@strapi/admin 5.47.1 → 5.48.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (126) hide show
  1. package/dist/admin/admin/src/StrapiApp.js +8 -5
  2. package/dist/admin/admin/src/StrapiApp.js.map +1 -1
  3. package/dist/admin/admin/src/StrapiApp.mjs +9 -6
  4. package/dist/admin/admin/src/StrapiApp.mjs.map +1 -1
  5. package/dist/admin/admin/src/components/LeftMenu.js +1 -1
  6. package/dist/admin/admin/src/components/LeftMenu.js.map +1 -1
  7. package/dist/admin/admin/src/components/LeftMenu.mjs +1 -1
  8. package/dist/admin/admin/src/components/LeftMenu.mjs.map +1 -1
  9. package/dist/admin/admin/src/components/UpsellBanner.js +1 -1
  10. package/dist/admin/admin/src/components/UpsellBanner.js.map +1 -1
  11. package/dist/admin/admin/src/components/UpsellBanner.mjs +1 -1
  12. package/dist/admin/admin/src/components/UpsellBanner.mjs.map +1 -1
  13. package/dist/admin/admin/src/hooks/useMenu.js +40 -5
  14. package/dist/admin/admin/src/hooks/useMenu.js.map +1 -1
  15. package/dist/admin/admin/src/hooks/useMenu.mjs +40 -6
  16. package/dist/admin/admin/src/hooks/useMenu.mjs.map +1 -1
  17. package/dist/admin/admin/src/hooks/useSettingsMenu.js +61 -1
  18. package/dist/admin/admin/src/hooks/useSettingsMenu.js.map +1 -1
  19. package/dist/admin/admin/src/hooks/useSettingsMenu.mjs +61 -2
  20. package/dist/admin/admin/src/hooks/useSettingsMenu.mjs.map +1 -1
  21. package/dist/admin/admin/src/pages/Home/HomePage.js +6 -2
  22. package/dist/admin/admin/src/pages/Home/HomePage.js.map +1 -1
  23. package/dist/admin/admin/src/pages/Home/HomePage.mjs +6 -2
  24. package/dist/admin/admin/src/pages/Home/HomePage.mjs.map +1 -1
  25. package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.js +1 -1
  26. package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.js.map +1 -1
  27. package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.mjs +1 -1
  28. package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.mjs.map +1 -1
  29. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js +2 -0
  30. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js.map +1 -1
  31. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.mjs +2 -0
  32. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.mjs.map +1 -1
  33. package/dist/admin/admin/src/translations/ar.json.js +1 -1
  34. package/dist/admin/admin/src/translations/ar.json.mjs +1 -1
  35. package/dist/admin/admin/src/translations/cs.json.js +1 -1
  36. package/dist/admin/admin/src/translations/cs.json.mjs +1 -1
  37. package/dist/admin/admin/src/translations/de.json.js +1 -1
  38. package/dist/admin/admin/src/translations/de.json.mjs +1 -1
  39. package/dist/admin/admin/src/translations/en.json.js +1 -1
  40. package/dist/admin/admin/src/translations/en.json.mjs +1 -1
  41. package/dist/admin/admin/src/translations/es.json.js +1 -1
  42. package/dist/admin/admin/src/translations/es.json.mjs +1 -1
  43. package/dist/admin/admin/src/translations/fi.json.js +1 -1
  44. package/dist/admin/admin/src/translations/fi.json.mjs +1 -1
  45. package/dist/admin/admin/src/translations/fr.json.js +1 -1
  46. package/dist/admin/admin/src/translations/fr.json.mjs +1 -1
  47. package/dist/admin/admin/src/translations/it.json.js +1 -1
  48. package/dist/admin/admin/src/translations/it.json.mjs +1 -1
  49. package/dist/admin/admin/src/translations/ko.json.js +1 -1
  50. package/dist/admin/admin/src/translations/ko.json.mjs +1 -1
  51. package/dist/admin/admin/src/translations/nl.json.js +1 -1
  52. package/dist/admin/admin/src/translations/nl.json.mjs +1 -1
  53. package/dist/admin/admin/src/translations/pl.json.js +1 -1
  54. package/dist/admin/admin/src/translations/pl.json.mjs +1 -1
  55. package/dist/admin/admin/src/translations/ru.json.js +1 -1
  56. package/dist/admin/admin/src/translations/ru.json.mjs +1 -1
  57. package/dist/admin/admin/src/translations/tr.json.js +1 -1
  58. package/dist/admin/admin/src/translations/tr.json.mjs +1 -1
  59. package/dist/admin/admin/src/translations/uk.json.js +1 -1
  60. package/dist/admin/admin/src/translations/uk.json.mjs +1 -1
  61. package/dist/admin/admin/src/translations/vi.json.js +1 -1
  62. package/dist/admin/admin/src/translations/vi.json.mjs +1 -1
  63. package/dist/admin/admin/src/translations/zh-Hans.json.js +1 -1
  64. package/dist/admin/admin/src/translations/zh-Hans.json.mjs +1 -1
  65. package/dist/admin/admin/src/utils/getFetchClient.js +1 -1
  66. package/dist/admin/admin/src/utils/getFetchClient.js.map +1 -1
  67. package/dist/admin/admin/src/utils/getFetchClient.mjs +1 -1
  68. package/dist/admin/admin/src/utils/getFetchClient.mjs.map +1 -1
  69. package/dist/admin/admin/src/utils/widgetVisibility.js +25 -0
  70. package/dist/admin/admin/src/utils/widgetVisibility.js.map +1 -0
  71. package/dist/admin/admin/src/utils/widgetVisibility.mjs +22 -0
  72. package/dist/admin/admin/src/utils/widgetVisibility.mjs.map +1 -0
  73. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/ApplicationInfoPage/components/AdminSeatInfo.js +6 -4
  74. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/ApplicationInfoPage/components/AdminSeatInfo.js.map +1 -1
  75. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/ApplicationInfoPage/components/AdminSeatInfo.mjs +6 -4
  76. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/ApplicationInfoPage/components/AdminSeatInfo.mjs.map +1 -1
  77. package/dist/admin/src/hooks/useMenu.d.ts +2 -1
  78. package/dist/admin/src/hooks/useSettingsMenu.d.ts +2 -1
  79. package/dist/admin/src/utils/widgetVisibility.d.ts +18 -0
  80. package/dist/ee/server/src/controllers/user.d.ts.map +1 -1
  81. package/dist/server/ee/server/src/controllers/user.js +7 -6
  82. package/dist/server/ee/server/src/controllers/user.js.map +1 -1
  83. package/dist/server/ee/server/src/controllers/user.mjs +7 -6
  84. package/dist/server/ee/server/src/controllers/user.mjs.map +1 -1
  85. package/dist/server/server/src/controllers/authenticated-user.js +25 -4
  86. package/dist/server/server/src/controllers/authenticated-user.js.map +1 -1
  87. package/dist/server/server/src/controllers/authenticated-user.mjs +25 -4
  88. package/dist/server/server/src/controllers/authenticated-user.mjs.map +1 -1
  89. package/dist/server/server/src/controllers/authentication.js +1 -16
  90. package/dist/server/server/src/controllers/authentication.js.map +1 -1
  91. package/dist/server/server/src/controllers/authentication.mjs +1 -16
  92. package/dist/server/server/src/controllers/authentication.mjs.map +1 -1
  93. package/dist/server/server/src/controllers/user.js +6 -5
  94. package/dist/server/server/src/controllers/user.js.map +1 -1
  95. package/dist/server/server/src/controllers/user.mjs +6 -5
  96. package/dist/server/server/src/controllers/user.mjs.map +1 -1
  97. package/dist/server/server/src/routes/authentication.js +4 -1
  98. package/dist/server/server/src/routes/authentication.js.map +1 -1
  99. package/dist/server/server/src/routes/authentication.mjs +4 -1
  100. package/dist/server/server/src/routes/authentication.mjs.map +1 -1
  101. package/dist/server/server/src/services/permission/permissions-manager/permission-fields.js +20 -11
  102. package/dist/server/server/src/services/permission/permissions-manager/permission-fields.js.map +1 -1
  103. package/dist/server/server/src/services/permission/permissions-manager/permission-fields.mjs +21 -12
  104. package/dist/server/server/src/services/permission/permissions-manager/permission-fields.mjs.map +1 -1
  105. package/dist/server/server/src/services/user.js +40 -3
  106. package/dist/server/server/src/services/user.js.map +1 -1
  107. package/dist/server/server/src/services/user.mjs +40 -3
  108. package/dist/server/server/src/services/user.mjs.map +1 -1
  109. package/dist/server/server/src/utils/normalize-email.js +24 -0
  110. package/dist/server/server/src/utils/normalize-email.js.map +1 -0
  111. package/dist/server/server/src/utils/normalize-email.mjs +22 -0
  112. package/dist/server/server/src/utils/normalize-email.mjs.map +1 -0
  113. package/dist/server/src/controllers/authenticated-user.d.ts.map +1 -1
  114. package/dist/server/src/controllers/authentication.d.ts.map +1 -1
  115. package/dist/server/src/controllers/user.d.ts.map +1 -1
  116. package/dist/server/src/index.d.ts +1 -0
  117. package/dist/server/src/index.d.ts.map +1 -1
  118. package/dist/server/src/routes/authentication.d.ts.map +1 -1
  119. package/dist/server/src/services/index.d.ts +1 -0
  120. package/dist/server/src/services/index.d.ts.map +1 -1
  121. package/dist/server/src/services/permission/permissions-manager/permission-fields.d.ts.map +1 -1
  122. package/dist/server/src/services/user.d.ts +1 -0
  123. package/dist/server/src/services/user.d.ts.map +1 -1
  124. package/dist/server/src/utils/normalize-email.d.ts +12 -0
  125. package/dist/server/src/utils/normalize-email.d.ts.map +1 -0
  126. package/package.json +12 -14
