@strapi/admin 4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d → 4.7.0

package/ee/server/services/user.js

@@ -0,0 +1,234 @@
+'use strict';
+
+const _ = require('lodash');
+const { pipe, map, castArray, toNumber } = require('lodash/fp');
+const { stringIncludes } = require('@strapi/utils');
+const { ValidationError } = require('@strapi/utils').errors;
+const { hasSuperAdminRole } = require('../../../server/domain/user');
+const { getService } = require('../../../server/utils');
+const { SUPER_ADMIN_CODE } = require('../../../server/services/constants');
+
+/** Checks if ee disabled users list needs to be updated
+ * @param {string} id
+ * @param {object} input
+ */
+const updateEEDisabledUsersList = async (id, input) => {
+  const disabledUsers = await getService('seat-enforcement').getDisabledUserList();
+
+  if (!disabledUsers) {
+    return;
+  }
+
+  const user = disabledUsers.find((user) => user.id === Number(id));
+  if (!user) {
+    return;
+  }
+
+  if (user.isActive !== input.isActive) {
+    const newDisabledUsersList = disabledUsers.filter((user) => user.id !== Number(id));
+    await strapi.store.set({
+      type: 'ee',
+      key: 'disabled_users',
+      value: newDisabledUsersList,
+    });
+  }
+};
+
+const castNumberArray = pipe(castArray, map(toNumber));
+
+const removeFromEEDisabledUsersList = async (ids) => {
+  let idsToCheck;
+  if (typeof ids === 'object') {
+    idsToCheck = castNumberArray(ids);
+  } else {
+    idsToCheck = [Number(ids)];
+  }
+
+  const disabledUsers = await getService('seat-enforcement').getDisabledUserList();
+
+  if (!disabledUsers) {
+    return;
+  }
+
+  const newDisabledUsersList = disabledUsers.filter((user) => !idsToCheck.includes(user.id));
+  await strapi.store.set({
+    type: 'ee',
+    key: 'disabled_users',
+    value: newDisabledUsersList,
+  });
+};
+
+/**
+ * Update a user in database
+ * @param id query params to find the user to update
+ * @param attributes A partial user object
+ * @returns {Promise<user>}
+ */
+const updateById = async (id, attributes) => {
+  // Check at least one super admin remains
+  if (_.has(attributes, 'roles')) {
+    const lastAdminUser = await isLastSuperAdminUser(id);
+    const superAdminRole = await getService('role').getSuperAdminWithUsersCount();
+    const willRemoveSuperAdminRole = !stringIncludes(attributes.roles, superAdminRole.id);
+
+    if (lastAdminUser && willRemoveSuperAdminRole) {
+      throw new ValidationError('You must have at least one user with super admin role.');
+    }
+  }
+
+  // cannot disable last super admin
+  if (attributes.isActive === false) {
+    const lastAdminUser = await isLastSuperAdminUser(id);
+    if (lastAdminUser) {
+      throw new ValidationError('You must have at least one user with super admin role.');
+    }
+  }
+
+  // hash password if a new one is sent
+  if (_.has(attributes, 'password')) {
+    const hashedPassword = await getService('auth').hashPassword(attributes.password);
+
+    const updatedUser = await strapi.query('admin::user').update({
+      where: { id },
+      data: {
+        ...attributes,
+        password: hashedPassword,
+      },
+      populate: ['roles'],
+    });
+
+    strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });
+
+    return updatedUser;
+  }
+
+  const updatedUser = await strapi.query('admin::user').update({
+    where: { id },
+    data: attributes,
+    populate: ['roles'],
+  });
+
+  await updateEEDisabledUsersList(id, attributes);
+
+  if (updatedUser) {
+    strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });
+  }
+
+  return updatedUser;
+};
+
+/** Delete a user
+ * @param id id of the user to delete
+ * @returns {Promise<user>}
+ */
+const deleteById = async (id) => {
+  // Check at least one super admin remains
+  const userToDelete = await strapi.query('admin::user').findOne({
+    where: { id },
+    populate: ['roles'],
+  });
+
+  if (!userToDelete) {
+    return null;
+  }
+
+  if (userToDelete) {
+    if (userToDelete.roles.some((r) => r.code === SUPER_ADMIN_CODE)) {
+      const superAdminRole = await getService('role').getSuperAdminWithUsersCount();
+      if (superAdminRole.usersCount === 1) {
+        throw new ValidationError('You must have at least one user with super admin role.');
+      }
+    }
+  }
+
+  const deletedUser = await strapi
+    .query('admin::user')
+    .delete({ where: { id }, populate: ['roles'] });
+
+  await removeFromEEDisabledUsersList(id);
+
+  strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });
+
+  return deletedUser;
+};
+
+/** Delete a user
+ * @param ids ids of the users to delete
+ * @returns {Promise<user>}
+ */
+const deleteByIds = async (ids) => {
+  // Check at least one super admin remains
+  const superAdminRole = await getService('role').getSuperAdminWithUsersCount();
+  const nbOfSuperAdminToDelete = await strapi.query('admin::user').count({
+    where: {
+      id: ids,
+      roles: { id: superAdminRole.id },
+    },
+  });
+
+  if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {
+    throw new ValidationError('You must have at least one user with super admin role.');
+  }
+
+  const deletedUsers = [];
+  for (const id of ids) {
+    const deletedUser = await strapi.query('admin::user').delete({
+      where: { id },
+      populate: ['roles'],
+    });
+
+    deletedUsers.push(deletedUser);
+  }
+
+  await removeFromEEDisabledUsersList(ids);
+
+  strapi.eventHub.emit('user.delete', {
+    users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),
+  });
+
+  return deletedUsers;
+};
+
+const sanitizeUserRoles = (role) => _.pick(role, ['id', 'name', 'description', 'code']);
+
+/**
+ * Check if a user is the last super admin
+ * @param {int|string} userId user's id to look for
+ */
+const isLastSuperAdminUser = async (userId) => {
+  const user = await findOne(userId);
+  const superAdminRole = await getService('role').getSuperAdminWithUsersCount();
+
+  return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);
+};
+
+/**
+ * Remove private user fields
+ * @param {Object} user - user to sanitize
+ */
+const sanitizeUser = (user) => {
+  return {
+    ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),
+    roles: user.roles && user.roles.map(sanitizeUserRoles),
+  };
+};
+
+/**
+ * Find one user
+ */
+const findOne = async (id, populate = ['roles']) => {
+  return strapi.entityService.findOne('admin::user', id, { populate });
+};
+
+const getCurrentActiveUserCount = async () => {
+  return strapi.db.query('admin::user').count({ where: { isActive: true } });
+};
+
+module.exports = {
+  updateEEDisabledUsersList,
+  removeFromEEDisabledUsersList,
+  getCurrentActiveUserCount,
+  deleteByIds,
+  deleteById,
+  updateById,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/admin",
-  "version": "4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d",
+  "version": "4.7.0",
   "description": "Strapi Admin",
   "repository": {
     "type": "git",
@@ -46,15 +46,15 @@
     "@casl/ability": "^5.4.3",
     "@fingerprintjs/fingerprintjs": "3.3.6",
     "@pmmmwh/react-refresh-webpack-plugin": "0.5.10",
-    "@strapi/babel-plugin-switch-ee-ce": "4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d",
-    "@strapi/data-transfer": "4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d",
+    "@strapi/babel-plugin-switch-ee-ce": "4.7.0",
+    "@strapi/data-transfer": "4.7.0",
     "@strapi/design-system": "1.6.3",
-    "@strapi/helper-plugin": "4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d",
+    "@strapi/helper-plugin": "4.7.0",
     "@strapi/icons": "1.6.3",
-    "@strapi/permissions": "4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d",
-    "@strapi/provider-audit-logs-local": "4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d",
-    "@strapi/typescript-utils": "4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d",
-    "@strapi/utils": "4.7.0-exp.117579f4c13806c2cd518e7d7d2f9d0c8a20107d",
+    "@strapi/permissions": "4.7.0",
+    "@strapi/provider-audit-logs-local": "4.7.0",
+    "@strapi/typescript-utils": "4.7.0",
+    "@strapi/utils": "4.7.0",
     "axios": "1.2.2",
     "babel-loader": "^9.1.2",
     "babel-plugin-styled-components": "2.0.2",
@@ -165,5 +165,5 @@
       }
     }
   },
-  "gitHead": "117579f4c13806c2cd518e7d7d2f9d0c8a20107d"
+  "gitHead": "948dbb3121330ffd43f3a4f55522c797770e0b2a"
 }

