@strapi/admin 5.48.0 → 5.48.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. package/dist/admin/admin/src/StrapiApp.js +8 -5
  2. package/dist/admin/admin/src/StrapiApp.js.map +1 -1
  3. package/dist/admin/admin/src/StrapiApp.mjs +9 -6
  4. package/dist/admin/admin/src/StrapiApp.mjs.map +1 -1
  5. package/dist/admin/admin/src/components/LeftMenu.js +1 -1
  6. package/dist/admin/admin/src/components/LeftMenu.js.map +1 -1
  7. package/dist/admin/admin/src/components/LeftMenu.mjs +1 -1
  8. package/dist/admin/admin/src/components/LeftMenu.mjs.map +1 -1
  9. package/dist/admin/admin/src/components/UpsellBanner.js +1 -1
  10. package/dist/admin/admin/src/components/UpsellBanner.js.map +1 -1
  11. package/dist/admin/admin/src/components/UpsellBanner.mjs +1 -1
  12. package/dist/admin/admin/src/components/UpsellBanner.mjs.map +1 -1
  13. package/dist/admin/admin/src/hooks/useMenu.js +40 -5
  14. package/dist/admin/admin/src/hooks/useMenu.js.map +1 -1
  15. package/dist/admin/admin/src/hooks/useMenu.mjs +40 -6
  16. package/dist/admin/admin/src/hooks/useMenu.mjs.map +1 -1
  17. package/dist/admin/admin/src/hooks/useSettingsMenu.js +61 -1
  18. package/dist/admin/admin/src/hooks/useSettingsMenu.js.map +1 -1
  19. package/dist/admin/admin/src/hooks/useSettingsMenu.mjs +61 -2
  20. package/dist/admin/admin/src/hooks/useSettingsMenu.mjs.map +1 -1
  21. package/dist/admin/admin/src/pages/Home/HomePage.js +6 -2
  22. package/dist/admin/admin/src/pages/Home/HomePage.js.map +1 -1
  23. package/dist/admin/admin/src/pages/Home/HomePage.mjs +6 -2
  24. package/dist/admin/admin/src/pages/Home/HomePage.mjs.map +1 -1
  25. package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.js +1 -1
  26. package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.js.map +1 -1
  27. package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.mjs +1 -1
  28. package/dist/admin/admin/src/pages/Home/components/FreeTrialEndedModal.mjs.map +1 -1
  29. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js +2 -0
  30. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.js.map +1 -1
  31. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.mjs +2 -0
  32. package/dist/admin/admin/src/pages/Settings/pages/ApplicationInfo/ApplicationInfoPage.mjs.map +1 -1
  33. package/dist/admin/admin/src/translations/ar.json.js +1 -1
  34. package/dist/admin/admin/src/translations/ar.json.mjs +1 -1
  35. package/dist/admin/admin/src/translations/cs.json.js +1 -1
  36. package/dist/admin/admin/src/translations/cs.json.mjs +1 -1
  37. package/dist/admin/admin/src/translations/de.json.js +1 -1
  38. package/dist/admin/admin/src/translations/de.json.mjs +1 -1
  39. package/dist/admin/admin/src/translations/en.json.js +1 -1
  40. package/dist/admin/admin/src/translations/en.json.mjs +1 -1
  41. package/dist/admin/admin/src/translations/es.json.js +1 -1
  42. package/dist/admin/admin/src/translations/es.json.mjs +1 -1
  43. package/dist/admin/admin/src/translations/fi.json.js +1 -1
  44. package/dist/admin/admin/src/translations/fi.json.mjs +1 -1
  45. package/dist/admin/admin/src/translations/fr.json.js +1 -1
  46. package/dist/admin/admin/src/translations/fr.json.mjs +1 -1
  47. package/dist/admin/admin/src/translations/it.json.js +1 -1
  48. package/dist/admin/admin/src/translations/it.json.mjs +1 -1
  49. package/dist/admin/admin/src/translations/ko.json.js +1 -1
  50. package/dist/admin/admin/src/translations/ko.json.mjs +1 -1
  51. package/dist/admin/admin/src/translations/nl.json.js +1 -1
  52. package/dist/admin/admin/src/translations/nl.json.mjs +1 -1
  53. package/dist/admin/admin/src/translations/pl.json.js +1 -1
  54. package/dist/admin/admin/src/translations/pl.json.mjs +1 -1
  55. package/dist/admin/admin/src/translations/ru.json.js +1 -1
  56. package/dist/admin/admin/src/translations/ru.json.mjs +1 -1
  57. package/dist/admin/admin/src/translations/tr.json.js +1 -1
  58. package/dist/admin/admin/src/translations/tr.json.mjs +1 -1
  59. package/dist/admin/admin/src/translations/uk.json.js +1 -1
  60. package/dist/admin/admin/src/translations/uk.json.mjs +1 -1
  61. package/dist/admin/admin/src/translations/vi.json.js +1 -1
  62. package/dist/admin/admin/src/translations/vi.json.mjs +1 -1
  63. package/dist/admin/admin/src/translations/zh-Hans.json.js +1 -1
  64. package/dist/admin/admin/src/translations/zh-Hans.json.mjs +1 -1
  65. package/dist/admin/admin/src/utils/widgetVisibility.js +25 -0
  66. package/dist/admin/admin/src/utils/widgetVisibility.js.map +1 -0
  67. package/dist/admin/admin/src/utils/widgetVisibility.mjs +22 -0
  68. package/dist/admin/admin/src/utils/widgetVisibility.mjs.map +1 -0
  69. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/ApplicationInfoPage/components/AdminSeatInfo.js +6 -4
  70. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/ApplicationInfoPage/components/AdminSeatInfo.js.map +1 -1
  71. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/ApplicationInfoPage/components/AdminSeatInfo.mjs +6 -4
  72. package/dist/admin/ee/admin/src/pages/SettingsPage/pages/ApplicationInfoPage/components/AdminSeatInfo.mjs.map +1 -1
  73. package/dist/admin/src/hooks/useMenu.d.ts +2 -1
  74. package/dist/admin/src/hooks/useSettingsMenu.d.ts +2 -1
  75. package/dist/admin/src/utils/widgetVisibility.d.ts +18 -0
  76. package/dist/ee/server/src/controllers/user.d.ts.map +1 -1
  77. package/dist/server/ee/server/src/controllers/user.js +7 -6
  78. package/dist/server/ee/server/src/controllers/user.js.map +1 -1
  79. package/dist/server/ee/server/src/controllers/user.mjs +7 -6
  80. package/dist/server/ee/server/src/controllers/user.mjs.map +1 -1
  81. package/dist/server/server/src/controllers/authenticated-user.js +25 -4
  82. package/dist/server/server/src/controllers/authenticated-user.js.map +1 -1
  83. package/dist/server/server/src/controllers/authenticated-user.mjs +25 -4
  84. package/dist/server/server/src/controllers/authenticated-user.mjs.map +1 -1
  85. package/dist/server/server/src/controllers/authentication.js +1 -16
  86. package/dist/server/server/src/controllers/authentication.js.map +1 -1
  87. package/dist/server/server/src/controllers/authentication.mjs +1 -16
  88. package/dist/server/server/src/controllers/authentication.mjs.map +1 -1
  89. package/dist/server/server/src/controllers/user.js +6 -5
  90. package/dist/server/server/src/controllers/user.js.map +1 -1
  91. package/dist/server/server/src/controllers/user.mjs +6 -5
  92. package/dist/server/server/src/controllers/user.mjs.map +1 -1
  93. package/dist/server/server/src/routes/authentication.js +4 -1
  94. package/dist/server/server/src/routes/authentication.js.map +1 -1
  95. package/dist/server/server/src/routes/authentication.mjs +4 -1
  96. package/dist/server/server/src/routes/authentication.mjs.map +1 -1
  97. package/dist/server/server/src/services/permission/permissions-manager/permission-fields.js +20 -11
  98. package/dist/server/server/src/services/permission/permissions-manager/permission-fields.js.map +1 -1
  99. package/dist/server/server/src/services/permission/permissions-manager/permission-fields.mjs +21 -12
  100. package/dist/server/server/src/services/permission/permissions-manager/permission-fields.mjs.map +1 -1
  101. package/dist/server/server/src/services/user.js +40 -3
  102. package/dist/server/server/src/services/user.js.map +1 -1
  103. package/dist/server/server/src/services/user.mjs +40 -3
  104. package/dist/server/server/src/services/user.mjs.map +1 -1
  105. package/dist/server/server/src/utils/normalize-email.js +24 -0
  106. package/dist/server/server/src/utils/normalize-email.js.map +1 -0
  107. package/dist/server/server/src/utils/normalize-email.mjs +22 -0
  108. package/dist/server/server/src/utils/normalize-email.mjs.map +1 -0
  109. package/dist/server/src/controllers/authenticated-user.d.ts.map +1 -1
  110. package/dist/server/src/controllers/authentication.d.ts.map +1 -1
  111. package/dist/server/src/controllers/user.d.ts.map +1 -1
  112. package/dist/server/src/index.d.ts +1 -0
  113. package/dist/server/src/index.d.ts.map +1 -1
  114. package/dist/server/src/routes/authentication.d.ts.map +1 -1
  115. package/dist/server/src/services/index.d.ts +1 -0
  116. package/dist/server/src/services/index.d.ts.map +1 -1
  117. package/dist/server/src/services/permission/permissions-manager/permission-fields.d.ts.map +1 -1
  118. package/dist/server/src/services/user.d.ts +1 -0
  119. package/dist/server/src/services/user.d.ts.map +1 -1
  120. package/dist/server/src/utils/normalize-email.d.ts +12 -0
  121. package/dist/server/src/utils/normalize-email.d.ts.map +1 -0
  122. package/package.json +11 -13
package/dist/server/server/src/controllers/authenticated-user.js CHANGED
@@ -1,6 +1,7 @@
1
1
  'use strict';
2
2
 
3
3
  var index = require('../utils/index.js');
4
+ var normalizeEmail = require('../utils/normalize-email.js');
4
5
  var user = require('../validation/user.js');
5
6
  var sessionAuth = require('../../../shared/utils/session-auth.js');
6
7
 
@@ -12,11 +13,12 @@ var authenticatedUser = {
12
13
  };
13
14
  },
14
15
  async updateMe (ctx) {
15
- const input = ctx.request.body;
16
- await user.validateProfileUpdateInput(input);
16
+ const data = normalizeEmail.normalizeEmail(ctx.request.body);
17
+ await user.validateProfileUpdateInput(data);
17
18
  const userService = index.getService('user');
18
19
  const authServer = index.getService('auth');
19
- const { currentPassword, ...userInfo } = input;
20
+ const { currentPassword, ...userInfo } = data;
21
+ const isChangingPassword = Boolean(currentPassword && userInfo.password);
20
22
  if (currentPassword && userInfo.password) {
21
23
  const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);
22
24
  if (!isValid) {
@@ -26,7 +28,26 @@ var authenticatedUser = {
26
28
  ]
27
29
  });
28
30
  }
29
- // Invalidate all sessions when password changes for security
31
+ }
32
+ if (userInfo.email !== undefined) {
33
+ const emailAlreadyTaken = await userService.exists({
34
+ id: {
35
+ $ne: ctx.state.user.id
36
+ },
37
+ email: userInfo.email
38
+ });
39
+ if (emailAlreadyTaken === true) {
40
+ return ctx.badRequest('ValidationError', {
41
+ email: [
42
+ 'Email already taken'
43
+ ]
44
+ });
45
+ }
46
+ }
47
+ // Invalidate all sessions when password changes for security. This must run only once the
48
+ // update is going to be persisted, so a rejected request (e.g. duplicate email) does not log
49
+ // the user out without applying any change.
