib/register_config.server.ts +35 -11
package/cli-src/lib/reset_password_config.server.ts +31 -0
package/cli-src/lib/services/email_template_manifest.ts +0 -17
package/cli-src/lib/services/index.ts +2 -8
package/cli-src/lib/services/oauth_service.ts +74 -128
package/cli-src/lib/services/otp_service.ts +7 -2
package/cli-src/lib/services/registration_service.ts +16 -1
package/cli-src/lib/services/session_token_service.ts +0 -2
package/config/hazo_auth_config.example.ini +41 -76
package/dist/cli/generate.d.ts.map +1 -1
package/dist/cli/generate.js +1 -10
package/dist/cli/validate.d.ts.map +1 -1
package/dist/cli/validate.js +0 -4
package/dist/client.d.ts +1 -2
package/dist/client.d.ts.map +1 -1
package/dist/client.js +3 -1
package/dist/components/layouts/create_firm/index.d.ts +8 -4
package/dist/components/layouts/create_firm/index.d.ts.map +1 -1
package/dist/components/layouts/create_firm/index.js +3 -3
package/dist/components/layouts/email_verification/index.d.ts +5 -4
package/dist/components/layouts/email_verification/index.d.ts.map +1 -1
package/dist/components/layouts/email_verification/index.js +4 -4
package/dist/components/layouts/forgot_password/index.d.ts +5 -4
package/dist/components/layouts/forgot_password/index.d.ts.map +1 -1
package/dist/components/layouts/forgot_password/index.js +2 -2
package/dist/components/layouts/index.d.ts +1 -0
package/dist/components/layouts/index.d.ts.map +1 -1
package/dist/components/layouts/index.js +2 -0
package/dist/components/layouts/legal/index.d.ts +5 -0
package/dist/components/layouts/legal/index.d.ts.map +1 -0
package/dist/components/layouts/legal/index.js +4 -0
package/dist/components/layouts/legal/legal_acceptance_gate.d.ts +7 -0
package/dist/components/layouts/legal/legal_acceptance_gate.d.ts.map +1 -0
package/dist/components/layouts/legal/legal_acceptance_gate.js +84 -0
package/dist/components/layouts/legal/legal_doc_checkbox_list.d.ts +9 -0
package/dist/components/layouts/legal/legal_doc_checkbox_list.d.ts.map +1 -0
package/dist/components/layouts/legal/legal_doc_checkbox_list.js +11 -0
package/dist/components/layouts/legal/legal_doc_combined_view.d.ts +9 -0
package/dist/components/layouts/legal/legal_doc_combined_view.d.ts.map +1 -0
package/dist/components/layouts/legal/legal_doc_combined_view.js +11 -0
package/dist/components/layouts/legal/legal_doc_drawer.d.ts +8 -0
package/dist/components/layouts/legal/legal_doc_drawer.d.ts.map +1 -0
package/dist/components/layouts/legal/legal_doc_drawer.js +55 -0
package/dist/components/layouts/login/index.d.ts +13 -19
package/dist/components/layouts/login/index.d.ts.map +1 -1
package/dist/components/layouts/login/index.js +8 -11
package/dist/components/layouts/otp/index.d.ts +5 -1
package/dist/components/layouts/otp/index.d.ts.map +1 -1
package/dist/components/layouts/otp/index.js +2 -2
package/dist/components/layouts/register/hooks/use_register_form.d.ts +5 -1
package/dist/components/layouts/register/hooks/use_register_form.d.ts.map +1 -1
package/dist/components/layouts/register/hooks/use_register_form.js +25 -10
package/dist/components/layouts/register/index.d.ts +11 -11
package/dist/components/layouts/register/index.d.ts.map +1 -1
package/dist/components/layouts/register/index.js +26 -7
package/dist/components/layouts/reset_password/index.d.ts +5 -4
package/dist/components/layouts/reset_password/index.d.ts.map +1 -1
package/dist/components/layouts/reset_password/index.js +5 -5
package/dist/components/layouts/shared/components/already_logged_in_guard.d.ts +5 -3
package/dist/components/layouts/shared/components/already_logged_in_guard.d.ts.map +1 -1
package/dist/components/layouts/shared/components/already_logged_in_guard.js +2 -2
package/dist/components/layouts/shared/components/facebook_sign_in_button.d.ts +2 -6
package/dist/components/layouts/shared/components/facebook_sign_in_button.d.ts.map +1 -1
package/dist/components/layouts/shared/components/facebook_sign_in_button.js +11 -13
package/dist/components/layouts/shared/components/sidebar_layout_wrapper.d.ts.map +1 -1
package/dist/components/layouts/shared/components/sidebar_layout_wrapper.js +3 -8
package/dist/components/layouts/shared/components/two_column_auth_layout.d.ts +6 -3
package/dist/components/layouts/shared/components/two_column_auth_layout.d.ts.map +1 -1
package/dist/components/layouts/shared/components/two_column_auth_layout.js +5 -8
package/dist/components/layouts/shared/index.d.ts +2 -0
package/dist/components/layouts/shared/index.d.ts.map +1 -1
package/dist/components/layouts/shared/index.js +1 -0
package/dist/components/layouts/user_management/index.d.ts.map +1 -1
package/dist/components/layouts/user_management/index.js +84 -9
