@strapi/plugin-users-permissions 0.0.0-4fc90398602f

package/jest.config.front.js

@@ -0,0 +1,10 @@
+'use strict';
+
+const baseConfig = require('../../../jest.base-config.front');
+const pkg = require('./package.json');
+
+module.exports = {
+  ...baseConfig,
+  displayName: (pkg.strapi && pkg.strapi.name) || pkg.name,
+  roots: [__dirname],
+};

package/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "@strapi/plugin-users-permissions",
+  "version": "0.0.0-4fc90398602f",
+  "description": "Protect your API with a full-authentication process based on JWT",
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/strapi/strapi.git"
+  },
+  "license": "SEE LICENSE IN LICENSE",
+  "author": {
+    "name": "Strapi Solutions SAS",
+    "email": "hi@strapi.io",
+    "url": "https://strapi.io"
+  },
+  "maintainers": [
+    {
+      "name": "Strapi Solutions SAS",
+      "email": "hi@strapi.io",
+      "url": "https://strapi.io"
+    }
+  ],
+  "scripts": {
+    "test:unit": "jest --verbose",
+    "test:front": "cross-env IS_EE=true jest --config ./jest.config.front.js",
+    "test:front:watch": "cross-env IS_EE=true jest --config ./jest.config.front.js --watchAll",
+    "test:front:ce": "cross-env IS_EE=false jest --config ./jest.config.front.js",
+    "test:front:watch:ce": "cross-env IS_EE=false jest --config ./jest.config.front.js --watchAll"
+  },
+  "dependencies": {
+    "@strapi/helper-plugin": "0.0.0-4fc90398602f",
+    "@strapi/utils": "0.0.0-4fc90398602f",
+    "bcryptjs": "2.4.3",
+    "grant-koa": "5.4.8",
+    "jsonwebtoken": "^8.1.0",
+    "koa": "^2.13.4",
+    "koa2-ratelimit": "^1.1.1",
+    "lodash": "4.17.21",
+    "purest": "4.0.2",
+    "react": "^17.0.2",
+    "react-dom": "^17.0.2",
+    "react-intl": "5.20.2",
+    "react-redux": "7.2.8",
+    "react-router": "^5.2.0",
+    "react-router-dom": "5.2.0",
+    "request": "^2.83.0",
+    "url-join": "4.0.1"
+  },
+  "engines": {
+    "node": ">=14.19.1 <=16.x.x",
+    "npm": ">=6.0.0"
+  },
+  "strapi": {
+    "displayName": "Roles & Permissions",
+    "name": "users-permissions",
+    "description": "Protect your API with a full authentication process based on JWT. This plugin comes also with an ACL strategy that allows you to manage the permissions between the groups of users.",
+    "required": true,
+    "kind": "plugin"
+  },
+  "gitHead": "4fc90398602f4a07f8ae8f04968c48d669992707"
+}

