@strapi/plugin-users-permissions 0.0.0-next.e21fe90bf2ab9906267ea6e6ca620bdcc729906c → 0.0.0-next.e326c69a49373b420f6566c30aca26f4b6274c6a
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin/src/pages/Providers/index.jsx +74 -76
- package/admin/src/pages/Roles/pages/CreatePage.jsx +3 -12
- package/admin/src/pages/Roles/pages/EditPage.jsx +3 -12
- package/admin/src/pages/Roles/pages/ListPage/index.jsx +91 -93
- package/admin/src/utils/formatPluginName.js +1 -1
- package/dist/admin/pages/Providers/index.js +84 -88
- package/dist/admin/pages/Providers/index.js.map +1 -1
- package/dist/admin/pages/Providers/index.mjs +84 -88
- package/dist/admin/pages/Providers/index.mjs.map +1 -1
- package/dist/admin/pages/Roles/pages/CreatePage.js +1 -1
- package/dist/admin/pages/Roles/pages/CreatePage.js.map +1 -1
- package/dist/admin/pages/Roles/pages/CreatePage.mjs +2 -2
- package/dist/admin/pages/Roles/pages/CreatePage.mjs.map +1 -1
- package/dist/admin/pages/Roles/pages/EditPage.js +1 -1
- package/dist/admin/pages/Roles/pages/EditPage.js.map +1 -1
- package/dist/admin/pages/Roles/pages/EditPage.mjs +2 -2
- package/dist/admin/pages/Roles/pages/EditPage.mjs.map +1 -1
- package/dist/admin/pages/Roles/pages/ListPage/index.js +95 -99
- package/dist/admin/pages/Roles/pages/ListPage/index.js.map +1 -1
- package/dist/admin/pages/Roles/pages/ListPage/index.mjs +95 -99
- package/dist/admin/pages/Roles/pages/ListPage/index.mjs.map +1 -1
- package/dist/admin/utils/formatPluginName.js +1 -1
- package/dist/admin/utils/formatPluginName.js.map +1 -1
- package/dist/admin/utils/formatPluginName.mjs +1 -1
- package/dist/admin/utils/formatPluginName.mjs.map +1 -1
- package/dist/server/bootstrap/index.js +28 -7
- package/dist/server/bootstrap/index.js.map +1 -1
- package/dist/server/bootstrap/index.mjs +28 -7
- package/dist/server/bootstrap/index.mjs.map +1 -1
- package/dist/server/config.js +16 -0
- package/dist/server/config.js.map +1 -1
- package/dist/server/config.mjs +16 -0
- package/dist/server/config.mjs.map +1 -1
- package/dist/server/controllers/auth.js +198 -3
- package/dist/server/controllers/auth.js.map +1 -1
- package/dist/server/controllers/auth.mjs +198 -3
- package/dist/server/controllers/auth.mjs.map +1 -1
- package/dist/server/controllers/content-manager-user.js +3 -3
- package/dist/server/controllers/content-manager-user.js.map +1 -1
- package/dist/server/controllers/content-manager-user.mjs +3 -3
- package/dist/server/controllers/content-manager-user.mjs.map +1 -1
- package/dist/server/controllers/validation/user.js +6 -1
- package/dist/server/controllers/validation/user.js.map +1 -1
- package/dist/server/controllers/validation/user.mjs +6 -1
- package/dist/server/controllers/validation/user.mjs.map +1 -1
- package/dist/server/routes/content-api/auth.js +155 -91
- package/dist/server/routes/content-api/auth.js.map +1 -1
- package/dist/server/routes/content-api/auth.mjs +155 -91
- package/dist/server/routes/content-api/auth.mjs.map +1 -1
- package/dist/server/routes/content-api/index.js +11 -9
- package/dist/server/routes/content-api/index.js.map +1 -1
- package/dist/server/routes/content-api/index.mjs +11 -9
- package/dist/server/routes/content-api/index.mjs.map +1 -1
- package/dist/server/routes/content-api/permissions.js +14 -7
- package/dist/server/routes/content-api/permissions.js.map +1 -1
