@strapi/plugin-users-permissions 0.0.0-next.ce51df0e18404afc8a1aa7f504c1006a7a221459 → 0.0.0-next.ce84fada19d58a7dfbdd553035e6558f8befcba4

package/dist/_chunks/zh-Hans-BHilK-yc.mjs

@@ -0,0 +1,86 @@
+const zhHans = {
+  "BoundRoute.title": "绑定路由到",
+  "EditForm.inputSelect.description.role": "新验证身份的用户将被赋予所选角色。",
+  "EditForm.inputSelect.label.role": "认证用户的默认角色",
+  "EditForm.inputToggle.description.email": "不允许用户使用不同的认证提供商但相同的电子邮件地址来创建多个账户。",
+  "EditForm.inputToggle.description.email-confirmation": "启用（开）后，新注册的用户会收到一封确认电子邮件。",
+  "EditForm.inputToggle.description.email-confirmation-redirection": "确认您的电子邮件后，选择将您重定向到的位置。",
+  "EditForm.inputToggle.description.email-reset-password": "应用程序的重置密码页面的网址",
+  "EditForm.inputToggle.description.sign-up": "当禁用（关）时，注册过程将被禁止。任何人无论使用任何的供应商都不可以订阅。",
+  "EditForm.inputToggle.label.email": "每个电子邮件地址对应一个账户",
+  "EditForm.inputToggle.label.email-confirmation": "启用电子邮件确认",
+  "EditForm.inputToggle.label.email-confirmation-redirection": "重定向网址",
+  "EditForm.inputToggle.label.email-reset-password": "重置密码页面网址",
+  "EditForm.inputToggle.label.sign-up": "启用注册",
+  "EditForm.inputToggle.placeholder.email-confirmation-redirection": "例如: https://yourfrontend.com/email-confirmation-redirection",
+  "EditForm.inputToggle.placeholder.email-reset-password": "例如: https://yourfrontend.com/reset-password",
+  "EditPage.form.roles": "角色详情",
+  "Email.template.data.loaded": "电子邮件模板已加载",
+  "Email.template.email_confirmation": "邮箱地址确认",
+  "Email.template.form.edit.label": "编辑模板",
+  "Email.template.table.action.label": "操作",
+  "Email.template.table.icon.label": "图标",
+  "Email.template.table.name.label": "名称",
+  "Form.advancedSettings.data.loaded": "高级设置数据已加载",
+  "HeaderNav.link.advancedSettings": "高级设置",
+  "HeaderNav.link.emailTemplates": "电子邮件模板",
+  "HeaderNav.link.providers": "提供商",
+  "Plugin.permissions.plugins.description": "定义 {name} 插件所有允许的操作。",
+  "Plugins.header.description": "下面只列出路由绑定的操作。",
+  "Plugins.header.title": "权限",
+  "Policies.header.hint": "选择应用程序或插件对应的操作，然后点击齿轮图标显示绑定的路由",
+  "Policies.header.title": "高级设置",
+  "PopUpForm.Email.email_templates.inputDescription": "如果你不确定如何使用变量， {link}",
+  "PopUpForm.Email.link.documentation": "查看我们的文档",
+  "PopUpForm.Email.options.from.email.label": "发件人地址",
+  "PopUpForm.Email.options.from.email.placeholder": "kai@doe.com",
+  "PopUpForm.Email.options.from.name.label": "发件人名称",