package/server/bootstrap/grant-config.js

@@ -0,0 +1,123 @@
+'use strict';
+
+module.exports = (baseURL) => ({
+  email: {
+    enabled: true,
+    icon: 'envelope',
+  },
+  discord: {
+    enabled: false,
+    icon: 'discord',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/discord/callback`,
+    scope: ['identify', 'email'],
+  },
+  facebook: {
+    enabled: false,
+    icon: 'facebook-square',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/facebook/callback`,
+    scope: ['email'],
+  },
+  google: {
+    enabled: false,
+    icon: 'google',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/google/callback`,
+    scope: ['email'],
+  },
+  github: {
+    enabled: false,
+    icon: 'github',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/github/callback`,
+    scope: ['user', 'user:email'],
+  },
+  microsoft: {
+    enabled: false,
+    icon: 'windows',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/microsoft/callback`,
+    scope: ['user.read'],
+  },
+  twitter: {
+    enabled: false,
+    icon: 'twitter',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/twitter/callback`,
+  },
+  instagram: {
+    enabled: false,
+    icon: 'instagram',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/instagram/callback`,
+    scope: ['user_profile'],
+  },
+  vk: {
+    enabled: false,
+    icon: 'vk',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/vk/callback`,
+    scope: ['email'],
+  },
+  twitch: {
+    enabled: false,
+    icon: 'twitch',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/twitch/callback`,
+    scope: ['user:read:email'],
+  },
+  linkedin: {
+    enabled: false,
+    icon: 'linkedin',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/linkedin/callback`,
+    scope: ['r_liteprofile', 'r_emailaddress'],
+  },
+  cognito: {
+    enabled: false,
+    icon: 'aws',
+    key: '',
+    secret: '',
+    subdomain: 'my.subdomain.com',
+    callback: `${baseURL}/cognito/callback`,
+    scope: ['email', 'openid', 'profile'],
+  },
+  reddit: {
+    enabled: false,
+    icon: 'reddit',
+    key: '',
+    secret: '',
+    state: true,
+    callback: `${baseURL}/reddit/callback`,
+    scope: ['identity'],
+  },
+  auth0: {
+    enabled: false,
+    icon: '',
+    key: '',
+    secret: '',
+    subdomain: 'my-tenant.eu',
+    callback: `${baseURL}/auth0/callback`,
+    scope: ['openid', 'email', 'profile'],
+  },
+  cas: {
+    enabled: false,
+    icon: 'book',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/cas/callback`,
+    scope: ['openid email'], // scopes should be space delimited
+    subdomain: 'my.subdomain.com/cas',
+  },
+});

package/server/bootstrap/index.js

@@ -0,0 +1,133 @@
+'use strict';
+
+/**
+ * An asynchronous bootstrap function that runs before
+ * your application gets started.
+ *
+ * This gives you an opportunity to set up your data model,
+ * run jobs, or perform some special logic.
+ */
+const crypto = require('crypto');
+const _ = require('lodash');
+const urljoin = require('url-join');
+const { getService } = require('../utils');
+const getGrantConfig = require('./grant-config');
+
+const usersPermissionsActions = require('./users-permissions-actions');
+
+const initGrant = async (pluginStore) => {
+  const apiPrefix = strapi.config.get('api.rest.prefix');
+  const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');
+
+  const grantConfig = getGrantConfig(baseURL);
+
+  const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};
+  // store grant auth config to db
+  // when plugin_users-permissions_grant is not existed in db
+  // or we have added/deleted provider here.
+  if (!prevGrantConfig || !_.isEqual(_.keys(prevGrantConfig), _.keys(grantConfig))) {
+    // merge with the previous provider config.
+    _.keys(grantConfig).forEach((key) => {
+      if (key in prevGrantConfig) {
+        grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);
+      }
+    });
+    await pluginStore.set({ key: 'grant', value: grantConfig });
+  }
+};
+
+const initEmails = async (pluginStore) => {
+  if (!(await pluginStore.get({ key: 'email' }))) {
+    const value = {
+      reset_password: {
+        display: 'Email.template.reset_password',
+        icon: 'sync',
+        options: {
+          from: {
+            name: 'Administration Panel',
+            email: 'no-reply@strapi.io',
+          },
+          response_email: '',
+          object: 'Reset password',
+          message: `<p>We heard that you lost your password. Sorry about that!</p>
+
+<p>But don’t worry! You can use the following link to reset your password:</p>
+<p><%= URL %>?code=<%= TOKEN %></p>
+
+<p>Thanks.</p>`,
+        },
+      },
+      email_confirmation: {
+        display: 'Email.template.email_confirmation',
+        icon: 'check-square',
+        options: {
+          from: {
+            name: 'Administration Panel',
+            email: 'no-reply@strapi.io',
+          },
+          response_email: '',
+          object: 'Account confirmation',
+          message: `<p>Thank you for registering!</p>
+
+<p>You have to confirm your email address. Please click on the link below.</p>
+
+<p><%= URL %>?confirmation=<%= CODE %></p>
+
+<p>Thanks.</p>`,
+        },
+      },
+    };
+
+    await pluginStore.set({ key: 'email', value });
+  }
+};
+
+const initAdvancedOptions = async (pluginStore) => {
+  if (!(await pluginStore.get({ key: 'advanced' }))) {
+    const value = {
+      unique_email: true,
+      allow_register: true,
+      email_confirmation: false,
+      email_reset_password: null,
+      email_confirmation_redirection: null,
+      default_role: 'authenticated',
+    };
+
+    await pluginStore.set({ key: 'advanced', value });
+  }
+};
+
+module.exports = async ({ strapi }) => {
+  const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
+
+  await initGrant(pluginStore);
+  await initEmails(pluginStore);
+  await initAdvancedOptions(pluginStore);
+
+  await strapi.admin.services.permission.actionProvider.registerMany(
+    usersPermissionsActions.actions
+  );
+
+  await getService('users-permissions').initialize();
+
+  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
+    if (process.env.NODE_ENV !== 'development') {
+      throw new Error(
+        `Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
+For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
+      );
+    }
+
+    const jwtSecret = crypto.randomBytes(16).toString('base64');
+
+    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
+
+    if (!process.env.JWT_SECRET) {
+      const envPath = process.env.ENV_PATH || '.env';
+      strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
+      strapi.log.info(
+        `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`
+      );
+    }
+  }
+};