package/dist/components/ui/button.d.ts +1 -1
package/dist/components/ui/input-otp.d.ts +2 -2
package/dist/components/ui/sheet.d.ts +1 -1
package/dist/index.d.ts +2 -1
package/dist/index.d.ts.map +1 -1
package/dist/lib/auth/auth_types.d.ts +14 -13
package/dist/lib/auth/auth_types.d.ts.map +1 -1
package/dist/lib/auth/auth_types.js +0 -10
package/dist/lib/auth/hazo_get_auth.server.d.ts.map +1 -1
package/dist/lib/auth/hazo_get_auth.server.js +19 -0
package/dist/lib/auth/hazo_get_tenant_auth.server.d.ts +7 -8
package/dist/lib/auth/hazo_get_tenant_auth.server.d.ts.map +1 -1
package/dist/lib/auth/hazo_get_tenant_auth.server.js +22 -23
package/dist/lib/auth/index.d.ts +2 -2
package/dist/lib/auth/index.d.ts.map +1 -1
package/dist/lib/auth/nextauth_config.d.ts +0 -10
package/dist/lib/auth/nextauth_config.d.ts.map +1 -1
package/dist/lib/auth/nextauth_config.js +23 -52
package/dist/lib/auth/with_auth.server.d.ts +13 -13
package/dist/lib/auth/with_auth.server.d.ts.map +1 -1
package/dist/lib/auth/with_auth.server.js +2 -2
package/dist/lib/config/default_config.d.ts +16 -0
package/dist/lib/config/default_config.d.ts.map +1 -1
package/dist/lib/config/default_config.js +8 -0
package/dist/lib/cookies_config.server.d.ts +1 -1
package/dist/lib/cookies_config.server.js +1 -1
package/dist/lib/email_verification_config.server.d.ts +3 -0
package/dist/lib/email_verification_config.server.d.ts.map +1 -1
package/dist/lib/email_verification_config.server.js +15 -0
package/dist/lib/forgot_password_config.server.d.ts +3 -0
package/dist/lib/forgot_password_config.server.d.ts.map +1 -1
package/dist/lib/forgot_password_config.server.js +15 -0
package/dist/lib/legal/legal_docs_config.server.d.ts +22 -0
package/dist/lib/legal/legal_docs_config.server.d.ts.map +1 -0
package/dist/lib/legal/legal_docs_config.server.js +52 -0
package/dist/lib/legal/legal_docs_reader.server.d.ts +15 -0
package/dist/lib/legal/legal_docs_reader.server.d.ts.map +1 -0
package/dist/lib/legal/legal_docs_reader.server.js +24 -0
package/dist/lib/legal/legal_docs_service.d.ts +49 -0
package/dist/lib/legal/legal_docs_service.d.ts.map +1 -0
package/dist/lib/legal/legal_docs_service.js +140 -0
package/dist/lib/legal/legal_docs_types.d.ts +25 -0
package/dist/lib/legal/legal_docs_types.d.ts.map +1 -0
package/dist/lib/legal/legal_docs_types.js +2 -0
package/dist/lib/login_config.server.d.ts +3 -6
package/dist/lib/login_config.server.d.ts.map +1 -1
package/dist/lib/login_config.server.js +11 -7
package/dist/lib/my_settings_config.server.d.ts +1 -0
package/dist/lib/my_settings_config.server.d.ts.map +1 -1
package/dist/lib/my_settings_config.server.js +2 -0
package/dist/lib/oauth_config.server.d.ts +8 -17
package/dist/lib/oauth_config.server.d.ts.map +1 -1
package/dist/lib/oauth_config.server.js +10 -25
package/dist/lib/register_config.server.d.ts +5 -2
package/dist/lib/register_config.server.d.ts.map +1 -1
package/dist/lib/register_config.server.js +15 -4
package/dist/lib/reset_password_config.server.d.ts +3 -0
package/dist/lib/reset_password_config.server.d.ts.map +1 -1
package/dist/lib/reset_password_config.server.js +13 -0
package/dist/lib/services/email_template_manifest.d.ts.map +1 -1
package/dist/lib/services/email_template_manifest.js +0 -17
package/dist/lib/services/index.d.ts +0 -2
package/dist/lib/services/index.d.ts.map +1 -1
package/dist/lib/services/index.js +0 -1
package/dist/lib/services/oauth_service.d.ts +11 -22
package/dist/lib/services/oauth_service.d.ts.map +1 -1
package/dist/lib/services/oauth_service.js +63 -96
package/dist/lib/services/otp_service.d.ts +1 -1
package/dist/lib/services/otp_service.d.ts.map +1 -1
package/dist/lib/services/otp_service.js +6 -1
package/dist/lib/services/registration_service.d.ts +5 -0
package/dist/lib/services/registration_service.d.ts.map +1 -1
package/dist/lib/services/registration_service.js +6 -0
package/dist/lib/services/session_token_service.d.ts +0 -2
package/dist/lib/services/session_token_service.d.ts.map +1 -1
package/dist/lib/services/session_token_service.js +0 -2
package/dist/page_components/create_firm.d.ts +1 -13
package/dist/page_components/create_firm.d.ts.map +1 -1
package/dist/page_components/create_firm.js +6 -10
package/dist/page_components/forgot_password.d.ts +4 -1
package/dist/page_components/forgot_password.d.ts.map +1 -1
package/dist/page_components/forgot_password.js +6 -2
package/dist/page_components/index.d.ts +0 -5
package/dist/page_components/index.d.ts.map +1 -1
package/dist/page_components/index.js +0 -5
package/dist/page_components/login.d.ts +4 -1
package/dist/page_components/login.d.ts.map +1 -1
package/dist/page_components/login.js +6 -2
package/dist/page_components/register.d.ts +4 -1
