@strapi/admin 5.23.6 → 5.24.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/dist/admin/admin/src/features/Auth.js +9 -28
  2. package/dist/admin/admin/src/features/Auth.js.map +1 -1
  3. package/dist/admin/admin/src/features/Auth.mjs +11 -30
  4. package/dist/admin/admin/src/features/Auth.mjs.map +1 -1
  5. package/dist/admin/admin/src/pages/Auth/components/Register.js +9 -2
  6. package/dist/admin/admin/src/pages/Auth/components/Register.js.map +1 -1
  7. package/dist/admin/admin/src/pages/Auth/components/Register.mjs +9 -2
  8. package/dist/admin/admin/src/pages/Auth/components/Register.mjs.map +1 -1
  9. package/dist/admin/admin/src/services/auth.js +7 -6
  10. package/dist/admin/admin/src/services/auth.js.map +1 -1
  11. package/dist/admin/admin/src/services/auth.mjs +7 -6
  12. package/dist/admin/admin/src/services/auth.mjs.map +1 -1
  13. package/dist/admin/admin/src/utils/baseQuery.js +78 -42
  14. package/dist/admin/admin/src/utils/baseQuery.js.map +1 -1
  15. package/dist/admin/admin/src/utils/baseQuery.mjs +79 -43
  16. package/dist/admin/admin/src/utils/baseQuery.mjs.map +1 -1
  17. package/dist/admin/admin/src/utils/deviceId.js +38 -0
  18. package/dist/admin/admin/src/utils/deviceId.js.map +1 -0
  19. package/dist/admin/admin/src/utils/deviceId.mjs +36 -0
  20. package/dist/admin/admin/src/utils/deviceId.mjs.map +1 -0
  21. package/dist/admin/src/services/auth.d.ts +19 -10
  22. package/dist/admin/src/utils/deviceId.d.ts +5 -0
  23. package/dist/ee/server/src/controllers/authentication-utils/middlewares.d.ts.map +1 -1
  24. package/dist/ee/server/src/services/user.d.ts.map +1 -1
  25. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js +43 -17
  26. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.js.map +1 -1
  27. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs +43 -17
  28. package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs.map +1 -1
  29. package/dist/server/ee/server/src/services/user.js +14 -0
  30. package/dist/server/ee/server/src/services/user.js.map +1 -1
  31. package/dist/server/ee/server/src/services/user.mjs +14 -0
  32. package/dist/server/ee/server/src/services/user.mjs.map +1 -1
  33. package/dist/server/server/src/bootstrap.js +22 -0
  34. package/dist/server/server/src/bootstrap.js.map +1 -1
  35. package/dist/server/server/src/bootstrap.mjs +22 -0
  36. package/dist/server/server/src/bootstrap.mjs.map +1 -1
  37. package/dist/server/server/src/content-types/index.js +4 -0
  38. package/dist/server/server/src/content-types/index.js.map +1 -1
  39. package/dist/server/server/src/content-types/index.mjs +4 -0
  40. package/dist/server/server/src/content-types/index.mjs.map +1 -1
  41. package/dist/server/server/src/content-types/session.js +91 -0
  42. package/dist/server/server/src/content-types/session.js.map +1 -0
  43. package/dist/server/server/src/content-types/session.mjs +89 -0
  44. package/dist/server/server/src/content-types/session.mjs.map +1 -0
  45. package/dist/server/server/src/controllers/authentication.js +169 -38
  46. package/dist/server/server/src/controllers/authentication.js.map +1 -1
  47. package/dist/server/server/src/controllers/authentication.mjs +169 -38
  48. package/dist/server/server/src/controllers/authentication.mjs.map +1 -1
  49. package/dist/server/server/src/routes/authentication.js +2 -2
  50. package/dist/server/server/src/routes/authentication.js.map +1 -1
  51. package/dist/server/server/src/routes/authentication.mjs +2 -2
  52. package/dist/server/server/src/routes/authentication.mjs.map +1 -1
  53. package/dist/server/server/src/services/token.js +44 -31
  54. package/dist/server/server/src/services/token.js.map +1 -1
  55. package/dist/server/server/src/services/token.mjs +44 -30
  56. package/dist/server/server/src/services/token.mjs.map +1 -1
  57. package/dist/server/server/src/services/user.js +14 -0
  58. package/dist/server/server/src/services/user.js.map +1 -1
  59. package/dist/server/server/src/services/user.mjs +14 -0
  60. package/dist/server/server/src/services/user.mjs.map +1 -1
  61. package/dist/server/server/src/strategies/admin.js +23 -3
  62. package/dist/server/server/src/strategies/admin.js.map +1 -1
  63. package/dist/server/server/src/strategies/admin.mjs +23 -3
  64. package/dist/server/server/src/strategies/admin.mjs.map +1 -1
  65. package/dist/server/server/src/validation/authentication/login.js +16 -0
  66. package/dist/server/server/src/validation/authentication/login.js.map +1 -0
  67. package/dist/server/server/src/validation/authentication/login.mjs +14 -0
  68. package/dist/server/server/src/validation/authentication/login.mjs.map +1 -0
  69. package/dist/server/server/src/validation/authentication/register.js +6 -2
  70. package/dist/server/server/src/validation/authentication/register.js.map +1 -1
  71. package/dist/server/server/src/validation/authentication/register.mjs +6 -2
  72. package/dist/server/server/src/validation/authentication/register.mjs.map +1 -1
  73. package/dist/server/shared/utils/session-auth.js +76 -0
  74. package/dist/server/shared/utils/session-auth.js.map +1 -0
  75. package/dist/server/shared/utils/session-auth.mjs +65 -0
  76. package/dist/server/shared/utils/session-auth.mjs.map +1 -0
  77. package/dist/server/src/bootstrap.d.ts.map +1 -1
  78. package/dist/server/src/content-types/index.d.ts +88 -0
  79. package/dist/server/src/content-types/index.d.ts.map +1 -1
  80. package/dist/server/src/content-types/session.d.ts +88 -0
  81. package/dist/server/src/content-types/session.d.ts.map +1 -0
  82. package/dist/server/src/controllers/authentication.d.ts +5 -5
  83. package/dist/server/src/controllers/authentication.d.ts.map +1 -1
  84. package/dist/server/src/controllers/index.d.ts +5 -5
  85. package/dist/server/src/index.d.ts +93 -5
  86. package/dist/server/src/index.d.ts.map +1 -1
  87. package/dist/server/src/routes/authentication.d.ts.map +1 -1
  88. package/dist/server/src/services/token.d.ts +11 -19
  89. package/dist/server/src/services/token.d.ts.map +1 -1
  90. package/dist/server/src/services/user.d.ts.map +1 -1
  91. package/dist/server/src/strategies/admin.d.ts.map +1 -1
  92. package/dist/server/src/validation/authentication/index.d.ts +1 -1
  93. package/dist/server/src/validation/authentication/index.d.ts.map +1 -1
  94. package/dist/server/src/validation/authentication/login.d.ts +7 -0
  95. package/dist/server/src/validation/authentication/login.d.ts.map +1 -0
  96. package/dist/server/src/validation/authentication/register.d.ts +5 -0
  97. package/dist/server/src/validation/authentication/register.d.ts.map +1 -1
  98. package/dist/shared/contracts/authentication.d.ts +20 -10
  99. package/dist/shared/contracts/authentication.d.ts.map +1 -1
  100. package/dist/shared/utils/session-auth.d.ts +39 -0
  101. package/dist/shared/utils/session-auth.d.ts.map +1 -0
  102. package/package.json +7 -7
  103. package/dist/server/server/src/validation/authentication/renew-token.js +0 -11
  104. package/dist/server/server/src/validation/authentication/renew-token.js.map +0 -1
  105. package/dist/server/server/src/validation/authentication/renew-token.mjs +0 -9
  106. package/dist/server/server/src/validation/authentication/renew-token.mjs.map +0 -1
  107. package/dist/server/src/validation/authentication/renew-token.d.ts +0 -3
  108. package/dist/server/src/validation/authentication/renew-token.d.ts.map +0 -1
package/dist/server/ee/server/src/controllers/authentication-utils/middlewares.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"middlewares.mjs","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n const { user } = ctx.state;\n\n const jwt = getService('token').createJwtToken(user);\n\n const isProduction = strapi.config.get('environment') === 'production';\n\n const cookiesOptions = { httpOnly: false, secure: isProduction, overwrite: true, domain };\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.cookies.set('jwtToken', jwt, cookiesOptions);\n ctx.redirect(redirectUrls.success);\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","domain","config","jwt","createJwtToken","isProduction","cookiesOptions","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","cookies","set","success"],"mappings":";;;;AAKA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,UAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,KAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,UAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,UAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,CAACxC,GAAAA,GAAAA;AACvD,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAMmC,MAA6B9B,GAAAA,MAAAA,CAAO+B,MAAM,CAACX,GAAG,CAAC,mBAAA,CAAA;AACrD,IAAA,MAAM,EAAEf,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;AAE1B,IAAA,MAAMmB,GAAM1B,GAAAA,UAAAA,CAAW,OAAS2B,CAAAA,CAAAA,cAAc,CAAC5B,IAAAA,CAAAA;AAE/C,IAAA,MAAM6B,eAAelC,MAAO+B,CAAAA,MAAM,CAACX,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;AAE1D,IAAA,MAAMe,cAAiB,GAAA;QAAEC,QAAU,EAAA,KAAA;QAAOC,MAAQH,EAAAA,YAAAA;QAAcI,SAAW,EAAA,IAAA;AAAMR,QAAAA;AAAO,KAAA;AAExF,IAAA,MAAMS,aAAgBjC,GAAAA,UAAAA,CAAW,MAAQkC,CAAAA,CAAAA,YAAY,CAACnC,IAAAA,CAAAA;AACtDL,IAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;QAAEE,IAAMkC,EAAAA,aAAAA;AAAe/C,QAAAA;AAAS,KAAA,CAAA;AAE3EH,IAAAA,GAAAA,CAAIoD,OAAO,CAACC,GAAG,CAAC,YAAYV,GAAKG,EAAAA,cAAAA,CAAAA;IACjC9C,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAakD,OAAO,CAAA;AACnC;AAEA,kBAAe;AACbvD,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"middlewares.mjs","sources":["../../../../../../../ee/server/src/controllers/authentication-utils/middlewares.ts"],"sourcesContent":["import type { Core } from '@strapi/types';\nimport passport from 'koa-passport';\nimport { getService } from '../../utils';\nimport utils from './utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n generateDeviceId,\n} from '../../../../../shared/utils/session-auth';\n\nconst defaultConnectionError = () => new Error('Invalid connection payload');\n\nexport const authenticate: Core.MiddlewareHandler = async (ctx, next) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n // @ts-expect-error - can not use null to authenticate\n return passport.authenticate(provider, null, async (error, profile) => {\n if (error || !profile || !profile.email) {\n if (error) {\n strapi.log.error(error);\n }\n\n strapi.eventHub.emit('admin.auth.error', {\n error: error || defaultConnectionError(),\n provider,\n });\n\n return ctx.redirect(redirectUrls.error);\n }\n\n const user = await getService('user').findOneByEmail(profile.email);\n const scenario = user ? existingUserScenario : nonExistingUserScenario;\n\n return scenario(ctx, next)(user || profile, provider);\n })(ctx, next);\n};\n\nconst existingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (user: any, provider: any) => {\n const redirectUrls = utils.getPrefixedRedirectUrls();\n\n if (!user.isActive) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(`Deactivated user tried to login (${user.id})`),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n\n ctx.state.user = user;\n return next();\n };\n\nconst nonExistingUserScenario: Core.MiddlewareHandler =\n (ctx, next) => async (profile: any, provider: any) => {\n const { email, firstname, lastname, username } = profile;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const adminStore = await utils.getAdminStore();\n const { providers } = (await adminStore.get({ key: 'auth' })) as any;\n\n // We need at least the username or the firstname/lastname combination to register a new user\n const isMissingRegisterFields = !username && (!firstname || !lastname);\n\n if (!providers.autoRegister || !providers.defaultRole || isMissingRegisterFields) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n const defaultRole = await getService('role').findOne({ id: providers.defaultRole });\n\n // If the default role has been misconfigured, redirect with an error\n if (!defaultRole) {\n strapi.eventHub.emit('admin.auth.error', { error: defaultConnectionError(), provider });\n return ctx.redirect(redirectUrls.error);\n }\n\n // Register a new user with the information given by the provider and login with it\n ctx.state.user = await getService('user').create({\n email,\n username,\n firstname,\n lastname,\n roles: [defaultRole.id],\n isActive: true,\n registrationToken: null,\n });\n\n strapi.eventHub.emit('admin.auth.autoRegistration', {\n user: ctx.state.user,\n provider,\n });\n\n return next();\n };\n\nexport const redirectWithAuth: Core.MiddlewareHandler = async (ctx) => {\n const {\n params: { provider },\n } = ctx;\n const redirectUrls = utils.getPrefixedRedirectUrls();\n const { user } = ctx.state;\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n strapi.log.error('SessionManager not available for SSO authentication');\n return ctx.redirect(redirectUrls.error);\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: 'refresh',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry('refresh', absoluteExpiresAt);\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n strapi.log.error('Failed to generate access token for SSO user');\n return ctx.redirect(redirectUrls.error);\n }\n\n const { token: accessToken } = accessResult;\n\n const isProduction = strapi.config.get('environment') === 'production';\n const domain: string | undefined = strapi.config.get('admin.auth.domain');\n