+  "PopUpForm.Email.options.from.name.placeholder": "Kai Doe",
+  "PopUpForm.Email.options.message.label": "消息",
+  "PopUpForm.Email.options.object.label": "主题",
+  "PopUpForm.Email.options.object.placeholder": "请为%APP_NAME%确认邮箱地址",
+  "PopUpForm.Email.options.response_email.label": "回复邮件",
+  "PopUpForm.Email.options.response_email.placeholder": "kai@doe.com",
+  "PopUpForm.Providers.enabled.description": "如果禁用，用户将无法使用此供应商。",
+  "PopUpForm.Providers.enabled.label": "启用",
+  "PopUpForm.Providers.key.label": "客户端 ID",
+  "PopUpForm.Providers.key.placeholder": "文本",
+  "PopUpForm.Providers.redirectURL.front-end.label": "重定向网址",
+  "PopUpForm.Providers.redirectURL.label": "添加到{provider}应用配置的跳转网址",
+  "PopUpForm.Providers.secret.label": "客户端秘钥",
+  "PopUpForm.Providers.secret.placeholder": "文本",
+  "PopUpForm.Providers.subdomain.label": "主机URI（子域名）",
+  "PopUpForm.Providers.subdomain.placeholder": "my.subdomain.com",
+  "PopUpForm.header.edit.email-templates": "编辑电子邮件模版",
+  "PopUpForm.header.edit.providers": "编辑提供商",
+  "Providers.data.loaded": "提供商已加载",
+  "Providers.status": "状态",
+  "Roles.empty": "您还没有任何角色。",
+  "Roles.empty.search": "没有与搜索相匹配的角色。",
+  "Settings.roles.deleted": "角色已被删除",
+  "Settings.roles.edited": "角色编辑完成",
+  "Settings.section-label": "用户及权限插件",
+  "components.Input.error.validation.email": "这是一个无效的电子邮件",
+  "components.Input.error.validation.json": "这不符合JSON格式",
+  "components.Input.error.validation.max": "值过高。",
+  "components.Input.error.validation.maxLength": "值过长。",
+  "components.Input.error.validation.min": "值太低。",
+  "components.Input.error.validation.minLength": "值太短。",
+  "components.Input.error.validation.minSupMax": "不能超过上限",
+  "components.Input.error.validation.regex": "该值不符合正则表达式。",
+  "components.Input.error.validation.required": "该值为必填项。",
+  "components.Input.error.validation.unique": "该值已被使用。",
+  "notification.success.submit": "设置已被更新",
+  "page.title": "设置 - 角色",
+  "plugin.description.long": "使用基于 JWT 的完整身份验证过程来保护 API。这个插件还有一个 ACL 策略，允许你管理用户组之间的权限。",
+  "plugin.description.short": "使用基于 JWT 的完整身份验证过程保护 API",
+  "plugin.name": "用户及权限插件",
+  "popUpWarning.button.cancel": "取消",
+  "popUpWarning.button.confirm": "确认",
+  "popUpWarning.title": "请确认",
+  "popUpWarning.warning.cancel": "你确定你要取消你的修改？"
+};
+export {
+  zhHans as default
+};
+//# sourceMappingURL=zh-Hans-BHilK-yc.mjs.map