package/dist/page_components/register.d.ts.map +1 -1
package/dist/page_components/register.js +6 -2
package/dist/page_components/reset_password.d.ts +4 -1
package/dist/page_components/reset_password.d.ts.map +1 -1
package/dist/page_components/reset_password.js +6 -2
package/dist/page_components/verify_email.d.ts +4 -1
package/dist/page_components/verify_email.d.ts.map +1 -1
package/dist/page_components/verify_email.js +6 -2
package/dist/server/routes/assets.d.ts +8 -0
package/dist/server/routes/assets.d.ts.map +1 -0
package/dist/server/routes/assets.js +38 -0
package/dist/server/routes/consent_me.d.ts +4 -0
package/dist/server/routes/consent_me.d.ts.map +1 -0
package/dist/server/routes/consent_me.js +15 -0
package/dist/server/routes/index.d.ts +9 -4
package/dist/server/routes/index.d.ts.map +1 -1
package/dist/server/routes/index.js +13 -5
package/dist/server/routes/legal_docs_accept.d.ts +3 -0
package/dist/server/routes/legal_docs_accept.d.ts.map +1 -0
package/dist/server/routes/legal_docs_accept.js +43 -0
package/dist/server/routes/legal_docs_get.d.ts +3 -0
package/dist/server/routes/legal_docs_get.d.ts.map +1 -0
package/dist/server/routes/legal_docs_get.js +49 -0
package/dist/server/routes/legal_docs_publish.d.ts +3 -0
package/dist/server/routes/legal_docs_publish.d.ts.map +1 -0
package/dist/server/routes/legal_docs_publish.js +35 -0
package/dist/server/routes/me.d.ts.map +1 -1
package/dist/server/routes/me.js +1 -43
package/dist/server/routes/oauth_facebook_callback.d.ts +1 -1
package/dist/server/routes/oauth_facebook_callback.d.ts.map +1 -1
package/dist/server/routes/oauth_facebook_callback.js +8 -1
package/dist/server/routes/oauth_google_callback.js +1 -1
package/dist/server/routes/otp/verify.js +2 -2
package/dist/server/routes/register.d.ts.map +1 -1
package/dist/server/routes/register.js +26 -0
package/dist/server/routes/strings_defaults.d.ts +4 -0
package/dist/server/routes/strings_defaults.d.ts.map +1 -0
package/dist/server/routes/strings_defaults.js +7 -0
package/dist/server/routes/user_management_users.d.ts +11 -0
package/dist/server/routes/user_management_users.d.ts.map +1 -1
package/dist/server/routes/user_management_users.js +94 -0
package/dist/server-lib.d.ts +0 -3
package/dist/server-lib.d.ts.map +1 -1
package/dist/server-lib.js +0 -2
package/dist/server_pages/forgot_password.d.ts +18 -14
package/dist/server_pages/forgot_password.d.ts.map +1 -1
package/dist/server_pages/forgot_password.js +14 -12
package/dist/server_pages/forgot_password_client_wrapper.d.ts +8 -7
package/dist/server_pages/forgot_password_client_wrapper.d.ts.map +1 -1
package/dist/server_pages/forgot_password_client_wrapper.js +2 -2
package/dist/server_pages/index.d.ts +2 -0
package/dist/server_pages/index.d.ts.map +1 -1
package/dist/server_pages/index.js +1 -0
package/dist/server_pages/login.d.ts +22 -23
package/dist/server_pages/login.d.ts.map +1 -1
package/dist/server_pages/login.js +27 -14
package/dist/server_pages/login_client_wrapper.d.ts +9 -10
package/dist/server_pages/login_client_wrapper.d.ts.map +1 -1
package/dist/server_pages/login_client_wrapper.js +2 -2
package/dist/server_pages/my_settings.d.ts +1 -3
package/dist/server_pages/my_settings.d.ts.map +1 -1
package/dist/server_pages/my_settings.js +2 -9
package/dist/server_pages/register.d.ts +17 -20
package/dist/server_pages/register.d.ts.map +1 -1
package/dist/server_pages/register.js +20 -15
package/dist/server_pages/register_client_wrapper.d.ts +8 -10
package/dist/server_pages/register_client_wrapper.d.ts.map +1 -1
package/dist/server_pages/register_client_wrapper.js +2 -2
package/dist/server_pages/reset_password.d.ts +16 -11
package/dist/server_pages/reset_password.d.ts.map +1 -1
package/dist/server_pages/reset_password.js +14 -10
package/dist/server_pages/reset_password_client_wrapper.d.ts +8 -7
package/dist/server_pages/reset_password_client_wrapper.d.ts.map +1 -1
package/dist/server_pages/reset_password_client_wrapper.js +2 -2
package/dist/server_pages/verify_email.d.ts +18 -12
package/dist/server_pages/verify_email.d.ts.map +1 -1
package/dist/server_pages/verify_email.js +13 -11
package/dist/server_pages/verify_email_client_wrapper.d.ts +8 -7
package/dist/server_pages/verify_email_client_wrapper.d.ts.map +1 -1
package/dist/server_pages/verify_email_client_wrapper.js +2 -2
package/dist/strings.d.ts +2 -0
package/dist/strings.d.ts.map +1 -0
package/dist/strings.js +3 -0
package/dist/themes/index.d.ts +0 -1
package/dist/themes/index.d.ts.map +1 -1
package/dist/themes/index.js +1 -1
package/package.json +30 -61
package/dist/themes/preset_indigo_sunset.d.ts +0 -3
package/dist/themes/preset_indigo_sunset.d.ts.map +0 -1
package/dist/themes/preset_indigo_sunset.js +0 -20

