@strapi/plugin-users-permissions 0.0.0-de3d4081f5 → 0.0.0-deb656d24792ef3c29d49f986ce382fd655cd104

package/admin/src/components/BoundRoute/index.js

@@ -1,8 +1,6 @@
 import React from 'react';
 import styled from 'styled-components';
-import { Stack } from '@strapi/design-system/Stack';
-import { Box } from '@strapi/design-system/Box';
-import { Typography } from '@strapi/design-system/Typography';
+import { Stack, Box, Typography } from '@strapi/design-system';
 import map from 'lodash/map';
 import tail from 'lodash/tail';
 import { useIntl } from 'react-intl';

package/admin/src/components/FormModal/Input/index.js

@@ -6,8 +6,7 @@
 
 import React from 'react';
 import { useIntl } from 'react-intl';
-import { ToggleInput } from '@strapi/design-system/ToggleInput';
-import { TextInput } from '@strapi/design-system/TextInput';
+import { ToggleInput, TextInput } from '@strapi/design-system';
 import PropTypes from 'prop-types';
 
 const Input = ({

package/admin/src/components/FormModal/index.js

@@ -6,16 +6,18 @@
 
 import React from 'react';
 import { useIntl } from 'react-intl';
-import { Button } from '@strapi/design-system/Button';
-import { Stack } from '@strapi/design-system/Stack';
-import { Breadcrumbs, Crumb } from '@strapi/design-system/Breadcrumbs';
-import { Grid, GridItem } from '@strapi/design-system/Grid';
 import {
+  Button,
+  Stack,
+  Breadcrumbs,
+  Crumb,
+  Grid,
+  GridItem,
   ModalLayout,
   ModalHeader,
   ModalFooter,
   ModalBody,
-} from '@strapi/design-system/ModalLayout';
+} from '@strapi/design-system';
 import PropTypes from 'prop-types';
 import { Formik } from 'formik';
 import { Form } from '@strapi/helper-plugin';

package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js

@@ -1,5 +1,5 @@
 import styled, { css } from 'styled-components';
-import { Box } from '@strapi/design-system/Box';
+import { Box } from '@strapi/design-system';
 
 const activeCheckboxWrapperStyles = css`
   background: ${(props) => props.theme.colors.primary100};

package/admin/src/components/Permissions/PermissionRow/SubCategory.js

@@ -2,12 +2,8 @@ import React, { useCallback, useMemo } from 'react';
 import { get } from 'lodash';
 import styled from 'styled-components';
 import PropTypes from 'prop-types';
-import { Box } from '@strapi/design-system/Box';
-import { Checkbox } from '@strapi/design-system/Checkbox';
-import { Flex } from '@strapi/design-system/Flex';
-import { Typography } from '@strapi/design-system/Typography';
-import { Grid, GridItem } from '@strapi/design-system/Grid';
-import CogIcon from '@strapi/icons/Cog';
+import { Box, Checkbox, Flex, Typography, Grid, GridItem } from '@strapi/design-system';
+import { Cog as CogIcon } from '@strapi/icons';
 import { useIntl } from 'react-intl';
 import CheckboxWrapper from './CheckboxWrapper';
 import { useUsersPermissions } from '../../../contexts/UsersPermissionsContext';

package/admin/src/components/Permissions/PermissionRow/index.js

@@ -1,7 +1,7 @@
 import React, { useMemo } from 'react';
 import PropTypes from 'prop-types';
 import sortBy from 'lodash/sortBy';
-import { Box } from '@strapi/design-system/Box';
+import { Box } from '@strapi/design-system';
 import SubCategory from './SubCategory';
 
 const PermissionRow = ({ name, permissions }) => {

package/admin/src/components/Permissions/index.js

@@ -1,8 +1,6 @@
 import React, { useReducer } from 'react';
-import { Accordion, AccordionToggle, AccordionContent } from '@strapi/design-system/Accordion';
+import { Accordion, AccordionToggle, AccordionContent, Box, Stack } from '@strapi/design-system';
 import { useIntl } from 'react-intl';
-import { Box } from '@strapi/design-system/Box';
-import { Stack } from '@strapi/design-system/Stack';
 import { useUsersPermissions } from '../../contexts/UsersPermissionsContext';
 import formatPluginName from '../../utils/formatPluginName';
 import PermissionRow from './PermissionRow';

package/admin/src/components/Policies/index.js

@@ -1,8 +1,6 @@
 import React from 'react';
 import { useIntl } from 'react-intl';
-import { Typography } from '@strapi/design-system/Typography';
-import { Stack } from '@strapi/design-system/Stack';
-import { GridItem } from '@strapi/design-system/Grid';
+import { Typography, Stack, GridItem } from '@strapi/design-system';
 import { get, isEmpty, without } from 'lodash';
 import { useUsersPermissions } from '../../contexts/UsersPermissionsContext';
 import BoundRoute from '../BoundRoute';

package/admin/src/components/UsersPermissions/index.js

@@ -1,8 +1,6 @@
 import React, { memo, useReducer, forwardRef, useImperativeHandle } from 'react';
 import PropTypes from 'prop-types';
-import { Typography } from '@strapi/design-system/Typography';
-import { Stack } from '@strapi/design-system/Stack';
-import { Grid, GridItem } from '@strapi/design-system/Grid';
+import { Typography, Stack, Grid, GridItem } from '@strapi/design-system';
 import { useIntl } from 'react-intl';
 import getTrad from '../../utils/getTrad';
 import Policies from '../Policies';

package/admin/src/hooks/useFetchRole/index.js

@@ -1,13 +1,13 @@
 import { useCallback, useReducer, useEffect, useRef } from 'react';
-import { useNotification } from '@strapi/helper-plugin';
+import { useNotification, useFetchClient } from '@strapi/helper-plugin';
 import reducer, { initialState } from './reducer';
-import axiosIntance from '../../utils/axiosInstance';
 import pluginId from '../../pluginId';
 
 const useFetchRole = (id) => {
   const [state, dispatch] = useReducer(reducer, initialState);
   const toggleNotification = useNotification();
   const isMounted = useRef(null);
+  const { get } = useFetchClient();
 
   useEffect(() => {
     isMounted.current = true;
@@ -29,7 +29,7 @@ const useFetchRole = (id) => {
     try {
       const {
         data: { role },
-      } = await axiosIntance.get(`/${pluginId}/roles/${roleId}`);
+      } = await get(`/${pluginId}/roles/${roleId}`);
 
