@strapi/plugin-users-permissions 0.0.0-next.d9724d67b33363354d7171a9f2265e1c42485e13 → 0.0.0-next.da19c0501ff87d14fb664b55b8e0630d3c548485
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin/src/pages/Providers/index.jsx +74 -76
- package/admin/src/pages/Roles/pages/CreatePage.jsx +4 -13
- package/admin/src/pages/Roles/pages/EditPage.jsx +4 -13
- package/admin/src/pages/Roles/pages/ListPage/index.jsx +91 -93
- package/admin/src/translations/en.json +1 -0
- package/dist/admin/pages/Providers/index.js +84 -88
- package/dist/admin/pages/Providers/index.js.map +1 -1
- package/dist/admin/pages/Providers/index.mjs +84 -88
- package/dist/admin/pages/Providers/index.mjs.map +1 -1
- package/dist/admin/pages/Roles/pages/CreatePage.js +2 -1
- package/dist/admin/pages/Roles/pages/CreatePage.js.map +1 -1
- package/dist/admin/pages/Roles/pages/CreatePage.mjs +3 -2
- package/dist/admin/pages/Roles/pages/CreatePage.mjs.map +1 -1
- package/dist/admin/pages/Roles/pages/EditPage.js +2 -1
- package/dist/admin/pages/Roles/pages/EditPage.js.map +1 -1
- package/dist/admin/pages/Roles/pages/EditPage.mjs +3 -2
- package/dist/admin/pages/Roles/pages/EditPage.mjs.map +1 -1
- package/dist/admin/pages/Roles/pages/ListPage/index.js +95 -99
- package/dist/admin/pages/Roles/pages/ListPage/index.js.map +1 -1
- package/dist/admin/pages/Roles/pages/ListPage/index.mjs +95 -99
- package/dist/admin/pages/Roles/pages/ListPage/index.mjs.map +1 -1
- package/dist/admin/translations/en.json.js +1 -0
- package/dist/admin/translations/en.json.js.map +1 -1
- package/dist/admin/translations/en.json.mjs +1 -0
- package/dist/admin/translations/en.json.mjs.map +1 -1
- package/dist/server/bootstrap/index.js +28 -7
- package/dist/server/bootstrap/index.js.map +1 -1
- package/dist/server/bootstrap/index.mjs +28 -7
- package/dist/server/bootstrap/index.mjs.map +1 -1
- package/dist/server/config.js +16 -0
- package/dist/server/config.js.map +1 -1
- package/dist/server/config.mjs +16 -0
- package/dist/server/config.mjs.map +1 -1
- package/dist/server/controllers/auth.js +204 -3
- package/dist/server/controllers/auth.js.map +1 -1
- package/dist/server/controllers/auth.mjs +204 -3
- package/dist/server/controllers/auth.mjs.map +1 -1
- package/dist/server/routes/content-api/auth.js +16 -0
- package/dist/server/routes/content-api/auth.js.map +1 -1
- package/dist/server/routes/content-api/auth.mjs +16 -0
- package/dist/server/routes/content-api/auth.mjs.map +1 -1
- package/dist/server/routes/content-api/validation.js +1 -0
- package/dist/server/routes/content-api/validation.js.map +1 -1
- package/dist/server/routes/content-api/validation.mjs +1 -0
- package/dist/server/routes/content-api/validation.mjs.map +1 -1
- package/dist/server/services/constants.js +19 -0
- package/dist/server/services/constants.js.map +1 -0
- package/dist/server/services/constants.mjs +17 -0
- package/dist/server/services/constants.mjs.map +1 -0
- package/dist/server/services/jwt.js +45 -2
- package/dist/server/services/jwt.js.map +1 -1
- package/dist/server/services/jwt.mjs +45 -2
- package/dist/server/services/jwt.mjs.map +1 -1
- package/dist/server/services/user.js +29 -20
- package/dist/server/services/user.js.map +1 -1
- package/dist/server/services/user.mjs +29 -20
- package/dist/server/services/user.mjs.map +1 -1
- package/package.json +5 -5
- package/server/bootstrap/index.js +31 -0
- package/server/config.js +22 -0
- package/server/controllers/auth.js +248 -8
- package/server/routes/content-api/auth.js +12 -0
- package/server/routes/content-api/validation.js +1 -0
- package/server/services/constants.js +9 -0
- package/server/services/jwt.js +50 -2
- package/server/services/user.js +11 -0
package/server/services/jwt.js
CHANGED
|
@@ -29,6 +29,32 @@ module.exports = ({ strapi }) => ({