package/cli-src/lib/services/oauth_service.ts CHANGED Viewed

@@ -22,6 +22,15 @@ export type GoogleOAuthData = {
   email_verified: boolean;
 };
+export type FacebookOAuthData = {
+  facebook_id: string;
+  email: string;
+  name?: string;
+  profile_picture_url?: string;
+  /** Facebook does not always verify emails — only link when hazo user is verified */
+  email_verified: boolean;
+};
 export type OAuthLoginResult = {
   success: boolean;
   user_id?: string;
@@ -36,18 +45,6 @@ export type OAuthLoginResult = {
   error?: string;
 };
-export type FacebookOAuthData = {
-  /** Facebook's unique user ID */
-  facebook_id: string;
-  /** User's email address from Facebook (may be null if user denied email permission) */
-  email: string | null;
-  /** User's full name from Facebook profile */
-  name?: string;
-  /** User's profile picture URL from Facebook */
-  profile_picture_url?: string;
-  // NOTE: no email_verified — we never trust Facebook's email_verified claim
-};
 export type LinkGoogleResult = {
   success: boolean;
   error?: string;
@@ -254,47 +251,31 @@ export async function handle_google_oauth_login(
 }
 /**
- * Handles Facebook OAuth login/registration flow
- * 1. Check if user exists with facebook_id -> login
- * 2. Check if user exists with email -> link Facebook account (respects auto_link_unverified)
- * 3. Create new user with Facebook data (email_verified always false — never trust Facebook)
- *
- * @param adapter - The hazo_connect adapter instance
- * @param data - Facebook OAuth user data
- * @param opts - Options (auto_link_unverified: whether to link unverified accounts)
- * @returns OAuth login result with user_id and status flags
+ * Handles Facebook OAuth login: find-by-facebook_id → find-by-email+link → create new.
+ * Mirrors handle_google_oauth_login exactly. Uses auto_link_unverified_accounts gate.
  */
 export async function handle_facebook_oauth_login(
   adapter: HazoConnectAdapter,
-  data: FacebookOAuthData,
-  opts?: { auto_link_unverified?: boolean }
+  data: FacebookOAuthData
 ): Promise<OAuthLoginResult> {
   const logger = create_app_logger();
   try {
-    const { facebook_id, email, name, profile_picture_url } = data;
+    const { facebook_id, email, name, profile_picture_url, email_verified } = data;
+    const oauth_config = get_oauth_config();
     const users_service = createCrudService(adapter, "hazo_users");
     const now = new Date().toISOString();
-    // Step 1: Check if user exists with this facebook_id
-    const users_by_facebook_id = await users_service.findBy({ facebook_id });
-    if (Array.isArray(users_by_facebook_id) && users_by_facebook_id.length > 0) {
-      const user = users_by_facebook_id[0];
-      await users_service.updateById(user.id, {
-        last_logon: now,
-        changed_at: now,
-      });
-      logger.info("oauth_service_facebook_login_existing_facebook_user", {
+    // Step 1: existing user with this facebook_id
+    const users_by_fb_id = await users_service.findBy({ facebook_id });
+    if (Array.isArray(users_by_fb_id) && users_by_fb_id.length > 0) {
+      const user = users_by_fb_id[0];
+      await users_service.updateById(user.id, { last_logon: now, changed_at: now });
+      logger.info("oauth_service_facebook_login_existing_fb_user", {
         filename: "oauth_service.ts",
-        line_number: get_line_number(),
         user_id: user.id,
         email: user.email_address,
       });
       return {
         success: true,
         user_id: user.id as string,
@@ -305,117 +286,91 @@ export async function handle_facebook_oauth_login(
       };
     }
-    // Step 2: Check if user exists with this email
-    if (email) {
-      const users_by_email = await users_service.findBy({ email_address: email });
-      if (Array.isArray(users_by_email) && users_by_email.length > 0) {
-        const user = users_by_email[0];
-        const user_email_verified = user.email_verified as boolean;
-        if (!user_email_verified) {
-          if (!opts?.auto_link_unverified) {
-            return {
-              success: false,
-              error: "link_blocked_unverified",
-            };
-          }
-          // auto_link_unverified=true: link but do NOT change email_verified status
-        }
-        // Link Facebook account to existing user
-        const current_auth_providers = (user.auth_providers as string) || "email";
-        const new_auth_providers = current_auth_providers.includes("facebook")
-          ? current_auth_providers
-          : `${current_auth_providers},facebook`;
-        const update_data: Record<string, unknown> = {
-          facebook_id,
-          auth_providers: new_auth_providers,
-          last_logon: now,
-          changed_at: now,
-        };
-        // Update name if not set and Facebook provides one
-        if (!user.name && name) {
-          update_data.name = name;
-        }
+    // Step 2: existing user with matching email
+    const users_by_email = await users_service.findBy({ email_address: email });
+    if (Array.isArray(users_by_email) && users_by_email.length > 0) {
+      const user = users_by_email[0];
+      const user_email_verified = user.email_verified as boolean;
-        // Update profile picture if not set and Facebook provides one
-        if (!user.profile_picture_url && profile_picture_url) {
-          update_data.profile_picture_url = profile_picture_url;
-          update_data.profile_source = "custom";
-        }
+      if (!user_email_verified && !oauth_config.auto_link_unverified_accounts) {
+        return {
+          success: false,
+          error: "An account with this email exists but is not verified. Please verify your email first.",
+        };
+      }
-        await users_service.updateById(user.id, update_data);
+      const current_auth_providers = (user.auth_providers as string) || "email";
+      const new_auth_providers = current_auth_providers.includes("facebook")
+        ? current_auth_providers
+        : `${current_auth_providers},facebook`;
-        logger.info("oauth_service_facebook_linked_to_existing", {
-          filename: "oauth_service.ts",
-          line_number: get_line_number(),
-          user_id: user.id,
-          email,
-          was_unverified: !user_email_verified,
-        });
+      const update_data: Record<string, unknown> = {
+        facebook_id,
+        auth_providers: new_auth_providers,
+        last_logon: now,
+        changed_at: now,
+      };
-        return {
-          success: true,
-          user_id: user.id as string,
-          is_new_user: false,
-          was_linked: true,
-          email: user.email_address as string,
-          name: (update_data.name as string) || (user.name as string | undefined),
-        };
+      if (!user_email_verified && email_verified) {
+        update_data.email_verified = true;
+      }
+      if (!user.name && name) update_data.name = name;
+      if (!user.profile_picture_url && profile_picture_url) {
+        update_data.profile_picture_url = profile_picture_url;
+        update_data.profile_source = "custom";
       }
+      await users_service.updateById(user.id, update_data);
+      logger.info("oauth_service_facebook_linked_to_existing", {
+        filename: "oauth_service.ts",
+        user_id: user.id,
+        email,
+        was_unverified: !user_email_verified,
+      });
+      return {
+        success: true,
+        user_id: user.id as string,
+        is_new_user: false,
+        was_linked: true,
+        email: user.email_address as string,
+        name: user.name as string | undefined,
+      };
     }
-    // Step 3: Create new user with Facebook data
+    // Step 3: create new user
     const user_id = randomUUID();
     const insert_data: Record<string, unknown> = {
       id: user_id,
       email_address: email,
-      password_hash: "", // Empty string for Facebook-only users
-      email_verified: false, // Never trust Facebook's email_verified claim
-      status: "ACTIVE",
-      login_attempts: 0,
       facebook_id,
       auth_providers: "facebook",
+      email_verified: email_verified,
+      last_logon: now,
       created_at: now,
       changed_at: now,
-      last_logon: now,
     };
-    if (name) {
-      insert_data.name = name;
-    }
+    if (name) insert_data.name = name;
     if (profile_picture_url) {
       insert_data.profile_picture_url = profile_picture_url;
       insert_data.profile_source = "custom";
     }
-    const inserted_users = await users_service.insert(insert_data);
-    if (!Array.isArray(inserted_users) || inserted_users.length === 0) {
-      return {
-        success: false,
-        error: "Failed to create user account",
-      };
+    const inserted = await users_service.insert(insert_data);
+    if (!Array.isArray(inserted) || inserted.length === 0) {
+      return { success: false, error: "Failed to create user account" };
     }
     logger.info("oauth_service_facebook_new_user_created", {
       filename: "oauth_service.ts",
-      line_number: get_line_number(),
       user_id,
       email,
     });
     return {
       success: true,
       user_id,
       is_new_user: true,
       was_linked: false,
-      email: email ?? undefined,
+      email,
       name,
     };
   } catch (error) {
@@ -423,18 +378,9 @@ export async function handle_facebook_oauth_login(
       logToConsole: true,
       logToLogger: true,
       logger,
-      context: {
-        filename: "oauth_service.ts",
-        line_number: get_line_number(),
-        email: data.email,
-        operation: "handle_facebook_oauth_login",
-      },
+      context: { filename: "oauth_service.ts", email: data.email, operation: "handle_facebook_oauth_login" },
     });
-    return {
-      success: false,
-      error: user_friendly_error,
-    };
+    return { success: false, error: user_friendly_error };
   }
 }

