@strapi/plugin-users-permissions 0.0.0-4fc90398602f → 0.0.0-8581854cb3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin/src/components/BoundRoute/getMethodColor.js +1 -1
- package/admin/src/components/BoundRoute/index.js +1 -1
- package/admin/src/components/FormModal/Input/index.js +1 -1
- package/admin/src/components/FormModal/index.js +9 -7
- package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +3 -3
- package/admin/src/components/Permissions/PermissionRow/SubCategory.js +14 -10
- package/admin/src/components/Permissions/PermissionRow/index.js +1 -1
- package/admin/src/components/Permissions/index.js +2 -2
- package/admin/src/components/Permissions/init.js +1 -1
- package/admin/src/components/Permissions/reducer.js +1 -1
- package/admin/src/components/Policies/index.js +1 -1
- package/admin/src/components/UsersPermissions/index.js +5 -5
- package/admin/src/components/UsersPermissions/reducer.js +1 -1
- package/admin/src/hooks/useFetchRole/index.js +3 -3
- package/admin/src/hooks/useFetchRole/reducer.js +1 -1
- package/admin/src/hooks/useForm/index.js +1 -1
- package/admin/src/hooks/useForm/reducer.js +1 -1
- package/admin/src/hooks/usePlugins/index.js +1 -1
- package/admin/src/hooks/usePlugins/reducer.js +1 -1
- package/admin/src/hooks/useRolesList/reducer.js +1 -1
- package/admin/src/index.js +5 -5
- package/admin/src/pages/AdvancedSettings/index.js +10 -11
- package/admin/src/pages/AdvancedSettings/utils/api.js +1 -1
- package/admin/src/pages/AdvancedSettings/utils/schema.js +4 -2
- package/admin/src/pages/EmailTemplates/index.js +8 -8
- package/admin/src/pages/EmailTemplates/utils/api.js +1 -1
- package/admin/src/pages/EmailTemplates/utils/schema.js +4 -1
- package/admin/src/pages/Providers/index.js +22 -22
- package/admin/src/pages/Providers/reducer.js +1 -1
- package/admin/src/pages/Providers/utils/api.js +2 -2
- package/admin/src/pages/Providers/utils/createProvidersArray.js +1 -1
- package/admin/src/pages/Roles/CreatePage/index.js +1 -1
- package/admin/src/pages/Roles/EditPage/index.js +1 -1
- package/admin/src/pages/Roles/ListPage/components/TableBody.js +4 -5
- package/admin/src/pages/Roles/ListPage/index.js +2 -2
- package/admin/src/utils/axiosInstance.js +4 -4
- package/admin/src/utils/cleanPermissions.js +1 -1
- package/admin/src/utils/formatPolicies.js +1 -1
- package/admin/src/utils/getRequestURL.js +1 -1
- package/admin/src/utils/getTrad.js +1 -1
- package/jest.config.front.js +1 -1
- package/package.json +8 -5
- package/server/bootstrap/grant-config.js +1 -1
- package/server/bootstrap/index.js +39 -39
- package/server/controllers/auth.js +5 -2
- package/server/controllers/content-manager-user.js +12 -4
- package/server/controllers/settings.js +1 -1
- package/server/controllers/user.js +2 -2
- package/server/controllers/validation/auth.js +12 -3
- package/server/controllers/validation/email-template.js +2 -3
- package/server/controllers/validation/user.js +16 -4
- package/server/graphql/mutations/auth/change-password.js +4 -1
- package/server/graphql/mutations/auth/forgot-password.js +4 -1
- package/server/graphql/mutations/auth/login.js +4 -1
- package/server/graphql/mutations/auth/register.js +4 -1
- package/server/graphql/mutations/auth/reset-password.js +4 -1
- package/server/graphql/mutations/crud/role/create-role.js +4 -1
- package/server/graphql/mutations/crud/role/delete-role.js +4 -1
- package/server/graphql/mutations/crud/role/update-role.js +4 -1
- package/server/graphql/mutations/crud/user/create-user.js +4 -1
- package/server/graphql/mutations/crud/user/delete-user.js +4 -1
