npm - @akemona-org/strapi-plugin-users-permissions - Versions diffs - 3.7.0 - Mend

@akemona-org/strapi-plugin-users-permissions 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (143) hide show

package/LICENSE +22 -0
package/README.md +19 -0
package/admin/src/assets/images/logo.svg +1 -0
package/admin/src/components/BaselineAlignement/index.js +33 -0
package/admin/src/components/Bloc/index.js +10 -0
package/admin/src/components/BoundRoute/Components.js +78 -0
package/admin/src/components/BoundRoute/index.js +56 -0
package/admin/src/components/ContainerFluid/index.js +13 -0
package/admin/src/components/FormBloc/index.js +61 -0
package/admin/src/components/IntlInput/index.js +38 -0
package/admin/src/components/ListBaselineAlignment/index.js +8 -0
package/admin/src/components/ListRow/Components.js +74 -0
package/admin/src/components/ListRow/index.js +35 -0
package/admin/src/components/ModalForm/Wrapper.js +12 -0
package/admin/src/components/ModalForm/index.js +59 -0
package/admin/src/components/Permissions/ListWrapper.js +9 -0
package/admin/src/components/Permissions/PermissionRow/BaselineAlignment.js +7 -0
package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +37 -0
package/admin/src/components/Permissions/PermissionRow/RowStyle.js +28 -0
package/admin/src/components/Permissions/PermissionRow/SubCategory/ConditionsButtonWrapper.js +13 -0
package/admin/src/components/Permissions/PermissionRow/SubCategory/PolicyWrapper.js +8 -0
package/admin/src/components/Permissions/PermissionRow/SubCategory/SubCategoryWrapper.js +26 -0
package/admin/src/components/Permissions/PermissionRow/SubCategory/index.js +116 -0
package/admin/src/components/Permissions/PermissionRow/index.js +92 -0
package/admin/src/components/Permissions/index.js +44 -0
package/admin/src/components/Permissions/init.js +14 -0
package/admin/src/components/Permissions/reducer.js +27 -0
package/admin/src/components/Policies/Components.js +26 -0
package/admin/src/components/Policies/index.js +61 -0
package/admin/src/components/PrefixedIcon/index.js +27 -0
package/admin/src/components/Roles/EmptyRole/BaselineAlignment.js +7 -0
package/admin/src/components/Roles/EmptyRole/index.js +27 -0
package/admin/src/components/Roles/RoleListWrapper/index.js +17 -0
package/admin/src/components/Roles/RoleRow/RoleDescription.js +9 -0
package/admin/src/components/Roles/RoleRow/index.js +45 -0
package/admin/src/components/Roles/index.js +3 -0
package/admin/src/components/SizedInput/index.js +24 -0
package/admin/src/components/UsersPermissions/index.js +91 -0
package/admin/src/components/UsersPermissions/init.js +11 -0
package/admin/src/components/UsersPermissions/reducer.js +60 -0
package/admin/src/containers/AdvancedSettings/index.js +218 -0
package/admin/src/containers/AdvancedSettings/reducer.js +65 -0
package/admin/src/containers/AdvancedSettings/utils/form.js +52 -0
package/admin/src/containers/EmailTemplates/CustomTextInput.js +105 -0
package/admin/src/containers/EmailTemplates/Wrapper.js +36 -0
package/admin/src/containers/EmailTemplates/index.js +222 -0
package/admin/src/containers/EmailTemplates/reducer.js +58 -0
package/admin/src/containers/EmailTemplates/utils/forms.js +81 -0
package/admin/src/containers/EmailTemplates/utils/schema.js +25 -0
package/admin/src/containers/Providers/index.js +283 -0
package/admin/src/containers/Providers/reducer.js +54 -0
package/admin/src/containers/Providers/utils/createProvidersArray.js +21 -0
package/admin/src/containers/Providers/utils/forms.js +205 -0
package/admin/src/containers/Roles/CreatePage/index.js +167 -0
package/admin/src/containers/Roles/CreatePage/utils/schema.js +9 -0
package/admin/src/containers/Roles/EditPage/index.js +161 -0
package/admin/src/containers/Roles/EditPage/utils/schema.js +9 -0
package/admin/src/containers/Roles/ListPage/BaselineAlignment.js +8 -0