       // Prevent updating state on an unmounted component
       if (isMounted.current) {

package/admin/src/hooks/usePlugins/index.js

@@ -1,10 +1,9 @@
 import { useCallback, useEffect, useReducer } from 'react';
-import { useNotification } from '@strapi/helper-plugin';
+import { useNotification, useFetchClient } from '@strapi/helper-plugin';
 import { get } from 'lodash';
 import init from './init';
 import pluginId from '../../pluginId';
 import { cleanPermissions } from '../../utils';
-import axiosInstance from '../../utils/axiosInstance';
 import reducer, { initialState } from './reducer';
 
 const usePlugins = (shouldFetchData = true) => {
@@ -12,6 +11,7 @@ const usePlugins = (shouldFetchData = true) => {
   const [{ permissions, routes, isLoading }, dispatch] = useReducer(reducer, initialState, () =>
     init(initialState, shouldFetchData)
   );
+  const fetchClient = useFetchClient();
 
   const fetchPlugins = useCallback(async () => {
     try {
@@ -21,7 +21,7 @@ const usePlugins = (shouldFetchData = true) => {
 
       const [{ permissions }, { routes }] = await Promise.all(
         [`/${pluginId}/permissions`, `/${pluginId}/routes`].map(async (endpoint) => {
-          const res = await axiosInstance.get(endpoint);
+          const res = await fetchClient.get(endpoint);
 
           return res.data;
         })
@@ -46,6 +46,8 @@ const usePlugins = (shouldFetchData = true) => {
         });
       }
     }
+
+    // eslint-disable-next-line react-hooks/exhaustive-deps
   }, [toggleNotification]);
 
   useEffect(() => {

package/admin/src/pages/AdvancedSettings/index.js

@@ -13,16 +13,21 @@ import {
   useOverlayBlocker,
   useRBAC,
 } from '@strapi/helper-plugin';
-import { useNotifyAT } from '@strapi/design-system/LiveRegions';
-import { Main } from '@strapi/design-system/Main';
-import { HeaderLayout, ContentLayout } from '@strapi/design-system/Layout';
-import { Button } from '@strapi/design-system/Button';
-import { Box } from '@strapi/design-system/Box';
-import { Stack } from '@strapi/design-system/Stack';
-import { Select, Option } from '@strapi/design-system/Select';
-import { Typography } from '@strapi/design-system/Typography';
-import { Grid, GridItem } from '@strapi/design-system/Grid';
-import Check from '@strapi/icons/Check';
+import {
+  useNotifyAT,
+  Main,
+  HeaderLayout,
+  ContentLayout,
+  Button,
+  Box,
+  Stack,
+  Select,
+  Option,
+  Typography,
+  Grid,
+  GridItem,
+} from '@strapi/design-system';
+import { Check } from '@strapi/icons';
 import pluginPermissions from '../../permissions';
 import { getTrad } from '../../utils';
 import layout from './utils/layout';

package/admin/src/pages/AdvancedSettings/utils/api.js

@@ -1,13 +1,17 @@
-import { axiosInstance, getRequestURL } from '../../../utils';
+import { getFetchClient } from '@strapi/helper-plugin';
+import { getRequestURL } from '../../../utils';
 
 const fetchData = async () => {
-  const { data } = await axiosInstance.get(getRequestURL('advanced'));
+  const { get } = getFetchClient();
+  const { data } = await get(getRequestURL('advanced'));
 
   return data;
 };
 
 const putAdvancedSettings = (body) => {
-  return axiosInstance.put(getRequestURL('advanced'), body);
+  const { put } = getFetchClient();
+
+  return put(getRequestURL('advanced'), body);
 };
 
 export { fetchData, putAdvancedSettings };

package/admin/src/pages/EmailTemplates/components/EmailForm.js

@@ -8,11 +8,13 @@ import {
   ModalHeader,
   ModalFooter,
   ModalBody,
-} from '@strapi/design-system/ModalLayout';
-import { Grid, GridItem } from '@strapi/design-system/Grid';
-import { Button } from '@strapi/design-system/Button';
-import { Breadcrumbs, Crumb } from '@strapi/design-system/Breadcrumbs';
-import { Textarea } from '@strapi/design-system/Textarea';
+  Grid,
+  GridItem,
+  Button,
+  Breadcrumbs,
+  Crumb,
+  Textarea,
+} from '@strapi/design-system';
 import { getTrad } from '../../../utils';
 import schema from '../utils/schema';
 

package/admin/src/pages/EmailTemplates/components/EmailTable.js

@@ -1,15 +1,20 @@
 import React from 'react';
 import PropTypes from 'prop-types';
 import { useIntl } from 'react-intl';
-import { Table, Thead, Tbody, Tr, Td, Th } from '@strapi/design-system/Table';
-import { VisuallyHidden } from '@strapi/design-system/VisuallyHidden';
-import { Typography } from '@strapi/design-system/Typography';
-import { IconButton } from '@strapi/design-system/IconButton';
-import { Icon } from '@strapi/design-system/Icon';
-import Pencil from '@strapi/icons/Pencil';
-import Reload from '@strapi/icons/Refresh';
+import {
+  Table,
+  Thead,
+  Tbody,
+  Tr,
+  Td,
+  Th,
+  Typography,
+  IconButton,
+  Icon,
+  VisuallyHidden,
+} from '@strapi/design-system';
+import { Pencil, Refresh, Check } from '@strapi/icons';
 import { onRowClick, stopPropagation } from '@strapi/helper-plugin';
-import Check from '@strapi/icons/Check';
 import { getTrad } from '../../../utils';
 
 const EmailTable = ({ canUpdate, onEditClick }) => {
@@ -49,7 +54,7 @@ const EmailTable = ({ canUpdate, onEditClick }) => {
         <Tr {...onRowClick({ fn: () => onEditClick('reset_password') })}>
           <Td>
             <Icon>
-              <Reload
+              <Refresh
                 aria-label={formatMessage({
                   id: 'global.reset-password',
                   defaultMessage: 'Reset password',

package/admin/src/pages/EmailTemplates/index.js

@@ -11,9 +11,7 @@ import {
   useFocusWhenNavigate,
   LoadingIndicatorPage,
 } from '@strapi/helper-plugin';
-import { useNotifyAT } from '@strapi/design-system/LiveRegions';
-import { Main } from '@strapi/design-system/Main';
-import { ContentLayout, HeaderLayout } from '@strapi/design-system/Layout';
+import { useNotifyAT, Main, ContentLayout, HeaderLayout } from '@strapi/design-system';
 import pluginPermissions from '../../permissions';
 import { getTrad } from '../../utils';
 import { fetchData, putEmailTemplate } from './utils/api';