- package/dist/server/routes/content-api/permissions.mjs +14 -7
- package/dist/server/routes/content-api/permissions.mjs.map +1 -1
- package/dist/server/routes/content-api/role.js +61 -27
- package/dist/server/routes/content-api/role.js.map +1 -1
- package/dist/server/routes/content-api/role.mjs +61 -27
- package/dist/server/routes/content-api/role.mjs.map +1 -1
- package/dist/server/routes/content-api/user.js +119 -57
- package/dist/server/routes/content-api/user.js.map +1 -1
- package/dist/server/routes/content-api/user.mjs +119 -57
- package/dist/server/routes/content-api/user.mjs.map +1 -1
- package/dist/server/routes/content-api/validation.js +217 -0
- package/dist/server/routes/content-api/validation.js.map +1 -0
- package/dist/server/routes/content-api/validation.mjs +215 -0
- package/dist/server/routes/content-api/validation.mjs.map +1 -0
- package/dist/server/services/constants.js +19 -0
- package/dist/server/services/constants.js.map +1 -0
- package/dist/server/services/constants.mjs +17 -0
- package/dist/server/services/constants.mjs.map +1 -0
- package/dist/server/services/jwt.js +45 -2
- package/dist/server/services/jwt.js.map +1 -1
- package/dist/server/services/jwt.mjs +45 -2
- package/dist/server/services/jwt.mjs.map +1 -1
- package/dist/server/services/user.js +29 -20
- package/dist/server/services/user.js.map +1 -1
- package/dist/server/services/user.mjs +29 -20
- package/dist/server/services/user.mjs.map +1 -1
- package/dist/server/services/users-permissions.js +4 -3
- package/dist/server/services/users-permissions.js.map +1 -1
- package/dist/server/services/users-permissions.mjs +4 -3
- package/dist/server/services/users-permissions.mjs.map +1 -1
- package/package.json +8 -7
- package/server/bootstrap/index.js +31 -0
- package/server/config.js +22 -0
- package/server/controllers/auth.js +232 -8
- package/server/controllers/content-manager-user.js +3 -4
- package/server/controllers/validation/user.js +12 -1
- package/server/routes/content-api/auth.js +119 -71
- package/server/routes/content-api/index.js +11 -4
- package/server/routes/content-api/permissions.js +14 -7
- package/server/routes/content-api/role.js +57 -27
- package/server/routes/content-api/user.js +108 -51
- package/server/routes/content-api/validation.js +250 -0
- package/server/services/constants.js +9 -0
- package/server/services/jwt.js +50 -2
- package/server/services/user.js +11 -0
- package/server/services/users-permissions.js +4 -2
|
@@ -1,29 +1,59 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
3
|
+
const { UsersPermissionsRouteValidator } = require('./validation');
|
|
4
|
+
|
|
5
|
+
module.exports = (strapi) => {
|
|
6
|
+
const validator = new UsersPermissionsRouteValidator(strapi);
|
|
7
|
+
|
|
8
|
+
return [
|
|
9
|
+
{
|
|
10
|
+
method: 'GET',
|
|
11
|
+
path: '/roles/:id',
|
|
12
|
+
handler: 'role.findOne',
|
|
13
|
+
request: {
|
|
14
|
+
params: {
|
|
15
|
+
id: validator.roleIdParam,
|
|
16
|
+
},
|
|
17
|
+
},
|
|
18
|
+
response: validator.roleResponseSchema,
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
method: 'GET',
|
|
22
|
+
path: '/roles',
|
|
23
|
+
handler: 'role.find',
|
|
24
|
+
response: validator.rolesResponseSchema,
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
method: 'POST',
|
|
28
|
+
path: '/roles',
|
|
29
|
+