package/dist/server/server/src/controllers/authentication.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,gBAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAAA,GAAW,MAAMpC,gBAAAA,CAAW,MAAA,CAAA,CAAQqC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAAA,EAAU;AACZ,YAAA,MAAM,IAAIjE,gBAAAA,CAAiB,uCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMmE,cAAAA,GAAiB,MAAMtC,gBAAAA,CAAW,MAAA,CAAA,CAAQuC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,YAAA,MAAM,IAAInE,gBAAAA,CACR,6EAAA,CAAA;AAEJ,QAAA;AAEA,QAAA,MAAMc,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQwC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAAA,EAAmB,IAAA;YACnBY,QAAAA,EAAU,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAAA,GAAiB;AAACA,gBAAAA,cAAAA,CAAe/B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAAA,CAAOwD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAM1C,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMyC,gBAAerE,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMkE,cAAAA,CAA4Bd,KAAAA,CAAAA;QAElChC,gBAAAA,CAAW,MAAA,CAAA,CAAQ6C,cAAc,CAACb,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIuE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAcxE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqE,aAAAA,CAA2BjB,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQgD,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAW0C,4BAAAA,EAAAA;;YAGjB,MAAMhD,cAAAA,CAAe,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAACiC,GAAG,CAAC/B,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAMnD,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAMkD,QAAAA,GAAW,MAAMpD,cAAAA,CAAe,OAAA,CAAA,CAASqD,kBAAkB,CAAC3C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAW0C,QAAAA,EAAU;gBACvB,OAAO9E,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMtD,cAAAA,CAAe,SAASqB,mBAAmB,CAAC+B,SAAS3C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW6C,MAAAA,EAAQ;gBACrB,OAAOhF,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAE1C,KAAK,EAAE,GAAG6C,MAAAA;;YAElB,MAAMC,IAAAA,GAAOxC,wCAAAA,CACXqC,QAAAA,CAASvC,IAAI,EACbuC,QAAAA,CAASzC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAAA,EAAqBiC,QAAAA,CAAS3C,KAAK,EAAE8C,IAAAA,CAAAA;AACrDjF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMsD,QAAOlF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM4D,YAAAA,GAAenF,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAOmD,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnEpF,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAA,EAAI;AACvC,YAAA,GAAGwC,mCAAAA,CAAwBrF,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9C4C,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM7D,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAkCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,gBAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQoC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD7C,MAAAA,CAAOkD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMpC,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMmC,gBAAe/D,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM4D,cAAAA,CAA4BR,KAAAA,CAAAA;QAElChC,gBAAAA,CAAW,MAAA,CAAA,CAAQuC,cAAc,CAACP,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIiE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAclE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM+D,aAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ0C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWoC,4BAAAA,EAAAA;;YAGjB,MAAM1C,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAAC2B,GAAG,CAACzB,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM7C,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM4C,QAAAA,GAAW,MAAM9C,cAAAA,CAAe,OAAA,CAAA,CAAS+C,kBAAkB,CAACrC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWoC,QAAAA,EAAU;gBACvB,OAAOxE,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMhD,cAAAA,CAAe,SAASqB,mBAAmB,CAACyB,SAASrC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWuC,MAAAA,EAAQ;gBACrB,OAAO1E,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAEpC,KAAK,EAAE,GAAGuC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,wCAAAA,CACX+B,QAAAA,CAASjC,IAAI,EACbiC,QAAAA,CAASnC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAAA,EAAqB2B,QAAAA,CAASrC,KAAK,EAAEwC,IAAAA,CAAAA;AACrD3E,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMgD,QAAO5E,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMsD,YAAAA,GAAe7E,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO6C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnE9E,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,mCAAAA,CAAwB/E,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMvD,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/controllers/authentication.mjs CHANGED
@@ -128,22 +128,7 @@ var authentication = {
128
128
  async registerAdmin (ctx) {
129
129
  const input = ctx.request.body;
130
130
  await validateAdminRegistrationInput(input);
131
- const hasAdmin = await getService('user').exists();
132
- if (hasAdmin) {
133
- throw new ApplicationError('You cannot register a new super admin');
134
- }
135
- const superAdminRole = await getService('role').getSuperAdmin();
136
- if (!superAdminRole) {
137
- throw new ApplicationError("Cannot register the first admin because the super admin role doesn't exist.");
138
- }
139
- const user = await getService('user').create({
140
- ...input,
141
- registrationToken: null,
142
- isActive: true,
143
- roles: superAdminRole ? [
144
- superAdminRole.id
145
- ] : []
146
- });
131
+ const user = await getService('user').createFirstAdmin(input);
147
132
  strapi.telemetry.send('didCreateFirstAdmin');
148
133
  try {
149
134
  const sessionManager = getSessionManager();
package/dist/server/server/src/controllers/authentication.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,MAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,0BAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,6BAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,UAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,yBAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,8BAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAAA,GAAW,MAAMpC,UAAAA,CAAW,MAAA,CAAA,CAAQqC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAAA,EAAU;AACZ,YAAA,MAAM,IAAIjE,gBAAAA,CAAiB,uCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMmE,cAAAA,GAAiB,MAAMtC,UAAAA,CAAW,MAAA,CAAA,CAAQuC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,YAAA,MAAM,IAAInE,gBAAAA,CACR,6EAAA,CAAA;AAEJ,QAAA;AAEA,QAAA,MAAMc,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQwC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAAA,EAAmB,IAAA;YACnBY,QAAAA,EAAU,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAAA,GAAiB;AAACA,gBAAAA,cAAAA,CAAe/B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAAA,CAAOwD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAM1C,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMyC,gBAAerE,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMkE,2BAAAA,CAA4Bd,KAAAA,CAAAA;QAElChC,UAAAA,CAAW,MAAA,CAAA,CAAQ6C,cAAc,CAACb,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIuE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAcxE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqE,0BAAAA,CAA2BjB,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQgD,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAW0C,gBAAAA,EAAAA;;YAGjB,MAAMhD,cAAAA,CAAe,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,4BAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAACiC,GAAG,CAAC/B,mBAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAMnD,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAMkD,QAAAA,GAAW,MAAMpD,cAAAA,CAAe,OAAA,CAAA,CAASqD,kBAAkB,CAAC3C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAW0C,QAAAA,EAAU;gBACvB,OAAO9E,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMtD,cAAAA,CAAe,SAASqB,mBAAmB,CAAC+B,SAAS3C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW6C,MAAAA,EAAQ;gBACrB,OAAOhF,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAE1C,KAAK,EAAE,GAAG6C,MAAAA;;YAElB,MAAMC,IAAAA,GAAOxC,4BAAAA,CACXqC,QAAAA,CAASvC,IAAI,EACbuC,QAAAA,CAASzC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,mBAAAA,EAAqBiC,QAAAA,CAAS3C,KAAK,EAAE8C,IAAAA,CAAAA;AACrDjF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMsD,QAAOlF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM4D,YAAAA,GAAenF,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAOmD,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnEpF,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqB,EAAA,EAAI;AACvC,YAAA,GAAGwC,uBAAAA,CAAwBrF,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9C4C,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM7D,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;AAkCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,MAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,0BAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,6BAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,UAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,yBAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,8BAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQoC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD7C,MAAAA,CAAOkD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMpC,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMmC,gBAAe/D,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM4D,2BAAAA,CAA4BR,KAAAA,CAAAA;QAElChC,UAAAA,CAAW,MAAA,CAAA,CAAQuC,cAAc,CAACP,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIiE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAclE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM+D,0BAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ0C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWoC,gBAAAA,EAAAA;;YAGjB,MAAM1C,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,4BAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAAC2B,GAAG,CAACzB,mBAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM7C,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM4C,QAAAA,GAAW,MAAM9C,cAAAA,CAAe,OAAA,CAAA,CAAS+C,kBAAkB,CAACrC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWoC,QAAAA,EAAU;gBACvB,OAAOxE,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMhD,cAAAA,CAAe,SAASqB,mBAAmB,CAACyB,SAASrC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWuC,MAAAA,EAAQ;gBACrB,OAAO1E,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAEpC,KAAK,EAAE,GAAGuC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,4BAAAA,CACX+B,QAAAA,CAASjC,IAAI,EACbiC,QAAAA,CAASnC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,mBAAAA,EAAqB2B,QAAAA,CAASrC,KAAK,EAAEwC,IAAAA,CAAAA;AACrD3E,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMgD,QAAO5E,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMsD,YAAAA,GAAe7E,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO6C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnE9E,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,uBAAAA,CAAwB/E,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMvD,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/controllers/user.js CHANGED
