UNPKG

lbx-jwt

Version:

Provides JWT authentication for loopback applications. Includes storing roles inside tokens and handling refreshing. Built-in reuse detection.

104 lines (103 loc) 6.66 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/// <reference types="express" /> import { juggler } from '@loopback/repository'; import { Request } from '@loopback/rest'; import { Require2FAResponseModel } from './2fa/require-2fa-response.model'; import { TurnOn2FAResponse } from './2fa/turn-on-2fa-response.model'; import { AuthData } from './auth-data.model'; import { AuthenticationResponse } from './biometric/authentication-response.model'; import { BiometricRegistrationOptions } from './biometric/biometric-registration-options.model'; import { BiometricRegistrationResponse } from './biometric/biometric-registration-response.model'; import { ConfirmBiometricRegistrationResponse } from './biometric/confirm-biometric-registration-response.model'; import { PublicKeyCredentialRequestOptions } from './biometric/public-key-credential-request-options.model'; import { ConfirmResetPassword } from './confirm-reset-password.model'; import { LoginCredentials } from './login-credentials.model'; import { RefreshGrant } from './refresh-grant.model'; import { RequestResetPasswordGrant } from './request-reset-password-grant.model'; import { RequirePasswordChangeResponseModel } from './require-password-change.model'; import { ResetPasswordTokenGrant } from './reset-password-token-grant.model'; import { BaseUserProfile } from '../../models'; import { BaseUserRepository, BiometricCredentialsRepository, CredentialsRepository, PasswordResetTokenRepository, RefreshTokenRepository } from '../../repositories'; import { AccessTokenService, BaseBiometricCredentialsService, BaseUserService, RefreshTokenService } from '../../services'; import { TwoFactorService } from '../../services/two-factor.service'; import { DefaultEntityOmitKeys } from '../../types'; declare class VerifyResetTokenResponse { isValid: boolean; } /** * Exposes endpoints regarding authentication and authorization (eg. Login or resetting a users password). */ export declare class LbxJwtAuthController<RoleType extends string> { private readonly accessTokenService; private readonly accessTokenSecret; private readonly baseUserService; private readonly refreshTokenService; private readonly passwordResetTokenRepository; private readonly baseUserRepository; private readonly credentialsRepository; private readonly biometricCredentialsRepository; private readonly dataSource; private readonly accessTokenExpiresInMs; private readonly refreshTokenExpiresInMs; private readonly refreshTokenRepository; private readonly twoFactorService; private readonly twoFactorHeader; private readonly biometricCredentialsService; constructor(accessTokenService: AccessTokenService<RoleType>, accessTokenSecret: string, baseUserService: BaseUserService<RoleType>, refreshTokenService: RefreshTokenService<RoleType>, passwordResetTokenRepository: PasswordResetTokenRepository<RoleType>, baseUserRepository: BaseUserRepository<RoleType>, credentialsRepository: CredentialsRepository, biometricCredentialsRepository: BiometricCredentialsRepository, dataSource: juggler.DataSource, accessTokenExpiresInMs: number, refreshTokenExpiresInMs: number, refreshTokenRepository: RefreshTokenRepository, twoFactorService: TwoFactorService<RoleType>, twoFactorHeader: string, biometricCredentialsService: BaseBiometricCredentialsService); /** * Tries to login a user with the provided email and password. * @param loginCredentials - Contains the email and password of a user. * @param request - The injected request object. Is needed to access the two factor code inside a custom header. * @returns Auth Data for the user including the jwt. */ login(loginCredentials: LoginCredentials | AuthenticationResponse, request: Request): Promise<Omit<AuthData<RoleType>, DefaultEntityOmitKeys> | Require2FAResponseModel | RequirePasswordChangeResponseModel>; /** * Refreshes a token. * @param refreshGrant - The refresh token send by the user. * @returns Auth Data for the user including the jwt. */ refreshToken(refreshGrant: RefreshGrant): Promise<Omit<AuthData<RoleType>, DefaultEntityOmitKeys>>; /** * Logout a user. Cleans up all existing refresh tokens of the current token family. * @param refreshGrant - The refresh token of the user that should be logged out. */ logout(refreshGrant: RefreshGrant): Promise<void>; /** * Requests the reset of a password. * @param requestResetPassword - Contains the email of the user for which a password reset should be requested. */ requestResetPassword(requestResetPassword: RequestResetPasswordGrant): Promise<void>; /** * Verifies a given reset password token. * Throws an error if something is wrong with the token, does noting otherwise. * @param token - The token that should be verified. * @returns Whether or not the provided token is valid. */ verifyPasswordResetToken(token: ResetPasswordTokenGrant): Promise<VerifyResetTokenResponse>; /** * Confirms the reset of the password and tries to set it to the given password. * @param resetPasswordData - Contains the password reset token and the new password value. */ confirmResetPassword(resetPasswordData: ConfirmResetPassword): Promise<void>; /** * Generates a two factor secret for the requesting user and returns a qr code url to display. * @param userProfile - The currently logged in user. * @returns A qr code url for the user. */ turnOn2FA(userProfile: BaseUserProfile<RoleType>): Promise<TurnOn2FAResponse>; /** * Confirms turning on the two factor authentication by checking the provided code. * @param userProfile - The currently logged in user. * @param request - The injected request object. Is needed to access the two factor code inside a custom header. */ confirmTurnOn2FA(userProfile: BaseUserProfile<RoleType>, request: Request): Promise<void>; /** * Turns off two factor authentication for the current user. * @param userProfile - The currently logged in user. */ turnOff2FA(userProfile: BaseUserProfile<RoleType>): Promise<void>; registerBiometricCredential(userProfile: BaseUserProfile<RoleType>): Promise<BiometricRegistrationOptions>; cancelBiometricRegistration(userProfile: BaseUserProfile<RoleType>, challenge: string): Promise<void>; confirmRegisterBiometricCredentials(userProfile: BaseUserProfile<RoleType>, body: BiometricRegistrationResponse, challenge: string): Promise<ConfirmBiometricRegistrationResponse>; generateAuthenticationOptions(userId: string): Promise<PublicKeyCredentialRequestOptions>; } export {};