package/dist/_chunks/zh-Hans-BHilK-yc.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"zh-Hans-BHilK-yc.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}

package/dist/_chunks/zh-Hans-GQDMKtY4.js

@@ -0,0 +1,86 @@
+"use strict";
+Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
+const zhHans = {
+  "BoundRoute.title": "绑定路由到",
+  "EditForm.inputSelect.description.role": "新验证身份的用户将被赋予所选角色。",
+  "EditForm.inputSelect.label.role": "认证用户的默认角色",
+  "EditForm.inputToggle.description.email": "不允许用户使用不同的认证提供商但相同的电子邮件地址来创建多个账户。",
+  "EditForm.inputToggle.description.email-confirmation": "启用（开）后，新注册的用户会收到一封确认电子邮件。",
+  "EditForm.inputToggle.description.email-confirmation-redirection": "确认您的电子邮件后，选择将您重定向到的位置。",
+  "EditForm.inputToggle.description.email-reset-password": "应用程序的重置密码页面的网址",
+  "EditForm.inputToggle.description.sign-up": "当禁用（关）时，注册过程将被禁止。任何人无论使用任何的供应商都不可以订阅。",
+  "EditForm.inputToggle.label.email": "每个电子邮件地址对应一个账户",
+  "EditForm.inputToggle.label.email-confirmation": "启用电子邮件确认",
+  "EditForm.inputToggle.label.email-confirmation-redirection": "重定向网址",
+  "EditForm.inputToggle.label.email-reset-password": "重置密码页面网址",
+  "EditForm.inputToggle.label.sign-up": "启用注册",
+  "EditForm.inputToggle.placeholder.email-confirmation-redirection": "例如: https://yourfrontend.com/email-confirmation-redirection",
+  "EditForm.inputToggle.placeholder.email-reset-password": "例如: https://yourfrontend.com/reset-password",
+  "EditPage.form.roles": "角色详情",
+  "Email.template.data.loaded": "电子邮件模板已加载",
+  "Email.template.email_confirmation": "邮箱地址确认",
+  "Email.template.form.edit.label": "编辑模板",
+  "Email.template.table.action.label": "操作",
+  "Email.template.table.icon.label": "图标",
+  "Email.template.table.name.label": "名称",
+  "Form.advancedSettings.data.loaded": "高级设置数据已加载",
+  "HeaderNav.link.advancedSettings": "高级设置",
+  "HeaderNav.link.emailTemplates": "电子邮件模板",
+  "HeaderNav.link.providers": "提供商",
+  "Plugin.permissions.plugins.description": "定义 {name} 插件所有允许的操作。",
+  "Plugins.header.description": "下面只列出路由绑定的操作。",
+  "Plugins.header.title": "权限",
+  "Policies.header.hint": "选择应用程序或插件对应的操作，然后点击齿轮图标显示绑定的路由",
+  "Policies.header.title": "高级设置",
+  "PopUpForm.Email.email_templates.inputDescription": "如果你不确定如何使用变量， {link}",
+  "PopUpForm.Email.link.documentation": "查看我们的文档",
+  "PopUpForm.Email.options.from.email.label": "发件人地址",
+  "PopUpForm.Email.options.from.email.placeholder": "kai@doe.com",
+  "PopUpForm.Email.options.from.name.label": "发件人名称",
+  "PopUpForm.Email.options.from.name.placeholder": "Kai Doe",
+  "PopUpForm.Email.options.message.label": "消息",
+  "PopUpForm.Email.options.object.label": "主题",
+  "PopUpForm.Email.options.object.placeholder": "请为%APP_NAME%确认邮箱地址",
+  "PopUpForm.Email.options.response_email.label": "回复邮件",
+  "PopUpForm.Email.options.response_email.placeholder": "kai@doe.com",
+  "PopUpForm.Providers.enabled.description": "如果禁用，用户将无法使用此供应商。",
+  "PopUpForm.Providers.enabled.label": "启用",
+  "PopUpForm.Providers.key.label": "客户端 ID",
+  "PopUpForm.Providers.key.placeholder": "文本",
+  "PopUpForm.Providers.redirectURL.front-end.label": "重定向网址",
+  "PopUpForm.Providers.redirectURL.label": "添加到{provider}应用配置的跳转网址",
+  "PopUpForm.Providers.secret.label": "客户端秘钥",
+  "PopUpForm.Providers.secret.placeholder": "文本",
+  "PopUpForm.Providers.subdomain.label": "主机URI（子域名）",
+  "PopUpForm.Providers.subdomain.placeholder": "my.subdomain.com",
+  "PopUpForm.header.edit.email-templates": "编辑电子邮件模版",
+  "PopUpForm.header.edit.providers": "编辑提供商",
+  "Providers.data.loaded": "提供商已加载",
+  "Providers.status": "状态",
+  "Roles.empty": "您还没有任何角色。",
+  "Roles.empty.search": "没有与搜索相匹配的角色。",
+  "Settings.roles.deleted": "角色已被删除",
+  "Settings.roles.edited": "角色编辑完成",
+  "Settings.section-label": "用户及权限插件",
+  "components.Input.error.validation.email": "这是一个无效的电子邮件",
+  "components.Input.error.validation.json": "这不符合JSON格式",
+  "components.Input.error.validation.max": "值过高。",
+  "components.Input.error.validation.maxLength": "值过长。",
+  "components.Input.error.validation.min": "值太低。",
+  "components.Input.error.validation.minLength": "值太短。",
+  "components.Input.error.validation.minSupMax": "不能超过上限",
+  "components.Input.error.validation.regex": "该值不符合正则表达式。",
+  "components.Input.error.validation.required": "该值为必填项。",
+  "components.Input.error.validation.unique": "该值已被使用。",
+  "notification.success.submit": "设置已被更新",
+  "page.title": "设置 - 角色",
+  "plugin.description.long": "使用基于 JWT 的完整身份验证过程来保护 API。这个插件还有一个 ACL 策略，允许你管理用户组之间的权限。",
+  "plugin.description.short": "使用基于 JWT 的完整身份验证过程保护 API",
+  "plugin.name": "用户及权限插件",
+  "popUpWarning.button.cancel": "取消",
+  "popUpWarning.button.confirm": "确认",
+  "popUpWarning.title": "请确认",
+  "popUpWarning.warning.cancel": "你确定你要取消你的修改？"
+};
+exports.default = zhHans;
+//# sourceMappingURL=zh-Hans-GQDMKtY4.js.map

