SudoSOS Back-end API / authentication / LocalAuthenticator

Class: LocalAuthenticator

The Local Authenticator is used for users who have local accounts in SudoSOS. This authentication method allows users to create accounts directly in the system without relying on external authentication providers like LDAP.

Local Authentication is a hash-based authentication method. This means that the password is hashed using bcrypt and stored in the database, and later compared against the input of the user during login attempts.

Local Authentication Flow

1. User sends a request to the /authentication/local endpoint with email and password.
2. Authentication Controller looks up the user by email address.
3. Authentication Controller retrieves the associated LocalAuthenticator.
4. Authentication Service compares the provided password against the stored hash.
5. Authentication Controller returns a JWT token if authentication succeeds.

Password Reset Flow

Local users can reset their passwords through a token-based system:

1. User requests password reset via /authentication/local/reset.
2. System generates a ResetToken and sends it via email.
3. User provides the token and new password via /authentication/local (PUT).
4. System validates the token and updates the password hash.

Extends

• HashBasedAuthenticationMethod

Constructors

Constructor

new LocalAuthenticator(): LocalAuthenticator;

Returns

LocalAuthenticator

Inherited from

HashBasedAuthenticationMethod.constructor

Properties

Property	Modifier	Type	Description	Inherited from
createdAt	readonly	Date	The creation date of the object.	HashBasedAuthenticationMethod.createdAt
hash	public	string	-	HashBasedAuthenticationMethod.hash
updatedAt	readonly	Date	The last update date of the object.	HashBasedAuthenticationMethod.updatedAt
user	public	User	-	HashBasedAuthenticationMethod.user
userId	public	number	-	HashBasedAuthenticationMethod.userId
version	readonly	number	The current version of the object.	HashBasedAuthenticationMethod.version