- package/server/graphql/mutations/crud/user/update-user.js +4 -1
- package/server/graphql/mutations/index.js +1 -1
- package/server/graphql/types/index.js +1 -1
- package/server/middlewares/rateLimit.js +25 -22
- package/server/register.js +4 -2
- package/server/services/jwt.js +9 -11
- package/server/services/providers-registry.js +42 -33
- package/server/services/providers.js +5 -5
- package/server/services/role.js +7 -7
- package/server/services/user.js +1 -1
- package/server/services/users-permissions.js +12 -12
- package/server/strategies/users-permissions.js +3 -3
- package/server/utils/index.js +1 -1
|
@@ -26,7 +26,10 @@ module.exports = ({ nexus, strapi }) => {
|
|
|
26
26
|
|
|
27
27
|
koaContext.request.body = toPlainObject(args.data);
|
|
28
28
|
|
|
29
|
-
await strapi
|
|
29
|
+
await strapi
|
|
30
|
+
.plugin('users-permissions')
|
|
31
|
+
.controller('role')
|
|
32
|
+
.createRole(koaContext);
|
|
30
33
|
|
|
31
34
|
return { ok: true };
|
|
32
35
|
},
|
|
@@ -17,7 +17,10 @@ module.exports = ({ nexus, strapi }) => {
|
|
|
17
17
|
|
|
18
18
|
koaContext.params = { role: args.id };
|
|
19
19
|
|
|
20
|
-
await strapi
|
|
20
|
+
await strapi
|
|
21
|
+
.plugin('users-permissions')
|
|
22
|
+
.controller('role')
|
|
23
|
+
.deleteRole(koaContext);
|
|
21
24
|
|
|
22
25
|
return { ok: true };
|
|
23
26
|
},
|
|
@@ -27,7 +27,10 @@ module.exports = ({ nexus, strapi }) => {
|
|
|
27
27
|
koaContext.request.body = args.data;
|
|
28
28
|
koaContext.request.body.role = args.id;
|
|
29
29
|
|
|
30
|
-
await strapi
|
|
30
|
+
await strapi
|
|
31
|
+
.plugin('users-permissions')
|
|
32
|
+
.controller('role')
|
|
33
|
+
.updateRole(koaContext);
|
|
31
34
|
|
|
32
35
|
return { ok: true };
|
|
33
36
|
},
|
|
@@ -32,7 +32,10 @@ module.exports = ({ nexus, strapi }) => {
|
|
|
32
32
|
koaContext.params = {};
|
|
33
33
|
koaContext.request.body = toPlainObject(args.data);
|
|
34
34
|
|
|
35
|
-
await strapi
|
|
35
|
+
await strapi
|
|
36
|
+
.plugin('users-permissions')
|
|
37
|
+
.controller('user')
|
|
38
|
+
.create(koaContext);
|
|
36
39
|
|
|
37
40
|
checkBadRequest(koaContext.body);
|
|
38
41
|
|
|
@@ -26,7 +26,10 @@ module.exports = ({ nexus, strapi }) => {
|
|
|
26
26
|
|
|
27
27
|
koaContext.params = { id: args.id };
|
|
28
28
|
|
|
29
|
-
await strapi
|
|
29
|
+
await strapi
|
|
30
|
+
.plugin('users-permissions')
|
|
31
|
+
.controller('user')
|
|
32
|
+
.destroy(koaContext);
|
|
30
33
|
|
|
31
34
|
checkBadRequest(koaContext.body);
|
|
32
35
|
|
|
@@ -33,7 +33,10 @@ module.exports = ({ nexus, strapi }) => {
|
|
|
33
33
|
koaContext.params = { id: args.id };
|
|
34
34
|
koaContext.request.body = toPlainObject(args.data);
|
|
35
35
|
|
|
36
|
-
await strapi
|
|
36
|
+
await strapi
|
|
37
|
+
.plugin('users-permissions')
|
|
38
|
+
.controller('user')
|
|
39
|
+
.update(koaContext);
|
|
37
40
|
|
|
38
41
|
checkBadRequest(koaContext.body);
|
|
39
42
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
const userUID = 'plugin::users-permissions.user';
|
|
4
4
|
const roleUID = 'plugin::users-permissions.role';
|
|
5
5
|
|
|
6
|
-
module.exports =
|
|
6
|
+
module.exports = context => {
|
|
7
7
|
const { nexus, strapi } = context;
|
|
8
8
|
|
|
9
9
|
const { naming } = strapi.plugin('graphql').service('utils');
|
|
@@ -1,27 +1,30 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
module.exports =
|
|
4
|
-
|
|
5
|
-
async (ctx, next) => {
|
|
6
|
-
const ratelimit = require('koa2-ratelimit').RateLimit;
|
|
3
|
+
module.exports = (config, { strapi }) => async (ctx, next) => {
|
|
4
|
+