package/server/middlewares/data-transfer.js

@@ -0,0 +1,26 @@
+'use strict';
+
+const { getService } = require('../utils');
+
+module.exports = () => async (ctx, next) => {
+  const transferUtils = getService('transfer').utils;
+
+  const { hasValidTokenSalt, isDataTransferEnabled, isDisabledFromEnv } = transferUtils;
+
+  if (isDataTransferEnabled()) {
+    return next();
+  }
+
+  if (!hasValidTokenSalt()) {
+    return ctx.notImplemented(
+      'The server configuration for data transfer is invalid. Please contact your server administrator.'
+    );
+  }
+
+  if (isDisabledFromEnv()) {
+    return ctx.notFound();
+  }
+
+  // This should never happen as long as we're handling individual scenarios above
+  throw new Error('Unexpected error while trying to access a data transfer route');
+};

package/server/middlewares/index.js

@@ -4,4 +4,5 @@ const rateLimit = require('./rateLimit');
 
 module.exports = {
   rateLimit,
+  'data-transfer': require('./data-transfer'),
 };

package/server/routes/transfer.js

@@ -9,15 +9,7 @@ module.exports = [
     path: '/transfer/runner/connect',
     handler: 'transfer.runner-connect',
     config: {
-      middlewares: [
-        (ctx, next) => {
-          if (process.env.STRAPI_DISABLE_REMOTE_DATA_TRANSFER === 'true') {
-            return ctx.notFound();
-          }
-
-          return next();
-        },
-      ],
+      middlewares: ['admin::data-transfer'],
       // TODO: Allow not passing any scope <> Add a way to prevent assigning one by default
       auth: { strategies: [dataTransferAuthStrategy], scope: ['push'] },
     },
@@ -28,6 +20,7 @@ module.exports = [
     path: '/transfer/tokens',
     handler: 'transfer.token-create',
     config: {
+      middlewares: ['admin::data-transfer'],
       policies: [
         'admin::isAuthenticatedAdmin',
         { name: 'admin::hasPermissions', config: { actions: ['admin::transfer.tokens.create'] } },
@@ -39,6 +32,7 @@ module.exports = [
     path: '/transfer/tokens',
     handler: 'transfer.token-list',
     config: {
+      middlewares: ['admin::data-transfer'],
       policies: [
         'admin::isAuthenticatedAdmin',
         { name: 'admin::hasPermissions', config: { actions: ['admin::transfer.tokens.read'] } },
@@ -50,6 +44,7 @@ module.exports = [
     path: '/transfer/tokens/:id',
     handler: 'transfer.token-revoke',
     config: {
+      middlewares: ['admin::data-transfer'],
       policies: [
         'admin::isAuthenticatedAdmin',
         { name: 'admin::hasPermissions', config: { actions: ['admin::transfer.tokens.delete'] } },
@@ -61,6 +56,7 @@ module.exports = [
     path: '/transfer/tokens/:id',
     handler: 'transfer.token-getById',
     config: {
+      middlewares: ['admin::data-transfer'],
       policies: [
         'admin::isAuthenticatedAdmin',
         { name: 'admin::hasPermissions', config: { actions: ['admin::transfer.tokens.read'] } },
@@ -72,6 +68,7 @@ module.exports = [
     path: '/transfer/tokens/:id',
     handler: 'transfer.token-update',
     config: {
+      middlewares: ['admin::data-transfer'],
       policies: [
         'admin::isAuthenticatedAdmin',
         { name: 'admin::hasPermissions', config: { actions: ['admin::transfer.tokens.update'] } },
@@ -83,6 +80,7 @@ module.exports = [
     path: '/transfer/tokens/:id/regenerate',
     handler: 'transfer.token-regenerate',
     config: {
+      middlewares: ['admin::data-transfer'],
       policies: [
         'admin::isAuthenticatedAdmin',
         {