package/admin/src/pages/EmailTemplates/utils/api.js

@@ -1,13 +1,17 @@
-import { axiosInstance, getRequestURL } from '../../../utils';
+import { getFetchClient } from '@strapi/helper-plugin';
+import { getRequestURL } from '../../../utils';
 
 const fetchData = async () => {
-  const { data } = await axiosInstance.get(getRequestURL('email-templates'));
+  const { get } = getFetchClient();
+  const { data } = await get(getRequestURL('email-templates'));
 
   return data;
 };
 
 const putEmailTemplate = (body) => {
-  return axiosInstance.put(getRequestURL('email-templates'), body);
+  const { put } = getFetchClient();
+
+  return put(getRequestURL('email-templates'), body);
 };
 
 export { fetchData, putEmailTemplate };

package/admin/src/pages/Providers/index.js

@@ -14,15 +14,23 @@ import {
 } from '@strapi/helper-plugin';
 import has from 'lodash/has';
 import upperFirst from 'lodash/upperFirst';
-import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
-import { HeaderLayout, Layout, ContentLayout } from '@strapi/design-system/Layout';
-import { Main } from '@strapi/design-system/Main';
-import { useNotifyAT } from '@strapi/design-system/LiveRegions';
-import { Table, Thead, Tr, Th, Tbody, Td } from '@strapi/design-system/Table';
-import { Typography } from '@strapi/design-system/Typography';
-import { VisuallyHidden } from '@strapi/design-system/VisuallyHidden';
-import { IconButton } from '@strapi/design-system/IconButton';
-import Pencil from '@strapi/icons/Pencil';
+import {
+  HeaderLayout,
+  Layout,
+  ContentLayout,
+  Main,
+  useNotifyAT,
+  Table,
+  Thead,
+  Tr,
+  Th,
+  Tbody,
+  Td,
+  Typography,
+  IconButton,
+  VisuallyHidden,
+} from '@strapi/design-system';
+import { Pencil } from '@strapi/icons';
 import { useQuery, useMutation, useQueryClient } from 'react-query';
 import forms from './utils/forms';
 import { fetchData, putProvider } from './utils/api';
@@ -163,16 +171,9 @@ export const ProvidersPage = () => {
           <LoadingIndicatorPage />
         ) : (
           <ContentLayout>
-            <Table colCount={4} rowCount={rowCount + 1}>
+            <Table colCount={3} rowCount={rowCount + 1}>
               <Thead>
                 <Tr>
-                  <Th>
-                    <Typography variant="sigma" textColor="neutral600">
-                      <VisuallyHidden>
-                        {formatMessage({ id: getTrad('Providers.image'), defaultMessage: 'Image' })}
-                      </VisuallyHidden>
-                    </Typography>
-                  </Th>
                   <Th>
                     <Typography variant="sigma" textColor="neutral600">
                       {formatMessage({ id: 'global.name', defaultMessage: 'Name' })}
@@ -204,9 +205,6 @@ export const ProvidersPage = () => {
                       condition: canUpdate,
                     })}
                   >
-                    <Td width="">
-                      <FontAwesomeIcon icon={provider.icon} />
-                    </Td>
                     <Td width="45%">
                       <Typography fontWeight="semiBold" textColor="neutral800">
                         {provider.name}

package/admin/src/pages/Providers/utils/api.js

@@ -1,9 +1,11 @@
-import { getRequestURL, axiosInstance } from '../../../utils';
+import { getFetchClient } from '@strapi/helper-plugin';
+import { getRequestURL } from '../../../utils';
 
 // eslint-disable-next-line import/prefer-default-export
 export const fetchData = async (toggleNotification) => {
   try {
-    const { data } = await axiosInstance.get(getRequestURL('providers'));
+    const { get } = getFetchClient();
+    const { data } = await get(getRequestURL('providers'));
 
     return data;
   } catch (err) {
@@ -17,5 +19,7 @@ export const fetchData = async (toggleNotification) => {
 };
 
 export const putProvider = (body) => {
-  return axiosInstance.put(getRequestURL('providers'), body);
+  const { put } = getFetchClient();
+
+  return put(getRequestURL('providers'), body);
 };

package/admin/src/pages/Providers/utils/forms.js

@@ -173,6 +173,21 @@ const forms = {
           },
         },
       ],
+      [
+        {
+          intlLabel: {
+            id: getTrad({ id: 'PopUpForm.Providers.jwksurl.label' }),
+            defaultMessage: 'JWKS URL',
+          },
+          name: 'jwksurl',
+          type: 'text',
+          placeholder: textPlaceholder,
+          size: 12,
+          validations: {
+            required: false,
+          },
+        },
+      ],
 
       [
         {

package/admin/src/pages/Roles/CreatePage/index.js

@@ -1,20 +1,25 @@
 import React, { useState, useRef } from 'react';
 import { useHistory } from 'react-router-dom';
-import { ContentLayout, HeaderLayout } from '@strapi/design-system/Layout';
-import { Main } from '@strapi/design-system/Main';
-import { Button } from '@strapi/design-system/Button';
-import { Stack } from '@strapi/design-system/Stack';
-import { Box } from '@strapi/design-system/Box';
-import { TextInput } from '@strapi/design-system/TextInput';
-import { Textarea } from '@strapi/design-system/Textarea';
-import { Typography } from '@strapi/design-system/Typography';
-import Check from '@strapi/icons/Check';
-import { GridItem, Grid } from '@strapi/design-system/Grid';
+import {
+  ContentLayout,
+  HeaderLayout,
+  Main,
+  Button,
+  Stack,
+  Box,
+  TextInput,
+  Textarea,
+  Typography,
+  GridItem,
+  Grid,
+} from '@strapi/design-system';
+import { Check } from '@strapi/icons';
 import { Formik } from 'formik';
 import { useIntl } from 'react-intl';
 import {
   useOverlayBlocker,
   SettingsPageTitle,
+  useFetchClient,
   useTracking,
   Form,
   useNotification,
@@ -24,7 +29,6 @@ import getTrad from '../../../utils/getTrad';
 import pluginId from '../../../pluginId';
 import { usePlugins } from '../../../hooks';
 import schema from './utils/schema';
-import axiosInstance from '../../../utils/axiosInstance';
 
 const EditPage = () => {
   const { formatMessage } = useIntl();
@@ -35,6 +39,7 @@ const EditPage = () => {
   const { isLoading: isLoadingPlugins, permissions, routes } = usePlugins();
   const { trackUsage } = useTracking();
   const permissionsRef = useRef();
+  const { post } = useFetchClient();
 