package/admin/src/containers/Roles/ListPage/index.js +188 -0
package/admin/src/containers/Roles/ProtectedCreatePage/index.js +12 -0
package/admin/src/containers/Roles/ProtectedEditPage/index.js +12 -0
package/admin/src/containers/Roles/ProtectedListPage/index.js +15 -0
package/admin/src/containers/Roles/index.js +35 -0
package/admin/src/contexts/EditPage/index.js +26 -0
package/admin/src/contexts/HomePage/index.js +27 -0
package/admin/src/contexts/UsersPermissionsContext/index.js +17 -0
package/admin/src/hooks/index.js +5 -0
package/admin/src/hooks/useFetchRole/index.js +55 -0
package/admin/src/hooks/useFetchRole/reducer.js +31 -0
package/admin/src/hooks/useForm/index.js +96 -0
package/admin/src/hooks/useForm/reducer.js +59 -0
package/admin/src/hooks/usePlugins/index.js +73 -0
package/admin/src/hooks/usePlugins/init.js +5 -0
package/admin/src/hooks/usePlugins/reducer.js +37 -0
package/admin/src/hooks/useRolesList/index.js +62 -0
package/admin/src/hooks/useRolesList/init.js +5 -0
package/admin/src/hooks/useRolesList/reducer.js +31 -0
package/admin/src/index.js +109 -0
package/admin/src/permissions.js +33 -0
package/admin/src/pluginId.js +5 -0
package/admin/src/translations/ar.json +49 -0
package/admin/src/translations/cs.json +55 -0
package/admin/src/translations/de.json +68 -0
package/admin/src/translations/dk.json +116 -0
package/admin/src/translations/en.json +104 -0
package/admin/src/translations/es.json +70 -0
package/admin/src/translations/fr.json +55 -0
package/admin/src/translations/id.json +69 -0
package/admin/src/translations/index.js +55 -0
package/admin/src/translations/it.json +68 -0
package/admin/src/translations/ja.json +53 -0
package/admin/src/translations/ko.json +55 -0
package/admin/src/translations/ms.json +54 -0
package/admin/src/translations/nl.json +53 -0
package/admin/src/translations/pl.json +55 -0
package/admin/src/translations/pt-BR.json +49 -0
package/admin/src/translations/pt.json +53 -0
package/admin/src/translations/ru.json +68 -0
package/admin/src/translations/sk.json +57 -0
package/admin/src/translations/sv.json +68 -0
package/admin/src/translations/th.json +66 -0
package/admin/src/translations/tr.json +53 -0
package/admin/src/translations/uk.json +54 -0
package/admin/src/translations/vi.json +55 -0
package/admin/src/translations/zh-Hans.json +104 -0
package/admin/src/translations/zh.json +53 -0
package/admin/src/utils/cleanPermissions.js +25 -0
package/admin/src/utils/formatPolicies.js +8 -0
package/admin/src/utils/getRequestURL.js +5 -0
package/admin/src/utils/getTrad.js +5 -0
package/admin/src/utils/index.js +4 -0
package/config/functions/bootstrap.js +234 -0
package/config/layout.js +10 -0
package/config/policies/isAuthenticated.js +9 -0
package/config/policies/permissions.js +93 -0
package/config/policies/rateLimit.js +33 -0
package/config/request.json +6 -0
package/config/routes.json +397 -0
package/config/schema.graphql.js +280 -0
package/config/security.json +5 -0
package/config/users-permissions-actions.js +80 -0
package/controllers/Auth.js +612 -0
package/controllers/User.js +125 -0
package/controllers/UsersPermissions.js +291 -0
package/controllers/user/admin.js +224 -0
package/controllers/user/api.js +173 -0
package/controllers/validation/email-template.js +40 -0
package/documentation/1.0.0/overrides/users-permissions-Role.json +281 -0
package/documentation/1.0.0/overrides/users-permissions-User.json +325 -0
package/middlewares/users-permissions/defaults.json +5 -0
package/middlewares/users-permissions/index.js +40 -0
package/models/Permission.js +7 -0
package/models/Permission.settings.json +43 -0
package/models/Role.js +7 -0
package/models/Role.settings.json +42 -0
package/models/User.config.js +15 -0
package/models/User.js +7 -0
package/models/User.settings.json +62 -0