package/cli-src/lib/services/otp_service.ts CHANGED Viewed

@@ -143,6 +143,11 @@ export async function request_email_otp(args: {
     expires_at,
     attempt_count: 0,
     requester_ip: ip,
+    // Explicitly pass created_at in JS ISO format ("2024-01-01T00:00:00.000Z") rather
+    // than relying on SQLite's DEFAULT (datetime('now') = "2024-01-01 00:00:00").
+    // The space-separated SQLite format compares as less-than the T-separated JS ISO
+    // threshold used in rate-limit WHERE clauses, causing the counter to always read 0.
+    created_at: new Date().toISOString(),
   });
   // 7. Dispatch email — fire-and-forget; errors are logged but do not surface to caller
@@ -168,7 +173,7 @@ export async function request_email_otp(args: {
 export type VerifyEmailOTPResult =
   | { ok: true; user_id: string; email: string; session_token: string }
-  | { ok: false; error: "invalid_or_expired" };
+  | { ok: false; error: "invalid_or_expired" | "expired" };
 export async function verify_email_otp(args: {
   email: string;
@@ -205,7 +210,7 @@ export async function verify_email_otp(args: {
   // 2. Check expiry
   const expires_at_ms = Date.parse(String(row.expires_at));
   if (Number.isNaN(expires_at_ms) || expires_at_ms < Date.now()) {
-    return { ok: false, error: "invalid_or_expired" };
+    return { ok: false, error: "expired" };
   }
   // 3. argon2 verify

package/cli-src/lib/services/registration_service.ts CHANGED Viewed

@@ -16,6 +16,7 @@ import {
   is_user_types_enabled,
   get_default_user_type,
 } from "../user_types_config.server.js";
+import { write_legal_acceptance } from "../legal/legal_docs_service.js";
 // section: types
 export type RegistrationData = {
@@ -23,6 +24,9 @@ export type RegistrationData = {
   password: string;
   name?: string;
   url_on_logon?: string;
+  legal_accepted?: Record<string, { hash: string }>;
+  ip?: string | null;
+  user_agent?: string | null;
 };
 export type RegistrationResult = {
@@ -156,7 +160,7 @@ export async function register_user(
         user_email: email,
         user_name: name,
       });
       if (!email_result.success) {
         const logger = create_app_logger();
         logger.error("registration_service_email_send_failed", {
@@ -170,6 +174,17 @@ export async function register_user(
       }
     }
+    // Write legal acceptance records if provided
+    if (data.legal_accepted && Object.keys(data.legal_accepted).length > 0) {
+      await write_legal_acceptance(
+        adapter,
+        user_id,
+        data.legal_accepted,
+        data.ip ?? null,
+        data.user_agent ?? null,
+      );
+    }
     return {
       success: true,
       user_id,

package/cli-src/lib/services/session_token_service.ts CHANGED Viewed

@@ -63,8 +63,6 @@ function get_session_token_expiry_seconds(): number {
  * Token includes user_id, email, issued at time, and expiration
  * @param user_id - User ID
  * @param email - User email address
- * @param managed_by_user_id - Optional: ID of the managing user (for impersonation)
- * @param ttl_seconds - Optional: token lifetime in seconds (default: 30 days). Use 604800 for 7-day OTP sessions.
  * @returns JWT token string
  */
 export async function create_session_token(