handler: 'role.createRole',
|
|
30
|
+
request: {
|
|
31
|
+
body: { 'application/json': validator.createRoleBodySchema },
|
|
32
|
+
},
|
|
33
|
+
response: validator.roleSuccessResponseSchema,
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
method: 'PUT',
|
|
37
|
+
path: '/roles/:role',
|
|
38
|
+
handler: 'role.updateRole',
|
|
39
|
+
request: {
|
|
40
|
+
params: {
|
|
41
|
+
role: validator.roleIdParam,
|
|
42
|
+
},
|
|
43
|
+
body: { 'application/json': validator.updateRoleBodySchema },
|
|
44
|
+
},
|
|
45
|
+
response: validator.roleSuccessResponseSchema,
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
method: 'DELETE',
|
|
49
|
+
path: '/roles/:role',
|
|
50
|
+
handler: 'role.deleteRole',
|
|
51
|
+
request: {
|
|
52
|
+
params: {
|
|
53
|
+
role: validator.roleIdParam,
|
|
54
|
+
},
|
|
55
|
+
},
|
|
56
|
+
response: validator.roleSuccessResponseSchema,
|
|
57
|
+
},
|
|
58
|
+
];
|
|
59
|
+
};
|
|
@@ -1,60 +1,117 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
3
|
+
const z = require('zod/v4');
|
|
4
|
+
const { UsersPermissionsRouteValidator } = require('./validation');
|
|
5
|
+
|
|
6
|
+
module.exports = (strapi) => {
|
|
7
|
+
const validator = new UsersPermissionsRouteValidator(strapi);
|
|
8
|
+
|
|
9
|
+
return [
|
|
10
|
+
{
|
|
11
|
+
method: 'GET',
|
|
12
|
+
path: '/users/count',
|
|
13
|
+
handler: 'user.count',
|
|
14
|
+
config: {
|
|
15
|
+
prefix: '',
|
|
16
|
+
},
|
|
17
|
+
request: {
|
|
18
|
+
query: {
|
|
19
|
+
filters: validator.filters.optional(),
|
|
20
|
+
},
|
|
21
|
+
},
|
|
22
|
+
response: z.number(),
|
|
10
23
|
},
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
24
|
+
{
|
|
25
|
+
method: 'GET',
|
|
26
|
+
path: '/users',
|
|
27
|
+
handler: 'user.find',
|
|
28
|
+
config: {
|
|
29
|
+
prefix: '',
|
|
30
|
+
},
|
|
31
|
+
request: {
|
|
32
|
+
query: {
|
|
33
|
+
fields: validator.queryFields.optional(),
|
|
34
|
+
populate: validator.queryPopulate.optional(),
|
|
35
|
+
sort: validator.querySort.optional(),
|
|
36
|
+
pagination: validator.pagination.optional(),
|
|
37
|
+
filters: validator.filters.optional(),
|
|
38
|
+
},
|
|
39
|
+
},
|
|
40
|
+
response: z.array(validator.userSchema),
|
|
18
41
|
},
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
42
|
+
{
|
|
43
|
+
method: 'GET',
|
|
44
|
+
path: '/users/me',
|
|
45
|
+
handler: 'user.me',
|
|
46
|
+
config: {
|
|
47
|
+
prefix: '',
|
|
48
|
+
},
|
|
49
|
+
request: {
|
|
50
|
+
query: {
|
|
51
|
+
fields: validator.queryFields.optional(),
|
|
52
|
+
populate: validator.queryPopulate.optional(),
|
|
53
|
+
},
|
|
54
|
+
},
|
|
55
|
+
response: validator.userSchema,
|
|
26
56
|
},
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
57
|
+
{
|
|
58
|
+
method: 'GET',
|
|
59
|
+
path: '/users/:id',
|
|
60
|
+
handler: 'user.findOne',
|
|
61
|
+
config: {
|
|
62
|
+
prefix: '',
|
|
63
|
+
},
|
|
64
|
+
request: {
|
|
65
|
+
params: {
|
|
66
|
+
id: validator.userIdParam,
|
|
67
|
+
},
|
|
68
|
+
query: {
|
|
69
|
+
fields: validator.queryFields.optional(),
|
|
70
|
+
populate: validator.queryPopulate.optional(),
|
|
71
|
+
},
|
|
72
|
+
},
|
|
73
|
+
response: validator.userSchema,
|
|
34
74
|
},
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
75
|
+
{
|
|
76
|
+
method: 'POST',
|
|
77
|
+
path: '/users',
|
|
78
|
+
handler: 'user.create',
|
|
79
|
+