@@ -4,6 +4,7 @@ var _ = require('lodash');
4
4
  var utils = require('@strapi/utils');
5
5
  var user$1 = require('../validation/user.js');
6
6
  var index = require('../utils/index.js');
7
+ var normalizeEmail = require('../utils/normalize-email.js');
7
8
 
8
9
  function _interopNamespaceDefault(e) {
9
10
  var n = Object.create(null);
@@ -87,20 +88,20 @@ var user = {
87
88
  },
88
89
  async update (ctx) {
89
90
  const { id } = ctx.params;
90
- const { body: input } = ctx.request;
91
- await user$1.validateUserUpdateInput(input);
92
- if (___namespace.has(input, 'email')) {
91
+ const data = normalizeEmail.normalizeEmail(ctx.request.body);
92
+ await user$1.validateUserUpdateInput(data);
93
+ if (___namespace.has(data, 'email')) {
93
94
  const uniqueEmailCheck = await index.getService('user').exists({
94
95
  id: {
95
96
  $ne: id
96
97
  },
97
- email: input.email
98
+ email: data.email
98
99
  });
99
100
  if (uniqueEmailCheck) {
100
101
  throw new ApplicationError('A user with this email address already exists');
101
102
  }
102
103
  }
103
- const updatedUser = await index.getService('user').updateById(id, input);
104
+ const updatedUser = await index.getService('user').updateById(id, data);
104
105
  if (!updatedUser) {
105
106
  return ctx.notFound('User does not exist');
106
107
  }
package/dist/server/server/src/controllers/user.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.js","sources":["../../../../../server/src/controllers/user.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport * as _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport {\n validateUserCreationInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n} from '../validation/user';\nimport { getService } from '../utils';\nimport {\n Create,\n DeleteMany,\n DeleteOne,\n FindAll,\n FindOne,\n Update,\n} from '../../../shared/contracts/user';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\nexport default {\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = _.pick(cleanData, [\n 'firstname',\n 'lastname',\n 'email',\n 'roles',\n 'preferedLanguage',\n ]);\n\n const userAlreadyExists = await getService('user').exists({\n email: attributes.email,\n });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n const createdUser = await getService('user').create(attributes);\n\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n // Send 201 created\n ctx.created({ data: userInfo } satisfies Create.Response);\n },\n\n async find(ctx: Context) {\n const userService = getService('user');\n\n const permissionsManager = strapi.service('admin::permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::user',\n });\n\n await permissionsManager.validateQuery(ctx.query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);\n\n // @ts-expect-error update the service type\n const { results, pagination } = await userService.findPage(sanitizedQuery);\n\n ctx.body = {\n data: {\n results: results.map((user: AdminUser) => userService.sanitizeUser(user)),\n pagination,\n },\n } satisfies FindAll.Response;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindOne.Params;\n\n const user = await getService('user').findOne(id);\n\n if (!user) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(user as AdminUser),\n } as FindOne.Response;\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Params;\n const { body: input } = ctx.request as Update.Request;\n\n await validateUserUpdateInput(input);\n\n if (_.has(input, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: input.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const updatedUser = await getService('user').updateById(id, input);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n } satisfies Update.Response;\n },\n\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as DeleteOne.Params;\n const user = ctx.state.user as AdminUser | undefined;\n\n if (user && user.id === id) {\n throw new ApplicationError('You cannot delete your own user');\n }\n\n const deletedUser = await getService('user').deleteById(id);\n\n if (!deletedUser) {\n return ctx.notFound('User not found');\n }\n\n return ctx.deleted({\n data: getService('user').sanitizeUser(deletedUser),\n } satisfies DeleteOne.Response);\n },\n\n /**\n * Delete several users\n * @param ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as DeleteMany.Request;\n const user = ctx.state.user as AdminUser | undefined;\n await validateUsersDeleteInput(body);\n const idsSet = new Set(body.ids);\n\n // Prevent self-deletion\n if (user && idsSet.has(user.id)) {\n throw new ApplicationError('You cannot delete your own user');\n }\n const users = await getService('user').deleteByIds(body.ids);\n\n const sanitizedUsers = users.map(getService('user').sanitizeUser);\n\n return ctx.deleted({\n data: sanitizedUsers,\n } satisfies DeleteMany.Response);\n },\n};\n"],"names":["ApplicationError","errors","create","ctx","body","request","cleanData","email","_","get","toLowerCase","validateUserCreationInput","attributes","pick","userAlreadyExists","getService","exists","createdUser","userInfo","sanitizeUser","Object","assign","registrationToken","created","data","find","userService","permissionsManager","strapi","service","createPermissionsManager","ability","state","userAbility","model","validateQuery","query","sanitizedQuery","sanitizeQuery","results","pagination","findPage","map","user","findOne","id","params","notFound","update","input","validateUserUpdateInput","has","uniqueEmailCheck","$ne","updatedUser","updateById","deleteOne","deletedUser","deleteById","deleted","deleteMany","validateUsersDeleteInput","idsSet","Set","ids","users","deleteByIds","sanitizedUsers"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B,WAAe;AACb,IAAA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,SAAAA,GAAY;AAAE,YAAA,GAAGF,IAAI;YAAEG,KAAAA,EAAOC,YAAAA,CAAEC,GAAG,CAACL,IAAAA,EAAM,CAAC,KAAK,CAAC,EAAE,CAAA,CAAE,CAAA,CAAEM,WAAW;AAAG,SAAA;AAE3E,QAAA,MAAMC,gCAAAA,CAA0BL,SAAAA,CAAAA;AAEhC,QAAA,MAAMM,UAAAA,GAAaJ,YAAAA,CAAEK,IAAI,CAACP,SAAAA,EAAW;AACnC,YAAA,WAAA;AACA,YAAA,UAAA;AACA,YAAA,OAAA;AACA,YAAA,OAAA;AACA,YAAA;AACD,SAAA,CAAA;AAED,QAAA,MAAMQ,iBAAAA,GAAoB,MAAMC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;AACxDT,YAAAA,KAAAA,EAAOK,WAAWL;AACpB,SAAA,CAAA;AAEA,QAAA,IAAIO,iBAAAA,EAAmB;AACrB,YAAA,MAAM,IAAId,gBAAAA,CAAiB,qBAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMiB,WAAAA,GAAc,MAAMF,gBAAAA,CAAW,MAAA,CAAA,CAAQb,MAAM,CAACU,UAAAA,CAAAA;AAEpD,QAAA,MAAMM,QAAAA,GAAWH,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACF,WAAAA,CAAAA;;;QAIjDG,MAAAA,CAAOC,MAAM,CAACH,QAAAA,EAAU;AAAEI,YAAAA,iBAAAA,EAAmBL,YAAYK;AAAkB,SAAA,CAAA;;AAG3EnB,QAAAA,GAAAA,CAAIoB,OAAO,CAAC;YAAEC,IAAAA,EAAMN;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;AAEA,IAAA,MAAMO,MAAKtB,GAAY,EAAA;AACrB,QAAA,MAAMuB,cAAcX,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMY,qBAAqBC,MAAAA,CAAOC,OAAO,CAAC,mBAAA,CAAA,CAAqBC,wBAAwB,CAAC;YACtFC,OAAAA,EAAS5B,GAAAA,CAAI6B,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;AAEA,QAAA,MAAMP,kBAAAA,CAAmBQ,aAAa,CAAChC,GAAAA,CAAIiC,KAAK,CAAA;AAChD,QAAA,MAAMC,iBAAiB,MAAMV,kBAAAA,CAAmBW,aAAa,CAACnC,IAAIiC,KAAK,CAAA;;QAGvE,MAAM,EAAEG,OAAO,EAAEC,UAAU,EAAE,GAAG,MAAMd,WAAAA,CAAYe,QAAQ,CAACJ,cAAAA,CAAAA;AAE3DlC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAM;AACJe,gBAAAA,OAAAA,EAASA,QAAQG,GAAG,CAAC,CAACC,IAAAA,GAAoBjB,WAAAA,CAAYP,YAAY,CAACwB,IAAAA,CAAAA,CAAAA;AACnEH,gBAAAA;AACF;AACF,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMI,SAAQzC,GAAY,EAAA;AACxB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AAEzB,QAAA,MAAMH,IAAAA,GAAO,MAAM5B,gBAAAA,CAAW,MAAA,CAAA,CAAQ6B,OAAO,CAACC,EAAAA,CAAAA;AAE9C,QAAA,IAAI,CAACF,IAAAA,EAAM;YACT,OAAOxC,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACwB,IAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMK,QAAO7C,GAAY,EAAA;AACvB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAM,EAAE1C,IAAAA,EAAM6C,KAAK,EAAE,GAAG9C,IAAIE,OAAO;AAEnC,QAAA,MAAM6C,8BAAAA,CAAwBD,KAAAA,CAAAA;AAE9B,QAAA,IAAIzC,YAAAA,CAAE2C,GAAG,CAACF,KAAAA,EAAO,OAAA,CAAA,EAAU;AACzB,YAAA,MAAMG,gBAAAA,GAAmB,MAAMrC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;gBACvD6B,EAAAA,EAAI;oBAAEQ,GAAAA,EAAKR;AAAG,iBAAA;AACdtC,gBAAAA,KAAAA,EAAO0C,MAAM1C;AACf,aAAA,CAAA;AAEA,YAAA,IAAI6C,gBAAAA,EAAkB;AACpB,gBAAA,MAAM,IAAIpD,gBAAAA,CAAiB,+CAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,MAAMsD,cAAc,MAAMvC,gBAAAA,CAAW,MAAA,CAAA,CAAQwC,UAAU,CAACV,EAAAA,EAAII,KAAAA,CAAAA;AAE5D,QAAA,IAAI,CAACK,WAAAA,EAAa;YAChB,OAAOnD,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACmC,WAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,WAAUrD,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMH,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAE3B,QAAA,IAAIA,IAAAA,IAAQA,IAAAA,CAAKE,EAAE,KAAKA,EAAAA,EAAI;AAC1B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMyD,WAAAA,GAAc,MAAM1C,gBAAAA,CAAW,MAAA,CAAA,CAAQ2C,UAAU,CAACb,EAAAA,CAAAA;AAExD,QAAA,IAAI,CAACY,WAAAA,EAAa;YAChB,OAAOtD,GAAAA,CAAI4C,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;QAEA,OAAO5C,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACsC,WAAAA;AACxC,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,YAAWzD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMsC,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAC3B,QAAA,MAAMkB,+BAAAA,CAAyBzD,IAAAA,CAAAA;AAC/B,QAAA,MAAM0D,MAAAA,GAAS,IAAIC,GAAAA,CAAI3D,IAAAA,CAAK4D,GAAG,CAAA;;AAG/B,QAAA,IAAIrB,QAAQmB,MAAAA,CAAOX,GAAG,CAACR,IAAAA,CAAKE,EAAE,CAAA,EAAG;AAC/B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AACA,QAAA,MAAMiE,QAAQ,MAAMlD,gBAAAA,CAAW,QAAQmD,WAAW,CAAC9D,KAAK4D,GAAG,CAAA;AAE3D,QAAA,MAAMG,iBAAiBF,KAAAA,CAAMvB,GAAG,CAAC3B,gBAAAA,CAAW,QAAQI,YAAY,CAAA;QAEhE,OAAOhB,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAM2C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"user.js","sources":["../../../../../server/src/controllers/user.