npm - @strapi/plugin-users-permissions - Versions diffs - 0.0.0-4fc90398602f - Mend

@strapi/plugin-users-permissions 0.0.0-4fc90398602f

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (168) hide show

package/LICENSE +22 -0
package/README.md +1 -0
package/admin/src/components/BoundRoute/getMethodColor.js +41 -0
package/admin/src/components/BoundRoute/index.js +72 -0
package/admin/src/components/FormModal/Input/index.js +121 -0
package/admin/src/components/FormModal/index.js +121 -0
package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +30 -0
package/admin/src/components/Permissions/PermissionRow/SubCategory.js +114 -0
package/admin/src/components/Permissions/PermissionRow/index.js +53 -0
package/admin/src/components/Permissions/index.js +56 -0
package/admin/src/components/Permissions/init.js +9 -0
package/admin/src/components/Permissions/reducer.js +27 -0
package/admin/src/components/Policies/index.js +60 -0
package/admin/src/components/UsersPermissions/index.js +94 -0
package/admin/src/components/UsersPermissions/init.js +10 -0
package/admin/src/components/UsersPermissions/reducer.js +60 -0
package/admin/src/contexts/UsersPermissionsContext/index.js +17 -0
package/admin/src/hooks/index.js +5 -0
package/admin/src/hooks/useFetchRole/index.js +64 -0
package/admin/src/hooks/useFetchRole/reducer.js +31 -0
package/admin/src/hooks/useForm/index.js +70 -0
package/admin/src/hooks/useForm/reducer.js +40 -0
package/admin/src/hooks/usePlugins/index.js +65 -0
package/admin/src/hooks/usePlugins/init.js +5 -0
package/admin/src/hooks/usePlugins/reducer.js +34 -0
package/admin/src/hooks/useRolesList/index.js +63 -0
package/admin/src/hooks/useRolesList/init.js +5 -0
package/admin/src/hooks/useRolesList/reducer.js +31 -0
package/admin/src/index.js +123 -0
package/admin/src/pages/AdvancedSettings/index.js +238 -0
package/admin/src/pages/AdvancedSettings/utils/api.js +13 -0
package/admin/src/pages/AdvancedSettings/utils/layout.js +96 -0
package/admin/src/pages/AdvancedSettings/utils/schema.js +19 -0
package/admin/src/pages/EmailTemplates/components/EmailForm.js +173 -0
package/admin/src/pages/EmailTemplates/components/EmailTable.js +121 -0
package/admin/src/pages/EmailTemplates/index.js +162 -0
package/admin/src/pages/EmailTemplates/utils/api.js +13 -0
package/admin/src/pages/EmailTemplates/utils/schema.js +22 -0
package/admin/src/pages/Providers/index.js +274 -0
package/admin/src/pages/Providers/reducer.js +54 -0
package/admin/src/pages/Providers/utils/api.js +21 -0
package/admin/src/pages/Providers/utils/createProvidersArray.js +21 -0
package/admin/src/pages/Providers/utils/forms.js +244 -0
package/admin/src/pages/Roles/CreatePage/index.js +177 -0
package/admin/src/pages/Roles/CreatePage/utils/schema.js +9 -0
package/admin/src/pages/Roles/EditPage/index.js +190 -0
package/admin/src/pages/Roles/EditPage/utils/schema.js +9 -0
package/admin/src/pages/Roles/ListPage/components/TableBody.js +96 -0
package/admin/src/pages/Roles/ListPage/index.js +216 -0
package/admin/src/pages/Roles/ListPage/utils/api.js +28 -0
package/admin/src/pages/Roles/ProtectedCreatePage/index.js +12 -0
package/admin/src/pages/Roles/ProtectedEditPage/index.js +12 -0
package/admin/src/pages/Roles/ProtectedListPage/index.js +15 -0
package/admin/src/pages/Roles/index.js +27 -0
package/admin/src/permissions.js +31 -0
package/admin/src/pluginId.js +5 -0
package/admin/src/translations/ar.json +40 -0
package/admin/src/translations/cs.json +46 -0
package/admin/src/translations/de.json +58 -0
package/admin/src/translations/dk.json +83 -0
package/admin/src/translations/en.json +83 -0
package/admin/src/translations/es.json +83 -0
package/admin/src/translations/fr.json +46 -0
package/admin/src/translations/id.json +58 -0
package/admin/src/translations/it.json +58 -0
package/admin/src/translations/ja.json +44 -0
package/admin/src/translations/ko.json +83 -0
package/admin/src/translations/ms.json +45 -0
package/admin/src/translations/nl.json +44 -0
package/admin/src/translations/pl.json +83 -0
package/admin/src/translations/pt-BR.json +40 -0
package/admin/src/translations/pt.json +44 -0
package/admin/src/translations/ru.json +58 -0
package/admin/src/translations/sk.json +46 -0
package/admin/src/translations/sv.json +58 -0
package/admin/src/translations/th.json +56 -0
package/admin/src/translations/tr.json +44 -0
package/admin/src/translations/uk.json +45 -0
package/admin/src/translations/vi.json +46 -0