50
+ if (isChangingPassword) {
30
51
  const sessionManager = sessionAuth.getSessionManager();
31
52
  if (sessionManager && sessionManager.hasOrigin('admin')) {
32
53
  await sessionManager('admin').invalidateRefreshToken(String(ctx.state.user.id));
package/dist/server/server/src/controllers/authenticated-user.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authenticated-user.js","sources":["../../../../../server/src/controllers/authenticated-user.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nimport { getService } from '../utils';\nimport { validateProfileUpdateInput } from '../validation/user';\nimport { GetMe, GetOwnPermissions, UpdateMe } from '../../../shared/contracts/users';\nimport { getSessionManager } from '../../../shared/utils/session-auth';\n\nexport default {\n async getMe(ctx: Context) {\n const userInfo = getService('user').sanitizeUser(ctx.state.user as AdminUser);\n\n ctx.body = {\n data: userInfo,\n } satisfies GetMe.Response;\n },\n\n async updateMe(ctx: Context) {\n const input = ctx.request.body as UpdateMe.Request['body'];\n\n await validateProfileUpdateInput(input);\n\n const userService = getService('user');\n const authServer = getService('auth');\n\n const { currentPassword, ...userInfo } = input;\n\n if (currentPassword && userInfo.password) {\n const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);\n\n if (!isValid) {\n return ctx.badRequest('ValidationError', {\n currentPassword: ['Invalid credentials'],\n });\n }\n\n // Invalidate all sessions when password changes for security\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(ctx.state.user.id));\n }\n }\n\n const updatedUser = await userService.updateById(ctx.state.user.id, userInfo);\n\n ctx.body = {\n data: userService.sanitizeUser(updatedUser),\n } satisfies UpdateMe.Response;\n },\n\n async getOwnPermissions(ctx: Context) {\n const { findUserPermissions, sanitizePermission } = getService('permission');\n const { user } = ctx.state;\n\n const userPermissions = await findUserPermissions(user as AdminUser);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: userPermissions.map(sanitizePermission),\n } satisfies GetOwnPermissions.Response;\n },\n};\n"],"names":["getMe","ctx","userInfo","getService","sanitizeUser","state","user","body","data","updateMe","input","request","validateProfileUpdateInput","userService","authServer","currentPassword","password","isValid","validatePassword","badRequest","sessionManager","getSessionManager","hasOrigin","invalidateRefreshToken","String","id","updatedUser","updateById","getOwnPermissions","findUserPermissions","sanitizePermission","userPermissions","map"],"mappings":";;;;;;AAQA,wBAAe;AACb,IAAA,MAAMA,OAAMC,GAAY,EAAA;QACtB,MAAMC,QAAAA,GAAWC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACH,GAAAA,CAAII,KAAK,CAACC,IAAI,CAAA;AAE/DL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAAA,EAAMN;AACR,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMO,UAASR,GAAY,EAAA;AACzB,QAAA,MAAMS,KAAAA,GAAQT,GAAAA,CAAIU,OAAO,CAACJ,IAAI;AAE9B,QAAA,MAAMK,+BAAAA,CAA2BF,KAAAA,CAAAA;AAEjC,QAAA,MAAMG,cAAcV,gBAAAA,CAAW,MAAA,CAAA;AAC/B,QAAA,MAAMW,aAAaX,gBAAAA,CAAW,MAAA,CAAA;AAE9B,QAAA,MAAM,EAAEY,eAAe,EAAE,GAAGb,UAAU,GAAGQ,KAAAA;QAEzC,IAAIK,eAAAA,IAAmBb,QAAAA,CAASc,QAAQ,EAAE;YACxC,MAAMC,OAAAA,GAAU,MAAMH,UAAAA,CAAWI,gBAAgB,CAACH,eAAAA,EAAiBd,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACU,QAAQ,CAAA;AAE1F,YAAA,IAAI,CAACC,OAAAA,EAAS;gBACZ,OAAOhB,GAAAA,CAAIkB,UAAU,CAAC,iBAAA,EAAmB;oBACvCJ,eAAAA,EAAiB;AAAC,wBAAA;AAAsB;AAC1C,iBAAA,CAAA;AACF,YAAA;;AAGA,YAAA,MAAMK,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,IAAkBA,cAAAA,CAAeE,SAAS,CAAC,OAAA,CAAA,EAAU;gBACvD,MAAMF,cAAAA,CAAe,OAAA,CAAA,CAASG,sBAAsB,CAACC,MAAAA,CAAOvB,IAAII,KAAK,CAACC,IAAI,CAACmB,EAAE,CAAA,CAAA;AAC/E,YAAA;AACF,QAAA;QAEA,MAAMC,WAAAA,GAAc,MAAMb,WAAAA,CAAYc,UAAU,CAAC1B,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACmB,EAAE,EAAEvB,QAAAA,CAAAA;AAEpED,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAAA,EAAMK,WAAAA,CAAYT,YAAY,CAACsB,WAAAA;AACjC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,mBAAkB3B,GAAY,EAAA;AAClC,QAAA,MAAM,EAAE4B,mBAAmB,EAAEC,kBAAkB,EAAE,GAAG3B,gBAAAA,CAAW,YAAA,CAAA;AAC/D,QAAA,MAAM,EAAEG,IAAI,EAAE,GAAGL,IAAII,KAAK;QAE1B,MAAM0B,eAAAA,GAAkB,MAAMF,mBAAAA,CAAoBvB,IAAAA,CAAAA;AAElDL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;;YAETC,IAAAA,EAAMuB,eAAAA,CAAgBC,GAAG,CAACF,kBAAAA;AAC5B,SAAA;AACF,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"authenticated-user.js","sources":["../../../../../server/src/controllers/authenticated-user.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nimport { getService } from '../utils';\nimport { normalizeEmail } from '../utils/normalize-email';\nimport { validateProfileUpdateInput } from '../validation/user';\nimport { GetMe, GetOwnPermissions, UpdateMe } from '../../../shared/contracts/users';\nimport { getSessionManager } from '../../../shared/utils/session-auth';\n\nexport default {\n async getMe(ctx: Context) {\n const userInfo = getService('user').sanitizeUser(ctx.state.user as AdminUser);\n\n ctx.body = {\n data: userInfo,\n } satisfies GetMe.Response;\n },\n\n async updateMe(ctx: Context) {\n const data = normalizeEmail(ctx.request.body as UpdateMe.Request['body']);\n\n await validateProfileUpdateInput(data);\n\n const userService = getService('user');\n const authServer = getService('auth');\n\n const { currentPassword, ...userInfo } = data;\n\n const isChangingPassword = Boolean(currentPassword && userInfo.password);\n\n if (currentPassword && userInfo.password) {\n const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);\n\n if (!isValid) {\n return ctx.badRequest('ValidationError', {\n currentPassword: ['Invalid credentials'],\n });\n }\n }\n\n if (userInfo.email !== undefined) {\n const emailAlreadyTaken = await userService.exists({\n id: { $ne: ctx.state.user.id },\n email: userInfo.email,\n });\n\n if (emailAlreadyTaken === true) {\n return ctx.badRequest('ValidationError', {\n email: ['Email already taken'],\n });\n }\n }\n\n // Invalidate all sessions when password changes for security. This must run only once the\n // update is going to be persisted, so a rejected request (e.g. duplicate email) does not log\n // the user out without applying any change.\n if (isChangingPassword) {\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(ctx.state.user.id));\n }\n }\n\n const updatedUser = await userService.updateById(ctx.state.user.id, userInfo);\n\n ctx.body = {\n data: userService.sanitizeUser(updatedUser),\n } satisfies UpdateMe.Response;\n },\n\n async getOwnPermissions(ctx: Context) {\n const { findUserPermissions, sanitizePermission } = getService('permission');\n const { user } = ctx.state;\n\n const userPermissions = await findUserPermissions(user as AdminUser);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: userPermissions.map(sanitizePermission),\n } satisfies GetOwnPermissions.Response;\n },\n};\n"],"names":["getMe","ctx","userInfo","getService","sanitizeUser","state","user","body","data","updateMe","normalizeEmail","request","validateProfileUpdateInput","userService","authServer","currentPassword","isChangingPassword","Boolean","password","isValid","validatePassword","badRequest","email","undefined","emailAlreadyTaken","exists","id","$ne","sessionManager","getSessionManager","hasOrigin","invalidateRefreshToken","String","updatedUser","updateById","getOwnPermissions","findUserPermissions","sanitizePermission","userPermissions","map"],"mappings":";;;;;;;AASA,wBAAe;AACb,IAAA,MAAMA,OAAMC,GAAY,EAAA;QACtB,MAAMC,QAAAA,GAAWC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACH,GAAAA,CAAII,KAAK,CAACC,IAAI,CAAA;AAE/DL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAAA,EAAMN;AACR,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMO,UAASR,GAAY,EAAA;AACzB,QAAA,MAAMO,IAAAA,GAAOE,6BAAAA,CAAeT,GAAAA,CAAIU,OAAO,CAACJ,IAAI,CAAA;AAE5C,QAAA,MAAMK,+BAAAA,CAA2BJ,IAAAA,CAAAA;AAEjC,QAAA,MAAMK,cAAcV,gBAAAA,CAAW,MAAA,CAAA;AAC/B,QAAA,MAAMW,aAAaX,gBAAAA,CAAW,MAAA,CAAA;AAE9B,QAAA,MAAM,EAAEY,eAAe,EAAE,GAAGb,UAAU,GAAGM,IAAAA;AAEzC,QAAA,MAAMQ,kBAAAA,GAAqBC,OAAAA,CAAQF,eAAAA,IAAmBb,QAAAA,CAASgB,QAAQ,CAAA;QAEvE,IAAIH,eAAAA,IAAmBb,QAAAA,CAASgB,QAAQ,EAAE;YACxC,MAAMC,OAAAA,GAAU,MAAML,UAAAA,CAAWM,gBAAgB,CAACL,eAAAA,EAAiBd,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACY,QAAQ,CAAA;AAE1F,YAAA,IAAI,CAACC,OAAAA,EAAS;gBACZ,OAAOlB,GAAAA,CAAIoB,UAAU,CAAC,iBAAA,EAAmB;oBACvCN,eAAAA,EAAiB;AAAC,wBAAA;AAAsB;AAC1C,iBAAA,CAAA;AACF,YAAA;AACF,QAAA;QAEA,IAAIb,QAAAA,CAASoB,KAAK,KAAKC,SAAAA,EAAW;AAChC,YAAA,MAAMC,iBAAAA,GAAoB,MAAMX,WAAAA,CAAYY,MAAM,CAAC;gBACjDC,EAAAA,EAAI;AAAEC,oBAAAA,GAAAA,EAAK1B,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACoB;AAAG,iBAAA;AAC7BJ,gBAAAA,KAAAA,EAAOpB,SAASoB;AAClB,aAAA,CAAA;AAEA,YAAA,IAAIE,sBAAsB,IAAA,EAAM;gBAC9B,OAAOvB,GAAAA,CAAIoB,UAAU,CAAC,iBAAA,EAAmB;oBACvCC,KAAAA,EAAO;AAAC,wBAAA;AAAsB;AAChC,iBAAA,CAAA;AACF,YAAA;AACF,QAAA;;;;AAKA,QAAA,IAAIN,kBAAAA,EAAoB;AACtB,YAAA,MAAMY,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,IAAkBA,cAAAA,CAAeE,SAAS,CAAC,OAAA,CAAA,EAAU;gBACvD,MAAMF,cAAAA,CAAe,OAAA,CAAA,CAASG,sBAAsB,CAACC,MAAAA,CAAO/B,IAAII,KAAK,CAACC,IAAI,CAACoB,EAAE,CAAA,CAAA;AAC/E,YAAA;AACF,QAAA;QAEA,MAAMO,WAAAA,GAAc,MAAMpB,WAAAA,CAAYqB,UAAU,CAACjC,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACoB,EAAE,EAAExB,QAAAA,CAAAA;AAEpED,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAAA,EAAMK,WAAAA,CAAYT,YAAY,CAAC6B,WAAAA;AACjC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,mBAAkBlC,GAAY,EAAA;AAClC,QAAA,MAAM,EAAEmC,mBAAmB,EAAEC,kBAAkB,EAAE,GAAGlC,gBAAAA,CAAW,YAAA,CAAA;AAC/D,QAAA,MAAM,EAAEG,IAAI,EAAE,GAAGL,IAAII,KAAK;QAE1B,MAAMiC,eAAAA,GAAkB,MAAMF,mBAAAA,CAAoB9B,IAAAA,CAAAA;AAElDL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;;YAETC,IAAAA,EAAM8B,eAAAA,CAAgBC,GAAG,CAACF,kBAAAA;AAC5B,SAAA;AACF,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/controllers/authenticated-user.mjs CHANGED
@@ -1,4 +1,5 @@
1
1
  import { getService } from '../utils/index.mjs';
2
+ import { normalizeEmail } from '../utils/normalize-email.mjs';
2
3
  import { validateProfileUpdateInput } from '../validation/user.mjs';
3
4
  import { getSessionManager } from '../../../shared/utils/session-auth.mjs';
4
5
 
@@ -10,11 +11,12 @@ var authenticatedUser = {
10
11
  };
11
12
  },
12
13
  async updateMe (ctx) {
13
- const input = ctx.request.body;
14
- await validateProfileUpdateInput(input);
14
+ const data = normalizeEmail(ctx.request.body);
15
+ await validateProfileUpdateInput(data);
15
16
  const userService = getService('user');
16
17
  const authServer = getService('auth');
17
- const { currentPassword, ...userInfo } = input;
18
+ const { currentPassword, ...userInfo } = data;
19
+ const isChangingPassword = Boolean(currentPassword && userInfo.password);
18
20
  if (currentPassword && userInfo.password) {
19
21
  const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);
20
22
  if (!isValid) {
@@ -24,7 +26,26 @@ var authenticatedUser = {
24
26
  ]
25
27
  });
26
28
  }
27
- // Invalidate all sessions when password changes for security
29
+ }
30
+ if (userInfo.email !== undefined) {
31
+ const emailAlreadyTaken = await userService.exists({
32
+ id: {
33
+ $ne: ctx.state.user.id
34
+ },
35
+ email: userInfo.email
36
+ });
37
+ if (emailAlreadyTaken === true) {
38
+ return ctx.badRequest('ValidationError', {
39
+ email: [
40
+ 'Email already taken'
41
+ ]
42
+ });
43
+ }
44
+ }
45
+ // Invalidate all sessions when password changes for security. This must run only once the
46
+ // update is going to be persisted, so a rejected request (e.g. duplicate email) does not log
47
+ // the user out without applying any change.