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport * as _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport {\n validateUserCreationInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n} from '../validation/user';\nimport { getService } from '../utils';\nimport { normalizeEmail } from '../utils/normalize-email';\nimport {\n Create,\n DeleteMany,\n DeleteOne,\n FindAll,\n FindOne,\n Update,\n} from '../../../shared/contracts/user';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\nexport default {\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = _.pick(cleanData, [\n 'firstname',\n 'lastname',\n 'email',\n 'roles',\n 'preferedLanguage',\n ]);\n\n const userAlreadyExists = await getService('user').exists({\n email: attributes.email,\n });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n const createdUser = await getService('user').create(attributes);\n\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n // Send 201 created\n ctx.created({ data: userInfo } satisfies Create.Response);\n },\n\n async find(ctx: Context) {\n const userService = getService('user');\n\n const permissionsManager = strapi.service('admin::permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::user',\n });\n\n await permissionsManager.validateQuery(ctx.query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);\n\n // @ts-expect-error update the service type\n const { results, pagination } = await userService.findPage(sanitizedQuery);\n\n ctx.body = {\n data: {\n results: results.map((user: AdminUser) => userService.sanitizeUser(user)),\n pagination,\n },\n } satisfies FindAll.Response;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindOne.Params;\n\n const user = await getService('user').findOne(id);\n\n if (!user) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(user as AdminUser),\n } as FindOne.Response;\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Params;\n const data = normalizeEmail((ctx.request as Update.Request).body);\n\n await validateUserUpdateInput(data);\n\n if (_.has(data, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: data.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const updatedUser = await getService('user').updateById(id, data);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n } satisfies Update.Response;\n },\n\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as DeleteOne.Params;\n const user = ctx.state.user as AdminUser | undefined;\n\n if (user && user.id === id) {\n throw new ApplicationError('You cannot delete your own user');\n }\n\n const deletedUser = await getService('user').deleteById(id);\n\n if (!deletedUser) {\n return ctx.notFound('User not found');\n }\n\n return ctx.deleted({\n data: getService('user').sanitizeUser(deletedUser),\n } satisfies DeleteOne.Response);\n },\n\n /**\n * Delete several users\n * @param ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as DeleteMany.Request;\n const user = ctx.state.user as AdminUser | undefined;\n await validateUsersDeleteInput(body);\n const idsSet = new Set(body.ids);\n\n // Prevent self-deletion\n if (user && idsSet.has(user.id)) {\n throw new ApplicationError('You cannot delete your own user');\n }\n const users = await getService('user').deleteByIds(body.ids);\n\n const sanitizedUsers = users.map(getService('user').sanitizeUser);\n\n return ctx.deleted({\n data: sanitizedUsers,\n } satisfies DeleteMany.Response);\n },\n};\n"],"names":["ApplicationError","errors","create","ctx","body","request","cleanData","email","_","get","toLowerCase","validateUserCreationInput","attributes","pick","userAlreadyExists","getService","exists","createdUser","userInfo","sanitizeUser","Object","assign","registrationToken","created","data","find","userService","permissionsManager","strapi","service","createPermissionsManager","ability","state","userAbility","model","validateQuery","query","sanitizedQuery","sanitizeQuery","results","pagination","findPage","map","user","findOne","id","params","notFound","update","normalizeEmail","validateUserUpdateInput","has","uniqueEmailCheck","$ne","updatedUser","updateById","deleteOne","deletedUser","deleteById","deleted","deleteMany","validateUsersDeleteInput","idsSet","Set","ids","users","deleteByIds","sanitizedUsers"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B,WAAe;AACb,IAAA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,SAAAA,GAAY;AAAE,YAAA,GAAGF,IAAI;YAAEG,KAAAA,EAAOC,YAAAA,CAAEC,GAAG,CAACL,IAAAA,EAAM,CAAC,KAAK,CAAC,EAAE,CAAA,CAAE,CAAA,CAAEM,WAAW;AAAG,SAAA;AAE3E,QAAA,MAAMC,gCAAAA,CAA0BL,SAAAA,CAAAA;AAEhC,QAAA,MAAMM,UAAAA,GAAaJ,YAAAA,CAAEK,IAAI,CAACP,SAAAA,EAAW;AACnC,YAAA,WAAA;AACA,YAAA,UAAA;AACA,YAAA,OAAA;AACA,YAAA,OAAA;AACA,YAAA;AACD,SAAA,CAAA;AAED,QAAA,MAAMQ,iBAAAA,GAAoB,MAAMC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;AACxDT,YAAAA,KAAAA,EAAOK,WAAWL;AACpB,SAAA,CAAA;AAEA,QAAA,IAAIO,iBAAAA,EAAmB;AACrB,YAAA,MAAM,IAAId,gBAAAA,CAAiB,qBAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMiB,WAAAA,GAAc,MAAMF,gBAAAA,CAAW,MAAA,CAAA,CAAQb,MAAM,CAACU,UAAAA,CAAAA;AAEpD,QAAA,MAAMM,QAAAA,GAAWH,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACF,WAAAA,CAAAA;;;QAIjDG,MAAAA,CAAOC,MAAM,CAACH,QAAAA,EAAU;AAAEI,YAAAA,iBAAAA,EAAmBL,YAAYK;AAAkB,SAAA,CAAA;;AAG3EnB,QAAAA,GAAAA,CAAIoB,OAAO,CAAC;YAAEC,IAAAA,EAAMN;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;AAEA,IAAA,MAAMO,MAAKtB,GAAY,EAAA;AACrB,QAAA,MAAMuB,cAAcX,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMY,qBAAqBC,MAAAA,CAAOC,OAAO,CAAC,mBAAA,CAAA,CAAqBC,wBAAwB,CAAC;YACtFC,OAAAA,EAAS5B,GAAAA,CAAI6B,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;AAEA,QAAA,MAAMP,kBAAAA,CAAmBQ,aAAa,CAAChC,GAAAA,CAAIiC,KAAK,CAAA;AAChD,QAAA,MAAMC,iBAAiB,MAAMV,kBAAAA,CAAmBW,aAAa,CAACnC,IAAIiC,KAAK,CAAA;;QAGvE,MAAM,EAAEG,OAAO,EAAEC,UAAU,EAAE,GAAG,MAAMd,WAAAA,CAAYe,QAAQ,CAACJ,cAAAA,CAAAA;AAE3DlC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAM;AACJe,gBAAAA,OAAAA,EAASA,QAAQG,GAAG,CAAC,CAACC,IAAAA,GAAoBjB,WAAAA,CAAYP,YAAY,CAACwB,IAAAA,CAAAA,CAAAA;AACnEH,gBAAAA;AACF;AACF,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMI,SAAQzC,GAAY,EAAA;AACxB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AAEzB,QAAA,MAAMH,IAAAA,GAAO,MAAM5B,gBAAAA,CAAW,MAAA,CAAA,CAAQ6B,OAAO,CAACC,EAAAA,CAAAA;AAE9C,QAAA,IAAI,CAACF,IAAAA,EAAM;YACT,OAAOxC,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACwB,IAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMK,QAAO7C,GAAY,EAAA;AACvB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMtB,OAAOyB,6BAAAA,CAAgB9C,GAAAA,CAAIE,OAAO,CAAoBD,IAAI,CAAA;AAEhE,QAAA,MAAM8C,8BAAAA,CAAwB1B,IAAAA,CAAAA;AAE9B,QAAA,IAAIhB,YAAAA,CAAE2C,GAAG,CAAC3B,IAAAA,EAAM,OAAA,CAAA,EAAU;AACxB,YAAA,MAAM4B,gBAAAA,GAAmB,MAAMrC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;gBACvD6B,EAAAA,EAAI;oBAAEQ,GAAAA,EAAKR;AAAG,iBAAA;AACdtC,gBAAAA,KAAAA,EAAOiB,KAAKjB;AACd,aAAA,CAAA;AAEA,YAAA,IAAI6C,gBAAAA,EAAkB;AACpB,gBAAA,MAAM,IAAIpD,gBAAAA,CAAiB,+CAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,MAAMsD,cAAc,MAAMvC,gBAAAA,CAAW,MAAA,CAAA,CAAQwC,UAAU,CAACV,EAAAA,EAAIrB,IAAAA,CAAAA;AAE5D,QAAA,IAAI,CAAC8B,WAAAA,EAAa;YAChB,OAAOnD,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACmC,WAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,WAAUrD,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMH,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAE3B,QAAA,IAAIA,IAAAA,IAAQA,IAAAA,CAAKE,EAAE,KAAKA,EAAAA,EAAI;AAC1B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMyD,WAAAA,GAAc,MAAM1C,gBAAAA,CAAW,MAAA,CAAA,CAAQ2C,UAAU,CAACb,EAAAA,CAAAA;AAExD,QAAA,IAAI,CAACY,WAAAA,EAAa;YAChB,OAAOtD,GAAAA,CAAI4C,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;QAEA,OAAO5C,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACsC,WAAAA;AACxC,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,YAAWzD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMsC,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAC3B,QAAA,MAAMkB,+BAAAA,CAAyBzD,IAAAA,CAAAA;AAC/B,QAAA,MAAM0D,MAAAA,GAAS,IAAIC,GAAAA,CAAI3D,IAAAA,CAAK4D,GAAG,CAAA;;AAG/B,QAAA,IAAIrB,QAAQmB,MAAAA,CAAOX,GAAG,CAACR,IAAAA,CAAKE,EAAE,CAAA,EAAG;AAC/B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AACA,QAAA,MAAMiE,QAAQ,MAAMlD,gBAAAA,CAAW,QAAQmD,WAAW,CAAC9D,KAAK4D,GAAG,CAAA;AAE3D,QAAA,MAAMG,iBAAiBF,KAAAA,CAAMvB,GAAG,CAAC3B,gBAAAA,CAAW,QAAQI,YAAY,CAAA;QAEhE,OAAOhB,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAM2C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/controllers/user.mjs CHANGED
@@ -2,6 +2,7 @@ import * as _ from 'lodash';
2
2
  import { errors } from '@strapi/utils';
3
3
  import { validateUsersDeleteInput, validateUserUpdateInput, validateUserCreationInput } from '../validation/user.mjs';
4
4
  import { getService } from '../utils/index.mjs';
5
+ import { normalizeEmail } from '../utils/normalize-email.mjs';
5
6
 
6
7
  const { ApplicationError } = errors;
7
8
  var user = {
@@ -66,20 +67,20 @@ var user = {
66
67
  },
67
68
  async update (ctx) {
68
69
  const { id } = ctx.params;
69
- const { body: input } = ctx.request;
70
- await validateUserUpdateInput(input);
71
- if (_.has(input, 'email')) {
70