package/admin/src/translations/zh-Hans.json +62 -0
package/admin/src/translations/zh.json +44 -0
package/admin/src/utils/axiosInstance.js +36 -0
package/admin/src/utils/cleanPermissions.js +25 -0
package/admin/src/utils/formatPluginName.js +26 -0
package/admin/src/utils/formatPolicies.js +8 -0
package/admin/src/utils/getRequestURL.js +5 -0
package/admin/src/utils/getTrad.js +5 -0
package/admin/src/utils/index.js +5 -0
package/documentation/content-api.yaml +848 -0
package/jest.config.front.js +10 -0
package/package.json +60 -0
package/server/bootstrap/grant-config.js +123 -0
package/server/bootstrap/index.js +133 -0
package/server/bootstrap/users-permissions-actions.js +80 -0
package/server/config.js +23 -0
package/server/content-types/index.js +11 -0
package/server/content-types/permission/index.js +34 -0
package/server/content-types/role/index.js +51 -0
package/server/content-types/user/index.js +72 -0
package/server/content-types/user/schema-config.js +15 -0
package/server/controllers/auth.js +398 -0
package/server/controllers/content-manager-user.js +175 -0
package/server/controllers/index.js +17 -0
package/server/controllers/permissions.js +26 -0
package/server/controllers/role.js +77 -0
package/server/controllers/settings.js +85 -0
package/server/controllers/user.js +198 -0
package/server/controllers/validation/auth.js +57 -0
package/server/controllers/validation/email-template.js +50 -0
package/server/controllers/validation/user.js +26 -0
package/server/graphql/index.js +44 -0
package/server/graphql/mutations/auth/change-password.js +38 -0
package/server/graphql/mutations/auth/email-confirmation.js +39 -0
package/server/graphql/mutations/auth/forgot-password.js +35 -0
package/server/graphql/mutations/auth/login.js +35 -0
package/server/graphql/mutations/auth/register.js +36 -0
package/server/graphql/mutations/auth/reset-password.js +38 -0
package/server/graphql/mutations/crud/role/create-role.js +34 -0
package/server/graphql/mutations/crud/role/delete-role.js +25 -0
package/server/graphql/mutations/crud/role/update-role.js +35 -0
package/server/graphql/mutations/crud/user/create-user.js +45 -0
package/server/graphql/mutations/crud/user/delete-user.js +39 -0
package/server/graphql/mutations/crud/user/update-user.js +46 -0
package/server/graphql/mutations/index.js +43 -0
package/server/graphql/queries/index.js +13 -0
package/server/graphql/queries/me.js +17 -0
package/server/graphql/resolvers-configs.js +42 -0
package/server/graphql/types/create-role-payload.js +11 -0
package/server/graphql/types/delete-role-payload.js +11 -0
package/server/graphql/types/index.js +21 -0
package/server/graphql/types/login-input.js +13 -0
package/server/graphql/types/login-payload.js +12 -0
package/server/graphql/types/me-role.js +14 -0
package/server/graphql/types/me.js +16 -0
package/server/graphql/types/password-payload.js +11 -0
package/server/graphql/types/register-input.js +13 -0
package/server/graphql/types/update-role-payload.js +11 -0
package/server/graphql/utils.js +27 -0
package/server/index.js +21 -0
package/server/middlewares/index.js +7 -0
package/server/middlewares/rateLimit.js +27 -0
package/server/register.js +23 -0
package/server/routes/admin/index.js +10 -0
package/server/routes/admin/permissions.js +20 -0
package/server/routes/admin/role.js +79 -0
package/server/routes/admin/settings.js +95 -0
package/server/routes/content-api/auth.js +82 -0
package/server/routes/content-api/index.js +11 -0
package/server/routes/content-api/permissions.js +9 -0
package/server/routes/content-api/role.js +29 -0
package/server/routes/content-api/user.js +60 -0
package/server/routes/index.js +6 -0
package/server/services/index.js +17 -0
package/server/services/jwt.js +55 -0
package/server/services/providers-registry.js +292 -0
package/server/services/providers.js +115 -0
package/server/services/role.js +177 -0
package/server/services/user.js +140 -0
package/server/services/users-permissions.js +236 -0
package/server/strategies/users-permissions.js +102 -0
package/server/utils/index.d.ts +16 -0
package/server/utils/index.js +12 -0
package/server/utils/sanitize/index.js +9 -0
package/server/utils/sanitize/sanitizers.js +19 -0
package/server/utils/sanitize/visitors/index.js +5 -0
package/server/utils/sanitize/visitors/remove-user-relation-from-role-entities.js +11 -0
package/strapi-admin.js +3 -0
package/strapi-server.js +3 -0

