@strapi/plugin-users-permissions 0.0.0-next.f0bfcece1007e5aa527570187635aefc86db536e → 0.0.0-next.f0f36e3df4b18f167036dcbca529dcb933bf4e1d

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (111) hide show
  1. package/admin/src/components/Permissions/PermissionRow/SubCategory.jsx +8 -1
  2. package/admin/src/components/Policies/index.jsx +1 -0
  3. package/admin/src/components/UsersPermissions/index.jsx +1 -0
  4. package/admin/src/pages/EmailTemplates/components/EmailForm.jsx +2 -1
  5. package/admin/src/pages/Providers/index.jsx +74 -76
  6. package/admin/src/pages/Roles/pages/CreatePage.jsx +20 -7
  7. package/admin/src/pages/Roles/pages/EditPage.jsx +12 -7
  8. package/admin/src/pages/Roles/pages/ListPage/index.jsx +91 -93
  9. package/admin/src/translations/en.json +1 -0
  10. package/dist/admin/components/FormModal/Input/index.js.map +1 -1
  11. package/dist/admin/components/FormModal/Input/index.mjs.map +1 -1
  12. package/dist/admin/components/Permissions/PermissionRow/SubCategory.js +3 -1
  13. package/dist/admin/components/Permissions/PermissionRow/SubCategory.js.map +1 -1
  14. package/dist/admin/components/Permissions/PermissionRow/SubCategory.mjs +3 -1
  15. package/dist/admin/components/Permissions/PermissionRow/SubCategory.mjs.map +1 -1
  16. package/dist/admin/components/Permissions/PermissionRow/index.js.map +1 -1
  17. package/dist/admin/components/Permissions/PermissionRow/index.mjs.map +1 -1
  18. package/dist/admin/components/Policies/index.js +1 -0
  19. package/dist/admin/components/Policies/index.js.map +1 -1
  20. package/dist/admin/components/Policies/index.mjs +1 -0
  21. package/dist/admin/components/Policies/index.mjs.map +1 -1
  22. package/dist/admin/components/UsersPermissions/index.js +1 -0
  23. package/dist/admin/components/UsersPermissions/index.js.map +1 -1
  24. package/dist/admin/components/UsersPermissions/index.mjs +1 -0
  25. package/dist/admin/components/UsersPermissions/index.mjs.map +1 -1
  26. package/dist/admin/pages/EmailTemplates/components/EmailForm.js +2 -1
  27. package/dist/admin/pages/EmailTemplates/components/EmailForm.js.map +1 -1
  28. package/dist/admin/pages/EmailTemplates/components/EmailForm.mjs +2 -1
  29. package/dist/admin/pages/EmailTemplates/components/EmailForm.mjs.map +1 -1
  30. package/dist/admin/pages/Providers/index.js +84 -88
  31. package/dist/admin/pages/Providers/index.js.map +1 -1
  32. package/dist/admin/pages/Providers/index.mjs +84 -88
  33. package/dist/admin/pages/Providers/index.mjs.map +1 -1
  34. package/dist/admin/pages/Roles/pages/CreatePage.js +14 -1
  35. package/dist/admin/pages/Roles/pages/CreatePage.js.map +1 -1
  36. package/dist/admin/pages/Roles/pages/CreatePage.mjs +16 -3
  37. package/dist/admin/pages/Roles/pages/CreatePage.mjs.map +1 -1
  38. package/dist/admin/pages/Roles/pages/EditPage.js +13 -3
  39. package/dist/admin/pages/Roles/pages/EditPage.js.map +1 -1
  40. package/dist/admin/pages/Roles/pages/EditPage.mjs +14 -4
  41. package/dist/admin/pages/Roles/pages/EditPage.mjs.map +1 -1
  42. package/dist/admin/pages/Roles/pages/ListPage/components/TableBody.js.map +1 -1
  43. package/dist/admin/pages/Roles/pages/ListPage/components/TableBody.mjs.map +1 -1
  44. package/dist/admin/pages/Roles/pages/ListPage/index.js +95 -99
  45. package/dist/admin/pages/Roles/pages/ListPage/index.js.map +1 -1
  46. package/dist/admin/pages/Roles/pages/ListPage/index.mjs +95 -99
  47. package/dist/admin/pages/Roles/pages/ListPage/index.mjs.map +1 -1
  48. package/dist/admin/translations/en.json.js +1 -0
  49. package/dist/admin/translations/en.json.js.map +1 -1
  50. package/dist/admin/translations/en.json.mjs +1 -0
  51. package/dist/admin/translations/en.json.mjs.map +1 -1
  52. package/dist/admin/utils/getTrad.js.map +1 -1
  53. package/dist/admin/utils/getTrad.mjs.map +1 -1
  54. package/dist/admin/utils/prefixPluginTranslations.js.map +1 -1
  55. package/dist/admin/utils/prefixPluginTranslations.mjs.map +1 -1
  56. package/dist/server/bootstrap/index.js +28 -7
  57. package/dist/server/bootstrap/index.js.map +1 -1
  58. package/dist/server/bootstrap/index.mjs +28 -7
  59. package/dist/server/bootstrap/index.mjs.map +1 -1
  60. package/dist/server/config.js +16 -0
  61. package/dist/server/config.js.map +1 -1
  62. package/dist/server/config.mjs +16 -0
  63. package/dist/server/config.mjs.map +1 -1
  64. package/dist/server/controllers/auth.js +204 -3
  65. package/dist/server/controllers/auth.js.map +1 -1
  66. package/dist/server/controllers/auth.mjs +204 -3
  67. package/dist/server/controllers/auth.mjs.map +1 -1
  68. package/dist/server/controllers/content-manager-user.js.map +1 -1
  69. package/dist/server/controllers/content-manager-user.mjs.map +1 -1
  70. package/dist/server/graphql/resolvers-configs.js.map +1 -1
  71. package/dist/server/graphql/resolvers-configs.mjs.map +1 -1
  72. package/dist/server/middlewares/rateLimit.js.map +1 -1
  73. package/dist/server/middlewares/rateLimit.mjs.map +1 -1
  74. package/dist/server/routes/content-api/auth.js +16 -0
  75. package/dist/server/routes/content-api/auth.js.map +1 -1
  76. package/dist/server/routes/content-api/auth.mjs +16 -0
  77. package/dist/server/routes/content-api/auth.mjs.map +1 -1
  78. package/dist/server/routes/content-api/validation.js +1 -0
  79. package/dist/server/routes/content-api/validation.js.map +1 -1
  80. package/dist/server/routes/content-api/validation.mjs +1 -0
  81. package/dist/server/routes/content-api/validation.mjs.map +1 -1
  82. package/dist/server/services/constants.js +19 -0
  83. package/dist/server/services/constants.js.map +1 -0
  84. package/dist/server/services/constants.mjs +17 -0
  85. package/dist/server/services/constants.mjs.map +1 -0
  86. package/dist/server/services/jwt.js +45 -2
  87. package/dist/server/services/jwt.js.map +1 -1
  88. package/dist/server/services/jwt.mjs +45 -2
  89. package/dist/server/services/jwt.mjs.map +1 -1
  90. package/dist/server/services/providers-registry.js.map +1 -1
  91. package/dist/server/services/providers-registry.mjs.map +1 -1
  92. package/dist/server/services/role.js.map +1 -1
  93. package/dist/server/services/role.mjs.map +1 -1
  94. package/dist/server/services/user.js +29 -20
  95. package/dist/server/services/user.js.map +1 -1
  96. package/dist/server/services/user.mjs +29 -20
  97. package/dist/server/services/user.mjs.map +1 -1
  98. package/dist/server/services/users-permissions.js +8 -0
  99. package/dist/server/services/users-permissions.js.map +1 -1
  100. package/dist/server/services/users-permissions.mjs +8 -0
  101. package/dist/server/services/users-permissions.mjs.map +1 -1
  102. package/package.json +9 -9
  103. package/server/bootstrap/index.js +31 -0
  104. package/server/config.js +22 -0
  105. package/server/controllers/auth.js +248 -8
  106. package/server/routes/content-api/auth.js +12 -0
  107. package/server/routes/content-api/validation.js +1 -0
  108. package/server/services/constants.js +9 -0
  109. package/server/services/jwt.js +50 -2
  110. package/server/services/user.js +11 -0
  111. package/server/services/users-permissions.js +2 -0
package/dist/server/services/user.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.js","sources":["../../../server/services/user.js"],"sourcesContent":["'use strict';\n\n/**\n * User.js service\n *\n * @description: A set of functions similar to controller's actions to avoid code duplication.\n */\n\nconst crypto = require('crypto');\nconst bcrypt = require('bcryptjs');\nconst urlJoin = require('url-join');\n\nconst { sanitize } = require('@strapi/utils');\nconst { toNumber, getOr } = require('lodash/fp');\nconst { getService } = require('../utils');\n\nconst USER_MODEL_UID = 'plugin::users-permissions.user';\n\nmodule.exports = ({ strapi }) => ({\n /**\n * Promise to count users\n *\n * @return {Promise}\n */\n\n count(params) {\n return strapi.db.query(USER_MODEL_UID).count({ where: params });\n },\n\n /**\n * Hashes password fields in the provided values object if they are present.\n * It checks each key in the values object against the model's attributes and\n * hashes it if the attribute type is 'password',\n *\n * @param {object} values - The object containing the fields to be hashed.\n * @return {object} The values object with hashed password fields if they were present.\n */\n async ensureHashedPasswords(values) {\n const attributes = strapi.getModel(USER_MODEL_UID).attributes;\n\n for (const key in values) {\n if (attributes[key] && attributes[key].type === 'password') {\n // Check if a custom encryption.rounds has been set on the password attribute\n const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));\n values[key] = await bcrypt.hash(values[key], rounds);\n }\n }\n\n return values;\n },\n\n /**\n * Promise to add a/an user.\n * @return {Promise}\n */\n async add(values) {\n return strapi.db.query(USER_MODEL_UID).create({\n data: await this.ensureHashedPasswords(values),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to edit a/an user.\n * @param {string} userId\n * @param {object} params\n * @return {Promise}\n */\n async edit(userId, params = {}) {\n return strapi.db.query(USER_MODEL_UID).update({\n where: { id: userId },\n data: await this.ensureHashedPasswords(params),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to fetch a/an user.\n * @return {Promise}\n */\n fetch(id, params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findOne({\n ...query,\n where: {\n $and: [{ id }, query.where || {}],\n },\n });\n },\n\n /**\n * Promise to fetch authenticated user.\n * @return {Promise}\n */\n fetchAuthenticatedUser(id) {\n return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });\n },\n\n /**\n * Promise to fetch all users.\n * @return {Promise}\n */\n fetchAll(params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findMany(query);\n },\n\n /**\n * Promise to remove a/an user.\n * @return {Promise}\n */\n async remove(params) {\n return strapi.db.query(USER_MODEL_UID).delete({ where: params });\n },\n\n validatePassword(password, hash) {\n return bcrypt.compare(password, hash);\n },\n\n async sendConfirmationEmail(user) {\n const userPermissionService = getService('users-permissions');\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n const userSchema = strapi.getModel(USER_MODEL_UID);\n\n const settings = await pluginStore\n .get({ key: 'email' })\n .then((storeEmail) => storeEmail.email_confirmation.options);\n\n // Sanitize the template's user information\n const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(\n {\n schema: userSchema,\n getModel: strapi.getModel.bind(strapi),\n },\n user\n );\n\n const confirmationToken = crypto.randomBytes(20).toString('hex');\n\n await this.edit(user.id, { confirmationToken });\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n\n try {\n settings.message = await userPermissionService.template(settings.message, {\n URL: urlJoin(\n strapi.config.get('server.absoluteUrl'),\n apiPrefix,\n '/auth/email-confirmation'\n ),\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: sanitizedUserInfo,\n CODE: confirmationToken,\n });\n\n settings.object = await userPermissionService.template(settings.object, {\n USER: sanitizedUserInfo,\n });\n } catch {\n strapi.log.error(\n '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for \"user confirmation email\". Please make sure your email template is valid and does not contain invalid characters or patterns'\n );\n return;\n }\n\n // Send an email to the user.\n await strapi\n .plugin('email')\n .service('email')\n .send({\n to: user.email,\n from:\n settings.from.email && settings.from.name\n ? `${settings.from.name} <${settings.from.email}>`\n : undefined,\n replyTo: settings.response_email,\n subject: settings.object,\n text: settings.message,\n html: settings.message,\n });\n },\n});\n"],"names":["crypto","require$$0","bcrypt","require$$1","urlJoin","require$$2","sanitize","require$$3","toNumber","getOr","require$$4","getService","require$$5","USER_MODEL_UID","user","strapi","count","params","db","query","where","ensureHashedPasswords","values","attributes","getModel","key","type","rounds","hash","add","create","data","populate","edit","userId","update","id","fetch","get","transform","findOne","$and","fetchAuthenticatedUser","fetchAll","findMany","remove","delete","validatePassword","password","compare","sendConfirmationEmail","userPermissionService","pluginStore","store","name","userSchema","settings","then","storeEmail","email_confirmation","options","sanitizedUserInfo","sanitizers","defaultSanitizeOutput","schema","bind","confirmationToken","randomBytes","toString","apiPrefix","config","message","template","URL","SERVER_URL","ADMIN_URL","USER","CODE","object","log","error","plugin","service","send","to","email","from","undefined","replyTo","response_email","subject","text","html"],"mappings":";;;;;;;;;;;;;;AAEA;;;;AAIA,KAEA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAEhB,MAAM,EAAEC,QAAQ,EAAE,GAAGC,YAAAA;AACrB,IAAA,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAE,GAAGC,YAAAA;IAC5B,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AAEvB,IAAA,MAAMC,cAAiB,GAAA,gCAAA;AAEvBC,IAAAA,IAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAClC;;;;AAIA,OAEEC,OAAMC,MAAM,EAAA;AACV,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBG,KAAK,CAAC;oBAAEI,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC7D,aAAA;AAEH;;;;;;;OAQE,MAAMI,uBAAsBC,MAAM,EAAA;AAChC,gBAAA,MAAMC,UAAaR,GAAAA,MAAAA,CAAOS,QAAQ,CAACX,gBAAgBU,UAAU;gBAE7D,IAAK,MAAME,OAAOH,MAAQ,CAAA;oBACxB,IAAIC,UAAU,CAACE,GAAAA,CAAI,IAAIF,UAAU,CAACE,GAAI,CAAA,CAACC,IAAI,KAAK,UAAY,EAAA;;AAE1D,wBAAA,MAAMC,SAASnB,QAASC,CAAAA,KAAAA,CAAM,IAAI,mBAAqBc,EAAAA,UAAU,CAACE,GAAI,CAAA,CAAA,CAAA;wBACtEH,MAAM,CAACG,GAAI,CAAA,GAAG,MAAMvB,MAAAA,CAAO0B,IAAI,CAACN,MAAM,CAACG,GAAAA,CAAI,EAAEE,MAAAA,CAAAA;AAC9C;AACF;gBAED,OAAOL,MAAAA;AACR,aAAA;AAEH;;;OAIE,MAAMO,KAAIP,MAAM,EAAA;AACd,gBAAA,OAAOP,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBiB,MAAM,CAAC;AAC5CC,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACC,MAAAA,CAAAA;oBACvCU,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;;;AAKA,OACE,MAAMC,IAAKC,CAAAA,CAAAA,MAAM,EAAEjB,MAAAA,GAAS,EAAE,EAAA;AAC5B,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBsB,MAAM,CAAC;oBAC5Cf,KAAO,EAAA;wBAAEgB,EAAIF,EAAAA;AAAQ,qBAAA;AACrBH,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACJ,MAAAA,CAAAA;oBACvCe,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;OAIEK,KAAAA,CAAAA,CAAMD,EAAE,EAAEnB,MAAM,EAAA;gBACd,MAAME,KAAAA,GAAQJ,OAAOuB,GAAG,CAAC,gBAAgBC,SAAS,CAAC1B,cAAgBI,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB2B,OAAO,CAAC;AAC7C,oBAAA,GAAGrB,KAAK;oBACRC,KAAO,EAAA;wBACLqB,IAAM,EAAA;AAAC,4BAAA;AAAEL,gCAAAA;AAAE,6BAAA;4BAAIjB,KAAMC,CAAAA,KAAK,IAAI;AAAG;AAClC;AACP,iBAAA,CAAA;AACG,aAAA;AAEH;;;AAGA,OACEsB,wBAAuBN,EAAE,EAAA;AACvB,gBAAA,OAAOrB,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB2B,OAAO,CAAC;oBAAEpB,KAAO,EAAA;AAAEgB,wBAAAA;AAAE,qBAAA;oBAAIJ,QAAU,EAAA;AAAC,wBAAA;AAAO;AAAE,iBAAA,CAAA;AACrF,aAAA;AAEH;;;AAGA,OACEW,UAAS1B,MAAM,EAAA;gBACb,MAAME,KAAAA,GAAQJ,OAAOuB,GAAG,CAAC,gBAAgBC,SAAS,CAAC1B,cAAgBI,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB+B,QAAQ,CAACzB,KAAAA,CAAAA;AACjD,aAAA;AAEH;;;OAIE,MAAM0B,QAAO5B,MAAM,EAAA;AACjB,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBiC,MAAM,CAAC;oBAAE1B,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC9D,aAAA;YAED8B,gBAAiBC,CAAAA,CAAAA,QAAQ,EAAEpB,IAAI,EAAA;gBAC7B,OAAO1B,MAAAA,CAAO+C,OAAO,CAACD,QAAUpB,EAAAA,IAAAA,CAAAA;AACjC,aAAA;AAED,YAAA,MAAMsB,uBAAsBpC,IAAI,EAAA;AAC9B,gBAAA,MAAMqC,wBAAwBxC,UAAW,CAAA,mBAAA,CAAA;AACzC,gBAAA,MAAMyC,WAAc,GAAA,MAAMrC,MAAOsC,CAAAA,KAAK,CAAC;oBAAE3B,IAAM,EAAA,QAAA;oBAAU4B,IAAM,EAAA;AAAmB,iBAAA,CAAA;gBAClF,MAAMC,UAAAA,GAAaxC,MAAOS,CAAAA,QAAQ,CAACX,cAAAA,CAAAA;AAEnC,gBAAA,MAAM2C,QAAW,GAAA,MAAMJ,WACpBd,CAAAA,GAAG,CAAC;oBAAEb,GAAK,EAAA;mBACXgC,IAAI,CAAC,CAACC,aAAeA,UAAWC,CAAAA,kBAAkB,CAACC,OAAO,CAAA;;AAG7D,gBAAA,MAAMC,oBAAoB,MAAMvD,QAAAA,CAASwD,UAAU,CAACC,qBAAqB,CACvE;oBACEC,MAAQT,EAAAA,UAAAA;AACR/B,oBAAAA,QAAAA,EAAUT,MAAOS,CAAAA,QAAQ,CAACyC,IAAI,CAAClD,MAAAA;iBAEjCD,EAAAA,IAAAA,CAAAA;AAGF,gBAAA,MAAMoD,oBAAoBlE,MAAOmE,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE1D,gBAAA,MAAM,IAAI,CAACnC,IAAI,CAACnB,IAAAA,CAAKsB,EAAE,EAAE;AAAE8B,oBAAAA;AAAiB,iBAAA,CAAA;AAE5C,gBAAA,MAAMG,SAAYtD,GAAAA,MAAAA,CAAOuD,MAAM,CAAChC,GAAG,CAAC,iBAAA,CAAA;gBAEpC,IAAI;oBACFkB,QAASe,CAAAA,OAAO,GAAG,MAAMpB,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASe,OAAO,EAAE;AACxEE,wBAAAA,GAAAA,EAAKrE,QACHW,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,uBAClB+B,SACA,EAAA,0BAAA,CAAA;AAEFK,wBAAAA,UAAAA,EAAY3D,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,oBAAA,CAAA;AAC9BqC,wBAAAA,SAAAA,EAAW5D,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,mBAAA,CAAA;wBAC7BsC,IAAMf,EAAAA,iBAAAA;wBACNgB,IAAMX,EAAAA;AACd,qBAAA,CAAA;oBAEMV,QAASsB,CAAAA,MAAM,GAAG,MAAM3B,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASsB,MAAM,EAAE;wBACtEF,IAAMf,EAAAA;AACd,qBAAA,CAAA;AACA,iBAAA,CAAM,OAAM;oBACN9C,MAAOgE,CAAAA,GAAG,CAACC,KAAK,CACd,mNAAA,CAAA;AAEF,oBAAA;AACD;;gBAGD,MAAMjE,MAAAA,CACHkE,MAAM,CAAC,OAAA,CAAA,CACPC,OAAO,CAAC,OAAA,CAAA,CACRC,IAAI,CAAC;AACJC,oBAAAA,EAAAA,EAAItE,KAAKuE,KAAK;oBACdC,IACE9B,EAAAA,QAAAA,CAAS8B,IAAI,CAACD,KAAK,IAAI7B,QAAS8B,CAAAA,IAAI,CAAChC,IAAI,GACrC,CAAC,EAAEE,QAAAA,CAAS8B,IAAI,CAAChC,IAAI,CAAC,EAAE,EAAEE,QAAAA,CAAS8B,IAAI,CAACD,KAAK,CAAC,CAAC,CAAC,GAChDE,SAAAA;AACNC,oBAAAA,OAAAA,EAAShC,SAASiC,cAAc;AAChCC,oBAAAA,OAAAA,EAASlC,SAASsB,MAAM;AACxBa,oBAAAA,IAAAA,EAAMnC,SAASe,OAAO;AACtBqB,oBAAAA,IAAAA,EAAMpC,SAASe;AACvB,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"user.js","sources":["../../../server/services/user.js"],"sourcesContent":["'use strict';\n\n/**\n * User.js service\n *\n * @description: A set of functions similar to controller's actions to avoid code duplication.\n */\n\nconst crypto = require('crypto');\nconst bcrypt = require('bcryptjs');\nconst urlJoin = require('url-join');\n\nconst { sanitize } = require('@strapi/utils');\nconst { toNumber, getOr } = require('lodash/fp');\nconst { getService } = require('../utils');\n\nconst USER_MODEL_UID = 'plugin::users-permissions.user';\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\nmodule.exports = ({ strapi }) => ({\n /**\n * Promise to count users\n *\n * @return {Promise}\n */\n\n count(params) {\n return strapi.db.query(USER_MODEL_UID).count({ where: params });\n },\n\n /**\n * Hashes password fields in the provided values object if they are present.\n * It checks each key in the values object against the model's attributes and\n * hashes it if the attribute type is 'password',\n *\n * @param {object} values - The object containing the fields to be hashed.\n * @return {object} The values object with hashed password fields if they were present.\n */\n async ensureHashedPasswords(values) {\n const attributes = strapi.getModel(USER_MODEL_UID).attributes;\n\n for (const key in values) {\n if (attributes[key] && attributes[key].type === 'password') {\n // Check if a custom encryption.rounds has been set on the password attribute\n const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));\n values[key] = await bcrypt.hash(values[key], rounds);\n }\n }\n\n return values;\n },\n\n /**\n * Promise to add a/an user.\n * @return {Promise}\n */\n async add(values) {\n return strapi.db.query(USER_MODEL_UID).create({\n data: await this.ensureHashedPasswords(values),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to edit a/an user.\n * @param {string} userId\n * @param {object} params\n * @return {Promise}\n */\n async edit(userId, params = {}) {\n return strapi.db.query(USER_MODEL_UID).update({\n where: { id: userId },\n data: await this.ensureHashedPasswords(params),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to fetch a/an user.\n * @return {Promise}\n */\n fetch(id, params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findOne({\n ...query,\n where: {\n $and: [{ id }, query.where || {}],\n },\n });\n },\n\n /**\n * Promise to fetch authenticated user.\n * @return {Promise}\n */\n fetchAuthenticatedUser(id) {\n return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });\n },\n\n /**\n * Promise to fetch all users.\n * @return {Promise}\n */\n fetchAll(params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findMany(query);\n },\n\n /**\n * Promise to remove a/an user.\n * @return {Promise}\n */\n async remove(params) {\n // Invalidate sessions for all affected users\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {\n await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));\n }\n\n return strapi.db.query(USER_MODEL_UID).delete({ where: params });\n },\n\n validatePassword(password, hash) {\n return bcrypt.compare(password, hash);\n },\n\n async sendConfirmationEmail(user) {\n const userPermissionService = getService('users-permissions');\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n const userSchema = strapi.getModel(USER_MODEL_UID);\n\n const settings = await pluginStore\n .get({ key: 'email' })\n .then((storeEmail) => storeEmail.email_confirmation.options);\n\n // Sanitize the template's user information\n const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(\n {\n schema: userSchema,\n getModel: strapi.getModel.bind(strapi),\n },\n user\n );\n\n const confirmationToken = crypto.randomBytes(20).toString('hex');\n\n await this.edit(user.id, { confirmationToken });\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n\n try {\n settings.message = await userPermissionService.template(settings.message, {\n URL: urlJoin(\n strapi.config.get('server.absoluteUrl'),\n apiPrefix,\n '/auth/email-confirmation'\n ),\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: sanitizedUserInfo,\n CODE: confirmationToken,\n });\n\n settings.object = await userPermissionService.template(settings.object, {\n USER: sanitizedUserInfo,\n });\n } catch {\n strapi.log.error(\n '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for \"user confirmation email\". Please make sure your email template is valid and does not contain invalid characters or patterns'\n );\n return;\n }\n\n // Send an email to the user.\n await strapi\n .plugin('email')\n .service('email')\n .send({\n to: user.email,\n from:\n settings.from.email && settings.from.name\n ? `${settings.from.name} <${settings.from.email}>`\n : undefined,\n replyTo: settings.response_email,\n subject: settings.object,\n text: settings.message,\n html: settings.message,\n });\n },\n});\n"],"names":["crypto","require$$0","bcrypt","require$$1","urlJoin","require$$2","sanitize","require$$3","toNumber","getOr","require$$4","getService","require$$5","USER_MODEL_UID","getSessionManager","manager","strapi","sessionManager","user","count","params","db","query","where","ensureHashedPasswords","values","attributes","getModel","key","type","rounds","hash","add","create","data","populate","edit","userId","update","id","fetch","get","transform","findOne","$and","fetchAuthenticatedUser","fetchAll","findMany","remove","hasOrigin","invalidateRefreshToken","String","delete","validatePassword","password","compare","sendConfirmationEmail","userPermissionService","pluginStore","store","name","userSchema","settings","then","storeEmail","email_confirmation","options","sanitizedUserInfo","sanitizers","defaultSanitizeOutput","schema","bind","confirmationToken","randomBytes","toString","apiPrefix","config","message","template","URL","SERVER_URL","ADMIN_URL","USER","CODE","object","log","error","plugin","service","send","to","email","from","undefined","replyTo","response_email","subject","text","html"],"mappings":";;;;;;;;;;;;;;AAEA;;;;AAIA,KAEA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAEhB,MAAM,EAAEC,QAAQ,EAAE,GAAGC,YAAAA;AACrB,IAAA,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAE,GAAGC,YAAAA;IAC5B,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AAEvB,IAAA,MAAMC,cAAiB,GAAA,gCAAA;AAEvB,IAAA,MAAMC,iBAAoB,GAAA,IAAA;QACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,QAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,KAAA;AAEAG,IAAAA,IAAAA,GAAiB,CAAC,EAAEF,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAClC;;;;AAIA,OAEEG,OAAMC,MAAM,EAAA;AACV,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBM,KAAK,CAAC;oBAAEI,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC7D,aAAA;AAEH;;;;;;;OAQE,MAAMI,uBAAsBC,MAAM,EAAA;AAChC,gBAAA,MAAMC,UAAaV,GAAAA,OAAAA,CAAOW,QAAQ,CAACd,gBAAgBa,UAAU;gBAE7D,IAAK,MAAME,OAAOH,MAAQ,CAAA;oBACxB,IAAIC,UAAU,CAACE,GAAAA,CAAI,IAAIF,UAAU,CAACE,GAAI,CAAA,CAACC,IAAI,KAAK,UAAY,EAAA;;AAE1D,wBAAA,MAAMC,SAAStB,QAASC,CAAAA,KAAAA,CAAM,IAAI,mBAAqBiB,EAAAA,UAAU,CAACE,GAAI,CAAA,CAAA,CAAA;wBACtEH,MAAM,CAACG,GAAI,CAAA,GAAG,MAAM1B,MAAAA,CAAO6B,IAAI,CAACN,MAAM,CAACG,GAAAA,CAAI,EAAEE,MAAAA,CAAAA;AAC9C;AACF;gBAED,OAAOL,MAAAA;AACR,aAAA;AAEH;;;OAIE,MAAMO,KAAIP,MAAM,EAAA;AACd,gBAAA,OAAOT,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBoB,MAAM,CAAC;AAC5CC,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACC,MAAAA,CAAAA;oBACvCU,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;;;AAKA,OACE,MAAMC,IAAKC,CAAAA,CAAAA,MAAM,EAAEjB,MAAAA,GAAS,EAAE,EAAA;AAC5B,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgByB,MAAM,CAAC;oBAC5Cf,KAAO,EAAA;wBAAEgB,EAAIF,EAAAA;AAAQ,qBAAA;AACrBH,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACJ,MAAAA,CAAAA;oBACvCe,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;OAIEK,KAAAA,CAAAA,CAAMD,EAAE,EAAEnB,MAAM,EAAA;gBACd,MAAME,KAAAA,GAAQN,QAAOyB,GAAG,CAAC,gBAAgBC,SAAS,CAAC7B,cAAgBO,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgB8B,OAAO,CAAC;AAC7C,oBAAA,GAAGrB,KAAK;oBACRC,KAAO,EAAA;wBACLqB,IAAM,EAAA;AAAC,4BAAA;AAAEL,gCAAAA;AAAE,6BAAA;4BAAIjB,KAAMC,CAAAA,KAAK,IAAI;AAAG;AAClC;AACP,iBAAA,CAAA;AACG,aAAA;AAEH;;;AAGA,OACEsB,wBAAuBN,EAAE,EAAA;AACvB,gBAAA,OAAOvB,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgB8B,OAAO,CAAC;oBAAEpB,KAAO,EAAA;AAAEgB,wBAAAA;AAAE,qBAAA;oBAAIJ,QAAU,EAAA;AAAC,wBAAA;AAAO;AAAE,iBAAA,CAAA;AACrF,aAAA;AAEH;;;AAGA,OACEW,UAAS1B,MAAM,EAAA;gBACb,MAAME,KAAAA,GAAQN,QAAOyB,GAAG,CAAC,gBAAgBC,SAAS,CAAC7B,cAAgBO,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBkC,QAAQ,CAACzB,KAAAA,CAAAA;AACjD,aAAA;AAEH;;;OAIE,MAAM0B,QAAO5B,MAAM,EAAA;;AAEjB,gBAAA,MAAMH,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,gBAAA,IAAIG,kBAAkBA,cAAegC,CAAAA,SAAS,CAAC,mBAAwB7B,CAAAA,IAAAA,MAAAA,CAAOmB,EAAE,EAAE;AAChF,oBAAA,MAAMtB,eAAe,mBAAqBiC,CAAAA,CAAAA,sBAAsB,CAACC,MAAAA,CAAO/B,OAAOmB,EAAE,CAAA,CAAA;AAClF;AAED,gBAAA,OAAOvB,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBuC,MAAM,CAAC;oBAAE7B,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC9D,aAAA;YAEDiC,gBAAiBC,CAAAA,CAAAA,QAAQ,EAAEvB,IAAI,EAAA;gBAC7B,OAAO7B,MAAAA,CAAOqD,OAAO,CAACD,QAAUvB,EAAAA,IAAAA,CAAAA;AACjC,aAAA;AAED,YAAA,MAAMyB,uBAAsBtC,IAAI,EAAA;AAC9B,gBAAA,MAAMuC,wBAAwB9C,UAAW,CAAA,mBAAA,CAAA;AACzC,gBAAA,MAAM+C,WAAc,GAAA,MAAM1C,OAAO2C,CAAAA,KAAK,CAAC;oBAAE9B,IAAM,EAAA,QAAA;oBAAU+B,IAAM,EAAA;AAAmB,iBAAA,CAAA;gBAClF,MAAMC,UAAAA,GAAa7C,OAAOW,CAAAA,QAAQ,CAACd,cAAAA,CAAAA;AAEnC,gBAAA,MAAMiD,QAAW,GAAA,MAAMJ,WACpBjB,CAAAA,GAAG,CAAC;oBAAEb,GAAK,EAAA;mBACXmC,IAAI,CAAC,CAACC,aAAeA,UAAWC,CAAAA,kBAAkB,CAACC,OAAO,CAAA;;AAG7D,gBAAA,MAAMC,oBAAoB,MAAM7D,QAAAA,CAAS8D,UAAU,CAACC,qBAAqB,CACvE;oBACEC,MAAQT,EAAAA,UAAAA;AACRlC,oBAAAA,QAAAA,EAAUX,OAAOW,CAAAA,QAAQ,CAAC4C,IAAI,CAACvD,OAAAA;iBAEjCE,EAAAA,IAAAA,CAAAA;AAGF,gBAAA,MAAMsD,oBAAoBxE,MAAOyE,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE1D,gBAAA,MAAM,IAAI,CAACtC,IAAI,CAAClB,IAAAA,CAAKqB,EAAE,EAAE;AAAEiC,oBAAAA;AAAiB,iBAAA,CAAA;AAE5C,gBAAA,MAAMG,SAAY3D,GAAAA,OAAAA,CAAO4D,MAAM,CAACnC,GAAG,CAAC,iBAAA,CAAA;gBAEpC,IAAI;oBACFqB,QAASe,CAAAA,OAAO,GAAG,MAAMpB,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASe,OAAO,EAAE;AACxEE,wBAAAA,GAAAA,EAAK3E,QACHY,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,uBAClBkC,SACA,EAAA,0BAAA,CAAA;AAEFK,wBAAAA,UAAAA,EAAYhE,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,oBAAA,CAAA;AAC9BwC,wBAAAA,SAAAA,EAAWjE,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,mBAAA,CAAA;wBAC7ByC,IAAMf,EAAAA,iBAAAA;wBACNgB,IAAMX,EAAAA;AACd,qBAAA,CAAA;oBAEMV,QAASsB,CAAAA,MAAM,GAAG,MAAM3B,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASsB,MAAM,EAAE;wBACtEF,IAAMf,EAAAA;AACd,qBAAA,CAAA;AACA,iBAAA,CAAM,OAAM;oBACNnD,OAAOqE,CAAAA,GAAG,CAACC,KAAK,CACd,mNAAA,CAAA;AAEF,oBAAA;AACD;;gBAGD,MAAMtE,OAAAA,CACHuE,MAAM,CAAC,OAAA,CAAA,CACPC,OAAO,CAAC,OAAA,CAAA,CACRC,IAAI,CAAC;AACJC,oBAAAA,EAAAA,EAAIxE,KAAKyE,KAAK;oBACdC,IACE9B,EAAAA,QAAAA,CAAS8B,IAAI,CAACD,KAAK,IAAI7B,SAAS8B,IAAI,CAAChC,IAAI,GACrC,CAAGE,EAAAA,QAAAA,CAAS8B,IAAI,CAAChC,IAAI,CAAC,EAAE,EAAEE,QAAAA,CAAS8B,IAAI,CAACD,KAAK,CAAC,CAAC,CAAC,GAChDE,SAAAA;AACNC,oBAAAA,OAAAA,EAAShC,SAASiC,cAAc;AAChCC,oBAAAA,OAAAA,EAASlC,SAASsB,MAAM;AACxBa,oBAAAA,IAAAA,EAAMnC,SAASe,OAAO;AACtBqB,oBAAAA,IAAAA,EAAMpC,SAASe;AACvB,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
package/dist/server/services/user.mjs CHANGED
@@ -21,13 +21,17 @@ function requireUser() {
21
21
  const { toNumber, getOr } = require$$0$1;
22
22
  const { getService } = requireUtils();
23
23
  const USER_MODEL_UID = 'plugin::users-permissions.user';
24
- user = ({ strapi })=>({
24
+ const getSessionManager = ()=>{
25
+ const manager = strapi.sessionManager;
26
+ return manager ?? null;
27
+ };
28
+ user = ({ strapi: strapi1 })=>({
25
29
  /**
26
30
  * Promise to count users
27
31
  *
28
32
  * @return {Promise}
29
33
  */ count (params) {
30
- return strapi.db.query(USER_MODEL_UID).count({
34
+ return strapi1.db.query(USER_MODEL_UID).count({
31
35
  where: params
32
36
  });
33
37
  },
@@ -39,7 +43,7 @@ function requireUser() {
39
43
  * @param {object} values - The object containing the fields to be hashed.