package/server/services/transfer/index.js

@@ -3,4 +3,5 @@
 module.exports = {
   permission: require('./permission'),
   token: require('./token'),
+  utils: require('./utils'),
 };

package/server/services/transfer/token.js

@@ -8,6 +8,7 @@ const {
 } = require('@strapi/utils');
 
 const constants = require('../constants');
+const { getService } = require('../../utils');
 
 const TRANSFER_TOKEN_UID = 'admin::transfer-token';
 const TRANSFER_TOKEN_PERMISSION_UID = 'admin::transfer-token-permission';
@@ -327,6 +328,12 @@ const getExpirationFields = (lifespan) => {
  * @returns {string}
  */
 const hash = (accessKey) => {
+  const { hasValidTokenSalt } = getService('transfer').utils;
+
+  if (!hasValidTokenSalt()) {
+    throw new TypeError('Required token salt is not defined');
+  }
+
   return crypto
     .createHmac('sha512', strapi.config.get('admin.transfer.token.salt'))
     .update(accessKey)
@@ -337,9 +344,17 @@ const hash = (accessKey) => {
  * @returns {void}
  */
 const checkSaltIsDefined = () => {
-  if (!strapi.config.get('admin.transfer.token.salt')) {
-    throw new Error(
-      `Missing transfer.token.salt. Please set transfer.token.salt in config/admin.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
+  const { hasValidTokenSalt, isDisabledFromEnv } = getService('transfer').utils;
+
+  // Ignore the check if the data-transfer feature is manually disabled
+  if (isDisabledFromEnv()) {
+    return;
+  }
+
+  if (!hasValidTokenSalt()) {
+    process.emitWarning(
+      `Missing transfer.token.salt: Data transfer features have been disabled.
+Please set transfer.token.salt in config/admin.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`)
 For security reasons, prefer storing the secret in an environment variable and read it in config/admin.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
     );
   }

package/server/services/transfer/utils.js

@@ -0,0 +1,38 @@
+'use strict';
+
+const { env } = require('@strapi/utils');
+
+const { getService } = require('../../utils');
+
+/**
+ * Returns whether the data transfer features have been disabled from the env configuration
+ *
+ * @returns {boolean}
+ */
+const isDisabledFromEnv = () => {
+  return env.bool('STRAPI_DISABLE_REMOTE_DATA_TRANSFER', false);
+};
+
+/**
+ * A valid transfer token salt must be a non-empty string defined in the Strapi config
+ *
+ * @returns {boolean}
+ */
+const hasValidTokenSalt = () => {
+  const salt = strapi.config.get('admin.transfer.token.salt', null);
+
+  return typeof salt === 'string' && salt.length > 0;
+};
+
+/**
+ * Checks whether data transfer features are enabled
+ *
+ * @returns {boolean}
+ */
+const isDataTransferEnabled = () => {
+  const { utils } = getService('transfer');
+
+  return !utils.isDisabledFromEnv() && utils.hasValidTokenSalt();
+};
+
+module.exports = { isDataTransferEnabled, isDisabledFromEnv, hasValidTokenSalt };

package/admin/src/pages/SettingsPage/components/Tokens/FormiTokenContainer/LifeSpanInput.js

@@ -1,95 +0,0 @@
-import React from 'react';
-import PropTypes from 'prop-types';
-import { useIntl } from 'react-intl';
-import { usePersistentState } from '@strapi/helper-plugin';
-import { Select, Option, Typography } from '@strapi/design-system';
-import { getDateOfExpiration } from '../../../pages/ApiTokens/EditView/utils';
-
-const LifeSpanInput = ({ token, errors, values, onChange, disabled }) => {
-  const { formatMessage } = useIntl();
-  const [lang] = usePersistentState('strapi-admin-language', 'en');
-
-  return (
-    <>
-      <Select
-        name="lifespan"
-        label={formatMessage({
-          id: 'Settings.apiTokens.form.duration',
-          defaultMessage: 'Token duration',
-        })}
-        value={values.lifespan !== null ? values.lifespan : '0'}
-        error={
-          errors.lifespan
-            ? formatMessage(
-                errors.lifespan?.id
-                  ? errors.lifespan
-                  : { id: errors.lifespan, defaultMessage: errors.lifespan }
-              )
-            : null
-        }
-        onChange={(value) => {
-          onChange({ target: { name: 'lifespan', value } });
-        }}
-        required
-        disabled={disabled}
-        placeholder="Select"
-      >
-        <Option value="604800000">
-          {formatMessage({
-            id: 'Settings.apiTokens.duration.7-days',
-            defaultMessage: '7 days',
-          })}
-        </Option>
-        <Option value="2592000000">
-          {formatMessage({
-            id: 'Settings.apiTokens.duration.30-days',
-            defaultMessage: '30 days',
-          })}
-        </Option>
-        <Option value="7776000000">
-          {formatMessage({
-            id: 'Settings.apiTokens.duration.90-days',
-            defaultMessage: '90 days',
-          })}
-        </Option>
-        <Option value="0">
-          {formatMessage({
-            id: 'Settings.apiTokens.duration.unlimited',
-            defaultMessage: 'Unlimited',
-          })}
-        </Option>
-      </Select>
-      <Typography variant="pi" textColor="neutral600">
-        {disabled &&
-          `${formatMessage({
-            id: 'Settings.apiTokens.duration.expiration-date',
-            defaultMessage: 'Expiration date',
-          })}: ${getDateOfExpiration(token?.createdAt, parseInt(values.lifespan, 10, lang))}`}
-      </Typography>
-    </>
-  );
-};
-
-LifeSpanInput.propTypes = {
-  errors: PropTypes.string,
-  onChange: PropTypes.func.isRequired,
-  values: PropTypes.oneOfType([PropTypes.number, PropTypes.string]).isRequired,
-  disabled: PropTypes.bool.isRequired,
-  token: PropTypes.shape({
-    id: PropTypes.oneOfType([PropTypes.number, PropTypes.string]),
-    type: PropTypes.string,
-    lifespan: PropTypes.string,
-    name: PropTypes.string,
-    accessKey: PropTypes.string,
-    permissions: PropTypes.array,
-    description: PropTypes.string,
-    createdAt: PropTypes.string,
-  }),
-};
-
-LifeSpanInput.defaultProps = {
-  errors: {},
-  token: {},
-};
-
-export default LifeSpanInput;