config: {
|
|
80
|
+
prefix: '',
|
|
81
|
+
},
|
|
82
|
+
request: {
|
|
83
|
+
body: { 'application/json': validator.createUserBodySchema },
|
|
84
|
+
},
|
|
85
|
+
response: validator.userSchema,
|
|
42
86
|
},
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
87
|
+
{
|
|
88
|
+
method: 'PUT',
|
|
89
|
+
path: '/users/:id',
|
|
90
|
+
handler: 'user.update',
|
|
91
|
+
config: {
|
|
92
|
+
prefix: '',
|
|
93
|
+
},
|
|
94
|
+
request: {
|
|
95
|
+
params: {
|
|
96
|
+
id: validator.userIdParam,
|
|
97
|
+
},
|
|
98
|
+
body: { 'application/json': validator.updateUserBodySchema },
|
|
99
|
+
},
|
|
100
|
+
response: validator.userSchema,
|
|
50
101
|
},
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
102
|
+
{
|
|
103
|
+
method: 'DELETE',
|
|
104
|
+
path: '/users/:id',
|
|
105
|
+
handler: 'user.destroy',
|
|
106
|
+
config: {
|
|
107
|
+
prefix: '',
|
|
108
|
+
},
|
|
109
|
+
request: {
|
|
110
|
+
params: {
|
|
111
|
+
id: validator.userIdParam,
|
|
112
|
+
},
|
|
113
|
+
},
|
|
114
|
+
response: validator.userSchema,
|
|
58
115
|
},
|
|
59
|
-
|
|
60
|
-
|
|
116
|
+
];
|
|
117
|
+
};
|
|
@@ -0,0 +1,250 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
const { AbstractRouteValidator } = require('@strapi/utils');
|
|
4
|
+
const z = require('zod/v4');
|
|
5
|
+
|
|
6
|
+
class UsersPermissionsRouteValidator extends AbstractRouteValidator {
|
|
7
|
+
constructor(strapi) {
|
|
8
|
+
super();
|
|
9
|
+
this._strapi = strapi;
|
|
10
|
+
}
|
|
11
|
+
|
|
12
|
+
get userSchema() {
|
|
13
|
+
return z.object({
|
|
14
|
+
id: z.number(),
|
|
15
|
+
documentId: z.string(),
|
|
16
|
+
username: z.string(),
|
|
17
|
+
email: z.string(),
|
|
18
|
+
provider: z.string(),
|
|
19
|
+
confirmed: z.boolean(),
|
|
20
|
+
blocked: z.boolean(),
|
|
21
|
+
role: z
|
|
22
|
+
.union([
|
|
23
|
+
z.number(),
|
|
24
|
+
z.object({
|
|
25
|
+
id: z.number(),
|
|
26
|
+
name: z.string(),
|
|
27
|
+
description: z.string().nullable(),
|
|
28
|
+
type: z.string(),
|
|
29
|
+
createdAt: z.string(),
|
|
30
|
+
updatedAt: z.string(),
|
|
31
|
+
}),
|
|
32
|
+
])
|
|
33
|
+
.optional(),
|
|
34
|
+
createdAt: z.string(),
|
|
35
|
+
updatedAt: z.string(),
|
|
36
|
+
publishedAt: z.string(),
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
get roleSchema() {
|
|
41
|
+
return z.object({
|
|
42
|
+
id: z.number(),
|
|
43
|
+
documentId: z.string(),
|
|
44
|
+
name: z.string(),
|
|
45
|
+
description: z.string().nullable(),
|
|
46
|
+
type: z.string(),
|
|
47
|
+
createdAt: z.string(),
|
|
48
|
+
updatedAt: z.string(),
|
|
49
|
+
publishedAt: z.string(),
|
|
50
|
+
nb_users: z.number().optional(),
|
|
51
|
+
permissions: z
|
|
52
|
+
.record(
|
|
53
|
+
z.string(), // plugin name
|
|
54
|
+
z.object({
|
|
55
|
+
controllers: z.record(
|
|
56
|
+
z.string(), // controller name
|
|
57
|
+
z.record(
|
|
58
|
+
z.string(), // action name
|
|
59
|
+
z.object({
|
|
60
|
+
enabled: z.boolean(),
|
|
61
|
+
policy: z.string(),
|
|
62
|
+
})
|
|
63
|
+
)
|
|
64
|
+
),
|
|
65
|
+
})
|
|
66
|
+
)
|
|
67
|
+
.optional(),
|
|
68
|
+
users: z.array(z.unknown()).optional(),
|
|
69
|
+
});
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
get permissionSchema() {
|
|
73
|
+
return z.object({
|
|
74
|
+
id: z.number(),
|
|
75
|
+
action: z.string(),
|
|
76
|
+
role: z.object({
|
|
77
|
+
id: z.number(),