const ratelimit = require('koa2-ratelimit').RateLimit;
|
|
7
5
|
|
|
8
|
-
|
|
6
|
+
const message = [
|
|
7
|
+
{
|
|
8
|
+
messages: [
|
|
9
|
+
{
|
|
10
|
+
id: 'Auth.form.error.ratelimit',
|
|
11
|
+
message: 'Too many attempts, please try again in a minute.',
|
|
12
|
+
},
|
|
13
|
+
],
|
|
14
|
+
},
|
|
15
|
+
];
|
|
16
|
+
|
|
17
|
+
return ratelimit.middleware(
|
|
18
|
+
Object.assign(
|
|
19
|
+
{},
|
|
9
20
|
{
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
},
|
|
15
|
-
],
|
|
21
|
+
interval: 1 * 60 * 1000,
|
|
22
|
+
max: 5,
|
|
23
|
+
prefixKey: `${ctx.request.path}:${ctx.request.ip}`,
|
|
24
|
+
message,
|
|
16
25
|
},
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
prefixKey: `${ctx.request.path}:${ctx.request.ip}`,
|
|
23
|
-
message,
|
|
24
|
-
...strapi.config.get('plugin.users-permissions.ratelimit'),
|
|
25
|
-
...config,
|
|
26
|
-
})(ctx, next);
|
|
27
|
-
};
|
|
26
|
+
strapi.config.get('plugin.users-permissions.ratelimit'),
|
|
27
|
+
config
|
|
28
|
+
)
|
|
29
|
+
)(ctx, next);
|
|
30
|
+
};
|
package/server/register.js
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
'use strict';
|
|
2
|
-
|
|
3
2
|
const fs = require('fs');
|
|
4
3
|
const path = require('path');
|
|
5
4
|
|
|
@@ -18,6 +17,9 @@ module.exports = ({ strapi }) => {
|
|
|
18
17
|
const specPath = path.join(__dirname, '../documentation/content-api.yaml');
|
|
19
18
|
const spec = fs.readFileSync(specPath, 'utf8');
|
|
20
19
|
|
|
21
|
-
strapi
|
|
20
|
+
strapi
|
|
21
|
+
.plugin('documentation')
|
|
22
|
+
.service('documentation')
|
|
23
|
+
.registerDoc(spec);
|
|
22
24
|
}
|
|
23
25
|
};
|
package/server/services/jwt.js
CHANGED
|
@@ -38,18 +38,16 @@ module.exports = ({ strapi }) => ({
|
|
|
38
38
|
},
|
|
39
39
|
|
|
40
40
|
verify(token) {
|
|
41
|
-
return new Promise((resolve, reject)
|
|
42
|
-
jwt.verify(
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
(err
|
|
47
|
-
|
|
48
|
-
return reject(new Error('Invalid token.'));
|
|
49
|
-
}
|
|
50
|
-
resolve(tokenPayload);
|
|
41
|
+
return new Promise(function(resolve, reject) {
|
|
42
|
+
jwt.verify(token, strapi.config.get('plugin.users-permissions.jwtSecret'), {}, function(
|
|
43
|
+
err,
|
|
44
|
+
tokenPayload = {}
|
|
45
|
+
) {
|
|
46
|
+
if (err) {
|
|
47
|
+
return reject(new Error('Invalid token.'));
|
|
51
48
|
}
|
|
52
|
-
|
|
49
|
+
resolve(tokenPayload);
|
|
50
|
+
});
|
|
53
51
|
});
|
|
54
52
|
},
|
|
55
53
|
});
|
|
@@ -4,15 +4,15 @@ const { strict: assert } = require('assert');
|
|
|
4
4
|
const jwt = require('jsonwebtoken');
|
|
5
5
|
|
|
6
6
|
const getInitialProviders = ({ purest }) => ({
|
|
7
|
-
async discord({
|
|
7
|
+
async discord({ access_token }) {
|
|
8
8
|
const discord = purest({ provider: 'discord' });
|
|
9
9
|
return discord
|
|
10
10
|
.get('users/@me')
|
|
11
|
-
.auth(
|
|
11
|
+
.auth(access_token)
|
|
12
12
|
.request()
|
|
13
13
|
.then(({ body }) => {
|
|
14
14
|
// Combine username and discriminator because discord username is not unique
|
|
15
|
-
|
|
15
|
+
var username = `${body.username}#${body.discriminator}`;
|
|
16
16
|
return {
|
|
17
17
|
username,
|
|
18
18
|
email: body.email,
|
|
@@ -33,12 +33,12 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
33
33
|
};
|
|
34
34
|
}
|
|
35
35
|
},
|
|
36
|
-
async facebook({
|
|
36
|
+
async facebook({ access_token }) {
|
|
37
37
|
const facebook = purest({ provider: 'facebook' });
|
|
38
38
|
|
|
39
39
|
return facebook
|
|
40
40
|
.get('me')
|
|
41
|
-
.auth(
|
|
41
|
+
.auth(access_token)
|
|
42
42
|
.qs({ fields: 'name,email' })
|
|
43
43
|
.request()