48
+ if (isChangingPassword) {
28
49
  const sessionManager = getSessionManager();
29
50
  if (sessionManager && sessionManager.hasOrigin('admin')) {
30
51
  await sessionManager('admin').invalidateRefreshToken(String(ctx.state.user.id));
package/dist/server/server/src/controllers/authenticated-user.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authenticated-user.mjs","sources":["../../../../../server/src/controllers/authenticated-user.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nimport { getService } from '../utils';\nimport { validateProfileUpdateInput } from '../validation/user';\nimport { GetMe, GetOwnPermissions, UpdateMe } from '../../../shared/contracts/users';\nimport { getSessionManager } from '../../../shared/utils/session-auth';\n\nexport default {\n async getMe(ctx: Context) {\n const userInfo = getService('user').sanitizeUser(ctx.state.user as AdminUser);\n\n ctx.body = {\n data: userInfo,\n } satisfies GetMe.Response;\n },\n\n async updateMe(ctx: Context) {\n const input = ctx.request.body as UpdateMe.Request['body'];\n\n await validateProfileUpdateInput(input);\n\n const userService = getService('user');\n const authServer = getService('auth');\n\n const { currentPassword, ...userInfo } = input;\n\n if (currentPassword && userInfo.password) {\n const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);\n\n if (!isValid) {\n return ctx.badRequest('ValidationError', {\n currentPassword: ['Invalid credentials'],\n });\n }\n\n // Invalidate all sessions when password changes for security\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(ctx.state.user.id));\n }\n }\n\n const updatedUser = await userService.updateById(ctx.state.user.id, userInfo);\n\n ctx.body = {\n data: userService.sanitizeUser(updatedUser),\n } satisfies UpdateMe.Response;\n },\n\n async getOwnPermissions(ctx: Context) {\n const { findUserPermissions, sanitizePermission } = getService('permission');\n const { user } = ctx.state;\n\n const userPermissions = await findUserPermissions(user as AdminUser);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: userPermissions.map(sanitizePermission),\n } satisfies GetOwnPermissions.Response;\n },\n};\n"],"names":["getMe","ctx","userInfo","getService","sanitizeUser","state","user","body","data","updateMe","input","request","validateProfileUpdateInput","userService","authServer","currentPassword","password","isValid","validatePassword","badRequest","sessionManager","getSessionManager","hasOrigin","invalidateRefreshToken","String","id","updatedUser","updateById","getOwnPermissions","findUserPermissions","sanitizePermission","userPermissions","map"],"mappings":";;;;AAQA,wBAAe;AACb,IAAA,MAAMA,OAAMC,GAAY,EAAA;QACtB,MAAMC,QAAAA,GAAWC,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACH,GAAAA,CAAII,KAAK,CAACC,IAAI,CAAA;AAE/DL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAAA,EAAMN;AACR,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMO,UAASR,GAAY,EAAA;AACzB,QAAA,MAAMS,KAAAA,GAAQT,GAAAA,CAAIU,OAAO,CAACJ,IAAI;AAE9B,QAAA,MAAMK,0BAAAA,CAA2BF,KAAAA,CAAAA;AAEjC,QAAA,MAAMG,cAAcV,UAAAA,CAAW,MAAA,CAAA;AAC/B,QAAA,MAAMW,aAAaX,UAAAA,CAAW,MAAA,CAAA;AAE9B,QAAA,MAAM,EAAEY,eAAe,EAAE,GAAGb,UAAU,GAAGQ,KAAAA;QAEzC,IAAIK,eAAAA,IAAmBb,QAAAA,CAASc,QAAQ,EAAE;YACxC,MAAMC,OAAAA,GAAU,MAAMH,UAAAA,CAAWI,gBAAgB,CAACH,eAAAA,EAAiBd,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACU,QAAQ,CAAA;AAE1F,YAAA,IAAI,CAACC,OAAAA,EAAS;gBACZ,OAAOhB,GAAAA,CAAIkB,UAAU,CAAC,iBAAA,EAAmB;oBACvCJ,eAAAA,EAAiB;AAAC,wBAAA;AAAsB;AAC1C,iBAAA,CAAA;AACF,YAAA;;AAGA,YAAA,MAAMK,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,IAAkBA,cAAAA,CAAeE,SAAS,CAAC,OAAA,CAAA,EAAU;gBACvD,MAAMF,cAAAA,CAAe,OAAA,CAAA,CAASG,sBAAsB,CAACC,MAAAA,CAAOvB,IAAII,KAAK,CAACC,IAAI,CAACmB,EAAE,CAAA,CAAA;AAC/E,YAAA;AACF,QAAA;QAEA,MAAMC,WAAAA,GAAc,MAAMb,WAAAA,CAAYc,UAAU,CAAC1B,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACmB,EAAE,EAAEvB,QAAAA,CAAAA;AAEpED,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAAA,EAAMK,WAAAA,CAAYT,YAAY,CAACsB,WAAAA;AACjC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,mBAAkB3B,GAAY,EAAA;AAClC,QAAA,MAAM,EAAE4B,mBAAmB,EAAEC,kBAAkB,EAAE,GAAG3B,UAAAA,CAAW,YAAA,CAAA;AAC/D,QAAA,MAAM,EAAEG,IAAI,EAAE,GAAGL,IAAII,KAAK;QAE1B,MAAM0B,eAAAA,GAAkB,MAAMF,mBAAAA,CAAoBvB,IAAAA,CAAAA;AAElDL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;;YAETC,IAAAA,EAAMuB,eAAAA,CAAgBC,GAAG,CAACF,kBAAAA;AAC5B,SAAA;AACF,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"authenticated-user.mjs","sources":["../../../../../server/src/controllers/authenticated-user.ts"],"sourcesContent":["import type { Context } from 'koa';\nimport type { AdminUser } from '../../../shared/contracts/shared';\n\nimport { getService } from '../utils';\nimport { normalizeEmail } from '../utils/normalize-email';\nimport { validateProfileUpdateInput } from '../validation/user';\nimport { GetMe, GetOwnPermissions, UpdateMe } from '../../../shared/contracts/users';\nimport { getSessionManager } from '../../../shared/utils/session-auth';\n\nexport default {\n async getMe(ctx: Context) {\n const userInfo = getService('user').sanitizeUser(ctx.state.user as AdminUser);\n\n ctx.body = {\n data: userInfo,\n } satisfies GetMe.Response;\n },\n\n async updateMe(ctx: Context) {\n const data = normalizeEmail(ctx.request.body as UpdateMe.Request['body']);\n\n await validateProfileUpdateInput(data);\n\n const userService = getService('user');\n const authServer = getService('auth');\n\n const { currentPassword, ...userInfo } = data;\n\n const isChangingPassword = Boolean(currentPassword && userInfo.password);\n\n if (currentPassword && userInfo.password) {\n const isValid = await authServer.validatePassword(currentPassword, ctx.state.user.password);\n\n if (!isValid) {\n return ctx.badRequest('ValidationError', {\n currentPassword: ['Invalid credentials'],\n });\n }\n }\n\n if (userInfo.email !== undefined) {\n const emailAlreadyTaken = await userService.exists({\n id: { $ne: ctx.state.user.id },\n email: userInfo.email,\n });\n\n if (emailAlreadyTaken === true) {\n return ctx.badRequest('ValidationError', {\n email: ['Email already taken'],\n });\n }\n }\n\n // Invalidate all sessions when password changes for security. This must run only once the\n // update is going to be persisted, so a rejected request (e.g. duplicate email) does not log\n // the user out without applying any change.\n if (isChangingPassword) {\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('admin')) {\n await sessionManager('admin').invalidateRefreshToken(String(ctx.state.user.id));\n }\n }\n\n const updatedUser = await userService.updateById(ctx.state.user.id, userInfo);\n\n ctx.body = {\n data: userService.sanitizeUser(updatedUser),\n } satisfies UpdateMe.Response;\n },\n\n async getOwnPermissions(ctx: Context) {\n const { findUserPermissions, sanitizePermission } = getService('permission');\n const { user } = ctx.state;\n\n const userPermissions = await findUserPermissions(user as AdminUser);\n\n ctx.body = {\n // @ts-expect-error - transform response type to sanitized permission\n data: userPermissions.map(sanitizePermission),\n } satisfies GetOwnPermissions.Response;\n },\n};\n"],"names":["getMe","ctx","userInfo","getService","sanitizeUser","state","user","body","data","updateMe","normalizeEmail","request","validateProfileUpdateInput","userService","authServer","currentPassword","isChangingPassword","Boolean","password","isValid","validatePassword","badRequest","email","undefined","emailAlreadyTaken","exists","id","$ne","sessionManager","getSessionManager","hasOrigin","invalidateRefreshToken","String","updatedUser","updateById","getOwnPermissions","findUserPermissions","sanitizePermission","userPermissions","map"],"mappings":";;;;;AASA,wBAAe;AACb,IAAA,MAAMA,OAAMC,GAAY,EAAA;QACtB,MAAMC,QAAAA,GAAWC,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACH,GAAAA,CAAII,KAAK,CAACC,IAAI,CAAA;AAE/DL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAAA,EAAMN;AACR,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMO,UAASR,GAAY,EAAA;AACzB,QAAA,MAAMO,IAAAA,GAAOE,cAAAA,CAAeT,GAAAA,CAAIU,OAAO,CAACJ,IAAI,CAAA;AAE5C,QAAA,MAAMK,0BAAAA,CAA2BJ,IAAAA,CAAAA;AAEjC,QAAA,MAAMK,cAAcV,UAAAA,CAAW,MAAA,CAAA;AAC/B,QAAA,MAAMW,aAAaX,UAAAA,CAAW,MAAA,CAAA;AAE9B,QAAA,MAAM,EAAEY,eAAe,EAAE,GAAGb,UAAU,GAAGM,IAAAA;AAEzC,QAAA,MAAMQ,kBAAAA,GAAqBC,OAAAA,CAAQF,eAAAA,IAAmBb,QAAAA,CAASgB,QAAQ,CAAA;QAEvE,IAAIH,eAAAA,IAAmBb,QAAAA,CAASgB,QAAQ,EAAE;YACxC,MAAMC,OAAAA,GAAU,MAAML,UAAAA,CAAWM,gBAAgB,CAACL,eAAAA,EAAiBd,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACY,QAAQ,CAAA;AAE1F,YAAA,IAAI,CAACC,OAAAA,EAAS;gBACZ,OAAOlB,GAAAA,CAAIoB,UAAU,CAAC,iBAAA,EAAmB;oBACvCN,eAAAA,EAAiB;AAAC,wBAAA;AAAsB;AAC1C,iBAAA,CAAA;AACF,YAAA;AACF,QAAA;QAEA,IAAIb,QAAAA,CAASoB,KAAK,KAAKC,SAAAA,EAAW;AAChC,YAAA,MAAMC,iBAAAA,GAAoB,MAAMX,WAAAA,CAAYY,MAAM,CAAC;gBACjDC,EAAAA,EAAI;AAAEC,oBAAAA,GAAAA,EAAK1B,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACoB;AAAG,iBAAA;AAC7BJ,gBAAAA,KAAAA,EAAOpB,SAASoB;AAClB,aAAA,CAAA;AAEA,YAAA,IAAIE,sBAAsB,IAAA,EAAM;gBAC9B,OAAOvB,GAAAA,CAAIoB,UAAU,CAAC,iBAAA,EAAmB;oBACvCC,KAAAA,EAAO;AAAC,wBAAA;AAAsB;AAChC,iBAAA,CAAA;AACF,YAAA;AACF,QAAA;;;;AAKA,QAAA,IAAIN,kBAAAA,EAAoB;AACtB,YAAA,MAAMY,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,IAAkBA,cAAAA,CAAeE,SAAS,CAAC,OAAA,CAAA,EAAU;gBACvD,MAAMF,cAAAA,CAAe,OAAA,CAAA,CAASG,sBAAsB,CAACC,MAAAA,CAAO/B,IAAII,KAAK,CAACC,IAAI,CAACoB,EAAE,CAAA,CAAA;AAC/E,YAAA;AACF,QAAA;QAEA,MAAMO,WAAAA,GAAc,MAAMpB,WAAAA,CAAYqB,UAAU,CAACjC,GAAAA,CAAII,KAAK,CAACC,IAAI,CAACoB,EAAE,EAAExB,QAAAA,CAAAA;AAEpED,QAAAA,GAAAA,CAAIM,IAAI,GAAG;YACTC,IAAAA,EAAMK,WAAAA,CAAYT,YAAY,CAAC6B,WAAAA;AACjC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,mBAAkBlC,GAAY,EAAA;AAClC,QAAA,MAAM,EAAEmC,mBAAmB,EAAEC,kBAAkB,EAAE,GAAGlC,UAAAA,CAAW,YAAA,CAAA;AAC/D,QAAA,MAAM,EAAEG,IAAI,EAAE,GAAGL,IAAII,KAAK;QAE1B,MAAMiC,eAAAA,GAAkB,MAAMF,mBAAAA,CAAoB9B,IAAAA,CAAAA;AAElDL,QAAAA,GAAAA,CAAIM,IAAI,GAAG;;YAETC,IAAAA,EAAM8B,eAAAA,CAAgBC,GAAG,CAACF,kBAAAA;AAC5B,SAAA;AACF,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/controllers/authentication.js CHANGED