   const handleCreateRoleSubmit = async (data) => {
     // Set loading state
@@ -43,7 +48,7 @@ const EditPage = () => {
     try {
       const permissions = permissionsRef.current.getPermissions();
       // Update role in Strapi
-      await axiosInstance.post(`/${pluginId}/roles`, { ...data, ...permissions, users: [] });
+      await post(`/${pluginId}/roles`, { ...data, ...permissions, users: [] });
       // Notify success
       trackUsage('didCreateRole');
       toggleNotification({

package/admin/src/pages/Roles/EditPage/index.js

@@ -3,6 +3,7 @@ import { Formik } from 'formik';
 import { useIntl } from 'react-intl';
 import { useRouteMatch } from 'react-router-dom';
 import {
+  useFetchClient,
   useOverlayBlocker,
   SettingsPageTitle,
   LoadingIndicatorPage,
@@ -10,23 +11,25 @@ import {
   useNotification,
   Link,
 } from '@strapi/helper-plugin';
-import { ContentLayout, HeaderLayout } from '@strapi/design-system/Layout';
-import { Main } from '@strapi/design-system/Main';
-import { Button } from '@strapi/design-system/Button';
-import { Stack } from '@strapi/design-system/Stack';
-import { Box } from '@strapi/design-system/Box';
-import { TextInput } from '@strapi/design-system/TextInput';
-import { Textarea } from '@strapi/design-system/Textarea';
-import { Typography } from '@strapi/design-system/Typography';
-import ArrowLeft from '@strapi/icons/ArrowLeft';
-import Check from '@strapi/icons/Check';
-import { GridItem, Grid } from '@strapi/design-system/Grid';
+import {
+  ContentLayout,
+  HeaderLayout,
+  Main,
+  Button,
+  Stack,
+  Box,
+  TextInput,
+  Textarea,
+  Typography,
+  GridItem,
+  Grid,
+} from '@strapi/design-system';
+import { ArrowLeft, Check } from '@strapi/icons';
 import UsersPermissions from '../../../components/UsersPermissions';
 import getTrad from '../../../utils/getTrad';
 import pluginId from '../../../pluginId';
 import { usePlugins, useFetchRole } from '../../../hooks';
 import schema from './utils/schema';
-import axiosInstance from '../../../utils/axiosInstance';
 
 const EditPage = () => {
   const { formatMessage } = useIntl();
@@ -39,6 +42,7 @@ const EditPage = () => {
   const { isLoading: isLoadingPlugins, routes } = usePlugins();
   const { role, onSubmitSucceeded, isLoading: isLoadingRole } = useFetchRole(id);
   const permissionsRef = useRef();
+  const { put } = useFetchClient();
 
   const handleEditRoleSubmit = async (data) => {
     // Set loading state
@@ -47,7 +51,7 @@ const EditPage = () => {
     try {
       const permissions = permissionsRef.current.getPermissions();
       // Update role in Strapi
-      await axiosInstance.put(`/${pluginId}/roles/${id}`, { ...data, ...permissions, users: [] });
+      await put(`/${pluginId}/roles/${id}`, { ...data, ...permissions, users: [] });
       // Notify success
       onSubmitSucceeded({ name: data.name, description: data.description });
       toggleNotification({

package/admin/src/pages/Roles/ListPage/components/TableBody.js

@@ -1,11 +1,7 @@
 import React from 'react';
 import PropTypes from 'prop-types';
-import { IconButton } from '@strapi/design-system/IconButton';
-import { Typography } from '@strapi/design-system/Typography';
-import { Flex } from '@strapi/design-system/Flex';
-import { Tbody, Tr, Td } from '@strapi/design-system/Table';
-import Pencil from '@strapi/icons/Pencil';
-import Trash from '@strapi/icons/Trash';
+import { IconButton, Typography, Flex, Tbody, Tr, Td } from '@strapi/design-system';
+import { Pencil, Trash } from '@strapi/icons';
 import { CheckPermissions, onRowClick, stopPropagation } from '@strapi/helper-plugin';
 import { useIntl } from 'react-intl';
 import { useHistory } from 'react-router-dom';

package/admin/src/pages/Roles/ListPage/index.js

@@ -1,12 +1,20 @@
 import React, { useMemo, useState } from 'react';
-import { Button } from '@strapi/design-system/Button';
-import { HeaderLayout, Layout, ContentLayout, ActionLayout } from '@strapi/design-system/Layout';
-import { Main } from '@strapi/design-system/Main';
-import { Table, Tr, Thead, Th } from '@strapi/design-system/Table';
-import { VisuallyHidden } from '@strapi/design-system/VisuallyHidden';
-import { Typography } from '@strapi/design-system/Typography';
-import { useNotifyAT } from '@strapi/design-system/LiveRegions';
-import Plus from '@strapi/icons/Plus';
+import {
+  Button,
+  HeaderLayout,
+  Layout,
+  ContentLayout,
+  ActionLayout,
+  Main,
+  Table,
+  Tr,
+  Thead,
+  Th,
+  Typography,
+  useNotifyAT,
+  VisuallyHidden,
+} from '@strapi/design-system';
+import { Plus } from '@strapi/icons';
 import {
   useTracking,
   SettingsPageTitle,

package/admin/src/pages/Roles/ListPage/utils/api.js

@@ -1,8 +1,10 @@
-import { getRequestURL, axiosInstance } from '../../../../utils';
+import { getFetchClient } from '@strapi/helper-plugin';
+import { getRequestURL } from '../../../../utils';
 
 export const fetchData = async (toggleNotification, notifyStatus) => {
   try {
-    const { data } = await axiosInstance.get(getRequestURL('roles'));
+    const { get } = getFetchClient();
+    const { data } = await get(getRequestURL('roles'));
     notifyStatus('The roles have loaded successfully');
 
     return data;
@@ -18,7 +20,8 @@ export const fetchData = async (toggleNotification, notifyStatus) => {
 
 export const deleteData = async (id, toggleNotification) => {
   try {
-    await axiosInstance.delete(`${getRequestURL('roles')}/${id}`);
+    const { del } = getFetchClient();
+    await del(`${getRequestURL('roles')}/${id}`);
   } catch (error) {
     toggleNotification({
       type: 'warning',

package/admin/src/translations/dk.json

@@ -54,7 +54,6 @@
   "PopUpForm.header.edit.email-templates": "Redigér e-mail skabeloner",
   "PopUpForm.header.edit.providers": "Redigér udbydere",
   "Providers.data.loaded": "Providers hentet",
-  "Providers.image": "Billede",
   "Providers.status": "Status",
   "Roles.empty": "Du har endnu ingen roller.",
   "Roles.empty.search": "Ingen roller matcher søgningen.",