ctx.cookies.set('jwtToken', accessToken, {\n httpOnly: false,\n secure: isProduction,\n overwrite: true,\n domain,\n });\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider });\n\n ctx.redirect(redirectUrls.success);\n } catch (error) {\n strapi.log.error('SSO authentication failed during token generation', error);\n strapi.eventHub.emit('admin.auth.error', {\n error: error instanceof Error ? error : new Error('Unknown SSO error'),\n provider,\n });\n return ctx.redirect(redirectUrls.error);\n }\n};\n\nexport default {\n authenticate,\n redirectWithAuth,\n};\n"],"names":["defaultConnectionError","Error","authenticate","ctx","next","params","provider","redirectUrls","utils","getPrefixedRedirectUrls","passport","error","profile","email","strapi","log","eventHub","emit","redirect","user","getService","findOneByEmail","scenario","existingUserScenario","nonExistingUserScenario","isActive","id","state","firstname","lastname","username","adminStore","getAdminStore","providers","get","key","isMissingRegisterFields","autoRegister","defaultRole","findOne","create","roles","registrationToken","redirectWithAuth","sessionManager","getSessionManager","userId","String","deviceId","generateDeviceId","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","isProduction","config","domain","httpOnly","secure","overwrite","sanitizedUser","sanitizeUser","success"],"mappings":";;;;;AAWA,MAAMA,sBAAAA,GAAyB,IAAM,IAAIC,KAAM,CAAA,4BAAA,CAAA;AAExC,MAAMC,YAAuC,GAAA,OAAOC,GAAKC,EAAAA,IAAAA,GAAAA;AAC9D,IAAA,MAAM,EACJC,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;;AAGlD,IAAA,OAAOC,SAASR,YAAY,CAACI,QAAU,EAAA,IAAA,EAAM,OAAOK,KAAOC,EAAAA,OAAAA,GAAAA;AACzD,QAAA,IAAID,SAAS,CAACC,OAAAA,IAAW,CAACA,OAAAA,CAAQC,KAAK,EAAE;AACvC,YAAA,IAAIF,KAAO,EAAA;gBACTG,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAACA,KAAAA,CAAAA;AACnB;AAEAG,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,gBAAAA,KAAAA,EAAOA,KAASX,IAAAA,sBAAAA,EAAAA;AAChBM,gBAAAA;AACF,aAAA,CAAA;AAEA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAMQ,OAAO,MAAMC,UAAAA,CAAW,QAAQC,cAAc,CAACT,QAAQC,KAAK,CAAA;QAClE,MAAMS,QAAAA,GAAWH,OAAOI,oBAAuBC,GAAAA,uBAAAA;AAE/C,QAAA,OAAOF,QAASnB,CAAAA,GAAAA,EAAKC,IAAMe,CAAAA,CAAAA,IAAAA,IAAQP,OAASN,EAAAA,QAAAA,CAAAA;AAC9C,KAAA,CAAA,CAAGH,GAAKC,EAAAA,IAAAA,CAAAA;AACV;AAEA,MAAMmB,oBACJ,GAAA,CAACpB,GAAKC,EAAAA,IAAAA,GAAS,OAAOe,IAAWb,EAAAA,QAAAA,GAAAA;QAC/B,MAAMC,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAElD,IAAI,CAACU,IAAKM,CAAAA,QAAQ,EAAE;AAClBX,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBACvCN,KAAO,EAAA,IAAIV,MAAM,CAAC,iCAAiC,EAAEkB,IAAKO,CAAAA,EAAE,CAAC,CAAC,CAAC,CAAA;AAC/DpB,gBAAAA;AACF,aAAA,CAAA;AACA,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAGA,IAAAA;QACjB,OAAOf,IAAAA,EAAAA;AACT,KAAA;AAEF,MAAMoB,uBACJ,GAAA,CAACrB,GAAKC,EAAAA,IAAAA,GAAS,OAAOQ,OAAcN,EAAAA,QAAAA,GAAAA;QAClC,MAAM,EAAEO,KAAK,EAAEe,SAAS,EAAEC,QAAQ,EAAEC,QAAQ,EAAE,GAAGlB,OAAAA;QACjD,MAAML,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;QAClD,MAAMsB,UAAAA,GAAa,MAAMvB,KAAAA,CAAMwB,aAAa,EAAA;AAC5C,QAAA,MAAM,EAAEC,SAAS,EAAE,GAAI,MAAMF,UAAAA,CAAWG,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAO,SAAA,CAAA;;AAG1D,QAAA,MAAMC,0BAA0B,CAACN,QAAAA,KAAa,CAACF,SAAAA,IAAa,CAACC,QAAO,CAAA;QAEpE,IAAI,CAACI,UAAUI,YAAY,IAAI,CAACJ,SAAUK,CAAAA,WAAW,IAAIF,uBAAyB,EAAA;AAChFtB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM2B,WAAc,GAAA,MAAMlB,UAAW,CAAA,MAAA,CAAA,CAAQmB,OAAO,CAAC;AAAEb,YAAAA,EAAAA,EAAIO,UAAUK;AAAY,SAAA,CAAA;;AAGjF,QAAA,IAAI,CAACA,WAAa,EAAA;AAChBxB,YAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;gBAAEN,KAAOX,EAAAA,sBAAAA,EAAAA;AAA0BM,gBAAAA;AAAS,aAAA,CAAA;AACrF,YAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;;QAGAR,GAAIwB,CAAAA,KAAK,CAACR,IAAI,GAAG,MAAMC,UAAW,CAAA,MAAA,CAAA,CAAQoB,MAAM,CAAC;AAC/C3B,YAAAA,KAAAA;AACAiB,YAAAA,QAAAA;AACAF,YAAAA,SAAAA;AACAC,YAAAA,QAAAA;YACAY,KAAO,EAAA;AAACH,gBAAAA,WAAAA,CAAYZ;AAAG,aAAA;YACvBD,QAAU,EAAA,IAAA;YACViB,iBAAmB,EAAA;AACrB,SAAA,CAAA;AAEA5B,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,6BAA+B,EAAA;YAClDE,IAAMhB,EAAAA,GAAAA,CAAIwB,KAAK,CAACR,IAAI;AACpBb,YAAAA;AACF,SAAA,CAAA;QAEA,OAAOF,IAAAA,EAAAA;AACT,KAAA;AAEK,MAAMuC,mBAA2C,OAAOxC,GAAAA,GAAAA;AAC7D,IAAA,MAAM,EACJE,MAAQ,EAAA,EAAEC,QAAQ,EAAE,EACrB,GAAGH,GAAAA;IACJ,MAAMI,YAAAA,GAAeC,MAAMC,uBAAuB,EAAA;AAClD,IAAA,MAAM,EAAEU,IAAI,EAAE,GAAGhB,IAAIwB,KAAK;IAE1B,IAAI;AACF,QAAA,MAAMiB,cAAiBC,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAI,CAACD,cAAgB,EAAA;YACnB9B,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,qDAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;QAEA,MAAMmC,MAAAA,GAASC,MAAO5B,CAAAA,IAAAA,CAAKO,EAAE,CAAA;AAC7B,QAAA,MAAMsB,QAAWC,GAAAA,gBAAAA,EAAAA;AAEjB,QAAA,MAAM,EAAEC,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMR,cACvD,CAAA,OAAA,CAAA,CACAS,oBAAoB,CAACP,QAAQE,QAAU,EAAA;YACvCM,IAAM,EAAA;AACR,SAAA,CAAA;QAEA,MAAMC,aAAAA,GAAgBC,6BAA6B,SAAWJ,EAAAA,iBAAAA,CAAAA;AAC9DjD,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAACC,qBAAqBR,YAAcI,EAAAA,aAAAA,CAAAA;AAEnD,QAAA,MAAMK,YAAe,GAAA,MAAMhB,cAAe,CAAA,OAAA,CAAA,CAASiB,mBAAmB,CAACV,YAAAA,CAAAA;AACvE,QAAA,IAAI,WAAWS,YAAc,EAAA;YAC3B9C,MAAOC,CAAAA,GAAG,CAACJ,KAAK,CAAC,8CAAA,CAAA;AACjB,YAAA,OAAOR,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AAEA,QAAA,MAAM,EAAEuC,KAAAA,EAAOY,WAAW,EAAE,GAAGF,YAAAA;AAE/B,QAAA,MAAMG,eAAejD,MAAOkD,CAAAA,MAAM,CAAC9B,GAAG,CAAC,aAAmB,CAAA,KAAA,YAAA;AAC1D,QAAA,MAAM+B,MAA6BnD,GAAAA,MAAAA,CAAOkD,MAAM,CAAC9B,GAAG,CAAC,mBAAA,CAAA;AACrD/B,QAAAA,GAAAA,CAAIsD,OAAO,CAACC,GAAG,CAAC,YAAYI,WAAa,EAAA;YACvCI,QAAU,EAAA,KAAA;YACVC,MAAQJ,EAAAA,YAAAA;YACRK,SAAW,EAAA,IAAA;AACXH,YAAAA;AACF,SAAA,CAAA;AAEA,QAAA,MAAMI,aAAgBjD,GAAAA,UAAAA,CAAW,MAAQkD,CAAAA,CAAAA,YAAY,CAACnD,IAAAA,CAAAA;AACtDL,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,oBAAsB,EAAA;YAAEE,IAAMkD,EAAAA,aAAAA;AAAe/D,YAAAA;AAAS,SAAA,CAAA;QAE3EH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAagE,OAAO,CAAA;AACnC,KAAA,CAAE,OAAO5D,KAAO,EAAA;AACdG,QAAAA,MAAAA,CAAOC,GAAG,CAACJ,KAAK,CAAC,mDAAqDA,EAAAA,KAAAA,CAAAA;AACtEG,QAAAA,MAAAA,CAAOE,QAAQ,CAACC,IAAI,CAAC,kBAAoB,EAAA;AACvCN,YAAAA,KAAAA,EAAOA,KAAiBV,YAAAA,KAAAA,GAAQU,KAAQ,GAAA,IAAIV,KAAM,CAAA,mBAAA,CAAA;AAClDK,YAAAA;AACF,SAAA,CAAA;AACA,QAAA,OAAOH,GAAIe,CAAAA,QAAQ,CAACX,YAAAA,CAAaI,KAAK,CAAA;AACxC;AACF;AAEA,kBAAe;AACbT,IAAAA,YAAAA;AACAyC,IAAAA;AACF,CAAE;;;;"}
package/dist/server/ee/server/src/services/user.js CHANGED
@@ -9,6 +9,10 @@ var index = require('../utils/index.js');
9
9
 
10
10
  const { ValidationError } = utils.errors;
11
11
  const { SUPER_ADMIN_CODE } = constants;
12
+ const getSessionManager = ()=>{
13
+ const manager = strapi.sessionManager;
14
+ return manager ?? null;
15
+ };
12
16
  /** Checks if ee disabled users list needs to be updated
13
17
  * @param {string} id
14
18
  * @param {object} input
@@ -142,6 +146,11 @@ const removeFromEEDisabledUsersList = async (ids)=>{
142
146
  'roles'
143
147
  ]
144
148
  });
149
+ // Invalidate all sessions for the deleted user
150
+ const sessionManager = getSessionManager();
151
+ if (sessionManager && sessionManager.hasOrigin('admin')) {
152
+ await sessionManager('admin').invalidateRefreshToken(String(id));
153
+ }
145
154
  await removeFromEEDisabledUsersList(id);
146
155
  strapi.eventHub.emit('user.delete', {
147
156
  user: sanitizeUser(deletedUser)
@@ -175,6 +184,11 @@ const removeFromEEDisabledUsersList = async (ids)=>{
175
184
  'roles'
176
185
  ]
177
186
  });
187
+ // Invalidate all sessions for the deleted user
188
+ const sessionManager = getSessionManager();
189
+ if (sessionManager && sessionManager.hasOrigin('admin')) {
190
+ await sessionManager('admin').invalidateRefreshToken(String(id));
191
+ }
178
192
  deletedUsers.push(deletedUser);
179
193
  }
180
194
  await removeFromEEDisabledUsersList(ids);
package/dist/server/ee/server/src/services/user.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.js","sources":["../../../../../../ee/server/src/services/user.ts"],"sourcesContent":["import _ from 'lodash';\nimport { pipe, map, castArray, toNumber } from 'lodash/fp';\nimport { arrays, errors } from '@strapi/utils';\nimport { hasSuperAdminRole } from '../../../../server/src/domain/user';\nimport constants from '../../../../server/src/services/constants';\nimport { getService } from '../utils';\n\nconst { ValidationError } = errors;\nconst { SUPER_ADMIN_CODE } = constants;\n\n/** Checks if ee disabled users list needs to be updated\n * @param {string} id\n * @param {object} input\n */\nconst updateEEDisabledUsersList = async (id: string, input: any) => {\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const user = disabledUsers.find((user: any) => user.id === Number(id));\n if (!user) {\n return;\n }\n\n if (user.isActive !== input.isActive) {\n const newDisabledUsersList = disabledUsers.filter((user: any) => user.id !== Number(id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n }\n};\n\nconst castNumberArray = pipe(castArray, map(toNumber));\n\nconst removeFromEEDisabledUsersList = async (ids: unknown) => {\n let idsToCheck: any;\n if (typeof ids === 'object') {\n idsToCheck = castNumberArray(ids);\n } else {\n idsToCheck = [Number(ids)];\n }\n\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const newDisabledUsersList = disabledUsers.filter((user: any) => !idsToCheck.includes(user.id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n};\n\n/**\n * Update a user in database\n * @param id query params to find the user to update\n * @param attributes A partial user object\n * @returns {Promise<user>}\n */\nconst updateById = async (id: any, attributes: any) => {\n // Check at least one super admin remains\n if (_.has(attributes, 'roles')) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles, superAdminRole.id);\n\n if (lastAdminUser && willRemoveSuperAdminRole) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // cannot disable last super admin\n if (attributes.isActive === false) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n if (lastAdminUser) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // hash password if a new one is sent\n if (_.has(attributes, 'password')) {\n const hashedPassword = await getService('auth').hashPassword(attributes.password);\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: {\n ...attributes,\n password: hashedPassword,\n },\n populate: ['roles'],\n });\n\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n\n return updatedUser;\n }\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: attributes,\n populate: ['roles'],\n });\n\n await updateEEDisabledUsersList(id, attributes);\n\n if (updatedUser) {\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n }\n\n return updatedUser;\n};\n\n/** Delete a user\n * @param id id of the user to delete\n * @returns {Promise<user>}\n */\nconst deleteById = async (id: unknown) => {\n // Check at least one super admin remains\n const userToDelete = await strapi.db.query('admin::user').findOne({\n where: { id },\n populate: ['roles'],\n });\n\n if (!userToDelete) {\n return null;\n }\n\n if (userToDelete) {\n if (userToDelete.roles.some((r: any) => r.code === SUPER_ADMIN_CODE)) {\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n if (superAdminRole.usersCount === 1) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n }\n\n const deletedUser = await strapi.db\n .query('admin::user')\n .delete({ where: { id }, populate: ['roles'] });\n\n await removeFromEEDisabledUsersList(id);\n\n strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });\n\n return deletedUser;\n};\n\n/** Delete a user\n * @param ids ids of the users to delete\n * @returns {Promise<user>}\n */\nconst deleteByIds = async (ids: any) => {\n // Check at least one super admin remains\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const nbOfSuperAdminToDelete = await strapi.db.query('admin::user').count({\n where: {\n id: ids,\n roles: { id: superAdminRole.id },\n },\n });\n\n if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n\n const deletedUsers = [];\n for (const id of ids) {\n const deletedUser = await strapi.db.query('admin::user').delete({\n where: { id },\n populate: ['roles'],\n });\n\n deletedUsers.push(deletedUser);\n }\n\n await removeFromEEDisabledUsersList(ids);\n\n strapi.eventHub.emit('user.delete', {\n users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),\n });\n\n return deletedUsers;\n};\n\nconst sanitizeUserRoles = (role: unknown) => _.pick(role, ['id', 'name', 'description', 'code']);\n\n/**\n * Check if a user is the last super admin\n * @param {int|string} userId user's id to look for\n */\nconst isLastSuperAdminUser = async (userId: unknown) => {\n const user = (await findOne(userId)) as any;\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n\n return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);\n};\n\n/**\n * Remove private user fields\n * @param {Object} user - user to sanitize\n */\nconst sanitizeUser = (user: any) => {\n return {\n ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),\n roles: user.roles && user.roles.map(sanitizeUserRoles),\n };\n};\n\n/**\n * Find one user\n */\nconst findOne = async (id: any, populate = ['roles']) => {\n return strapi.db.query('admin::user').findOne({ where: { id }, populate });\n};\n\nconst getCurrentActiveUserCount = async () => {\n return strapi.db.query('admin::user').count({ where: { isActive: true } });\n};\n\nexport default {\n