|
|
44
44
|
.then(({ body }) => ({
|
|
@@ -46,20 +46,20 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
46
46
|
email: body.email,
|
|
47
47
|
}));
|
|
48
48
|
},
|
|
49
|
-
async google({
|
|
49
|
+
async google({ access_token }) {
|
|
50
50
|
const google = purest({ provider: 'google' });
|
|
51
51
|
|
|
52
52
|
return google
|
|
53
53
|
.query('oauth')
|
|
54
54
|
.get('tokeninfo')
|
|
55
|
-
.qs({
|
|
55
|
+
.qs({ access_token })
|
|
56
56
|
.request()
|
|
57
57
|
.then(({ body }) => ({
|
|
58
58
|
username: body.email.split('@')[0],
|
|
59
59
|
email: body.email,
|
|
60
60
|
}));
|
|
61
61
|
},
|
|
62
|
-
async github({
|
|
62
|
+
async github({ access_token }) {
|
|
63
63
|
const github = purest({
|
|
64
64
|
provider: 'github',
|
|
65
65
|
defaults: {
|
|
@@ -69,7 +69,10 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
69
69
|
},
|
|
70
70
|
});
|
|
71
71
|
|
|
72
|
-
const { body: userBody } = await github
|
|
72
|
+
const { body: userBody } = await github
|
|
73
|
+
.get('user')
|
|
74
|
+
.auth(access_token)
|
|
75
|
+
.request();
|
|
73
76
|
|
|
74
77
|
// This is the public email on the github profile
|
|
75
78
|
if (userBody.email) {
|
|
@@ -79,28 +82,31 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
79
82
|
};
|
|
80
83
|
}
|
|
81
84
|
// Get the email with Github's user/emails API
|
|
82
|
-
const { body: emailBody } = await github
|
|
85
|
+
const { body: emailBody } = await github
|
|
86
|
+
.get('user/emails')
|
|
87
|
+
.auth(access_token)
|
|
88
|
+
.request();
|
|
83
89
|
|
|
84
90
|
return {
|
|
85
91
|
username: userBody.login,
|
|
86
92
|
email: Array.isArray(emailBody)
|
|
87
|
-
? emailBody.find(
|
|
93
|
+
? emailBody.find(email => email.primary === true).email
|
|
88
94
|
: null,
|
|
89
95
|
};
|
|
90
96
|
},
|
|
91
|
-
async microsoft({
|
|
97
|
+
async microsoft({ access_token }) {
|
|
92
98
|
const microsoft = purest({ provider: 'microsoft' });
|
|
93
99
|
|
|
94
100
|
return microsoft
|
|
95
101
|
.get('me')
|
|
96
|
-
.auth(
|
|
102
|
+
.auth(access_token)
|
|
97
103
|
.request()
|
|
98
104
|
.then(({ body }) => ({
|
|
99
105
|
username: body.userPrincipalName,
|
|
100
106
|
email: body.userPrincipalName,
|
|
101
107
|
}));
|
|
102
108
|
},
|
|
103
|
-
async twitter({
|
|
109
|
+
async twitter({ access_token, query, providers }) {
|
|
104
110
|
const twitter = purest({
|
|
105
111
|
provider: 'twitter',
|
|
106
112
|
defaults: {
|
|
@@ -113,7 +119,7 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
113
119
|
|
|
114
120
|
return twitter
|
|
115
121
|
.get('account/verify_credentials')
|
|
116
|
-
.auth(
|
|
122
|
+
.auth(access_token, query.access_secret)
|
|
117
123
|
.qs({ screen_name: query['raw[screen_name]'], include_email: 'true' })
|
|
118
124
|
.request()
|
|
119
125
|
.then(({ body }) => ({
|
|
@@ -121,12 +127,12 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
121
127
|
email: body.email,
|
|
122
128
|
}));
|
|
123
129
|
},
|
|
124
|
-
async instagram({
|
|
130
|
+
async instagram({ access_token }) {
|
|
125
131
|
const instagram = purest({ provider: 'instagram' });
|
|
126
132
|
|
|
127
133
|
return instagram
|
|
128
134
|
.get('me')
|
|
129
|
-
.auth(
|
|
135
|
+
.auth(access_token)
|
|
130
136
|
.qs({ fields: 'id,username' })
|
|
131
137
|
.request()
|
|
132
138
|
.then(({ body }) => ({
|
|
@@ -134,12 +140,12 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
134
140
|
email: `${body.username}@strapi.io`, // dummy email as Instagram does not provide user email
|
|
135
141
|
}));
|
|
136
142
|
},
|
|
137
|
-
async vk({
|
|
143
|
+