package/admin/src/translations/en.json

@@ -54,7 +54,6 @@
   "PopUpForm.header.edit.email-templates": "Edit email template",
   "PopUpForm.header.edit.providers": "Edit Provider",
   "Providers.data.loaded": "Providers have been loaded",
-  "Providers.image": "Image",
   "Providers.status": "Status",
   "Roles.empty": "You don't have any roles yet.",
   "Roles.empty.search": "No roles match the search.",

package/admin/src/translations/es.json

@@ -54,7 +54,6 @@
   "PopUpForm.header.edit.email-templates": "Editar Plantillas de Email",
   "PopUpForm.header.edit.providers": "Editar proveedor",
   "Providers.data.loaded": "Los proveedores se han cargado",
-  "Providers.image": "Imagen",
   "Providers.status": "Estado",
   "Roles.empty": "Aún no tienes ningún rol.",
   "Roles.empty.search": "Ningún rol coincide con la búsqueda.",

package/admin/src/translations/ko.json

@@ -54,7 +54,6 @@
   "PopUpForm.header.edit.email-templates": "이메일 템플릿 수정",
   "PopUpForm.header.edit.providers": "프로바이더 수정",
   "Providers.data.loaded": "프로바이더를 불러왔습니다.",
-  "Providers.image": "이미지",
   "Providers.status": "상태",
   "Roles.empty": "아직 역할이 없습니다.",
   "Roles.empty.search": "검색과 일치하는 역할이 없습니다.",

package/admin/src/translations/pl.json

@@ -54,7 +54,6 @@
   "PopUpForm.header.edit.email-templates": "Zmień szablony e-mail",
   "PopUpForm.header.edit.providers": "Edytuj dostawcę",
   "Providers.data.loaded": "Dostawcy zostali załadowani",
-  "Providers.image": "Obrazek",
   "Providers.status": "Status",
   "Roles.empty": "Nie masz jeszcze żadnych ról.",
   "Roles.empty.search": "Żadne role nie pasują do wyszukiwania.",

package/admin/src/translations/sv.json

@@ -54,7 +54,6 @@
   "PopUpForm.header.edit.email-templates": "Redigera e-postmallar",
   "PopUpForm.header.edit.providers": "Redigera tjänst",
   "Providers.data.loaded": "Tjänster har laddats in",
-  "Providers.image": "Bild",
   "Providers.status": "Status",
   "Roles.empty": "Du har inga roller än.",
   "Roles.empty.search": "Inga roller matchar sökningen.",

package/admin/src/translations/tr.json

@@ -10,6 +10,16 @@
   "EditForm.inputToggle.label.email-confirmation": "E-posta onayını etkinleştir",
   "EditForm.inputToggle.label.email-confirmation-redirection": "Yönlendirme URL'si",
   "EditForm.inputToggle.label.sign-up": "Kayıtları etkinleştir",
+  "EditForm.inputToggle.placeholder.email-confirmation-redirection": "ör: https://yourfrontend.com/email-confirmation-redirection",
+  "EditForm.inputToggle.placeholder.email-reset-password": "ör: https://yourfrontend.com/reset-password",
+  "EditPage.form.roles": "Rol detayları",
+  "Email.template.data.loaded": "E-posta şablonları yüklendi",
+  "Email.template.email_confirmation": "E-posta adresi doğrulaması",
+  "Email.template.form.edit.label": "Şablonu düzenle",
+  "Email.template.table.action.label": "eylem",
+  "Email.template.table.icon.label": "ikon",
+  "Email.template.table.name.label": "ad",
+  "Form.advancedSettings.data.loaded": "Gelişmiş ayarlar verisi yüklendi",
   "HeaderNav.link.advancedSettings": "Gelişmiş Ayarlar",
   "HeaderNav.link.emailTemplates": "E-posta Şablonları",
   "HeaderNav.link.providers": "Sağlayıcıları",
@@ -19,12 +29,14 @@
   "Policies.header.hint": "Uygulamanın eylemlerini veya eklentinin eylemlerini seçin ve bağlı rotayı görüntülemek için dişli çark simgesini tıklayın",
   "Policies.header.title": "Gelişmiş Ayarlar",
   "PopUpForm.Email.email_templates.inputDescription": "Değişkenleri nasıl kullanacağınızdan emin değilseniz, {link}",
+  "PopUpForm.Email.link.documentation": "dokümantasyonu kontrol et.",
   "PopUpForm.Email.options.from.email.label": "Gönderenin E-posta",
   "PopUpForm.Email.options.from.email.placeholder": "kai@doe.com",
   "PopUpForm.Email.options.from.name.label": "Gönderenin adı",
   "PopUpForm.Email.options.from.name.placeholder": "Kai Doe",
   "PopUpForm.Email.options.message.label": "Mesaj",
   "PopUpForm.Email.options.object.label": "Konu",
+  "PopUpForm.Email.options.object.placeholder": "%APP_NAME% için e-posta adresini doğrula",
   "PopUpForm.Email.options.response_email.label": "Yanıt e-postası",
   "PopUpForm.Email.options.response_email.placeholder": "kai@doe.com",
   "PopUpForm.Providers.enabled.description": "Devre dışı bırakıldıysa kullanıcılar bu sağlayıcıyı kullanamaz.",
@@ -32,13 +44,38 @@
   "PopUpForm.Providers.key.label": "Web istemcisi ID",
   "PopUpForm.Providers.key.placeholder": "METİN",
   "PopUpForm.Providers.redirectURL.front-end.label": "Arayüz uygulamanızın yönlendirme URL'si",
+  "PopUpForm.Providers.redirectURL.label": "{provider} uygulama ayarlarına ekleyeceğin yönlendirme URLi",
   "PopUpForm.Providers.secret.label": "Web istemcisi Secret",
   "PopUpForm.Providers.secret.placeholder": "METİN",
   "PopUpForm.Providers.subdomain.label": "Host URI (Subdomain)",
   "PopUpForm.Providers.subdomain.placeholder": "my.subdomain.com",
   "PopUpForm.header.edit.email-templates": "E-posta Şablonlarını Düzenle",
+  "PopUpForm.header.edit.providers": "Sağlayıcıyı Düzenle",
+  "Providers.data.loaded": "Sağlayıcılar yüklendi",
+  "Providers.image": "Görsel",
+  "Providers.status": "Durum",
+  "Roles.empty": "Henüz hiç rolün yok.",
+  "Roles.empty.search": "Aramaya uygun rol bulunmadı.",
+  "Settings.roles.deleted": "Rol silindi",
+  "Settings.roles.edited": "Rol düzenlendi",
+  "Settings.section-label": "Kullanıcılar ve İzinler eklentisi",
+  "components.Input.error.validation.email": "Bu geçersiz bir e-posta",
+  "components.Input.error.validation.json": "Bu JSON biçimine uymuyor",
+  "components.Input.error.validation.max": "Değer çok yüksek.",
+  "components.Input.error.validation.maxLength": "Değer çok uzun.",
+  "components.Input.error.validation.min": "Değer çok düşük.",
+  "components.Input.error.validation.minLength": "Değer çok kısa.",
+  "components.Input.error.validation.minSupMax": "Üst olamaz",
+  "components.Input.error.validation.regex": "Değer RegExp'e uymuyor.",
+  "components.Input.error.validation.required": "Değer gerekli.",
+  "components.Input.error.validation.unique": "Değer zaten kullanılıyor.",
   "notification.success.submit": "Ayarlar güncellendi",
+  "page.title": "Ayarlar - Roller",
   "plugin.description.long": "Servisinizi JWT'ye dayalı tam bir kimlik doğrulama işlemi ile koruyun. Bu eklenti, kullanıcı grupları arasındaki izinleri yönetmenize izin veren bir ACL stratejisiyle de gelir.",
   "plugin.description.short": "Servisinizi JWT'ye dayalı tam bir kimlik doğrulama işlemi ile koruyun",
-  "plugin.name": "Roller & İzinler"
+  "plugin.name": "Roller ve İzinler",
+  "popUpWarning.button.cancel": "İptal Et",
+  "popUpWarning.button.confirm": "Onayla",
+  "popUpWarning.title": "Lütfen onayla",
+  "popUpWarning.warning.cancel": "Değişiklikleri iptal etmek istediğinden emin misin?"
 }