@@ -130,22 +130,7 @@ var authentication = {
130
130
  async registerAdmin (ctx) {
131
131
  const input = ctx.request.body;
132
132
  await register.validateAdminRegistrationInput(input);
133
- const hasAdmin = await index.getService('user').exists();
134
- if (hasAdmin) {
135
- throw new ApplicationError('You cannot register a new super admin');
136
- }
137
- const superAdminRole = await index.getService('role').getSuperAdmin();
138
- if (!superAdminRole) {
139
- throw new ApplicationError("Cannot register the first admin because the super admin role doesn't exist.");
140
- }
141
- const user = await index.getService('user').create({
142
- ...input,
143
- registrationToken: null,
144
- isActive: true,
145
- roles: superAdminRole ? [
146
- superAdminRole.id
147
- ] : []
148
- });
133
+ const user = await index.getService('user').createFirstAdmin(input);
149
134
  strapi.telemetry.send('didCreateFirstAdmin');
150
135
  try {
151
136
  const sessionManager = sessionAuth.getSessionManager();
package/dist/server/server/src/controllers/authentication.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,gBAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAAA,GAAW,MAAMpC,gBAAAA,CAAW,MAAA,CAAA,CAAQqC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAAA,EAAU;AACZ,YAAA,MAAM,IAAIjE,gBAAAA,CAAiB,uCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMmE,cAAAA,GAAiB,MAAMtC,gBAAAA,CAAW,MAAA,CAAA,CAAQuC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,YAAA,MAAM,IAAInE,gBAAAA,CACR,6EAAA,CAAA;AAEJ,QAAA;AAEA,QAAA,MAAMc,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQwC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAAA,EAAmB,IAAA;YACnBY,QAAAA,EAAU,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAAA,GAAiB;AAACA,gBAAAA,cAAAA,CAAe/B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAAA,CAAOwD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAM1C,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMyC,gBAAerE,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMkE,cAAAA,CAA4Bd,KAAAA,CAAAA;QAElChC,gBAAAA,CAAW,MAAA,CAAA,CAAQ6C,cAAc,CAACb,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIuE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAcxE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqE,aAAAA,CAA2BjB,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQgD,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAW0C,4BAAAA,EAAAA;;YAGjB,MAAMhD,cAAAA,CAAe,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAACiC,GAAG,CAAC/B,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAMnD,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAMkD,QAAAA,GAAW,MAAMpD,cAAAA,CAAe,OAAA,CAAA,CAASqD,kBAAkB,CAAC3C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAW0C,QAAAA,EAAU;gBACvB,OAAO9E,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMtD,cAAAA,CAAe,SAASqB,mBAAmB,CAAC+B,SAAS3C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW6C,MAAAA,EAAQ;gBACrB,OAAOhF,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAE1C,KAAK,EAAE,GAAG6C,MAAAA;;YAElB,MAAMC,IAAAA,GAAOxC,wCAAAA,CACXqC,QAAAA,CAASvC,IAAI,EACbuC,QAAAA,CAASzC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAAA,EAAqBiC,QAAAA,CAAS3C,KAAK,EAAE8C,IAAAA,CAAAA;AACrDjF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMsD,QAAOlF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM4D,YAAAA,GAAenF,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAOmD,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnEpF,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAA,EAAI;AACvC,YAAA,GAAGwC,mCAAAA,CAAwBrF,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9C4C,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM7D,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"authentication.js","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;;;AAkCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,YAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,MAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,sCAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,gBAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,kCAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,uCAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQoC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD7C,MAAAA,CAAOkD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMpC,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,+BAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,yCACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMmC,gBAAe/D,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM4D,cAAAA,CAA4BR,KAAAA,CAAAA;QAElChC,gBAAAA,CAAW,MAAA,CAAA,CAAQuC,cAAc,CAACP,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIiE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAclE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM+D,aAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQ0C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWoC,4BAAAA,EAAAA;;YAGjB,MAAM1C,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,wCAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,gBAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAAC2B,GAAG,CAACzB,+BAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM7C,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM4C,QAAAA,GAAW,MAAM9C,cAAAA,CAAe,OAAA,CAAA,CAAS+C,kBAAkB,CAACrC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWoC,QAAAA,EAAU;gBACvB,OAAOxE,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMhD,cAAAA,CAAe,SAASqB,mBAAmB,CAACyB,SAASrC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWuC,MAAAA,EAAQ;gBACrB,OAAO1E,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAEpC,KAAK,EAAE,GAAGuC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,wCAAAA,CACX+B,QAAAA,CAASjC,IAAI,EACbiC,QAAAA,CAASnC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,+BAAAA,EAAqB2B,QAAAA,CAASrC,KAAK,EAAEwC,IAAAA,CAAAA;AACrD3E,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMgD,QAAO5E,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,iBAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMsD,YAAAA,GAAe7E,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO6C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnE9E,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,iCAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,mCAAAA,CAAwB/E,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMvD,cAAAA,GAAiBC,6BAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/controllers/authentication.mjs CHANGED
@@ -128,22 +128,7 @@ var authentication = {
128
128
  async registerAdmin (ctx) {
129
129
  const input = ctx.request.body;
130
130
  await validateAdminRegistrationInput(input);
131
- const hasAdmin = await getService('user').exists();
132
- if (hasAdmin) {
133
- throw new ApplicationError('You cannot register a new super admin');
134
- }
135
- const superAdminRole = await getService('role').getSuperAdmin();
136
- if (!superAdminRole) {
137
- throw new ApplicationError("Cannot register the first admin because the super admin role doesn't exist.");
138
- }
139
- const user = await getService('user').create({
140
- ...input,
141
- registrationToken: null,
142
- isActive: true,
143
- roles: superAdminRole ? [
144
- superAdminRole.id
145
- ] : []
146
- });
131
+ const user = await getService('user').createFirstAdmin(input);
147
132
  strapi.telemetry.send('didCreateFirstAdmin');
148
133
  try {
149
134
  const sessionManager = getSessionManager();
package/dist/server/server/src/controllers/authentication.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const hasAdmin = await getService('user').exists();\n\n if (hasAdmin) {\n throw new ApplicationError('You cannot register a new super admin');\n }\n\n const superAdminRole = await getService('role').getSuperAdmin();\n\n if (!superAdminRole) {\n throw new ApplicationError(\n \"Cannot register the first admin because the super admin role doesn't exist.\"\n );\n }\n\n const user = await getService('user').create({\n ...input,\n registrationToken: null,\n isActive: true,\n roles: superAdminRole ? [superAdminRole.id] : [],\n });\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n };\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","hasAdmin","exists","superAdminRole","getSuperAdmin","create","isActive","roles","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;AAiCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,MAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,0BAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,6BAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,UAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,yBAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,8BAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAMI,QAAAA,GAAW,MAAMpC,UAAAA,CAAW,MAAA,CAAA,CAAQqC,MAAM,EAAA;AAEhD,QAAA,IAAID,QAAAA,EAAU;AACZ,YAAA,MAAM,IAAIjE,gBAAAA,CAAiB,uCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMmE,cAAAA,GAAiB,MAAMtC,UAAAA,CAAW,MAAA,CAAA,CAAQuC,aAAa,EAAA;AAE7D,QAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,YAAA,MAAM,IAAInE,gBAAAA,CACR,6EAAA,CAAA;AAEJ,QAAA;AAEA,QAAA,MAAMc,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQwC,MAAM,CAAC;AAC3C,YAAA,GAAGR,KAAK;YACRH,iBAAAA,EAAmB,IAAA;YACnBY,QAAAA,EAAU,IAAA;AACVC,YAAAA,KAAAA,EAAOJ,cAAAA,GAAiB;AAACA,gBAAAA,cAAAA,CAAe/B;AAAG,aAAA,GAAG;AAChD,SAAA,CAAA;QAEApB,MAAAA,CAAOwD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAM1C,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMyC,gBAAerE,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMkE,2BAAAA,CAA4Bd,KAAAA,CAAAA;QAElChC,UAAAA,CAAW,MAAA,CAAA,CAAQ6C,cAAc,CAACb,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIuE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAcxE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqE,0BAAAA,CAA2BjB,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQgD,aAAa,CAAChB,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAW0C,gBAAAA,EAAAA;;YAGjB,MAAMhD,cAAAA,CAAe,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