async vk({ access_token, query }) {
|
|
138
144
|
const vk = purest({ provider: 'vk' });
|
|
139
145
|
|
|
140
146
|
return vk
|
|
141
147
|
.get('users.get')
|
|
142
|
-
.auth(
|
|
148
|
+
.auth(access_token)
|
|
143
149
|
.qs({ id: query.raw.user_id, v: '5.122' })
|
|
144
150
|
.request()
|
|
145
151
|
.then(({ body }) => ({
|
|
@@ -147,7 +153,7 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
147
153
|
email: query.raw.email,
|
|
148
154
|
}));
|
|
149
155
|
},
|
|
150
|
-
async twitch({
|
|
156
|
+
async twitch({ access_token, providers }) {
|
|
151
157
|
const twitch = purest({
|
|
152
158
|
provider: 'twitch',
|
|
153
159
|
config: {
|
|
@@ -166,23 +172,26 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
166
172
|
|
|
167
173
|
return twitch
|
|
168
174
|
.get('users')
|
|
169
|
-
.auth(
|
|
175
|
+
.auth(access_token, providers.twitch.key)
|
|
170
176
|
.request()
|
|
171
177
|
.then(({ body }) => ({
|
|
172
178
|
username: body.data[0].login,
|
|
173
179
|
email: body.data[0].email,
|
|
174
180
|
}));
|
|
175
181
|
},
|
|
176
|
-
async linkedin({
|
|
182
|
+
async linkedin({ access_token }) {
|
|
177
183
|
const linkedIn = purest({ provider: 'linkedin' });
|
|
178
184
|
const {
|
|
179
185
|
body: { localizedFirstName },
|
|
180
|
-
} = await linkedIn
|
|
186
|
+
} = await linkedIn
|
|
187
|
+
.get('me')
|
|
188
|
+
.auth(access_token)
|
|
189
|
+
.request();
|
|
181
190
|
const {
|
|
182
191
|
body: { elements },
|
|
183
192
|
} = await linkedIn
|
|
184
193
|
.get('emailAddress?q=members&projection=(elements*(handle~))')
|
|
185
|
-
.auth(
|
|
194
|
+
.auth(access_token)
|
|
186
195
|
.request();
|
|
187
196
|
|
|
188
197
|
const email = elements[0]['handle~'];
|
|
@@ -192,7 +201,7 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
192
201
|
email: email.emailAddress,
|
|
193
202
|
};
|
|
194
203
|
},
|
|
195
|
-
async reddit({
|
|
204
|
+
async reddit({ access_token }) {
|
|
196
205
|
const reddit = purest({
|
|
197
206
|
provider: 'reddit',
|
|
198
207
|
config: {
|
|
@@ -212,20 +221,20 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
212
221
|
|
|
213
222
|
return reddit
|
|
214
223
|
.get('me')
|
|
215
|
-
.auth(
|
|
224
|
+
.auth(access_token)
|
|
216
225
|
.request()
|
|
217
226
|
.then(({ body }) => ({
|
|
218
227
|
username: body.name,
|
|
219
228
|
email: `${body.name}@strapi.io`, // dummy email as Reddit does not provide user email
|
|
220
229
|
}));
|
|
221
230
|
},
|
|
222
|
-
async auth0({
|
|
231
|
+
async auth0({ access_token, providers }) {
|
|
223
232
|
const auth0 = purest({ provider: 'auth0' });
|
|
224
233
|
|
|
225
234
|
return auth0
|
|
226
235
|
.get('userinfo')
|
|
227
236
|
.subdomain(providers.auth0.subdomain)
|
|
228
|
-
.auth(
|
|
237
|
+
.auth(access_token)
|
|
229
238
|
.request()
|
|
230
239
|
.then(({ body }) => {
|
|
231
240
|
const username = body.username || body.nickname || body.name || body.email.split('@')[0];
|
|
@@ -237,13 +246,13 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
237
246
|
};
|
|
238
247
|
});
|
|
239
248
|
},
|
|
240
|
-
async cas({
|
|
249
|
+
async cas({ access_token, providers }) {
|
|
241
250
|
const cas = purest({ provider: 'cas' });
|
|
242
251
|
|
|
243
252
|
return cas
|
|
244
253
|
.get('oidc/profile')
|
|
245
254
|
.subdomain(providers.cas.subdomain)
|
|
246
|
-
.auth(
|
|
255
|
+
.auth(access_token)
|
|
247
256
|
.request()
|
|
248
257
|
.then(({ body }) => {
|
|
249
258
|
// CAS attribute may be in body.attributes or "FLAT", depending on CAS config
|
|
@@ -255,7 +264,7 @@ const getInitialProviders = ({ purest }) => ({