updateEEDisabledUsersList,\n removeFromEEDisabledUsersList,\n getCurrentActiveUserCount,\n deleteByIds,\n deleteById,\n updateById,\n};\n"],"names":["ValidationError","errors","SUPER_ADMIN_CODE","constants","updateEEDisabledUsersList","id","input","disabledUsers","getService","getDisabledUserList","user","find","Number","isActive","newDisabledUsersList","filter","strapi","store","set","type","key","value","castNumberArray","pipe","castArray","map","toNumber","removeFromEEDisabledUsersList","ids","idsToCheck","includes","updateById","attributes","_","has","lastAdminUser","isLastSuperAdminUser","superAdminRole","getSuperAdminWithUsersCount","willRemoveSuperAdminRole","arrays","includesString","roles","hashedPassword","hashPassword","password","updatedUser","db","query","update","where","data","populate","eventHub","emit","sanitizeUser","deleteById","userToDelete","findOne","some","r","code","usersCount","deletedUser","delete","deleteByIds","nbOfSuperAdminToDelete","count","deletedUsers","push","users","sanitizeUserRoles","role","pick","userId","hasSuperAdminRole","omit","getCurrentActiveUserCount"],"mappings":";;;;;;;;;AAOA,MAAM,EAAEA,eAAe,EAAE,GAAGC,YAAAA;AAC5B,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAE7B;;;IAIA,MAAMC,yBAA4B,GAAA,OAAOC,EAAYC,EAAAA,KAAAA,GAAAA;AACnD,IAAA,MAAMC,aAAgB,GAAA,MAAMC,gBAAW,CAAA,kBAAA,CAAA,CAAoBC,mBAAmB,EAAA;AAE9E,IAAA,IAAI,CAACF,aAAe,EAAA;AAClB,QAAA;AACF;IAEA,MAAMG,IAAAA,GAAOH,cAAcI,IAAI,CAAC,CAACD,IAAcA,GAAAA,IAAAA,CAAKL,EAAE,KAAKO,MAAOP,CAAAA,EAAAA,CAAAA,CAAAA;AAClE,IAAA,IAAI,CAACK,IAAM,EAAA;AACT,QAAA;AACF;AAEA,IAAA,IAAIA,IAAKG,CAAAA,QAAQ,KAAKP,KAAAA,CAAMO,QAAQ,EAAE;QACpC,MAAMC,oBAAAA,GAAuBP,cAAcQ,MAAM,CAAC,CAACL,IAAcA,GAAAA,IAAAA,CAAKL,EAAE,KAAKO,MAAOP,CAAAA,EAAAA,CAAAA,CAAAA;AACpF,QAAA,MAAMW,MAAOC,CAAAA,KAAK,CAACC,GAAG,CAAC;YACrBC,IAAM,EAAA,IAAA;YACNC,GAAK,EAAA,gBAAA;YACLC,KAAOP,EAAAA;AACT,SAAA,CAAA;AACF;AACF,CAAA;AAEA,MAAMQ,eAAAA,GAAkBC,OAAKC,CAAAA,YAAAA,EAAWC,MAAIC,CAAAA,WAAAA,CAAAA,CAAAA;AAE5C,MAAMC,gCAAgC,OAAOC,GAAAA,GAAAA;IAC3C,IAAIC,UAAAA;IACJ,IAAI,OAAOD,QAAQ,QAAU,EAAA;AAC3BC,QAAAA,UAAAA,GAAaP,eAAgBM,CAAAA,GAAAA,CAAAA;KACxB,MAAA;QACLC,UAAa,GAAA;YAACjB,MAAOgB,CAAAA,GAAAA;AAAK,SAAA;AAC5B;AAEA,IAAA,MAAMrB,aAAgB,GAAA,MAAMC,gBAAW,CAAA,kBAAA,CAAA,CAAoBC,mBAAmB,EAAA;AAE9E,IAAA,IAAI,CAACF,aAAe,EAAA;AAClB,QAAA;AACF;IAEA,MAAMO,oBAAAA,GAAuBP,aAAcQ,CAAAA,MAAM,CAAC,CAACL,IAAc,GAAA,CAACmB,UAAWC,CAAAA,QAAQ,CAACpB,IAAAA,CAAKL,EAAE,CAAA,CAAA;AAC7F,IAAA,MAAMW,MAAOC,CAAAA,KAAK,CAACC,GAAG,CAAC;QACrBC,IAAM,EAAA,IAAA;QACNC,GAAK,EAAA,gBAAA;QACLC,KAAOP,EAAAA;AACT,KAAA,CAAA;AACF,CAAA;AAEA;;;;;IAMA,MAAMiB,UAAa,GAAA,OAAO1B,EAAS2B,EAAAA,UAAAA,GAAAA;;AAEjC,IAAA,IAAIC,CAAEC,CAAAA,GAAG,CAACF,UAAAA,EAAY,OAAU,CAAA,EAAA;QAC9B,MAAMG,aAAAA,GAAgB,MAAMC,oBAAqB/B,CAAAA,EAAAA,CAAAA;AACjD,QAAA,MAAMgC,cAAiB,GAAA,MAAM7B,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,2BAA2B,EAAA;QAC3E,MAAMC,wBAAAA,GAA2B,CAACC,YAAOC,CAAAA,cAAc,CAACT,UAAWU,CAAAA,KAAK,EAAEL,cAAAA,CAAehC,EAAE,CAAA;AAE3F,QAAA,IAAI8B,iBAAiBI,wBAA0B,EAAA;AAC7C,YAAA,MAAM,IAAIvC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;IAGA,IAAIgC,UAAAA,CAAWnB,QAAQ,KAAK,KAAO,EAAA;QACjC,MAAMsB,aAAAA,GAAgB,MAAMC,oBAAqB/B,CAAAA,EAAAA,CAAAA;AACjD,QAAA,IAAI8B,aAAe,EAAA;AACjB,YAAA,MAAM,IAAInC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;AAGA,IAAA,IAAIiC,CAAEC,CAAAA,GAAG,CAACF,UAAAA,EAAY,UAAa,CAAA,EAAA;AACjC,QAAA,MAAMW,iBAAiB,MAAMnC,gBAAAA,CAAW,QAAQoC,YAAY,CAACZ,WAAWa,QAAQ,CAAA;QAEhF,MAAMC,WAAAA,GAAc,MAAM9B,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeC,CAAAA,CAAAA,MAAM,CAAC;YAC9DC,KAAO,EAAA;AAAE7C,gBAAAA;AAAG,aAAA;YACZ8C,IAAM,EAAA;AACJ,gBAAA,GAAGnB,UAAU;gBACba,QAAUF,EAAAA;AACZ,aAAA;YACAS,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;AAEApC,QAAAA,MAAAA,CAAOqC,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE5C,YAAAA,IAAAA,EAAM6C,YAAaT,CAAAA,WAAAA;AAAa,SAAA,CAAA;QAEtE,OAAOA,WAAAA;AACT;IAEA,MAAMA,WAAAA,GAAc,MAAM9B,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeC,CAAAA,CAAAA,MAAM,CAAC;QAC9DC,KAAO,EAAA;AAAE7C,YAAAA;AAAG,SAAA;QACZ8C,IAAMnB,EAAAA,UAAAA;QACNoB,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,MAAMhD,0BAA0BC,EAAI2B,EAAAA,UAAAA,CAAAA;AAEpC,IAAA,IAAIc,WAAa,EAAA;AACf9B,QAAAA,MAAAA,CAAOqC,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE5C,YAAAA,IAAAA,EAAM6C,YAAaT,CAAAA,WAAAA;AAAa,SAAA,CAAA;AACxE;IAEA,OAAOA,WAAAA;AACT,CAAA;AAEA;;;IAIA,MAAMU,aAAa,OAAOnD,EAAAA,GAAAA;;IAExB,MAAMoD,YAAAA,GAAe,MAAMzC,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeU,CAAAA,CAAAA,OAAO,CAAC;QAChER,KAAO,EAAA;AAAE7C,YAAAA;AAAG,SAAA;QACZ+C,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,IAAI,CAACK,YAAc,EAAA;QACjB,OAAO,IAAA;AACT;AAEA,IAAA,IAAIA,YAAc,EAAA;QAChB,IAAIA,YAAAA,CAAaf,KAAK,CAACiB,IAAI,CAAC,CAACC,CAAWA,GAAAA,CAAAA,CAAEC,IAAI,KAAK3D,gBAAmB,CAAA,EAAA;AACpE,YAAA,MAAMmC,cAAiB,GAAA,MAAM7B,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,2BAA2B,EAAA;YAC3E,IAAID,cAAAA,CAAeyB,UAAU,KAAK,CAAG,EAAA;AACnC,gBAAA,MAAM,IAAI9D,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;AACF;IAEA,MAAM+D,WAAAA,GAAc,MAAM/C,MAAO+B,CAAAA,EAAE,CAChCC,KAAK,CAAC,aACNgB,CAAAA,CAAAA,MAAM,CAAC;QAAEd,KAAO,EAAA;AAAE7C,YAAAA;AAAG,SAAA;QAAG+C,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;AAE/C,IAAA,MAAMzB,6BAA8BtB,CAAAA,EAAAA,CAAAA;AAEpCW,IAAAA,MAAAA,CAAOqC,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE5C,QAAAA,IAAAA,EAAM6C,YAAaQ,CAAAA,WAAAA;AAAa,KAAA,CAAA;IAEtE,OAAOA,WAAAA;AACT,CAAA;AAEA;;;IAIA,MAAME,cAAc,OAAOrC,GAAAA,GAAAA;;AAEzB,IAAA,MAAMS,cAAiB,GAAA,MAAM7B,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,2BAA2B,EAAA;IAC3E,MAAM4B,sBAAAA,GAAyB,MAAMlD,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAemB,CAAAA,CAAAA,KAAK,CAAC;QACxEjB,KAAO,EAAA;YACL7C,EAAIuB,EAAAA,GAAAA;YACJc,KAAO,EAAA;AAAErC,gBAAAA,EAAAA,EAAIgC,eAAehC;AAAG;AACjC;AACF,KAAA,CAAA;IAEA,IAAIgC,cAAAA,CAAeyB,UAAU,KAAKI,sBAAwB,EAAA;AACxD,QAAA,MAAM,IAAIlE,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AAEA,IAAA,MAAMoE,eAAe,EAAE;IACvB,KAAK,MAAM/D,MAAMuB,GAAK,CAAA;QACpB,MAAMmC,WAAAA,GAAc,MAAM/C,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAegB,CAAAA,CAAAA,MAAM,CAAC;YAC9Dd,KAAO,EAAA;AAAE7C,gBAAAA;AAAG,aAAA;YACZ+C,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;AAEAgB,QAAAA,YAAAA,CAAaC,IAAI,CAACN,WAAAA,CAAAA;AACpB;AAEA,IAAA,MAAMpC,6BAA8BC,CAAAA,GAAAA,CAAAA;AAEpCZ,IAAAA,MAAAA,CAAOqC,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAClCgB,QAAAA,KAAAA,EAAOF,YAAa3C,CAAAA,GAAG,CAAC,CAACsC,cAAgBR,YAAaQ,CAAAA,WAAAA,CAAAA;AACxD,KAAA,CAAA;IAEA,OAAOK,YAAAA;AACT,CAAA;AAEA,MAAMG,oBAAoB,CAACC,IAAAA,GAAkBvC,CAAEwC,CAAAA,IAAI,CAACD,IAAM,EAAA;AAAC,QAAA,IAAA;AAAM,QAAA,MAAA;AAAQ,QAAA,aAAA;AAAe,QAAA;AAAO,KAAA,CAAA;AAE/F;;;IAIA,MAAMpC,uBAAuB,OAAOsC,MAAAA,GAAAA;IAClC,MAAMhE,IAAAA,GAAQ,MAAMgD,OAAQgB,CAAAA,MAAAA,CAAAA;AAC5B,IAAA,MAAMrC,cAAiB,GAAA,MAAM7B,gBAAW,CAAA,MAAA,CAAA,CAAQ8B,2BAA2B,EAAA;AAE3E,IAAA,OAAOD,cAAeyB,CAAAA,UAAU,KAAK,CAAA,IAAKa,wBAAkBjE,CAAAA,IAAAA,CAAAA;AAC9D,CAAA;AAEA;;;IAIA,MAAM6C,eAAe,CAAC7C,IAAAA,GAAAA;IACpB,OAAO;QACL,GAAGuB,CAAAA,CAAE2C,IAAI,CAAClE,IAAM,EAAA;AAAC,YAAA,UAAA;AAAY,YAAA,oBAAA;AAAsB,YAAA,mBAAA;AAAqB,YAAA;SAAQ,CAAC;AACjFgC,QAAAA,KAAAA,EAAOhC,KAAKgC,KAAK,IAAIhC,KAAKgC,KAAK,CAACjB,GAAG,CAAC8C,iBAAAA;AACtC,KAAA;AACF,CAAA;AAEA;;AAEC,IACD,MAAMb,OAAAA,GAAU,OAAOrD,EAAAA,EAAS+C,QAAW,GAAA;AAAC,IAAA;AAAQ,CAAA,GAAA;AAClD,IAAA,OAAOpC,OAAO+B,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeU,OAAO,CAAC;QAAER,KAAO,EAAA;AAAE7C,YAAAA;AAAG,SAAA;AAAG+C,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA,MAAMyB,yBAA4B,GAAA,UAAA;AAChC,IAAA,OAAO7D,OAAO+B,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAemB,KAAK,CAAC;QAAEjB,KAAO,EAAA;YAAErC,QAAU,EAAA;AAAK;AAAE,KAAA,CAAA;AAC1E,CAAA;AAEA,WAAe;AACbT,IAAAA,yBAAAA;AACAuB,IAAAA,6BAAAA;AACAkD,IAAAA,yBAAAA;AACAZ,IAAAA,WAAAA;AACAT,IAAAA,UAAAA;AACAzB,IAAAA;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"user.js","sources":["../../../../../../ee/server/src/services/user.ts"],"sourcesContent":["import _ from 'lodash';\nimport { pipe, map, castArray, toNumber } from 'lodash/fp';\nimport { arrays, errors } from '@strapi/utils';\nimport { hasSuperAdminRole } from '../../../../server/src/domain/user';\nimport constants from '../../../../server/src/services/constants';\nimport { getService } from '../utils';\n\nconst { ValidationError } = errors;\nconst { SUPER_ADMIN_CODE } = constants;\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\n/** Checks if ee disabled users list needs to be updated\n * @param {string} id\n * @param {object} input\n */\nconst updateEEDisabledUsersList = async (id: string, input: any) => {\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const user = disabledUsers.find((user: any) => user.id === Number(id));\n if (!user) {\n return;\n }\n\n if (user.isActive !== input.isActive) {\n const newDisabledUsersList = disabledUsers.filter((user: any) => user.id !== Number(id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n }\n};\n\nconst castNumberArray = pipe(castArray, map(toNumber));\n\nconst removeFromEEDisabledUsersList = async (ids: unknown) => {\n let idsToCheck: any;\n if (typeof ids === 'object') {\n idsToCheck = castNumberArray(ids);\n } else {\n idsToCheck = [Number(ids)];\n }\n\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const newDisabledUsersList = disabledUsers.filter((user: any) => !idsToCheck.includes(user.id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n};\n\n/**\n * Update a user in database\n * @param id query params to find the user to update\n * @param attributes A partial user object\n * @returns {Promise<user>}\n */\nconst updateById = async (id: any, attributes: any) => {\n // Check at least one super admin remains\n if (_.has(attributes, 'roles')) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles, superAdminRole.id);\n\n if (lastAdminUser && willRemoveSuperAdminRole) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // cannot disable last super admin\n if (attributes.isActive === false) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n if (lastAdminUser) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // hash password if a new one is sent\n if (_.has(attributes, 'password')) {\n const hashedPassword = await getService('auth').hashPassword(attributes.password);\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: {\n ...attributes,\n password: hashedPassword,\n },\n populate: ['roles'],\n });\n\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n\n return updatedUser;\n }\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: attributes,\n populate: ['roles'],\n });\n\n await updateEEDisabledUsersList(id, attributes);\n\n if (updatedUser) {\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n }\n\n return updatedUser;\n};\n\n/** Delete a user\n * @param id id of the user to delete\n * @returns {Promise<user>}\n */\nconst deleteById = async (id: unknown) => {\n // Check at least one super admin remains\n const userToDelete = await strapi.db.query('admin::user').findOne({\n where: { id },\n populate: ['roles'],\n });\n\n if (!userToDelete) {\n return null;\n }\n\n if (userToDelete) {\n if (userToDelete.roles.some((r: any) => r.code === SUPER_ADMIN_CODE)) {\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n if (superAdminRole.usersCount === 1) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n }\n\n const deletedUser = await strapi.db\n .query('admin::user')\n .delete({ where: { id }, populate: ['roles'] });\n\n // Invalidate all sessions for the deleted user\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(id));\n }\n\n await removeFromEEDisabledUsersList(id);\n\n strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });\n\n return deletedUser;\n};\n\n/** Delete a user\n * @param ids ids of the users to delete\n * @returns {Promise<user>}\n */\nconst deleteByIds = async (ids: any) => {\n // Check at least one super admin remains\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const nbOfSuperAdminToDelete = await strapi.db.query('admin::user').count({\n where: {\n id: ids,\n roles: { id: superAdminRole.id },\n },\n });\n\n if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n\n const deletedUsers = [];\n for (const id of ids) {\n const deletedUser = await strapi.db.query('admin::user').delete({\n where: { id },\n populate: ['roles'],\n });\n\n // Invalidate all sessions for the deleted user\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(id));\n }\n\n deletedUsers.push(deletedUser);\n }\n\n await removeFromEEDisabledUsersList(ids);\n\n strapi.eventHub.emit('user.delete', {\n users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),\n });\n\n return deletedUsers;\n};\n\nconst sanitizeUserRoles = (role: unknown) => _.pick(role, ['id', 'name', 'description', 'code']);\n\n/**\n * Check if a user is the last super admin\n * @param {int|string} userId user's id to look for\n */\nconst isLastSuperAdminUser = async (userId: unknown) => {\n const user = (await findOne(userId)) as any;\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n\n return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);\n};\n\n/**\n * Remove private user fields\n * @param {Object} user - user to sanitize\n */\nconst sanitizeUser = (user: any) => {\n return {\n ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),\n roles: user.roles && user.roles.map(sanitizeUserRoles),\n };\n};\n\n/**\n * Find one user\n */\nconst findOne = async (id: any, populate = ['roles']) => {\n return