package/config/hazo_auth_config.example.ini CHANGED Viewed

@@ -74,9 +74,11 @@ enable_admin_ui = true
 # image_alt = Illustration of a globe representing secure authentication workflows
 # image_background_color = #e2e8f0
-; Page text is no longer configured via INI.
-; Use HazoAuthStringsProvider or per-page props instead.
-; See MIGRATION.md for details.
+# Labels
+# heading = Create your hazo account
+# sub_heading = Secure your access with editable fields powered by shadcn components.
+# submit_button = Register
+# cancel_button = Cancel
 # Field labels (defaults shown, uncomment to override)
 # name_label = Full name
@@ -127,9 +129,11 @@ enable_admin_ui = true
 # image_alt = Illustration of a globe representing secure authentication workflows
 # image_background_color = #e2e8f0
-; Page text is no longer configured via INI.
-; Use HazoAuthStringsProvider or per-page props instead.
-; See MIGRATION.md for details.
+# Labels
+# heading = Sign in to your account
+# sub_heading = Enter your credentials to access your secure workspace.
+# submit_button = Login
+# cancel_button = Cancel
 # Field labels (defaults shown, uncomment to override)
 # email_label = Email address
@@ -155,20 +159,17 @@ enable_admin_ui = true
 # Success message (shown when no redirect route is provided)
 # success_message = Successfully logged in
-; OTP sign-in link in the login layout.
-otp_signin_enabled = false
-otp_signin_label = Sign in with email code
-otp_signin_href = /hazo_auth/otp
 [hazo_auth__forgot_password_layout]
 # Image configuration
 # image_src = /globe.svg
 # image_alt = Illustration of a globe representing secure authentication workflows
 # image_background_color = #e2e8f0
-; Page text is no longer configured via INI.
-; Use HazoAuthStringsProvider or per-page props instead.
-; See MIGRATION.md for details.
+# Labels
+# heading = Forgot your password?
+# sub_heading = Enter your email address and we'll send you a link to reset your password.
+# submit_button = Send reset link
+# cancel_button = Cancel
 [hazo_auth__reset_password_layout]
 # Image configuration
@@ -176,9 +177,11 @@ otp_signin_href = /hazo_auth/otp
 # image_alt = Illustration of a globe representing secure authentication workflows
 # image_background_color = #e2e8f0
-; Page text is no longer configured via INI.
-; Use HazoAuthStringsProvider or per-page props instead.
-; See MIGRATION.md for details.
+# Labels
+# heading = Reset your password
+# sub_heading = Enter your new password below.
+# submit_button = Reset password
+# cancel_button = Cancel
 # Field labels (defaults shown, uncomment to override)
 # password_label = New password
@@ -210,9 +213,22 @@ otp_signin_href = /hazo_auth/otp
 # image_alt = Illustration of a globe representing secure authentication workflows
 # image_background_color = #e2e8f0
-; Page text is no longer configured via INI.
-; Use HazoAuthStringsProvider or per-page props instead.
-; See MIGRATION.md for details.
+# Labels (verifying state)
+# heading = Email verification
+# sub_heading = Verifying your email address...
+# submit_button = Resend verification email
+# cancel_button = Cancel
+# Success labels
+# success_heading = Email verified successfully
+# success_message = Your email address has been verified. You can now log in to your account.
+# success_redirect_message = Redirecting to login page in
+# success_go_to_login_button = Go to login
+# Error labels
+# error_heading = Verification failed
+# error_message = The verification link is invalid or has expired.
+# error_resend_form_heading = Resend verification email
 # Field labels (defaults shown, uncomment to override)
 # email_label = Email address
@@ -254,9 +270,11 @@ otp_signin_href = /hazo_auth/otp
 # - [hazo_auth__password_requirements] for password validation rules
 # - [hazo_auth__profile_picture] for profile picture settings and prioritization
-; Page heading text is no longer configured via INI.
-; Use HazoAuthStringsProvider or the title prop on MySettingsPage instead.
-; See MIGRATION.md for details.
+# Heading
+# heading = Account Settings
+# Sub heading
+# sub_heading = Manage your profile, password, and email preferences.
 # Profile Photo section
 # profile_photo_label = Profile Photo
@@ -579,26 +597,6 @@ application_permission_list_defaults = admin_user_management,admin_role_manageme
 # Redirect when skip_invitation_check=true and user has no scope
 # no_scope_redirect = /
-[hazo_auth__create_firm]
-; heading, sub_heading, and submit_button_label are no longer configured via INI in v7.0.0.
-; Use HazoAuthStringsProvider or the title/subtitle/ctaText props on CreateFirmPage instead.
-; See MIGRATION.md for details.
-; Firm name field label
-# firm_name_label = Firm Name
-; Organisation structure field label
-# org_structure_label = Organisation Structure
-; Default organisation structure value
-# org_structure_default = Headquarters
-; Success message shown after firm creation
-# success_message = Your firm has been created successfully!
-; Route to redirect to after firm creation
-# redirect_route = /
 [hazo_auth__multi_tenancy]
 # Multi-tenancy configuration for organization hierarchy
 # Enables hierarchical organization structures for company-wide access control
@@ -731,36 +729,3 @@ company_name = My Company
 #   [hazo_auth__login_layout]
 #   image_src = /your-custom-image.jpg
-[hazo_auth__otp]
-; Email-OTP sign-in configuration (v6.1.0+).
-;
-; Whether /otp/verify may create new hazo_users rows for unknown emails.
-;   false (default): /otp/request silently no-ops for unknown emails.
-;   true:            /otp/verify creates a user row on first successful code match.
-otp_auto_register = false
-; OTP code lifetime in seconds (default 600 = 10 minutes).
-otp_code_ttl_seconds = 600
-; OTP session lifetime in seconds (default 604800 = 7 days).
-otp_session_ttl_seconds = 604800
-; Sliding-session threshold: if a /me call lands and the JWT exp is within
-; this many seconds, re-issue the session for another otp_session_ttl_seconds.
-otp_slide_when_within_seconds = 86400
-; Per-email rate limit for /otp/request.
-otp_email_rate_limit_max = 3
-otp_email_rate_limit_window_seconds = 900
-; Per-IP rate limit for /otp/request.
-otp_ip_rate_limit_max = 20
-otp_ip_rate_limit_window_seconds = 3600
-; Wrong-guess limit per code; row is poisoned after this many failures.
-otp_max_verify_attempts = 5
-; Scope binding for newly auto-registered users (only used when otp_auto_register=true).
-otp_auto_assign_scope_id = 00000000-0000-0000-0000-000000000001
-otp_auto_assign_role_name = member