package/server/controllers/settings.js ADDED Viewed

@@ -0,0 +1,85 @@
+'use strict';
+const _ = require('lodash');
+const { ValidationError } = require('@strapi/utils').errors;
+const { getService } = require('../utils');
+const { isValidEmailTemplate } = require('./validation/email-template');
+module.exports = {
+  async getEmailTemplate(ctx) {
+    ctx.send(await strapi.store({ type: 'plugin', name: 'users-permissions', key: 'email' }).get());
+  },
+  async updateEmailTemplate(ctx) {
+    if (_.isEmpty(ctx.request.body)) {
+      throw new ValidationError('Request body cannot be empty');
+    }
+    const emailTemplates = ctx.request.body['email-templates'];
+    for (const key of Object.keys(emailTemplates)) {
+      const template = emailTemplates[key].options.message;
+      if (!isValidEmailTemplate(template)) {
+        throw new ValidationError('Invalid template');
+      }
+    }
+    await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'email' })
+      .set({ value: emailTemplates });
+    ctx.send({ ok: true });
+  },
+  async getAdvancedSettings(ctx) {
+    const settings = await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
+      .get();
+    const roles = await getService('role').find();
+    ctx.send({ settings, roles });
+  },
+  async updateAdvancedSettings(ctx) {
+    if (_.isEmpty(ctx.request.body)) {
+      throw new ValidationError('Request body cannot be empty');
+    }
+    await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
+      .set({ value: ctx.request.body });
+    ctx.send({ ok: true });
+  },
+  async getProviders(ctx) {
+    const providers = await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })
+      .get();
+    for (const provider in providers) {
+      if (provider !== 'email') {
+        providers[provider].redirectUri = strapi
+          .plugin('users-permissions')
+          .service('providers')
+          .buildRedirectUri(provider);
+      }
+    }
+    ctx.send(providers);
+  },
+  async updateProviders(ctx) {
+    if (_.isEmpty(ctx.request.body)) {
+      throw new ValidationError('Request body cannot be empty');
+    }
+    await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })
+      .set({ value: ctx.request.body.providers });
+    ctx.send({ ok: true });
+  },
+};