strapi.db.query('admin::user').findOne({ where: { id }, populate });\n};\n\nconst getCurrentActiveUserCount = async () => {\n return strapi.db.query('admin::user').count({ where: { isActive: true } });\n};\n\nexport default {\n updateEEDisabledUsersList,\n removeFromEEDisabledUsersList,\n getCurrentActiveUserCount,\n deleteByIds,\n deleteById,\n updateById,\n};\n"],"names":["ValidationError","errors","SUPER_ADMIN_CODE","constants","getSessionManager","manager","strapi","sessionManager","updateEEDisabledUsersList","id","input","disabledUsers","getService","getDisabledUserList","user","find","Number","isActive","newDisabledUsersList","filter","store","set","type","key","value","castNumberArray","pipe","castArray","map","toNumber","removeFromEEDisabledUsersList","ids","idsToCheck","includes","updateById","attributes","_","has","lastAdminUser","isLastSuperAdminUser","superAdminRole","getSuperAdminWithUsersCount","willRemoveSuperAdminRole","arrays","includesString","roles","hashedPassword","hashPassword","password","updatedUser","db","query","update","where","data","populate","eventHub","emit","sanitizeUser","deleteById","userToDelete","findOne","some","r","code","usersCount","deletedUser","delete","hasOrigin","invalidateRefreshToken","String","deleteByIds","nbOfSuperAdminToDelete","count","deletedUsers","push","users","sanitizeUserRoles","role","pick","userId","hasSuperAdminRole","omit","getCurrentActiveUserCount"],"mappings":";;;;;;;;;AAOA,MAAM,EAAEA,eAAe,EAAE,GAAGC,YAAAA;AAC5B,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAE7B,MAAMC,iBAAoB,GAAA,IAAA;IACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,IAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,CAAA;AAEA;;;IAIA,MAAMG,yBAA4B,GAAA,OAAOC,EAAYC,EAAAA,KAAAA,GAAAA;AACnD,IAAA,MAAMC,aAAgB,GAAA,MAAMC,gBAAW,CAAA,kBAAA,CAAA,CAAoBC,mBAAmB,EAAA;AAE9E,IAAA,IAAI,CAACF,aAAe,EAAA;AAClB,QAAA;AACF;IAEA,MAAMG,IAAAA,GAAOH,cAAcI,IAAI,CAAC,CAACD,IAAcA,GAAAA,IAAAA,CAAKL,EAAE,KAAKO,MAAOP,CAAAA,EAAAA,CAAAA,CAAAA;AAClE,IAAA,IAAI,CAACK,IAAM,EAAA;AACT,QAAA;AACF;AAEA,IAAA,IAAIA,IAAKG,CAAAA,QAAQ,KAAKP,KAAAA,CAAMO,QAAQ,EAAE;QACpC,MAAMC,oBAAAA,GAAuBP,cAAcQ,MAAM,CAAC,CAACL,IAAcA,GAAAA,IAAAA,CAAKL,EAAE,KAAKO,MAAOP,CAAAA,EAAAA,CAAAA,CAAAA;AACpF,QAAA,MAAMH,MAAOc,CAAAA,KAAK,CAACC,GAAG,CAAC;YACrBC,IAAM,EAAA,IAAA;YACNC,GAAK,EAAA,gBAAA;YACLC,KAAON,EAAAA;AACT,SAAA,CAAA;AACF;AACF,CAAA;AAEA,MAAMO,eAAAA,GAAkBC,OAAKC,CAAAA,YAAAA,EAAWC,MAAIC,CAAAA,WAAAA,CAAAA,CAAAA;AAE5C,MAAMC,gCAAgC,OAAOC,GAAAA,GAAAA;IAC3C,IAAIC,UAAAA;IACJ,IAAI,OAAOD,QAAQ,QAAU,EAAA;AAC3BC,QAAAA,UAAAA,GAAaP,eAAgBM,CAAAA,GAAAA,CAAAA;KACxB,MAAA;QACLC,UAAa,GAAA;YAAChB,MAAOe,CAAAA,GAAAA;AAAK,SAAA;AAC5B;AAEA,IAAA,MAAMpB,aAAgB,GAAA,MAAMC,gBAAW,CAAA,kBAAA,CAAA,CAAoBC,mBAAmB,EAAA;AAE9E,IAAA,IAAI,CAACF,aAAe,EAAA;AAClB,QAAA;AACF;IAEA,MAAMO,oBAAAA,GAAuBP,aAAcQ,CAAAA,MAAM,CAAC,CAACL,IAAc,GAAA,CAACkB,UAAWC,CAAAA,QAAQ,CAACnB,IAAAA,CAAKL,EAAE,CAAA,CAAA;AAC7F,IAAA,MAAMH,MAAOc,CAAAA,KAAK,CAACC,GAAG,CAAC;QACrBC,IAAM,EAAA,IAAA;QACNC,GAAK,EAAA,gBAAA;QACLC,KAAON,EAAAA;AACT,KAAA,CAAA;AACF,CAAA;AAEA;;;;;IAMA,MAAMgB,UAAa,GAAA,OAAOzB,EAAS0B,EAAAA,UAAAA,GAAAA;;AAEjC,IAAA,IAAIC,CAAEC,CAAAA,GAAG,CAACF,UAAAA,EAAY,OAAU,CAAA,EAAA;QAC9B,MAAMG,aAAAA,GAAgB,MAAMC,oBAAqB9B,CAAAA,EAAAA,CAAAA;AACjD,QAAA,MAAM+B,cAAiB,GAAA,MAAM5B,gBAAW,CAAA,MAAA,CAAA,CAAQ6B,2BAA2B,EAAA;QAC3E,MAAMC,wBAAAA,GAA2B,CAACC,YAAOC,CAAAA,cAAc,CAACT,UAAWU,CAAAA,KAAK,EAAEL,cAAAA,CAAe/B,EAAE,CAAA;AAE3F,QAAA,IAAI6B,iBAAiBI,wBAA0B,EAAA;AAC7C,YAAA,MAAM,IAAI1C,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;IAGA,IAAImC,UAAAA,CAAWlB,QAAQ,KAAK,KAAO,EAAA;QACjC,MAAMqB,aAAAA,GAAgB,MAAMC,oBAAqB9B,CAAAA,EAAAA,CAAAA;AACjD,QAAA,IAAI6B,aAAe,EAAA;AACjB,YAAA,MAAM,IAAItC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;AAGA,IAAA,IAAIoC,CAAEC,CAAAA,GAAG,CAACF,UAAAA,EAAY,UAAa,CAAA,EAAA;AACjC,QAAA,MAAMW,iBAAiB,MAAMlC,gBAAAA,CAAW,QAAQmC,YAAY,CAACZ,WAAWa,QAAQ,CAAA;QAEhF,MAAMC,WAAAA,GAAc,MAAM3C,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeC,CAAAA,CAAAA,MAAM,CAAC;YAC9DC,KAAO,EAAA;AAAE5C,gBAAAA;AAAG,aAAA;YACZ6C,IAAM,EAAA;AACJ,gBAAA,GAAGnB,UAAU;gBACba,QAAUF,EAAAA;AACZ,aAAA;YACAS,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;AAEAjD,QAAAA,MAAAA,CAAOkD,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE3C,YAAAA,IAAAA,EAAM4C,YAAaT,CAAAA,WAAAA;AAAa,SAAA,CAAA;QAEtE,OAAOA,WAAAA;AACT;IAEA,MAAMA,WAAAA,GAAc,MAAM3C,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeC,CAAAA,CAAAA,MAAM,CAAC;QAC9DC,KAAO,EAAA;AAAE5C,YAAAA;AAAG,SAAA;QACZ6C,IAAMnB,EAAAA,UAAAA;QACNoB,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,MAAM/C,0BAA0BC,EAAI0B,EAAAA,UAAAA,CAAAA;AAEpC,IAAA,IAAIc,WAAa,EAAA;AACf3C,QAAAA,MAAAA,CAAOkD,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE3C,YAAAA,IAAAA,EAAM4C,YAAaT,CAAAA,WAAAA;AAAa,SAAA,CAAA;AACxE;IAEA,OAAOA,WAAAA;AACT,CAAA;AAEA;;;IAIA,MAAMU,aAAa,OAAOlD,EAAAA,GAAAA;;IAExB,MAAMmD,YAAAA,GAAe,MAAMtD,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeU,CAAAA,CAAAA,OAAO,CAAC;QAChER,KAAO,EAAA;AAAE5C,YAAAA;AAAG,SAAA;QACZ8C,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,IAAI,CAACK,YAAc,EAAA;QACjB,OAAO,IAAA;AACT;AAEA,IAAA,IAAIA,YAAc,EAAA;QAChB,IAAIA,YAAAA,CAAaf,KAAK,CAACiB,IAAI,CAAC,CAACC,CAAWA,GAAAA,CAAAA,CAAEC,IAAI,KAAK9D,gBAAmB,CAAA,EAAA;AACpE,YAAA,MAAMsC,cAAiB,GAAA,MAAM5B,gBAAW,CAAA,MAAA,CAAA,CAAQ6B,2BAA2B,EAAA;YAC3E,IAAID,cAAAA,CAAeyB,UAAU,KAAK,CAAG,EAAA;AACnC,gBAAA,MAAM,IAAIjE,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;AACF;IAEA,MAAMkE,WAAAA,GAAc,MAAM5D,MAAO4C,CAAAA,EAAE,CAChCC,KAAK,CAAC,aACNgB,CAAAA,CAAAA,MAAM,CAAC;QAAEd,KAAO,EAAA;AAAE5C,YAAAA;AAAG,SAAA;QAAG8C,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;;AAG/C,IAAA,MAAMhD,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,IAAA,IAAIG,cAAkBA,IAAAA,cAAAA,CAAe6D,SAAS,CAAC,OAAU,CAAA,EAAA;AACvD,QAAA,MAAM7D,cAAe,CAAA,OAAA,CAAA,CAAS8D,sBAAsB,CAACC,MAAO7D,CAAAA,EAAAA,CAAAA,CAAAA;AAC9D;AAEA,IAAA,MAAMqB,6BAA8BrB,CAAAA,EAAAA,CAAAA;AAEpCH,IAAAA,MAAAA,CAAOkD,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE3C,QAAAA,IAAAA,EAAM4C,YAAaQ,CAAAA,WAAAA;AAAa,KAAA,CAAA;IAEtE,OAAOA,WAAAA;AACT,CAAA;AAEA;;;IAIA,MAAMK,cAAc,OAAOxC,GAAAA,GAAAA;;AAEzB,IAAA,MAAMS,cAAiB,GAAA,MAAM5B,gBAAW,CAAA,MAAA,CAAA,CAAQ6B,2BAA2B,EAAA;IAC3E,MAAM+B,sBAAAA,GAAyB,MAAMlE,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAesB,CAAAA,CAAAA,KAAK,CAAC;QACxEpB,KAAO,EAAA;YACL5C,EAAIsB,EAAAA,GAAAA;YACJc,KAAO,EAAA;AAAEpC,gBAAAA,EAAAA,EAAI+B,eAAe/B;AAAG;AACjC;AACF,KAAA,CAAA;IAEA,IAAI+B,cAAAA,CAAeyB,UAAU,KAAKO,sBAAwB,EAAA;AACxD,QAAA,MAAM,IAAIxE,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AAEA,IAAA,MAAM0E,eAAe,EAAE;IACvB,KAAK,MAAMjE,MAAMsB,GAAK,CAAA;QACpB,MAAMmC,WAAAA,GAAc,MAAM5D,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAegB,CAAAA,CAAAA,MAAM,CAAC;YAC9Dd,KAAO,EAAA;AAAE5C,gBAAAA;AAAG,aAAA;YACZ8C,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;;AAGA,QAAA,MAAMhD,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAIG,cAAkBA,IAAAA,cAAAA,CAAe6D,SAAS,CAAC,OAAU,CAAA,EAAA;AACvD,YAAA,MAAM7D,cAAe,CAAA,OAAA,CAAA,CAAS8D,sBAAsB,CAACC,MAAO7D,CAAAA,EAAAA,CAAAA,CAAAA;AAC9D;AAEAiE,QAAAA,YAAAA,CAAaC,IAAI,CAACT,WAAAA,CAAAA;AACpB;AAEA,IAAA,MAAMpC,6BAA8BC,CAAAA,GAAAA,CAAAA;AAEpCzB,IAAAA,MAAAA,CAAOkD,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAClCmB,QAAAA,KAAAA,EAAOF,YAAa9C,CAAAA,GAAG,CAAC,CAACsC,cAAgBR,YAAaQ,CAAAA,WAAAA,CAAAA;AACxD,KAAA,CAAA;IAEA,OAAOQ,YAAAA;AACT,CAAA;AAEA,MAAMG,oBAAoB,CAACC,IAAAA,GAAkB1C,CAAE2C,CAAAA,IAAI,CAACD,IAAM,EAAA;AAAC,QAAA,IAAA;AAAM,QAAA,MAAA;AAAQ,QAAA,aAAA;AAAe,QAAA;AAAO,KAAA,CAAA;AAE/F;;;IAIA,MAAMvC,uBAAuB,OAAOyC,MAAAA,GAAAA;IAClC,MAAMlE,IAAAA,GAAQ,MAAM+C,OAAQmB,CAAAA,MAAAA,CAAAA;AAC5B,IAAA,MAAMxC,cAAiB,GAAA,MAAM5B,gBAAW,CAAA,MAAA,CAAA,CAAQ6B,2BAA2B,EAAA;AAE3E,IAAA,OAAOD,cAAeyB,CAAAA,UAAU,KAAK,CAAA,IAAKgB,wBAAkBnE,CAAAA,IAAAA,CAAAA;AAC9D,CAAA;AAEA;;;IAIA,MAAM4C,eAAe,CAAC5C,IAAAA,GAAAA;IACpB,OAAO;QACL,GAAGsB,CAAAA,CAAE8C,IAAI,CAACpE,IAAM,EAAA;AAAC,YAAA,UAAA;AAAY,YAAA,oBAAA;AAAsB,YAAA,mBAAA;AAAqB,YAAA;SAAQ,CAAC;AACjF+B,QAAAA,KAAAA,EAAO/B,KAAK+B,KAAK,IAAI/B,KAAK+B,KAAK,CAACjB,GAAG,CAACiD,iBAAAA;AACtC,KAAA;AACF,CAAA;AAEA;;AAEC,IACD,MAAMhB,OAAAA,GAAU,OAAOpD,EAAAA,EAAS8C,QAAW,GAAA;AAAC,IAAA;AAAQ,CAAA,GAAA;AAClD,IAAA,OAAOjD,OAAO4C,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeU,OAAO,CAAC;QAAER,KAAO,EAAA;AAAE5C,YAAAA;AAAG,SAAA;AAAG8C,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA,MAAM4B,yBAA4B,GAAA,UAAA;AAChC,IAAA,OAAO7E,OAAO4C,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEpB,KAAO,EAAA;YAAEpC,QAAU,EAAA;AAAK;AAAE,KAAA,CAAA;AAC1E,CAAA;AAEA,WAAe;AACbT,IAAAA,yBAAAA;AACAsB,IAAAA,6BAAAA;AACAqD,IAAAA,yBAAAA;AACAZ,IAAAA,WAAAA;AACAZ,IAAAA,UAAAA;AACAzB,IAAAA;AACF,CAAE;;;;"}
package/dist/server/ee/server/src/services/user.mjs CHANGED
@@ -7,6 +7,10 @@ import { getService } from '../utils/index.mjs';
7
7
 
8
8
  const { ValidationError } = errors;
9
9
  const { SUPER_ADMIN_CODE } = constants;
10
+ const getSessionManager = ()=>{
11
+ const manager = strapi.sessionManager;
12
+ return manager ?? null;
13
+ };
10
14
  /** Checks if ee disabled users list needs to be updated
11
15
  * @param {string} id
12
16
  * @param {object} input
@@ -140,6 +144,11 @@ const removeFromEEDisabledUsersList = async (ids)=>{
140
144
  'roles'
141
145
  ]
142
146
  });
147
+ // Invalidate all sessions for the deleted user
148
+ const sessionManager = getSessionManager();
149
+ if (sessionManager && sessionManager.hasOrigin('admin')) {
150
+ await sessionManager('admin').invalidateRefreshToken(String(id));
151
+ }
143
152
  await removeFromEEDisabledUsersList(id);
144
153
  strapi.eventHub.emit('user.delete', {
145
154
  user: sanitizeUser(deletedUser)
@@ -173,6 +182,11 @@ const removeFromEEDisabledUsersList = async (ids)=>{
173
182
  'roles'
174
183
  ]
175
184
  });
185
+ // Invalidate all sessions for the deleted user
186
+ const sessionManager = getSessionManager();
187
+ if (sessionManager && sessionManager.hasOrigin('admin')) {
188
+ await sessionManager('admin').invalidateRefreshToken(String(id));
189
+ }
176
190
  deletedUsers.push(deletedUser);
177
191
  }
178
192
  await removeFromEEDisabledUsersList(ids);
package/dist/server/ee/server/src/services/user.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.mjs","sources":["../../../../../../ee/server/src/services/user.ts"],"sourcesContent":["import _ from 'lodash';\nimport { pipe, map, castArray, toNumber } from 'lodash/fp';\nimport { arrays, errors } from '@strapi/utils';\nimport { hasSuperAdminRole } from '../../../../server/src/domain/user';\nimport constants from '../../../../server/src/services/constants';\nimport { getService } from '../utils';\n\nconst { ValidationError } = errors;\nconst { SUPER_ADMIN_CODE } = constants;\n\n/** Checks if ee disabled users list needs to be updated\n * @param {string} id\n * @param {object} input\n */\nconst updateEEDisabledUsersList = async (id: string, input: any) => {\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const user = disabledUsers.find((user: any) => user.id === Number(id));\n if (!user) {\n return;\n }\n\n if (user.isActive !== input.isActive) {\n const newDisabledUsersList = disabledUsers.filter((user: any) => user.id !== Number(id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n }\n};\n\nconst castNumberArray = pipe(castArray, map(toNumber));\n\nconst removeFromEEDisabledUsersList = async (ids: unknown) => {\n let idsToCheck: any;\n if (typeof ids === 'object') {\n idsToCheck = castNumberArray(ids);\n } else {\n idsToCheck = [Number(ids)];\n }\n\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const newDisabledUsersList = disabledUsers.filter((user: any) => !idsToCheck.includes(user.id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n};\n\n/**\n * Update a user in database\n * @param id query params to find the user to update\n * @param attributes A partial user object\n * @returns {Promise<user>}\n */\nconst updateById = async (id: any, attributes: any) => {\n // Check at least one super admin remains\n if (_.has(attributes, 'roles')) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles, superAdminRole.id);\n\n if (lastAdminUser && willRemoveSuperAdminRole) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // cannot disable last super admin\n if (attributes.isActive === false) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n if (lastAdminUser) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // hash password if a new one is sent\n if (_.has(attributes, 'password')) {\n const hashedPassword = await getService('auth').hashPassword(attributes.password);\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: {\n ...attributes,\n password: hashedPassword,\n },\n populate: ['roles'],\n });\n\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n\n return updatedUser;\n }\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: attributes,\n populate: ['roles'],\n });\n\n await updateEEDisabledUsersList(id, attributes);\n\n if (updatedUser) {\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n }\n\n return updatedUser;\n};\n\n/** Delete a user\n * @param id id of the user to delete\n * @returns {Promise<user>}\n */\nconst deleteById = async (id: unknown) => {\n // Check at least one super admin remains\n const userToDelete = await strapi.db.query('admin::user').findOne({\n where: { id },\n populate: ['roles'],\n });\n\n if (!userToDelete) {\n return null;\n }\n\n if (userToDelete) {\n if (userToDelete.roles.some((r: any) => r.code === SUPER_ADMIN_CODE)) {\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n