package/package.json +70 -0
package/services/Jwt.js +65 -0
package/services/Providers.js +596 -0
package/services/User.js +167 -0
package/services/UsersPermissions.js +416 -0

package/config/users-permissions-actions.js ADDED Viewed

@@ -0,0 +1,80 @@
+'use strict';
+module.exports = {
+  actions: [
+    {
+      // Roles
+      section: 'plugins',
+      displayName: 'Create',
+      uid: 'roles.create',
+      subCategory: 'roles',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Read',
+      uid: 'roles.read',
+      subCategory: 'roles',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Update',
+      uid: 'roles.update',
+      subCategory: 'roles',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Delete',
+      uid: 'roles.delete',
+      subCategory: 'roles',
+      pluginName: 'users-permissions',
+    },
+    {
+      // providers
+      section: 'plugins',
+      displayName: 'Read',
+      uid: 'providers.read',
+      subCategory: 'providers',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Edit',
+      uid: 'providers.update',
+      subCategory: 'providers',
+      pluginName: 'users-permissions',
+    },
+    {
+      // emailTemplates
+      section: 'plugins',
+      displayName: 'Read',
+      uid: 'email-templates.read',
+      subCategory: 'emailTemplates',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Edit',
+      uid: 'email-templates.update',
+      subCategory: 'emailTemplates',
+      pluginName: 'users-permissions',
+    },
+    {
+      // advancedSettings
+      section: 'plugins',
+      displayName: 'Read',
+      uid: 'advanced-settings.read',
+      subCategory: 'advancedSettings',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Edit',
+      uid: 'advanced-settings.update',
+      subCategory: 'advancedSettings',
+      pluginName: 'users-permissions',
+    },
+  ],
+};

package/controllers/Auth.js ADDED Viewed

@@ -0,0 +1,612 @@
+'use strict';
+/**
+ * Auth.js controller
+ *
+ * @description: A set of functions called "actions" for managing `Auth`.
+ */
+/* eslint-disable no-useless-escape */
+const crypto = require('crypto');
+const _ = require('lodash');
+const grant = require('grant-koa');
+const { sanitizeEntity } = require('@akemona-org/strapi-utils');
+const emailRegExp =
+  /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
+const formatError = (error) => [
+  { messages: [{ id: error.id, message: error.message, field: error.field }] },
+];
+module.exports = {
+  async callback(ctx) {
+    const provider = ctx.params.provider || 'local';
+    const params = ctx.request.body;
+    const store = await strapi.store({
+      environment: '',
+      type: 'plugin',
+      name: 'users-permissions',
+    });
+    if (provider === 'local') {
+      if (!_.get(await store.get({ key: 'grant' }), 'email.enabled')) {
+        return ctx.badRequest(null, 'This provider is disabled.');
+      }
+      // The identifier is required.
+      if (!params.identifier) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'Auth.form.error.email.provide',
+            message: 'Please provide your username or your e-mail.',
+          })
+        );
+      }
+      // The password is required.
+      if (!params.password) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'Auth.form.error.password.provide',
+            message: 'Please provide your password.',
+          })
+        );
+      }
+      const query = { provider };
+      // Check if the provided identifier is an email or not.
+      const isEmail = emailRegExp.test(params.identifier);
+      // Set the identifier to the appropriate query field.
+      if (isEmail) {
+        query.email = params.identifier.toLowerCase();
+      } else {
+        query.username = params.identifier;
+      }
+      // Check if the user exists.