package/dist/cli/generate.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"generate.d.ts","sourceRoot":"","sources":["../../src/cli/generate.ts"],"names":[],"mappings":"AAqBA,MAAM,MAAM,eAAe,GAAG;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;~~AA0MF~~,wBAAgB,eAAe,CAAC,OAAO,GAAE,eAAoB,GAAG,IAAI,CA8DnE"}
1	+ {"version":3,"file":"generate.d.ts","sourceRoot":"","sources":["../../src/cli/generate.ts"],"names":[],"mappings":"AAqBA,MAAM,MAAM,eAAe,GAAG;IAC5B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB,GAAG,CAAC,EAAE,OAAO,CAAC;CACf,CAAC;AAiMF,wBAAgB,eAAe,CAAC,OAAO,GAAE,eAAoB,GAAG,IAAI,CA8DnE"}

package/dist/cli/generate.js CHANGED Viewed

@@ -93,20 +93,11 @@ ${exports}
 `;
 }
 function generate_page_content(page) {
-    // Next 16 requires page default exports to satisfy `PageProps` (i.e. accept
-    // `{ params?, searchParams? }` and nothing else). Re-exporting the named
-    // component directly fails that check because the component carries custom
-    // props (image_src, layout, …). The wrapper below is a parameter-less
-    // function that returns the component — Next sees a `() => JSX` signature
-    // which trivially satisfies PageProps. Direct JSX consumers still use the
-    // named export from `hazo_auth/pages` and get the full custom-prop API.
     return `// Generated by hazo_auth - do not edit manually
 // Page: /${page.path}
 import { ${page.component_name} } from "hazo_auth/pages";
-export default function Page() {
-  return <${page.component_name} />;
-}
+export default ${page.component_name};
 `;
 }
 // section: api_route_generation

package/dist/cli/validate.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/cli/validate.ts"],"names":[],"mappings":"AAOA,KAAK,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5C,KAAK,WAAW,GAAG;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB,CAAC;~~AA+rBF~~,wBAAgB,cAAc,IAAI,iBAAiB,CA2ElD"}
1	+ {"version":3,"file":"validate.d.ts","sourceRoot":"","sources":["../../src/cli/validate.ts"],"names":[],"mappings":"AAOA,KAAK,WAAW,GAAG,MAAM,GAAG,MAAM,GAAG,MAAM,CAAC;AAE5C,KAAK,WAAW,GAAG;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,WAAW,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,WAAW,EAAE,CAAC;CACxB,CAAC;AA2rBF,wBAAgB,cAAc,IAAI,iBAAiB,CA2ElD"}

package/dist/cli/validate.js CHANGED Viewed

@@ -44,9 +44,6 @@ const REQUIRED_API_ROUTES = [
     { path: "api/hazo_auth/user_management/users/roles", method: "GET" },
     { path: "api/hazo_auth/user_management/users/roles", method: "POST" },
     { path: "api/hazo_auth/user_management/users/roles", method: "PUT" },
-    // OTP routes
-    { path: "api/hazo_auth/otp/request", method: "POST" },
-    { path: "api/hazo_auth/otp/verify", method: "POST" },
 ];
 // section: helpers
 function get_project_root() {
@@ -489,7 +486,6 @@ const REQUIRED_TABLES = [
     "hazo_role_permissions",
     "hazo_invitations",
     "hazo_refresh_tokens",
-    "hazo_email_otps",
 ];
 const TEXT_ID_TABLES = [
     "hazo_users",

package/dist/client.d.ts CHANGED Viewed

@@ -1,6 +1,5 @@
 export * from "./components/index.js";
-export { OTPRequestForm, OTPVerifyForm } from "./components/otp.js";
-export type { OTPRequestFormProps, OTPVerifyFormProps } from "./components/otp";
+export { LegalAcceptanceGate, LegalDocDrawer, LegalDocCheckboxList, LegalDocCombinedView } from "./components/layouts/legal/index.js";
 export { cn, merge_class_names } from "./lib/utils.js";
 export * from "./lib/auth/auth_types.js";
 export { use_auth_status, trigger_auth_status_refresh } from "./components/layouts/shared/hooks/use_auth_status.js";

package/dist/client.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAYA,cAAc,oBAAoB,CAAC;~~AACnC~~,OAAO,EAAE,~~cAAc~~,EAAE,~~aAAa~~,EAAE,~~MAAM~~,~~kBAAkB,CAAC;AACjE,YAAY,~~EAAE,~~mBAAmB~~,EAAE,~~kBAAkB,EAAE,~~MAAM,~~kBAAkB~~,CAAC;~~AAIhF~~,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAIpD,cAAc,uBAAuB,CAAC;AAItC,OAAO,EAAE,eAAe,EAAE,2BAA2B,EAAE,MAAM,mDAAmD,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,iDAAiD,CAAC;AAC3G,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,iDAAiD,CAAC;AAC7G,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,qDAAqD,CAAC;AACnH,YAAY,EAAE,YAAY,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,qDAAqD,CAAC;AAGvI,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAI/E,cAAc,8CAA8C,CAAC"}
1	+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAYA,cAAc,oBAAoB,CAAC;AAInC,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,kCAAkC,CAAC;AAInI,OAAO,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAIpD,cAAc,uBAAuB,CAAC;AAItC,OAAO,EAAE,eAAe,EAAE,2BAA2B,EAAE,MAAM,mDAAmD,CAAC;AACjH,OAAO,EAAE,aAAa,EAAE,yBAAyB,EAAE,MAAM,iDAAiD,CAAC;AAC3G,YAAY,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,iDAAiD,CAAC;AAC7G,OAAO,EAAE,iBAAiB,EAAE,yBAAyB,EAAE,MAAM,qDAAqD,CAAC;AACnH,YAAY,EAAE,YAAY,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,MAAM,qDAAqD,CAAC;AAGvI,OAAO,EAAE,qBAAqB,EAAE,qBAAqB,EAAE,MAAM,iBAAiB,CAAC;AAI/E,cAAc,8CAA8C,CAAC"}