|
|
78
|
+
name: z.string(),
|
|
79
|
+
description: z.string().nullable(),
|
|
80
|
+
type: z.string(),
|
|
81
|
+
}),
|
|
82
|
+
createdAt: z.string(),
|
|
83
|
+
updatedAt: z.string(),
|
|
84
|
+
});
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
get authResponseSchema() {
|
|
88
|
+
return z.object({
|
|
89
|
+
jwt: z.string(),
|
|
90
|
+
refreshToken: z.string().optional(),
|
|
91
|
+
user: this.userSchema,
|
|
92
|
+
});
|
|
93
|
+
}
|
|
94
|
+
|
|
95
|
+
get authResponseWithoutJwtSchema() {
|
|
96
|
+
return z.object({
|
|
97
|
+
user: this.userSchema,
|
|
98
|
+
});
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
get authRegisterResponseSchema() {
|
|
102
|
+
return z.union([this.authResponseSchema, this.authResponseWithoutJwtSchema]);
|
|
103
|
+
}
|
|
104
|
+
|
|
105
|
+
get forgotPasswordResponseSchema() {
|
|
106
|
+
return z.object({
|
|
107
|
+
ok: z.boolean(),
|
|
108
|
+
});
|
|
109
|
+
}
|
|
110
|
+
|
|
111
|
+
get sendEmailConfirmationResponseSchema() {
|
|
112
|
+
return z.object({
|
|
113
|
+
email: z.string(),
|
|
114
|
+
sent: z.boolean(),
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
get rolesResponseSchema() {
|
|
119
|
+
return z.object({
|
|
120
|
+
roles: z.array(this.roleSchema),
|
|
121
|
+
});
|
|
122
|
+
}
|
|
123
|
+
|
|
124
|
+
get roleResponseSchema() {
|
|
125
|
+
return z.object({
|
|
126
|
+
role: this.roleSchema,
|
|
127
|
+
});
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
get roleSuccessResponseSchema() {
|
|
131
|
+
return z.object({
|
|
132
|
+
ok: z.boolean(),
|
|
133
|
+
});
|
|
134
|
+
}
|
|
135
|
+
|
|
136
|
+
get permissionsResponseSchema() {
|
|
137
|
+
return z.object({
|
|
138
|
+
permissions: z.record(
|
|
139
|
+
z.string(), // plugin name
|
|
140
|
+
z.object({
|
|
141
|
+
controllers: z.record(
|
|
142
|
+
z.string(), // controller name
|
|
143
|
+
z.record(
|
|
144
|
+
z.string(), // action name
|
|
145
|
+
z.object({
|
|
146
|
+
enabled: z.boolean(),
|
|
147
|
+
policy: z.string(),
|
|
148
|
+
})
|
|
149
|
+
)
|
|
150
|
+
),
|
|
151
|
+
})
|
|
152
|
+
),
|
|
153
|
+
});
|
|
154
|
+
}
|
|
155
|
+
|
|
156
|
+
get loginBodySchema() {
|
|
157
|
+
return z.object({
|
|
158
|
+
identifier: z.string(),
|
|
159
|
+
password: z.string(),
|
|
160
|
+
});
|
|
161
|
+
}
|
|
162
|
+
|
|
163
|
+
get registerBodySchema() {
|
|
164
|
+
return z.object({
|
|
165
|
+
username: z.string(),
|
|
166
|
+
email: z.email(),
|
|
167
|
+
password: z.string(),
|
|
168
|
+
});
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
get forgotPasswordBodySchema() {
|
|
172
|
+
return z.object({
|
|
173
|
+
email: z.email(),
|
|
174
|
+
});
|
|
175
|
+
}
|
|
176
|
+
|
|
177
|
+
get resetPasswordBodySchema() {
|
|
178
|
+
return z.object({
|
|
179
|
+
code: z.string(),
|
|
180
|
+
password: z.string(),
|
|
181
|
+
passwordConfirmation: z.string(),
|
|
182
|
+
});
|
|
183
|
+
}
|
|
184
|
+
|
|
185
|
+
get changePasswordBodySchema() {
|
|
186
|
+
return z.object({
|
|
187
|
+
currentPassword: z.string(),
|
|
188
|
+
password: z.string(),
|
|
189
|
+
passwordConfirmation: z.string(),
|
|
190
|
+
});
|
|
191
|
+
}
|
|
192
|
+
|
|
193
|
+
get sendEmailConfirmationBodySchema() {
|
|
194
|
+
return z.object({
|
|
195
|
+
email: z.email(),
|
|
196
|
+
});
|
|
197
|
+
}
|
|
198
|
+
|
|
199
|
+
get createUserBodySchema() {
|
|
200
|
+