+ const data = normalizeEmail(ctx.request.body);
71
+ await validateUserUpdateInput(data);
72
+ if (_.has(data, 'email')) {
72
73
  const uniqueEmailCheck = await getService('user').exists({
73
74
  id: {
74
75
  $ne: id
75
76
  },
76
- email: input.email
77
+ email: data.email
77
78
  });
78
79
  if (uniqueEmailCheck) {
79
80
  throw new ApplicationError('A user with this email address already exists');
80
81
  }
81
82
  }
82
- const updatedUser = await getService('user').updateById(id, input);
83
+ const updatedUser = await getService('user').updateById(id, data);
83
84
  if (!updatedUser) {
84
85
  return ctx.notFound('User does not exist');
85
86
  }
package/dist/server/server/src/controllers/user.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.mjs","sources":["../../../../../server/src/controllers/user.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport * as _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport {\n validateUserCreationInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n} from '../validation/user';\nimport { getService } from '../utils';\nimport {\n Create,\n DeleteMany,\n DeleteOne,\n FindAll,\n FindOne,\n Update,\n} from '../../../shared/contracts/user';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\nexport default {\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = _.pick(cleanData, [\n 'firstname',\n 'lastname',\n 'email',\n 'roles',\n 'preferedLanguage',\n ]);\n\n const userAlreadyExists = await getService('user').exists({\n email: attributes.email,\n });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n const createdUser = await getService('user').create(attributes);\n\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n // Send 201 created\n ctx.created({ data: userInfo } satisfies Create.Response);\n },\n\n async find(ctx: Context) {\n const userService = getService('user');\n\n const permissionsManager = strapi.service('admin::permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::user',\n });\n\n await permissionsManager.validateQuery(ctx.query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);\n\n // @ts-expect-error update the service type\n const { results, pagination } = await userService.findPage(sanitizedQuery);\n\n ctx.body = {\n data: {\n results: results.map((user: AdminUser) => userService.sanitizeUser(user)),\n pagination,\n },\n } satisfies FindAll.Response;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindOne.Params;\n\n const user = await getService('user').findOne(id);\n\n if (!user) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(user as AdminUser),\n } as FindOne.Response;\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Params;\n const { body: input } = ctx.request as Update.Request;\n\n await validateUserUpdateInput(input);\n\n if (_.has(input, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: input.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const updatedUser = await getService('user').updateById(id, input);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n } satisfies Update.Response;\n },\n\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as DeleteOne.Params;\n const user = ctx.state.user as AdminUser | undefined;\n\n if (user && user.id === id) {\n throw new ApplicationError('You cannot delete your own user');\n }\n\n const deletedUser = await getService('user').deleteById(id);\n\n if (!deletedUser) {\n return ctx.notFound('User not found');\n }\n\n return ctx.deleted({\n data: getService('user').sanitizeUser(deletedUser),\n } satisfies DeleteOne.Response);\n },\n\n /**\n * Delete several users\n * @param ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as DeleteMany.Request;\n const user = ctx.state.user as AdminUser | undefined;\n await validateUsersDeleteInput(body);\n const idsSet = new Set(body.ids);\n\n // Prevent self-deletion\n if (user && idsSet.has(user.id)) {\n throw new ApplicationError('You cannot delete your own user');\n }\n const users = await getService('user').deleteByIds(body.ids);\n\n const sanitizedUsers = users.map(getService('user').sanitizeUser);\n\n return ctx.deleted({\n data: sanitizedUsers,\n } satisfies DeleteMany.Response);\n },\n};\n"],"names":["ApplicationError","errors","create","ctx","body","request","cleanData","email","_","get","toLowerCase","validateUserCreationInput","attributes","pick","userAlreadyExists","getService","exists","createdUser","userInfo","sanitizeUser","Object","assign","registrationToken","created","data","find","userService","permissionsManager","strapi","service","createPermissionsManager","ability","state","userAbility","model","validateQuery","query","sanitizedQuery","sanitizeQuery","results","pagination","findPage","map","user","findOne","id","params","notFound","update","input","validateUserUpdateInput","has","uniqueEmailCheck","$ne","updatedUser","updateById","deleteOne","deletedUser","deleteById","deleted","deleteMany","validateUsersDeleteInput","idsSet","Set","ids","users","deleteByIds","sanitizedUsers"],"mappings":";;;;;AAoBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,MAAAA;AAE7B,WAAe;AACb,IAAA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,SAAAA,GAAY;AAAE,YAAA,GAAGF,IAAI;YAAEG,KAAAA,EAAOC,CAAAA,CAAEC,GAAG,CAACL,IAAAA,EAAM,CAAC,KAAK,CAAC,EAAE,CAAA,CAAE,CAAA,CAAEM,WAAW;AAAG,SAAA;AAE3E,QAAA,MAAMC,yBAAAA,CAA0BL,SAAAA,CAAAA;AAEhC,QAAA,MAAMM,UAAAA,GAAaJ,CAAAA,CAAEK,IAAI,CAACP,SAAAA,EAAW;AACnC,YAAA,WAAA;AACA,YAAA,UAAA;AACA,YAAA,OAAA;AACA,YAAA,OAAA;AACA,YAAA;AACD,SAAA,CAAA;AAED,QAAA,MAAMQ,iBAAAA,GAAoB,MAAMC,UAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;AACxDT,YAAAA,KAAAA,EAAOK,WAAWL;AACpB,SAAA,CAAA;AAEA,QAAA,IAAIO,iBAAAA,EAAmB;AACrB,YAAA,MAAM,IAAId,gBAAAA,CAAiB,qBAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMiB,WAAAA,GAAc,MAAMF,UAAAA,CAAW,MAAA,CAAA,CAAQb,MAAM,CAACU,UAAAA,CAAAA;AAEpD,QAAA,MAAMM,QAAAA,GAAWH,UAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACF,WAAAA,CAAAA;;;QAIjDG,MAAAA,CAAOC,MAAM,CAACH,QAAAA,EAAU;AAAEI,YAAAA,iBAAAA,EAAmBL,YAAYK;AAAkB,SAAA,CAAA;;AAG3EnB,QAAAA,GAAAA,CAAIoB,OAAO,CAAC;YAAEC,IAAAA,EAAMN;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;AAEA,IAAA,MAAMO,MAAKtB,GAAY,EAAA;AACrB,QAAA,MAAMuB,cAAcX,UAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMY,qBAAqBC,MAAAA,CAAOC,OAAO,CAAC,mBAAA,CAAA,CAAqBC,wBAAwB,CAAC;YACtFC,OAAAA,EAAS5B,GAAAA,CAAI6B,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;AAEA,QAAA,MAAMP,kBAAAA,CAAmBQ,aAAa,CAAChC,GAAAA,CAAIiC,KAAK,CAAA;AAChD,QAAA,MAAMC,iBAAiB,MAAMV,kBAAAA,CAAmBW,aAAa,CAACnC,IAAIiC,KAAK,CAAA;;QAGvE,MAAM,EAAEG,OAAO,EAAEC,UAAU,EAAE,GAAG,MAAMd,WAAAA,CAAYe,QAAQ,CAACJ,cAAAA,CAAAA;AAE3DlC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAM;AACJe,gBAAAA,OAAAA,EAASA,QAAQG,GAAG,CAAC,CAACC,IAAAA,GAAoBjB,WAAAA,CAAYP,YAAY,CAACwB,IAAAA,CAAAA,CAAAA;AACnEH,gBAAAA;AACF;AACF,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMI,SAAQzC,GAAY,EAAA;AACxB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AAEzB,QAAA,MAAMH,IAAAA,GAAO,MAAM5B,UAAAA,CAAW,MAAA,CAAA,CAAQ6B,OAAO,CAACC,EAAAA,CAAAA;AAE9C,QAAA,IAAI,CAACF,IAAAA,EAAM;YACT,OAAOxC,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,UAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACwB,IAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMK,QAAO7C,GAAY,EAAA;AACvB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAM,EAAE1C,IAAAA,EAAM6C,KAAK,EAAE,GAAG9C,IAAIE,OAAO;AAEnC,QAAA,MAAM6C,uBAAAA,CAAwBD,KAAAA,CAAAA;AAE9B,QAAA,IAAIzC,CAAAA,CAAE2C,GAAG,CAACF,KAAAA,EAAO,OAAA,CAAA,EAAU;AACzB,YAAA,MAAMG,gBAAAA,GAAmB,MAAMrC,UAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;gBACvD6B,EAAAA,EAAI;oBAAEQ,GAAAA,EAAKR;AAAG,iBAAA;AACdtC,gBAAAA,KAAAA,EAAO0C,MAAM1C;AACf,aAAA,CAAA;AAEA,YAAA,IAAI6C,gBAAAA,EAAkB;AACpB,gBAAA,MAAM,IAAIpD,gBAAAA,CAAiB,+CAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,MAAMsD,cAAc,MAAMvC,UAAAA,CAAW,MAAA,CAAA,CAAQwC,UAAU,CAACV,EAAAA,EAAII,KAAAA,CAAAA;AAE5D,QAAA,IAAI,CAACK,WAAAA,EAAa;YAChB,OAAOnD,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,UAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACmC,WAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,WAAUrD,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMH,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAE3B,QAAA,IAAIA,IAAAA,IAAQA,IAAAA,CAAKE,EAAE,KAAKA,EAAAA,EAAI;AAC1B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMyD,WAAAA,GAAc,MAAM1C,UAAAA,CAAW,MAAA,CAAA,CAAQ2C,UAAU,CAACb,EAAAA,CAAAA;AAExD,QAAA,IAAI,CAACY,WAAAA,EAAa;YAChB,OAAOtD,GAAAA,CAAI4C,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;QAEA,OAAO5C,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAMT,UAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACsC,WAAAA;AACxC,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,YAAWzD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMsC,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAC3B,QAAA,MAAMkB,wBAAAA,CAAyBzD,IAAAA,CAAAA;AAC/B,QAAA,MAAM0D,MAAAA,GAAS,IAAIC,GAAAA,CAAI3D,IAAAA,CAAK4D,GAAG,CAAA;;AAG/B,QAAA,IAAIrB,QAAQmB,MAAAA,CAAOX,GAAG,CAACR,IAAAA,CAAKE,EAAE,CAAA,EAAG;AAC/B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AACA,QAAA,MAAMiE,QAAQ,MAAMlD,UAAAA,CAAW,QAAQmD,WAAW,CAAC9D,KAAK4D,GAAG,CAAA;AAE3D,QAAA,MAAMG,iBAAiBF,KAAAA,CAAMvB,GAAG,CAAC3B,UAAAA,CAAW,QAAQI,YAAY,CAAA;QAEhE,OAAOhB,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAM2C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"user.mjs","sources":["../../../../../server/src/controllers/user.