+      const user = await strapi.query('user', 'users-permissions').findOne(query);
+      if (!user) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'Auth.form.error.invalid',
+            message: 'Identifier or password invalid.',
+          })
+        );
+      }
+      if (
+        _.get(await store.get({ key: 'advanced' }), 'email_confirmation') &&
+        user.confirmed !== true
+      ) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'Auth.form.error.confirmed',
+            message: 'Your account email is not confirmed',
+          })
+        );
+      }
+      if (user.blocked === true) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'Auth.form.error.blocked',
+            message: 'Your account has been blocked by an administrator',
+          })
+        );
+      }
+      // The user never authenticated with the `local` provider.
+      if (!user.password) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'Auth.form.error.password.local',
+            message:
+              'This user never set a local password, please login with the provider used during account creation.',
+          })
+        );
+      }
+      const validPassword = await strapi.plugins[
+        'users-permissions'
+      ].services.user.validatePassword(params.password, user.password);
+      if (!validPassword) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'Auth.form.error.invalid',
+            message: 'Identifier or password invalid.',
+          })
+        );
+      } else {
+        ctx.send({
+          jwt: strapi.plugins['users-permissions'].services.jwt.issue({
+            id: user.id,
+          }),
+          user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
+            model: strapi.query('user', 'users-permissions').model,
+          }),
+        });
+      }
+    } else {
+      if (!_.get(await store.get({ key: 'grant' }), [provider, 'enabled'])) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'provider.disabled',
+            message: 'This provider is disabled.',
+          })
+        );
+      }
+      // Connect the user with the third-party provider.
+      let user;
+      let error;
+      try {
+        [user, error] = await strapi.plugins['users-permissions'].services.providers.connect(
+          provider,
+          ctx.query
+        );
+      } catch ([user, error]) {
+        return ctx.badRequest(null, error === 'array' ? error[0] : error);
+      }
+      if (!user) {
+        return ctx.badRequest(null, error === 'array' ? error[0] : error);
+      }
+      ctx.send({
+        jwt: strapi.plugins['users-permissions'].services.jwt.issue({
+          id: user.id,
+        }),
+        user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
+          model: strapi.query('user', 'users-permissions').model,
+        }),
+      });
+    }
+  },
+  async resetPassword(ctx) {
+    const params = _.assign({}, ctx.request.body, ctx.params);
+    if (
+      params.password &&
+      params.passwordConfirmation &&
+      params.password === params.passwordConfirmation &&
+      params.code
+    ) {
+      const user = await strapi
+        .query('user', 'users-permissions')
+        .findOne({ resetPasswordToken: `${params.code}` });
+      if (!user) {
+        return ctx.badRequest(
+          null,
+          formatError({
+            id: 'Auth.form.error.code.provide',
+            message: 'Incorrect code provided.',
+          })
+        );
+      }
+      const password = await strapi.plugins['users-permissions'].services.user.hashPassword({
+        password: params.password,
+      });
+      // Update the user.
+      await strapi
+        .query('user', 'users-permissions')
+        .update({ id: user.id }, { resetPasswordToken: null, password });
+      ctx.send({
+        jwt: strapi.plugins['users-permissions'].services.jwt.issue({
+          id: user.id,
+        }),
+        user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
+          model: strapi.query('user', 'users-permissions').model,
+        }),
+      });
+    } else if (
+      params.password &&
+      params.passwordConfirmation &&
+      params.password !== params.passwordConfirmation
+    ) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.password.matching',
+          message: 'Passwords do not match.',
+        })
+      );
+    } else {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.params.provide',
+          message: 'Incorrect params provided.',
+        })
+      );
+    }
+  },
+  async connect(ctx, next) {
+    const grantConfig = await strapi
+      .store({
+        environment: '',
+        type: 'plugin',
+        name: 'users-permissions',
+        key: 'grant',
+      })
+      .get();
+    const [requestPath] = ctx.request.url.split('?');
+    const provider = requestPath.split('/')[2];
+    if (!_.get(grantConfig[provider], 'enabled')) {
+      return ctx.badRequest(null, 'This provider is disabled.');
+    }
+    if (!strapi.config.server.url.startsWith('http')) {
+      strapi.log.warn(
+        'You are using a third party provider for login. Make sure to set an absolute url in config/server.js. More info here: https://strapi.akemona.com/documentation/developer-docs/latest/development/plugins/users-permissions.html#setting-up-the-server-url'
+      );
+    }
+    // Ability to pass OAuth callback dynamically
+    grantConfig[provider].callback = _.get(ctx, 'query.callback') || grantConfig[provider].callback;
+    grantConfig[provider].redirect_uri =
+      strapi.plugins['users-permissions'].services.providers.buildRedirectUri(provider);
+    return grant(grantConfig)(ctx, next);
+  },
+  async forgotPassword(ctx) {
+    let { email } = ctx.request.body;
+    // Check if the provided email is valid or not.