40
44
  * @return {object} The values object with hashed password fields if they were present.
41
45
  */ async ensureHashedPasswords (values) {
42
- const attributes = strapi.getModel(USER_MODEL_UID).attributes;
46
+ const attributes = strapi1.getModel(USER_MODEL_UID).attributes;
43
47
  for(const key in values){
44
48
  if (attributes[key] && attributes[key].type === 'password') {
45
49
  // Check if a custom encryption.rounds has been set on the password attribute
@@ -53,7 +57,7 @@ function requireUser() {
53
57
  * Promise to add a/an user.
54
58
  * @return {Promise}
55
59
  */ async add (values) {
56
- return strapi.db.query(USER_MODEL_UID).create({
60
+ return strapi1.db.query(USER_MODEL_UID).create({
57
61
  data: await this.ensureHashedPasswords(values),
58
62
  populate: [
59
63
  'role'
@@ -66,7 +70,7 @@ function requireUser() {
66
70
  * @param {object} params
67
71
  * @return {Promise}
68
72
  */ async edit (userId, params = {}) {
69
- return strapi.db.query(USER_MODEL_UID).update({
73
+ return strapi1.db.query(USER_MODEL_UID).update({
70
74
  where: {
71
75
  id: userId
72
76
  },
@@ -80,8 +84,8 @@ function requireUser() {
80
84
  * Promise to fetch a/an user.
81
85
  * @return {Promise}
82
86
  */ fetch (id, params) {
83
- const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
84
- return strapi.db.query(USER_MODEL_UID).findOne({
87
+ const query = strapi1.get('query-params').transform(USER_MODEL_UID, params ?? {});
88
+ return strapi1.db.query(USER_MODEL_UID).findOne({
85
89
  ...query,
86
90
  where: {
87
91
  $and: [
@@ -97,7 +101,7 @@ function requireUser() {
97
101
  * Promise to fetch authenticated user.
98
102
  * @return {Promise}
99
103
  */ fetchAuthenticatedUser (id) {
100
- return strapi.db.query(USER_MODEL_UID).findOne({
104
+ return strapi1.db.query(USER_MODEL_UID).findOne({
101
105
  where: {
102
106
  id
103
107
  },
@@ -110,14 +114,19 @@ function requireUser() {
110
114
  * Promise to fetch all users.
111
115
  * @return {Promise}
112
116
  */ fetchAll (params) {
113
- const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});
114
- return strapi.db.query(USER_MODEL_UID).findMany(query);
117
+ const query = strapi1.get('query-params').transform(USER_MODEL_UID, params ?? {});
118
+ return strapi1.db.query(USER_MODEL_UID).findMany(query);
115
119
  },
116
120
  /**
117
121
  * Promise to remove a/an user.
118
122
  * @return {Promise}
119
123
  */ async remove (params) {
120
- return strapi.db.query(USER_MODEL_UID).delete({
124
+ // Invalidate sessions for all affected users
125
+ const sessionManager = getSessionManager();
126
+ if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {
127
+ await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));
128
+ }
129
+ return strapi1.db.query(USER_MODEL_UID).delete({
121
130
  where: params
122
131
  });
123
132
  },
@@ -126,29 +135,29 @@ function requireUser() {
126
135
  },
127
136
  async sendConfirmationEmail (user) {
128
137
  const userPermissionService = getService('users-permissions');
129
- const pluginStore = await strapi.store({
138
+ const pluginStore = await strapi1.store({
130
139
  type: 'plugin',
131
140
  name: 'users-permissions'
132
141
  });
133
- const userSchema = strapi.getModel(USER_MODEL_UID);
142
+ const userSchema = strapi1.getModel(USER_MODEL_UID);
134
143
  const settings = await pluginStore.get({
135
144
  key: 'email'
136
145
  }).then((storeEmail)=>storeEmail.email_confirmation.options);
137
146
  // Sanitize the template's user information
138
147
  const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput({
139
148
  schema: userSchema,
140
- getModel: strapi.getModel.bind(strapi)
149
+ getModel: strapi1.getModel.bind(strapi1)
141
150
  }, user);
142
151
  const confirmationToken = crypto.randomBytes(20).toString('hex');
143
152
  await this.edit(user.id, {
144
153
  confirmationToken
145
154
  });
146
- const apiPrefix = strapi.config.get('api.rest.prefix');
155
+ const apiPrefix = strapi1.config.get('api.rest.prefix');
147
156
  try {
148
157
  settings.message = await userPermissionService.template(settings.message, {
149
- URL: urlJoin(strapi.config.get('server.absoluteUrl'), apiPrefix, '/auth/email-confirmation'),
150
- SERVER_URL: strapi.config.get('server.absoluteUrl'),
151
- ADMIN_URL: strapi.config.get('admin.absoluteUrl'),
158
+ URL: urlJoin(strapi1.config.get('server.absoluteUrl'), apiPrefix, '/auth/email-confirmation'),
159
+ SERVER_URL: strapi1.config.get('server.absoluteUrl'),
160
+ ADMIN_URL: strapi1.config.get('admin.absoluteUrl'),
152
161
  USER: sanitizedUserInfo,
153
162
  CODE: confirmationToken
154
163
  });
@@ -156,11 +165,11 @@ function requireUser() {
156
165
  USER: sanitizedUserInfo
157
166
  });
158
167
  } catch {
159
- strapi.log.error('[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for "user confirmation email". Please make sure your email template is valid and does not contain invalid characters or patterns');
168
+ strapi1.log.error('[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for "user confirmation email". Please make sure your email template is valid and does not contain invalid characters or patterns');
160
169
  return;
161
170
  }
162
171
  // Send an email to the user.
163
- await strapi.plugin('email').service('email').send({
172
+ await strapi1.plugin('email').service('email').send({
164
173
  to: user.email,
165
174
  from: settings.from.email && settings.from.name ? `${settings.from.name} <${settings.from.email}>` : undefined,
166
175
  replyTo: settings.response_email,
package/dist/server/services/user.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"user.mjs","sources":["../../../server/services/user.js"],"sourcesContent":["'use strict';\n\n/**\n * User.js service\n *\n * @description: A set of functions similar to controller's actions to avoid code duplication.\n */\n\nconst crypto = require('crypto');\nconst bcrypt = require('bcryptjs');\nconst urlJoin = require('url-join');\n\nconst { sanitize } = require('@strapi/utils');\nconst { toNumber, getOr } = require('lodash/fp');\nconst { getService } = require('../utils');\n\nconst USER_MODEL_UID = 'plugin::users-permissions.user';\n\nmodule.exports = ({ strapi }) => ({\n /**\n * Promise to count users\n *\n * @return {Promise}\n */\n\n count(params) {\n return strapi.db.query(USER_MODEL_UID).count({ where: params });\n },\n\n /**\n * Hashes password fields in the provided values object if they are present.\n * It checks each key in the values object against the model's attributes and\n * hashes it if the attribute type is 'password',\n *\n * @param {object} values - The object containing the fields to be hashed.\n * @return {object} The values object with hashed password fields if they were present.\n */\n async ensureHashedPasswords(values) {\n const attributes = strapi.getModel(USER_MODEL_UID).attributes;\n\n for (const key in values) {\n if (attributes[key] && attributes[key].type === 'password') {\n // Check if a custom encryption.rounds has been set on the password attribute\n const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));\n values[key] = await bcrypt.hash(values[key], rounds);\n }\n }\n\n return values;\n },\n\n /**\n * Promise to add a/an user.\n * @return {Promise}\n */\n async add(values) {\n return strapi.db.query(USER_MODEL_UID).create({\n data: await this.ensureHashedPasswords(values),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to edit a/an user.\n * @param {string} userId\n * @param {object} params\n * @return {Promise}\n */\n async edit(userId, params = {}) {\n return strapi.db.query(USER_MODEL_UID).update({\n where: { id: userId },\n data: await this.ensureHashedPasswords(params),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to fetch a/an user.\n * @return {Promise}\n */\n fetch(id, params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findOne({\n ...query,\n where: {\n $and: [{ id }, query.where || {}],\n },\n });\n },\n\n /**\n * Promise to fetch authenticated user.\n * @return {Promise}\n */\n fetchAuthenticatedUser(id) {\n return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });\n },\n\n /**\n * Promise to fetch all users.\n * @return {Promise}\n */\n fetchAll(params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findMany(query);\n },\n\n /**\n * Promise to remove a/an user.\n * @return {Promise}\n */\n async remove(params) {\n return strapi.db.query(USER_MODEL_UID).delete({ where: params });\n },\n\n validatePassword(password, hash) {\n return bcrypt.compare(password, hash);\n },\n\n async sendConfirmationEmail(user) {\n const userPermissionService = getService('users-permissions');\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n const userSchema = strapi.getModel(USER_MODEL_UID);\n\n const settings = await pluginStore\n .get({ key: 'email' })\n .then((storeEmail) => storeEmail.email_confirmation.options);\n\n // Sanitize the template's user information\n const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(\n {\n schema: userSchema,\n getModel: strapi.getModel.bind(strapi),\n },\n user\n );\n\n const confirmationToken = crypto.randomBytes(20).toString('hex');\n\n await this.edit(user.id, { confirmationToken });\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n\n try {\n settings.message = await userPermissionService.template(settings.message, {\n URL: urlJoin(\n strapi.config.get('server.absoluteUrl'),\n apiPrefix,\n '/auth/email-confirmation'\n ),\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: sanitizedUserInfo,\n CODE: confirmationToken,\n });\n\n settings.object = await userPermissionService.template(settings.object, {\n USER: sanitizedUserInfo,\n });\n } catch {\n strapi.log.error(\n '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for \"user confirmation email\". Please make sure your email template is valid and does not contain invalid characters or patterns'\n );\n return;\n }\n\n // Send an email to the user.\n await strapi\n .plugin('email')\n .service('email')\n .send({\n to: user.email,\n from:\n settings.from.email && settings.from.name\n ? `${settings.from.name} <${settings.from.email}>`\n : undefined,\n replyTo: settings.response_email,\n subject: settings.object,\n text: settings.message,\n html: settings.message,\n });\n },\n});\n"],"names":["crypto","require$$0","bcrypt","require$$1","urlJoin","require$$2","sanitize","require$$3","toNumber","getOr","require$$4","getService","require$$5","USER_MODEL_UID","user","strapi","count","params","db","query","where","ensureHashedPasswords","values","attributes","getModel","key","type","rounds","hash","add","create","data","populate","edit","userId","update","id","fetch","get","transform","findOne","$and","fetchAuthenticatedUser","fetchAll","findMany","remove","delete","validatePassword","password","compare","sendConfirmationEmail","userPermissionService","pluginStore","store","name","userSchema","settings","then","storeEmail","email_confirmation","options","sanitizedUserInfo","sanitizers","defaultSanitizeOutput","schema","bind","confirmationToken","randomBytes","toString","apiPrefix","config","message","template","URL","SERVER_URL","ADMIN_URL","USER","CODE","object","log","error","plugin","service","send","to","email","from","undefined","replyTo","response_email","subject","text","html"],"mappings":";;;;;;;;;;;;AAEA;;;;AAIA,KAEA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAEhB,MAAM,EAAEC,QAAQ,EAAE,GAAGC,YAAAA;AACrB,IAAA,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAE,GAAGC,YAAAA;IAC5B,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,cAAiB,GAAA,gCAAA;AAEvBC,IAAAA,IAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAClC;;;;AAIA,OAEEC,OAAMC,MAAM,EAAA;AACV,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBG,KAAK,CAAC;oBAAEI,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC7D,aAAA;AAEH;;;;;;;OAQE,MAAMI,uBAAsBC,MAAM,EAAA;AAChC,gBAAA,MAAMC,UAAaR,GAAAA,MAAAA,CAAOS,QAAQ,CAACX,gBAAgBU,UAAU;gBAE7D,IAAK,MAAME,OAAOH,MAAQ,CAAA;oBACxB,IAAIC,UAAU,CAACE,GAAAA,CAAI,IAAIF,UAAU,CAACE,GAAI,CAAA,CAACC,IAAI,KAAK,UAAY,EAAA;;AAE1D,wBAAA,MAAMC,SAASnB,QAASC,CAAAA,KAAAA,CAAM,IAAI,mBAAqBc,EAAAA,UAAU,CAACE,GAAI,CAAA,CAAA,CAAA;wBACtEH,MAAM,CAACG,GAAI,CAAA,GAAG,MAAMvB,MAAAA,CAAO0B,IAAI,CAACN,MAAM,CAACG,GAAAA,CAAI,EAAEE,MAAAA,CAAAA;AAC9C;AACF;gBAED,OAAOL,MAAAA;AACR,aAAA;AAEH;;;OAIE,MAAMO,KAAIP,MAAM,EAAA;AACd,gBAAA,OAAOP,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBiB,MAAM,CAAC;AAC5CC,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACC,MAAAA,CAAAA;oBACvCU,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