package/dist/_chunks/zh-Hans-GQDMKtY4.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"zh-Hans-GQDMKtY4.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}

package/dist/admin/index.js

@@ -0,0 +1,4 @@
+"use strict";
+const index = require("../_chunks/index-DGJ3FzF4.js");
+module.exports = index.index;
+//# sourceMappingURL=index.js.map

package/dist/admin/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sources":[],"sourcesContent":[],"names":[],"mappings":";;;"}

package/dist/admin/index.mjs

@@ -0,0 +1,5 @@
+import { i } from "../_chunks/index-BOrMKeRw.mjs";
+export {
+  i as default
+};
+//# sourceMappingURL=index.mjs.map

package/dist/admin/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.mjs","sources":[],"sourcesContent":[],"names":[],"mappings":";"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "0.0.0-next.ce51df0e18404afc8a1aa7f504c1006a7a221459",
+  "version": "0.0.0-next.ce84fada19d58a7dfbdd553035e6558f8befcba4",
   "description": "Protect your API with a full-authentication process based on JWT",
   "repository": {
     "type": "git",
@@ -19,55 +19,74 @@
       "url": "https://strapi.io"
     }
   ],
+  "exports": {
+    "./strapi-admin": {
+      "source": "./admin/src/index.js",
+      "import": "./dist/admin/index.mjs",
+      "require": "./dist/admin/index.js",
+      "default": "./dist/admin/index.js"
+    },
+    "./strapi-server": {
+      "source": "./server/index.js",
+      "require": "./server/index.js",
+      "default": "./server/index.js"
+    },
+    "./package.json": "./package.json"
+  },
   "scripts": {
-    "test:unit": "run -T jest",
-    "test:unit:watch": "run -T jest --watch",
+    "build": "pack-up build",
+    "clean": "run -T rimraf dist",
+    "lint": "run -T eslint .",
     "test:front": "run -T cross-env IS_EE=true jest --config ./jest.config.front.js",
-    "test:front:watch": "run -T cross-env IS_EE=true jest --config ./jest.config.front.js --watchAll",
     "test:front:ce": "run -T cross-env IS_EE=false jest --config ./jest.config.front.js",
+    "test:front:watch": "run -T cross-env IS_EE=true jest --config ./jest.config.front.js --watchAll",
     "test:front:watch:ce": "run -T cross-env IS_EE=false jest --config ./jest.config.front.js --watchAll",
-    "lint": "run -T eslint ."
+    "test:unit": "run -T jest",
+    "test:unit:watch": "run -T jest --watch",
+    "watch": "pack-up watch"
   },
   "dependencies": {
-    "@strapi/design-system": "1.9.0",
-    "@strapi/helper-plugin": "0.0.0-next.ce51df0e18404afc8a1aa7f504c1006a7a221459",
-    "@strapi/icons": "1.9.0",
-    "@strapi/utils": "0.0.0-next.ce51df0e18404afc8a1aa7f504c1006a7a221459",
+    "@strapi/design-system": "2.0.0-rc.11",
+    "@strapi/icons": "2.0.0-rc.11",
+    "@strapi/utils": "0.0.0-next.ce84fada19d58a7dfbdd553035e6558f8befcba4",
     "bcryptjs": "2.4.3",
-    "formik": "2.4.0",
+    "formik": "2.4.5",
     "grant-koa": "5.4.8",
-    "immer": "9.0.19",
+    "immer": "9.0.21",
     "jsonwebtoken": "9.0.0",
     "jwk-to-pem": "2.0.5",
-    "koa": "2.13.4",
-    "koa2-ratelimit": "^1.1.2",
+    "koa": "2.15.2",
+    "koa2-ratelimit": "^1.1.3",
     "lodash": "4.17.21",
     "prop-types": "^15.8.1",
     "purest": "4.0.2",
-    "react-intl": "6.4.1",
+    "react-intl": "6.6.2",
     "react-query": "3.39.3",
-    "react-redux": "8.1.1",
+    "react-redux": "8.1.3",
     "url-join": "4.0.1",
     "yup": "0.32.9"
   },
   "devDependencies": {
-    "@testing-library/dom": "9.2.0",
-    "@testing-library/react": "14.0.0",
-    "@testing-library/user-event": "14.4.3",
-    "msw": "1.2.1",
-    "react": "^18.2.0",
-    "react-dom": "^18.2.0",
-    "react-router-dom": "5.3.4",
-    "styled-components": "5.3.3"
+    "@strapi/pack-up": "5.0.0",
+    "@strapi/strapi": "0.0.0-next.ce84fada19d58a7dfbdd553035e6558f8befcba4",
+    "@testing-library/dom": "10.1.0",
+    "@testing-library/react": "15.0.7",
+    "@testing-library/user-event": "14.5.2",
+    "msw": "1.3.0",
+    "react": "18.3.1",
+    "react-dom": "18.3.1",
+    "react-router-dom": "6.22.3",
+    "styled-components": "6.1.8"
   },
   "peerDependencies": {
+    "@strapi/strapi": "^5.0.0 || ^5.0.0-beta || ^5.0.0-alpha || ^5.0.0-rc",
     "react": "^17.0.0 || ^18.0.0",
     "react-dom": "^17.0.0 || ^18.0.0",
-    "react-router-dom": "5.3.4",
-    "styled-components": "5.3.3"
+    "react-router-dom": "^6.0.0",
+    "styled-components": "^6.0.0"
   },
   "engines": {
-    "node": ">=16.0.0 <=20.x.x",
+    "node": ">=18.0.0 <=20.x.x",
     "npm": ">=6.0.0"
   },
   "strapi": {
@@ -77,5 +96,5 @@
     "required": true,
     "kind": "plugin"
   },
-  "gitHead": "ce51df0e18404afc8a1aa7f504c1006a7a221459"
+  "gitHead": "ce84fada19d58a7dfbdd553035e6558f8befcba4"
 }