+    const isEmail = emailRegExp.test(email);
+    if (isEmail) {
+      email = email.toLowerCase();
+    } else {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.email.format',
+          message: 'Please provide a valid email address.',
+        })
+      );
+    }
+    const pluginStore = await strapi.store({
+      environment: '',
+      type: 'plugin',
+      name: 'users-permissions',
+    });
+    // Find the user by email.
+    const user = await strapi
+      .query('user', 'users-permissions')
+      .findOne({ email: email.toLowerCase() });
+    // User not found.
+    if (!user) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.user.not-exist',
+          message: 'This email does not exist.',
+        })
+      );
+    }
+    // User blocked
+    if (user.blocked) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.user.blocked',
+          message: 'This user is disabled.',
+        })
+      );
+    }
+    // Generate random token.
+    const resetPasswordToken = crypto.randomBytes(64).toString('hex');
+    const settings = await pluginStore.get({ key: 'email' }).then((storeEmail) => {
+      try {
+        return storeEmail['reset_password'].options;
+      } catch (error) {
+        return {};
+      }
+    });
+    const advanced = await pluginStore.get({
+      key: 'advanced',
+    });
+    const userInfo = sanitizeEntity(user, {
+      model: strapi.query('user', 'users-permissions').model,
+    });
+    settings.message = await strapi.plugins['users-permissions'].services.userspermissions.template(
+      settings.message,
+      {
+        URL: advanced.email_reset_password,
+        USER: userInfo,
+        TOKEN: resetPasswordToken,
+      }
+    );
+    settings.object = await strapi.plugins['users-permissions'].services.userspermissions.template(
+      settings.object,
+      {
+        USER: userInfo,
+      }
+    );
+    try {
+      // Send an email to the user.
+      await strapi.plugins['email'].services.email.send({
+        to: user.email,
+        from:
+          settings.from.email || settings.from.name
+            ? `${settings.from.name} <${settings.from.email}>`
+            : undefined,
+        replyTo: settings.response_email,
+        subject: settings.object,
+        text: settings.message,
+        html: settings.message,
+      });
+    } catch (err) {
+      return ctx.badRequest(null, err);
+    }
+    // Update the user.
+    await strapi.query('user', 'users-permissions').update({ id: user.id }, { resetPasswordToken });
+    ctx.send({ ok: true });
+  },
+  async register(ctx) {
+    const pluginStore = await strapi.store({
+      environment: '',
+      type: 'plugin',
+      name: 'users-permissions',
+    });
+    const settings = await pluginStore.get({
+      key: 'advanced',
+    });
+    if (!settings.allow_register) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.advanced.allow_register',
+          message: 'Register action is currently disabled.',
+        })
+      );
+    }
+    const params = {
+      ..._.omit(ctx.request.body, ['confirmed', 'confirmationToken', 'resetPasswordToken']),
+      provider: 'local',
+    };
+    // Password is required.
+    if (!params.password) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.password.provide',
+          message: 'Please provide your password.',
+        })
+      );
+    }
+    // Email is required.
+    if (!params.email) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.email.provide',
+          message: 'Please provide your email.',
+        })
+      );
+    }
+    // Throw an error if the password selected by the user
+    // contains more than three times the symbol '$'.
+    if (strapi.plugins['users-permissions'].services.user.isHashed(params.password)) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.password.format',
+          message: 'Your password cannot contain more than three times the symbol `$`.',
+        })
+      );
+    }
+    const role = await strapi
+      .query('role', 'users-permissions')
+      .findOne({ type: settings.default_role }, []);
+    if (!role) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.role.notFound',
+          message: 'Impossible to find the default role.',
+        })
+      );
+    }
+    // Check if the provided email is valid or not.