;;;AAKA,OACE,MAAMC,IAAKC,CAAAA,CAAAA,MAAM,EAAEjB,MAAAA,GAAS,EAAE,EAAA;AAC5B,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBsB,MAAM,CAAC;oBAC5Cf,KAAO,EAAA;wBAAEgB,EAAIF,EAAAA;AAAQ,qBAAA;AACrBH,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACJ,MAAAA,CAAAA;oBACvCe,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;OAIEK,KAAAA,CAAAA,CAAMD,EAAE,EAAEnB,MAAM,EAAA;gBACd,MAAME,KAAAA,GAAQJ,OAAOuB,GAAG,CAAC,gBAAgBC,SAAS,CAAC1B,cAAgBI,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB2B,OAAO,CAAC;AAC7C,oBAAA,GAAGrB,KAAK;oBACRC,KAAO,EAAA;wBACLqB,IAAM,EAAA;AAAC,4BAAA;AAAEL,gCAAAA;AAAE,6BAAA;4BAAIjB,KAAMC,CAAAA,KAAK,IAAI;AAAG;AAClC;AACP,iBAAA,CAAA;AACG,aAAA;AAEH;;;AAGA,OACEsB,wBAAuBN,EAAE,EAAA;AACvB,gBAAA,OAAOrB,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB2B,OAAO,CAAC;oBAAEpB,KAAO,EAAA;AAAEgB,wBAAAA;AAAE,qBAAA;oBAAIJ,QAAU,EAAA;AAAC,wBAAA;AAAO;AAAE,iBAAA,CAAA;AACrF,aAAA;AAEH;;;AAGA,OACEW,UAAS1B,MAAM,EAAA;gBACb,MAAME,KAAAA,GAAQJ,OAAOuB,GAAG,CAAC,gBAAgBC,SAAS,CAAC1B,cAAgBI,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgB+B,QAAQ,CAACzB,KAAAA,CAAAA;AACjD,aAAA;AAEH;;;OAIE,MAAM0B,QAAO5B,MAAM,EAAA;AACjB,gBAAA,OAAOF,OAAOG,EAAE,CAACC,KAAK,CAACN,cAAAA,CAAAA,CAAgBiC,MAAM,CAAC;oBAAE1B,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC9D,aAAA;YAED8B,gBAAiBC,CAAAA,CAAAA,QAAQ,EAAEpB,IAAI,EAAA;gBAC7B,OAAO1B,MAAAA,CAAO+C,OAAO,CAACD,QAAUpB,EAAAA,IAAAA,CAAAA;AACjC,aAAA;AAED,YAAA,MAAMsB,uBAAsBpC,IAAI,EAAA;AAC9B,gBAAA,MAAMqC,wBAAwBxC,UAAW,CAAA,mBAAA,CAAA;AACzC,gBAAA,MAAMyC,WAAc,GAAA,MAAMrC,MAAOsC,CAAAA,KAAK,CAAC;oBAAE3B,IAAM,EAAA,QAAA;oBAAU4B,IAAM,EAAA;AAAmB,iBAAA,CAAA;gBAClF,MAAMC,UAAAA,GAAaxC,MAAOS,CAAAA,QAAQ,CAACX,cAAAA,CAAAA;AAEnC,gBAAA,MAAM2C,QAAW,GAAA,MAAMJ,WACpBd,CAAAA,GAAG,CAAC;oBAAEb,GAAK,EAAA;mBACXgC,IAAI,CAAC,CAACC,aAAeA,UAAWC,CAAAA,kBAAkB,CAACC,OAAO,CAAA;;AAG7D,gBAAA,MAAMC,oBAAoB,MAAMvD,QAAAA,CAASwD,UAAU,CAACC,qBAAqB,CACvE;oBACEC,MAAQT,EAAAA,UAAAA;AACR/B,oBAAAA,QAAAA,EAAUT,MAAOS,CAAAA,QAAQ,CAACyC,IAAI,CAAClD,MAAAA;iBAEjCD,EAAAA,IAAAA,CAAAA;AAGF,gBAAA,MAAMoD,oBAAoBlE,MAAOmE,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE1D,gBAAA,MAAM,IAAI,CAACnC,IAAI,CAACnB,IAAAA,CAAKsB,EAAE,EAAE;AAAE8B,oBAAAA;AAAiB,iBAAA,CAAA;AAE5C,gBAAA,MAAMG,SAAYtD,GAAAA,MAAAA,CAAOuD,MAAM,CAAChC,GAAG,CAAC,iBAAA,CAAA;gBAEpC,IAAI;oBACFkB,QAASe,CAAAA,OAAO,GAAG,MAAMpB,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASe,OAAO,EAAE;AACxEE,wBAAAA,GAAAA,EAAKrE,QACHW,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,uBAClB+B,SACA,EAAA,0BAAA,CAAA;AAEFK,wBAAAA,UAAAA,EAAY3D,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,oBAAA,CAAA;AAC9BqC,wBAAAA,SAAAA,EAAW5D,MAAOuD,CAAAA,MAAM,CAAChC,GAAG,CAAC,mBAAA,CAAA;wBAC7BsC,IAAMf,EAAAA,iBAAAA;wBACNgB,IAAMX,EAAAA;AACd,qBAAA,CAAA;oBAEMV,QAASsB,CAAAA,MAAM,GAAG,MAAM3B,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASsB,MAAM,EAAE;wBACtEF,IAAMf,EAAAA;AACd,qBAAA,CAAA;AACA,iBAAA,CAAM,OAAM;oBACN9C,MAAOgE,CAAAA,GAAG,CAACC,KAAK,CACd,mNAAA,CAAA;AAEF,oBAAA;AACD;;gBAGD,MAAMjE,MAAAA,CACHkE,MAAM,CAAC,OAAA,CAAA,CACPC,OAAO,CAAC,OAAA,CAAA,CACRC,IAAI,CAAC;AACJC,oBAAAA,EAAAA,EAAItE,KAAKuE,KAAK;oBACdC,IACE9B,EAAAA,QAAAA,CAAS8B,IAAI,CAACD,KAAK,IAAI7B,QAAS8B,CAAAA,IAAI,CAAChC,IAAI,GACrC,CAAC,EAAEE,QAAAA,CAAS8B,IAAI,CAAChC,IAAI,CAAC,EAAE,EAAEE,QAAAA,CAAS8B,IAAI,CAACD,KAAK,CAAC,CAAC,CAAC,GAChDE,SAAAA;AACNC,oBAAAA,OAAAA,EAAShC,SAASiC,cAAc;AAChCC,oBAAAA,OAAAA,EAASlC,SAASsB,MAAM;AACxBa,oBAAAA,IAAAA,EAAMnC,SAASe,OAAO;AACtBqB,oBAAAA,IAAAA,EAAMpC,SAASe;AACvB,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"user.mjs","sources":["../../../server/services/user.js"],"sourcesContent":["'use strict';\n\n/**\n * User.js service\n *\n * @description: A set of functions similar to controller's actions to avoid code duplication.\n */\n\nconst crypto = require('crypto');\nconst bcrypt = require('bcryptjs');\nconst urlJoin = require('url-join');\n\nconst { sanitize } = require('@strapi/utils');\nconst { toNumber, getOr } = require('lodash/fp');\nconst { getService } = require('../utils');\n\nconst USER_MODEL_UID = 'plugin::users-permissions.user';\n\nconst getSessionManager = () => {\n const manager = strapi.sessionManager;\n return manager ?? null;\n};\n\nmodule.exports = ({ strapi }) => ({\n /**\n * Promise to count users\n *\n * @return {Promise}\n */\n\n count(params) {\n return strapi.db.query(USER_MODEL_UID).count({ where: params });\n },\n\n /**\n * Hashes password fields in the provided values object if they are present.\n * It checks each key in the values object against the model's attributes and\n * hashes it if the attribute type is 'password',\n *\n * @param {object} values - The object containing the fields to be hashed.\n * @return {object} The values object with hashed password fields if they were present.\n */\n async ensureHashedPasswords(values) {\n const attributes = strapi.getModel(USER_MODEL_UID).attributes;\n\n for (const key in values) {\n if (attributes[key] && attributes[key].type === 'password') {\n // Check if a custom encryption.rounds has been set on the password attribute\n const rounds = toNumber(getOr(10, 'encryption.rounds', attributes[key]));\n values[key] = await bcrypt.hash(values[key], rounds);\n }\n }\n\n return values;\n },\n\n /**\n * Promise to add a/an user.\n * @return {Promise}\n */\n async add(values) {\n return strapi.db.query(USER_MODEL_UID).create({\n data: await this.ensureHashedPasswords(values),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to edit a/an user.\n * @param {string} userId\n * @param {object} params\n * @return {Promise}\n */\n async edit(userId, params = {}) {\n return strapi.db.query(USER_MODEL_UID).update({\n where: { id: userId },\n data: await this.ensureHashedPasswords(params),\n populate: ['role'],\n });\n },\n\n /**\n * Promise to fetch a/an user.\n * @return {Promise}\n */\n fetch(id, params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findOne({\n ...query,\n where: {\n $and: [{ id }, query.where || {}],\n },\n });\n },\n\n /**\n * Promise to fetch authenticated user.\n * @return {Promise}\n */\n fetchAuthenticatedUser(id) {\n return strapi.db.query(USER_MODEL_UID).findOne({ where: { id }, populate: ['role'] });\n },\n\n /**\n * Promise to fetch all users.\n * @return {Promise}\n */\n fetchAll(params) {\n const query = strapi.get('query-params').transform(USER_MODEL_UID, params ?? {});\n\n return strapi.db.query(USER_MODEL_UID).findMany(query);\n },\n\n /**\n * Promise to remove a/an user.\n * @return {Promise}\n */\n async remove(params) {\n // Invalidate sessions for all affected users\n const sessionManager = getSessionManager();\n if (sessionManager && sessionManager.hasOrigin('users-permissions') && params.id) {\n await sessionManager('users-permissions').invalidateRefreshToken(String(params.id));\n }\n\n return strapi.db.query(USER_MODEL_UID).delete({ where: params });\n },\n\n validatePassword(password, hash) {\n return bcrypt.compare(password, hash);\n },\n\n async sendConfirmationEmail(user) {\n const userPermissionService = getService('users-permissions');\n const pluginStore = await strapi.store({ type: 'plugin', name: 'users-permissions' });\n const userSchema = strapi.getModel(USER_MODEL_UID);\n\n const settings = await pluginStore\n .get({ key: 'email' })\n .then((storeEmail) => storeEmail.email_confirmation.options);\n\n // Sanitize the template's user information\n const sanitizedUserInfo = await sanitize.sanitizers.defaultSanitizeOutput(\n {\n schema: userSchema,\n getModel: strapi.getModel.bind(strapi),\n },\n user\n );\n\n const confirmationToken = crypto.randomBytes(20).toString('hex');\n\n await this.edit(user.id, { confirmationToken });\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n\n try {\n settings.message = await userPermissionService.template(settings.message, {\n URL: urlJoin(\n strapi.config.get('server.absoluteUrl'),\n apiPrefix,\n '/auth/email-confirmation'\n ),\n SERVER_URL: strapi.config.get('server.absoluteUrl'),\n ADMIN_URL: strapi.config.get('admin.absoluteUrl'),\n USER: sanitizedUserInfo,\n CODE: confirmationToken,\n });\n\n settings.object = await userPermissionService.template(settings.object, {\n USER: sanitizedUserInfo,\n });\n } catch {\n strapi.log.error(\n '[plugin::users-permissions.sendConfirmationEmail]: Failed to generate a template for \"user confirmation email\". Please make sure your email template is valid and does not contain invalid characters or patterns'\n );\n return;\n }\n\n // Send an email to the user.\n await strapi\n .plugin('email')\n .service('email')\n .send({\n to: user.email,\n from:\n settings.from.email && settings.from.name\n ? `${settings.from.name} <${settings.from.email}>`\n : undefined,\n replyTo: settings.response_email,\n subject: settings.object,\n text: settings.message,\n html: settings.message,\n });\n },\n});\n"],"names":["crypto","require$$0","bcrypt","require$$1","urlJoin","require$$2","sanitize","require$$3","toNumber","getOr","require$$4","getService","require$$5","USER_MODEL_UID","getSessionManager","manager","strapi","sessionManager","user","count","params","db","query","where","ensureHashedPasswords","values","attributes","getModel","key","type","rounds","hash","add","create","data","populate","edit","userId","update","id","fetch","get","transform","findOne","$and","fetchAuthenticatedUser","fetchAll","findMany","remove","hasOrigin","invalidateRefreshToken","String","delete","validatePassword","password","compare","sendConfirmationEmail","userPermissionService","pluginStore","store","name","userSchema","settings","then","storeEmail","email_confirmation","options","sanitizedUserInfo","sanitizers","defaultSanitizeOutput","schema","bind","confirmationToken","randomBytes","toString","apiPrefix","config","message","template","URL","SERVER_URL","ADMIN_URL","USER","CODE","object","log","error","plugin","service","send","to","email","from","undefined","replyTo","response_email","subject","text","html"],"mappings":";;;;;;;;;;;;AAEA;;;;AAIA,KAEA,MAAMA,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,MAASC,GAAAA,UAAAA;AACf,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;IAEhB,MAAM,EAAEC,QAAQ,EAAE,GAAGC,YAAAA;AACrB,IAAA,MAAM,EAAEC,QAAQ,EAAEC,KAAK,EAAE,GAAGC,YAAAA;IAC5B,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,cAAiB,GAAA,gCAAA;AAEvB,IAAA,MAAMC,iBAAoB,GAAA,IAAA;QACxB,MAAMC,OAAAA,GAAUC,OAAOC,cAAc;AACrC,QAAA,OAAOF,OAAW,IAAA,IAAA;AACpB,KAAA;AAEAG,IAAAA,IAAAA,GAAiB,CAAC,EAAEF,MAAAA,EAAAA,OAAM,EAAE,IAAM;AAClC;;;;AAIA,OAEEG,OAAMC,MAAM,EAAA;AACV,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBM,KAAK,CAAC;oBAAEI,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC7D,aAAA;AAEH;;;;;;;OAQE,MAAMI,uBAAsBC,MAAM,EAAA;AAChC,gBAAA,MAAMC,UAAaV,GAAAA,OAAAA,CAAOW,QAAQ,CAACd,gBAAgBa,UAAU;gBAE7D,IAAK,MAAME,OAAOH,MAAQ,CAAA;oBACxB,IAAIC,UAAU,CAACE,GAAAA,CAAI,IAAIF,UAAU,CAACE,GAAI,CAAA,CAACC,IAAI,KAAK,UAAY,EAAA;;AAE1D,wBAAA,MAAMC,SAAStB,QAASC,CAAAA,KAAAA,CAAM,IAAI,mBAAqBiB,EAAAA,UAAU,CAACE,GAAI,CAAA,CAAA,CAAA;wBACtEH,MAAM,CAACG,GAAI,CAAA,GAAG,MAAM1B,MAAAA,CAAO6B,IAAI,CAACN,MAAM,CAACG,GAAAA,CAAI,EAAEE,MAAAA,CAAAA;AAC9C;AACF;gBAED,OAAOL,MAAAA;AACR,aAAA;AAEH;;;OAIE,MAAMO,KAAIP,MAAM,EAAA;AACd,gBAAA,OAAOT,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBoB,MAAM,CAAC;AAC5CC,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACC,MAAAA,CAAAA;oBACvCU,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;;;AAKA,OACE,MAAMC,IAAKC,CAAAA,CAAAA,MAAM,EAAEjB,MAAAA,GAAS,EAAE,EAAA;AAC5B,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgByB,MAAM,CAAC;oBAC5Cf,KAAO,EAAA;wBAAEgB,EAAIF,EAAAA;AAAQ,qBAAA;AACrBH,oBAAAA,IAAAA,EAAM,MAAM,IAAI,CAACV,qBAAqB,CAACJ,MAAAA,CAAAA;oBACvCe,QAAU,EAAA;AAAC,wBAAA;AAAO;AACxB,iBAAA,CAAA;AACG,aAAA;AAEH;;;OAIEK,KAAAA,CAAAA,CAAMD,EAAE,EAAEnB,MAAM,EAAA;gBACd,MAAME,KAAAA,GAAQN,QAAOyB,GAAG,CAAC,gBAAgBC,SAAS,CAAC7B,cAAgBO,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgB8B,OAAO,CAAC;AAC7C,oBAAA,GAAGrB,KAAK;oBACRC,KAAO,EAAA;wBACLqB,IAAM,EAAA;AAAC,4BAAA;AAAEL,gCAAAA;AAAE,6BAAA;4BAAIjB,KAAMC,CAAAA,KAAK,IAAI;AAAG;AAClC;AACP,iBAAA,CAAA;AACG,aAAA;AAEH;;;AAGA,OACEsB,wBAAuBN,EAAE,EAAA;AACvB,gBAAA,OAAOvB,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgB8B,OAAO,CAAC;oBAAEpB,KAAO,EAAA;AAAEgB,wBAAAA;AAAE,qBAAA;oBAAIJ,QAAU,EAAA;AAAC,wBAAA;AAAO;AAAE,iBAAA,CAAA;AACrF,aAAA;AAEH;;;AAGA,OACEW,UAAS1B,MAAM,EAAA;gBACb,MAAME,KAAAA,GAAQN,QAAOyB,GAAG,CAAC,gBAAgBC,SAAS,CAAC7B,cAAgBO,EAAAA,MAAAA,IAAU,EAAA,CAAA;AAE7E,gBAAA,OAAOJ,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBkC,QAAQ,CAACzB,KAAAA,CAAAA;AACjD,aAAA;AAEH;;;OAIE,MAAM0B,QAAO5B,MAAM,EAAA;;AAEjB,gBAAA,MAAMH,cAAiBH,GAAAA,iBAAAA,EAAAA;AACvB,gBAAA,IAAIG,kBAAkBA,cAAegC,CAAAA,SAAS,CAAC,mBAAwB7B,CAAAA,IAAAA,MAAAA,CAAOmB,EAAE,EAAE;AAChF,oBAAA,MAAMtB,eAAe,mBAAqBiC,CAAAA,CAAAA,sBAAsB,CAACC,MAAAA,CAAO/B,OAAOmB,EAAE,CAAA,CAAA;AAClF;AAED,gBAAA,OAAOvB,QAAOK,EAAE,CAACC,KAAK,CAACT,cAAAA,CAAAA,CAAgBuC,MAAM,CAAC;oBAAE7B,KAAOH,EAAAA;AAAM,iBAAA,CAAA;AAC9D,aAAA;YAEDiC,gBAAiBC,CAAAA,CAAAA,QAAQ,EAAEvB,IAAI,EAAA;gBAC7B,OAAO7B,MAAAA,CAAOqD,OAAO,CAACD,QAAUvB,EAAAA,IAAAA,CAAAA;AACjC,aAAA;AAED,YAAA,MAAMyB,uBAAsBtC,IAAI,EAAA;AAC9B,gBAAA,MAAMuC,wBAAwB9C,UAAW,CAAA,mBAAA,CAAA;AACzC,gBAAA,MAAM+C,WAAc,GAAA,MAAM1C,OAAO2C,CAAAA,KAAK,CAAC;oBAAE9B,IAAM,EAAA,QAAA;oBAAU+B,IAAM,EAAA;AAAmB,iBAAA,CAAA;gBAClF,MAAMC,UAAAA,GAAa7C,OAAOW,CAAAA,QAAQ,CAACd,cAAAA,CAAAA;AAEnC,gBAAA,MAAMiD,QAAW,GAAA,MAAMJ,WACpBjB,CAAAA,GAAG,CAAC;oBAAEb,GAAK,EAAA;mBACXmC,IAAI,CAAC,CAACC,aAAeA,UAAWC,CAAAA,kBAAkB,CAACC,OAAO,CAAA;;AAG7D,gBAAA,MAAMC,oBAAoB,MAAM7D,QAAAA,CAAS8D,UAAU,CAACC,qBAAqB,CACvE;oBACEC,MAAQT,EAAAA,UAAAA;AACRlC,oBAAAA,QAAAA,EAAUX,OAAOW,CAAAA,QAAQ,CAAC4C,IAAI,CAACvD,OAAAA;iBAEjCE,EAAAA,IAAAA,CAAAA;AAGF,gBAAA,MAAMsD,oBAAoBxE,MAAOyE,CAAAA,WAAW,CAAC,EAAA,CAAA,CAAIC,QAAQ,CAAC,KAAA,CAAA;AAE1D,gBAAA,MAAM,IAAI,CAACtC,IAAI,CAAClB,IAAAA,CAAKqB,EAAE,EAAE;AAAEiC,oBAAAA;AAAiB,iBAAA,CAAA;AAE5C,gBAAA,MAAMG,SAAY3D,GAAAA,OAAAA,CAAO4D,MAAM,CAACnC,GAAG,CAAC,iBAAA,CAAA;gBAEpC,IAAI;oBACFqB,QAASe,CAAAA,OAAO,GAAG,MAAMpB,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASe,OAAO,EAAE;AACxEE,wBAAAA,GAAAA,EAAK3E,QACHY,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,uBAClBkC,SACA,EAAA,0BAAA,CAAA;AAEFK,wBAAAA,UAAAA,EAAYhE,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,oBAAA,CAAA;AAC9BwC,wBAAAA,SAAAA,EAAWjE,OAAO4D,CAAAA,MAAM,CAACnC,GAAG,CAAC,mBAAA,CAAA;wBAC7ByC,IAAMf,EAAAA,iBAAAA;wBACNgB,IAAMX,EAAAA;AACd,qBAAA,CAAA;oBAEMV,QAASsB,CAAAA,MAAM,GAAG,MAAM3B,qBAAAA,CAAsBqB,QAAQ,CAAChB,QAAAA,CAASsB,MAAM,EAAE;wBACtEF,IAAMf,EAAAA;AACd,qBAAA,CAAA;AACA,iBAAA,CAAM,OAAM;oBACNnD,OAAOqE,CAAAA,GAAG,CAACC,KAAK,CACd,mNAAA,CAAA;AAEF,oBAAA;AACD;;gBAGD,MAAMtE,OAAAA,CACHuE,MAAM,CAAC,OAAA,CAAA,CACPC,OAAO,CAAC,OAAA,CAAA,CACRC,IAAI,CAAC;AACJC,oBAAAA,EAAAA,EAAIxE,KAAKyE,KAAK;oBACdC,IACE9B,EAAAA,QAAAA,CAAS8B,IAAI,CAACD,KAAK,IAAI7B,SAAS8B,IAAI,CAAChC,IAAI,GACrC,CAAGE,EAAAA,QAAAA,CAAS8B,IAAI,CAAChC,IAAI,CAAC,EAAE,EAAEE,QAAAA,CAAS8B,IAAI,CAACD,KAAK,CAAC,CAAC,CAAC,GAChDE,SAAAA;AACNC,oBAAAA,OAAAA,EAAShC,SAASiC,cAAc;AAChCC,oBAAAA,OAAAA,EAASlC,SAASsB,MAAM;AACxBa,oBAAAA,IAAAA,EAAMnC,SAASe,OAAO;AACtBqB,oBAAAA,IAAAA,EAAMpC,SAASe;AACvB,iBAAA,CAAA;AACG;SACH,CAAA;;;;;;"}
package/dist/server/services/users-permissions.js CHANGED
@@ -45,6 +45,14 @@ function requireUsersPermissions() {
45
45
  action: 'plugin::users-permissions.auth.sendEmailConfirmation',
46
46
  roleType: 'public'
47
47
  },
48
+ {
49
+ action: 'plugin::users-permissions.auth.refresh',
50
+ roleType: 'public'
51
+ },
52
+ {
53
+ action: 'plugin::users-permissions.auth.logout',
54
+ roleType: 'authenticated'
55
+ },
48
56
  {
49
57
  action: 'plugin::users-permissions.user.me',
50
58
  roleType: 'authenticated'
package/dist/server/services/users-permissions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"users-permissions.js","sources":["../../../server/services/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { filter, map, pipe, prop } = require('lodash/fp');\nconst urlJoin = require('url-join');\nconst {\n template: { createStrictInterpolationRegExp },\n errors,\n objects,\n sanitizeRoutesMapForSerialization,\n} = require('@strapi/utils');\n\nconst { getService } = require('../utils');\n\nconst DEFAULT_PERMISSIONS = [\n { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.connect', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.forgotPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.resetPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.register', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },\n];\n\nconst transformRoutePrefixFor = (pluginName) => (route) => {\n const prefix = route.config && route.config.prefix;\n const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;\n\n return {\n ...route,\n path,\n };\n};\n\nmodule.exports = ({ strapi }) => ({\n getActions({ defaultEnable = false } = {}) {\n const actionMap = {};\n\n const isContentApi = (action) => {\n if (!_.has(action, Symbol.for('__type__'))) {\n return false;\n }\n\n return action[Symbol.for('__type__')].includes('content-api');\n };\n\n _.forEach(strapi.apis, (api, apiName) => {\n const controllers = _.reduce(\n api.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`api::${apiName}`] = { controllers };\n }\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const controllers = _.reduce(\n plugin.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`plugin::${pluginName}`] = { controllers };\n }\n });\n\n // Return a deeply cloned version to avoid circular references\n return _.cloneDeep(actionMap);\n },\n\n async getRoutes() {\n const routesMap = {};\n\n _.forEach(strapi.apis, (api, apiName) => {\n const routes = _.flatMap(api.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes;\n }\n\n return route;\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`api::${apiName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const transformPrefix = transformRoutePrefixFor(pluginName);\n\n const routes = _.flatMap(plugin.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes.map(transformPrefix);\n }\n\n return transformPrefix(route);\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`plugin::${pluginName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n return sanitizeRoutesMapForSerialization(routesMap);\n },\n\n async syncPermissions() {\n const roles = await strapi.db.query('plugin::users-permissions.role').findMany();\n const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();\n\n const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));\n\n const appActions = _.flatMap(strapi.apis, (api, apiName) => {\n return _.flatMap(api.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `api::${apiName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {\n return _.flatMap(plugin.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `plugin::${pluginName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const allActions = [...appActions, ...pluginsActions];\n\n const toDelete = _.difference(permissionsFoundInDB, allActions);\n\n await Promise.all(\n toDelete.map((action) => {\n return strapi.db\n .query('plugin::users-permissions.permission')\n .delete({ where: { action } });\n })\n );\n\n if (permissionsFoundInDB.length === 0) {\n // create default permissions\n for (const role of roles) {\n const toCreate = pipe(\n filter(({ roleType }) => roleType === role.type || roleType === null),\n map(prop('action'))\n )(DEFAULT_PERMISSIONS);\n\n await Promise.all(\n toCreate.map((action) => {\n return strapi.db.query('plugin::users-permissions.permission').create({\n data: {\n action,\n role: role.id,\n },\n });\n })\n );\n }\n }\n },\n\n async initialize() {\n const roleCount = await strapi.db.query('plugin::users-permissions.role').count();\n\n if (roleCount === 0) {\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Authenticated',\n description: 'Default role given to authenticated user.',\n type: 'authenticated',\n },\n });\n\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Public',\n description: 'Default role given to unauthenticated user.',\n type: 'public',\n },\n });\n }\n\n return getService('users-permissions').syncPermissions();\n },\n\n async updateUserRole(user, role) {\n return strapi.db\n .query('plugin::users-permissions.user')\n .update({ where: { id: user.id }, data: { role } });\n },\n\n template(layout, data) {\n const allowedTemplateVariables = objects.keysDeep(data);\n\n // Create a strict interpolation RegExp based on possible variable names\n const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');\n\n try {\n return _.template(layout, { interpolate, evaluate: false, escape: false })(data);\n } catch (e) {\n throw new errors.ApplicationError('Invalid email template');\n }\n },\n});\n"],"names":["_","require$$0","filter","map","pipe","prop","require$$1","urlJoin","require$$2","template","createStrictInterpolationRegExp","errors","objects","sanitizeRoutesMapForSerialization","require$$3","getService","require$$4","DEFAULT_PERMISSIONS","action","roleType","transformRoutePrefixFor","pluginName","route","prefix","config","path","undefined","usersPermissions","strapi","getActions","defaultEnable","actionMap","isContentApi","has","Symbol","for","includes","forEach","apis","api","apiName","controllers","reduce","acc","controller","controllerName","contentApiActions","pickBy","isEmpty","mapValues","enabled","policy","plugins","plugin","cloneDeep","getRoutes","routesMap","routes","flatMap","info","type","length","apiPrefix","get","transformPrefix","syncPermissions","roles","db","query","findMany","dbPermissions","permissionsFoundInDB","uniq","appActions","keys","actionName","pluginsActions","allActions","toDelete","difference","Promise","all","delete","where","role","toCreate","create","data","id","initialize","roleCount","count","name","description","updateUserRole","user","update","layout","allowedTemplateVariables","keysDeep","interpolate","evaluate","escape","e","ApplicationError"],"mappings":";;;;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGC,YAAAA;AACpC,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;AAChB,IAAA,MAAM,EACJC,QAAAA,EAAU,EAAEC,+BAA+B,EAAE,EAC7CC,MAAM,EACNC,OAAO,EACPC,iCAAiC,EAClC,GAAGC,UAAAA;IAEJ,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA;AAC1B,QAAA;YAAEC,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAU,SAAA;AAC/E,QAAA;YAAED,MAAQ,EAAA,8CAAA;YAAgDC,QAAU,EAAA;AAAU,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,kDAAA;YAAoDC,QAAU,EAAA;AAAU,SAAA;AAClF,QAAA;YAAED,MAAQ,EAAA,sDAAA;YAAwDC,QAAU,EAAA;AAAU,SAAA;AACtF,QAAA;YAAED,MAAQ,EAAA,mCAAA;YAAqCC,QAAU,EAAA;AAAiB,SAAA;AAC1E,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAiB;AACvF,KAAA;IAED,MAAMC,uBAAAA,GAA0B,CAACC,UAAAA,GAAe,CAACC,KAAAA,GAAAA;AAC/C,YAAA,MAAMC,SAASD,KAAME,CAAAA,MAAM,IAAIF,KAAME,CAAAA,MAAM,CAACD,MAAM;YAClD,MAAME,IAAAA,GAAOF,WAAWG,SAAY,GAAA,CAAC,EAAEH,MAAO,CAAA,EAAED,MAAMG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAEJ,UAAAA,CAAW,EAAEC,KAAMG,CAAAA,IAAI,CAAC,CAAC;YAE5F,OAAO;AACL,gBAAA,GAAGH,KAAK;AACRG,gBAAAA;AACJ,aAAA;AACA,SAAA;AAEAE,IAAAA,gBAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAChCC,YAAAA,UAAAA,CAAAA,CAAW,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAAG,EAAE,EAAA;AACvC,gBAAA,MAAMC,YAAY,EAAA;AAElB,gBAAA,MAAMC,eAAe,CAACd,MAAAA,GAAAA;oBACpB,IAAI,CAAClB,EAAEiC,GAAG,CAACf,QAAQgB,MAAOC,CAAAA,GAAG,CAAC,UAAc,CAAA,CAAA,EAAA;wBAC1C,OAAO,KAAA;AACR;oBAED,OAAOjB,MAAM,CAACgB,MAAOC,CAAAA,GAAG,CAAC,UAAY,CAAA,CAAA,CAACC,QAAQ,CAAC,aAAA,CAAA;AACrD,iBAAA;AAEIpC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;oBAC3B,MAAMC,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BH,IAAIE,WAAW,EACf,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,KAAK,EAAES,OAAQ,CAAA,CAAC,CAAC,GAAG;AAAEC,4BAAAA;;AAClC;AACP,iBAAA,CAAA;AAEIzC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;oBACjC,MAAMoB,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BW,OAAOZ,WAAW,EAClB,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEV,UAAW,CAAA,CAAC,CAAC,GAAG;AAAEoB,4BAAAA;;AACxC;AACP,iBAAA,CAAA;;gBAGI,OAAOzC,CAAAA,CAAEsD,SAAS,CAACvB,SAAAA,CAAAA;AACpB,aAAA;YAED,MAAMwB,SAAAA,CAAAA,GAAAA;AACJ,gBAAA,MAAMC,YAAY,EAAA;AAElBxD,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC3B,oBAAA,MAAMiB,SAASzD,CAAE0D,CAAAA,OAAO,CAACnB,GAAIkB,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACpC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,MAAMmC,MAAM;AACpB;wBAED,OAAOnC,KAAAA;qBACNpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,KAAK,EAAEhB,OAAQ,CAAA,CAAC,CAAC,GAAGiB,MAAOtD,CAAAA,GAAG,CAAC,CAACmB,SAAW;AACpD,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEIzB,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACjC,oBAAA,MAAM2C,kBAAkB5C,uBAAwBC,CAAAA,UAAAA,CAAAA;AAEhD,oBAAA,MAAMoC,SAASzD,CAAE0D,CAAAA,OAAO,CAACL,MAAOI,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACvC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,KAAMmC,CAAAA,MAAM,CAACtD,GAAG,CAAC6D,eAAAA,CAAAA;AACzB;AAED,wBAAA,OAAOA,eAAgB1C,CAAAA,KAAAA,CAAAA;qBACtBpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEnC,UAAW,CAAA,CAAC,CAAC,GAAGoC,MAAOtD,CAAAA,GAAG,CAAC,CAACmB,SAAW;AAC1D,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEI,gBAAA,OAAOZ,iCAAkC2C,CAAAA,SAAAA,CAAAA;AAC1C,aAAA;YAED,MAAMS,eAAAA,CAAAA,GAAAA;gBACJ,MAAMC,KAAAA,GAAQ,MAAMtC,