,4BAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAACiC,GAAG,CAAC/B,mBAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAMnD,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAMkD,QAAAA,GAAW,MAAMpD,cAAAA,CAAe,OAAA,CAAA,CAASqD,kBAAkB,CAAC3C,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAW0C,QAAAA,EAAU;gBACvB,OAAO9E,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMtD,cAAAA,CAAe,SAASqB,mBAAmB,CAAC+B,SAAS3C,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAW6C,MAAAA,EAAQ;gBACrB,OAAOhF,GAAAA,CAAI6E,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAE1C,KAAK,EAAE,GAAG6C,MAAAA;;YAElB,MAAMC,IAAAA,GAAOxC,4BAAAA,CACXqC,QAAAA,CAASvC,IAAI,EACbuC,QAAAA,CAASzC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,mBAAAA,EAAqBiC,QAAAA,CAAS3C,KAAK,EAAE8C,IAAAA,CAAAA;AACrDjF,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMsD,QAAOlF,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAM4D,YAAAA,GAAenF,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAOmD,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnEpF,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqB,EAAA,EAAI;AACvC,YAAA,GAAGwC,uBAAAA,CAAwBrF,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9C4C,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAM7D,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAASiD,sBAAsB,CAAC9C,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"authentication.mjs","sources":["../../../../../server/src/controllers/authentication.ts"],"sourcesContent":["import type { Context, Next } from 'koa';\nimport passport from 'koa-passport';\nimport compose from 'koa-compose';\nimport '@strapi/types';\nimport { errors } from '@strapi/utils';\nimport { getService } from '../utils';\nimport {\n REFRESH_COOKIE_NAME,\n buildCookieOptionsWithExpiry,\n getSessionManager,\n extractDeviceParams,\n generateDeviceId,\n getRefreshCookieOptions,\n} from '../../../shared/utils/session-auth';\n\nimport {\n validateRegistrationInput,\n validateAdminRegistrationInput,\n validateRegistrationInfoQuery,\n validateForgotPasswordInput,\n validateResetPasswordInput,\n validateLoginSessionInput,\n} from '../validation/authentication';\n\nimport type {\n ForgotPassword,\n Login,\n Register,\n RegisterAdmin,\n RegistrationInfo,\n ResetPassword,\n} from '../../../shared/contracts/authentication';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError, ValidationError } = errors;\n\nexport default {\n login: compose([\n async (ctx: Context, next: Next) => {\n await validateLoginSessionInput(ctx.request.body ?? {});\n return next();\n },\n (ctx: Context, next: Next) => {\n return passport.authenticate('local', { session: false }, (err, user, info) => {\n if (err) {\n strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' });\n // if this is a recognized error, allow it to bubble up to user\n if (err.details?.code === 'LOGIN_NOT_ALLOWED') {\n throw err;\n }\n\n // for all other errors throw a generic error to prevent leaking info\n return ctx.notImplemented();\n }\n\n if (!user) {\n strapi.eventHub.emit('admin.auth.error', {\n error: new Error(info.message),\n provider: 'local',\n });\n throw new ApplicationError(info.message);\n }\n\n const query = ctx.state as Login.Request['query'];\n query.user = user;\n\n const sanitizedUser = getService('user').sanitizeUser(user);\n strapi.eventHub.emit('admin.auth.success', { user: sanitizedUser, provider: 'local' });\n\n return next();\n })(ctx, next);\n },\n async (ctx: Context) => {\n const { user } = ctx.state as { user: AdminUser };\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, {\n type: rememberMe ? 'refresh' : 'session',\n });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(ctx.state.user),\n },\n } satisfies Login.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session', error);\n return ctx.internalServerError();\n }\n },\n ]),\n\n async registrationInfo(ctx: Context) {\n await validateRegistrationInfoQuery(ctx.request.query);\n\n const { registrationToken } = ctx.request.query as RegistrationInfo.Request['query'];\n\n const registrationInfo = await getService('user').findRegistrationInfo(registrationToken);\n\n if (!registrationInfo) {\n throw new ValidationError('Invalid registrationToken');\n }\n\n ctx.body = { data: registrationInfo } satisfies RegistrationInfo.Response;\n },\n\n async register(ctx: Context) {\n const input = ctx.request.body as Register.Request['body'];\n\n await validateRegistrationInput(input);\n\n const user = await getService('user').register(input);\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies Register.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register', error);\n return ctx.internalServerError();\n }\n },\n\n async registerAdmin(ctx: Context) {\n const input = ctx.request.body as RegisterAdmin.Request['body'];\n\n await validateAdminRegistrationInput(input);\n\n const user = await getService('user').createFirstAdmin(input);\n\n strapi.telemetry.send('didCreateFirstAdmin');\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n const userId = String(user.id);\n const { deviceId, rememberMe } = extractDeviceParams(ctx.request.body);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: rememberMe ? 'refresh' : 'session' });\n\n const cookieOptions = buildCookieOptionsWithExpiry(\n rememberMe ? 'refresh' : 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token: accessToken } = accessResult;\n\n ctx.body = {\n data: {\n token: accessToken,\n accessToken,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies RegisterAdmin.Response;\n } catch (error) {\n strapi.log.error('Failed to create admin refresh session during register-admin', error);\n return ctx.internalServerError();\n }\n },\n\n async forgotPassword(ctx: Context) {\n const input = ctx.request.body as ForgotPassword.Request['body'];\n\n await validateForgotPasswordInput(input);\n\n getService('auth').forgotPassword(input);\n\n ctx.status = 204;\n },\n\n async resetPassword(ctx: Context) {\n const input = ctx.request.body as ResetPassword.Request['body'];\n\n await validateResetPasswordInput(input);\n\n const user = await getService('auth').resetPassword(input);\n\n // Issue a new admin refresh session and access token after password reset.\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n const userId = String(user.id);\n const deviceId = generateDeviceId();\n\n // Invalidate all existing sessions before creating a new one\n await sessionManager('admin').invalidateRefreshToken(userId);\n\n const { token: refreshToken, absoluteExpiresAt } = await sessionManager(\n 'admin'\n ).generateRefreshToken(userId, deviceId, { type: 'session' });\n\n // No rememberMe flow here; expire with session by default (session cookie)\n const cookieOptions = buildCookieOptionsWithExpiry(\n 'session',\n absoluteExpiresAt,\n ctx.request.secure\n );\n ctx.cookies.set(REFRESH_COOKIE_NAME, refreshToken, cookieOptions);\n\n const accessResult = await sessionManager('admin').generateAccessToken(refreshToken);\n if ('error' in accessResult) {\n return ctx.internalServerError();\n }\n\n const { token } = accessResult;\n\n ctx.body = {\n data: {\n token,\n user: getService('user').sanitizeUser(user),\n },\n } satisfies ResetPassword.Response;\n } catch (err) {\n strapi.log.error('Failed to create admin refresh session during reset-password', err as any);\n return ctx.internalServerError();\n }\n },\n\n async accessToken(ctx: Context) {\n const refreshToken = ctx.cookies.get(REFRESH_COOKIE_NAME);\n\n if (!refreshToken) {\n return ctx.unauthorized('Missing refresh token');\n }\n\n try {\n const sessionManager = getSessionManager();\n if (!sessionManager) {\n return ctx.internalServerError();\n }\n\n // Single-use renewal: rotate on access exchange, then create access token\n // from the new refresh token\n const rotation = await sessionManager('admin').rotateRefreshToken(refreshToken);\n if ('error' in rotation) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const result = await sessionManager('admin').generateAccessToken(rotation.token);\n if ('error' in result) {\n return ctx.unauthorized('Invalid refresh token');\n }\n\n const { token } = result;\n // Preserve session-vs-remember mode using rotation.type and rotation.absoluteExpiresAt\n const opts = buildCookieOptionsWithExpiry(\n rotation.type,\n rotation.absoluteExpiresAt,\n ctx.request.secure\n );\n\n ctx.cookies.set(REFRESH_COOKIE_NAME, rotation.token, opts);\n ctx.body = { data: { token } };\n } catch (err) {\n strapi.log.error('Failed to generate access token from refresh token', err as any);\n return ctx.internalServerError();\n }\n },\n\n async logout(ctx: Context) {\n const sanitizedUser = getService('user').sanitizeUser(ctx.state.user);\n strapi.eventHub.emit('admin.logout', { user: sanitizedUser });\n\n const bodyDeviceId = ctx.request.body?.deviceId as string | undefined;\n const deviceId = typeof bodyDeviceId === 'string' ? bodyDeviceId : undefined;\n\n // Clear cookie regardless of token validity\n ctx.cookies.set(REFRESH_COOKIE_NAME, '', {\n ...getRefreshCookieOptions(ctx.request.secure),\n expires: new Date(0),\n });\n\n try {\n const sessionManager = getSessionManager();\n if (sessionManager) {\n const userId = String(ctx.state.user.id);\n await sessionManager('admin').invalidateRefreshToken(userId, deviceId);\n }\n } catch (err) {\n strapi.log.error('Failed to revoke admin sessions during logout', err as any);\n }\n\n ctx.body = { data: {} };\n },\n};\n"],"names":["ApplicationError","ValidationError","errors","login","compose","ctx","next","validateLoginSessionInput","request","body","passport","authenticate","session","err","user","info","strapi","eventHub","emit","error","provider","details","code","notImplemented","Error","message","query","state","sanitizedUser","getService","sanitizeUser","sessionManager","getSessionManager","internalServerError","userId","String","id","deviceId","rememberMe","extractDeviceParams","token","refreshToken","absoluteExpiresAt","generateRefreshToken","type","cookieOptions","buildCookieOptionsWithExpiry","secure","cookies","set","REFRESH_COOKIE_NAME","accessResult","generateAccessToken","accessToken","data","log","registrationInfo","validateRegistrationInfoQuery","registrationToken","findRegistrationInfo","register","input","validateRegistrationInput","registerAdmin","validateAdminRegistrationInput","createFirstAdmin","telemetry","send","forgotPassword","validateForgotPasswordInput","status","resetPassword","validateResetPasswordInput","generateDeviceId","invalidateRefreshToken","get","unauthorized","rotation","rotateRefreshToken","result","opts","logout","bodyDeviceId","undefined","getRefreshCookieOptions","expires","Date"],"mappings":";;;;;;;;;;;AAkCA,MAAM,EAAEA,gBAAgB,EAAEC,eAAe,EAAE,GAAGC,MAAAA;AAE9C,qBAAe;AACbC,IAAAA,KAAAA,EAAOC,OAAAA,CAAQ;AACb,QAAA,OAAOC,GAAAA,EAAcC,IAAAA,GAAAA;AACnB,YAAA,MAAMC,0BAA0BF,GAAAA,CAAIG,OAAO,CAACC,IAAI,IAAI,EAAC,CAAA;YACrD,OAAOH,IAAAA,EAAAA;AACT,QAAA,CAAA;AACA,QAAA,CAACD,GAAAA,EAAcC,IAAAA,GAAAA;YACb,OAAOI,QAAAA,CAASC,YAAY,CAAC,OAAA,EAAS;gBAAEC,OAAAA,EAAS;aAAM,EAAG,CAACC,KAAKC,IAAAA,EAAMC,IAAAA,GAAAA;AACpE,gBAAA,IAAIF,GAAAA,EAAK;AACPG,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBAAEC,KAAAA,EAAON,GAAAA;wBAAKO,QAAAA,EAAU;AAAQ,qBAAA,CAAA;;AAEzE,oBAAA,IAAIP,GAAAA,CAAIQ,OAAO,EAAEC,IAAAA,KAAS,mBAAA,EAAqB;wBAC7C,MAAMT,GAAAA;AACR,oBAAA;;AAGA,oBAAA,OAAOR,IAAIkB,cAAc,EAAA;AAC3B,gBAAA;AAEA,gBAAA,IAAI,CAACT,IAAAA,EAAM;AACTE,oBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,kBAAA,EAAoB;wBACvCC,KAAAA,EAAO,IAAIK,KAAAA,CAAMT,IAAAA,CAAKU,OAAO,CAAA;wBAC7BL,QAAAA,EAAU;AACZ,qBAAA,CAAA;oBACA,MAAM,IAAIpB,gBAAAA,CAAiBe,IAAAA,CAAKU,OAAO,CAAA;AACzC,gBAAA;gBAEA,MAAMC,KAAAA,GAAQrB,IAAIsB,KAAK;AACvBD,gBAAAA,KAAAA,CAAMZ,IAAI,GAAGA,IAAAA;AAEb,gBAAA,MAAMc,aAAAA,GAAgBC,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA,CAAAA;AACtDE,gBAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,oBAAA,EAAsB;oBAAEJ,IAAAA,EAAMc,aAAAA;oBAAeR,QAAAA,EAAU;AAAQ,iBAAA,CAAA;gBAEpF,OAAOd,IAAAA,EAAAA;AACT,YAAA,CAAA,CAAA,CAAGD,GAAAA,EAAKC,IAAAA,CAAAA;AACV,QAAA,CAAA;QACA,OAAOD,GAAAA,GAAAA;AACL,YAAA,MAAM,EAAES,IAAI,EAAE,GAAGT,IAAIsB,KAAK;YAE1B,IAAI;AACF,gBAAA,MAAMI,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,gBAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,oBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;gBACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;gBAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,gBAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AACvCO,oBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AACjC,iBAAA,CAAA;gBAEA,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,gBAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,gBAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,gBAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,oBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,gBAAA;AAEA,gBAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,gBAAAA,GAAAA,CAAII,IAAI,GAAG;oBACT6C,IAAAA,EAAM;wBACJd,KAAAA,EAAOa,WAAAA;AACPA,wBAAAA,WAAAA;AACAvC,wBAAAA,IAAAA,EAAMe,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI;AACtD;AACF,iBAAA;AACF,YAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,gBAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wCAAA,EAA0CA,KAAAA,CAAAA;AAC3D,gBAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AACF,QAAA;AACD,KAAA,CAAA;AAED,IAAA,MAAMuB,kBAAiBnD,GAAY,EAAA;AACjC,QAAA,MAAMoD,6BAAAA,CAA8BpD,GAAAA,CAAIG,OAAO,CAACkB,KAAK,CAAA;AAErD,QAAA,MAAM,EAAEgC,iBAAiB,EAAE,GAAGrD,GAAAA,CAAIG,OAAO,CAACkB,KAAK;AAE/C,QAAA,MAAM8B,gBAAAA,GAAmB,MAAM3B,UAAAA,CAAW,MAAA,CAAA,CAAQ8B,oBAAoB,CAACD,iBAAAA,CAAAA;AAEvE,QAAA,IAAI,CAACF,gBAAAA,EAAkB;AACrB,YAAA,MAAM,IAAIvD,eAAAA,CAAgB,2BAAA,CAAA;AAC5B,QAAA;AAEAI,QAAAA,GAAAA,CAAII,IAAI,GAAG;YAAE6C,IAAAA,EAAME;AAAiB,SAAA;AACtC,IAAA,CAAA;AAEA,IAAA,MAAMI,UAASvD,GAAY,EAAA;AACzB,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMqD,yBAAAA,CAA0BD,KAAAA,CAAAA;AAEhC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ+B,QAAQ,CAACC,KAAAA,CAAAA;QAE/C,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,wDAAA,EAA0DA,KAAAA,CAAAA;AAC3E,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAM8B,eAAc1D,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAMuD,8BAAAA,CAA+BH,KAAAA,CAAAA;AAErC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQoC,gBAAgB,CAACJ,KAAAA,CAAAA;QAEvD7C,MAAAA,CAAOkD,SAAS,CAACC,IAAI,CAAC,qBAAA,CAAA;QAEtB,IAAI;AACF,YAAA,MAAMpC,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YACA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;YAC7B,MAAM,EAAEC,QAAQ,EAAEC,UAAU,EAAE,GAAGC,mBAAAA,CAAoBlC,GAAAA,CAAIG,OAAO,CAACC,IAAI,CAAA;AAErE,YAAA,MAAM,EAAE+B,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;AAAEO,gBAAAA,IAAAA,EAAMN,aAAa,SAAA,GAAY;AAAU,aAAA,CAAA;YAEpF,MAAMO,aAAAA,GAAgBC,6BACpBR,UAAAA,GAAa,SAAA,GAAY,WACzBI,iBAAAA,EACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;AAEA,YAAA,MAAM,EAAEO,KAAAA,EAAOa,WAAW,EAAE,GAAGF,YAAAA;AAE/B9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;oBACJd,KAAAA,EAAOa,WAAAA;AACPA,oBAAAA,WAAAA;oBACAvC,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOK,KAAAA,EAAO;AACdH,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEA,KAAAA,CAAAA;AACjF,YAAA,OAAOd,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMmC,gBAAe/D,GAAY,EAAA;AAC/B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM4D,2BAAAA,CAA4BR,KAAAA,CAAAA;QAElChC,UAAAA,CAAW,MAAA,CAAA,CAAQuC,cAAc,CAACP,KAAAA,CAAAA;AAElCxD,QAAAA,GAAAA,CAAIiE,MAAM,GAAG,GAAA;AACf,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAclE,GAAY,EAAA;AAC9B,QAAA,MAAMwD,KAAAA,GAAQxD,GAAAA,CAAIG,OAAO,CAACC,IAAI;AAE9B,QAAA,MAAM+D,0BAAAA,CAA2BX,KAAAA,CAAAA;AAEjC,QAAA,MAAM/C,IAAAA,GAAO,MAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQ0C,aAAa,CAACV,KAAAA,CAAAA;;QAGpD,IAAI;AACF,YAAA,MAAM9B,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAMC,MAAAA,GAASC,MAAAA,CAAOrB,IAAAA,CAAKsB,EAAE,CAAA;AAC7B,YAAA,MAAMC,QAAAA,GAAWoC,gBAAAA,EAAAA;;YAGjB,MAAM1C,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,CAAAA;AAErD,YAAA,MAAM,EAAEM,KAAAA,EAAOC,YAAY,EAAEC,iBAAiB,EAAE,GAAG,MAAMX,cAAAA,CACvD,OAAA,CAAA,CACAY,oBAAoB,CAACT,QAAQG,QAAAA,EAAU;gBAAEO,IAAAA,EAAM;AAAU,aAAA,CAAA;;AAG3D,YAAA,MAAMC,gBAAgBC,4BAAAA,CACpB,SAAA,EACAJ,mBACArC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAEpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqBT,YAAAA,EAAcI,aAAAA,CAAAA;AAEnD,YAAA,MAAMM,YAAAA,GAAe,MAAMpB,cAAAA,CAAe,OAAA,CAAA,CAASqB,mBAAmB,CAACX,YAAAA,CAAAA;AACvE,YAAA,IAAI,WAAWU,YAAAA,EAAc;AAC3B,gBAAA,OAAO9C,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;YAEA,MAAM,EAAEO,KAAK,EAAE,GAAGW,YAAAA;AAElB9C,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBACT6C,IAAAA,EAAM;AACJd,oBAAAA,KAAAA;oBACA1B,IAAAA,EAAMe,UAAAA,CAAW,MAAA,CAAA,CAAQC,YAAY,CAAChB,IAAAA;AACxC;AACF,aAAA;AACF,QAAA,CAAA,CAAE,OAAOD,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,8DAAA,EAAgEN,GAAAA,CAAAA;AACjF,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMoB,aAAYhD,GAAY,EAAA;AAC5B,QAAA,MAAMoC,YAAAA,GAAepC,GAAAA,CAAI2C,OAAO,CAAC2B,GAAG,CAACzB,mBAAAA,CAAAA;AAErC,QAAA,IAAI,CAACT,YAAAA,EAAc;YACjB,OAAOpC,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,QAAA;QAEA,IAAI;AACF,YAAA,MAAM7C,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAI,CAACD,cAAAA,EAAgB;AACnB,gBAAA,OAAO1B,IAAI4B,mBAAmB,EAAA;AAChC,YAAA;;;AAIA,YAAA,MAAM4C,QAAAA,GAAW,MAAM9C,cAAAA,CAAe,OAAA,CAAA,CAAS+C,kBAAkB,CAACrC,YAAAA,CAAAA;AAClE,YAAA,IAAI,WAAWoC,QAAAA,EAAU;gBACvB,OAAOxE,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;AAEA,YAAA,MAAMG,SAAS,MAAMhD,cAAAA,CAAe,SAASqB,mBAAmB,CAACyB,SAASrC,KAAK,CAAA;AAC/E,YAAA,IAAI,WAAWuC,MAAAA,EAAQ;gBACrB,OAAO1E,GAAAA,CAAIuE,YAAY,CAAC,uBAAA,CAAA;AAC1B,YAAA;YAEA,MAAM,EAAEpC,KAAK,EAAE,GAAGuC,MAAAA;;YAElB,MAAMC,IAAAA,GAAOlC,4BAAAA,CACX+B,QAAAA,CAASjC,IAAI,EACbiC,QAAAA,CAASnC,iBAAiB,EAC1BrC,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAA;AAGpB1C,YAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,mBAAAA,EAAqB2B,QAAAA,CAASrC,KAAK,EAAEwC,IAAAA,CAAAA;AACrD3E,YAAAA,GAAAA,CAAII,IAAI,GAAG;gBAAE6C,IAAAA,EAAM;AAAEd,oBAAAA;AAAM;AAAE,aAAA;AAC/B,QAAA,CAAA,CAAE,OAAO3B,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,oDAAA,EAAsDN,GAAAA,CAAAA;AACvE,YAAA,OAAOR,IAAI4B,mBAAmB,EAAA;AAChC,QAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMgD,QAAO5E,GAAY,EAAA;QACvB,MAAMuB,aAAAA,GAAgBC,WAAW,MAAA,CAAA,CAAQC,YAAY,CAACzB,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAAA;AACpEE,QAAAA,MAAAA,CAAOC,QAAQ,CAACC,IAAI,CAAC,cAAA,EAAgB;YAAEJ,IAAAA,EAAMc;AAAc,SAAA,CAAA;AAE3D,QAAA,MAAMsD,YAAAA,GAAe7E,GAAAA,CAAIG,OAAO,CAACC,IAAI,EAAE4B,QAAAA;AACvC,QAAA,MAAMA,QAAAA,GAAW,OAAO6C,YAAAA,KAAiB,QAAA,GAAWA,YAAAA,GAAeC,SAAAA;;AAGnE9E,QAAAA,GAAAA,CAAI2C,OAAO,CAACC,GAAG,CAACC,qBAAqB,EAAA,EAAI;AACvC,YAAA,GAAGkC,uBAAAA,CAAwB/E,GAAAA,CAAIG,OAAO,CAACuC,MAAM,CAAC;AAC9CsC,YAAAA,OAAAA,EAAS,IAAIC,IAAAA,CAAK,CAAA;AACpB,SAAA,CAAA;QAEA,IAAI;AACF,YAAA,MAAMvD,cAAAA,GAAiBC,iBAAAA,EAAAA;AACvB,YAAA,IAAID,cAAAA,EAAgB;AAClB,gBAAA,MAAMG,SAASC,MAAAA,CAAO9B,GAAAA,CAAIsB,KAAK,CAACb,IAAI,CAACsB,EAAE,CAAA;AACvC,gBAAA,MAAML,cAAAA,CAAe,OAAA,CAAA,CAAS2C,sBAAsB,CAACxC,MAAAA,EAAQG,QAAAA,CAAAA;AAC/D,YAAA;AACF,QAAA,CAAA,CAAE,OAAOxB,GAAAA,EAAK;AACZG,YAAAA,MAAAA,CAAOuC,GAAG,CAACpC,KAAK,CAAC,+CAAA,EAAiDN,GAAAA,CAAAA;AACpE,QAAA;AAEAR,QAAAA,GAAAA,CAAII,IAAI,GAAG;AAAE6C,YAAAA,IAAAA,EAAM;AAAG,SAAA;AACxB,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/controllers/user.js CHANGED
@@ -4,6 +4,7 @@ var _ = require('lodash');
4
4
  var utils = require('@strapi/utils');
5
5
  var user$1 = require('../validation/user.js');
6
6
  var index = require('../utils/index.js');
7
+ var normalizeEmail = require('../utils/normalize-email.js');
7
8
 
8
9
  function _interopNamespaceDefault(e) {
9
10
  var n = Object.create(null);
@@ -87,20 +88,20 @@ var user = {
87
88
  },
88
89
  async update (ctx) {
89
90
  const { id } = ctx.params;
90
- const { body: input } = ctx.request;
91
- await user$1.validateUserUpdateInput(input);
92
- if (___namespace.has(input, 'email')) {
91
+ const data = normalizeEmail.normalizeEmail(ctx.request.body);
92