if (superAdminRole.usersCount === 1) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n }\n\n const deletedUser = await strapi.db\n .query('admin::user')\n .delete({ where: { id }, populate: ['roles'] });\n\n await removeFromEEDisabledUsersList(id);\n\n strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });\n\n return deletedUser;\n};\n\n/** Delete a user\n * @param ids ids of the users to delete\n * @returns {Promise<user>}\n */\nconst deleteByIds = async (ids: any) => {\n // Check at least one super admin remains\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const nbOfSuperAdminToDelete = await strapi.db.query('admin::user').count({\n where: {\n id: ids,\n roles: { id: superAdminRole.id },\n },\n });\n\n if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n\n const deletedUsers = [];\n for (const id of ids) {\n const deletedUser = await strapi.db.query('admin::user').delete({\n where: { id },\n populate: ['roles'],\n });\n\n deletedUsers.push(deletedUser);\n }\n\n await removeFromEEDisabledUsersList(ids);\n\n strapi.eventHub.emit('user.delete', {\n users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),\n });\n\n return deletedUsers;\n};\n\nconst sanitizeUserRoles = (role: unknown) => _.pick(role, ['id', 'name', 'description', 'code']);\n\n/**\n * Check if a user is the last super admin\n * @param {int|string} userId user's id to look for\n */\nconst isLastSuperAdminUser = async (userId: unknown) => {\n const user = (await findOne(userId)) as any;\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n\n return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);\n};\n\n/**\n * Remove private user fields\n * @param {Object} user - user to sanitize\n */\nconst sanitizeUser = (user: any) => {\n return {\n ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),\n roles: user.roles && user.roles.map(sanitizeUserRoles),\n };\n};\n\n/**\n * Find one user\n */\nconst findOne = async (id: any, populate = ['roles']) => {\n return strapi.db.query('admin::user').findOne({ where: { id }, populate });\n};\n\nconst getCurrentActiveUserCount = async () => {\n return strapi.db.query('admin::user').count({ where: { isActive: true } });\n};\n\nexport default {\n updateEEDisabledUsersList,\n removeFromEEDisabledUsersList,\n getCurrentActiveUserCount,\n deleteByIds,\n deleteById,\n updateById,\n};\n"],"names":["ValidationError","errors","SUPER_ADMIN_CODE","constants","updateEEDisabledUsersList","id","input","disabledUsers","getService","getDisabledUserList","user","find","Number","isActive","newDisabledUsersList","filter","strapi","store","set","type","key","value","castNumberArray","pipe","castArray","map","toNumber","removeFromEEDisabledUsersList","ids","idsToCheck","includes","updateById","attributes","_","has","lastAdminUser","isLastSuperAdminUser","superAdminRole","getSuperAdminWithUsersCount","willRemoveSuperAdminRole","arrays","includesString","roles","hashedPassword","hashPassword","password","updatedUser","db","query","update","where","data","populate","eventHub","emit","sanitizeUser","deleteById","userToDelete","findOne","some","r","code","usersCount","deletedUser","delete","deleteByIds","nbOfSuperAdminToDelete","count","deletedUsers","push","users","sanitizeUserRoles","role","pick","userId","hasSuperAdminRole","omit","getCurrentActiveUserCount"],"mappings":";;;;;;;AAOA,MAAM,EAAEA,eAAe,EAAE,GAAGC,MAAAA;AAC5B,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAE7B;;;IAIA,MAAMC,yBAA4B,GAAA,OAAOC,EAAYC,EAAAA,KAAAA,GAAAA;AACnD,IAAA,MAAMC,aAAgB,GAAA,MAAMC,UAAW,CAAA,kBAAA,CAAA,CAAoBC,mBAAmB,EAAA;AAE9E,IAAA,IAAI,CAACF,aAAe,EAAA;AAClB,QAAA;AACF;IAEA,MAAMG,IAAAA,GAAOH,cAAcI,IAAI,CAAC,CAACD,IAAcA,GAAAA,IAAAA,CAAKL,EAAE,KAAKO,MAAOP,CAAAA,EAAAA,CAAAA,CAAAA;AAClE,IAAA,IAAI,CAACK,IAAM,EAAA;AACT,QAAA;AACF;AAEA,IAAA,IAAIA,IAAKG,CAAAA,QAAQ,KAAKP,KAAAA,CAAMO,QAAQ,EAAE;QACpC,MAAMC,oBAAAA,GAAuBP,cAAcQ,MAAM,CAAC,CAACL,IAAcA,GAAAA,IAAAA,CAAKL,EAAE,KAAKO,MAAOP,CAAAA,EAAAA,CAAAA,CAAAA;AACpF,QAAA,MAAMW,MAAOC,CAAAA,KAAK,CAACC,GAAG,CAAC;YACrBC,IAAM,EAAA,IAAA;YACNC,GAAK,EAAA,gBAAA;YACLC,KAAOP,EAAAA;AACT,SAAA,CAAA;AACF;AACF,CAAA;AAEA,MAAMQ,eAAAA,GAAkBC,IAAKC,CAAAA,SAAAA,EAAWC,GAAIC,CAAAA,QAAAA,CAAAA,CAAAA;AAE5C,MAAMC,gCAAgC,OAAOC,GAAAA,GAAAA;IAC3C,IAAIC,UAAAA;IACJ,IAAI,OAAOD,QAAQ,QAAU,EAAA;AAC3BC,QAAAA,UAAAA,GAAaP,eAAgBM,CAAAA,GAAAA,CAAAA;KACxB,MAAA;QACLC,UAAa,GAAA;YAACjB,MAAOgB,CAAAA,GAAAA;AAAK,SAAA;AAC5B;AAEA,IAAA,MAAMrB,aAAgB,GAAA,MAAMC,UAAW,CAAA,kBAAA,CAAA,CAAoBC,mBAAmB,EAAA;AAE9E,IAAA,IAAI,CAACF,aAAe,EAAA;AAClB,QAAA;AACF;IAEA,MAAMO,oBAAAA,GAAuBP,aAAcQ,CAAAA,MAAM,CAAC,CAACL,IAAc,GAAA,CAACmB,UAAWC,CAAAA,QAAQ,CAACpB,IAAAA,CAAKL,EAAE,CAAA,CAAA;AAC7F,IAAA,MAAMW,MAAOC,CAAAA,KAAK,CAACC,GAAG,CAAC;QACrBC,IAAM,EAAA,IAAA;QACNC,GAAK,EAAA,gBAAA;QACLC,KAAOP,EAAAA;AACT,KAAA,CAAA;AACF,CAAA;AAEA;;;;;IAMA,MAAMiB,UAAa,GAAA,OAAO1B,EAAS2B,EAAAA,UAAAA,GAAAA;;AAEjC,IAAA,IAAIC,UAAEC,CAAAA,GAAG,CAACF,UAAAA,EAAY,OAAU,CAAA,EAAA;QAC9B,MAAMG,aAAAA,GAAgB,MAAMC,oBAAqB/B,CAAAA,EAAAA,CAAAA;AACjD,QAAA,MAAMgC,cAAiB,GAAA,MAAM7B,UAAW,CAAA,MAAA,CAAA,CAAQ8B,2BAA2B,EAAA;QAC3E,MAAMC,wBAAAA,GAA2B,CAACC,MAAOC,CAAAA,cAAc,CAACT,UAAWU,CAAAA,KAAK,EAAEL,cAAAA,CAAehC,EAAE,CAAA;AAE3F,QAAA,IAAI8B,iBAAiBI,wBAA0B,EAAA;AAC7C,YAAA,MAAM,IAAIvC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;IAGA,IAAIgC,UAAAA,CAAWnB,QAAQ,KAAK,KAAO,EAAA;QACjC,MAAMsB,aAAAA,GAAgB,MAAMC,oBAAqB/B,CAAAA,EAAAA,CAAAA;AACjD,QAAA,IAAI8B,aAAe,EAAA;AACjB,YAAA,MAAM,IAAInC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;AAGA,IAAA,IAAIiC,UAAEC,CAAAA,GAAG,CAACF,UAAAA,EAAY,UAAa,CAAA,EAAA;AACjC,QAAA,MAAMW,iBAAiB,MAAMnC,UAAAA,CAAW,QAAQoC,YAAY,CAACZ,WAAWa,QAAQ,CAAA;QAEhF,MAAMC,WAAAA,GAAc,MAAM9B,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeC,CAAAA,CAAAA,MAAM,CAAC;YAC9DC,KAAO,EAAA;AAAE7C,gBAAAA;AAAG,aAAA;YACZ8C,IAAM,EAAA;AACJ,gBAAA,GAAGnB,UAAU;gBACba,QAAUF,EAAAA;AACZ,aAAA;YACAS,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;AAEApC,QAAAA,MAAAA,CAAOqC,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE5C,YAAAA,IAAAA,EAAM6C,YAAaT,CAAAA,WAAAA;AAAa,SAAA,CAAA;QAEtE,OAAOA,WAAAA;AACT;IAEA,MAAMA,WAAAA,GAAc,MAAM9B,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeC,CAAAA,CAAAA,MAAM,CAAC;QAC9DC,KAAO,EAAA;AAAE7C,YAAAA;AAAG,SAAA;QACZ8C,IAAMnB,EAAAA,UAAAA;QACNoB,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,MAAMhD,0BAA0BC,EAAI2B,EAAAA,UAAAA,CAAAA;AAEpC,IAAA,IAAIc,WAAa,EAAA;AACf9B,QAAAA,MAAAA,CAAOqC,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE5C,YAAAA,IAAAA,EAAM6C,YAAaT,CAAAA,WAAAA;AAAa,SAAA,CAAA;AACxE;IAEA,OAAOA,WAAAA;AACT,CAAA;AAEA;;;IAIA,MAAMU,aAAa,OAAOnD,EAAAA,GAAAA;;IAExB,MAAMoD,YAAAA,GAAe,MAAMzC,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeU,CAAAA,CAAAA,OAAO,CAAC;QAChER,KAAO,EAAA;AAAE7C,YAAAA;AAAG,SAAA;QACZ+C,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,IAAI,CAACK,YAAc,EAAA;QACjB,OAAO,IAAA;AACT;AAEA,IAAA,IAAIA,YAAc,EAAA;QAChB,IAAIA,YAAAA,CAAaf,KAAK,CAACiB,IAAI,CAAC,CAACC,CAAWA,GAAAA,CAAAA,CAAEC,IAAI,KAAK3D,gBAAmB,CAAA,EAAA;AACpE,YAAA,MAAMmC,cAAiB,GAAA,MAAM7B,UAAW,CAAA,MAAA,CAAA,CAAQ8B,2BAA2B,EAAA;YAC3E,IAAID,cAAAA,CAAeyB,UAAU,KAAK,CAAG,EAAA;AACnC,gBAAA,MAAM,IAAI9D,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;AACF;IAEA,MAAM+D,WAAAA,GAAc,MAAM/C,MAAO+B,CAAAA,EAAE,CAChCC,KAAK,CAAC,aACNgB,CAAAA,CAAAA,MAAM,CAAC;QAAEd,KAAO,EAAA;AAAE7C,YAAAA;AAAG,SAAA;QAAG+C,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;AAE/C,IAAA,MAAMzB,6BAA8BtB,CAAAA,EAAAA,CAAAA;AAEpCW,IAAAA,MAAAA,CAAOqC,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE5C,QAAAA,IAAAA,EAAM6C,YAAaQ,CAAAA,WAAAA;AAAa,KAAA,CAAA;IAEtE,OAAOA,WAAAA;AACT,CAAA;AAEA;;;IAIA,MAAME,cAAc,OAAOrC,GAAAA,GAAAA;;AAEzB,IAAA,MAAMS,cAAiB,GAAA,MAAM7B,UAAW,CAAA,MAAA,CAAA,CAAQ8B,2BAA2B,EAAA;IAC3E,MAAM4B,sBAAAA,GAAyB,MAAMlD,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAemB,CAAAA,CAAAA,KAAK,CAAC;QACxEjB,KAAO,EAAA;YACL7C,EAAIuB,EAAAA,GAAAA;YACJc,KAAO,EAAA;AAAErC,gBAAAA,EAAAA,EAAIgC,eAAehC;AAAG;AACjC;AACF,KAAA,CAAA;IAEA,IAAIgC,cAAAA,CAAeyB,UAAU,KAAKI,sBAAwB,EAAA;AACxD,QAAA,MAAM,IAAIlE,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AAEA,IAAA,MAAMoE,eAAe,EAAE;IACvB,KAAK,MAAM/D,MAAMuB,GAAK,CAAA;QACpB,MAAMmC,WAAAA,GAAc,MAAM/C,MAAO+B,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAegB,CAAAA,CAAAA,MAAM,CAAC;YAC9Dd,KAAO,EAAA;AAAE7C,gBAAAA;AAAG,aAAA;YACZ+C,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;AAEAgB,QAAAA,YAAAA,CAAaC,IAAI,CAACN,WAAAA,CAAAA;AACpB;AAEA,IAAA,MAAMpC,6BAA8BC,CAAAA,GAAAA,CAAAA;AAEpCZ,IAAAA,MAAAA,CAAOqC,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAClCgB,QAAAA,KAAAA,EAAOF,YAAa3C,CAAAA,GAAG,CAAC,CAACsC,cAAgBR,YAAaQ,CAAAA,WAAAA,CAAAA;AACxD,KAAA,CAAA;IAEA,OAAOK,YAAAA;AACT,CAAA;AAEA,MAAMG,oBAAoB,CAACC,IAAAA,GAAkBvC,UAAEwC,CAAAA,IAAI,CAACD,IAAM,EAAA;AAAC,QAAA,IAAA;AAAM,QAAA,MAAA;AAAQ,QAAA,aAAA;AAAe,QAAA;AAAO,KAAA,CAAA;AAE/F;;;IAIA,MAAMpC,uBAAuB,OAAOsC,MAAAA,GAAAA;IAClC,MAAMhE,IAAAA,GAAQ,MAAMgD,OAAQgB,CAAAA,MAAAA,CAAAA;AAC5B,IAAA,MAAMrC,cAAiB,GAAA,MAAM7B,UAAW,CAAA,MAAA,CAAA,CAAQ8B,2BAA2B,EAAA;AAE3E,IAAA,OAAOD,cAAeyB,CAAAA,UAAU,KAAK,CAAA,IAAKa,iBAAkBjE,CAAAA,IAAAA,CAAAA;AAC9D,CAAA;AAEA;;;IAIA,MAAM6C,eAAe,CAAC7C,IAAAA,GAAAA;IACpB,OAAO;QACL,GAAGuB,UAAAA,CAAE2C,IAAI,CAAClE,IAAM,EAAA;AAAC,YAAA,UAAA;AAAY,YAAA,oBAAA;AAAsB,YAAA,mBAAA;AAAqB,YAAA;SAAQ,CAAC;AACjFgC,QAAAA,KAAAA,EAAOhC,KAAKgC,KAAK,IAAIhC,KAAKgC,KAAK,CAACjB,GAAG,CAAC8C,iBAAAA;AACtC,KAAA;AACF,CAAA;AAEA;;AAEC,IACD,MAAMb,OAAAA,GAAU,OAAOrD,EAAAA,EAAS+C,QAAW,GAAA;AAAC,IAAA;AAAQ,CAAA,GAAA;AAClD,IAAA,OAAOpC,OAAO+B,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeU,OAAO,CAAC;QAAER,KAAO,EAAA;AAAE7C,YAAAA;AAAG,SAAA;AAAG+C,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA,MAAMyB,yBAA4B,GAAA,UAAA;AAChC,IAAA,OAAO7D,OAAO+B,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAemB,KAAK,CAAC;QAAEjB,KAAO,EAAA;YAAErC,QAAU,EAAA;AAAK;AAAE,KAAA,CAAA;AAC1E,CAAA;AAEA,WAAe;AACbT,IAAAA,yBAAAA;AACAuB,IAAAA,6BAAAA;AACAkD,IAAAA,yBAAAA;AACAZ,IAAAA,WAAAA;AACAT,IAAAA,UAAAA;AACAzB,IAAAA;AACF,CAAE;;;;"}
1
+ {"version":3,"file":"user.mjs","sources":["../../../../../../ee/server/src/services/user.ts"],"sourcesContent":["import _ from 'lodash';\nimport { pipe, map, castArray, toNumber } from 'lodash/fp';\nimport { arrays, errors } from '@strapi/utils';\nimport { hasSuperAdminRole } from '../../../../server/src/domain/user';\nimport constants from '../../../../server/src/services/constants';\nimport { getService } from '../utils';\n\nconst { ValidationError } = errors;\nconst { SUPER_ADMIN_CODE } = constants;\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\n/** Checks if ee disabled users list needs to be updated\n * @param {string} id\n * @param {object} input\n */\nconst updateEEDisabledUsersList = async (id: string, input: any) => {\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const user = disabledUsers.find((user: any) => user.id === Number(id));\n if (!user) {\n return;\n }\n\n if (user.isActive !== input.isActive) {\n const newDisabledUsersList = disabledUsers.filter((user: any) => user.id !== Number(id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n }\n};\n\nconst castNumberArray = pipe(castArray, map(toNumber));\n\nconst removeFromEEDisabledUsersList = async (ids: unknown) => {\n let idsToCheck: any;\n if (typeof ids === 'object') {\n idsToCheck = castNumberArray(ids);\n } else {\n idsToCheck = [Number(ids)];\n }\n\n const disabledUsers = await getService('seat-enforcement').getDisabledUserList();\n\n if (!disabledUsers) {\n return;\n }\n\n const newDisabledUsersList = disabledUsers.filter((user: any) => !idsToCheck.includes(user.id));\n await strapi.store.set({\n type: 'ee',\n key: 'disabled_users',\n value: newDisabledUsersList,\n });\n};\n\n/**\n * Update a user in database\n * @param id query params to find the user to update\n * @param attributes A partial user object\n * @returns {Promise<user>}\n */\nconst updateById = async (id: any, attributes: any) => {\n // Check at least one super admin remains\n if (_.has(attributes, 'roles')) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const willRemoveSuperAdminRole = !arrays.includesString(attributes.roles, superAdminRole.id);\n\n if (lastAdminUser && willRemoveSuperAdminRole) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // cannot disable last super admin\n if (attributes.isActive === false) {\n const lastAdminUser = await isLastSuperAdminUser(id);\n if (lastAdminUser) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n\n // hash password if a new one is sent\n if (_.has(attributes, 'password')) {\n const hashedPassword = await getService('auth').hashPassword(attributes.password);\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: {\n ...attributes,\n password: hashedPassword,\n },\n populate: ['roles'],\n });\n\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n\n return updatedUser;\n }\n\n const updatedUser = await strapi.db.query('admin::user').update({\n where: { id },\n data: attributes,\n populate: ['roles'],\n });\n\n await updateEEDisabledUsersList(id, attributes);\n\n if (updatedUser) {\n strapi.eventHub.emit('user.update', { user: sanitizeUser(updatedUser) });\n }\n\n return updatedUser;\n};\n\n/** Delete a user\n * @param id id of the user to delete\n * @returns {Promise<user>}\n */\nconst deleteById = async (id: unknown) => {\n // Check at least one super admin remains\n const userToDelete = await strapi.db.query('admin::user').findOne({\n where: { id },\n populate: ['roles'],\n });\n\n