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCC,QAAQ,EAAA;gBAC9E,MAAMC,aAAAA,GAAgB,MAAM1C,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,wCAAwCC,QAAQ,EAAA;AAE5F,gBAAA,MAAME,uBAAuBvE,CAAEwE,CAAAA,IAAI,CAACxE,CAAEG,CAAAA,GAAG,CAACmE,aAAe,EAAA,QAAA,CAAA,CAAA;gBAEzD,MAAMG,UAAAA,GAAazE,EAAE0D,OAAO,CAAC9B,OAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC9C,oBAAA,OAAOxC,EAAE0D,OAAO,CAACnB,IAAIE,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAC7C,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,KAAK,EAAEnC,OAAQ,CAAA,CAAC,EAAEK,cAAe,CAAA,CAAC,EAAE8B,UAAAA,CAAW,CAAC;AAClE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;gBAEI,MAAMC,cAAAA,GAAiB5E,EAAE0D,OAAO,CAAC9B,OAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACxD,oBAAA,OAAOrB,EAAE0D,OAAO,CAACL,OAAOZ,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAChD,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,QAAQ,EAAEtD,UAAW,CAAA,CAAC,EAAEwB,cAAe,CAAA,CAAC,EAAE8B,UAAAA,CAAW,CAAC;AACxE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;AAEI,gBAAA,MAAME,UAAa,GAAA;AAAIJ,oBAAAA,GAAAA,UAAAA;AAAeG,oBAAAA,GAAAA;AAAe,iBAAA;AAErD,gBAAA,MAAME,QAAW9E,GAAAA,CAAAA,CAAE+E,UAAU,CAACR,oBAAsBM,EAAAA,UAAAA,CAAAA;AAEpD,gBAAA,MAAMG,QAAQC,GAAG,CACfH,QAAS3E,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,oBAAA,OAAOU,OAAOuC,EAAE,CACbC,KAAK,CAAC,sCAAA,CAAA,CACNc,MAAM,CAAC;wBAAEC,KAAO,EAAA;AAAEjE,4BAAAA;AAAM;AAAI,qBAAA,CAAA;AACvC,iBAAA,CAAA,CAAA;gBAGI,IAAIqD,oBAAAA,CAAqBV,MAAM,KAAK,CAAG,EAAA;;oBAErC,KAAK,MAAMuB,QAAQlB,KAAO,CAAA;AACxB,wBAAA,MAAMmB,WAAWjF,IACfF,CAAAA,MAAAA,CAAO,CAAC,EAAEiB,QAAQ,EAAE,GAAKA,QAAaiE,KAAAA,IAAAA,CAAKxB,IAAI,IAAIzC,QAAAA,KAAa,IAChEhB,CAAAA,EAAAA,GAAAA,CAAIE,KAAK,QACTY,CAAAA,CAAAA,CAAAA,CAAAA,mBAAAA,CAAAA;AAEF,wBAAA,MAAM+D,QAAQC,GAAG,CACfI,QAASlF,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,4BAAA,OAAOU,OAAOuC,EAAE,CAACC,KAAK,CAAC,sCAAA,CAAA,CAAwCkB,MAAM,CAAC;gCACpEC,IAAM,EAAA;AACJrE,oCAAAA,MAAAA;AACAkE,oCAAAA,IAAAA,EAAMA,KAAKI;AACZ;AACf,6BAAA,CAAA;AACA,yBAAA,CAAA,CAAA;AAEO;AACF;AACF,aAAA;YAED,MAAMC,UAAAA,CAAAA,GAAAA;gBACJ,MAAMC,SAAAA,GAAY,MAAM9D,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCuB,KAAK,EAAA;AAE/E,gBAAA,IAAID,cAAc,CAAG,EAAA;AACnB,oBAAA,MAAM9D,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,eAAA;4BACNC,WAAa,EAAA,2CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAMhC,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,QAAA;4BACNC,WAAa,EAAA,6CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AACK;gBAED,OAAO7C,UAAAA,CAAW,qBAAqBkD,eAAe,EAAA;AACvD,aAAA;YAED,MAAM6B,cAAAA,CAAAA,CAAeC,IAAI,EAAEX,IAAI,EAAA;AAC7B,gBAAA,OAAOxD,OAAOuC,EAAE,CACbC,KAAK,CAAC,gCAAA,CAAA,CACN4B,MAAM,CAAC;oBAAEb,KAAO,EAAA;AAAEK,wBAAAA,EAAAA,EAAIO,KAAKP;AAAI,qBAAA;oBAAED,IAAM,EAAA;AAAEH,wBAAAA;AAAM;AAAA,iBAAA,CAAA;AACnD,aAAA;YAED3E,QAASwF,CAAAA,CAAAA,MAAM,EAAEV,IAAI,EAAA;gBACnB,MAAMW,wBAAAA,GAA2BtF,OAAQuF,CAAAA,QAAQ,CAACZ,IAAAA,CAAAA;;gBAGlD,MAAMa,WAAAA,GAAc1F,gCAAgCwF,wBAA0B,EAAA,GAAA,CAAA;gBAE9E,IAAI;oBACF,OAAOlG,CAAAA,CAAES,QAAQ,CAACwF,MAAQ,EAAA;AAAEG,wBAAAA,WAAAA;wBAAaC,QAAU,EAAA,KAAA;wBAAOC,MAAQ,EAAA;qBAASf,CAAAA,CAAAA,IAAAA,CAAAA;AAC5E,iBAAA,CAAC,OAAOgB,CAAG,EAAA;oBACV,MAAM,IAAI5F,MAAO6F,CAAAA,gBAAgB,CAAC,wBAAA,CAAA;AACnC;AACF;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"users-permissions.js","sources":["../../../server/services/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { filter, map, pipe, prop } = require('lodash/fp');\nconst urlJoin = require('url-join');\nconst {\n template: { createStrictInterpolationRegExp },\n errors,\n objects,\n sanitizeRoutesMapForSerialization,\n} = require('@strapi/utils');\n\nconst { getService } = require('../utils');\n\nconst DEFAULT_PERMISSIONS = [\n { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.connect', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.forgotPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.resetPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.register', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.refresh', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.logout', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },\n];\n\nconst transformRoutePrefixFor = (pluginName) => (route) => {\n const prefix = route.config && route.config.prefix;\n const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;\n\n return {\n ...route,\n path,\n };\n};\n\nmodule.exports = ({ strapi }) => ({\n getActions({ defaultEnable = false } = {}) {\n const actionMap = {};\n\n const isContentApi = (action) => {\n if (!_.has(action, Symbol.for('__type__'))) {\n return false;\n }\n\n return action[Symbol.for('__type__')].includes('content-api');\n };\n\n _.forEach(strapi.apis, (api, apiName) => {\n const controllers = _.reduce(\n api.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`api::${apiName}`] = { controllers };\n }\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const controllers = _.reduce(\n plugin.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`plugin::${pluginName}`] = { controllers };\n }\n });\n\n // Return a deeply cloned version to avoid circular references\n return _.cloneDeep(actionMap);\n },\n\n async getRoutes() {\n const routesMap = {};\n\n _.forEach(strapi.apis, (api, apiName) => {\n const routes = _.flatMap(api.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes;\n }\n\n return route;\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`api::${apiName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const transformPrefix = transformRoutePrefixFor(pluginName);\n\n const routes = _.flatMap(plugin.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes.map(transformPrefix);\n }\n\n return transformPrefix(route);\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`plugin::${pluginName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n return sanitizeRoutesMapForSerialization(routesMap);\n },\n\n async syncPermissions() {\n const roles = await strapi.db.query('plugin::users-permissions.role').findMany();\n const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();\n\n const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));\n\n const appActions = _.flatMap(strapi.apis, (api, apiName) => {\n return _.flatMap(api.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `api::${apiName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {\n return _.flatMap(plugin.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `plugin::${pluginName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const allActions = [...appActions, ...pluginsActions];\n\n const toDelete = _.difference(permissionsFoundInDB, allActions);\n\n await Promise.all(\n toDelete.map((action) => {\n return strapi.db\n .query('plugin::users-permissions.permission')\n .delete({ where: { action } });\n })\n );\n\n if (permissionsFoundInDB.length === 0) {\n // create default permissions\n for (const role of roles) {\n const toCreate = pipe(\n filter(({ roleType }) => roleType === role.type || roleType === null),\n map(prop('action'))\n )(DEFAULT_PERMISSIONS);\n\n await Promise.all(\n toCreate.map((action) => {\n return strapi.db.query('plugin::users-permissions.permission').create({\n data: {\n action,\n role: role.id,\n },\n });\n })\n );\n }\n }\n },\n\n async initialize() {\n const roleCount = await strapi.db.query('plugin::users-permissions.role').count();\n\n if (roleCount === 0) {\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Authenticated',\n description: 'Default role given to authenticated user.',\n type: 'authenticated',\n },\n });\n\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Public',\n description: 'Default role given to unauthenticated user.',\n type: 'public',\n },\n });\n }\n\n return getService('users-permissions').syncPermissions();\n },\n\n async updateUserRole(user, role) {\n return strapi.db\n .query('plugin::users-permissions.user')\n .update({ where: { id: user.id }, data: { role } });\n },\n\n template(layout, data) {\n const allowedTemplateVariables = objects.keysDeep(data);\n\n // Create a strict interpolation RegExp based on possible variable names\n const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');\n\n try {\n return _.template(layout, { interpolate, evaluate: false, escape: false })(data);\n } catch (e) {\n throw new errors.ApplicationError('Invalid email template');\n }\n },\n});\n"],"names":["_","require$$0","filter","map","pipe","prop","require$$1","urlJoin","require$$2","template","createStrictInterpolationRegExp","errors","objects","sanitizeRoutesMapForSerialization","require$$3","getService","require$$4","DEFAULT_PERMISSIONS","action","roleType","transformRoutePrefixFor","pluginName","route","prefix","config","path","undefined","usersPermissions","strapi","getActions","defaultEnable","actionMap","isContentApi","has","Symbol","for","includes","forEach","apis","api","apiName","controllers","reduce","acc","controller","controllerName","contentApiActions","pickBy","isEmpty","mapValues","enabled","policy","plugins","plugin","cloneDeep","getRoutes","routesMap","routes","flatMap","info","type","length","apiPrefix","get","transformPrefix","syncPermissions","roles","db","query","findMany","dbPermissions","permissionsFoundInDB","uniq","appActions","keys","actionName","pluginsActions","allActions","toDelete","difference","Promise","all","delete","where","role","toCreate","create","data","id","initialize","roleCount","count","name","description","updateUserRole","user","update","layout","allowedTemplateVariables","keysDeep","interpolate","evaluate","escape","e","ApplicationError"],"mappings":";;;;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGC,YAAAA;AACpC,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;AAChB,IAAA,MAAM,EACJC,QAAAA,EAAU,EAAEC,+BAA+B,EAAE,EAC7CC,MAAM,EACNC,OAAO,EACPC,iCAAiC,EAClC,GAAGC,UAAAA;IAEJ,MAAM,EAAEC,UAAU,EAAE,GAAGC,eAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA;AAC1B,QAAA;YAAEC,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAU,SAAA;AAC/E,QAAA;YAAED,MAAQ,EAAA,8CAAA;YAAgDC,QAAU,EAAA;AAAU,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,kDAAA;YAAoDC,QAAU,EAAA;AAAU,SAAA;AAClF,QAAA;YAAED,MAAQ,EAAA,sDAAA;YAAwDC,QAAU,EAAA;AAAU,SAAA;AACtF,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,uCAAA;YAAyCC,QAAU,EAAA;AAAiB,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,mCAAA;YAAqCC,QAAU,EAAA;AAAiB,SAAA;AAC1E,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAiB;AACvF,KAAA;IAED,MAAMC,uBAAAA,GAA0B,CAACC,UAAAA,GAAe,CAACC,KAAAA,GAAAA;AAC/C,YAAA,MAAMC,SAASD,KAAME,CAAAA,MAAM,IAAIF,KAAME,CAAAA,MAAM,CAACD,MAAM;AAClD,YAAA,MAAME,IAAOF,GAAAA,MAAAA,KAAWG,SAAY,GAAA,CAAA,EAAGH,SAASD,KAAMG,CAAAA,IAAI,CAAE,CAAA,GAAG,CAAC,CAAC,EAAEJ,UAAaC,CAAAA,EAAAA,KAAAA,CAAMG,IAAI,CAAE,CAAA;YAE5F,OAAO;AACL,gBAAA,GAAGH,KAAK;AACRG,gBAAAA;AACJ,aAAA;AACA,SAAA;AAEAE,IAAAA,gBAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAChCC,YAAAA,UAAAA,CAAAA,CAAW,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAAG,EAAE,EAAA;AACvC,gBAAA,MAAMC,YAAY,EAAA;AAElB,gBAAA,MAAMC,eAAe,CAACd,MAAAA,GAAAA;oBACpB,IAAI,CAAClB,EAAEiC,GAAG,CAACf,QAAQgB,MAAOC,CAAAA,GAAG,CAAC,UAAc,CAAA,CAAA,EAAA;wBAC1C,OAAO,KAAA;AACR;oBAED,OAAOjB,MAAM,CAACgB,MAAOC,CAAAA,GAAG,CAAC,UAAY,CAAA,CAAA,CAACC,QAAQ,CAAC,aAAA,CAAA;AACrD,iBAAA;AAEIpC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;oBAC3B,MAAMC,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BH,IAAIE,WAAW,EACf,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,KAAK,EAAES,OAAAA,CAAAA,CAAS,CAAC,GAAG;AAAEC,4BAAAA;;AAClC;AACP,iBAAA,CAAA;AAEIzC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;oBACjC,MAAMoB,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BW,OAAOZ,WAAW,EAClB,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEV,UAAAA,CAAAA,CAAY,CAAC,GAAG;AAAEoB,4BAAAA;;AACxC;AACP,iBAAA,CAAA;;gBAGI,OAAOzC,CAAAA,CAAEsD,SAAS,CAACvB,SAAAA,CAAAA;AACpB,aAAA;YAED,MAAMwB,SAAAA,CAAAA,GAAAA;AACJ,gBAAA,MAAMC,YAAY,EAAA;AAElBxD,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC3B,oBAAA,MAAMiB,SAASzD,CAAE0D,CAAAA,OAAO,CAACnB,GAAIkB,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACpC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,MAAMmC,MAAM;AACpB;wBAED,OAAOnC,KAAAA;qBACNpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,KAAK,EAAEhB,OAAS,CAAA,CAAA,CAAC,GAAGiB,MAAAA,CAAOtD,GAAG,CAAC,CAACmB,KAAAA,IAAW;AACpD,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEIzB,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACjC,oBAAA,MAAM2C,kBAAkB5C,uBAAwBC,CAAAA,UAAAA,CAAAA;AAEhD,oBAAA,MAAMoC,SAASzD,CAAE0D,CAAAA,OAAO,CAACL,MAAOI,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACvC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