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport * as _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport {\n validateUserCreationInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n} from '../validation/user';\nimport { getService } from '../utils';\nimport { normalizeEmail } from '../utils/normalize-email';\nimport {\n Create,\n DeleteMany,\n DeleteOne,\n FindAll,\n FindOne,\n Update,\n} from '../../../shared/contracts/user';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\nexport default {\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = _.pick(cleanData, [\n 'firstname',\n 'lastname',\n 'email',\n 'roles',\n 'preferedLanguage',\n ]);\n\n const userAlreadyExists = await getService('user').exists({\n email: attributes.email,\n });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n const createdUser = await getService('user').create(attributes);\n\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n // Send 201 created\n ctx.created({ data: userInfo } satisfies Create.Response);\n },\n\n async find(ctx: Context) {\n const userService = getService('user');\n\n const permissionsManager = strapi.service('admin::permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::user',\n });\n\n await permissionsManager.validateQuery(ctx.query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);\n\n // @ts-expect-error update the service type\n const { results, pagination } = await userService.findPage(sanitizedQuery);\n\n ctx.body = {\n data: {\n results: results.map((user: AdminUser) => userService.sanitizeUser(user)),\n pagination,\n },\n } satisfies FindAll.Response;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindOne.Params;\n\n const user = await getService('user').findOne(id);\n\n if (!user) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(user as AdminUser),\n } as FindOne.Response;\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Params;\n const data = normalizeEmail((ctx.request as Update.Request).body);\n\n await validateUserUpdateInput(data);\n\n if (_.has(data, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: data.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const updatedUser = await getService('user').updateById(id, data);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n } satisfies Update.Response;\n },\n\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as DeleteOne.Params;\n const user = ctx.state.user as AdminUser | undefined;\n\n if (user && user.id === id) {\n throw new ApplicationError('You cannot delete your own user');\n }\n\n const deletedUser = await getService('user').deleteById(id);\n\n if (!deletedUser) {\n return ctx.notFound('User not found');\n }\n\n return ctx.deleted({\n data: getService('user').sanitizeUser(deletedUser),\n } satisfies DeleteOne.Response);\n },\n\n /**\n * Delete several users\n * @param ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as DeleteMany.Request;\n const user = ctx.state.user as AdminUser | undefined;\n await validateUsersDeleteInput(body);\n const idsSet = new Set(body.ids);\n\n // Prevent self-deletion\n if (user && idsSet.has(user.id)) {\n throw new ApplicationError('You cannot delete your own user');\n }\n const users = await getService('user').deleteByIds(body.ids);\n\n const sanitizedUsers = users.map(getService('user').sanitizeUser);\n\n return ctx.deleted({\n data: sanitizedUsers,\n } satisfies DeleteMany.Response);\n },\n};\n"],"names":["ApplicationError","errors","create","ctx","body","request","cleanData","email","_","get","toLowerCase","validateUserCreationInput","attributes","pick","userAlreadyExists","getService","exists","createdUser","userInfo","sanitizeUser","Object","assign","registrationToken","created","data","find","userService","permissionsManager","strapi","service","createPermissionsManager","ability","state","userAbility","model","validateQuery","query","sanitizedQuery","sanitizeQuery","results","pagination","findPage","map","user","findOne","id","params","notFound","update","normalizeEmail","validateUserUpdateInput","has","uniqueEmailCheck","$ne","updatedUser","updateById","deleteOne","deletedUser","deleteById","deleted","deleteMany","validateUsersDeleteInput","idsSet","Set","ids","users","deleteByIds","sanitizedUsers"],"mappings":";;;;;;AAqBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,MAAAA;AAE7B,WAAe;AACb,IAAA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,SAAAA,GAAY;AAAE,YAAA,GAAGF,IAAI;YAAEG,KAAAA,EAAOC,CAAAA,CAAEC,GAAG,CAACL,IAAAA,EAAM,CAAC,KAAK,CAAC,EAAE,CAAA,CAAE,CAAA,CAAEM,WAAW;AAAG,SAAA;AAE3E,QAAA,MAAMC,yBAAAA,CAA0BL,SAAAA,CAAAA;AAEhC,QAAA,MAAMM,UAAAA,GAAaJ,CAAAA,CAAEK,IAAI,CAACP,SAAAA,EAAW;AACnC,YAAA,WAAA;AACA,YAAA,UAAA;AACA,YAAA,OAAA;AACA,YAAA,OAAA;AACA,YAAA;AACD,SAAA,CAAA;AAED,QAAA,MAAMQ,iBAAAA,GAAoB,MAAMC,UAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;AACxDT,YAAAA,KAAAA,EAAOK,WAAWL;AACpB,SAAA,CAAA;AAEA,QAAA,IAAIO,iBAAAA,EAAmB;AACrB,YAAA,MAAM,IAAId,gBAAAA,CAAiB,qBAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMiB,WAAAA,GAAc,MAAMF,UAAAA,CAAW,MAAA,CAAA,CAAQb,MAAM,CAACU,UAAAA,CAAAA;AAEpD,QAAA,MAAMM,QAAAA,GAAWH,UAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACF,WAAAA,CAAAA;;;QAIjDG,MAAAA,CAAOC,MAAM,CAACH,QAAAA,EAAU;AAAEI,YAAAA,iBAAAA,EAAmBL,YAAYK;AAAkB,SAAA,CAAA;;AAG3EnB,QAAAA,GAAAA,CAAIoB,OAAO,CAAC;YAAEC,IAAAA,EAAMN;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;AAEA,IAAA,MAAMO,MAAKtB,GAAY,EAAA;AACrB,QAAA,MAAMuB,cAAcX,UAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMY,qBAAqBC,MAAAA,CAAOC,OAAO,CAAC,mBAAA,CAAA,CAAqBC,wBAAwB,CAAC;YACtFC,OAAAA,EAAS5B,GAAAA,CAAI6B,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;AAEA,QAAA,MAAMP,kBAAAA,CAAmBQ,aAAa,CAAChC,GAAAA,CAAIiC,KAAK,CAAA;AAChD,QAAA,MAAMC,iBAAiB,MAAMV,kBAAAA,CAAmBW,aAAa,CAACnC,IAAIiC,KAAK,CAAA;;QAGvE,MAAM,EAAEG,OAAO,EAAEC,UAAU,EAAE,GAAG,MAAMd,WAAAA,CAAYe,QAAQ,CAACJ,cAAAA,CAAAA;AAE3DlC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAM;AACJe,gBAAAA,OAAAA,EAASA,QAAQG,GAAG,CAAC,CAACC,IAAAA,GAAoBjB,WAAAA,CAAYP,YAAY,CAACwB,IAAAA,CAAAA,CAAAA;AACnEH,gBAAAA;AACF;AACF,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMI,SAAQzC,GAAY,EAAA;AACxB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AAEzB,QAAA,MAAMH,IAAAA,GAAO,MAAM5B,UAAAA,CAAW,MAAA,CAAA,CAAQ6B,OAAO,CAACC,EAAAA,CAAAA;AAE9C,QAAA,IAAI,CAACF,IAAAA,EAAM;YACT,OAAOxC,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,UAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACwB,IAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMK,QAAO7C,GAAY,EAAA;AACvB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMtB,OAAOyB,cAAAA,CAAgB9C,GAAAA,CAAIE,OAAO,CAAoBD,IAAI,CAAA;AAEhE,QAAA,MAAM8C,uBAAAA,CAAwB1B,IAAAA,CAAAA;AAE9B,QAAA,IAAIhB,CAAAA,CAAE2C,GAAG,CAAC3B,IAAAA,EAAM,OAAA,CAAA,EAAU;AACxB,YAAA,MAAM4B,gBAAAA,GAAmB,MAAMrC,UAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;gBACvD6B,EAAAA,EAAI;oBAAEQ,GAAAA,EAAKR;AAAG,iBAAA;AACdtC,gBAAAA,KAAAA,EAAOiB,KAAKjB;AACd,aAAA,CAAA;AAEA,YAAA,IAAI6C,gBAAAA,EAAkB;AACpB,gBAAA,MAAM,IAAIpD,gBAAAA,CAAiB,+CAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,MAAMsD,cAAc,MAAMvC,UAAAA,CAAW,MAAA,CAAA,CAAQwC,UAAU,CAACV,EAAAA,EAAIrB,IAAAA,CAAAA;AAE5D,QAAA,IAAI,CAAC8B,WAAAA,EAAa;YAChB,OAAOnD,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,UAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACmC,WAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,WAAUrD,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMH,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAE3B,QAAA,IAAIA,IAAAA,IAAQA,IAAAA,CAAKE,EAAE,KAAKA,EAAAA,EAAI;AAC1B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMyD,WAAAA,GAAc,MAAM1C,UAAAA,CAAW,MAAA,CAAA,CAAQ2C,UAAU,CAACb,EAAAA,CAAAA;AAExD,QAAA,IAAI,CAACY,WAAAA,EAAa;YAChB,OAAOtD,GAAAA,CAAI4C,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;QAEA,OAAO5C,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAMT,UAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACsC,WAAAA;AACxC,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,YAAWzD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMsC,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAC3B,QAAA,MAAMkB,wBAAAA,CAAyBzD,IAAAA,CAAAA;AAC/B,QAAA,MAAM0D,MAAAA,GAAS,IAAIC,GAAAA,CAAI3D,IAAAA,CAAK4D,GAAG,CAAA;;AAG/B,QAAA,IAAIrB,QAAQmB,MAAAA,CAAOX,GAAG,CAACR,IAAAA,CAAKE,EAAE,CAAA,EAAG;AAC/B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AACA,QAAA,MAAMiE,QAAQ,MAAMlD,UAAAA,CAAW,QAAQmD,WAAW,CAAC9D,KAAK4D,GAAG,CAAA;AAE3D,QAAA,MAAMG,iBAAiBF,KAAAA,CAAMvB,GAAG,CAAC3B,UAAAA,CAAW,QAAQI,YAAY,CAAA;QAEhE,OAAOhB,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAM2C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/routes/authentication.js CHANGED
@@ -25,7 +25,10 @@ var authentication = [
25
25
  path: '/register-admin',
26
26
  handler: 'authentication.registerAdmin',
27
27
  config: {
28
- auth: false
28
+ auth: false,
29
+ middlewares: [
30
+ 'admin::rateLimit'
31
+ ]
29
32
  }
30
33
  },
31
34
  {
package/dist/server/server/src/routes/authentication.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.js","sources":["../../../../../server/src/routes/authentication.ts"],"sourcesContent":["export default [\n {\n method: 'POST',\n path: '/login',\n handler: 'authentication.login',\n config: {\n auth: false,\n middlewares: ['admin::rateLimit'],\n },\n },\n {\n method: 'POST',\n path: '/access-token',\n handler: 'authentication.accessToken',\n config: {\n auth: false,\n },\n },\n {\n method: 'POST',\n path: '/register-admin',\n handler: 'authentication.registerAdmin',\n config: { auth: false },\n },\n {\n method: 'GET',\n path: '/registration-info',\n handler: 'authentication.registrationInfo',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/register',\n handler: 'authentication.register',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/forgot-password',\n handler: 'authentication.forgotPassword',\n config: {\n auth: false,\n middlewares: ['plugin::email.rateLimit'],\n },\n },\n {\n method: 'POST',\n path: '/reset-password',\n handler: 'authentication.resetPassword',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/logout',\n handler: 'authentication.logout',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n];\n"],"names":["method","path","handler","config","auth","middlewares","policies"],"mappings":";;AAAA,qBAAe;AACb,IAAA;QACEA,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,QAAA;QACNC,OAAAA,EAAS,sBAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAAmB;AACnC;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,eAAA;QACNC,OAAAA,EAAS,4BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM;AACR;AACF,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,iBAAA;QACNC,OAAAA,EAAS,8BAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,KAAA;QACRC,IAAAA,EAAM,oBAAA;QACNC,OAAAA,EAAS,iCAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,WAAA;QACNC,OAAAA,EAAS,yBAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,kBAAA;QACNC,OAAAA,EAAS,+BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAA0B;AAC1C;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,iBAAA;QACNC,OAAAA,EAAS,8BAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,SAAA;QACNC,OAAAA,EAAS,uBAAA;QACTC,MAAAA,EAAQ;YACNG,QAAAA,EAAU;AAAC,gBAAA;AAA8B;AAC3C;AACF;CACD;;;;"}