package/admin/src/translations/zh.json

@@ -5,11 +5,23 @@
   "EditForm.inputToggle.description.email": "禁止使用者使用同一個電子郵件地址 + 不同的驗證方式註冊多個帳號",
   "EditForm.inputToggle.description.email-confirmation": "當啟用後，新註冊的使用者將會收到一封認證郵件。",
   "EditForm.inputToggle.description.email-confirmation-redirection": "認證完後後，使用者被重新導向的網址。",
+  "EditForm.inputToggle.description.email-reset-password": "您的應用程式的重設密碼頁面的網址",
   "EditForm.inputToggle.description.sign-up": "當停用後，不論使用任何驗證方式使用者將無法註冊。",
   "EditForm.inputToggle.label.email": "電子郵件地址單一帳號限制",
   "EditForm.inputToggle.label.email-confirmation": "啟用電子郵件地址驗證",
   "EditForm.inputToggle.label.email-confirmation-redirection": "重新導向網址",
+  "EditForm.inputToggle.label.email-reset-password": "密碼重設頁面",
   "EditForm.inputToggle.label.sign-up": "啟用註冊",
+  "EditForm.inputToggle.placeholder.email-confirmation-redirection": "例如：https://yourfrontend.com/email-confirmation-redirection",
+  "EditForm.inputToggle.placeholder.email-reset-password": "例如：https://yourfrontend.com/reset-password",
+  "EditPage.form.roles": "角色詳細資訊",
+  "Email.template.data.loaded": "已載入電子郵件範本",
+  "Email.template.email_confirmation": "電子郵件地址確認",
+  "Email.template.form.edit.label": "編輯範本",
+  "Email.template.table.action.label": "操作",
+  "Email.template.table.icon.label": "圖示",
+  "Email.template.table.name.label": "名稱",
+  "Form.advancedSettings.data.loaded": "已載入進階設定資料",
   "HeaderNav.link.advancedSettings": "進階設定",
   "HeaderNav.link.emailTemplates": "郵件範本",
   "HeaderNav.link.providers": "驗證方式",
@@ -19,12 +31,14 @@
   "Policies.header.hint": "選取應用程式或擴充功能的操作然後點擊齒輪圖示以顯示綁定路徑",
   "Policies.header.title": "進階設定",
   "PopUpForm.Email.email_templates.inputDescription": "如果您不確定要怎麼使用變數，請 {link}",
+  "PopUpForm.Email.link.documentation": "查閱我們的說明文件。",
   "PopUpForm.Email.options.from.email.label": "寄件人地址",
   "PopUpForm.Email.options.from.email.placeholder": "kai@doe.com",
   "PopUpForm.Email.options.from.name.label": "寄件人名稱",
   "PopUpForm.Email.options.from.name.placeholder": "Kai Doe",
   "PopUpForm.Email.options.message.label": "訊息",
   "PopUpForm.Email.options.object.label": "主旨",
+  "PopUpForm.Email.options.object.placeholder": "請驗證 %APP_NAME% 的電子郵件地址",
   "PopUpForm.Email.options.response_email.label": "回覆地址",
   "PopUpForm.Email.options.response_email.placeholder": "kai@doe.com",
   "PopUpForm.Providers.enabled.description": "如果停用，使用者將無法使用這個驗證方式",
@@ -32,13 +46,37 @@
   "PopUpForm.Providers.key.label": "客戶端 ID",
   "PopUpForm.Providers.key.placeholder": "TEXT",
   "PopUpForm.Providers.redirectURL.front-end.label": "您應用程式的前端頁面網址",
+  "PopUpForm.Providers.redirectURL.label": "The redirect URL to add in your {provider} application configurations",
   "PopUpForm.Providers.secret.label": "客戶端密鑰",
   "PopUpForm.Providers.secret.placeholder": "TEXT",
-  "PopUpForm.Providers.subdomain.label": "Host URI (Subdomain)",
+  "PopUpForm.Providers.subdomain.label": "Host URI (子網域)",
   "PopUpForm.Providers.subdomain.placeholder": "my.subdomain.com",
   "PopUpForm.header.edit.email-templates": "編輯郵件範本",
+  "PopUpForm.header.edit.providers": "編輯供應者",
+  "Providers.data.loaded": "已載入供應者",
+  "Providers.status": "狀態",
+  "Roles.empty": "您目前沒有任何角色。",
+  "Roles.empty.search": "沒有符合搜尋的角色。",
+  "Settings.roles.deleted": "已刪除角色",
+  "Settings.roles.edited": "已編輯角色",
+  "Settings.section-label": "使用者與權限外掛程式",
+  "components.Input.error.validation.email": "此電子郵件地址無效",
+  "components.Input.error.validation.json": "不符合 JSON 格式",
+  "components.Input.error.validation.max": "數值過高。",
+  "components.Input.error.validation.maxLength": "數值過長。",
+  "components.Input.error.validation.min": "數值過低。",
+  "components.Input.error.validation.minLength": "數值過短。",
+  "components.Input.error.validation.minSupMax": "Can't be superior",
+  "components.Input.error.validation.regex": "數值與 regex 不符。",
+  "components.Input.error.validation.required": "此數值為必填。",
+  "components.Input.error.validation.unique": "此值已被使用。",
   "notification.success.submit": "設定已更新",
+  "page.title": "設定 - 角色",
   "plugin.description.long": "使用 JWT 認證保護您的 API。這個擴充功能也使用 ACL 來讓你管理不同群組使用者的權限。",
   "plugin.description.short": "使用 JWT 認證保護您的 API",
-  "plugin.name": "身份與權限"
+  "plugin.name": "身份與權限",
+  "popUpWarning.button.cancel": "取消",
+  "popUpWarning.button.confirm": "確認",
+  "popUpWarning.title": "請確認",
+  "popUpWarning.warning.cancel": "您確定要取消變更嗎？"
 }