if (!userToDelete) {\n return null;\n }\n\n if (userToDelete) {\n if (userToDelete.roles.some((r: any) => r.code === SUPER_ADMIN_CODE)) {\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n if (superAdminRole.usersCount === 1) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n }\n }\n\n const deletedUser = await strapi.db\n .query('admin::user')\n .delete({ where: { id }, populate: ['roles'] });\n\n // Invalidate all sessions for the deleted user\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(id));\n }\n\n await removeFromEEDisabledUsersList(id);\n\n strapi.eventHub.emit('user.delete', { user: sanitizeUser(deletedUser) });\n\n return deletedUser;\n};\n\n/** Delete a user\n * @param ids ids of the users to delete\n * @returns {Promise<user>}\n */\nconst deleteByIds = async (ids: any) => {\n // Check at least one super admin remains\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n const nbOfSuperAdminToDelete = await strapi.db.query('admin::user').count({\n where: {\n id: ids,\n roles: { id: superAdminRole.id },\n },\n });\n\n if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {\n throw new ValidationError('You must have at least one user with super admin role.');\n }\n\n const deletedUsers = [];\n for (const id of ids) {\n const deletedUser = await strapi.db.query('admin::user').delete({\n where: { id },\n populate: ['roles'],\n });\n\n // Invalidate all sessions for the deleted user\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(id));\n }\n\n deletedUsers.push(deletedUser);\n }\n\n await removeFromEEDisabledUsersList(ids);\n\n strapi.eventHub.emit('user.delete', {\n users: deletedUsers.map((deletedUser) => sanitizeUser(deletedUser)),\n });\n\n return deletedUsers;\n};\n\nconst sanitizeUserRoles = (role: unknown) => _.pick(role, ['id', 'name', 'description', 'code']);\n\n/**\n * Check if a user is the last super admin\n * @param {int|string} userId user's id to look for\n */\nconst isLastSuperAdminUser = async (userId: unknown) => {\n const user = (await findOne(userId)) as any;\n const superAdminRole = await getService('role').getSuperAdminWithUsersCount();\n\n return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);\n};\n\n/**\n * Remove private user fields\n * @param {Object} user - user to sanitize\n */\nconst sanitizeUser = (user: any) => {\n return {\n ..._.omit(user, ['password', 'resetPasswordToken', 'registrationToken', 'roles']),\n roles: user.roles && user.roles.map(sanitizeUserRoles),\n };\n};\n\n/**\n * Find one user\n */\nconst findOne = async (id: any, populate = ['roles']) => {\n return strapi.db.query('admin::user').findOne({ where: { id }, populate });\n};\n\nconst getCurrentActiveUserCount = async () => {\n return strapi.db.query('admin::user').count({ where: { isActive: true } });\n};\n\nexport default {\n updateEEDisabledUsersList,\n removeFromEEDisabledUsersList,\n getCurrentActiveUserCount,\n deleteByIds,\n deleteById,\n updateById,\n};\n"],"names":["ValidationError","errors","SUPER_ADMIN_CODE","constants","getSessionManager","manager","strapi","sessionManager","updateEEDisabledUsersList","id","input","disabledUsers","getService","getDisabledUserList","user","find","Number","isActive","newDisabledUsersList","filter","store","set","type","key","value","castNumberArray","pipe","castArray","map","toNumber","removeFromEEDisabledUsersList","ids","idsToCheck","includes","updateById","attributes","_","has","lastAdminUser","isLastSuperAdminUser","superAdminRole","getSuperAdminWithUsersCount","willRemoveSuperAdminRole","arrays","includesString","roles","hashedPassword","hashPassword","password","updatedUser","db","query","update","where","data","populate","eventHub","emit","sanitizeUser","deleteById","userToDelete","findOne","some","r","code","usersCount","deletedUser","delete","hasOrigin","invalidateRefreshToken","String","deleteByIds","nbOfSuperAdminToDelete","count","deletedUsers","push","users","sanitizeUserRoles","role","pick","userId","hasSuperAdminRole","omit","getCurrentActiveUserCount"],"mappings":";;;;;;;AAOA,MAAM,EAAEA,eAAe,EAAE,GAAGC,MAAAA;AAC5B,MAAM,EAAEC,gBAAgB,EAAE,GAAGC,SAAAA;AAE7B,MAAMC,iBAAoB,GAAA,IAAA;IACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,IAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,CAAA;AAEA;;;IAIA,MAAMG,yBAA4B,GAAA,OAAOC,EAAYC,EAAAA,KAAAA,GAAAA;AACnD,IAAA,MAAMC,aAAgB,GAAA,MAAMC,UAAW,CAAA,kBAAA,CAAA,CAAoBC,mBAAmB,EAAA;AAE9E,IAAA,IAAI,CAACF,aAAe,EAAA;AAClB,QAAA;AACF;IAEA,MAAMG,IAAAA,GAAOH,cAAcI,IAAI,CAAC,CAACD,IAAcA,GAAAA,IAAAA,CAAKL,EAAE,KAAKO,MAAOP,CAAAA,EAAAA,CAAAA,CAAAA;AAClE,IAAA,IAAI,CAACK,IAAM,EAAA;AACT,QAAA;AACF;AAEA,IAAA,IAAIA,IAAKG,CAAAA,QAAQ,KAAKP,KAAAA,CAAMO,QAAQ,EAAE;QACpC,MAAMC,oBAAAA,GAAuBP,cAAcQ,MAAM,CAAC,CAACL,IAAcA,GAAAA,IAAAA,CAAKL,EAAE,KAAKO,MAAOP,CAAAA,EAAAA,CAAAA,CAAAA;AACpF,QAAA,MAAMH,MAAOc,CAAAA,KAAK,CAACC,GAAG,CAAC;YACrBC,IAAM,EAAA,IAAA;YACNC,GAAK,EAAA,gBAAA;YACLC,KAAON,EAAAA;AACT,SAAA,CAAA;AACF;AACF,CAAA;AAEA,MAAMO,eAAAA,GAAkBC,IAAKC,CAAAA,SAAAA,EAAWC,GAAIC,CAAAA,QAAAA,CAAAA,CAAAA;AAE5C,MAAMC,gCAAgC,OAAOC,GAAAA,GAAAA;IAC3C,IAAIC,UAAAA;IACJ,IAAI,OAAOD,QAAQ,QAAU,EAAA;AAC3BC,QAAAA,UAAAA,GAAaP,eAAgBM,CAAAA,GAAAA,CAAAA;KACxB,MAAA;QACLC,UAAa,GAAA;YAAChB,MAAOe,CAAAA,GAAAA;AAAK,SAAA;AAC5B;AAEA,IAAA,MAAMpB,aAAgB,GAAA,MAAMC,UAAW,CAAA,kBAAA,CAAA,CAAoBC,mBAAmB,EAAA;AAE9E,IAAA,IAAI,CAACF,aAAe,EAAA;AAClB,QAAA;AACF;IAEA,MAAMO,oBAAAA,GAAuBP,aAAcQ,CAAAA,MAAM,CAAC,CAACL,IAAc,GAAA,CAACkB,UAAWC,CAAAA,QAAQ,CAACnB,IAAAA,CAAKL,EAAE,CAAA,CAAA;AAC7F,IAAA,MAAMH,MAAOc,CAAAA,KAAK,CAACC,GAAG,CAAC;QACrBC,IAAM,EAAA,IAAA;QACNC,GAAK,EAAA,gBAAA;QACLC,KAAON,EAAAA;AACT,KAAA,CAAA;AACF,CAAA;AAEA;;;;;IAMA,MAAMgB,UAAa,GAAA,OAAOzB,EAAS0B,EAAAA,UAAAA,GAAAA;;AAEjC,IAAA,IAAIC,UAAEC,CAAAA,GAAG,CAACF,UAAAA,EAAY,OAAU,CAAA,EAAA;QAC9B,MAAMG,aAAAA,GAAgB,MAAMC,oBAAqB9B,CAAAA,EAAAA,CAAAA;AACjD,QAAA,MAAM+B,cAAiB,GAAA,MAAM5B,UAAW,CAAA,MAAA,CAAA,CAAQ6B,2BAA2B,EAAA;QAC3E,MAAMC,wBAAAA,GAA2B,CAACC,MAAOC,CAAAA,cAAc,CAACT,UAAWU,CAAAA,KAAK,EAAEL,cAAAA,CAAe/B,EAAE,CAAA;AAE3F,QAAA,IAAI6B,iBAAiBI,wBAA0B,EAAA;AAC7C,YAAA,MAAM,IAAI1C,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;IAGA,IAAImC,UAAAA,CAAWlB,QAAQ,KAAK,KAAO,EAAA;QACjC,MAAMqB,aAAAA,GAAgB,MAAMC,oBAAqB9B,CAAAA,EAAAA,CAAAA;AACjD,QAAA,IAAI6B,aAAe,EAAA;AACjB,YAAA,MAAM,IAAItC,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;;AAGA,IAAA,IAAIoC,UAAEC,CAAAA,GAAG,CAACF,UAAAA,EAAY,UAAa,CAAA,EAAA;AACjC,QAAA,MAAMW,iBAAiB,MAAMlC,UAAAA,CAAW,QAAQmC,YAAY,CAACZ,WAAWa,QAAQ,CAAA;QAEhF,MAAMC,WAAAA,GAAc,MAAM3C,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeC,CAAAA,CAAAA,MAAM,CAAC;YAC9DC,KAAO,EAAA;AAAE5C,gBAAAA;AAAG,aAAA;YACZ6C,IAAM,EAAA;AACJ,gBAAA,GAAGnB,UAAU;gBACba,QAAUF,EAAAA;AACZ,aAAA;YACAS,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;AAEAjD,QAAAA,MAAAA,CAAOkD,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE3C,YAAAA,IAAAA,EAAM4C,YAAaT,CAAAA,WAAAA;AAAa,SAAA,CAAA;QAEtE,OAAOA,WAAAA;AACT;IAEA,MAAMA,WAAAA,GAAc,MAAM3C,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeC,CAAAA,CAAAA,MAAM,CAAC;QAC9DC,KAAO,EAAA;AAAE5C,YAAAA;AAAG,SAAA;QACZ6C,IAAMnB,EAAAA,UAAAA;QACNoB,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,MAAM/C,0BAA0BC,EAAI0B,EAAAA,UAAAA,CAAAA;AAEpC,IAAA,IAAIc,WAAa,EAAA;AACf3C,QAAAA,MAAAA,CAAOkD,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE3C,YAAAA,IAAAA,EAAM4C,YAAaT,CAAAA,WAAAA;AAAa,SAAA,CAAA;AACxE;IAEA,OAAOA,WAAAA;AACT,CAAA;AAEA;;;IAIA,MAAMU,aAAa,OAAOlD,EAAAA,GAAAA;;IAExB,MAAMmD,YAAAA,GAAe,MAAMtD,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAeU,CAAAA,CAAAA,OAAO,CAAC;QAChER,KAAO,EAAA;AAAE5C,YAAAA;AAAG,SAAA;QACZ8C,QAAU,EAAA;AAAC,YAAA;AAAQ;AACrB,KAAA,CAAA;AAEA,IAAA,IAAI,CAACK,YAAc,EAAA;QACjB,OAAO,IAAA;AACT;AAEA,IAAA,IAAIA,YAAc,EAAA;QAChB,IAAIA,YAAAA,CAAaf,KAAK,CAACiB,IAAI,CAAC,CAACC,CAAWA,GAAAA,CAAAA,CAAEC,IAAI,KAAK9D,gBAAmB,CAAA,EAAA;AACpE,YAAA,MAAMsC,cAAiB,GAAA,MAAM5B,UAAW,CAAA,MAAA,CAAA,CAAQ6B,2BAA2B,EAAA;YAC3E,IAAID,cAAAA,CAAeyB,UAAU,KAAK,CAAG,EAAA;AACnC,gBAAA,MAAM,IAAIjE,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AACF;AACF;IAEA,MAAMkE,WAAAA,GAAc,MAAM5D,MAAO4C,CAAAA,EAAE,CAChCC,KAAK,CAAC,aACNgB,CAAAA,CAAAA,MAAM,CAAC;QAAEd,KAAO,EAAA;AAAE5C,YAAAA;AAAG,SAAA;QAAG8C,QAAU,EAAA;AAAC,YAAA;AAAQ;AAAC,KAAA,CAAA;;AAG/C,IAAA,MAAMhD,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,IAAA,IAAIG,cAAkBA,IAAAA,cAAAA,CAAe6D,SAAS,CAAC,OAAU,CAAA,EAAA;AACvD,QAAA,MAAM7D,cAAe,CAAA,OAAA,CAAA,CAAS8D,sBAAsB,CAACC,MAAO7D,CAAAA,EAAAA,CAAAA,CAAAA;AAC9D;AAEA,IAAA,MAAMqB,6BAA8BrB,CAAAA,EAAAA,CAAAA;AAEpCH,IAAAA,MAAAA,CAAOkD,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAAE3C,QAAAA,IAAAA,EAAM4C,YAAaQ,CAAAA,WAAAA;AAAa,KAAA,CAAA;IAEtE,OAAOA,WAAAA;AACT,CAAA;AAEA;;;IAIA,MAAMK,cAAc,OAAOxC,GAAAA,GAAAA;;AAEzB,IAAA,MAAMS,cAAiB,GAAA,MAAM5B,UAAW,CAAA,MAAA,CAAA,CAAQ6B,2BAA2B,EAAA;IAC3E,MAAM+B,sBAAAA,GAAyB,MAAMlE,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAesB,CAAAA,CAAAA,KAAK,CAAC;QACxEpB,KAAO,EAAA;YACL5C,EAAIsB,EAAAA,GAAAA;YACJc,KAAO,EAAA;AAAEpC,gBAAAA,EAAAA,EAAI+B,eAAe/B;AAAG;AACjC;AACF,KAAA,CAAA;IAEA,IAAI+B,cAAAA,CAAeyB,UAAU,KAAKO,sBAAwB,EAAA;AACxD,QAAA,MAAM,IAAIxE,eAAgB,CAAA,wDAAA,CAAA;AAC5B;AAEA,IAAA,MAAM0E,eAAe,EAAE;IACvB,KAAK,MAAMjE,MAAMsB,GAAK,CAAA;QACpB,MAAMmC,WAAAA,GAAc,MAAM5D,MAAO4C,CAAAA,EAAE,CAACC,KAAK,CAAC,aAAegB,CAAAA,CAAAA,MAAM,CAAC;YAC9Dd,KAAO,EAAA;AAAE5C,gBAAAA;AAAG,aAAA;YACZ8C,QAAU,EAAA;AAAC,gBAAA;AAAQ;AACrB,SAAA,CAAA;;AAGA,QAAA,MAAMhD,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,QAAA,IAAIG,cAAkBA,IAAAA,cAAAA,CAAe6D,SAAS,CAAC,OAAU,CAAA,EAAA;AACvD,YAAA,MAAM7D,cAAe,CAAA,OAAA,CAAA,CAAS8D,sBAAsB,CAACC,MAAO7D,CAAAA,EAAAA,CAAAA,CAAAA;AAC9D;AAEAiE,QAAAA,YAAAA,CAAaC,IAAI,CAACT,WAAAA,CAAAA;AACpB;AAEA,IAAA,MAAMpC,6BAA8BC,CAAAA,GAAAA,CAAAA;AAEpCzB,IAAAA,MAAAA,CAAOkD,QAAQ,CAACC,IAAI,CAAC,aAAe,EAAA;AAClCmB,QAAAA,KAAAA,EAAOF,YAAa9C,CAAAA,GAAG,CAAC,CAACsC,cAAgBR,YAAaQ,CAAAA,WAAAA,CAAAA;AACxD,KAAA,CAAA;IAEA,OAAOQ,YAAAA;AACT,CAAA;AAEA,MAAMG,oBAAoB,CAACC,IAAAA,GAAkB1C,UAAE2C,CAAAA,IAAI,CAACD,IAAM,EAAA;AAAC,QAAA,IAAA;AAAM,QAAA,MAAA;AAAQ,QAAA,aAAA;AAAe,QAAA;AAAO,KAAA,CAAA;AAE/F;;;IAIA,MAAMvC,uBAAuB,OAAOyC,MAAAA,GAAAA;IAClC,MAAMlE,IAAAA,GAAQ,MAAM+C,OAAQmB,CAAAA,MAAAA,CAAAA;AAC5B,IAAA,MAAMxC,cAAiB,GAAA,MAAM5B,UAAW,CAAA,MAAA,CAAA,CAAQ6B,2BAA2B,EAAA;AAE3E,IAAA,OAAOD,cAAeyB,CAAAA,UAAU,KAAK,CAAA,IAAKgB,iBAAkBnE,CAAAA,IAAAA,CAAAA;AAC9D,CAAA;AAEA;;;IAIA,MAAM4C,eAAe,CAAC5C,IAAAA,GAAAA;IACpB,OAAO;QACL,GAAGsB,UAAAA,CAAE8C,IAAI,CAACpE,IAAM,EAAA;AAAC,YAAA,UAAA;AAAY,YAAA,oBAAA;AAAsB,YAAA,mBAAA;AAAqB,YAAA;SAAQ,CAAC;AACjF+B,QAAAA,KAAAA,EAAO/B,KAAK+B,KAAK,IAAI/B,KAAK+B,KAAK,CAACjB,GAAG,CAACiD,iBAAAA;AACtC,KAAA;AACF,CAAA;AAEA;;AAEC,IACD,MAAMhB,OAAAA,GAAU,OAAOpD,EAAAA,EAAS8C,QAAW,GAAA;AAAC,IAAA;AAAQ,CAAA,GAAA;AAClD,IAAA,OAAOjD,OAAO4C,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAeU,OAAO,CAAC;QAAER,KAAO,EAAA;AAAE5C,YAAAA;AAAG,SAAA;AAAG8C,QAAAA;AAAS,KAAA,CAAA;AAC1E,CAAA;AAEA,MAAM4B,yBAA4B,GAAA,UAAA;AAChC,IAAA,OAAO7E,OAAO4C,EAAE,CAACC,KAAK,CAAC,aAAA,CAAA,CAAesB,KAAK,CAAC;QAAEpB,KAAO,EAAA;YAAEpC,QAAU,EAAA;AAAK;AAAE,KAAA,CAAA;AAC1E,CAAA;AAEA,WAAe;AACbT,IAAAA,yBAAAA;AACAsB,IAAAA,6BAAAA;AACAqD,IAAAA,yBAAAA;AACAZ,IAAAA,WAAAA;AACAZ,IAAAA,UAAAA;AACAzB,IAAAA;AACF,CAAE;;;;"}
package/dist/server/server/src/bootstrap.js CHANGED
@@ -3,9 +3,11 @@
3
3
  var fp = require('lodash/fp');
4
4
  var utils = require('@strapi/utils');
5
5
  var index = require('./utils/index.js');
6
+ var token = require('./services/token.js');
6
7
  var adminActions = require('./config/admin-actions.js');
7
8
  var adminConditions = require('./config/admin-conditions.js');
8
9
  var constants = require('./services/constants.js');
10
+ var sessionAuth = require('../../shared/utils/session-auth.js');
9
11
 
10
12
  const defaultAdminAuthSettings = {
11
13
  providers: {
@@ -91,6 +93,26 @@ const syncAPITokensPermissions = async ()=>{
91
93
  }
92
94
  };
93
95
  var bootstrap = (async ({ strapi: strapi1 })=>{
96
+ // Fallback for backward compatibility: if the new maxRefreshTokenLifespan is not set,
97
+ // reuse the legacy admin.auth.options.expiresIn value (previously the sole JWT lifespan)
98
+ const { options } = token.getTokenOptions();
99
+ const legacyMaxRefreshFallback = token.expiresInToSeconds(options?.expiresIn) ?? sessionAuth.DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;
100
+ const legacyMaxSessionFallback = token.expiresInToSeconds(options?.expiresIn) ?? sessionAuth.DEFAULT_MAX_SESSION_LIFESPAN;
101
+ // Warn if using deprecated legacy expiresIn for new session settings
102
+ const hasLegacyExpires = options?.expiresIn != null;
103
+ const hasNewMaxRefresh = strapi1.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;
104
+ const hasNewMaxSession = strapi1.config.get('admin.auth.sessions.maxSessionLifespan') != null;
105
+ if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {
106
+ strapi1.log.warn('admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.');
107
+ }
108
+ strapi1.sessionManager.defineOrigin('admin', {
109
+ jwtSecret: strapi1.config.get('admin.auth.secret'),
110
+ accessTokenLifespan: strapi1.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),
111
+ maxRefreshTokenLifespan: strapi1.config.get('admin.auth.sessions.maxRefreshTokenLifespan', legacyMaxRefreshFallback),
112
+ idleRefreshTokenLifespan: strapi1.config.get('admin.auth.sessions.idleRefreshTokenLifespan', sessionAuth.DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN),
113
+ maxSessionLifespan: strapi1.config.get('admin.auth.sessions.maxSessionLifespan', legacyMaxSessionFallback),