,KAAMmC,CAAAA,MAAM,CAACtD,GAAG,CAAC6D,eAAAA,CAAAA;AACzB;AAED,wBAAA,OAAOA,eAAgB1C,CAAAA,KAAAA,CAAAA;qBACtBpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEnC,UAAY,CAAA,CAAA,CAAC,GAAGoC,MAAAA,CAAOtD,GAAG,CAAC,CAACmB,KAAAA,IAAW;AAC1D,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEI,gBAAA,OAAOZ,iCAAkC2C,CAAAA,SAAAA,CAAAA;AAC1C,aAAA;YAED,MAAMS,eAAAA,CAAAA,GAAAA;gBACJ,MAAMC,KAAAA,GAAQ,MAAMtC,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCC,QAAQ,EAAA;gBAC9E,MAAMC,aAAAA,GAAgB,MAAM1C,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,wCAAwCC,QAAQ,EAAA;AAE5F,gBAAA,MAAME,uBAAuBvE,CAAEwE,CAAAA,IAAI,CAACxE,CAAEG,CAAAA,GAAG,CAACmE,aAAe,EAAA,QAAA,CAAA,CAAA;gBAEzD,MAAMG,UAAAA,GAAazE,EAAE0D,OAAO,CAAC9B,OAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC9C,oBAAA,OAAOxC,EAAE0D,OAAO,CAACnB,IAAIE,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAC7C,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,KAAK,EAAEnC,OAAAA,CAAQ,CAAC,EAAEK,cAAAA,CAAe,CAAC,EAAE8B,UAAY,CAAA,CAAA;AAClE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;gBAEI,MAAMC,cAAAA,GAAiB5E,EAAE0D,OAAO,CAAC9B,OAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACxD,oBAAA,OAAOrB,EAAE0D,OAAO,CAACL,OAAOZ,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAChD,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,QAAQ,EAAEtD,UAAAA,CAAW,CAAC,EAAEwB,cAAAA,CAAe,CAAC,EAAE8B,UAAY,CAAA,CAAA;AACxE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;AAEI,gBAAA,MAAME,UAAa,GAAA;AAAIJ,oBAAAA,GAAAA,UAAAA;AAAeG,oBAAAA,GAAAA;AAAe,iBAAA;AAErD,gBAAA,MAAME,QAAW9E,GAAAA,CAAAA,CAAE+E,UAAU,CAACR,oBAAsBM,EAAAA,UAAAA,CAAAA;AAEpD,gBAAA,MAAMG,QAAQC,GAAG,CACfH,QAAS3E,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,oBAAA,OAAOU,OAAOuC,EAAE,CACbC,KAAK,CAAC,sCAAA,CAAA,CACNc,MAAM,CAAC;wBAAEC,KAAO,EAAA;AAAEjE,4BAAAA;AAAM;AAAI,qBAAA,CAAA;AACvC,iBAAA,CAAA,CAAA;gBAGI,IAAIqD,oBAAAA,CAAqBV,MAAM,KAAK,CAAG,EAAA;;oBAErC,KAAK,MAAMuB,QAAQlB,KAAO,CAAA;AACxB,wBAAA,MAAMmB,WAAWjF,IACfF,CAAAA,MAAAA,CAAO,CAAC,EAAEiB,QAAQ,EAAE,GAAKA,QAAaiE,KAAAA,IAAAA,CAAKxB,IAAI,IAAIzC,QAAAA,KAAa,IAChEhB,CAAAA,EAAAA,GAAAA,CAAIE,KAAK,QACTY,CAAAA,CAAAA,CAAAA,CAAAA,mBAAAA,CAAAA;AAEF,wBAAA,MAAM+D,QAAQC,GAAG,CACfI,QAASlF,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,4BAAA,OAAOU,OAAOuC,EAAE,CAACC,KAAK,CAAC,sCAAA,CAAA,CAAwCkB,MAAM,CAAC;gCACpEC,IAAM,EAAA;AACJrE,oCAAAA,MAAAA;AACAkE,oCAAAA,IAAAA,EAAMA,KAAKI;AACZ;AACf,6BAAA,CAAA;AACA,yBAAA,CAAA,CAAA;AAEO;AACF;AACF,aAAA;YAED,MAAMC,UAAAA,CAAAA,GAAAA;gBACJ,MAAMC,SAAAA,GAAY,MAAM9D,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCuB,KAAK,EAAA;AAE/E,gBAAA,IAAID,cAAc,CAAG,EAAA;AACnB,oBAAA,MAAM9D,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,eAAA;4BACNC,WAAa,EAAA,2CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAMhC,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,QAAA;4BACNC,WAAa,EAAA,6CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AACK;gBAED,OAAO7C,UAAAA,CAAW,qBAAqBkD,eAAe,EAAA;AACvD,aAAA;YAED,MAAM6B,cAAAA,CAAAA,CAAeC,IAAI,EAAEX,IAAI,EAAA;AAC7B,gBAAA,OAAOxD,OAAOuC,EAAE,CACbC,KAAK,CAAC,gCAAA,CAAA,CACN4B,MAAM,CAAC;oBAAEb,KAAO,EAAA;AAAEK,wBAAAA,EAAAA,EAAIO,KAAKP;AAAI,qBAAA;oBAAED,IAAM,EAAA;AAAEH,wBAAAA;AAAM;AAAA,iBAAA,CAAA;AACnD,aAAA;YAED3E,QAASwF,CAAAA,CAAAA,MAAM,EAAEV,IAAI,EAAA;gBACnB,MAAMW,wBAAAA,GAA2BtF,OAAQuF,CAAAA,QAAQ,CAACZ,IAAAA,CAAAA;;gBAGlD,MAAMa,WAAAA,GAAc1F,gCAAgCwF,wBAA0B,EAAA,GAAA,CAAA;gBAE9E,IAAI;oBACF,OAAOlG,CAAAA,CAAES,QAAQ,CAACwF,MAAQ,EAAA;AAAEG,wBAAAA,WAAAA;wBAAaC,QAAU,EAAA,KAAA;wBAAOC,MAAQ,EAAA;qBAASf,CAAAA,CAAAA,IAAAA,CAAAA;AAC5E,iBAAA,CAAC,OAAOgB,CAAG,EAAA;oBACV,MAAM,IAAI5F,MAAO6F,CAAAA,gBAAgB,CAAC,wBAAA,CAAA;AACnC;AACF;SACH,CAAA;;;;;;"}
package/dist/server/services/users-permissions.mjs CHANGED
@@ -43,6 +43,14 @@ function requireUsersPermissions() {
43
43
  action: 'plugin::users-permissions.auth.sendEmailConfirmation',
44
44
  roleType: 'public'
45
45
  },
46
+ {
47
+ action: 'plugin::users-permissions.auth.refresh',
48
+ roleType: 'public'
49
+ },
50
+ {
51
+ action: 'plugin::users-permissions.auth.logout',
52
+ roleType: 'authenticated'
53
+ },
46
54
  {
47
55
  action: 'plugin::users-permissions.user.me',
48
56
  roleType: 'authenticated'
package/dist/server/services/users-permissions.mjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"users-permissions.mjs","sources":["../../../server/services/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { filter, map, pipe, prop } = require('lodash/fp');\nconst urlJoin = require('url-join');\nconst {\n template: { createStrictInterpolationRegExp },\n errors,\n objects,\n sanitizeRoutesMapForSerialization,\n} = require('@strapi/utils');\n\nconst { getService } = require('../utils');\n\nconst DEFAULT_PERMISSIONS = [\n { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.connect', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.forgotPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.resetPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.register', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },\n];\n\nconst transformRoutePrefixFor = (pluginName) => (route) => {\n const prefix = route.config && route.config.prefix;\n const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;\n\n return {\n ...route,\n path,\n };\n};\n\nmodule.exports = ({ strapi }) => ({\n getActions({ defaultEnable = false } = {}) {\n const actionMap = {};\n\n const isContentApi = (action) => {\n if (!_.has(action, Symbol.for('__type__'))) {\n return false;\n }\n\n return action[Symbol.for('__type__')].includes('content-api');\n };\n\n _.forEach(strapi.apis, (api, apiName) => {\n const controllers = _.reduce(\n api.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`api::${apiName}`] = { controllers };\n }\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const controllers = _.reduce(\n plugin.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`plugin::${pluginName}`] = { controllers };\n }\n });\n\n // Return a deeply cloned version to avoid circular references\n return _.cloneDeep(actionMap);\n },\n\n async getRoutes() {\n const routesMap = {};\n\n _.forEach(strapi.apis, (api, apiName) => {\n const routes = _.flatMap(api.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes;\n }\n\n return route;\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`api::${apiName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const transformPrefix = transformRoutePrefixFor(pluginName);\n\n const routes = _.flatMap(plugin.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes.map(transformPrefix);\n }\n\n return transformPrefix(route);\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`plugin::${pluginName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n return sanitizeRoutesMapForSerialization(routesMap);\n },\n\n async syncPermissions() {\n const roles = await strapi.db.query('plugin::users-permissions.role').findMany();\n const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();\n\n const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));\n\n const appActions = _.flatMap(strapi.apis, (api, apiName) => {\n return _.flatMap(api.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `api::${apiName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {\n return _.flatMap(plugin.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `plugin::${pluginName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const allActions = [...appActions, ...pluginsActions];\n\n const toDelete = _.difference(permissionsFoundInDB, allActions);\n\n await Promise.all(\n toDelete.map((action) => {\n return strapi.db\n .query('plugin::users-permissions.permission')\n .delete({ where: { action } });\n })\n );\n\n if (permissionsFoundInDB.length === 0) {\n // create default permissions\n for (const role of roles) {\n const toCreate = pipe(\n filter(({ roleType }) => roleType === role.type || roleType === null),\n map(prop('action'))\n )(DEFAULT_PERMISSIONS);\n\n await Promise.all(\n toCreate.map((action) => {\n return strapi.db.query('plugin::users-permissions.permission').create({\n data: {\n action,\n role: role.id,\n },\n });\n })\n );\n }\n }\n },\n\n async initialize() {\n const roleCount = await strapi.db.query('plugin::users-permissions.role').count();\n\n if (roleCount === 0) {\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Authenticated',\n description: 'Default role given to authenticated user.',\n type: 'authenticated',\n },\n });\n\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Public',\n description: 'Default role given to unauthenticated user.',\n type: 'public',\n },\n });\n }\n\n return getService('users-permissions').syncPermissions();\n },\n\n async updateUserRole(user, role) {\n return strapi.db\n .query('plugin::users-permissions.user')\n .update({ where: { id: user.id }, data: { role } });\n },\n\n template(layout, data) {\n const allowedTemplateVariables = objects.keysDeep(data);\n\n // Create a strict interpolation RegExp based on possible variable names\n const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');\n\n try {\n return _.template(layout, { interpolate, evaluate: false, escape: false })(data);\n } catch (e) {\n throw new errors.ApplicationError('Invalid email template');\n }\n },\n});\n"],"names":["_","require$$0","filter","map","pipe","prop","require$$1","urlJoin","require$$2","template","createStrictInterpolationRegExp","errors","objects","sanitizeRoutesMapForSerialization","require$$3","getService","require$$4","DEFAULT_PERMISSIONS","action","roleType","transformRoutePrefixFor","pluginName","route","prefix","config","path","undefined","usersPermissions","strapi","getActions","defaultEnable","actionMap","isContentApi","has","Symbol","for","includes","forEach","apis","api","apiName","controllers","reduce","acc","controller","controllerName","contentApiActions","pickBy","isEmpty","mapValues","enabled","policy","plugins","plugin","cloneDeep","getRoutes","routesMap","routes","flatMap","info","type","length","apiPrefix","get","transformPrefix","syncPermissions","roles","db","query","findMany","dbPermissions","permissionsFoundInDB","uniq","appActions","keys","actionName","pluginsActions","allActions","toDelete","difference","Promise","all","delete","where","role","toCreate","create","data","id","initialize","roleCount","count","name","description","updateUserRole","user","update","layout","allowedTemplateVariables","keysDeep","interpolate","evaluate","escape","e","ApplicationError"],"mappings":";;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGC,YAAAA;AACpC,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;AAChB,IAAA,MAAM,EACJC,QAAAA,EAAU,EAAEC,+BAA+B,EAAE,EAC7CC,MAAM,EACNC,OAAO,EACPC,iCAAiC,EAClC,GAAGC,UAAAA;IAEJ,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA;AAC1B,QAAA;YAAEC,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAU,SAAA;AAC/E,QAAA;YAAED,MAAQ,EAAA,8CAAA;YAAgDC,QAAU,EAAA;AAAU,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,kDAAA;YAAoDC,QAAU,EAAA;AAAU,SAAA;AAClF,QAAA;YAAED,MAAQ,EAAA,sDAAA;YAAwDC,QAAU,EAAA;AAAU,SAAA;AACtF,QAAA;YAAED,MAAQ,EAAA,mCAAA;YAAqCC,QAAU,EAAA;AAAiB,SAAA;AAC1E,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAiB;AACvF,KAAA;IAED,MAAMC,uBAAAA,GAA0B,CAACC,UAAAA,GAAe,CAACC,KAAAA,GAAAA;AAC/C,YAAA,MAAMC,SAASD,KAAME,CAAAA,MAAM,IAAIF,KAAME,CAAAA,MAAM,CAACD,MAAM;YAClD,MAAME,IAAAA,GAAOF,WAAWG,SAAY,GAAA,CAAC,EAAEH,MAAO,CAAA,EAAED,MAAMG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAEJ,UAAAA,CAAW,EAAEC,KAAMG,CAAAA,IAAI,CAAC,CAAC;YAE5F,OAAO;AACL,gBAAA,GAAGH,KAAK;AACRG,gBAAAA;AACJ,aAAA;AACA,SAAA;AAEAE,IAAAA,gBAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAChCC,YAAAA,UAAAA,CAAAA,CAAW,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAAG,EAAE,EAAA;AACvC,gBAAA,MAAMC,YAAY,EAAA;AAElB,gBAAA,MAAMC,eAAe,CAACd,MAAAA,GAAAA;oBACpB,IAAI,CAAClB,EAAEiC,GAAG,CAACf,QAAQgB,MAAOC,CAAAA,GAAG,CAAC,UAAc,CAAA,CAAA,EAAA;wBAC1C,OAAO,KAAA;AACR;oBAED,OAAOjB,MAAM,CAACgB,MAAOC,CAAAA,GAAG,CAAC,UAAY,CAAA,CAAA,CAACC,QAAQ,CAAC,aAAA,CAAA;AACrD,iBAAA;AAEIpC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;oBAC3B,MAAMC,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BH,IAAIE,WAAW,EACf,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,KAAK,EAAES,OAAQ,CAAA,CAAC,CAAC,GAAG;AAAEC,4BAAAA;;AAClC;AACP,iBAAA,CAAA;AAEIzC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;oBACjC,MAAMoB,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BW,OAAOZ,WAAW,EAClB,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEV,UAAW,CAAA,CAAC,CAAC,GAAG;AAAEoB,4BAAAA;;AACxC;AACP,iBAAA,CAAA;;gBAGI,OAAOzC,CAAAA,CAAEsD,SAAS,CAACvB,SAAAA,CAAAA;AACpB,aAAA;YAED,MAAMwB,SAAAA,