package/admin/src/utils/index.js

@@ -1,4 +1,3 @@
-export { default as axiosInstance } from './axiosInstance';
 export { default as cleanPermissions } from './cleanPermissions';
 export { default as getRequestURL } from './getRequestURL';
 export { default as getTrad } from './getTrad';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "0.0.0-de3d4081f5",
+  "version": "0.0.0-deb656d24792ef3c29d49f986ce382fd655cd104",
   "description": "Protect your API with a full-authentication process based on JWT",
   "repository": {
     "type": "git",
@@ -27,22 +27,22 @@
     "test:front:watch:ce": "cross-env IS_EE=false jest --config ./jest.config.front.js --watchAll"
   },
   "dependencies": {
-    "@strapi/helper-plugin": "0.0.0-de3d4081f5",
-    "@strapi/utils": "0.0.0-de3d4081f5",
+    "@strapi/helper-plugin": "0.0.0-deb656d24792ef3c29d49f986ce382fd655cd104",
+    "@strapi/utils": "0.0.0-deb656d24792ef3c29d49f986ce382fd655cd104",
     "bcryptjs": "2.4.3",
     "grant-koa": "5.4.8",
-    "jsonwebtoken": "^8.1.0",
+    "jsonwebtoken": "9.0.0",
+    "jwk-to-pem": "2.0.5",
     "koa": "^2.13.4",
     "koa2-ratelimit": "^1.1.2",
     "lodash": "4.17.21",
     "purest": "4.0.2",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
-    "react-intl": "5.25.1",
-    "react-redux": "7.2.8",
+    "react-intl": "6.2.8",
+    "react-redux": "8.0.5",
     "react-router": "^5.2.0",
-    "react-router-dom": "5.2.0",
-    "request": "^2.83.0",
+    "react-router-dom": "5.3.4",
     "url-join": "4.0.1"
   },
   "devDependencies": {
@@ -50,7 +50,7 @@
     "@testing-library/react": "12.1.4",
     "@testing-library/react-hooks": "8.0.1",
     "@testing-library/user-event": "14.4.3",
-    "msw": "0.42.3",
+    "msw": "1.0.1",
     "react-test-renderer": "^17.0.2"
   },
   "engines": {
@@ -64,5 +64,5 @@
     "required": true,
     "kind": "plugin"
   },
-  "gitHead": "de3d4081f5b32a6b265f993384f30c5b7b3ffcf7"
+  "gitHead": "deb656d24792ef3c29d49f986ce382fd655cd104"
 }

package/server/bootstrap/grant-config.js

@@ -120,4 +120,12 @@ module.exports = (baseURL) => ({
     scope: ['openid email'], // scopes should be space delimited
     subdomain: 'my.subdomain.com/cas',
   },
+  patreon: {
+    enabled: false,
+    icon: '',
+    key: '',
+    secret: '',
+    callback: `${baseURL}/patreon/callback`,
+    scope: ['identity', 'identity[email]'],
+  },
 });

package/server/controllers/validation/email-template.js

@@ -1,8 +1,17 @@
 'use strict';
 
-const _ = require('lodash');
+const { trim } = require('lodash/fp');
+const {
+  template: { createLooseInterpolationRegExp, createStrictInterpolationRegExp },
+} = require('@strapi/utils');
+
+const invalidPatternsRegexes = [
+  // Ignore "evaluation" patterns: <% ... %>
+  /<%[^=]([\s\S]*?)%>/m,
+  // Ignore basic string interpolations
+  /\${([^{}]*)}/m,
+];
 
-const invalidPatternsRegexes = [/<%[^=]([^<>%]*)%>/m, /\${([^{}]*)}/m];
 const authorizedKeys = [
   'URL',
   'ADMIN_URL',
@@ -19,27 +28,42 @@ const matchAll = (pattern, src) => {
   let match;
 
   const regexPatternWithGlobal = RegExp(pattern, 'g');
+
   // eslint-disable-next-line no-cond-assign
   while ((match = regexPatternWithGlobal.exec(src))) {
     const [, group] = match;
 
-    matches.push(_.trim(group));
+    matches.push(trim(group));
   }
+
   return matches;
 };
 
 const isValidEmailTemplate = (template) => {
+  // Check for known invalid patterns
   for (const reg of invalidPatternsRegexes) {
     if (reg.test(template)) {
       return false;
     }
   }
 
-  const matches = matchAll(/<%=([^<>%=]*)%>/, template);
-  for (const match of matches) {
-    if (!authorizedKeys.includes(match)) {
-      return false;
-    }
+  const interpolation = {
+    // Strict interpolation pattern to match only valid groups
+    strict: createStrictInterpolationRegExp(authorizedKeys),
+    // Weak interpolation pattern to match as many group as possible.
+    loose: createLooseInterpolationRegExp(),
+  };
+
+  // Compute both strict & loose matches
+  const strictMatches = matchAll(interpolation.strict, template);
+  const looseMatches = matchAll(interpolation.loose, template);
+
+  // If we have more matches with the loose RegExp than with the strict one,
+  // then it means that at least one of the interpolation group is invalid
+  // Note: In the future, if we wanted to give more details for error formatting
+  // purposes, we could return the difference between the two arrays
+  if (looseMatches.length > strictMatches.length) {
+    return false;
   }
 
   return true;