package/packup.config.ts

@@ -0,0 +1,22 @@
+import { Config, defineConfig } from '@strapi/pack-up';
+import { transformWithEsbuild } from 'vite';
+
+const config: Config = defineConfig({
+  bundles: [
+    {
+      source: './admin/src/index.js',
+      import: './dist/admin/index.mjs',
+      require: './dist/admin/index.js',
+      runtime: 'web',
+    },
+  ],
+  dist: './dist',
+  /**
+   * Because we're exporting a server & client package
+   * which have different runtimes we want to ignore
+   * what they look like in the package.json
+   */
+  exports: {},
+});
+
+export default config;

package/server/bootstrap/index.js

@@ -9,25 +9,26 @@
  */
 const crypto = require('crypto');
 const _ = require('lodash');
-const urljoin = require('url-join');
-const { isArray } = require('lodash/fp');
 const { getService } = require('../utils');
-const getGrantConfig = require('./grant-config');
-
 const usersPermissionsActions = require('./users-permissions-actions');
-const userSchema = require('../content-types/user');
 
 const initGrant = async (pluginStore) => {
-  const apiPrefix = strapi.config.get('api.rest.prefix');
-  const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');
+  const allProviders = getService('providers-registry').getAll();
+
+  const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {
+    const { icon, enabled, grantConfig } = provider;
 
-  const grantConfig = getGrantConfig(baseURL);
+    acc[name] = {
+      icon,
+      enabled,
+      ...grantConfig,
+    };
+    return acc;
+  }, {});
 
   const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};
-  // store grant auth config to db
-  // when plugin_users-permissions_grant is not existed in db
-  // or we have added/deleted provider here.
-  if (!prevGrantConfig || !_.isEqual(_.keys(prevGrantConfig), _.keys(grantConfig))) {
+
+  if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {
     // merge with the previous provider config.
     _.keys(grantConfig).forEach((key) => {
       if (key in prevGrantConfig) {
@@ -99,26 +100,6 @@ const initAdvancedOptions = async (pluginStore) => {
   }
 };
 