package/build/4649.b7e84a29.chunk.js

@@ -1,30 +0,0 @@
-(self.webpackChunk_strapi_admin=self.webpackChunk_strapi_admin||[]).push([[4649],{30493:function(b,M,n){"use strict";n.d(M,{Z:function(){return s}});var e=n(32735),g=n(5636),a=n(60216),t=n.n(a),u=n(13478),A=n(57269),E=n(39161),f=n(8888);const C=({onRegenerate:y,idToRegenerate:c,backUrl:R})=>{const{formatMessage:I}=(0,g.useIntl)(),[_,L]=(0,e.useState)(!1),{regenerateData:W,isLoadingConfirmation:G}=(0,f.rW)(R,c,y),N=async()=>{W(),L(!1)};return e.createElement(e.Fragment,null,e.createElement(E.Button,{startIcon:e.createElement(A.Refresh,null),type:"button",size:"S",variant:"tertiary",onClick:()=>L(!0),name:"regenerate"},I({id:"Settings.apiTokens.regenerate",defaultMessage:"Regenerate"})),e.createElement(u.ConfirmDialog,{bodyText:{id:"Settings.apiTokens.popUpWarning.message",defaultMessage:"Are you sure you want to regenerate this token?"},iconRightButton:e.createElement(A.Refresh,null),isConfirmButtonLoading:G,isOpen:_,onToggleDialog:()=>L(!1),onConfirm:N,leftButtonText:{id:"Settings.apiTokens.Button.cancel",defaultMessage:"Cancel"},rightButtonText:{id:"Settings.apiTokens.Button.regenerate",defaultMessage:"Regenerate"},title:{id:"Settings.apiTokens.RegenerateDialog.title",defaultMessage:"Regenerate token"}}))};C.defaultProps={onRegenerate(){}},C.propTypes={onRegenerate:t().func,idToRegenerate:t().oneOfType([t().number,t().string]).isRequired,backUrl:t().string.isRequired};var h=C;const v=({title:y,token:c,setToken:R,canEditInputs:I,canRegenerate:_,isSubmitting:L,backUrl:W,regenerateUrl:G})=>{const{formatMessage:N}=(0,g.useIntl)(),Z=X=>{R({...c,accessKey:X})};return e.createElement(E.HeaderLayout,{title:c?.name||N(y),primaryAction:I?e.createElement(E.Stack,{horizontal:!0,spacing:2},_&&c?.id&&e.createElement(h,{backUrl:G,onRegenerate:Z,idToRegenerate:c?.id}),e.createElement(E.Button,{disabled:L,loading:L,startIcon:e.createElement(A.Check,null),type:"submit",size:"S"},N({id:"global.save",defaultMessage:"Save"}))):_&&c?.id&&e.createElement(h,{onRegenerate:Z,idToRegenerate:c?.id,backUrl:G}),navigationAction:e.createElement(u.Link,{startIcon:e.createElement(A.ArrowLeft,null),to:W},N({id:"global.back",defaultMessage:"Back"}))})};v.propTypes={token:t().shape({id:t().oneOfType([t().number,t().string]),type:t().string,lifespan:t().oneOfType([t().number,t().string]),name:t().string,accessKey:t().string,permissions:t().array,description:t().string,createdAt:t().string}),canEditInputs:t().bool.isRequired,canRegenerate:t().bool.isRequired,setToken:t().func.isRequired,isSubmitting:t().bool.isRequired,backUrl:t().string.isRequired,title:t().shape({id:t().string,label:t().string}).isRequired,regenerateUrl:t().string.isRequired},v.defaultProps={token:void 0};var s=v},4321:function(b,M,n){"use strict";var e=n(32735),g=n(60216),a=n.n(g),t=n(5636),u=n(39161),A=n.n(u),E=n(37944);const f=({token:C,errors:h,values:v,onChange:s,isCreating:y})=>{const{formatMessage:c}=(0,t.useIntl)();return e.createElement(e.Fragment,null,e.createElement(u.Select,{name:"lifespan",label:c({id:"Settings.apiTokens.form.duration",defaultMessage:"Token duration"}),value:v.lifespan!==null?v.lifespan:"0",error:h.lifespan?c(h.lifespan?.id?h.lifespan:{id:h.lifespan,defaultMessage:h.lifespan}):null,onChange:R=>{s({target:{name:"lifespan",value:R}})},required:!0,disabled:!y,placeholder:"Select"},e.createElement(u.Option,{value:"604800000"},c({id:"Settings.tokens.duration.7-days",defaultMessage:"7 days"})),e.createElement(u.Option,{value:"2592000000"},c({id:"Settings.tokens.duration.30-days",defaultMessage:"30 days"})),e.createElement(u.Option,{value:"7776000000"},c({id:"Settings.tokens.duration.90-days",defaultMessage:"90 days"})),e.createElement(u.Option,{value:"0"},c({id:"Settings.tokens.duration.unlimited",defaultMessage:"Unlimited"}))),e.createElement(u.Typography,{variant:"pi",textColor:"neutral600"},!y&&`${c({id:"Settings.tokens.duration.expiration-date",defaultMessage:"Expiration date"})}: ${(0,E.IX)(C?.createdAt,parseInt(v.lifespan,10))}`))};f.propTypes={errors:a().shape({lifespan:a().string}),onChange:a().func.isRequired,values:a().shape({lifespan:a().oneOfType([a().number,a().string])}).isRequired,isCreating:a().bool.isRequired,token:a().shape({id:a().oneOfType([a().number,a().string]),type:a().string,lifespan:a().string,name:a().string,accessKey:a().string,permissions:a().array,description:a().string,createdAt:a().string})},f.defaultProps={errors:{},token:{}},M.Z=f},93682:function(b,M,n){"use strict";var e=n(32735),g=n(5636),a=n(13478),t=n.n(a),u=n(39161),A=n.n(u),E=n(57269),f=n.n(E),C=n(60216),h=n.n(C),v=n(59087),s=n.n(v);const y=({token:c,tokenType:R})=>{const{formatMessage:I}=(0,g.useIntl)(),_=(0,a.useNotification)(),{trackUsage:L}=(0,a.useTracking)(),W=(0,e.useRef)(L);return e.createElement(a.ContentBox,{endAction:c&&e.createElement("span",{style:{alignSelf:"start"}},e.createElement(v.CopyToClipboard,{onCopy:()=>{W.current("didCopyTokenKey",{tokenType:R}),_({type:"success",message:{id:"Settings.tokens.notification.copied"}})},text:c},e.createElement(u.IconButton,{label:I({id:"app.component.CopyToClipboard.label",defaultMessage:"Copy to clipboard"}),noBorder:!0,icon:e.createElement(E.Duplicate,null),style:{padding:0,height:"1rem"}}))),title:c||I({id:"Settings.tokens.copy.editTitle",defaultMessage:"This token isn\u2019t accessible anymore."