return z.object({
|
|
201
|
+
username: z.string(),
|
|
202
|
+
email: z.email(),
|
|
203
|
+
password: z.string(),
|
|
204
|
+
role: z.number().optional(),
|
|
205
|
+
});
|
|
206
|
+
}
|
|
207
|
+
|
|
208
|
+
get updateUserBodySchema() {
|
|
209
|
+
return z.object({
|
|
210
|
+
username: z.string().optional(),
|
|
211
|
+
email: z.email().optional(),
|
|
212
|
+
password: z.string().optional(),
|
|
213
|
+
role: z.number().optional(),
|
|
214
|
+
});
|
|
215
|
+
}
|
|
216
|
+
|
|
217
|
+
get createRoleBodySchema() {
|
|
218
|
+
return z.object({
|
|
219
|
+
name: z.string(),
|
|
220
|
+
description: z.string().optional(),
|
|
221
|
+
type: z.string(),
|
|
222
|
+
permissions: z.record(z.string(), z.unknown()).optional(),
|
|
223
|
+
});
|
|
224
|
+
}
|
|
225
|
+
|
|
226
|
+
get updateRoleBodySchema() {
|
|
227
|
+
return z.object({
|
|
228
|
+
name: z.string().optional(),
|
|
229
|
+
description: z.string().optional(),
|
|
230
|
+
type: z.string().optional(),
|
|
231
|
+
permissions: z.record(z.string(), z.unknown()).optional(),
|
|
232
|
+
});
|
|
233
|
+
}
|
|
234
|
+
|
|
235
|
+
get userIdParam() {
|
|
236
|
+
return z.string();
|
|
237
|
+
}
|
|
238
|
+
|
|
239
|
+
get roleIdParam() {
|
|
240
|
+
return z.string();
|
|
241
|
+
}
|
|
242
|
+
|
|
243
|
+
get providerParam() {
|
|
244
|
+
return z.string();
|
|
245
|
+
}
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
module.exports = {
|
|
249
|
+
UsersPermissionsRouteValidator,
|
|
250
|
+
};
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
module.exports = {
|
|
4
|
+
DEFAULT_ACCESS_TOKEN_LIFESPAN: 10 * 60, // 10 minutes
|
|
5
|
+
DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN: 30 * 24 * 60 * 60, // 30 days
|
|
6
|
+
DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN: 14 * 24 * 60 * 60, // 14 days
|
|
7
|
+
DEFAULT_MAX_SESSION_LIFESPAN: 1 * 24 * 60 * 60, // 1 day
|
|
8
|
+
DEFAULT_IDLE_SESSION_LIFESPAN: 2 * 60 * 60, // 2 hours
|
|
9
|
+
};
|
package/server/services/jwt.js
CHANGED
|
@@ -29,6 +29,32 @@ module.exports = ({ strapi }) => ({
|
|
|
29
29
|
},
|
|
30
30
|
|
|
31
31
|
issue(payload, jwtOptions = {}) {
|
|
32
|
+
const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
|
|
33
|
+
|
|
34
|
+
if (mode === 'refresh') {
|
|
35
|
+
const userId = String(payload.id ?? payload.userId ?? '');
|
|
36
|
+
if (!userId) {
|
|
37
|
+
throw new Error('Cannot issue token: missing user id');
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
const issueRefreshToken = async () => {
|
|
41
|
+
const refresh = await strapi
|
|
42
|
+
.sessionManager('users-permissions')
|
|
43
|
+
.generateRefreshToken(userId, undefined, { type: 'refresh' });
|
|
44
|
+
|
|
45
|
+
const access = await strapi
|
|
46
|
+
.sessionManager('users-permissions')
|
|
47
|
+
.generateAccessToken(refresh.token);
|
|
48
|
+
if ('error' in access) {
|
|
49
|
+
throw new Error('Failed to generate access token');
|
|
50
|
+
}
|
|
51
|
+
|
|
52
|
+
return access.token;
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
return issueRefreshToken();
|
|
56
|
+
}
|
|
57
|
+
|
|
32
58
|
_.defaults(jwtOptions, strapi.config.get('plugin::users-permissions.jwt'));
|
|
33
59
|
return jwt.sign(
|
|
34
60
|
_.clone(payload.toJSON ? payload.toJSON() : payload),
|
|
@@ -37,12 +63,34 @@ module.exports = ({ strapi }) => ({
|
|
|
37
63
|
);
|
|