package/dist/client.js CHANGED Viewed

@@ -10,7 +10,9 @@
 // section: component_exports
 // All UI and layout components are client-safe
 export * from "./components/index.js";
-export { OTPRequestForm, OTPVerifyForm } from "./components/otp.js";
+// section: legal_exports
+// Legal acceptance gate and primitives
+export { LegalAcceptanceGate, LegalDocDrawer, LegalDocCheckboxList, LegalDocCombinedView } from "./components/layouts/legal/index.js";
 // section: utility_exports
 // CSS utility functions
 export { cn, merge_class_names } from "./lib/utils.js";

package/dist/components/layouts/create_firm/index.d.ts CHANGED Viewed

@@ -1,8 +1,12 @@
+import type { StaticImageData } from "next/image";
 import { type ButtonPaletteOverrides } from "../shared/config/layout_customization.js";
-import type { HazoAuthTheme } from "../../../theme/theme_types";
 export type CreateFirmLayoutProps = {
-    /** Theme that controls visual appearance and layout mode. */
-    theme?: HazoAuthTheme;
+    /** Image source for the left panel */
+    image_src: string | StaticImageData;
+    /** Alt text for the image */
+    image_alt?: string;
+    /** Background color for the image panel */
+    image_background_color?: string;
     /** Page heading */
     heading?: string;
     /** Page sub-heading */
@@ -35,6 +39,6 @@ export type CreateFirmLayoutProps = {
         error: (message: string, data?: Record<string, unknown>) => void;
     };
 };
-export default function CreateFirmLayout({ theme, heading, sub_heading, firm_name_label, firm_name_placeholder, org_structure_label, org_structure_placeholder, default_org_structure, submit_button_label, success_message, redirect_route, apiBasePath, onSuccess, button_colors, logger, }: CreateFirmLayoutProps): import("react/jsx-runtime").JSX.Element;
+export default function CreateFirmLayout({ image_src, image_alt, image_background_color, heading, sub_heading, firm_name_label, firm_name_placeholder, org_structure_label, org_structure_placeholder, default_org_structure, submit_button_label, success_message, redirect_route, apiBasePath, onSuccess, button_colors, logger, }: CreateFirmLayoutProps): import("react/jsx-runtime").JSX.Element;
 export { CreateFirmLayout };
 //# sourceMappingURL=index.d.ts.map

package/dist/components/layouts/create_firm/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/components/layouts/create_firm/index.tsx"],"names":[],"mappings":"~~AAYA~~,OAAO,EACL,KAAK,sBAAsB,EAC5B,MAAM,uCAAuC,CAAC;~~AAM~~/C,~~OAAO~~,~~KAAK~~,~~EAAE~~,~~aAAa~~,EAAE,MAAM,~~4BAA4B~~,CAAC;~~AAGhE~~,~~MAAM~~,MAAM,~~qBAAqB,GAAG~~;~~IAClC~~,~~6DAA6D~~;~~IAC7D~~,~~KAAK~~,CAAC,EAAE,~~aAAa~~,CAAC;~~IACtB~~,mBAAmB;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uBAAuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gCAAgC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,oCAAoC;IACpC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,0CAA0C;IAC1C,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,sCAAsC;IACtC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,8BAA8B;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gDAAgD;IAChD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4CAA4C;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iDAAiD;IACjD,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,6BAA6B;IAC7B,aAAa,CAAC,EAAE,sBAAsB,CAAC;IACvC,2BAA2B;IAC3B,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;QAChE,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;KAClE,CAAC;CACH,CAAC;AAGF,MAAM,CAAC,OAAO,UAAU,gBAAgB,CAAC,EACvC,~~KAAK~~,~~EACL~~,OAA4B,EAC5B,WAAuD,EACvD,eAA6B,EAC7B,qBAA8C,EAC9C,mBAA8C,EAC9C,yBAA6D,EAC7D,qBAAsC,EACtC,mBAAmC,EACnC,eAA4D,EAC5D,cAAoB,EACpB,WAAW,EACX,SAAS,EACT,aAAa,EACb,MAAM,GACP,EAAE,qBAAqB,~~2CAuJvB~~;AAGD,OAAO,EAAE,gBAAgB,EAAE,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/components/layouts/create_firm/index.tsx"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,YAAY,CAAC;AAOlD,OAAO,EACL,KAAK,sBAAsB,EAC5B,MAAM,uCAAuC,CAAC;AAQ/C,MAAM,MAAM,qBAAqB,GAAG;IAClC,sCAAsC;IACtC,SAAS,EAAE,MAAM,GAAG,eAAe,CAAC;IACpC,6BAA6B;IAC7B,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2CAA2C;IAC3C,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,uBAAuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,gCAAgC;IAChC,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,oCAAoC;IACpC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,0CAA0C;IAC1C,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,sCAAsC;IACtC,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,8BAA8B;IAC9B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,gDAAgD;IAChD,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,sCAAsC;IACtC,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,4CAA4C;IAC5C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,iDAAiD;IACjD,SAAS,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,IAAI,CAAC;IACvC,6BAA6B;IAC7B,aAAa,CAAC,EAAE,sBAAsB,CAAC;IACvC,2BAA2B;IAC3B,MAAM,CAAC,EAAE;QACP,IAAI,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;QAChE,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAC;KAClE,CAAC;CACH,CAAC;AAGF,MAAM,CAAC,OAAO,UAAU,gBAAgB,CAAC,EACvC,SAAS,EACT,SAA8B,EAC9B,sBAAkC,EAClC,OAA4B,EAC5B,WAAuD,EACvD,eAA6B,EAC7B,qBAA8C,EAC9C,mBAA8C,EAC9C,yBAA6D,EAC7D,qBAAsC,EACtC,mBAAmC,EACnC,eAA4D,EAC5D,cAAoB,EACpB,WAAW,EACX,SAAS,EACT,aAAa,EACb,MAAM,GACP,EAAE,qBAAqB,2CA2JvB;AAGD,OAAO,EAAE,gBAAgB,EAAE,CAAC"}