}),subtitle:I(c?{id:"Settings.tokens.copy.lastWarning",defaultMessage:"Make sure to copy this token, you won\u2019t be able to see it again!"}:{id:"Settings.tokens.copy.editMessage",defaultMessage:"For security reasons, you can only see your token once."}),icon:e.createElement(E.Key,null),iconBackground:"neutral100"})};y.defaultProps={token:null},y.propTypes={token:h().string,tokenType:h().string.isRequired},M.Z=y},42789:function(b,M,n){"use strict";var e=n(32735),g=n(60216),a=n.n(g),t=n(5636),u=n(39161),A=n.n(u);const E=({errors:f,values:C,onChange:h,canEditInputs:v})=>{const{formatMessage:s}=(0,t.useIntl)();return e.createElement(u.Textarea,{label:s({id:"Settings.tokens.form.description",defaultMessage:"Description"}),name:"description",error:f.description?s(f.description?.id?f.description:{id:f.description,defaultMessage:f.description}):null,onChange:h,disabled:!v},C.description)};E.propTypes={errors:a().shape({description:a().string}),onChange:a().func.isRequired,canEditInputs:a().bool.isRequired,values:a().shape({description:a().string}).isRequired},E.defaultProps={errors:{}},M.Z=E},8377:function(b,M,n){"use strict";var e=n(32735),g=n(60216),a=n.n(g),t=n(5636),u=n(39161),A=n.n(u);const E=({errors:f,values:C,onChange:h,canEditInputs:v})=>{const{formatMessage:s}=(0,t.useIntl)();return e.createElement(u.TextInput,{name:"name",error:f.name?s(f.name?.id?f.name:{id:f.name,defaultMessage:f.name}):null,label:s({id:"Settings.tokens.form.name",defaultMessage:"Name"}),onChange:h,value:C.name,disabled:!v,required:!0})};E.propTypes={errors:a().shape({name:a().string}),onChange:a().func.isRequired,canEditInputs:a().bool.isRequired,values:a().shape({name:a().string}).isRequired},E.defaultProps={errors:{}},M.Z=E},68774:function(b,M,n){"use strict";n.d(M,{Z:function(){return e},f:function(){return g}});const e="api-token",g="transfer-token"},24649:function(b,M,n){"use strict";n.d(M,{Z:function(){return De}});var e=n(32735),g=n(5636),a=n(13478),t=n(39161),u=n(83281),A=n(5141),E=n(84968),f=n(64421),C=n(37944),h=n(57269),v=n(60216),s=n.n(v);const y=({apiTokenName:o})=>{const{formatMessage:i}=(0,g.useIntl)();return(0,a.useFocusWhenNavigate)(),e.createElement(t.Main,{"aria-busy":"true"},e.createElement(a.SettingsPageTitle,{name:"API Tokens"}),e.createElement(t.HeaderLayout,{primaryAction:e.createElement(t.Button,{disabled:!0,startIcon:e.createElement(h.Check,null),type:"button",size:"L"},i({id:"global.save",defaultMessage:"Save"})),title:o||i({id:"Settings.apiTokens.createPage.title",defaultMessage:"Create API Token"})}),e.createElement(t.ContentLayout,null,e.createElement(a.LoadingIndicatorPage,null)))};y.defaultProps={apiTokenName:null},y.propTypes={apiTokenName:s().string};var c=y,R=n(72041);const I=(0,e.createContext)({}),_=({children:o,...i})=>e.createElement(I.Provider,{value:i},o),L=()=>(0,e.useContext)(I);_.propTypes={children:s().node.isRequired};var G=(o,i=[])=>({...o,selectedAction:null,routes:[],selectedActions:[],data:(0,C.mk)(i)}),N=n(97889),Z=n(92891);const X={data:{},selectedActions:[]};var re=(o,i)=>(0,N.default)(o,r=>{switch(i.type){case"ON_CHANGE":{r.selectedActions.includes(i.value)?(0,Z.pull)(r.selectedActions,i.value):r.selectedActions.push(i.value);break}case"SELECT_ALL_IN_PERMISSION":{i.value.every(d=>r.selectedActions.includes(d.actionId))?i.value.forEach(d=>{(0,Z.pull)(r.selectedActions,d.actionId)}):i.value.forEach(d=>{r.selectedActions.push(d.actionId)});break}case"SELECT_ALL_ACTIONS":{r.selectedActions=[...r.data.allActionsIds];break}case"ON_CHANGE_READ_ONLY":{const T=r.data.allActionsIds.filter(d=>d.includes("find")||d.includes("findOne"));r.selectedActions=[...T];break}case"UPDATE_PERMISSIONS_LAYOUT":{r.data=(0,C.mk)(i.value);break}case"UPDATE_ROUTES":{r.routes={...i.value};break}case"UPDATE_PERMISSIONS":{r.selectedActions=[...i.value];break}case"SET_SELECTED_ACTION":{r.selectedAction=i.value;break}default:return r}}),z=n(83292);const ie=z.css`
-  background: ${o=>o.theme.colors.primary100};
-  svg {
-    opacity: 1;
-  }
-`;var le=(0,z.default)(t.Box)`
-  display: flex;
-  justify-content: space-between;
-  align-items: center;
-
-  svg {
-    opacity: 0;
-    path {
-      fill: ${o=>o.theme.colors.primary600};
-    }
-  }
-
-  /* Show active style both on hover and when the action is selected */