+    const isEmail = emailRegExp.test(params.email);
+    if (isEmail) {
+      params.email = params.email.toLowerCase();
+    } else {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.email.format',
+          message: 'Please provide valid email address.',
+        })
+      );
+    }
+    params.role = role.id;
+    params.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params);
+    const user = await strapi.query('user', 'users-permissions').findOne({
+      email: params.email,
+    });
+    if (user && user.provider === params.provider) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.email.taken',
+          message: 'Email is already taken.',
+        })
+      );
+    }
+    if (user && user.provider !== params.provider && settings.unique_email) {
+      return ctx.badRequest(
+        null,
+        formatError({
+          id: 'Auth.form.error.email.taken',
+          message: 'Email is already taken.',
+        })
+      );
+    }
+    try {
+      if (!settings.email_confirmation) {
+        params.confirmed = true;
+      }
+      const user = await strapi.query('user', 'users-permissions').create(params);
+      const sanitizedUser = sanitizeEntity(user, {
+        model: strapi.query('user', 'users-permissions').model,
+      });
+      if (settings.email_confirmation) {
+        try {
+          await strapi.plugins['users-permissions'].services.user.sendConfirmationEmail(user);
+        } catch (err) {
+          return ctx.badRequest(null, err);
+        }
+        return ctx.send({ user: sanitizedUser });
+      }
+      const jwt = strapi.plugins['users-permissions'].services.jwt.issue(_.pick(user, ['id']));
+      return ctx.send({
+        jwt,
+        user: sanitizedUser,
+      });
+    } catch (err) {
+      const adminError = _.includes(err.message, 'username')
+        ? {
+            id: 'Auth.form.error.username.taken',
+            message: 'Username already taken',
+          }
+        : { id: 'Auth.form.error.email.taken', message: 'Email already taken' };
+      ctx.badRequest(null, formatError(adminError));
+    }
+  },
+  async emailConfirmation(ctx, next, returnUser) {
+    const { confirmation: confirmationToken } = ctx.query;
+    const { user: userService, jwt: jwtService } = strapi.plugins['users-permissions'].services;
+    if (_.isEmpty(confirmationToken)) {
+      return ctx.badRequest('token.invalid');
+    }
+    const user = await userService.fetch({ confirmationToken }, []);
+    if (!user) {
+      return ctx.badRequest('token.invalid');
+    }
+    await userService.edit({ id: user.id }, { confirmed: true, confirmationToken: null });
+    if (returnUser) {
+      ctx.send({
+        jwt: jwtService.issue({ id: user.id }),
+        user: sanitizeEntity(user, {
+          model: strapi.query('user', 'users-permissions').model,
+        }),
+      });
+    } else {
+      const settings = await strapi
+        .store({
+          environment: '',
+          type: 'plugin',
+          name: 'users-permissions',
+          key: 'advanced',
+        })
+        .get();
+      ctx.redirect(settings.email_confirmation_redirection || '/');
+    }
+  },
+  async sendEmailConfirmation(ctx) {
+    const params = _.assign(ctx.request.body);
+    if (!params.email) {
+      return ctx.badRequest('missing.email');
+    }
+    const isEmail = emailRegExp.test(params.email);
+    if (isEmail) {
+      params.email = params.email.toLowerCase();
+    } else {
+      return ctx.badRequest('wrong.email');
+    }
+    const user = await strapi.query('user', 'users-permissions').findOne({
+      email: params.email,
+    });
+    if (user.confirmed) {
+      return ctx.badRequest('already.confirmed');
+    }
+    if (user.blocked) {
+      return ctx.badRequest('blocked.user');
+    }
+    try {
+      await strapi.plugins['users-permissions'].services.user.sendConfirmationEmail(user);
+      ctx.send({
+        email: user.email,
+        sent: true,
+      });
+    } catch (err) {
+      return ctx.badRequest(null, err);
+    }
+  },
+};