# _MAP: MGN-001 - Autenticacion **Modulo:** MGN-001 **Nombre:** Autenticacion **Fase:** 01 - Foundation **Story Points:** 40 SP **Estado:** Documentado **Ultima actualizacion:** 2025-12-05 --- ## Resumen Sistema de autenticacion que incluye login con email/password, manejo de tokens JWT, OAuth con proveedores sociales, recuperacion de password y proteccion contra ataques de fuerza bruta. --- ## Metricas | Metrica | Valor | |---------|-------| | Story Points | 40 SP | | Requerimientos (RF) | 6 | | Especificaciones (ET) | 3 | | User Stories (US) | 5 | | Tablas DB | 6 | | Endpoints API | 7 | | Test Cases | 20+ | | Cobertura Estimada | 0% | --- ## Requerimientos Funcionales (5) | ID | Archivo | Titulo | Prioridad | Estado | |----|---------|--------|-----------|--------| | RF-AUTH-001 | [RF-AUTH-001.md](./requerimientos/RF-AUTH-001.md) | Login Email/Password | P0 | Migrado | | RF-AUTH-002 | [RF-AUTH-002.md](./requerimientos/RF-AUTH-002.md) | Manejo de Tokens JWT | P0 | Migrado | | RF-AUTH-003 | [RF-AUTH-003.md](./requerimientos/RF-AUTH-003.md) | Recuperacion de Password | P1 | Migrado | | RF-AUTH-004 | [RF-AUTH-004.md](./requerimientos/RF-AUTH-004.md) | Proteccion Brute Force | P1 | Migrado | | RF-AUTH-005 | [RF-AUTH-005.md](./requerimientos/RF-AUTH-005.md) | OAuth y Logout | P2 | Migrado | **Indice:** [INDICE-RF-AUTH.md](./requerimientos/INDICE-RF-AUTH.md) --- ## Especificaciones Tecnicas (3) | ID | Archivo | Titulo | RF Asociados | Estado | |----|---------|--------|--------------|--------| | ET-AUTH-001 | [ET-auth-backend.md](./especificaciones/ET-auth-backend.md) | Backend Auth | RF-AUTH-001, RF-AUTH-002, RF-AUTH-005 | Migrado | | ET-AUTH-002 | [auth-domain.md](./especificaciones/auth-domain.md) | Domain Model Auth | RF-AUTH-001 | Migrado | | ET-AUTH-003 | [ET-AUTH-database.md](./especificaciones/ET-AUTH-database.md) | Database Auth | RF-AUTH-001, RF-AUTH-002, RF-AUTH-004 | Migrado | --- ## Historias de Usuario (4) | ID | Archivo | Titulo | RF | SP | Estado | |----|---------|--------|----|----|--------| | US-MGN001-001 | [US-MGN001-001.md](./historias-usuario/US-MGN001-001.md) | Login con Email/Password | RF-AUTH-001 | 8 | Migrado | | US-MGN001-002 | [US-MGN001-002.md](./historias-usuario/US-MGN001-002.md) | Logout de Sesion | RF-AUTH-005 | 3 | Migrado | | US-MGN001-003 | [US-MGN001-003.md](./historias-usuario/US-MGN001-003.md) | Recuperar Password | RF-AUTH-003 | 5 | Migrado | | US-MGN001-004 | [US-MGN001-004.md](./historias-usuario/US-MGN001-004.md) | Refresh de Token | RF-AUTH-002 | 5 | Migrado | **Backlog:** [BACKLOG-MGN001.md](./historias-usuario/BACKLOG-MGN001.md) **Total:** 21 SP (+ buffer = 40 SP epica) --- ## Implementacion ### Database | Objeto | Tipo | Archivo | RF | |--------|------|---------|-----| | core_auth | Schema | `ddl/schemas/core_auth/` | - | | users_auth | Tabla | `ddl/schemas/core_auth/tables/users_auth.sql` | RF-AUTH-001 | | sessions | Tabla | `ddl/schemas/core_auth/tables/sessions.sql` | RF-AUTH-002 | | refresh_tokens | Tabla | `ddl/schemas/core_auth/tables/refresh_tokens.sql` | RF-AUTH-002 | | password_resets | Tabla | `ddl/schemas/core_auth/tables/password_resets.sql` | RF-AUTH-003 | | login_attempts | Tabla | `ddl/schemas/core_auth/tables/login_attempts.sql` | RF-AUTH-004 | | oauth_accounts | Tabla | `ddl/schemas/core_auth/tables/oauth_accounts.sql` | RF-AUTH-005 | | validate_password | Funcion | `ddl/schemas/core_auth/functions/validate_password.sql` | RF-AUTH-001 | | cleanup_expired_sessions | Funcion | `ddl/schemas/core_auth/functions/cleanup_sessions.sql` | RF-AUTH-002 | ### Backend | Objeto | Tipo | Archivo | RF | |--------|------|---------|-----| | AuthModule | Module | `src/modules/auth/auth.module.ts` | - | | AuthService | Service | `src/modules/auth/auth.service.ts` | RF-AUTH-001 | | TokenService | Service | `src/modules/auth/token.service.ts` | RF-AUTH-002 | | PasswordService | Service | `src/modules/auth/password.service.ts` | RF-AUTH-003 | | OAuthService | Service | `src/modules/auth/oauth.service.ts` | RF-AUTH-005 | | AuthController | Controller | `src/modules/auth/auth.controller.ts` | - | | JwtAuthGuard | Guard | `src/modules/auth/guards/jwt-auth.guard.ts` | RF-AUTH-002 | | LoginDto | DTO | `src/modules/auth/dto/login.dto.ts` | RF-AUTH-001 | | TokenResponseDto | DTO | `src/modules/auth/dto/token-response.dto.ts` | RF-AUTH-002 | ### Frontend | Objeto | Tipo | Archivo | RF | |--------|------|---------|-----| | LoginPage | Page | `src/features/auth/pages/LoginPage.tsx` | RF-AUTH-001 | | ForgotPasswordPage | Page | `src/features/auth/pages/ForgotPasswordPage.tsx` | RF-AUTH-003 | | ResetPasswordPage | Page | `src/features/auth/pages/ResetPasswordPage.tsx` | RF-AUTH-003 | | LoginForm | Component | `src/features/auth/components/LoginForm.tsx` | RF-AUTH-001 | | SocialLoginButtons | Component | `src/features/auth/components/SocialLoginButtons.tsx` | RF-AUTH-005 | | authStore | Store | `src/features/auth/stores/authStore.ts` | - | | authApi | API | `src/features/auth/api/authApi.ts` | - | --- ## Endpoints API | Metodo | Path | Descripcion | RF | Auth | |--------|------|-------------|-----|------| | POST | `/api/v1/auth/login` | Login con email/password | RF-AUTH-001 | No | | POST | `/api/v1/auth/logout` | Cerrar sesion | RF-AUTH-006 | Si | | POST | `/api/v1/auth/refresh` | Refrescar token | RF-AUTH-002 | No* | | POST | `/api/v1/auth/forgot-password` | Solicitar recuperacion | RF-AUTH-003 | No | | POST | `/api/v1/auth/reset-password` | Cambiar password | RF-AUTH-003 | No | | GET | `/api/v1/auth/me` | Obtener usuario actual | RF-AUTH-001 | Si | | GET | `/api/v1/auth/oauth/:provider` | Iniciar OAuth flow | RF-AUTH-005 | No | *Requiere refresh token valido --- ## Dependencias ### Este modulo depende de: Ninguna - MGN-001 es el primer modulo de la cadena. ### Modulos que dependen de este: | Modulo | Tipo | Razon | |--------|------|-------| | MGN-002 Users | Hard | Usuarios requieren auth | | MGN-003 Roles | Hard | RBAC usa tokens de auth | | MGN-004 Tenants | Hard | Tenant ID en token JWT | | TODOS | Hard | Autenticacion requerida | --- ## Test Coverage | Tipo | Casos | Estado | |------|-------|--------| | Unit Tests - AuthService | 12 | Pendiente | | Unit Tests - TokenService | 8 | Pendiente | | Integration Tests | 10 | Pendiente | | E2E Tests | 5 | Pendiente | | **Total** | **35** | **0%** | --- ## Trazabilidad Ver archivo completo: [TRACEABILITY.yml](./implementacion/TRACEABILITY.yml) --- ## Documentos Relacionados - **Epica:** [EPIC-MGN-001-auth.md](../../08-epicas/EPIC-MGN-001-auth.md) - **DDL Spec:** [DDL-SPEC-core_auth.md](../../04-modelado/database-design/DDL-SPEC-core_auth.md) - **Test Plan:** [TP-auth.md](../../06-test-plans/TP-auth.md) --- ## Historial | Fecha | Cambio | Autor | |-------|--------|-------| | 2025-12-05 | Creacion de _MAP.md con estructura GAMILIT | Requirements-Analyst | --- **Generado por:** Requirements-Analyst **Fecha:** 2025-12-05