-const userSchemaAdditions = () => {
-  const defaultSchema = Object.keys(userSchema.attributes);
-  const currentSchema = Object.keys(
-    strapi.contentTypes['plugin::users-permissions.user'].attributes
-  );
-
-  // Some dynamic fields may not have been initialized yet, so we need to ignore them
-  // TODO: we should have a global method for finding these
-  const ignoreDiffs = [
-    'createdBy',
-    'createdAt',
-    'updatedBy',
-    'updatedAt',
-    'publishedAt',
-    'strapi_reviewWorkflows_stage',
-  ];
-
-  return currentSchema.filter((key) => !(ignoreDiffs.includes(key) || defaultSchema.includes(key)));
-};
-
 module.exports = async ({ strapi }) => {
   const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
 
@@ -126,13 +107,13 @@ module.exports = async ({ strapi }) => {
   await initEmails(pluginStore);
   await initAdvancedOptions(pluginStore);
 
-  await strapi.admin.services.permission.actionProvider.registerMany(
-    usersPermissionsActions.actions
-  );
+  await strapi
+    .service('admin::permission')
+    .actionProvider.registerMany(usersPermissionsActions.actions);
 
   await getService('users-permissions').initialize();
 
-  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
+  if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
     if (process.env.NODE_ENV !== 'development') {
       throw new Error(
         `Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
@@ -142,7 +123,7 @@ For security reasons, prefer storing the secret in an environment variable and r
 
     const jwtSecret = crypto.randomBytes(16).toString('base64');
 
-    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
+    strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
 
     if (!process.env.JWT_SECRET) {
       const envPath = process.env.ENV_PATH || '.env';
@@ -152,17 +133,4 @@ For security reasons, prefer storing the secret in an environment variable and r
       );
     }
   }
-
-  // TODO v5: Remove this block of code and default allowedFields to empty array
-  if (!isArray(strapi.config.get('plugin.users-permissions.register.allowedFields'))) {
-    const modifications = userSchemaAdditions();
-    if (modifications.length > 0) {
-      // if there is a potential vulnerability, show a warning
-      strapi.log.warn(
-        `Users-permissions registration has defaulted to accepting the following additional user fields during registration: ${modifications.join(
-          ','
-        )}`
-      );
-    }
-  }
 };

package/server/bootstrap/users-permissions-actions.js

@@ -16,6 +16,12 @@ module.exports = {
       uid: 'roles.read',
       subCategory: 'roles',
       pluginName: 'users-permissions',
+      aliases: [
+        {
+          actionId: 'plugin::content-manager.explorer.read',
+          subjects: ['plugin::users-permissions.role'],
+        },
+      ],
     },
     {
       section: 'plugins',

package/server/config.js

@@ -18,6 +18,35 @@ module.exports = {
         },
       },
     },
+    callback: {
+      validate(callback, provider) {
+        let uCallback;
+        let uProviderCallback;
+
+        try {
+          uCallback = new URL(callback);
+          uProviderCallback = new URL(provider.callback);
+        } catch {
+          throw new Error('The callback is not a valid URL');
+        }
+
+        // Make sure the different origin matches
+        if (uCallback.origin !== uProviderCallback.origin) {
+          throw new Error(
+            `Forbidden callback provided: origins don't match. Please verify your config.`
+          );
+        }
+
+        // Make sure the different pathname matches
+        if (uCallback.pathname !== uProviderCallback.pathname) {
+          throw new Error(
+            `Forbidden callback provided: pathname don't match. Please verify your config.`
+          );
+        }
+
+        // NOTE: We're not checking the search parameters on purpose to allow passing different states
+      },
+    },
   }),
   validator() {},
 };

package/server/content-types/user/index.js

@@ -12,7 +12,6 @@ module.exports = {
     displayName: 'User',
   },
   options: {
-    draftAndPublish: false,
     timestamps: true,
   },
   attributes: {