-  ${o=>o.isActive&&ie}
-  &:hover {
-    ${ie}
-  }
-`;const ce=z.default.div`
-  flex: 1;
-  align-self: center;
-  border-top: 1px solid ${({theme:o})=>o.colors.neutral150};
-`,J=({controllers:o,label:i,orderNumber:r,disabled:T,onExpanded:d,indexExpandendCollapsedContent:l})=>{const{value:{onChangeSelectAll:k,onChange:B,selectedActions:P,setSelectedAction:U,selectedAction:$}}=L(),[x,j]=(0,e.useState)(!1),{formatMessage:H}=(0,g.useIntl)(),S=()=>{j(D=>!D),d(r)};(0,e.useEffect)(()=>{l!==null&&l!==r&&x&&j(!1)},[l,r,x]);const F=D=>D===$;return e.createElement(t.Accordion,{expanded:x,onToggle:S,variant:r%2?"primary":"secondary"},e.createElement(t.AccordionToggle,{title:(0,Z.capitalize)(i)}),e.createElement(t.AccordionContent,null,o?.map(D=>{const Q=D.actions.every(m=>P.includes(m.actionId)),ne=D.actions.some(m=>P.includes(m.actionId));return e.createElement(t.Box,{key:`${i}.${D?.controller}`},e.createElement(t.Flex,{justifyContent:"space-between",alignItems:"center",padding:4},e.createElement(t.Box,{paddingRight:4},e.createElement(t.Typography,{variant:"sigma",textColor:"neutral600"},D?.controller)),e.createElement(ce,null),e.createElement(t.Box,{paddingLeft:4},e.createElement(t.Checkbox,{value:Q,indeterminate:!Q&&ne,onValueChange:()=>{k({target:{value:[...D.actions]}})},disabled:T},H({id:"app.utils.select-all",defaultMessage:"Select all"})))),e.createElement(t.Grid,{gap:4,padding:4},D?.actions&&D?.actions.map(m=>e.createElement(t.GridItem,{col:6,key:m.actionId},e.createElement(le,{isActive:F(m.actionId),padding:2,hasRadius:!0},e.createElement(t.Checkbox,{value:P.includes(m.actionId),name:m.actionId,onValueChange:()=>{B({target:{value:m.actionId}})},disabled:T},m.action),e.createElement("button",{type:"button","data-testid":"action-cog",onClick:()=>U({target:{value:m.actionId}}),style:{display:"inline-flex",alignItems:"center"}},e.createElement(h.Cog,null)))))))})))};J.defaultProps={controllers:[],orderNumber:0,disabled:!1,onExpanded:()=>null,indexExpandendCollapsedContent:null},J.propTypes={controllers:s().array,orderNumber:s().number,label:s().string.isRequired,disabled:s().bool,onExpanded:s().func,indexExpandendCollapsedContent:s().number};var de=J;const w=({section:o,...i})=>{const[r,T]=(0,e.useState)(null),d=l=>T(l);return e.createElement(t.Box,{padding:4,background:"neutral0"},o&&o.map((l,k)=>e.createElement(de,{key:l.apiId,label:l.label,controllers:l.controllers,orderNumber:k,indexExpandendCollapsedContent:r,onExpanded:d,name:l.apiId,...i})))};w.defaultProps={section:null},w.propTypes={section:s().arrayOf(s().object)};var pe=w,ue=n(37213),ge=n.n(ue),me=n(15738),Ee=n.n(me),fe=o=>{switch(o){case"POST":return{text:"success600",border:"success200",background:"success100"};case"GET":return{text:"secondary600",border:"secondary200",background:"secondary100"};case"PUT":return{text:"warning600",border:"warning200",background:"warning100"};case"DELETE":return{text:"danger600",border:"danger200",background:"danger100"};default:return{text:"neutral600",border:"neutral200",background:"neutral100"}}};const ye=(0,z.default)(t.Box)`
-  margin: -1px;
-  border-radius: ${({theme:o})=>o.spaces[1]} 0 0 ${({theme:o})=>o.spaces[1]};
-`;function q({route:o}){const{formatMessage:i}=(0,g.useIntl)(),{method:r,handler:T,path:d}=o,l=d?Ee()(d.split("/")):[],[k="",B=""]=T?T.split("."):[],P=fe(o.method);return e.createElement(t.Stack,{spacing:2},e.createElement(t.Typography,{variant:"delta",as:"h3"},i({id:"Settings.apiTokens.createPage.BoundRoute.title",defaultMessage:"Bound route to"}),"\xA0",e.createElement("span",null,k),e.createElement(t.Typography,{variant:"delta",textColor:"primary600"},".",B)),e.createElement(t.Stack,{horizontal:!0,hasRadius:!0,background:"neutral0",borderColor:"neutral200",spacing:0},e.createElement(ye,{background:P.background,borderColor:P.border,padding:2},e.createElement(t.Typography,{fontWeight:"bold",textColor:P.text},r)),e.createElement(t.Box,{paddingLeft:2,paddingRight:2},ge()(l,U=>e.createElement(t.Typography,{key:U,textColor:U.includes(":")?"neutral600":"neutral900"},"/",U)))))}q.defaultProps={route:{handler:"Nocontroller.error",method:"GET",path:"/there-is-no-path"}},q.propTypes={route:s().shape({handler:s().string,method:s().string,path:s().string})};var Te=q,he=()=>{const{value:{selectedAction:o,routes:i}}=L(),{formatMessage:r}=(0,g.useIntl)(),T=o?.split(".")