package/server/bootstrap/users-permissions-actions.js

@@ -0,0 +1,80 @@
+'use strict';
+
+module.exports = {
+  actions: [
+    {
+      // Roles
+      section: 'plugins',
+      displayName: 'Create',
+      uid: 'roles.create',
+      subCategory: 'roles',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Read',
+      uid: 'roles.read',
+      subCategory: 'roles',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Update',
+      uid: 'roles.update',
+      subCategory: 'roles',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Delete',
+      uid: 'roles.delete',
+      subCategory: 'roles',
+      pluginName: 'users-permissions',
+    },
+    {
+      // providers
+      section: 'plugins',
+      displayName: 'Read',
+      uid: 'providers.read',
+      subCategory: 'providers',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Edit',
+      uid: 'providers.update',
+      subCategory: 'providers',
+      pluginName: 'users-permissions',
+    },
+    {
+      // emailTemplates
+      section: 'plugins',
+      displayName: 'Read',
+      uid: 'email-templates.read',
+      subCategory: 'emailTemplates',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Edit',
+      uid: 'email-templates.update',
+      subCategory: 'emailTemplates',
+      pluginName: 'users-permissions',
+    },
+    {
+      // advancedSettings
+      section: 'plugins',
+      displayName: 'Read',
+      uid: 'advanced-settings.read',
+      subCategory: 'advancedSettings',
+      pluginName: 'users-permissions',
+    },
+    {
+      section: 'plugins',
+      displayName: 'Edit',
+      uid: 'advanced-settings.update',
+      subCategory: 'advancedSettings',
+      pluginName: 'users-permissions',
+    },
+  ],
+};

package/server/config.js

@@ -0,0 +1,23 @@
+'use strict';
+
+module.exports = {
+  default: ({ env }) => ({
+    jwtSecret: env('JWT_SECRET'),
+    jwt: {
+      expiresIn: '30d',
+    },
+    ratelimit: {
+      interval: 60000,
+      max: 10,
+    },
+    layout: {
+      user: {
+        actions: {
+          create: 'contentManagerUser.create', // Use the User plugin's controller.
+          update: 'contentManagerUser.update',
+        },
+      },
+    },
+  }),
+  validator() {},
+};

package/server/content-types/index.js

@@ -0,0 +1,11 @@
+'use strict';
+
+const permission = require('./permission');
+const role = require('./role');
+const user = require('./user');
+
+module.exports = {
+  permission: { schema: permission },
+  role: { schema: role },
+  user: { schema: user },
+};