package/server/services/providers-registry.js

@@ -2,10 +2,53 @@
 
 const { strict: assert } = require('assert');
 const jwt = require('jsonwebtoken');
+const jwkToPem = require('jwk-to-pem');
+
+const getCognitoPayload = async ({ idToken, jwksUrl, purest }) => {
+  const {
+    header: { kid },
+    payload,
+  } = jwt.decode(idToken, { complete: true });
+
+  if (!payload || !kid) {
+    throw new Error('The provided token is not valid');
+  }
+
+  const config = {
+    cognito: {
+      discovery: {
+        origin: jwksUrl.origin,
+        path: jwksUrl.pathname,
+      },
+    },
+  };
+  try {
+    const cognito = purest({ provider: 'cognito', config });
+    // get the JSON Web Key (JWK) for the user pool
+    const { body: jwk } = await cognito('discovery').request();
+    // Get the key with the same Key ID as the provided token
+    const key = jwk.keys.find(({ kid: jwkKid }) => jwkKid === kid);
+    const pem = jwkToPem(key);
+
+    // https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-verifying-a-jwt.html
+    const decodedToken = await new Promise((resolve, reject) => {
+      jwt.verify(idToken, pem, { algorithms: ['RS256'] }, (err, decodedToken) => {
+        if (err) {
+          reject();
+        }
+        resolve(decodedToken);
+      });
+    });
+    return decodedToken;
+  } catch (err) {
+    throw new Error('There was an error verifying the token');
+  }
+};
 
 const getInitialProviders = ({ purest }) => ({
   async discord({ accessToken }) {
     const discord = purest({ provider: 'discord' });
+
     return discord
       .get('users/@me')
       .auth(accessToken)
@@ -19,19 +62,14 @@ const getInitialProviders = ({ purest }) => ({
         };
       });
   },
-  async cognito({ query }) {
-    // get the id_token
+  async cognito({ query, providers }) {
+    const jwksUrl = new URL(providers.cognito.jwksurl);
     const idToken = query.id_token;
-    // decode the jwt token
-    const tokenPayload = jwt.decode(idToken);
-    if (!tokenPayload) {
-      throw new Error('unable to decode jwt token');
-    } else {
-      return {
-        username: tokenPayload['cognito:username'],
-        email: tokenPayload.email,
-      };
-    }
+    const tokenPayload = await getCognitoPayload({ idToken, jwksUrl, purest });
+    return {
+      username: tokenPayload['cognito:username'],
+      email: tokenPayload.email,
+    };
   },
   async facebook({ accessToken }) {
     const facebook = purest({ provider: 'facebook' });
@@ -264,6 +302,35 @@ const getInitialProviders = ({ purest }) => ({
         };
       });
   },
+  async patreon({ accessToken }) {
+    const patreon = purest({
+      provider: 'patreon',
+      config: {
+        patreon: {
+          default: {
+            origin: 'https://www.patreon.com',
+            path: 'api/oauth2/{path}',
+            headers: {
+              authorization: 'Bearer {auth}',
+            },
+          },
+        },
+      },
+    });
+
+    return patreon
+      .get('v2/identity')
+      .auth(accessToken)
+      .qs(new URLSearchParams({ 'fields[user]': 'full_name,email' }).toString())
+      .request()
+      .then(({ body }) => {
+        const patreonData = body.data.attributes;
+        return {
+          username: patreonData.full_name,
+          email: patreonData.email,
+        };
+      });
+  },
 });
 
 module.exports = () => {

package/server/services/providers.js

@@ -78,7 +78,7 @@ module.exports = ({ strapi }) => {
       return user;
     }
 
-    if (users.length > 1 && advancedSettings.unique_email) {
+    if (users.length && advancedSettings.unique_email) {
       throw new Error('Email is already taken.');
     }
 

package/server/services/user.js

@@ -109,17 +109,25 @@ module.exports = ({ strapi }) => ({
     await this.edit(user.id, { confirmationToken });
 
     const apiPrefix = strapi.config.get('api.rest.prefix');
-    settings.message = await userPermissionService.template(settings.message, {
-      URL: urlJoin(getAbsoluteServerUrl(strapi.config), apiPrefix, '/auth/email-confirmation'),
-      SERVER_URL: getAbsoluteServerUrl(strapi.config),
-      ADMIN_URL: getAbsoluteAdminUrl(strapi.config),
-      USER: sanitizedUserInfo,
-      CODE: confirmationToken,
-    });
 
-    settings.object = await userPermissionService.template(settings.object, {
-      USER: sanitizedUserInfo,
-    });
+    try {
+      settings.message = await userPermissionService.template(settings.message, {
+        URL: urlJoin(getAbsoluteServerUrl(strapi.config), apiPrefix, '/auth/email-confirmation'),
+        SERVER_URL: getAbsoluteServerUrl(strapi.config),
+        ADMIN_URL: getAbsoluteAdminUrl(strapi.config),
+        USER: sanitizedUserInfo,
+        CODE: confirmationToken,
+      });
+
+      settings.object = await userPermissionService.template(settings.object, {
+        USER: sanitizedUserInfo,
+      });
+    } catch {
+      strapi.log.error(
+        '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for "user confirmation email". Please make sure your email template is valid and does not contain invalid characters or patterns'
+      );
+      return;
+    }
 
     // Send an email to the user.
     await strapi

package/server/services/users-permissions.js

@@ -3,6 +3,11 @@
 const _ = require('lodash');
 const { filter, map, pipe, prop } = require('lodash/fp');
 const urlJoin = require('url-join');
+const {
+  template: { createStrictInterpolationRegExp },
+  errors,
+  keysDeep,
+} = require('@strapi/utils');
 
 const { getService } = require('../utils');
 
@@ -230,7 +235,15 @@ module.exports = ({ strapi }) => ({
   },
 
   template(layout, data) {
-    const compiledObject = _.template(layout);
-    return compiledObject(data);
+    const allowedTemplateVariables = keysDeep(data);
+
+    // Create a strict interpolation RegExp based on possible variable names
+    const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');
+
+    try {
+      return _.template(layout, { interpolate, evaluate: false, escape: false })(data);
+    } catch (e) {
+      throw new errors.ApplicationError('Invalid email template');
+    }
   },
 });

package/admin/src/utils/axiosInstance.js

@@ -1,36 +0,0 @@
-import axios from 'axios';
-import { auth } from '@strapi/helper-plugin';
-
-const instance = axios.create({
-  baseURL: process.env.STRAPI_ADMIN_BACKEND_URL,
-});
-
-instance.interceptors.request.use(
-  async (config) => {
-    config.headers = {
-      Authorization: `Bearer ${auth.getToken()}`,
-      Accept: 'application/json',
-      'Content-Type': 'application/json',
-    };
-
-    return config;
-  },
-  (error) => {
-    Promise.reject(error);
-  }
-);
-
-instance.interceptors.response.use(
-  (response) => response,
-  (error) => {
-    // whatever you want to do with the error
-    if (error.response?.status === 401) {
-      auth.clearAppStorage();
-      window.location.reload();
-    }
-
-    throw error;
-  }
-);
-
-export default instance;