114
+ idleSessionLifespan: strapi1.config.get('admin.auth.sessions.idleSessionLifespan', sessionAuth.DEFAULT_IDLE_SESSION_LIFESPAN)
115
+ });
94
116
  await registerAdminConditions();
95
117
  await registerPermissionActions();
96
118
  registerModelHooks();
package/dist/server/server/src/bootstrap.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAQA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,gBAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,WAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,MAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAKC,CAAAA,aAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;IACvD,MAAMN,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMyD,oBAAoBlE,gBAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAMmE,cAAcnE,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAMoE,kBAAkBpE,gBAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAMqE,eAAerE,gBAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAMmE,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMhB,YAAYiB,iCAAiC,EAAA;IAEnD,MAAMpD,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAW2E,CAAAA,CAAAA,4BAA4B,CAAChE,OAAAA,CAAAA;IACzDX,gBAAW,CAAA,SAAA,CAAA,CAAW4E,SAAS,CAACjE,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBmB,kBAAkB,EAAA;IAClCT,eAAgBN,CAAAA,KAAK,CAACe,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMtB,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1
+ {"version":3,"file":"bootstrap.js","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Fallback for backward compatibility: if the new maxRefreshTokenLifespan is not set,\n // reuse the legacy admin.auth.options.expiresIn value (previously the sole JWT lifespan)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n });\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,iBAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,qBAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,iBAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,wBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,gBAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,SAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,gBAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,WAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,MAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,OAAKC,CAAAA,aAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;;IAGvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,qBAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,8CAAAA;IAC5C,MAAMC,wBAAAA,GACJH,wBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,wCAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,+CAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,yCAAAA;AAEJ,KAAA,CAAA;IAEA,MAAMpF,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMiF,oBAAoB1F,gBAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM2F,cAAc3F,gBAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,gBAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAM4F,kBAAkB5F,gBAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAM6F,eAAe7F,gBAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAM2F,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMxC,YAAYyC,iCAAiC,EAAA;IAEnD,MAAM5E,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,gBAAAA,CAAW,SAAWmG,CAAAA,CAAAA,4BAA4B,CAACxF,OAAAA,CAAAA;IACzDX,gBAAW,CAAA,SAAA,CAAA,CAAWoG,SAAS,CAACzF,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgB2C,kBAAkB,EAAA;IAClCT,eAAgB9B,CAAAA,KAAK,CAACuC,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAM9C,8BAAAA,EAAAA;AACR,CAAA;;;;"}
package/dist/server/server/src/bootstrap.mjs CHANGED
@@ -1,9 +1,11 @@
1
1
  import { merge, map, uniq, difference } from 'lodash/fp';
2
2
  import { async } from '@strapi/utils';
3
3
  import { getService } from './utils/index.mjs';
4
+ import { getTokenOptions, expiresInToSeconds } from './services/token.mjs';
4
5
  import adminActions from './config/admin-actions.mjs';
5
6
  import adminConditions from './config/admin-conditions.mjs';
6
7
  import constants from './services/constants.mjs';
8
+ import { DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN, DEFAULT_MAX_SESSION_LIFESPAN, DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN, DEFAULT_IDLE_SESSION_LIFESPAN } from '../../shared/utils/session-auth.mjs';
7
9
 
8
10
  const defaultAdminAuthSettings = {
9
11
  providers: {
@@ -89,6 +91,26 @@ const syncAPITokensPermissions = async ()=>{
89
91
  }
90
92
  };
91
93
  var bootstrap = (async ({ strapi: strapi1 })=>{
94
+ // Fallback for backward compatibility: if the new maxRefreshTokenLifespan is not set,
95
+ // reuse the legacy admin.auth.options.expiresIn value (previously the sole JWT lifespan)
96
+ const { options } = getTokenOptions();
97
+ const legacyMaxRefreshFallback = expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;
98
+ const legacyMaxSessionFallback = expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;
99
+ // Warn if using deprecated legacy expiresIn for new session settings
100
+ const hasLegacyExpires = options?.expiresIn != null;
101
+ const hasNewMaxRefresh = strapi1.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;
102
+ const hasNewMaxSession = strapi1.config.get('admin.auth.sessions.maxSessionLifespan') != null;
103
+ if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {
104
+ strapi1.log.warn('admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.');
105
+ }
106
+ strapi1.sessionManager.defineOrigin('admin', {
107
+ jwtSecret: strapi1.config.get('admin.auth.secret'),
108
+ accessTokenLifespan: strapi1.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),
109
+ maxRefreshTokenLifespan: strapi1.config.get('admin.auth.sessions.maxRefreshTokenLifespan', legacyMaxRefreshFallback),
110
+ idleRefreshTokenLifespan: strapi1.config.get('admin.auth.sessions.idleRefreshTokenLifespan', DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN),
111
+ maxSessionLifespan: strapi1.config.get('admin.auth.sessions.maxSessionLifespan', legacyMaxSessionFallback),
112
+ idleSessionLifespan: strapi1.config.get('admin.auth.sessions.idleSessionLifespan', DEFAULT_IDLE_SESSION_LIFESPAN)
113
+ });
92
114
  await registerAdminConditions();
93
115
  await registerPermissionActions();
94
116
  registerModelHooks();
package/dist/server/server/src/bootstrap.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;AAQA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,KAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,GAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,IAAKC,CAAAA,UAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;IACvD,MAAMN,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMyD,oBAAoBlE,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAMmE,cAAcnE,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAMoE,kBAAkBpE,UAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAMqE,eAAerE,UAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAMmE,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMhB,YAAYiB,iCAAiC,EAAA;IAEnD,MAAMpD,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,UAAAA,CAAW,SAAW2E,CAAAA,CAAAA,4BAA4B,CAAChE,OAAAA,CAAAA;IACzDX,UAAW,CAAA,SAAA,CAAA,CAAW4E,SAAS,CAACjE,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgBmB,kBAAkB,EAAA;IAClCT,eAAgBN,CAAAA,KAAK,CAACe,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAMtB,8BAAAA,EAAAA;AACR,CAAA;;;;"}
1
+ {"version":3,"file":"bootstrap.mjs","sources":["../../../../server/src/bootstrap.ts"],"sourcesContent":["import { merge, map, difference, uniq } from 'lodash/fp';\nimport type { Core } from '@strapi/types';\nimport { async } from '@strapi/utils';\nimport { getService } from './utils';\nimport { getTokenOptions, expiresInToSeconds } from './services/token';\nimport adminActions from './config/admin-actions';\nimport adminConditions from './config/admin-conditions';\nimport constants from './services/constants';\nimport {\n DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,\n DEFAULT_MAX_SESSION_LIFESPAN,\n DEFAULT_IDLE_SESSION_LIFESPAN,\n} from '../../shared/utils/session-auth';\n\nconst defaultAdminAuthSettings = {\n providers: {\n autoRegister: false,\n defaultRole: null,\n ssoLockedRoles: null,\n },\n};\n\nconst registerPermissionActions = async () => {\n await getService('permission').actionProvider.registerMany(adminActions.actions);\n};\n\nconst registerAdminConditions = async () => {\n await getService('permission').conditionProvider.registerMany(adminConditions.conditions);\n};\n\nconst registerModelHooks = () => {\n const { sendDidChangeInterfaceLanguage } = getService('metrics');\n\n strapi.db.lifecycles.subscribe({\n models: ['admin::user'],\n afterCreate: sendDidChangeInterfaceLanguage,\n afterDelete: sendDidChangeInterfaceLanguage,\n afterUpdate({ params }) {\n if (params.data.preferedLanguage) {\n sendDidChangeInterfaceLanguage();\n }\n },\n });\n};\n\nconst syncAuthSettings = async () => {\n const adminStore = await strapi.store({ type: 'core', name: 'admin' });\n const adminAuthSettings = await adminStore.get({ key: 'auth' });\n const newAuthSettings = merge(defaultAdminAuthSettings, adminAuthSettings);\n\n const roleExists = await getService('role').exists({\n id: newAuthSettings.providers.defaultRole,\n });\n\n // Reset the default SSO role if it has been deleted manually\n if (!roleExists) {\n newAuthSettings.providers.defaultRole = null;\n }\n\n await adminStore.set({ key: 'auth', value: newAuthSettings });\n};\n\nconst syncAPITokensPermissions = async () => {\n const validPermissions = strapi.contentAPI.permissions.providers.action.keys();\n const permissionsInDB = await async.pipe(\n strapi.db.query('admin::api-token-permission').findMany,\n map('action')\n )();\n\n const unknownPermissions = uniq(difference(permissionsInDB, validPermissions));\n\n if (unknownPermissions.length > 0) {\n await strapi.db\n .query('admin::api-token-permission')\n .deleteMany({ where: { action: { $in: unknownPermissions } } });\n }\n};\n\n/**\n * Ensures the creation of default API tokens during the app creation.\n *\n * Checks the database for existing users and API tokens:\n * - If there are no users and no API tokens, it creates two default API tokens:\n * 1. A \"Read Only\" API token with permissions for accessing resources.\n * 2. A \"Full Access\" API token with permissions for accessing and modifying resources.\n *\n * @sideEffects Creates new API tokens in the database if conditions are met.\n */\n\nconst createDefaultAPITokensIfNeeded = async () => {\n const userService = getService('user');\n const apiTokenService = getService('api-token');\n\n const usersCount = await userService.count();\n const apiTokenCount = await apiTokenService.count();\n\n if (usersCount === 0 && apiTokenCount === 0) {\n for (const token of constants.DEFAULT_API_TOKENS) {\n await apiTokenService.create(token);\n }\n }\n};\n\nexport default async ({ strapi }: { strapi: Core.Strapi }) => {\n // Fallback for backward compatibility: if the new maxRefreshTokenLifespan is not set,\n // reuse the legacy admin.auth.options.expiresIn value (previously the sole JWT lifespan)\n const { options } = getTokenOptions();\n const legacyMaxRefreshFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN;\n const legacyMaxSessionFallback =\n expiresInToSeconds(options?.expiresIn) ?? DEFAULT_MAX_SESSION_LIFESPAN;\n\n // Warn if using deprecated legacy expiresIn for new session settings\n const hasLegacyExpires = options?.expiresIn != null;\n const hasNewMaxRefresh = strapi.config.get('admin.auth.sessions.maxRefreshTokenLifespan') != null;\n const hasNewMaxSession = strapi.config.get('admin.auth.sessions.maxSessionLifespan') != null;\n\n if (hasLegacyExpires && (!hasNewMaxRefresh || !hasNewMaxSession)) {\n strapi.log.warn(\n 'admin.auth.options.expiresIn is deprecated and will be removed in Strapi 6. Please configure admin.auth.sessions.maxRefreshTokenLifespan and admin.auth.sessions.maxSessionLifespan.'