38
64
|
},
|
|
39
65
|
|
|
40
|
-
verify(token) {
|
|
66
|
+
async verify(token) {
|
|
67
|
+
const mode = strapi.config.get('plugin::users-permissions.jwtManagement', 'legacy-support');
|
|
68
|
+
|
|
69
|
+
if (mode === 'refresh') {
|
|
70
|
+
// Accept only access tokens minted by the SessionManager for UP
|
|
71
|
+
const result = strapi.sessionManager('users-permissions').validateAccessToken(token);
|
|
72
|
+
if (!result.isValid || result.payload.type !== 'access') {
|
|
73
|
+
throw new Error('Invalid token.');
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
const user = await strapi.db
|
|
77
|
+
.query('plugin::users-permissions.user')
|
|
78
|
+
.findOne({ where: { id: Number(result.payload.userId) || result.payload.userId } });
|
|
79
|
+
if (!user) {
|
|
80
|
+
throw new Error('Invalid token.');
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
return { id: user.id };
|
|
84
|
+
}
|
|
85
|
+
|
|
41
86
|
return new Promise((resolve, reject) => {
|
|
87
|
+
const jwtConfig = strapi.config.get('plugin::users-permissions.jwt', {});
|
|
88
|
+
const algorithms = jwtConfig && jwtConfig.algorithm ? [jwtConfig.algorithm] : undefined;
|
|
89
|
+
|
|
42
90
|
jwt.verify(
|
|
43
91
|
token,
|
|
44
92
|
strapi.config.get('plugin::users-permissions.jwtSecret'),
|
|
45
|
-
{},
|
|
93
|
+
algorithms ? { algorithms } : {},
|
|
46
94
|
(err, tokenPayload = {}) => {
|
|
47
95
|
if (err) {
|
|
48
96
|
return reject(new Error('Invalid token.'));
|
package/server/services/user.js
CHANGED
|
@@ -16,6 +16,11 @@ const { getService } = require('../utils');
|
|
|
16
16
|
|
|
17
17
|
const USER_MODEL_UID = 'plugin::users-permissions.user';
|
|
18
18
|
|
|
19
|
+
const getSessionManager = () => {
|
|
20
|
+
const manager = strapi.sessionManager;
|
|
21
|
+
return manager ?? null;
|
|
22
|
+
};
|
|
23
|
+
|
|
19
24
|
module.exports = ({ strapi }) => ({
|
|
20
25
|
/**
|
|
21
26
|
* Promise to count users
|
|
@@ -112,6 +117,12 @@ module.exports = ({ strapi }) => ({
|
|
|
112
117
|
* @return {Promise}
|
|
113
118
|
*/
|
|
114
119
|
async remove(params) {
|
|
120
|
+
// Invalidate sessions for all affected users
|
|
121
|
+
const sessionManager = getSessionManager();
|
|
122
|
+
if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {
|
|
123
|
+
await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));
|
|
124
|
+
}
|
|
125
|
+
|
|
115
126
|
return strapi.db.query(USER_MODEL_UID).delete({ where: params });
|
|
116
127
|
},
|
|
117
128
|
|
|
@@ -7,6 +7,7 @@ const {
|
|
|
7
7
|
template: { createStrictInterpolationRegExp },
|
|
8
8
|
errors,
|
|
9
9
|
objects,
|
|
10
|
+
sanitizeRoutesMapForSerialization,
|
|
10
11
|
} = require('@strapi/utils');
|
|
11
12
|
|
|
12
13
|
const { getService } = require('../utils');
|
|
@@ -99,7 +100,8 @@ module.exports = ({ strapi }) => ({
|
|
|
99
100
|
}
|
|
100
101
|
});
|
|
101
102
|
|
|
102
|
-
|
|
103
|
+
// Return a deeply cloned version to avoid circular references
|
|
104
|
+
return _.cloneDeep(actionMap);
|
|
103
105
|
},
|
|
104
106
|
|
|
105
107
|
async getRoutes() {
|
|
@@ -147,7 +149,7 @@ module.exports = ({ strapi }) => ({
|
|
|
147
149
|
}));
|
|
148
150
|
});
|
|
149
151
|
|
|
150
|
-
return routesMap;
|
|
152
|
+
return sanitizeRoutesMapForSerialization(routesMap);
|
|
151
153
|
},
|
|
152
154
|
|
|
153
155
|
async syncPermissions() {
|