|
|
|
255
264
|
: body.strapiemail || body.email;
|
|
256
265
|
if (!username || !email) {
|
|
257
266
|
strapi.log.warn(
|
|
258
|
-
|
|
267
|
+
'CAS Response Body did not contain required attributes: ' + JSON.stringify(body)
|
|
259
268
|
);
|
|
260
269
|
}
|
|
261
270
|
return {
|
|
@@ -279,14 +288,14 @@ module.exports = () => {
|
|
|
279
288
|
providersCallbacks[providerName] = provider({ purest });
|
|
280
289
|
},
|
|
281
290
|
|
|
282
|
-
async run({ provider,
|
|
291
|
+
async run({ provider, access_token, query, providers }) {
|
|
283
292
|
if (!providersCallbacks[provider]) {
|
|
284
293
|
throw new Error('Unknown provider.');
|
|
285
294
|
}
|
|
286
295
|
|
|
287
296
|
const providerCb = providersCallbacks[provider];
|
|
288
297
|
|
|
289
|
-
return providerCb({
|
|
298
|
+
return providerCb({ access_token, query, providers });
|
|
290
299
|
},
|
|
291
300
|
};
|
|
292
301
|
};
|
|
@@ -19,7 +19,7 @@ module.exports = ({ strapi }) => {
|
|
|
19
19
|
*/
|
|
20
20
|
|
|
21
21
|
const getProfile = async (provider, query) => {
|
|
22
|
-
const
|
|
22
|
+
const access_token = query.access_token || query.code || query.oauth_token;
|
|
23
23
|
|
|
24
24
|
const providers = await strapi
|
|
25
25
|
.store({ type: 'plugin', name: 'users-permissions', key: 'grant' })
|
|
@@ -28,7 +28,7 @@ module.exports = ({ strapi }) => {
|
|
|
28
28
|
return getService('providers-registry').run({
|
|
29
29
|
provider,
|
|
30
30
|
query,
|
|
31
|
-
|
|
31
|
+
access_token,
|
|
32
32
|
providers,
|
|
33
33
|
});
|
|
34
34
|
};
|
|
@@ -38,15 +38,15 @@ module.exports = ({ strapi }) => {
|
|
|
38
38
|
*
|
|
39
39
|
*
|
|
40
40
|
* @param {String} provider
|
|
41
|
-
* @param {String}
|
|
41
|
+
* @param {String} access_token
|
|
42
42
|
*
|
|
43
43
|
* @return {*}
|
|
44
44
|
*/
|
|
45
45
|
|
|
46
46
|
const connect = async (provider, query) => {
|
|
47
|
-
const
|
|
47
|
+
const access_token = query.access_token || query.code || query.oauth_token;
|
|
48
48
|
|
|
49
|
-
if (!
|
|
49
|
+
if (!access_token) {
|
|
50
50
|
throw new Error('No access_token.');
|
|
51
51
|
}
|
|
52
52
|
|
package/server/services/role.js
CHANGED
|
@@ -53,7 +53,7 @@ module.exports = ({ strapi }) => ({
|
|
|
53
53
|
const allActions = getService('users-permissions').getActions();
|
|
54
54
|
|
|
55
55
|
// Group by `type`.
|
|
56
|
-
role.permissions.forEach(
|
|
56
|
+
role.permissions.forEach(permission => {
|
|
57
57
|
const [type, controller, action] = permission.action.split('.');
|
|
58
58
|
|
|
59
59
|
_.set(allActions, `${type}.controllers.${controller}.${action}`, {
|
|
@@ -124,11 +124,11 @@ module.exports = ({ strapi }) => ({
|
|
|
124
124
|
}, []);
|
|
125
125
|
|
|
126
126
|
const toCreate = newActions
|
|
127
|
-
.filter(
|
|
128
|
-
.map(
|
|
127
|
+
.filter(action => !oldActions.includes(action))
|
|
128
|
+
.map(action => ({ action, role: role.id }));
|
|
129
129
|
|
|
130
130
|
await Promise.all(
|
|
131
|
-
toDelete.map(
|
|
131
|
+
toDelete.map(permission =>
|
|
132
132
|
strapi
|
|
133
133
|
.query('plugin::users-permissions.permission')
|
|
134
134
|
.delete({ where: { id: permission.id } })
|
|
@@ -136,7 +136,7 @@ module.exports = ({ strapi }) => ({
|
|
|
136
136
|
);
|
|
137
137
|
|
|
138
138
|
await Promise.all(
|
|
139
|
-
toCreate.map(
|
|
139
|
+
toCreate.map(permissionInfo =>
|
|
140
140
|
strapi.query('plugin::users-permissions.permission').create({ data: permissionInfo })
|
|
141
141
|
)
|
|
142
142
|
);
|
|
@@ -153,7 +153,7 @@ module.exports = ({ strapi }) => ({
|
|
|
153
153
|
|
|
154
154
|
// Move users to guest role.