1
+ {"version":3,"file":"authentication.js","sources":["../../../../../server/src/routes/authentication.ts"],"sourcesContent":["export default [\n {\n method: 'POST',\n path: '/login',\n handler: 'authentication.login',\n config: {\n auth: false,\n middlewares: ['admin::rateLimit'],\n },\n },\n {\n method: 'POST',\n path: '/access-token',\n handler: 'authentication.accessToken',\n config: {\n auth: false,\n },\n },\n {\n method: 'POST',\n path: '/register-admin',\n handler: 'authentication.registerAdmin',\n config: {\n auth: false,\n middlewares: ['admin::rateLimit'],\n },\n },\n {\n method: 'GET',\n path: '/registration-info',\n handler: 'authentication.registrationInfo',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/register',\n handler: 'authentication.register',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/forgot-password',\n handler: 'authentication.forgotPassword',\n config: {\n auth: false,\n middlewares: ['plugin::email.rateLimit'],\n },\n },\n {\n method: 'POST',\n path: '/reset-password',\n handler: 'authentication.resetPassword',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/logout',\n handler: 'authentication.logout',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n];\n"],"names":["method","path","handler","config","auth","middlewares","policies"],"mappings":";;AAAA,qBAAe;AACb,IAAA;QACEA,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,QAAA;QACNC,OAAAA,EAAS,sBAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAAmB;AACnC;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,eAAA;QACNC,OAAAA,EAAS,4BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM;AACR;AACF,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,iBAAA;QACNC,OAAAA,EAAS,8BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAAmB;AACnC;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,KAAA;QACRC,IAAAA,EAAM,oBAAA;QACNC,OAAAA,EAAS,iCAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,WAAA;QACNC,OAAAA,EAAS,yBAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,kBAAA;QACNC,OAAAA,EAAS,+BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAA0B;AAC1C;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,iBAAA;QACNC,OAAAA,EAAS,8BAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,SAAA;QACNC,OAAAA,EAAS,uBAAA;QACTC,MAAAA,EAAQ;YACNG,QAAAA,EAAU;AAAC,gBAAA;AAA8B;AAC3C;AACF;CACD;;;;"}
package/dist/server/server/src/routes/authentication.mjs CHANGED
@@ -23,7 +23,10 @@ var authentication = [
23
23
  path: '/register-admin',
24
24
  handler: 'authentication.registerAdmin',
25
25
  config: {
26
- auth: false
26
+ auth: false,
27
+ middlewares: [
28
+ 'admin::rateLimit'
29
+ ]
27
30
  }
28
31
  },
29
32
  {
package/dist/server/server/src/routes/authentication.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/routes/authentication.ts"],"sourcesContent":["export default [\n {\n method: 'POST',\n path: '/login',\n handler: 'authentication.login',\n config: {\n auth: false,\n middlewares: ['admin::rateLimit'],\n },\n },\n {\n method: 'POST',\n path: '/access-token',\n handler: 'authentication.accessToken',\n config: {\n auth: false,\n },\n },\n {\n method: 'POST',\n path: '/register-admin',\n handler: 'authentication.registerAdmin',\n config: { auth: false },\n },\n {\n method: 'GET',\n path: '/registration-info',\n handler: 'authentication.registrationInfo',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/register',\n handler: 'authentication.register',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/forgot-password',\n handler: 'authentication.forgotPassword',\n config: {\n auth: false,\n middlewares: ['plugin::email.rateLimit'],\n },\n },\n {\n method: 'POST',\n path: '/reset-password',\n handler: 'authentication.resetPassword',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/logout',\n handler: 'authentication.logout',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n];\n"],"names":["method","path","handler","config","auth","middlewares","policies"],"mappings":"AAAA,qBAAe;AACb,IAAA;QACEA,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,QAAA;QACNC,OAAAA,EAAS,sBAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAAmB;AACnC;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,eAAA;QACNC,OAAAA,EAAS,4BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM;AACR;AACF,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,iBAAA;QACNC,OAAAA,EAAS,8BAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,KAAA;QACRC,IAAAA,EAAM,oBAAA;QACNC,OAAAA,EAAS,iCAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,WAAA;QACNC,OAAAA,EAAS,yBAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,kBAAA;QACNC,OAAAA,EAAS,+BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAA0B;AAC1C;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,iBAAA;QACNC,OAAAA,EAAS,8BAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,SAAA;QACNC,OAAAA,EAAS,uBAAA;QACTC,MAAAA,EAAQ;YACNG,QAAAA,EAAU;AAAC,gBAAA;AAA8B;AAC3C;AACF;CACD;;;;"}
1
+ {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/routes/authentication.ts"],"sourcesContent":["export default [\n {\n method: 'POST',\n path: '/login',\n handler: 'authentication.login',\n config: {\n auth: false,\n middlewares: ['admin::rateLimit'],\n },\n },\n {\n method: 'POST',\n path: '/access-token',\n handler: 'authentication.accessToken',\n config: {\n auth: false,\n },\n },\n {\n method: 'POST',\n path: '/register-admin',\n handler: 'authentication.registerAdmin',\n config: {\n auth: false,\n middlewares: ['admin::rateLimit'],\n },\n },\n {\n method: 'GET',\n path: '/registration-info',\n handler: 'authentication.registrationInfo',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/register',\n handler: 'authentication.register',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/forgot-password',\n handler: 'authentication.forgotPassword',\n config: {\n auth: false,\n middlewares: ['plugin::email.rateLimit'],\n },\n },\n {\n method: 'POST',\n path: '/reset-password',\n handler: 'authentication.resetPassword',\n config: { auth: false },\n },\n {\n method: 'POST',\n path: '/logout',\n handler: 'authentication.logout',\n config: {\n policies: ['admin::isAuthenticatedAdmin'],\n },\n },\n];\n"],"names":["method","path","handler","config","auth","middlewares","policies"],"mappings":"AAAA,qBAAe;AACb,IAAA;QACEA,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,QAAA;QACNC,OAAAA,EAAS,sBAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAAmB;AACnC;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,eAAA;QACNC,OAAAA,EAAS,4BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM;AACR;AACF,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,iBAAA;QACNC,OAAAA,EAAS,8BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAAmB;AACnC;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,KAAA;QACRC,IAAAA,EAAM,oBAAA;QACNC,OAAAA,EAAS,iCAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,WAAA;QACNC,OAAAA,EAAS,yBAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,kBAAA;QACNC,OAAAA,EAAS,+BAAA;QACTC,MAAAA,EAAQ;YACNC,IAAAA,EAAM,KAAA;YACNC,WAAAA,EAAa;AAAC,gBAAA;AAA0B;AAC1C;AACF,KAAA;AACA,IAAA;QACEL,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,iBAAA;QACNC,OAAAA,EAAS,8BAAA;QACTC,MAAAA,EAAQ;YAAEC,IAAAA,EAAM;AAAM;AACxB,KAAA;AACA,IAAA;QACEJ,MAAAA,EAAQ,MAAA;QACRC,IAAAA,EAAM,SAAA;QACNC,OAAAA,EAAS,uBAAA;QACTC,MAAAA,EAAQ;YACNG,QAAAA,EAAU;AAAC,gBAAA;AAA8B;AAC3C;AACF;CACD;;;;"}
package/dist/server/server/src/services/permission/permissions-manager/permission-fields.js CHANGED
@@ -26,17 +26,26 @@ var fp = require('lodash/fp');
26
26
  if (!hasEntityConditions && permissionCache.has(cacheKey)) {
27
27
  return permissionCache.get(cacheKey);
28
28
  }
29
- // Compute permission fields (expensive CASL operation)
30
- const permittedFields = extra.permittedFieldsOf(ability$1, actionOverride, subject, {
31
- fieldsFrom: (rule)=>rule.fields || []
32
- });
33
- const hasAtLeastOneRegistered = fp.some((fields)=>!fp.isNil(fields), fp.flatMap(fp.prop('fields'), rules));
34
- const shouldIncludeAll = fp.isEmpty(permittedFields) && !hasAtLeastOneRegistered;
35
- const result = {
36
- permittedFields,
37
- hasAtLeastOneRegistered,
38
- shouldIncludeAll
39
- };
29
+ let result;
30
+ const allFieldsAllowed = rules.some((r)=>fp.isNil(r.fields));
31
+ if (allFieldsAllowed) {
32
+ result = {
33
+ permittedFields: [],
34
+ hasAtLeastOneRegistered: rules.some((r)=>!fp.isNil(r.fields)),
35
+ shouldIncludeAll: true
36
+ };
37
+ } else {
38
+ // Compute permission fields (expensive CASL operation)
39
+ const permittedFields = extra.permittedFieldsOf(ability$1, actionOverride, subject, {
40
+ fieldsFrom: (rule)=>rule.fields || []