+ await user$1.validateUserUpdateInput(data);
93
+ if (___namespace.has(data, 'email')) {
93
94
  const uniqueEmailCheck = await index.getService('user').exists({
94
95
  id: {
95
96
  $ne: id
96
97
  },
97
- email: input.email
98
+ email: data.email
98
99
  });
99
100
  if (uniqueEmailCheck) {
100
101
  throw new ApplicationError('A user with this email address already exists');
101
102
  }
102
103
  }
103
- const updatedUser = await index.getService('user').updateById(id, input);
104
+ const updatedUser = await index.getService('user').updateById(id, data);
104
105
  if (!updatedUser) {
105
106
  return ctx.notFound('User does not exist');
106
107
  }
package/dist/server/server/src/controllers/user.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.js","sources":["../../../../../server/src/controllers/user.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport * as _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport {\n validateUserCreationInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n} from '../validation/user';\nimport { getService } from '../utils';\nimport {\n Create,\n DeleteMany,\n DeleteOne,\n FindAll,\n FindOne,\n Update,\n} from '../../../shared/contracts/user';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\nexport default {\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = _.pick(cleanData, [\n 'firstname',\n 'lastname',\n 'email',\n 'roles',\n 'preferedLanguage',\n ]);\n\n const userAlreadyExists = await getService('user').exists({\n email: attributes.email,\n });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n const createdUser = await getService('user').create(attributes);\n\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n // Send 201 created\n ctx.created({ data: userInfo } satisfies Create.Response);\n },\n\n async find(ctx: Context) {\n const userService = getService('user');\n\n const permissionsManager = strapi.service('admin::permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::user',\n });\n\n await permissionsManager.validateQuery(ctx.query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);\n\n // @ts-expect-error update the service type\n const { results, pagination } = await userService.findPage(sanitizedQuery);\n\n ctx.body = {\n data: {\n results: results.map((user: AdminUser) => userService.sanitizeUser(user)),\n pagination,\n },\n } satisfies FindAll.Response;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindOne.Params;\n\n const user = await getService('user').findOne(id);\n\n if (!user) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(user as AdminUser),\n } as FindOne.Response;\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Params;\n const { body: input } = ctx.request as Update.Request;\n\n await validateUserUpdateInput(input);\n\n if (_.has(input, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: input.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const updatedUser = await getService('user').updateById(id, input);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n } satisfies Update.Response;\n },\n\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as DeleteOne.Params;\n const user = ctx.state.user as AdminUser | undefined;\n\n if (user && user.id === id) {\n throw new ApplicationError('You cannot delete your own user');\n }\n\n const deletedUser = await getService('user').deleteById(id);\n\n if (!deletedUser) {\n return ctx.notFound('User not found');\n }\n\n return ctx.deleted({\n data: getService('user').sanitizeUser(deletedUser),\n } satisfies DeleteOne.Response);\n },\n\n /**\n * Delete several users\n * @param ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as DeleteMany.Request;\n const user = ctx.state.user as AdminUser | undefined;\n await validateUsersDeleteInput(body);\n const idsSet = new Set(body.ids);\n\n // Prevent self-deletion\n if (user && idsSet.has(user.id)) {\n throw new ApplicationError('You cannot delete your own user');\n }\n const users = await getService('user').deleteByIds(body.ids);\n\n const sanitizedUsers = users.map(getService('user').sanitizeUser);\n\n return ctx.deleted({\n data: sanitizedUsers,\n } satisfies DeleteMany.Response);\n },\n};\n"],"names":["ApplicationError","errors","create","ctx","body","request","cleanData","email","_","get","toLowerCase","validateUserCreationInput","attributes","pick","userAlreadyExists","getService","exists","createdUser","userInfo","sanitizeUser","Object","assign","registrationToken","created","data","find","userService","permissionsManager","strapi","service","createPermissionsManager","ability","state","userAbility","model","validateQuery","query","sanitizedQuery","sanitizeQuery","results","pagination","findPage","map","user","findOne","id","params","notFound","update","input","validateUserUpdateInput","has","uniqueEmailCheck","$ne","updatedUser","updateById","deleteOne","deletedUser","deleteById","deleted","deleteMany","validateUsersDeleteInput","idsSet","Set","ids","users","deleteByIds","sanitizedUsers"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAoBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B,WAAe;AACb,IAAA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,SAAAA,GAAY;AAAE,YAAA,GAAGF,IAAI;YAAEG,KAAAA,EAAOC,YAAAA,CAAEC,GAAG,CAACL,IAAAA,EAAM,CAAC,KAAK,CAAC,EAAE,CAAA,CAAE,CAAA,CAAEM,WAAW;AAAG,SAAA;AAE3E,QAAA,MAAMC,gCAAAA,CAA0BL,SAAAA,CAAAA;AAEhC,QAAA,MAAMM,UAAAA,GAAaJ,YAAAA,CAAEK,IAAI,CAACP,SAAAA,EAAW;AACnC,YAAA,WAAA;AACA,YAAA,UAAA;AACA,YAAA,OAAA;AACA,YAAA,OAAA;AACA,YAAA;AACD,SAAA,CAAA;AAED,QAAA,MAAMQ,iBAAAA,GAAoB,MAAMC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;AACxDT,YAAAA,KAAAA,EAAOK,WAAWL;AACpB,SAAA,CAAA;AAEA,QAAA,IAAIO,iBAAAA,EAAmB;AACrB,YAAA,MAAM,IAAId,gBAAAA,CAAiB,qBAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMiB,WAAAA,GAAc,MAAMF,gBAAAA,CAAW,MAAA,CAAA,CAAQb,MAAM,CAACU,UAAAA,CAAAA;AAEpD,QAAA,MAAMM,QAAAA,GAAWH,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACF,WAAAA,CAAAA;;;QAIjDG,MAAAA,CAAOC,MAAM,CAACH,QAAAA,EAAU;AAAEI,YAAAA,iBAAAA,EAAmBL,YAAYK;AAAkB,SAAA,CAAA;;AAG3EnB,QAAAA,GAAAA,CAAIoB,OAAO,CAAC;YAAEC,IAAAA,EAAMN;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;AAEA,IAAA,MAAMO,MAAKtB,GAAY,EAAA;AACrB,QAAA,MAAMuB,cAAcX,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMY,qBAAqBC,MAAAA,CAAOC,OAAO,CAAC,mBAAA,CAAA,CAAqBC,wBAAwB,CAAC;YACtFC,OAAAA,EAAS5B,GAAAA,CAAI6B,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;AAEA,QAAA,MAAMP,kBAAAA,CAAmBQ,aAAa,CAAChC,GAAAA,CAAIiC,KAAK,CAAA;AAChD,QAAA,MAAMC,iBAAiB,MAAMV,kBAAAA,CAAmBW,aAAa,CAACnC,IAAIiC,KAAK,CAAA;;QAGvE,MAAM,EAAEG,OAAO,EAAEC,UAAU,EAAE,GAAG,MAAMd,WAAAA,CAAYe,QAAQ,CAACJ,cAAAA,CAAAA;AAE3DlC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAM;AACJe,gBAAAA,OAAAA,EAASA,QAAQG,GAAG,CAAC,CAACC,IAAAA,GAAoBjB,WAAAA,CAAYP,YAAY,CAACwB,IAAAA,CAAAA,CAAAA;AACnEH,gBAAAA;AACF;AACF,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMI,SAAQzC,GAAY,EAAA;AACxB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AAEzB,QAAA,MAAMH,IAAAA,GAAO,MAAM5B,gBAAAA,CAAW,MAAA,CAAA,CAAQ6B,OAAO,CAACC,EAAAA,CAAAA;AAE9C,QAAA,IAAI,CAACF,IAAAA,EAAM;YACT,OAAOxC,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACwB,IAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMK,QAAO7C,GAAY,EAAA;AACvB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAM,EAAE1C,IAAAA,EAAM6C,KAAK,EAAE,GAAG9C,IAAIE,OAAO;AAEnC,QAAA,MAAM6C,8BAAAA,CAAwBD,KAAAA,CAAAA;AAE9B,QAAA,IAAIzC,YAAAA,CAAE2C,GAAG,CAACF,KAAAA,EAAO,OAAA,CAAA,EAAU;AACzB,YAAA,MAAMG,gBAAAA,GAAmB,MAAMrC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;gBACvD6B,EAAAA,EAAI;oBAAEQ,GAAAA,EAAKR;AAAG,iBAAA;AACdtC,gBAAAA,KAAAA,EAAO0C,MAAM1C;AACf,aAAA,CAAA;AAEA,YAAA,IAAI6C,gBAAAA,EAAkB;AACpB,gBAAA,MAAM,IAAIpD,gBAAAA,CAAiB,+CAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,MAAMsD,cAAc,MAAMvC,gBAAAA,CAAW,MAAA,CAAA,CAAQwC,UAAU,CAACV,EAAAA,EAAII,KAAAA,CAAAA;AAE5D,QAAA,IAAI,CAACK,WAAAA,EAAa;YAChB,OAAOnD,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACmC,WAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,WAAUrD,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMH,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAE3B,QAAA,IAAIA,IAAAA,IAAQA,IAAAA,CAAKE,EAAE,KAAKA,EAAAA,EAAI;AAC1B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMyD,WAAAA,GAAc,MAAM1C,gBAAAA,CAAW,MAAA,CAAA,CAAQ2C,UAAU,CAACb,EAAAA,CAAAA;AAExD,QAAA,IAAI,CAACY,WAAAA,EAAa;YAChB,OAAOtD,GAAAA,CAAI4C,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;QAEA,OAAO5C,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACsC,WAAAA;AACxC,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,YAAWzD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMsC,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAC3B,QAAA,MAAMkB,+BAAAA,CAAyBzD,IAAAA,CAAAA;AAC/B,QAAA,MAAM0D,MAAAA,GAAS,IAAIC,GAAAA,CAAI3D,IAAAA,CAAK4D,GAAG,CAAA;;AAG/B,QAAA,IAAIrB,QAAQmB,MAAAA,CAAOX,GAAG,CAACR,IAAAA,CAAKE,EAAE,CAAA,EAAG;AAC/B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AACA,QAAA,MAAMiE,QAAQ,MAAMlD,gBAAAA,CAAW,QAAQmD,WAAW,CAAC9D,KAAK4D,GAAG,CAAA;AAE3D,QAAA,MAAMG,iBAAiBF,KAAAA,CAAMvB,GAAG,CAAC3B,gBAAAA,CAAW,QAAQI,YAAY,CAAA;QAEhE,OAAOhB,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAM2C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
1