|
|
155
155
|
await Promise.all(
|
|
156
|
-
role.users.map(
|
|
156
|
+
role.users.map(user => {
|
|
157
157
|
return strapi.query('plugin::users-permissions.user').update({
|
|
158
158
|
where: { id: user.id },
|
|
159
159
|
data: { role: publicRoleID },
|
|
@@ -164,7 +164,7 @@ module.exports = ({ strapi }) => ({
|
|
|
164
164
|
// Remove permissions related to this role.
|
|
165
165
|
// TODO: use delete many
|
|
166
166
|
await Promise.all(
|
|
167
|
-
role.permissions.map(
|
|
167
|
+
role.permissions.map(permission => {
|
|
168
168
|
return strapi.query('plugin::users-permissions.permission').delete({
|
|
169
169
|
where: { id: permission.id },
|
|
170
170
|
});
|
package/server/services/user.js
CHANGED
|
@@ -99,7 +99,7 @@ module.exports = ({ strapi }) => ({
|
|
|
99
99
|
|
|
100
100
|
const settings = await pluginStore
|
|
101
101
|
.get({ key: 'email' })
|
|
102
|
-
.then(
|
|
102
|
+
.then(storeEmail => storeEmail['email_confirmation'].options);
|
|
103
103
|
|
|
104
104
|
// Sanitize the template's user information
|
|
105
105
|
const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(userSchema, user);
|
|
@@ -18,7 +18,7 @@ const DEFAULT_PERMISSIONS = [
|
|
|
18
18
|
{ action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },
|
|
19
19
|
];
|
|
20
20
|
|
|
21
|
-
const transformRoutePrefixFor =
|
|
21
|
+
const transformRoutePrefixFor = pluginName => route => {
|
|
22
22
|
const prefix = route.config && route.config.prefix;
|
|
23
23
|
const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;
|
|
24
24
|
|
|
@@ -32,7 +32,7 @@ module.exports = ({ strapi }) => ({
|
|
|
32
32
|
getActions({ defaultEnable = false } = {}) {
|
|
33
33
|
const actionMap = {};
|
|
34
34
|
|
|
35
|
-
const isContentApi =
|
|
35
|
+
const isContentApi = action => {
|
|
36
36
|
if (!_.has(action, Symbol.for('__type__'))) {
|
|
37
37
|
return false;
|
|
38
38
|
}
|
|
@@ -101,20 +101,20 @@ module.exports = ({ strapi }) => ({
|
|
|
101
101
|
const routesMap = {};
|
|
102
102
|
|
|
103
103
|
_.forEach(strapi.api, (api, apiName) => {
|
|
104
|
-
const routes = _.flatMap(api.routes,
|
|
104
|
+
const routes = _.flatMap(api.routes, route => {
|
|
105
105
|
if (_.has(route, 'routes')) {
|
|
106
106
|
return route.routes;
|
|
107
107
|
}
|
|
108
108
|
|
|
109
109
|
return route;
|
|
110
|
-
}).filter(
|
|
110
|
+
}).filter(route => route.info.type === 'content-api');
|
|
111
111
|
|
|
112
112
|
if (routes.length === 0) {
|
|
113
113
|
return;
|
|
114
114
|
}
|
|
115
115
|
|
|
116
116
|
const apiPrefix = strapi.config.get('api.rest.prefix');
|
|
117
|
-
routesMap[`api::${apiName}`] = routes.map(
|
|
117
|
+
routesMap[`api::${apiName}`] = routes.map(route => ({
|
|
118
118
|
...route,
|
|
119
119
|
path: urlJoin(apiPrefix, route.path),
|
|
120
120
|
}));
|
|
@@ -123,20 +123,20 @@ module.exports = ({ strapi }) => ({
|
|
|
123
123
|
_.forEach(strapi.plugins, (plugin, pluginName) => {
|
|
124
124
|
const transformPrefix = transformRoutePrefixFor(pluginName);
|
|
125
125
|
|
|
126
|
-
const routes = _.flatMap(plugin.routes,
|
|
126
|
+
const routes = _.flatMap(plugin.routes, route => {
|
|
127
127
|
if (_.has(route, 'routes')) {
|
|
128
128
|
return route.routes.map(transformPrefix);
|
|
129