41
+ });
42
+ const hasAtLeastOneRegistered = fp.some((fields)=>!fp.isNil(fields), fp.flatMap(fp.prop('fields'), rules));
43
+ result = {
44
+ permittedFields,
45
+ hasAtLeastOneRegistered,
46
+ shouldIncludeAll: fp.isEmpty(permittedFields) && !hasAtLeastOneRegistered
47
+ };
48
+ }
40
49
  // Cache for reuse if no entity-specific conditions
41
50
  if (!hasEntityConditions) {
42
51
  permissionCache.set(cacheKey, result);
package/dist/server/server/src/services/permission/permissions-manager/permission-fields.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"permission-fields.js","sources":["../../../../../../../server/src/services/permission/permissions-manager/permission-fields.ts"],"sourcesContent":["import { detectSubjectType } from '@casl/ability';\nimport { permittedFieldsOf } from '@casl/ability/extra';\nimport { isEmpty, isNil, flatMap, some, prop } from 'lodash/fp';\n\nimport type { Ability } from '@casl/ability';\n\nexport interface PermissionFieldsResult {\n permittedFields: string[];\n hasAtLeastOneRegistered: boolean;\n shouldIncludeAll: boolean;\n}\n\n/**\n * Creates a cached permission fields calculator for a given CASL ability.\n *\n * The cache stores permission field calculations per action+subjectType combination.\n * Results are only cached when rules have no entity-specific conditions, as those\n * must be computed per entity.\n *\n * @param ability - The CASL ability instance to use for permission checks\n * @returns Object with getPermissionFields function and cache\n */\nexport const createPermissionFieldsCache = (ability: Ability) => {\n const permissionCache = new Map<string, PermissionFieldsResult>();\n\n const getPermissionFields = (actionOverride: string, subject: any): PermissionFieldsResult => {\n const subjectType = detectSubjectType(subject);\n const rules = ability.rulesFor(actionOverride, subjectType);\n\n // Check if any rule has conditions that depend on entity data\n // If so, we can't cache - must compute per entity\n const hasEntityConditions = rules.some(\n (rule: any) => rule.conditions && !isEmpty(rule.conditions)\n );\n\n // Return cached result if available and safe to use\n const cacheKey = `${actionOverride}::${String(subjectType)}`;\n if (!hasEntityConditions && permissionCache.has(cacheKey)) {\n return permissionCache.get(cacheKey)!;\n }\n\n // Compute permission fields (expensive CASL operation)\n const permittedFields = permittedFieldsOf(ability, actionOverride, subject, {\n fieldsFrom: (rule) => rule.fields || [],\n });\n\n const hasAtLeastOneRegistered = some(\n (fields) => !isNil(fields),\n flatMap(prop('fields'), rules)\n );\n const shouldIncludeAll = isEmpty(permittedFields) && !hasAtLeastOneRegistered;\n\n const result: PermissionFieldsResult = {\n permittedFields,\n hasAtLeastOneRegistered,\n shouldIncludeAll,\n };\n\n // Cache for reuse if no entity-specific conditions\n if (!hasEntityConditions) {\n permissionCache.set(cacheKey, result);\n }\n\n return result;\n };\n\n return {\n getPermissionFields,\n clearCache: () => permissionCache.clear(),\n };\n};\n"],"names":["createPermissionFieldsCache","ability","permissionCache","Map","getPermissionFields","actionOverride","subject","subjectType","detectSubjectType","rules","rulesFor","hasEntityConditions","some","rule","conditions","isEmpty","cacheKey","String","has","get","permittedFields","permittedFieldsOf","fieldsFrom","fields","hasAtLeastOneRegistered","isNil","flatMap","prop","shouldIncludeAll","result","set","clearCache","clear"],"mappings":";;;;;;AAYA;;;;;;;;;IAUO,MAAMA,2BAAAA,GAA8B,CAACC,SAAAA,GAAAA;AAC1C,IAAA,MAAMC,kBAAkB,IAAIC,GAAAA,EAAAA;IAE5B,MAAMC,mBAAAA,GAAsB,CAACC,cAAAA,EAAwBC,OAAAA,GAAAA;AACnD,QAAA,MAAMC,cAAcC,yBAAAA,CAAkBF,OAAAA,CAAAA;AACtC,QAAA,MAAMG,KAAAA,GAAQR,SAAAA,CAAQS,QAAQ,CAACL,cAAAA,EAAgBE,WAAAA,CAAAA;;;AAI/C,QAAA,MAAMI,mBAAAA,GAAsBF,KAAAA,CAAMG,IAAI,CACpC,CAACC,IAAAA,GAAcA,IAAAA,CAAKC,UAAU,IAAI,CAACC,UAAAA,CAAQF,IAAAA,CAAKC,UAAU,CAAA,CAAA;;AAI5D,QAAA,MAAME,WAAW,CAAA,EAAGX,cAAAA,CAAe,EAAE,EAAEY,OAAOV,WAAAA,CAAAA,CAAAA,CAAc;AAC5D,QAAA,IAAI,CAACI,mBAAAA,IAAuBT,eAAAA,CAAgBgB,GAAG,CAACF,QAAAA,CAAAA,EAAW;YACzD,OAAOd,eAAAA,CAAgBiB,GAAG,CAACH,QAAAA,CAAAA;AAC7B,QAAA;;AAGA,QAAA,MAAMI,eAAAA,GAAkBC,uBAAAA,CAAkBpB,SAAAA,EAASI,cAAAA,EAAgBC,OAAAA,EAAS;AAC1EgB,YAAAA,UAAAA,EAAY,CAACT,IAAAA,GAASA,IAAAA,CAAKU,MAAM,IAAI;AACvC,SAAA,CAAA;QAEA,MAAMC,uBAAAA,GAA0BZ,QAC9B,CAACW,MAAAA,GAAW,CAACE,QAAAA,CAAMF,MAAAA,CAAAA,EACnBG,UAAAA,CAAQC,OAAAA,CAAK,QAAA,CAAA,EAAWlB,KAAAA,CAAAA,CAAAA;QAE1B,MAAMmB,gBAAAA,GAAmBb,UAAAA,CAAQK,eAAAA,CAAAA,IAAoB,CAACI,uBAAAA;AAEtD,QAAA,MAAMK,MAAAA,GAAiC;AACrCT,YAAAA,eAAAA;AACAI,YAAAA,uBAAAA;AACAI,YAAAA;AACF,SAAA;;AAGA,QAAA,IAAI,CAACjB,mBAAAA,EAAqB;YACxBT,eAAAA,CAAgB4B,GAAG,CAACd,QAAAA,EAAUa,MAAAA,CAAAA;AAChC,QAAA;QAEA,OAAOA,MAAAA;AACT,IAAA,CAAA;IAEA,OAAO;AACLzB,QAAAA,mBAAAA;QACA2B,UAAAA,EAAY,IAAM7B,gBAAgB8B,KAAK;AACzC,KAAA;AACF;;;;"}
1
+ {"version":3,"file":"permission-fields.js","sources":["../../../../../../../server/src/services/permission/permissions-manager/permission-fields.ts"],"sourcesContent":["import { detectSubjectType } from '@casl/ability';\nimport { permittedFieldsOf } from '@casl/ability/extra';\nimport { isEmpty, isNil, flatMap, some, prop } from 'lodash/fp';\n\nimport type { Ability } from '@casl/ability';\n\nexport interface PermissionFieldsResult {\n permittedFields: string[];\n hasAtLeastOneRegistered: boolean;\n shouldIncludeAll: boolean;\n}\n\n/**\n * Creates a cached permission fields calculator for a given CASL ability.\n *\n * The cache stores permission field calculations per action+subjectType combination.\n * Results are only cached when rules have no entity-specific conditions, as those\n * must be computed per entity.\n *\n * @param ability - The CASL ability instance to use for permission checks\n * @returns Object with getPermissionFields function and cache\n */\nexport const createPermissionFieldsCache = (ability: Ability) => {\n const permissionCache = new Map<string, PermissionFieldsResult>();\n\n const getPermissionFields = (actionOverride: string, subject: any): PermissionFieldsResult => {\n const subjectType = detectSubjectType(subject);\n const rules = ability.rulesFor(actionOverride, subjectType);\n\n // Check if any rule has conditions that depend on entity data\n // If so, we can't cache - must compute per entity\n const hasEntityConditions = rules.some(\n (rule: any) => rule.conditions && !isEmpty(rule.conditions)\n );\n\n // Return cached result if available and safe to use\n const cacheKey = `${actionOverride}::${String(subjectType)}`;\n if (!hasEntityConditions && permissionCache.has(cacheKey)) {\n return permissionCache.get(cacheKey)!;\n }\n\n let result: PermissionFieldsResult;\n\n const allFieldsAllowed = rules.some((r) => isNil(r.fields));\n if (allFieldsAllowed) {\n result = {\n permittedFields: [],\n hasAtLeastOneRegistered: rules.some((r) => !isNil(r.fields)),\n shouldIncludeAll: true,\n };\n } else {\n // Compute permission fields (expensive CASL operation)\n const permittedFields = permittedFieldsOf(ability, actionOverride, subject, {\n fieldsFrom: (rule) => rule.fields || [],\n });\n\n const hasAtLeastOneRegistered = some(\n (fields) => !isNil(fields),\n flatMap(prop('fields'), rules)\n );\n\n result = {\n permittedFields,\n hasAtLeastOneRegistered,\n shouldIncludeAll: isEmpty(permittedFields) && !hasAtLeastOneRegistered,\n };\n }\n\n // Cache for reuse if no entity-specific conditions\n if (!hasEntityConditions) {\n permissionCache.set(cacheKey, result);\n }\n\n return result;\n };\n\n return {\n getPermissionFields,\n clearCache: () => permissionCache.clear(),\n };\n};\n"],"names":["createPermissionFieldsCache","ability","permissionCache","Map","getPermissionFields","actionOverride","subject","subjectType","detectSubjectType","rules","rulesFor","hasEntityConditions","some","rule","conditions","isEmpty","cacheKey","String","has","get","result","allFieldsAllowed","r","isNil","fields","permittedFields","hasAtLeastOneRegistered","shouldIncludeAll","permittedFieldsOf","fieldsFrom","flatMap","prop","set","clearCache","clear"],"mappings":";;;;;;AAYA;;;;;;;;;IAUO,MAAMA,2BAAAA,GAA8B,CAACC,SAAAA,GAAAA;AAC1C,IAAA,MAAMC,kBAAkB,IAAIC,GAAAA,EAAAA;IAE5B,MAAMC,mBAAAA,GAAsB,CAACC,cAAAA,EAAwBC,OAAAA,GAAAA;AACnD,QAAA,MAAMC,cAAcC,yBAAAA,CAAkBF,OAAAA,CAAAA;AACtC,QAAA,MAAMG,KAAAA,GAAQR,SAAAA,CAAQS,QAAQ,CAACL,cAAAA,EAAgBE,WAAAA,CAAAA;;;AAI/C,QAAA,MAAMI,mBAAAA,GAAsBF,KAAAA,CAAMG,IAAI,CACpC,CAACC,IAAAA,GAAcA,IAAAA,CAAKC,UAAU,IAAI,CAACC,UAAAA,CAAQF,IAAAA,CAAKC,UAAU,CAAA,CAAA;;AAI5D,QAAA,MAAME,WAAW,CAAA,EAAGX,cAAAA,CAAe,EAAE,EAAEY,OAAOV,WAAAA,CAAAA,CAAAA,CAAc;AAC5D,QAAA,IAAI,CAACI,mBAAAA,IAAuBT,eAAAA,CAAgBgB,GAAG,CAACF,QAAAA,CAAAA,EAAW;YACzD,OAAOd,eAAAA,CAAgBiB,GAAG,CAACH,QAAAA,CAAAA;AAC7B,QAAA;QAEA,IAAII,MAAAA;QAEJ,MAAMC,gBAAAA,GAAmBZ,MAAMG,IAAI,CAAC,CAACU,CAAAA,GAAMC,QAAAA,CAAMD,EAAEE,MAAM,CAAA,CAAA;AACzD,QAAA,IAAIH,gBAAAA,EAAkB;YACpBD,MAAAA,GAAS;AACPK,gBAAAA,eAAAA,EAAiB,EAAE;gBACnBC,uBAAAA,EAAyBjB,KAAAA,CAAMG,IAAI,CAAC,CAACU,IAAM,CAACC,QAAAA,CAAMD,EAAEE,MAAM,CAAA,CAAA;gBAC1DG,gBAAAA,EAAkB;AACpB,aAAA;QACF,CAAA,MAAO;;AAEL,YAAA,MAAMF,eAAAA,GAAkBG,uBAAAA,CAAkB3B,SAAAA,EAASI,cAAAA,EAAgBC,OAAAA,EAAS;AAC1EuB,gBAAAA,UAAAA,EAAY,CAAChB,IAAAA,GAASA,IAAAA,CAAKW,MAAM,IAAI;AACvC,aAAA,CAAA;YAEA,MAAME,uBAAAA,GAA0Bd,QAC9B,CAACY,MAAAA,GAAW,CAACD,QAAAA,CAAMC,MAAAA,CAAAA,EACnBM,UAAAA,CAAQC,OAAAA,CAAK,QAAA,CAAA,EAAWtB,KAAAA,CAAAA,CAAAA;YAG1BW,MAAAA,GAAS;AACPK,gBAAAA,eAAAA;AACAC,gBAAAA,uBAAAA;gBACAC,gBAAAA,EAAkBZ,UAAAA,CAAQU,oBAAoB,CAACC;AACjD,aAAA;AACF,QAAA;;AAGA,QAAA,IAAI,CAACf,mBAAAA,EAAqB;YACxBT,eAAAA,CAAgB8B,GAAG,CAAChB,QAAAA,EAAUI,MAAAA,CAAAA;AAChC,QAAA;QAEA,OAAOA,MAAAA;AACT,IAAA,CAAA;IAEA,OAAO;AACLhB,QAAAA,mBAAAA;QACA6B,UAAAA,EAAY,IAAM/B,gBAAgBgC,KAAK;AACzC,KAAA;AACF;;;;"}