package/server/content-types/permission/index.js

@@ -0,0 +1,34 @@
+'use strict';
+
+module.exports = {
+  collectionName: 'up_permissions',
+  info: {
+    name: 'permission',
+    description: '',
+    singularName: 'permission',
+    pluralName: 'permissions',
+    displayName: 'Permission',
+  },
+  pluginOptions: {
+    'content-manager': {
+      visible: false,
+    },
+    'content-type-builder': {
+      visible: false,
+    },
+  },
+  attributes: {
+    action: {
+      type: 'string',
+      required: true,
+      configurable: false,
+    },
+    role: {
+      type: 'relation',
+      relation: 'manyToOne',
+      target: 'plugin::users-permissions.role',
+      inversedBy: 'permissions',
+      configurable: false,
+    },
+  },
+};

package/server/content-types/role/index.js

@@ -0,0 +1,51 @@
+'use strict';
+
+module.exports = {
+  collectionName: 'up_roles',
+  info: {
+    name: 'role',
+    description: '',
+    singularName: 'role',
+    pluralName: 'roles',
+    displayName: 'Role',
+  },
+  pluginOptions: {
+    'content-manager': {
+      visible: false,
+    },
+    'content-type-builder': {
+      visible: false,
+    },
+  },
+  attributes: {
+    name: {
+      type: 'string',
+      minLength: 3,
+      required: true,
+      configurable: false,
+    },
+    description: {
+      type: 'string',
+      configurable: false,
+    },
+    type: {
+      type: 'string',
+      unique: true,
+      configurable: false,
+    },
+    permissions: {
+      type: 'relation',
+      relation: 'oneToMany',
+      target: 'plugin::users-permissions.permission',
+      mappedBy: 'role',
+      configurable: false,
+    },
+    users: {
+      type: 'relation',
+      relation: 'oneToMany',
+      target: 'plugin::users-permissions.user',
+      mappedBy: 'role',
+      configurable: false,
+    },
+  },
+};

package/server/content-types/user/index.js

@@ -0,0 +1,72 @@
+'use strict';
+
+const schemaConfig = require('./schema-config');
+
+module.exports = {
+  collectionName: 'up_users',
+  info: {
+    name: 'user',
+    description: '',
+    singularName: 'user',
+    pluralName: 'users',
+    displayName: 'User',
+  },
+  options: {
+    draftAndPublish: false,
+    timestamps: true,
+  },
+  attributes: {
+    username: {
+      type: 'string',
+      minLength: 3,
+      unique: true,
+      configurable: false,
+      required: true,
+    },
+    email: {
+      type: 'email',
+      minLength: 6,
+      configurable: false,
+      required: true,
+    },
+    provider: {
+      type: 'string',
+      configurable: false,
+    },
+    password: {
+      type: 'password',
+      minLength: 6,
+      configurable: false,
+      private: true,
+    },
+    resetPasswordToken: {
+      type: 'string',
+      configurable: false,
+      private: true,
+    },
+    confirmationToken: {
+      type: 'string',
+      configurable: false,
+      private: true,
+    },
+    confirmed: {
+      type: 'boolean',
+      default: false,
+      configurable: false,
+    },
+    blocked: {
+      type: 'boolean',
+      default: false,
+      configurable: false,
+    },
+    role: {
+      type: 'relation',
+      relation: 'manyToOne',
+      target: 'plugin::users-permissions.role',
+      inversedBy: 'users',
+      configurable: false,
+    },
+  },
+
+  config: schemaConfig, // TODO: to move to content-manager options
+};

package/server/content-types/user/schema-config.js

@@ -0,0 +1,15 @@
+'use strict';
+
+module.exports = {
+  attributes: {
+    resetPasswordToken: {
+      hidden: true,
+    },
+    confirmationToken: {
+      hidden: true,
+    },
+    provider: {
+      hidden: true,
+    },
+  },
+};