package/server/controllers/user.js ADDED Viewed

@@ -0,0 +1,198 @@
+'use strict';
+/**
+ * User.js controller
+ *
+ * @description: A set of functions called "actions" for managing `User`.
+ */
+const _ = require('lodash');
+const utils = require('@strapi/utils');
+const { getService } = require('../utils');
+const { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');
+const { sanitize } = utils;
+const { ApplicationError, ValidationError, NotFoundError } = utils.errors;
+const sanitizeOutput = (user, ctx) => {
+  const schema = strapi.getModel('plugin::users-permissions.user');
+  const { auth } = ctx.state;
+  return sanitize.contentAPI.output(user, schema, { auth });
+};
+module.exports = {
+  /**
+   * Create a/an user record.
+   * @return {Object}
+   */
+  async create(ctx) {
+    const advanced = await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
+      .get();
+    await validateCreateUserBody(ctx.request.body);
+    const { email, username, role } = ctx.request.body;
+    const userWithSameUsername = await strapi
+      .query('plugin::users-permissions.user')
+      .findOne({ where: { username } });
+    if (userWithSameUsername) {
+      if (!email) throw new ApplicationError('Username already taken');
+    }
+    if (advanced.unique_email) {
+      const userWithSameEmail = await strapi
+        .query('plugin::users-permissions.user')
+        .findOne({ where: { email: email.toLowerCase() } });
+      if (userWithSameEmail) {
+        throw new ApplicationError('Email already taken');
+      }
+    }
+    const user = {
+      ...ctx.request.body,
+      email: email.toLowerCase(),
+      provider: 'local',
+    };
+    if (!role) {
+      const defaultRole = await strapi
+        .query('plugin::users-permissions.role')
+        .findOne({ where: { type: advanced.default_role } });
+      user.role = defaultRole.id;
+    }
+    try {
+      const data = await getService('user').add(user);
+      const sanitizedData = await sanitizeOutput(data, ctx);
+      ctx.created(sanitizedData);
+    } catch (error) {
+      throw new ApplicationError(error.message);
+    }
+  },
+  /**
+   * Update a/an user record.
+   * @return {Object}
+   */
+  async update(ctx) {
+    const advancedConfigs = await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
+      .get();
+    const { id } = ctx.params;
+    const { email, username, password } = ctx.request.body;
+    const user = await getService('user').fetch(id);
+    if (!user) {
+      throw new NotFoundError(`User not found`);
+    }
+    await validateUpdateUserBody(ctx.request.body);
+    if (user.provider === 'local' && _.has(ctx.request.body, 'password') && !password) {
+      throw new ValidationError('password.notNull');
+    }
+    if (_.has(ctx.request.body, 'username')) {
+      const userWithSameUsername = await strapi
+        .query('plugin::users-permissions.user')
+        .findOne({ where: { username } });
+      if (userWithSameUsername && userWithSameUsername.id != id) {
+        throw new ApplicationError('Username already taken');
+      }
+    }
+    if (_.has(ctx.request.body, 'email') && advancedConfigs.unique_email) {
+      const userWithSameEmail = await strapi
+        .query('plugin::users-permissions.user')
+        .findOne({ where: { email: email.toLowerCase() } });
+      if (userWithSameEmail && userWithSameEmail.id != id) {
+        throw new ApplicationError('Email already taken');
+      }
+      ctx.request.body.email = ctx.request.body.email.toLowerCase();
+    }
+    const updateData = {
+      ...ctx.request.body,
+    };
+    const data = await getService('user').edit(user.id, updateData);
+    const sanitizedData = await sanitizeOutput(data, ctx);
+    ctx.send(sanitizedData);
+  },
+  /**
+   * Retrieve user records.
+   * @return {Object|Array}
+   */
+  async find(ctx) {
+    const users = await getService('user').fetchAll(ctx.query);
+    ctx.body = await Promise.all(users.map((user) => sanitizeOutput(user, ctx)));
+  },
+  /**
+   * Retrieve a user record.
+   * @return {Object}
+   */
+  async findOne(ctx) {
+    const { id } = ctx.params;
+    const { query } = ctx;
+    let data = await getService('user').fetch(id, query);
+    if (data) {
+      data = await sanitizeOutput(data, ctx);
+    }
+    ctx.body = data;
+  },
+  /**
+   * Retrieve user count.
+   * @return {Number}
+   */
+  async count(ctx) {
+    ctx.body = await getService('user').count(ctx.query);
+  },
+  /**
+   * Destroy a/an user record.
+   * @return {Object}
+   */
+  async destroy(ctx) {
+    const { id } = ctx.params;
+    const data = await getService('user').remove({ id });
+    const sanitizedUser = await sanitizeOutput(data, ctx);
+    ctx.send(sanitizedUser);
+  },
+  /**
+   * Retrieve authenticated user.
+   * @return {Object|Array}
+   */
+  async me(ctx) {
+    const authUser = ctx.state.user;
+    const { query } = ctx;
+    if (!authUser) {
+      return ctx.unauthorized();
+    }
+    const user = await getService('user').fetch(authUser.id, query);
+    ctx.body = await sanitizeOutput(user, ctx);
+  },
+};