+ {"version":3,"file":"user.js","sources":["../../../../../server/src/controllers/user.ts"],"sourcesContent":["import type { Context } from 'koa';\n\nimport * as _ from 'lodash';\nimport { errors } from '@strapi/utils';\nimport {\n validateUserCreationInput,\n validateUserUpdateInput,\n validateUsersDeleteInput,\n} from '../validation/user';\nimport { getService } from '../utils';\nimport { normalizeEmail } from '../utils/normalize-email';\nimport {\n Create,\n DeleteMany,\n DeleteOne,\n FindAll,\n FindOne,\n Update,\n} from '../../../shared/contracts/user';\nimport { AdminUser } from '../../../shared/contracts/shared';\n\nconst { ApplicationError } = errors;\n\nexport default {\n async create(ctx: Context) {\n const { body } = ctx.request as Create.Request;\n const cleanData = { ...body, email: _.get(body, `email`, ``).toLowerCase() };\n\n await validateUserCreationInput(cleanData);\n\n const attributes = _.pick(cleanData, [\n 'firstname',\n 'lastname',\n 'email',\n 'roles',\n 'preferedLanguage',\n ]);\n\n const userAlreadyExists = await getService('user').exists({\n email: attributes.email,\n });\n\n if (userAlreadyExists) {\n throw new ApplicationError('Email already taken');\n }\n\n const createdUser = await getService('user').create(attributes);\n\n const userInfo = getService('user').sanitizeUser(createdUser);\n\n // Note: We need to assign manually the registrationToken to the\n // final user payload so that it's not removed in the sanitation process.\n Object.assign(userInfo, { registrationToken: createdUser.registrationToken });\n\n // Send 201 created\n ctx.created({ data: userInfo } satisfies Create.Response);\n },\n\n async find(ctx: Context) {\n const userService = getService('user');\n\n const permissionsManager = strapi.service('admin::permission').createPermissionsManager({\n ability: ctx.state.userAbility,\n model: 'admin::user',\n });\n\n await permissionsManager.validateQuery(ctx.query);\n const sanitizedQuery = await permissionsManager.sanitizeQuery(ctx.query);\n\n // @ts-expect-error update the service type\n const { results, pagination } = await userService.findPage(sanitizedQuery);\n\n ctx.body = {\n data: {\n results: results.map((user: AdminUser) => userService.sanitizeUser(user)),\n pagination,\n },\n } satisfies FindAll.Response;\n },\n\n async findOne(ctx: Context) {\n const { id } = ctx.params as FindOne.Params;\n\n const user = await getService('user').findOne(id);\n\n if (!user) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(user as AdminUser),\n } as FindOne.Response;\n },\n\n async update(ctx: Context) {\n const { id } = ctx.params as Update.Params;\n const data = normalizeEmail((ctx.request as Update.Request).body);\n\n await validateUserUpdateInput(data);\n\n if (_.has(data, 'email')) {\n const uniqueEmailCheck = await getService('user').exists({\n id: { $ne: id },\n email: data.email,\n });\n\n if (uniqueEmailCheck) {\n throw new ApplicationError('A user with this email address already exists');\n }\n }\n\n const updatedUser = await getService('user').updateById(id, data);\n\n if (!updatedUser) {\n return ctx.notFound('User does not exist');\n }\n\n ctx.body = {\n data: getService('user').sanitizeUser(updatedUser),\n } satisfies Update.Response;\n },\n\n async deleteOne(ctx: Context) {\n const { id } = ctx.params as DeleteOne.Params;\n const user = ctx.state.user as AdminUser | undefined;\n\n if (user && user.id === id) {\n throw new ApplicationError('You cannot delete your own user');\n }\n\n const deletedUser = await getService('user').deleteById(id);\n\n if (!deletedUser) {\n return ctx.notFound('User not found');\n }\n\n return ctx.deleted({\n data: getService('user').sanitizeUser(deletedUser),\n } satisfies DeleteOne.Response);\n },\n\n /**\n * Delete several users\n * @param ctx - koa context\n */\n async deleteMany(ctx: Context) {\n const { body } = ctx.request as DeleteMany.Request;\n const user = ctx.state.user as AdminUser | undefined;\n await validateUsersDeleteInput(body);\n const idsSet = new Set(body.ids);\n\n // Prevent self-deletion\n if (user && idsSet.has(user.id)) {\n throw new ApplicationError('You cannot delete your own user');\n }\n const users = await getService('user').deleteByIds(body.ids);\n\n const sanitizedUsers = users.map(getService('user').sanitizeUser);\n\n return ctx.deleted({\n data: sanitizedUsers,\n } satisfies DeleteMany.Response);\n },\n};\n"],"names":["ApplicationError","errors","create","ctx","body","request","cleanData","email","_","get","toLowerCase","validateUserCreationInput","attributes","pick","userAlreadyExists","getService","exists","createdUser","userInfo","sanitizeUser","Object","assign","registrationToken","created","data","find","userService","permissionsManager","strapi","service","createPermissionsManager","ability","state","userAbility","model","validateQuery","query","sanitizedQuery","sanitizeQuery","results","pagination","findPage","map","user","findOne","id","params","notFound","update","normalizeEmail","validateUserUpdateInput","has","uniqueEmailCheck","$ne","updatedUser","updateById","deleteOne","deletedUser","deleteById","deleted","deleteMany","validateUsersDeleteInput","idsSet","Set","ids","users","deleteByIds","sanitizedUsers"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;AAqBA,MAAM,EAAEA,gBAAgB,EAAE,GAAGC,YAAAA;AAE7B,WAAe;AACb,IAAA,MAAMC,QAAOC,GAAY,EAAA;AACvB,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMC,SAAAA,GAAY;AAAE,YAAA,GAAGF,IAAI;YAAEG,KAAAA,EAAOC,YAAAA,CAAEC,GAAG,CAACL,IAAAA,EAAM,CAAC,KAAK,CAAC,EAAE,CAAA,CAAE,CAAA,CAAEM,WAAW;AAAG,SAAA;AAE3E,QAAA,MAAMC,gCAAAA,CAA0BL,SAAAA,CAAAA;AAEhC,QAAA,MAAMM,UAAAA,GAAaJ,YAAAA,CAAEK,IAAI,CAACP,SAAAA,EAAW;AACnC,YAAA,WAAA;AACA,YAAA,UAAA;AACA,YAAA,OAAA;AACA,YAAA,OAAA;AACA,YAAA;AACD,SAAA,CAAA;AAED,QAAA,MAAMQ,iBAAAA,GAAoB,MAAMC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;AACxDT,YAAAA,KAAAA,EAAOK,WAAWL;AACpB,SAAA,CAAA;AAEA,QAAA,IAAIO,iBAAAA,EAAmB;AACrB,YAAA,MAAM,IAAId,gBAAAA,CAAiB,qBAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMiB,WAAAA,GAAc,MAAMF,gBAAAA,CAAW,MAAA,CAAA,CAAQb,MAAM,CAACU,UAAAA,CAAAA;AAEpD,QAAA,MAAMM,QAAAA,GAAWH,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACF,WAAAA,CAAAA;;;QAIjDG,MAAAA,CAAOC,MAAM,CAACH,QAAAA,EAAU;AAAEI,YAAAA,iBAAAA,EAAmBL,YAAYK;AAAkB,SAAA,CAAA;;AAG3EnB,QAAAA,GAAAA,CAAIoB,OAAO,CAAC;YAAEC,IAAAA,EAAMN;AAAS,SAAA,CAAA;AAC/B,IAAA,CAAA;AAEA,IAAA,MAAMO,MAAKtB,GAAY,EAAA;AACrB,QAAA,MAAMuB,cAAcX,gBAAAA,CAAW,MAAA,CAAA;AAE/B,QAAA,MAAMY,qBAAqBC,MAAAA,CAAOC,OAAO,CAAC,mBAAA,CAAA,CAAqBC,wBAAwB,CAAC;YACtFC,OAAAA,EAAS5B,GAAAA,CAAI6B,KAAK,CAACC,WAAW;YAC9BC,KAAAA,EAAO;AACT,SAAA,CAAA;AAEA,QAAA,MAAMP,kBAAAA,CAAmBQ,aAAa,CAAChC,GAAAA,CAAIiC,KAAK,CAAA;AAChD,QAAA,MAAMC,iBAAiB,MAAMV,kBAAAA,CAAmBW,aAAa,CAACnC,IAAIiC,KAAK,CAAA;;QAGvE,MAAM,EAAEG,OAAO,EAAEC,UAAU,EAAE,GAAG,MAAMd,WAAAA,CAAYe,QAAQ,CAACJ,cAAAA,CAAAA;AAE3DlC,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAM;AACJe,gBAAAA,OAAAA,EAASA,QAAQG,GAAG,CAAC,CAACC,IAAAA,GAAoBjB,WAAAA,CAAYP,YAAY,CAACwB,IAAAA,CAAAA,CAAAA;AACnEH,gBAAAA;AACF;AACF,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMI,SAAQzC,GAAY,EAAA;AACxB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AAEzB,QAAA,MAAMH,IAAAA,GAAO,MAAM5B,gBAAAA,CAAW,MAAA,CAAA,CAAQ6B,OAAO,CAACC,EAAAA,CAAAA;AAE9C,QAAA,IAAI,CAACF,IAAAA,EAAM;YACT,OAAOxC,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACwB,IAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAMK,QAAO7C,GAAY,EAAA;AACvB,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMtB,OAAOyB,6BAAAA,CAAgB9C,GAAAA,CAAIE,OAAO,CAAoBD,IAAI,CAAA;AAEhE,QAAA,MAAM8C,8BAAAA,CAAwB1B,IAAAA,CAAAA;AAE9B,QAAA,IAAIhB,YAAAA,CAAE2C,GAAG,CAAC3B,IAAAA,EAAM,OAAA,CAAA,EAAU;AACxB,YAAA,MAAM4B,gBAAAA,GAAmB,MAAMrC,gBAAAA,CAAW,MAAA,CAAA,CAAQC,MAAM,CAAC;gBACvD6B,EAAAA,EAAI;oBAAEQ,GAAAA,EAAKR;AAAG,iBAAA;AACdtC,gBAAAA,KAAAA,EAAOiB,KAAKjB;AACd,aAAA,CAAA;AAEA,YAAA,IAAI6C,gBAAAA,EAAkB;AACpB,gBAAA,MAAM,IAAIpD,gBAAAA,CAAiB,+CAAA,CAAA;AAC7B,YAAA;AACF,QAAA;AAEA,QAAA,MAAMsD,cAAc,MAAMvC,gBAAAA,CAAW,MAAA,CAAA,CAAQwC,UAAU,CAACV,EAAAA,EAAIrB,IAAAA,CAAAA;AAE5D,QAAA,IAAI,CAAC8B,WAAAA,EAAa;YAChB,OAAOnD,GAAAA,CAAI4C,QAAQ,CAAC,qBAAA,CAAA;AACtB,QAAA;AAEA5C,QAAAA,GAAAA,CAAIC,IAAI,GAAG;YACToB,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACmC,WAAAA;AACxC,SAAA;AACF,IAAA,CAAA;AAEA,IAAA,MAAME,WAAUrD,GAAY,EAAA;AAC1B,QAAA,MAAM,EAAE0C,EAAE,EAAE,GAAG1C,IAAI2C,MAAM;AACzB,QAAA,MAAMH,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAE3B,QAAA,IAAIA,IAAAA,IAAQA,IAAAA,CAAKE,EAAE,KAAKA,EAAAA,EAAI;AAC1B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AAEA,QAAA,MAAMyD,WAAAA,GAAc,MAAM1C,gBAAAA,CAAW,MAAA,CAAA,CAAQ2C,UAAU,CAACb,EAAAA,CAAAA;AAExD,QAAA,IAAI,CAACY,WAAAA,EAAa;YAChB,OAAOtD,GAAAA,CAAI4C,QAAQ,CAAC,gBAAA,CAAA;AACtB,QAAA;QAEA,OAAO5C,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAMT,gBAAAA,CAAW,MAAA,CAAA,CAAQI,YAAY,CAACsC,WAAAA;AACxC,SAAA,CAAA;AACF,IAAA,CAAA;AAEA;;;MAIA,MAAMG,YAAWzD,GAAY,EAAA;AAC3B,QAAA,MAAM,EAAEC,IAAI,EAAE,GAAGD,IAAIE,OAAO;AAC5B,QAAA,MAAMsC,IAAAA,GAAOxC,GAAAA,CAAI6B,KAAK,CAACW,IAAI;AAC3B,QAAA,MAAMkB,+BAAAA,CAAyBzD,IAAAA,CAAAA;AAC/B,QAAA,MAAM0D,MAAAA,GAAS,IAAIC,GAAAA,CAAI3D,IAAAA,CAAK4D,GAAG,CAAA;;AAG/B,QAAA,IAAIrB,QAAQmB,MAAAA,CAAOX,GAAG,CAACR,IAAAA,CAAKE,EAAE,CAAA,EAAG;AAC/B,YAAA,MAAM,IAAI7C,gBAAAA,CAAiB,iCAAA,CAAA;AAC7B,QAAA;AACA,QAAA,MAAMiE,QAAQ,MAAMlD,gBAAAA,CAAW,QAAQmD,WAAW,CAAC9D,KAAK4D,GAAG,CAAA;AAE3D,QAAA,MAAMG,iBAAiBF,KAAAA,CAAMvB,GAAG,CAAC3B,gBAAAA,CAAW,QAAQI,YAAY,CAAA;QAEhE,OAAOhB,GAAAA,CAAIwD,OAAO,CAAC;YACjBnC,IAAAA,EAAM2C;AACR,SAAA,CAAA;AACF,IAAA;AACF,CAAA;;;;"}
package/dist/server/server/src/controllers/user.mjs CHANGED
@@ -2,6 +2,7 @@ import * as _ from 'lodash';
2
2
  import { errors } from '@strapi/utils';
3
3
  import { validateUsersDeleteInput, validateUserUpdateInput, validateUserCreationInput } from '../validation/user.mjs';
4
4
  import { getService } from '../utils/index.mjs';
5
+ import { normalizeEmail } from '../utils/normalize-email.mjs';
5
6
 
6
7
  const { ApplicationError } = errors;
7
8
  var user = {
@@ -66,20 +67,20 @@ var user = {
66
67
  },
67
68
  async update (ctx) {
68
69
  const { id } = ctx.params;
69
- const { body: input } = ctx.request;
70
- await validateUserUpdateInput(input);
71
- if (_.has(input, 'email')) {
70
+ const data = normalizeEmail(ctx.request.body);
71
+ await validateUserUpdateInput(data);
72
+ if (_.has(data, 'email')) {
72
73
  const uniqueEmailCheck = await getService('user').exists({
73
74
  id: {
74
75
  $ne: id
75
76
  },
76
- email: input.email
77
+ email: data.email
77
78
  });
78
79
  if (uniqueEmailCheck) {
79
80
  throw new ApplicationError('A user with this email address already exists');
80
81
  }
81
82
  }
82
- const updatedUser = await getService('user').updateById(id, input);
83
+ const updatedUser = await getService('user').updateById(id, data);
83
84
  if (!updatedUser) {
84
85
  return ctx.notFound('User does not exist');
85
86
  }