|
|
|
29
29
|
},
|
|
30
30
|
|
|
31
31
|
issue(payload, jwtOptions = {}) {
|
|
32
|
+
const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
|
|
33
|
+
|
|
34
|
+
if (mode === 'refresh') {
|
|
35
|
+
const userId = String(payload.id ?? payload.userId ?? '');
|
|
36
|
+
if (!userId) {
|
|
37
|
+
throw new Error('Cannot issue token: missing user id');
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
const issueRefreshToken = async () => {
|
|
41
|
+
const refresh = await strapi
|
|
42
|
+
.sessionManager('users-permissions')
|
|
43
|
+
.generateRefreshToken(userId, undefined, { type: 'refresh' });
|
|
44
|
+
|
|
45
|
+
const access = await strapi
|
|
46
|
+
.sessionManager('users-permissions')
|
|
47
|
+
.generateAccessToken(refresh.token);
|
|
48
|
+
if ('error' in access) {
|
|
49
|
+
throw new Error('Failed to generate access token');
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
return access.token;
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
return issueRefreshToken();
|
|
56
|
+
}
|
|
57
|
+
|
|
32
58
|
_.defaults(jwtOptions, strapi.config.get('plugin::users-permissions.jwt'));
|
|
33
59
|
return jwt.sign(
|
|
34
60
|
_.clone(payload.toJSON ? payload.toJSON() : payload),
|
|
@@ -37,12 +63,34 @@ module.exports = ({ strapi }) => ({
|
|
|
37
63
|
);
|
|
38
64
|
},
|
|
39
65
|
|
|
40
|
-
verify(token) {
|
|
66
|
+
async verify(token) {
|
|
67
|
+
const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
|
|
68
|
+
|
|
69
|
+
if (mode === 'refresh') {
|
|
70
|
+
// Accept only access tokens minted by the SessionManager for UP
|
|
71
|
+
const result = strapi.sessionManager('users-permissions').validateAccessToken(token);
|
|
72
|
+
if (!result.isValid || result.payload.type !== 'access') {
|
|
73
|
+
throw new Error('Invalid token.');
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
const user = await strapi.db
|
|
77
|
+
.query('plugin::users-permissions.user')
|
|
78
|
+
.findOne({ where: { id: Number(result.payload.userId) || result.payload.userId } });
|
|
79
|
+
if (!user) {
|
|
80
|
+
throw new Error('Invalid token.');
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
return { id: user.id };
|
|
84
|
+
}
|
|
85
|
+
|
|
41
86
|
return new Promise((resolve, reject) => {
|
|
87
|
+
const jwtConfig = strapi.config.get('plugin::users-permissions.jwt', {});
|
|
88
|
+
const algorithms = jwtConfig && jwtConfig.algorithm ? [jwtConfig.algorithm] : undefined;
|
|
89
|
+
|
|
42
90
|
jwt.verify(
|
|
43
91
|
token,
|
|
44
92
|
strapi.config.get('plugin::users-permissions.jwtSecret'),
|
|
45
|
-
{},
|
|
93
|
+
algorithms ? { algorithms } : {},
|
|
46
94
|
(err, tokenPayload = {}) => {
|
|
47
95
|
if (err) {
|
|
48
96
|
return reject(new Error('Invalid token.'));
|
package/server/services/user.js
CHANGED
|
@@ -16,6 +16,11 @@ const { getService } = require('../utils');
|
|
|
16
16
|
|
|
17
17
|
const USER_MODEL_UID = 'plugin::users-permissions.user';
|
|
18
18
|
|
|
19
|
+
const getSessionManager = () => {
|
|
20
|
+
const manager = strapi.sessionManager;
|
|
21
|
+
return manager ?? null;
|
|
22
|
+
};
|
|
23
|
+
|
|
19
24
|
module.exports = ({ strapi }) => ({
|
|
20
25
|
/**
|
|
21
26
|
* Promise to count users
|
|
@@ -112,6 +117,12 @@ module.exports = ({ strapi }) => ({
|
|
|
112
117
|
* @return {Promise}
|
|
113
118
|
*/
|
|
114
119
|
async remove(params) {
|
|
120
|
+
// Invalidate sessions for all affected users
|
|
121
|
+
const sessionManager = getSessionManager();
|
|
122
|
+
if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {
|
|
123
|
+
await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));
|
|
124
|
+
}
|
|
125
|
+
|
|
115
126
|
return strapi.db.query(USER_MODEL_UID).delete({ where: params });
|
|
116
127
|
},
|
|
117
128
|
|