package/server/controllers/validation/auth.js ADDED Viewed

@@ -0,0 +1,57 @@
+'use strict';
+const { yup, validateYupSchema } = require('@strapi/utils');
+const callbackSchema = yup.object({
+  identifier: yup.string().required(),
+  password: yup.string().required(),
+});
+const registerSchema = yup.object({
+  email: yup.string().email().required(),
+  username: yup.string().required(),
+  password: yup.string().required(),
+});
+const sendEmailConfirmationSchema = yup.object({
+  email: yup.string().email().required(),
+});
+const validateEmailConfirmationSchema = yup.object({
+  confirmation: yup.string().required(),
+});
+const forgotPasswordSchema = yup
+  .object({
+    email: yup.string().email().required(),
+  })
+  .noUnknown();
+const resetPasswordSchema = yup
+  .object({
+    password: yup.string().required(),
+    passwordConfirmation: yup.string().required(),
+    code: yup.string().required(),
+  })
+  .noUnknown();
+const changePasswordSchema = yup
+  .object({
+    password: yup.string().required(),
+    passwordConfirmation: yup
+      .string()
+      .required()
+      .oneOf([yup.ref('password')], 'Passwords do not match'),
+    currentPassword: yup.string().required(),
+  })
+  .noUnknown();
+module.exports = {
+  validateCallbackBody: validateYupSchema(callbackSchema),
+  validateRegisterBody: validateYupSchema(registerSchema),
+  validateSendEmailConfirmationBody: validateYupSchema(sendEmailConfirmationSchema),
+  validateEmailConfirmationBody: validateYupSchema(validateEmailConfirmationSchema),
+  validateForgotPasswordBody: validateYupSchema(forgotPasswordSchema),
+  validateResetPasswordBody: validateYupSchema(resetPasswordSchema),
+  validateChangePasswordBody: validateYupSchema(changePasswordSchema),
+};

package/server/controllers/validation/email-template.js ADDED Viewed

@@ -0,0 +1,50 @@
+'use strict';
+const _ = require('lodash');
+const invalidPatternsRegexes = [/<%[^=]([^<>%]*)%>/m, /\${([^{}]*)}/m];
+const authorizedKeys = [
+  'URL',
+  'ADMIN_URL',
+  'SERVER_URL',
+  'CODE',
+  'USER',
+  'USER.email',
+  'USER.username',
+  'TOKEN',
+];
+const matchAll = (pattern, src) => {
+  const matches = [];
+  let match;
+  const regexPatternWithGlobal = RegExp(pattern, 'g');
+  // eslint-disable-next-line no-cond-assign
+  while ((match = regexPatternWithGlobal.exec(src))) {
+    const [, group] = match;
+    matches.push(_.trim(group));
+  }
+  return matches;
+};
+const isValidEmailTemplate = (template) => {
+  for (const reg of invalidPatternsRegexes) {
+    if (reg.test(template)) {
+      return false;
+    }
+  }
+  const matches = matchAll(/<%=([^<>%=]*)%>/, template);
+  for (const match of matches) {
+    if (!authorizedKeys.includes(match)) {
+      return false;
+    }
+  }
+  return true;
+};
+module.exports = {
+  isValidEmailTemplate,
+};