[0];return e.createElement(t.GridItem,{col:5,background:"neutral150",paddingTop:6,paddingBottom:6,paddingLeft:7,paddingRight:7,style:{minHeight:"100%"}},o?e.createElement(t.Stack,{spacing:2},i[T]?.map(d=>d.config.auth?.scope?.includes(o)||d.handler===o?e.createElement(Te,{key:d.handler,route:d}):null)):e.createElement(t.Stack,{spacing:2},e.createElement(t.Typography,{variant:"delta",as:"h3"},r({id:"Settings.apiTokens.createPage.permissions.header.title",defaultMessage:"Advanced settings"})),e.createElement(t.Typography,{as:"p",textColor:"neutral600"},r({id:"Settings.apiTokens.createPage.permissions.header.hint",defaultMessage:"Select the application's actions or the plugin's actions and click on the cog icon to display the bound route"}))))};const Ce=({...o})=>{const{value:{data:i}}=L(),{formatMessage:r}=(0,g.useIntl)();return e.createElement(t.Grid,{gap:0,shadow:"filterShadow",hasRadius:!0,background:"neutral0"},e.createElement(t.GridItem,{col:7,paddingTop:6,paddingBottom:6,paddingLeft:7,paddingRight:7},e.createElement(t.Stack,{spacing:2},e.createElement(t.Typography,{variant:"delta",as:"h2"},r({id:"Settings.apiTokens.createPage.permissions.title",defaultMessage:"Permissions"})),e.createElement(t.Typography,{as:"p",textColor:"neutral600"},r({id:"Settings.apiTokens.createPage.permissions.description",defaultMessage:"Only actions bound by a route are listed below."}))),i?.permissions&&e.createElement(pe,{section:i?.permissions,...o})),e.createElement(he,null))};var ve=(0,e.memo)(Ce),Ae=n(4321),Me=n(8377),ke=n(42789);const ee=({errors:o,values:i,onChange:r,canEditInputs:T,options:d,label:l})=>{const{formatMessage:k}=(0,g.useIntl)();return e.createElement(t.Select,{name:"type",label:k({id:l.id,defaultMessage:l.defaultMessage}),value:i?.type,error:o.type?k(o.type?.id?o.type:{id:o.type,defaultMessage:o.type}):null,onChange:r,placeholder:"Select",required:!0,disabled:!T},d&&d.map(({value:B,label:P})=>e.createElement(t.Option,{key:B,value:B},k(P))))};ee.propTypes={options:s().arrayOf(s().shape({label:s().shape({id:s().string,defaultMessage:s().string}),value:s().string})),errors:s().shape({type:s().string}),onChange:s().func.isRequired,canEditInputs:s().bool.isRequired,values:s().shape({type:s().string}).isRequired,label:s().shape({id:s().string,defaultMessage:s().string}).isRequired},ee.defaultProps={errors:{},options:[]};var Re=ee;const te=({errors:o,onChange:i,canEditInputs:r,isCreating:T,values:d,apiToken:l,onDispatch:k,setHasChangedPermissions:B})=>{const{formatMessage:P}=(0,g.useIntl)(),U=({target:{value:x}})=>{B(!1),x==="full-access"&&k({type:"SELECT_ALL_ACTIONS"}),x==="read-only"&&k({type:"ON_CHANGE_READ_ONLY"})},$=[{value:"read-only",label:{id:"Settings.apiTokens.types.read-only",defaultMessage:"Read-only"}},{value:"full-access",label:{id:"Settings.apiTokens.types.full-access",defaultMessage:"Full access"}},{value:"custom",label:{id:"Settings.apiTokens.types.custom",defaultMessage:"Custom"}}];return e.createElement(t.Box,{background:"neutral0",hasRadius:!0,shadow:"filterShadow",paddingTop:6,paddingBottom:6,paddingLeft:7,paddingRight:7},e.createElement(t.Stack,{spacing:4},e.createElement(t.Typography,{variant:"delta",as:"h2"},P({id:"global.details",defaultMessage:"Details"})),e.createElement(t.Grid,{gap:5},e.createElement(t.GridItem,{key:"name",col:6,xs:12},e.createElement(Me.Z,{errors:o,values:d,canEditInputs:r,onChange:i})),e.createElement(t.GridItem,{key:"description",col:6,xs:12},e.createElement(ke.Z,{errors:o,values:d,canEditInputs:r,onChange:i})),e.createElement(t.GridItem,{key:"lifespan",col:6,xs:12},e.createElement(Ae.Z,{isCreating:T,errors:o,values:d,onChange:i,token:l})),e.createElement(t.GridItem,{key:"type",col:6,xs:12},e.createElement(Re,{values:d,errors:o,label:{id:"Settings.apiTokens.form.type",defaultMessage:"Token type"},onChange:x=>{U({target:{value:x}}),i({target:{name:"type",value:x}})},options:$,canEditInputs:r})))))};te.propTypes={errors:s().shape({name:s().string,description:s().string,lifespan:s().string,type:s().string}),onChange:s().func.isRequired,canEditInputs:s().bool.isRequired,values:s().shape({name:s().string,description:s().string,lifespan:s().oneOfType([s().number,s().string]),type:s().string}).isRequired,isCreating:s().bool.isRequired,apiToken:s().shape({id:s().oneOfType([s().number,s().string]),type:s().string,lifespan:s().string,name:s().string,accessKey:s().string,permissions:s().array,description:s().string,createdAt:s().string}),onDispatch:s().func.isRequired,setHasChangedPermissions:s().func.isRequired},te.defaultProps={errors:{},apiToken:{}};var Pe=te,Oe=n(93682),Ie=n(30493),Y=n(68774);const Se="Name already taken";var De=()=>{(0,a.useFocusWhenNavigate)();const{formatMessage:o}=(0,g.useIntl)(),{lockApp:i,unlockApp:r}=(0,a.useOverlayBlocker)(),T=(0,a.useNotification)(),d=(0,A.useHistory)(),[l,k]=(0,e.useState)(d.location.state?.apiToken.accessKey?