\n );\n }\n\n strapi.sessionManager.defineOrigin('admin', {\n jwtSecret: strapi.config.get('admin.auth.secret'),\n accessTokenLifespan: strapi.config.get('admin.auth.sessions.accessTokenLifespan', 30 * 60),\n maxRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.maxRefreshTokenLifespan',\n legacyMaxRefreshFallback\n ),\n idleRefreshTokenLifespan: strapi.config.get(\n 'admin.auth.sessions.idleRefreshTokenLifespan',\n DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN\n ),\n maxSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.maxSessionLifespan',\n legacyMaxSessionFallback\n ),\n idleSessionLifespan: strapi.config.get(\n 'admin.auth.sessions.idleSessionLifespan',\n DEFAULT_IDLE_SESSION_LIFESPAN\n ),\n });\n\n await registerAdminConditions();\n await registerPermissionActions();\n registerModelHooks();\n\n const permissionService = getService('permission');\n const userService = getService('user');\n const roleService = getService('role');\n const apiTokenService = getService('api-token');\n const transferService = getService('transfer');\n const tokenService = getService('token');\n\n await roleService.createRolesIfNoneExist();\n await roleService.resetSuperAdminPermissions();\n await roleService.displayWarningIfNoSuperAdmin();\n\n await permissionService.cleanPermissionsInDatabase();\n\n await userService.displayWarningIfUsersDontHaveRole();\n\n await syncAuthSettings();\n await syncAPITokensPermissions();\n\n await getService('metrics').sendUpdateProjectInformation(strapi);\n getService('metrics').startCron(strapi);\n\n apiTokenService.checkSaltIsDefined();\n transferService.token.checkSaltIsDefined();\n tokenService.checkSecretIsDefined();\n\n await createDefaultAPITokensIfNeeded();\n};\n"],"names":["defaultAdminAuthSettings","providers","autoRegister","defaultRole","ssoLockedRoles","registerPermissionActions","getService","actionProvider","registerMany","adminActions","actions","registerAdminConditions","conditionProvider","adminConditions","conditions","registerModelHooks","sendDidChangeInterfaceLanguage","strapi","db","lifecycles","subscribe","models","afterCreate","afterDelete","afterUpdate","params","data","preferedLanguage","syncAuthSettings","adminStore","store","type","name","adminAuthSettings","get","key","newAuthSettings","merge","roleExists","exists","id","set","value","syncAPITokensPermissions","validPermissions","contentAPI","permissions","action","keys","permissionsInDB","async","pipe","query","findMany","map","unknownPermissions","uniq","difference","length","deleteMany","where","$in","createDefaultAPITokensIfNeeded","userService","apiTokenService","usersCount","count","apiTokenCount","token","constants","DEFAULT_API_TOKENS","create","options","getTokenOptions","legacyMaxRefreshFallback","expiresInToSeconds","expiresIn","DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN","legacyMaxSessionFallback","DEFAULT_MAX_SESSION_LIFESPAN","hasLegacyExpires","hasNewMaxRefresh","config","hasNewMaxSession","log","warn","sessionManager","defineOrigin","jwtSecret","accessTokenLifespan","maxRefreshTokenLifespan","idleRefreshTokenLifespan","DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN","maxSessionLifespan","idleSessionLifespan","DEFAULT_IDLE_SESSION_LIFESPAN","permissionService","roleService","transferService","tokenService","createRolesIfNoneExist","resetSuperAdminPermissions","displayWarningIfNoSuperAdmin","cleanPermissionsInDatabase","displayWarningIfUsersDontHaveRole","sendUpdateProjectInformation","startCron","checkSaltIsDefined","checkSecretIsDefined"],"mappings":";;;;;;;;;AAeA,MAAMA,wBAA2B,GAAA;IAC/BC,SAAW,EAAA;QACTC,YAAc,EAAA,KAAA;QACdC,WAAa,EAAA,IAAA;QACbC,cAAgB,EAAA;AAClB;AACF,CAAA;AAEA,MAAMC,yBAA4B,GAAA,UAAA;AAChC,IAAA,MAAMC,WAAW,YAAcC,CAAAA,CAAAA,cAAc,CAACC,YAAY,CAACC,aAAaC,OAAO,CAAA;AACjF,CAAA;AAEA,MAAMC,uBAA0B,GAAA,UAAA;AAC9B,IAAA,MAAML,WAAW,YAAcM,CAAAA,CAAAA,iBAAiB,CAACJ,YAAY,CAACK,gBAAgBC,UAAU,CAAA;AAC1F,CAAA;AAEA,MAAMC,kBAAqB,GAAA,IAAA;AACzB,IAAA,MAAM,EAAEC,8BAA8B,EAAE,GAAGV,UAAW,CAAA,SAAA,CAAA;AAEtDW,IAAAA,MAAAA,CAAOC,EAAE,CAACC,UAAU,CAACC,SAAS,CAAC;QAC7BC,MAAQ,EAAA;AAAC,YAAA;AAAc,SAAA;QACvBC,WAAaN,EAAAA,8BAAAA;QACbO,WAAaP,EAAAA,8BAAAA;QACbQ,WAAY,CAAA,CAAA,EAAEC,MAAM,EAAE,EAAA;AACpB,YAAA,IAAIA,MAAOC,CAAAA,IAAI,CAACC,gBAAgB,EAAE;AAChCX,gBAAAA,8BAAAA,EAAAA;AACF;AACF;AACF,KAAA,CAAA;AACF,CAAA;AAEA,MAAMY,gBAAmB,GAAA,UAAA;AACvB,IAAA,MAAMC,UAAa,GAAA,MAAMZ,MAAOa,CAAAA,KAAK,CAAC;QAAEC,IAAM,EAAA,MAAA;QAAQC,IAAM,EAAA;AAAQ,KAAA,CAAA;AACpE,IAAA,MAAMC,iBAAoB,GAAA,MAAMJ,UAAWK,CAAAA,GAAG,CAAC;QAAEC,GAAK,EAAA;AAAO,KAAA,CAAA;IAC7D,MAAMC,eAAAA,GAAkBC,MAAMrC,wBAA0BiC,EAAAA,iBAAAA,CAAAA;AAExD,IAAA,MAAMK,UAAa,GAAA,MAAMhC,UAAW,CAAA,MAAA,CAAA,CAAQiC,MAAM,CAAC;QACjDC,EAAIJ,EAAAA,eAAAA,CAAgBnC,SAAS,CAACE;AAChC,KAAA,CAAA;;AAGA,IAAA,IAAI,CAACmC,UAAY,EAAA;QACfF,eAAgBnC,CAAAA,SAAS,CAACE,WAAW,GAAG,IAAA;AAC1C;IAEA,MAAM0B,UAAAA,CAAWY,GAAG,CAAC;QAAEN,GAAK,EAAA,MAAA;QAAQO,KAAON,EAAAA;AAAgB,KAAA,CAAA;AAC7D,CAAA;AAEA,MAAMO,wBAA2B,GAAA,UAAA;IAC/B,MAAMC,gBAAAA,GAAmB3B,MAAO4B,CAAAA,UAAU,CAACC,WAAW,CAAC7C,SAAS,CAAC8C,MAAM,CAACC,IAAI,EAAA;AAC5E,IAAA,MAAMC,eAAkB,GAAA,MAAMC,KAAMC,CAAAA,IAAI,CACtClC,MAAAA,CAAOC,EAAE,CAACkC,KAAK,CAAC,6BAA+BC,CAAAA,CAAAA,QAAQ,EACvDC,GAAI,CAAA,QAAA,CAAA,CAAA,EAAA;IAGN,MAAMC,kBAAAA,GAAqBC,IAAKC,CAAAA,UAAAA,CAAWR,eAAiBL,EAAAA,gBAAAA,CAAAA,CAAAA;IAE5D,IAAIW,kBAAAA,CAAmBG,MAAM,GAAG,CAAG,EAAA;AACjC,QAAA,MAAMzC,OAAOC,EAAE,CACZkC,KAAK,CAAC,6BAAA,CAAA,CACNO,UAAU,CAAC;YAAEC,KAAO,EAAA;gBAAEb,MAAQ,EAAA;oBAAEc,GAAKN,EAAAA;AAAmB;AAAE;AAAE,SAAA,CAAA;AACjE;AACF,CAAA;AAEA;;;;;;;;;AASC,IAED,MAAMO,8BAAiC,GAAA,UAAA;AACrC,IAAA,MAAMC,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;IAEnC,MAAM2D,UAAAA,GAAa,MAAMF,WAAAA,CAAYG,KAAK,EAAA;IAC1C,MAAMC,aAAAA,GAAgB,MAAMH,eAAAA,CAAgBE,KAAK,EAAA;IAEjD,IAAID,UAAAA,KAAe,CAAKE,IAAAA,aAAAA,KAAkB,CAAG,EAAA;AAC3C,QAAA,KAAK,MAAMC,KAAAA,IAASC,SAAUC,CAAAA,kBAAkB,CAAE;YAChD,MAAMN,eAAAA,CAAgBO,MAAM,CAACH,KAAAA,CAAAA;AAC/B;AACF;AACF,CAAA;AAEA,gBAAe,CAAA,OAAO,EAAEnD,MAAAA,EAAAA,OAAM,EAA2B,GAAA;;;IAGvD,MAAM,EAAEuD,OAAO,EAAE,GAAGC,eAAAA,EAAAA;IACpB,MAAMC,wBAAAA,GACJC,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcC,CAAAA,IAAAA,kCAAAA;IAC5C,MAAMC,wBAAAA,GACJH,kBAAmBH,CAAAA,OAAAA,EAASI,SAAcG,CAAAA,IAAAA,4BAAAA;;IAG5C,MAAMC,gBAAAA,GAAmBR,SAASI,SAAa,IAAA,IAAA;AAC/C,IAAA,MAAMK,mBAAmBhE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,6CAAkD,CAAA,IAAA,IAAA;AAC7F,IAAA,MAAMiD,mBAAmBlE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,wCAA6C,CAAA,IAAA,IAAA;AAExF,IAAA,IAAI8C,qBAAqB,CAACC,gBAAoB,IAAA,CAACE,gBAAe,CAAI,EAAA;QAChElE,OAAOmE,CAAAA,GAAG,CAACC,IAAI,CACb,sLAAA,CAAA;AAEJ;AAEApE,IAAAA,OAAAA,CAAOqE,cAAc,CAACC,YAAY,CAAC,OAAS,EAAA;AAC1CC,QAAAA,SAAAA,EAAWvE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CAAC,mBAAA,CAAA;AAC7BuD,QAAAA,mBAAAA,EAAqBxE,QAAOiE,MAAM,CAAChD,GAAG,CAAC,2CAA2C,EAAK,GAAA,EAAA,CAAA;AACvFwD,QAAAA,uBAAAA,EAAyBzE,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACxC,6CACAwC,EAAAA,wBAAAA,CAAAA;AAEFiB,QAAAA,wBAAAA,EAA0B1E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACzC,8CACA0D,EAAAA,mCAAAA,CAAAA;AAEFC,QAAAA,kBAAAA,EAAoB5E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACnC,wCACA4C,EAAAA,wBAAAA,CAAAA;AAEFgB,QAAAA,mBAAAA,EAAqB7E,OAAOiE,CAAAA,MAAM,CAAChD,GAAG,CACpC,yCACA6D,EAAAA,6BAAAA;AAEJ,KAAA,CAAA;IAEA,MAAMpF,uBAAAA,EAAAA;IACN,MAAMN,yBAAAA,EAAAA;AACNU,IAAAA,kBAAAA,EAAAA;AAEA,IAAA,MAAMiF,oBAAoB1F,UAAW,CAAA,YAAA,CAAA;AACrC,IAAA,MAAMyD,cAAczD,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM2F,cAAc3F,UAAW,CAAA,MAAA,CAAA;AAC/B,IAAA,MAAM0D,kBAAkB1D,UAAW,CAAA,WAAA,CAAA;AACnC,IAAA,MAAM4F,kBAAkB5F,UAAW,CAAA,UAAA,CAAA;AACnC,IAAA,MAAM6F,eAAe7F,UAAW,CAAA,OAAA,CAAA;AAEhC,IAAA,MAAM2F,YAAYG,sBAAsB,EAAA;AACxC,IAAA,MAAMH,YAAYI,0BAA0B,EAAA;AAC5C,IAAA,MAAMJ,YAAYK,4BAA4B,EAAA;AAE9C,IAAA,MAAMN,kBAAkBO,0BAA0B,EAAA;AAElD,IAAA,MAAMxC,YAAYyC,iCAAiC,EAAA;IAEnD,MAAM5E,gBAAAA,EAAAA;IACN,MAAMe,wBAAAA,EAAAA;IAEN,MAAMrC,UAAAA,CAAW,SAAWmG,CAAAA,CAAAA,4BAA4B,CAACxF,OAAAA,CAAAA;IACzDX,UAAW,CAAA,SAAA,CAAA,CAAWoG,SAAS,CAACzF,OAAAA,CAAAA;AAEhC+C,IAAAA,eAAAA,CAAgB2C,kBAAkB,EAAA;IAClCT,eAAgB9B,CAAAA,KAAK,CAACuC,kBAAkB,EAAA;AACxCR,IAAAA,YAAAA,CAAaS,oBAAoB,EAAA;IAEjC,MAAM9C,8BAAAA,EAAAA;AACR,CAAA;;;;"}
package/dist/server/server/src/content-types/index.js CHANGED
@@ -7,6 +7,7 @@ var apiToken = require('./api-token.js');
7
7
  var apiTokenPermission = require('./api-token-permission.js');
8
8
  var transferToken = require('./transfer-token.js');
9
9
  var transferTokenPermission = require('./transfer-token-permission.js');
10
+ var session = require('./session.js');
10
11
 
11
12
  var contentTypes = {
12
13
  permission: {
@@ -29,6 +30,9 @@ var contentTypes = {
29
30
  },
30
31
  'transfer-token-permission': {
31
32
  schema: transferTokenPermission
33
+ },
34
+ session: {
35
+ schema: session
32
36
  }
33
37
  };
34
38
 
package/dist/server/server/src/content-types/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sources":["../../../../../server/src/content-types/index.ts"],"sourcesContent":["import Permission from './Permission';\nimport User from './User';\nimport Role from './Role';\nimport apiToken from './api-token';\nimport apiTokenPermission from './api-token-permission';\nimport transferToken from './transfer-token';\nimport transferTokenPermission from './transfer-token-permission';\n\nexport default {\n permission: { schema: Permission },\n user: { schema: User },\n role: { schema: Role },\n 'api-token': { schema: apiToken },\n 'api-token-permission': { schema: apiTokenPermission },\n 'transfer-token': { schema: transferToken },\n 'transfer-token-permission': { schema: transferTokenPermission },\n};\n"],"names":["permission","schema","Permission","user","User","role","Role","apiToken","apiTokenPermission","transferToken","transferTokenPermission"],"mappings":";;;;;;;;;;AAQA,mBAAe;IACbA,UAAY,EAAA;QAAEC,MAAQC,EAAAA;AAAW,KAAA;IACjCC,IAAM,EAAA;QAAEF,MAAQG,EAAAA;AAAK,KAAA;IACrBC,IAAM,EAAA;QAAEJ,MAAQK,EAAAA;AAAK,KAAA;IACrB,WAAa,EAAA;QAAEL,MAAQM,EAAAA;AAAS,KAAA;IAChC,sBAAwB,EAAA;QAAEN,MAAQO,EAAAA;AAAmB,KAAA;IACrD,gBAAkB,EAAA;QAAEP,MAAQQ,EAAAA;AAAc,KAAA;IAC1C,2BAA6B,EAAA;QAAER,MAAQS,EAAAA;AAAwB;AACjE,CAAE;;;;"}
1
+ {"version":3,"file":"index.js","sources":["../../../../../server/src/content-types/index.ts"],"sourcesContent":["import Permission from './Permission';\nimport User from './User';\nimport Role from './Role';\nimport apiToken from './api-token';\nimport apiTokenPermission from './api-token-permission';\nimport transferToken from './transfer-token';\nimport transferTokenPermission from './transfer-token-permission';\nimport session from './session';\n\nexport default {\n permission: { schema: Permission },\n user: { schema: User },\n role: { schema: Role },\n 'api-token': { schema: apiToken },\n 'api-token-permission': { schema: apiTokenPermission },\n 'transfer-token': { schema: transferToken },\n 'transfer-token-permission': { schema: transferTokenPermission },\n session: { schema: session },\n};\n"],"names":["permission","schema","Permission","user","User","role","Role","apiToken","apiTokenPermission","transferToken","transferTokenPermission","session"],"mappings":";;;;;;;;;;;AASA,mBAAe;IACbA,UAAY,EAAA;QAAEC,MAAQC,EAAAA;AAAW,KAAA;IACjCC,IAAM,EAAA;QAAEF,MAAQG,EAAAA;AAAK,KAAA;IACrBC,IAAM,EAAA;QAAEJ,MAAQK,EAAAA;AAAK,KAAA;IACrB,WAAa,EAAA;QAAEL,MAAQM,EAAAA;AAAS,KAAA;IAChC,sBAAwB,EAAA;QAAEN,MAAQO,EAAAA;AAAmB,KAAA;IACrD,gBAAkB,EAAA;QAAEP,MAAQQ,EAAAA;AAAc,KAAA;IAC1C,2BAA6B,EAAA;QAAER,MAAQS,EAAAA;AAAwB,KAAA;IAC/DC,OAAS,EAAA;QAAEV,MAAQU,EAAAA;AAAQ;AAC7B,CAAE;;;;"}
package/dist/server/server/src/content-types/index.mjs CHANGED
@@ -5,6 +5,7 @@ import apiToken from './api-token.mjs';
5
5
  import apiTokenPermission from './api-token-permission.mjs';
6
6
  import transferToken from './transfer-token.mjs';
7
7
  import transferTokenPermission from './transfer-token-permission.mjs';
8
+ import session from './session.mjs';
8
9
 
9
10
  var contentTypes = {
10
11
  permission: {
@@ -27,6 +28,9 @@ var contentTypes = {
27
28
  },
28
29
  'transfer-token-permission': {
29
30
  schema: transferTokenPermission
31
+ },
32
+ session: {
33
+ schema: session
30
34
  }
31
35
  };
32
36
 
package/dist/server/server/src/content-types/index.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.mjs","sources":["../../../../../server/src/content-types/index.ts"],"sourcesContent":["import Permission from './Permission';\nimport User from './User';\nimport Role from './Role';\nimport apiToken from './api-token';\nimport apiTokenPermission from './api-token-permission';\nimport transferToken from './transfer-token';\nimport transferTokenPermission from './transfer-token-permission';\n\nexport default {\n permission: { schema: Permission },\n user: { schema: User },\n role: { schema: Role },\n 'api-token': { schema: apiToken },\n 'api-token-permission': { schema: apiTokenPermission },\n 'transfer-token': { schema: transferToken },\n 'transfer-token-permission': { schema: transferTokenPermission },\n};\n"],"names":["permission","schema","Permission","user","User","role","Role","apiToken","apiTokenPermission","transferToken","transferTokenPermission"],"mappings":";;;;;;;;AAQA,mBAAe;IACbA,UAAY,EAAA;QAAEC,MAAQC,EAAAA;AAAW,KAAA;IACjCC,IAAM,EAAA;QAAEF,MAAQG,EAAAA;AAAK,KAAA;IACrBC,IAAM,EAAA;QAAEJ,MAAQK,EAAAA;AAAK,KAAA;IACrB,WAAa,EAAA;QAAEL,MAAQM,EAAAA;AAAS,KAAA;IAChC,sBAAwB,EAAA;QAAEN,MAAQO,EAAAA;AAAmB,KAAA;IACrD,gBAAkB,EAAA;QAAEP,MAAQQ,EAAAA;AAAc,KAAA;IAC1C,2BAA6B,EAAA;QAAER,MAAQS,EAAAA;AAAwB;AACjE,CAAE;;;;"}
1
+ {"version":3,"file":"index.mjs","sources":["../../../../../server/src/content-types/index.ts"],"sourcesContent":["import Permission from './Permission';\nimport User from './User';\nimport Role from './Role';\nimport apiToken from './api-token';\nimport apiTokenPermission from './api-token-permission';\nimport transferToken from './transfer-token';\nimport transferTokenPermission from './transfer-token-permission';\nimport session from './session';\n\nexport default {\n permission: { schema: Permission },\n user: { schema: User },\n role: { schema: Role },\n 'api-token': { schema: apiToken },\n 'api-token-permission': { schema: apiTokenPermission },\n 'transfer-token': { schema: transferToken },\n 'transfer-token-permission': { schema: transferTokenPermission },\n session: { schema: session },\n};\n"],"names":["permission","schema","Permission","user","User","role","Role","apiToken","apiTokenPermission","transferToken","transferTokenPermission","session"],"mappings":";;;;;;;;;AASA,mBAAe;IACbA,UAAY,EAAA;QAAEC,MAAQC,EAAAA;AAAW,KAAA;IACjCC,IAAM,EAAA;QAAEF,MAAQG,EAAAA;AAAK,KAAA;IACrBC,IAAM,EAAA;QAAEJ,MAAQK,EAAAA;AAAK,KAAA;IACrB,WAAa,EAAA;QAAEL,MAAQM,EAAAA;AAAS,KAAA;IAChC,sBAAwB,EAAA;QAAEN,MAAQO,EAAAA;AAAmB,KAAA;IACrD,gBAAkB,EAAA;QAAEP,MAAQQ,EAAAA;AAAc,KAAA;IAC1C,2BAA6B,EAAA;QAAER,MAAQS,EAAAA;AAAwB,KAAA;IAC/DC,OAAS,EAAA;QAAEV,MAAQU,EAAAA;AAAQ;AAC7B,CAAE;;;;"}