package/server/controllers/validation/user.js ADDED Viewed

@@ -0,0 +1,26 @@
+'use strict';
+const { yup, validateYupSchema } = require('@strapi/utils');
+const deleteRoleSchema = yup.object().shape({
+  role: yup.strapiID().required(),
+});
+const createUserBodySchema = yup.object().shape({
+  email: yup.string().email().required(),
+  username: yup.string().min(1).required(),
+  password: yup.string().min(1).required(),
+  role: yup.strapiID(),
+});
+const updateUserBodySchema = yup.object().shape({
+  email: yup.string().email().min(1),
+  username: yup.string().min(1),
+  password: yup.string().min(1),
+});
+module.exports = {
+  validateCreateUserBody: validateYupSchema(createUserBodySchema),
+  validateUpdateUserBody: validateYupSchema(updateUserBodySchema),
+  validateDeleteRoleBody: validateYupSchema(deleteRoleSchema),
+};

package/server/graphql/index.js ADDED Viewed

@@ -0,0 +1,44 @@
+'use strict';
+const getTypes = require('./types');
+const getQueries = require('./queries');
+const getMutations = require('./mutations');
+const getResolversConfig = require('./resolvers-configs');
+module.exports = ({ strapi }) => {
+  const { config: graphQLConfig } = strapi.plugin('graphql');
+  const extensionService = strapi.plugin('graphql').service('extension');
+  const isShadowCRUDEnabled = graphQLConfig('shadowCRUD', true);
+  if (!isShadowCRUDEnabled) {
+    return;
+  }
+  // Disable Permissions queries & mutations but allow the
+  // type to be used/selected in filters or nested resolvers
+  extensionService
+    .shadowCRUD('plugin::users-permissions.permission')
+    .disableQueries()
+    .disableMutations();
+  // Disable User & Role's Create/Update/Delete actions so they can be replaced
+  const actionsToDisable = ['create', 'update', 'delete'];
+  extensionService.shadowCRUD('plugin::users-permissions.user').disableActions(actionsToDisable);
+  extensionService.shadowCRUD('plugin::users-permissions.role').disableActions(actionsToDisable);
+  // Register new types & resolvers config
+  extensionService.use(({ nexus }) => {
+    const types = getTypes({ strapi, nexus });
+    const queries = getQueries({ strapi, nexus });
+    const mutations = getMutations({ strapi, nexus });
+    const resolversConfig = getResolversConfig({ strapi });
+    return {
+      types: [types, queries, mutations],
+      resolversConfig,
+    };
+  });
+};

package/server/graphql/mutations/auth/change-password.js ADDED Viewed

@@ -0,0 +1,38 @@
+'use strict';
+const { toPlainObject } = require('lodash/fp');
+const { checkBadRequest } = require('../../utils');
+module.exports = ({ nexus, strapi }) => {
+  const { nonNull } = nexus;
+  return {
+    type: 'UsersPermissionsLoginPayload',
+    args: {
+      currentPassword: nonNull('String'),
+      password: nonNull('String'),
+      passwordConfirmation: nonNull('String'),
+    },
+    description: 'Change user password. Confirm with the current password.',
+    async resolve(parent, args, context) {
+      const { koaContext } = context;
+      koaContext.request.body = toPlainObject(args);
+      await strapi.plugin('users-permissions').controller('auth').changePassword(koaContext);
+      const output = koaContext.body;
+      checkBadRequest(output);
+      return {
+        user: output.user || output,
+        jwt: output.jwt,
+      };
+    },
+  };
+};

package/server/graphql/mutations/auth/email-confirmation.js ADDED Viewed

@@ -0,0 +1,39 @@
+'use strict';
+const { toPlainObject } = require('lodash/fp');
+const { checkBadRequest } = require('../../utils');
+module.exports = ({ nexus, strapi }) => {
+  const { nonNull } = nexus;
+  return {
+    type: 'UsersPermissionsLoginPayload',
+    args: {
+      confirmation: nonNull('String'),
+    },
+    description: 'Confirm an email users email address',
+    async resolve(parent, args, context) {
+      const { koaContext } = context;
+      koaContext.query = toPlainObject(args);
+      await strapi
+        .plugin('users-permissions')
+        .controller('auth')
+        .emailConfirmation(koaContext, null, true);
+      const output = koaContext.body;
+      checkBadRequest(output);
+      return {
+        user: output.user || output,
+        jwt: output.jwt,
+      };
+    },
+  };
+};