129
|
}
|
|
130
130
|
|
|
131
131
|
return transformPrefix(route);
|
|
132
|
-
}).filter(
|
|
132
|
+
}).filter(route => route.info.type === 'content-api');
|
|
133
133
|
|
|
134
134
|
if (routes.length === 0) {
|
|
135
135
|
return;
|
|
136
136
|
}
|
|
137
137
|
|
|
138
138
|
const apiPrefix = strapi.config.get('api.rest.prefix');
|
|
139
|
-
routesMap[`plugin::${pluginName}`] = routes.map(
|
|
139
|
+
routesMap[`plugin::${pluginName}`] = routes.map(route => ({
|
|
140
140
|
...route,
|
|
141
141
|
path: urlJoin(apiPrefix, route.path),
|
|
142
142
|
}));
|
|
@@ -153,7 +153,7 @@ module.exports = ({ strapi }) => ({
|
|
|
153
153
|
|
|
154
154
|
const appActions = _.flatMap(strapi.api, (api, apiName) => {
|
|
155
155
|
return _.flatMap(api.controllers, (controller, controllerName) => {
|
|
156
|
-
return _.keys(controller).map(
|
|
156
|
+
return _.keys(controller).map(actionName => {
|
|
157
157
|
return `api::${apiName}.${controllerName}.${actionName}`;
|
|
158
158
|
});
|
|
159
159
|
});
|
|
@@ -161,7 +161,7 @@ module.exports = ({ strapi }) => ({
|
|
|
161
161
|
|
|
162
162
|
const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {
|
|
163
163
|
return _.flatMap(plugin.controllers, (controller, controllerName) => {
|
|
164
|
-
return _.keys(controller).map(
|
|
164
|
+
return _.keys(controller).map(actionName => {
|
|
165
165
|
return `plugin::${pluginName}.${controllerName}.${actionName}`;
|
|
166
166
|
});
|
|
167
167
|
});
|
|
@@ -172,7 +172,7 @@ module.exports = ({ strapi }) => ({
|
|
|
172
172
|
const toDelete = _.difference(permissionsFoundInDB, allActions);
|
|
173
173
|
|
|
174
174
|
await Promise.all(
|
|
175
|
-
toDelete.map(
|
|
175
|
+
toDelete.map(action => {
|
|
176
176
|
return strapi.query('plugin::users-permissions.permission').delete({ where: { action } });
|
|
177
177
|
})
|
|
178
178
|
);
|
|
@@ -186,7 +186,7 @@ module.exports = ({ strapi }) => ({
|
|
|
186
186
|
)(DEFAULT_PERMISSIONS);
|
|
187
187
|
|
|
188
188
|
await Promise.all(
|
|
189
|
-
toCreate.map(
|
|
189
|
+
toCreate.map(action => {
|
|
190
190
|
return strapi.query('plugin::users-permissions.permission').create({
|
|
191
191
|
data: {
|
|
192
192
|
action,
|
|
@@ -9,7 +9,7 @@ const getAdvancedSettings = () => {
|
|
|
9
9
|
return strapi.store({ type: 'plugin', name: 'users-permissions' }).get({ key: 'advanced' });
|
|
10
10
|
};
|
|
11
11
|
|
|
12
|
-
const authenticate = async
|
|
12
|
+
const authenticate = async ctx => {
|
|
13
13
|
try {
|
|
14
14
|
const token = await getService('jwt').getToken(ctx);
|
|
15
15
|
|
|
@@ -77,7 +77,7 @@ const verify = async (auth, config) => {
|
|
|
77
77
|
}
|
|
78
78
|
}
|
|
79
79
|
|
|
80
|
-
let
|
|
80
|
+
let allowedActions = auth.allowedActions;
|
|
81
81
|
|
|
82
82
|
if (!allowedActions) {
|
|
83
83
|
const permissions = await strapi.query('plugin::users-permissions.permission').findMany({
|
|
@@ -88,7 +88,7 @@ const verify = async (auth, config) => {
|
|
|
88
88
|
auth.allowedActions = allowedActions;
|
|
89
89
|
}
|
|
90
90
|
|
|
91
|
-
const isAllowed = castArray(config.scope).every(
|
|
91
|
+
const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope));
|
|
92
92
|
|
|
93
93
|
if (!isAllowed) {
|
|
94
94
|
throw new ForbiddenError();
|