{...d.location.state.apiToken}:null),{trackUsage:B}=(0,a.useTracking)(),P=(0,e.useRef)(B),{setCurrentStep:U}=(0,a.useGuidedTour)(),{allowedActions:{canCreate:$,canUpdate:x,canRegenerate:j}}=(0,a.useRBAC)(R.Z.settings["api-tokens"]),[H,S]=(0,e.useReducer)(re,X,p=>G(p,{})),{params:{id:F}}=(0,A.useRouteMatch)("/settings/api-tokens/:id"),{get:D,post:Q,put:ne}=(0,a.useFetchClient)(),m=F==="create";(0,E.useQuery)("content-api-permissions",async()=>{const[p,K]=await Promise.all(["/admin/content-api/permissions","/admin/content-api/routes"].map(async V=>{const{data:O}=await D(V);return O.data}));S({type:"UPDATE_PERMISSIONS_LAYOUT",value:p}),S({type:"UPDATE_ROUTES",value:K}),l&&(l?.type==="read-only"&&S({type:"ON_CHANGE_READ_ONLY"}),l?.type==="full-access"&&S({type:"SELECT_ALL_ACTIONS"}),l?.type==="custom"&&S({type:"UPDATE_PERMISSIONS",value:l?.permissions}))},{onError(){T({type:"warning",message:{id:"notification.error",defaultMessage:"An error occured"}})}}),(0,e.useEffect)(()=>{P.current(m?"didAddTokenFromList":"didEditTokenFromList",{tokenType:Y.Z})},[m]);const{status:_e}=(0,E.useQuery)(["api-token",F],async()=>{const{data:{data:p}}=await D(`/admin/api-tokens/${F}`);return k({...p}),p?.type==="read-only"&&S({type:"ON_CHANGE_READ_ONLY"}),p?.type==="full-access"&&S({type:"SELECT_ALL_ACTIONS"}),p?.type==="custom"&&S({type:"UPDATE_PERMISSIONS",value:p?.permissions}),p},{enabled:!m&&!l,onError(){T({type:"warning",message:{id:"notification.error",defaultMessage:"An error occured"}})}}),Le=async(p,K)=>{P.current(m?"willCreateToken":"willEditToken",{tokenType:Y.Z}),i();const V=p.lifespan&&parseInt(p.lifespan,10)&&p.lifespan!=="0"?parseInt(p.lifespan,10):null;try{const{data:{data:O}}=m?await Q("/admin/api-tokens",{...p,lifespan:V,permissions:p.type==="custom"?H.selectedActions:null}):await ne(`/admin/api-tokens/${F}`,{name:p.name,description:p.description,type:p.type,permissions:p.type==="custom"?H.selectedActions:null});m&&(d.replace(`/settings/api-tokens/${O.id}`,{apiToken:O}),U("apiTokens.success")),r(),k({...O}),T({type:"success",message:o(m?{id:"notification.success.tokencreated",defaultMessage:"API Token successfully created"}:{id:"notification.success.tokenedited",defaultMessage:"API Token successfully edited"})}),P.current(m?"didCreateToken":"didEditToken",{type:l.type,tokenType:Y.Z})}catch(O){const oe=(0,f.Iz)(O.response.data);K.setErrors(oe),O?.response?.data?.error?.message===Se?T({type:"warning",message:O.response.data.message||"notification.error.tokennamenotunique"}):T({type:"warning",message:O?.response?.data?.message||"notification.error"}),r()}},[xe,se]=(0,e.useState)(!1),Be={...H,onChange:({target:{value:p}})=>{se(!0),S({type:"ON_CHANGE",value:p})},onChangeSelectAll:({target:{value:p}})=>{se(!0),S({type:"SELECT_ALL_IN_PERMISSION",value:p})},setSelectedAction:({target:{value:p}})=>{S({type:"SET_SELECTED_ACTION",value:p})}},ae=x&&!m||$&&m;return!m&&!l&&_e!=="success"?e.createElement(c,{apiTokenName:l?.name}):e.createElement(_,{value:Be},e.createElement(t.Main,null,e.createElement(a.SettingsPageTitle,{name:"API Tokens"}),e.createElement(u.Formik,{validationSchema:C.fK,validateOnChange:!1,initialValues:{name:l?.name||"",description:l?.description||"",type:l?.type,lifespan:l?.lifespan?l.lifespan.toString():l?.lifespan},enableReinitialize:!0,onSubmit:(p,K)=>Le(p,K)},({errors:p,handleChange:K,isSubmitting:V,values:O,setFieldValue:oe})=>(xe&&O?.type!=="custom"&&oe("type","custom"),e.createElement(a.Form,null,e.createElement(Ie.Z,{backUrl:"/settings/api-tokens",title:{id:"Settings.apiTokens.createPage.title",defaultMessage:"Create API Token"},token:l,setToken:k,canEditInputs:ae,canRegenerate:j,isSubmitting:V,regenerateUrl:"/admin/api-tokens/"}),e.createElement(t.ContentLayout,null,e.createElement(t.Stack,{spacing:6},Boolean(l?.name)&&e.createElement(Oe.Z,{token:l?.accessKey,tokenType:Y.Z}),e.createElement(Pe,{errors:p,onChange:K,canEditInputs:ae,isCreating:m,values:O,apiToken:l,onDispatch:S,setHasChangedPermissions:se}),e.createElement(ve,{disabled:!ae||O?.type==="read-only"||O?.type==="full-access"}))))))))}},37944:function(b,M,n){"use strict";n.d(M,{IX:function(){return t},fK:function(){return f},mk:function(){return v}});var e=n(64213),g=n(54049),t=(s,y,c="en")=>{if(y&&typeof y=="number"){const R=y/24/60/60/1e3;return(0,e.format)((0,e.addDays)(new Date(s),R),"PPP",{locale:g[c]})}return"Unlimited"},u=n(5173),A=n(13478),f=u.Ry().shape({name:u.Z_(A.translatedErrors.string).required(A.translatedErrors.required),type:u.Z_(A.translatedErrors.string).oneOf(["read-only","full-access","custom"]).required(A.translatedErrors.required),description:u.Z_().nullable(),lifespan:u.Rx().integer().min(0).nullable().defined(A.translatedErrors.required)}),C=n(92891),v=s=>{const y={allActionsIds:[],permissions:[]};return y.permissions=Object.keys(s).map(c=>({apiId:c,label:c.split("::")[1],controllers:(0,C.flatten)(Object.keys(s[c].controllers).map(R=>({controller:R,actions:(0,C.flatten)(s[c].controllers[R].map(I=>{const _=`${c}.${R}.${I}`;return c.includes("api::")&&y.allActionsIds.push(_),{action:I,actionId:_}}))})))})),y}},15738:function(b,M,n){var e=n(4293);function g(a){var t=a==null?0:a.length;return t?e(a,1,t):[]}b.exports=g}}]);