package/server/graphql/mutations/auth/forgot-password.js ADDED Viewed

@@ -0,0 +1,35 @@
+'use strict';
+const { toPlainObject } = require('lodash/fp');
+const { checkBadRequest } = require('../../utils');
+module.exports = ({ nexus, strapi }) => {
+  const { nonNull } = nexus;
+  return {
+    type: 'UsersPermissionsPasswordPayload',
+    args: {
+      email: nonNull('String'),
+    },
+    description: 'Request a reset password token',
+    async resolve(parent, args, context) {
+      const { koaContext } = context;
+      koaContext.request.body = toPlainObject(args);
+      await strapi.plugin('users-permissions').controller('auth').forgotPassword(koaContext);
+      const output = koaContext.body;
+      checkBadRequest(output);
+      return {
+        ok: output.ok || output,
+      };
+    },
+  };
+};

package/server/graphql/mutations/auth/login.js ADDED Viewed

@@ -0,0 +1,35 @@
+'use strict';
+const { toPlainObject } = require('lodash/fp');
+const { checkBadRequest } = require('../../utils');
+module.exports = ({ nexus, strapi }) => {
+  const { nonNull } = nexus;
+  return {
+    type: nonNull('UsersPermissionsLoginPayload'),
+    args: {
+      input: nonNull('UsersPermissionsLoginInput'),
+    },
+    async resolve(parent, args, context) {
+      const { koaContext } = context;
+      koaContext.params = { provider: args.input.provider };
+      koaContext.request.body = toPlainObject(args.input);
+      await strapi.plugin('users-permissions').controller('auth').callback(koaContext);
+      const output = koaContext.body;
+      checkBadRequest(output);
+      return {
+        user: output.user || output,
+        jwt: output.jwt,
+      };
+    },
+  };
+};

package/server/graphql/mutations/auth/register.js ADDED Viewed

@@ -0,0 +1,36 @@
+'use strict';
+const { toPlainObject } = require('lodash/fp');
+const { checkBadRequest } = require('../../utils');
+module.exports = ({ nexus, strapi }) => {
+  const { nonNull } = nexus;
+  return {
+    type: nonNull('UsersPermissionsLoginPayload'),
+    args: {
+      input: nonNull('UsersPermissionsRegisterInput'),
+    },
+    description: 'Register a user',
+    async resolve(parent, args, context) {
+      const { koaContext } = context;
+      koaContext.request.body = toPlainObject(args.input);
+      await strapi.plugin('users-permissions').controller('auth').register(koaContext);
+      const output = koaContext.body;
+      checkBadRequest(output);
+      return {
+        user: output.user || output,
+        jwt: output.jwt,
+      };
+    },
+  };
+};

package/server/graphql/mutations/auth/reset-password.js ADDED Viewed

@@ -0,0 +1,38 @@
+'use strict';
+const { toPlainObject } = require('lodash/fp');
+const { checkBadRequest } = require('../../utils');
+module.exports = ({ nexus, strapi }) => {
+  const { nonNull } = nexus;
+  return {
+    type: 'UsersPermissionsLoginPayload',
+    args: {
+      password: nonNull('String'),
+      passwordConfirmation: nonNull('String'),
+      code: nonNull('String'),
+    },
+    description: 'Reset user password. Confirm with a code (resetToken from forgotPassword)',
+    async resolve(parent, args, context) {
+      const { koaContext } = context;
+      koaContext.request.body = toPlainObject(args);
+      await strapi.plugin('users-permissions').controller('auth').resetPassword(koaContext);
+      const output = koaContext.body;
+      checkBadRequest(output);
+      return {
+        user: output.user || output,
+        jwt: output.jwt,
+      };
+    },
+  };
+};