docs: TMP Auth (squash later)

GEWIS · Feb 16, 2025 · e54c4ad · e54c4ad
1 parent d3821f4
commit e54c4ad
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 3 deletions.
diff --git a/src/authentication/json-web-token.ts b/src/authentication/json-web-token.ts
@@ -33,7 +33,7 @@
  * - {@link KeyAuthenticator | API Key Authentication}.
  * - {@link EanAuthenticator | EAN (barcode) authentication}.
  *
- * Most of these methods are a hash-based authentication method, where a secret is hashed and stored in the database,
+ * Most of these methods are a {@link HashBasedAuthenticationMethod | hash-based authentication method}, where a secret is hashed and stored in the database,
  * and later compared against the input of the user.
  *
  * @module authentication

diff --git a/src/entity/authenticator/ldap-authenticator.ts b/src/entity/authenticator/ldap-authenticator.ts
@@ -41,8 +41,36 @@ const bufferTransformer = {
 };
 
 /**
+ *
+ *
+ * ```mermaid
+ * graph TD
+ *     A[Start] --> B{Receive LDAP Login Request}
+ *     B --> C[Parse Request Body]
+ *     C --> D[Establish LDAP Connection]
+ *     D --> E{Search LDAP for User}
+ *     E -->|Found| F[Attempt User Bind]
+ *     E -->|Not Found| G[Return 403 Error]
+ *
+ *     F --> H{Bind Successful?}
+ *     H -->|Yes| I{Check Local User Account}
+ *     H -->|No| J[Return 403 Error]
+ *
+ *     I -->|Exists| K[Generate JWT Token]
+ *     I -->|Not Exists| L[Create Local User & Bind]
+ *     L --> M[Generate JWT Token]
+ *
+ *     K --> N[Return JWT Token]
+ *     M --> N[Return JWT Token]
+ *
+ *     style G fill:#f66
+ *     style J fill:#f66
+ * ```
+ *
  * @typedef {AuthenticationMethod} LDAPAuthenticator
  * @property {string} accountName.required - The associated AD account name
+ * @promote
+ * @index 1
  */
 @Entity()
 export default class LDAPAuthenticator extends AuthenticationMethod {

diff --git a/src/entity/authenticator/pin-authenticator.ts b/src/entity/authenticator/pin-authenticator.ts
@@ -19,8 +19,6 @@
  */
 
 /**
- * This is the page of pin-authenticator.
- *
  * @module authentication
  */
 
@@ -30,8 +28,16 @@ import {
 import HashBasedAuthenticationMethod from './hash-based-authentication-method';
 
 /**
+ * PIN Authentication returns a lesser JWT token and should only be used for authenticating at a point of sale.
+ * The reason for returning a lesser JWT token is to prevent brute-force attacks, since PINs are 4-digit numbers and could easily be guessed.
+ *
+ * PIN Authentication is a _hash-based authentication method_. This means that the PIN code is hashed and stored in the database, and later compared against the input of the user.
+ *
  * @typedef {HashBasedAuthenticationMethod} PinAuthenticator
  * @property {string} hash.required - The PIN code of this user (hashed)
+ *
+ * @promote
+ * @index 0
  */
 @Entity()
 export default class PinAuthenticator extends HashBasedAuthenticationMethod {}