import { AIMSSessionDescriptor, FortraSession, AIMSAuthentication } from '../../aims-client/index';
import { AlConduitClient } from './al-conduit-client';
import { AxiosResponse } from 'axios';
/**
 * Each of these is a possible outcome of an authentication attempt.
 */
export declare enum AlAuthenticationResult {
    Unauthenticated = "unauthenticated",
    Authenticated = "authenticated",
    AccountLocked = "account_locked",
    AccountUnavailable = "account_unavailable",
    PasswordResetRequired = "password_expired",
    MFAEnrollmentRequired = "mfa_enrollment_required",
    MFAVerificationRequired = "mfa_verification_required",
    TOSAcceptanceRequired = "eula_acceptance_required",
    TOSReacceptanceRequired = "eula_reacceptance_required",
    FortraIdPRequired = "fidp_required",
    InvalidCredentials = "failed"
}
export interface AlAuthenticationState {
    /**
     * The result of an authentication attempt.  Please don't access this directly; use AlAuthenticationUtility's
     * `getResult()` method to be assured of the correct value.
     */
    result?: AlAuthenticationResult;
    /**
     * MFA and TOS authentication criteria will both provide the user with a temporary "session token" (passed to AIMS as an
     * X-AIMS-Session-Token header.
     */
    sessionToken?: string;
    /**
     * Password reset requires a username parameter
     */
    userName?: string;
    /**
     * TOS authentication criteria will provide a URL where the current terms of service can be retrieved.
     */
    termsOfServiceURL?: string;
    /**
     * TOS api will provide the deferral to accept the terms.
     */
    deferralTOSPeriodEnd?: string;
}
export declare class AlAuthenticationUtility {
    protected static convertedSession?: AIMSAuthentication;
    protected static conversionReq?: Promise<AIMSAuthentication>;
    state: AlAuthenticationState;
    conduit: AlConduitClient;
    constructor(state?: AlAuthenticationState);
    /**
     * Primary authentication method -- attempts to authenticate using a username and password.
     */
    authenticate(userName: string, passPhrase: string, payloadExtras?: any): Promise<AlAuthenticationResult>;
    /**
     * Authenticate against AIMS using a fortra IdP-provided access token.
     */
    authenticateFromFortraSession(fortraSession: FortraSession): Promise<AlAuthenticationResult>;
    /**
     * Performs authentication using a session token (which must be separately populated into `this.state.sessionToken`) and
     * an MFA verification code.
     */
    validateMfaCode(verificationCode: string): Promise<AlAuthenticationResult>;
    /**
     * Performs authentication using a session token (which must be separately populated into `this.state.sessionToken`).
     */
    acceptTermsOfService(acceptTOS?: boolean): Promise<AlAuthenticationResult>;
    /**
     * Updates the user's TOS status when a session is already established.
     */
    updateTermsOfServiceAcceptance(accountId: string, acceptTOS?: boolean): Promise<void>;
    /**
     * Retrieves the last authentication result, if any; defaults to `AlAuthenticationResult.Unauthenticated`.
     */
    getResult(): AlAuthenticationResult;
    /**
     * Retrieves the session token provided in response to the last authentication attempt, if any.
     */
    getSessionToken(): string;
    /**
     * Retrieves the TOS URL provided in response to the last authentication attempt, if any.
     */
    getTermsOfServiceURL(): string;
    /**
     * Retrieves the TOS Deadline provided in response to the last authentication attempt, if any.
     */
    getDeferralTOSPeriodEnd(): string;
    /**
     * "Normalizes" a return URL -- internally, this merely checks the URL against a whitelist of target domains.
     */
    filterReturnURL(returnURL: string, defaultReturnURL?: string): string;
    /**
     * Fortra-Derived Authentication - use a fortra identity to authenticate against AIMS
     */
    authenticateViaAIMSFromFortra(fortraSession: FortraSession): Promise<AIMSSessionDescriptor>;
    convertFortraSession(fortraSession: FortraSession): Promise<AIMSAuthentication>;
    convertFortraToken(fortraSession: FortraSession, forceNew?: boolean): Promise<string>;
    protected authenticateViaGestaltFromFortra(fortraSession: FortraSession): Promise<AIMSSessionDescriptor>;
    /**
     * Given a session descriptor, persists that session to AlSession and conduit and then sets the authentication
     * result to `Authenticated`.
     */
    protected finalizeSession(session: AIMSSessionDescriptor): Promise<AlAuthenticationResult>;
    protected handleAuthenticationFailure(error: Error | any): boolean;
    protected requiresMfaCode(response: AxiosResponse<any>): boolean;
    protected requiresMfaEnrollment(response: AxiosResponse<any>): boolean;
    protected requiresPasswordReset(response: AxiosResponse<any>): boolean;
    protected requiresTOSAcceptance(response: AxiosResponse<any>): boolean;
    protected requiresTOSReacceptance(response: AxiosResponse<any>): boolean;
    protected requiresFortraIdP(response: AxiosResponse<any>): boolean;
}