CAAAA,GAAAA;AACJ,gBAAA,MAAMC,YAAY,EAAA;AAElBxD,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC3B,oBAAA,MAAMiB,SAASzD,CAAE0D,CAAAA,OAAO,CAACnB,GAAIkB,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACpC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,MAAMmC,MAAM;AACpB;wBAED,OAAOnC,KAAAA;qBACNpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,KAAK,EAAEhB,OAAQ,CAAA,CAAC,CAAC,GAAGiB,MAAOtD,CAAAA,GAAG,CAAC,CAACmB,SAAW;AACpD,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEIzB,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACjC,oBAAA,MAAM2C,kBAAkB5C,uBAAwBC,CAAAA,UAAAA,CAAAA;AAEhD,oBAAA,MAAMoC,SAASzD,CAAE0D,CAAAA,OAAO,CAACL,MAAOI,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACvC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,KAAMmC,CAAAA,MAAM,CAACtD,GAAG,CAAC6D,eAAAA,CAAAA;AACzB;AAED,wBAAA,OAAOA,eAAgB1C,CAAAA,KAAAA,CAAAA;qBACtBpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEnC,UAAW,CAAA,CAAC,CAAC,GAAGoC,MAAOtD,CAAAA,GAAG,CAAC,CAACmB,SAAW;AAC1D,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEI,gBAAA,OAAOZ,iCAAkC2C,CAAAA,SAAAA,CAAAA;AAC1C,aAAA;YAED,MAAMS,eAAAA,CAAAA,GAAAA;gBACJ,MAAMC,KAAAA,GAAQ,MAAMtC,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCC,QAAQ,EAAA;gBAC9E,MAAMC,aAAAA,GAAgB,MAAM1C,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,wCAAwCC,QAAQ,EAAA;AAE5F,gBAAA,MAAME,uBAAuBvE,CAAEwE,CAAAA,IAAI,CAACxE,CAAEG,CAAAA,GAAG,CAACmE,aAAe,EAAA,QAAA,CAAA,CAAA;gBAEzD,MAAMG,UAAAA,GAAazE,EAAE0D,OAAO,CAAC9B,OAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC9C,oBAAA,OAAOxC,EAAE0D,OAAO,CAACnB,IAAIE,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAC7C,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,KAAK,EAAEnC,OAAQ,CAAA,CAAC,EAAEK,cAAe,CAAA,CAAC,EAAE8B,UAAAA,CAAW,CAAC;AAClE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;gBAEI,MAAMC,cAAAA,GAAiB5E,EAAE0D,OAAO,CAAC9B,OAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACxD,oBAAA,OAAOrB,EAAE0D,OAAO,CAACL,OAAOZ,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAChD,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,QAAQ,EAAEtD,UAAW,CAAA,CAAC,EAAEwB,cAAe,CAAA,CAAC,EAAE8B,UAAAA,CAAW,CAAC;AACxE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;AAEI,gBAAA,MAAME,UAAa,GAAA;AAAIJ,oBAAAA,GAAAA,UAAAA;AAAeG,oBAAAA,GAAAA;AAAe,iBAAA;AAErD,gBAAA,MAAME,QAAW9E,GAAAA,CAAAA,CAAE+E,UAAU,CAACR,oBAAsBM,EAAAA,UAAAA,CAAAA;AAEpD,gBAAA,MAAMG,QAAQC,GAAG,CACfH,QAAS3E,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,oBAAA,OAAOU,OAAOuC,EAAE,CACbC,KAAK,CAAC,sCAAA,CAAA,CACNc,MAAM,CAAC;wBAAEC,KAAO,EAAA;AAAEjE,4BAAAA;AAAM;AAAI,qBAAA,CAAA;AACvC,iBAAA,CAAA,CAAA;gBAGI,IAAIqD,oBAAAA,CAAqBV,MAAM,KAAK,CAAG,EAAA;;oBAErC,KAAK,MAAMuB,QAAQlB,KAAO,CAAA;AACxB,wBAAA,MAAMmB,WAAWjF,IACfF,CAAAA,MAAAA,CAAO,CAAC,EAAEiB,QAAQ,EAAE,GAAKA,QAAaiE,KAAAA,IAAAA,CAAKxB,IAAI,IAAIzC,QAAAA,KAAa,IAChEhB,CAAAA,EAAAA,GAAAA,CAAIE,KAAK,QACTY,CAAAA,CAAAA,CAAAA,CAAAA,mBAAAA,CAAAA;AAEF,wBAAA,MAAM+D,QAAQC,GAAG,CACfI,QAASlF,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,4BAAA,OAAOU,OAAOuC,EAAE,CAACC,KAAK,CAAC,sCAAA,CAAA,CAAwCkB,MAAM,CAAC;gCACpEC,IAAM,EAAA;AACJrE,oCAAAA,MAAAA;AACAkE,oCAAAA,IAAAA,EAAMA,KAAKI;AACZ;AACf,6BAAA,CAAA;AACA,yBAAA,CAAA,CAAA;AAEO;AACF;AACF,aAAA;YAED,MAAMC,UAAAA,CAAAA,GAAAA;gBACJ,MAAMC,SAAAA,GAAY,MAAM9D,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCuB,KAAK,EAAA;AAE/E,gBAAA,IAAID,cAAc,CAAG,EAAA;AACnB,oBAAA,MAAM9D,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,eAAA;4BACNC,WAAa,EAAA,2CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAMhC,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,QAAA;4BACNC,WAAa,EAAA,6CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AACK;gBAED,OAAO7C,UAAAA,CAAW,qBAAqBkD,eAAe,EAAA;AACvD,aAAA;YAED,MAAM6B,cAAAA,CAAAA,CAAeC,IAAI,EAAEX,IAAI,EAAA;AAC7B,gBAAA,OAAOxD,OAAOuC,EAAE,CACbC,KAAK,CAAC,gCAAA,CAAA,CACN4B,MAAM,CAAC;oBAAEb,KAAO,EAAA;AAAEK,wBAAAA,EAAAA,EAAIO,KAAKP;AAAI,qBAAA;oBAAED,IAAM,EAAA;AAAEH,wBAAAA;AAAM;AAAA,iBAAA,CAAA;AACnD,aAAA;YAED3E,QAASwF,CAAAA,CAAAA,MAAM,EAAEV,IAAI,EAAA;gBACnB,MAAMW,wBAAAA,GAA2BtF,OAAQuF,CAAAA,QAAQ,CAACZ,IAAAA,CAAAA;;gBAGlD,MAAMa,WAAAA,GAAc1F,gCAAgCwF,wBAA0B,EAAA,GAAA,CAAA;gBAE9E,IAAI;oBACF,OAAOlG,CAAAA,CAAES,QAAQ,CAACwF,MAAQ,EAAA;AAAEG,wBAAAA,WAAAA;wBAAaC,QAAU,EAAA,KAAA;wBAAOC,MAAQ,EAAA;qBAASf,CAAAA,CAAAA,IAAAA,CAAAA;AAC5E,iBAAA,CAAC,OAAOgB,CAAG,EAAA;oBACV,MAAM,IAAI5F,MAAO6F,CAAAA,gBAAgB,CAAC,wBAAA,CAAA;AACnC;AACF;SACH,CAAA;;;;;;"}
1
+ {"version":3,"file":"users-permissions.mjs","sources":["../../../server/services/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst _ = require('lodash');\nconst { filter, map, pipe, prop } = require('lodash/fp');\nconst urlJoin = require('url-join');\nconst {\n template: { createStrictInterpolationRegExp },\n errors,\n objects,\n sanitizeRoutesMapForSerialization,\n} = require('@strapi/utils');\n\nconst { getService } = require('../utils');\n\nconst DEFAULT_PERMISSIONS = [\n { action: 'plugin::users-permissions.auth.callback', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.connect', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.forgotPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.resetPassword', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.register', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.emailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.sendEmailConfirmation', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.refresh', roleType: 'public' },\n { action: 'plugin::users-permissions.auth.logout', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.user.me', roleType: 'authenticated' },\n { action: 'plugin::users-permissions.auth.changePassword', roleType: 'authenticated' },\n];\n\nconst transformRoutePrefixFor = (pluginName) => (route) => {\n const prefix = route.config && route.config.prefix;\n const path = prefix !== undefined ? `${prefix}${route.path}` : `/${pluginName}${route.path}`;\n\n return {\n ...route,\n path,\n };\n};\n\nmodule.exports = ({ strapi }) => ({\n getActions({ defaultEnable = false } = {}) {\n const actionMap = {};\n\n const isContentApi = (action) => {\n if (!_.has(action, Symbol.for('__type__'))) {\n return false;\n }\n\n return action[Symbol.for('__type__')].includes('content-api');\n };\n\n _.forEach(strapi.apis, (api, apiName) => {\n const controllers = _.reduce(\n api.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`api::${apiName}`] = { controllers };\n }\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const controllers = _.reduce(\n plugin.controllers,\n (acc, controller, controllerName) => {\n const contentApiActions = _.pickBy(controller, isContentApi);\n\n if (_.isEmpty(contentApiActions)) {\n return acc;\n }\n\n acc[controllerName] = _.mapValues(contentApiActions, () => {\n return {\n enabled: defaultEnable,\n policy: '',\n };\n });\n\n return acc;\n },\n {}\n );\n\n if (!_.isEmpty(controllers)) {\n actionMap[`plugin::${pluginName}`] = { controllers };\n }\n });\n\n // Return a deeply cloned version to avoid circular references\n return _.cloneDeep(actionMap);\n },\n\n async getRoutes() {\n const routesMap = {};\n\n _.forEach(strapi.apis, (api, apiName) => {\n const routes = _.flatMap(api.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes;\n }\n\n return route;\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`api::${apiName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n _.forEach(strapi.plugins, (plugin, pluginName) => {\n const transformPrefix = transformRoutePrefixFor(pluginName);\n\n const routes = _.flatMap(plugin.routes, (route) => {\n if (_.has(route, 'routes')) {\n return route.routes.map(transformPrefix);\n }\n\n return transformPrefix(route);\n }).filter((route) => route.info.type === 'content-api');\n\n if (routes.length === 0) {\n return;\n }\n\n const apiPrefix = strapi.config.get('api.rest.prefix');\n routesMap[`plugin::${pluginName}`] = routes.map((route) => ({\n ...route,\n path: urlJoin(apiPrefix, route.path),\n }));\n });\n\n return sanitizeRoutesMapForSerialization(routesMap);\n },\n\n async syncPermissions() {\n const roles = await strapi.db.query('plugin::users-permissions.role').findMany();\n const dbPermissions = await strapi.db.query('plugin::users-permissions.permission').findMany();\n\n const permissionsFoundInDB = _.uniq(_.map(dbPermissions, 'action'));\n\n const appActions = _.flatMap(strapi.apis, (api, apiName) => {\n return _.flatMap(api.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `api::${apiName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {\n return _.flatMap(plugin.controllers, (controller, controllerName) => {\n return _.keys(controller).map((actionName) => {\n return `plugin::${pluginName}.${controllerName}.${actionName}`;\n });\n });\n });\n\n const allActions = [...appActions, ...pluginsActions];\n\n const toDelete = _.difference(permissionsFoundInDB, allActions);\n\n await Promise.all(\n toDelete.map((action) => {\n return strapi.db\n .query('plugin::users-permissions.permission')\n .delete({ where: { action } });\n })\n );\n\n if (permissionsFoundInDB.length === 0) {\n // create default permissions\n for (const role of roles) {\n const toCreate = pipe(\n filter(({ roleType }) => roleType === role.type || roleType === null),\n map(prop('action'))\n )(DEFAULT_PERMISSIONS);\n\n await Promise.all(\n toCreate.map((action) => {\n return strapi.db.query('plugin::users-permissions.permission').create({\n data: {\n action,\n role: role.id,\n },\n });\n })\n );\n }\n }\n },\n\n async initialize() {\n const roleCount = await strapi.db.query('plugin::users-permissions.role').count();\n\n if (roleCount === 0) {\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Authenticated',\n description: 'Default role given to authenticated user.',\n type: 'authenticated',\n },\n });\n\n await strapi.db.query('plugin::users-permissions.role').create({\n data: {\n name: 'Public',\n description: 'Default role given to unauthenticated user.',\n type: 'public',\n },\n });\n }\n\n return getService('users-permissions').syncPermissions();\n },\n\n async updateUserRole(user, role) {\n return strapi.db\n .query('plugin::users-permissions.user')\n .update({ where: { id: user.id }, data: { role } });\n },\n\n template(layout, data) {\n const allowedTemplateVariables = objects.keysDeep(data);\n\n // Create a strict interpolation RegExp based on possible variable names\n const interpolate = createStrictInterpolationRegExp(allowedTemplateVariables, 'g');\n\n try {\n return _.template(layout, { interpolate, evaluate: false, escape: false })(data);\n } catch (e) {\n throw new errors.ApplicationError('Invalid email template');\n }\n },\n});\n"],"names":["_","require$$0","filter","map","pipe","prop","require$$1","urlJoin","require$$2","template","createStrictInterpolationRegExp","errors","objects","sanitizeRoutesMapForSerialization","require$$3","getService","require$$4","DEFAULT_PERMISSIONS","action","roleType","transformRoutePrefixFor","pluginName","route","prefix","config","path","undefined","usersPermissions","strapi","getActions","defaultEnable","actionMap","isContentApi","has","Symbol","for","includes","forEach","apis","api","apiName","controllers","reduce","acc","controller","controllerName","contentApiActions","pickBy","isEmpty","mapValues","enabled","policy","plugins","plugin","cloneDeep","getRoutes","routesMap","routes","flatMap","info","type","length","apiPrefix","get","transformPrefix","syncPermissions","roles","db","query","findMany","dbPermissions","permissionsFoundInDB","uniq","appActions","keys","actionName","pluginsActions","allActions","toDelete","difference","Promise","all","delete","where","role","toCreate","create","data","id","initialize","roleCount","count","name","description","updateUserRole","user","update","layout","allowedTemplateVariables","keysDeep","interpolate","evaluate","escape","e","ApplicationError"],"mappings":";;;;;;;;;;;AAEA,IAAA,MAAMA,CAAIC,GAAAA,UAAAA;IACV,MAAM,EAAEC,MAAM,EAAEC,GAAG,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGC,YAAAA;AACpC,IAAA,MAAMC,OAAUC,GAAAA,UAAAA;AAChB,IAAA,MAAM,EACJC,QAAAA,EAAU,EAAEC,+BAA+B,EAAE,EAC7CC,MAAM,EACNC,OAAO,EACPC,iCAAiC,EAClC,GAAGC,UAAAA;IAEJ,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA;AAC1B,QAAA;YAAEC,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAU,SAAA;AAC/E,QAAA;YAAED,MAAQ,EAAA,8CAAA;YAAgDC,QAAU,EAAA;AAAU,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,yCAAA;YAA2CC,QAAU,EAAA;AAAU,SAAA;AACzE,QAAA;YAAED,MAAQ,EAAA,kDAAA;YAAoDC,QAAU,EAAA;AAAU,SAAA;AAClF,QAAA;YAAED,MAAQ,EAAA,sDAAA;YAAwDC,QAAU,EAAA;AAAU,SAAA;AACtF,QAAA;YAAED,MAAQ,EAAA,wCAAA;YAA0CC,QAAU,EAAA;AAAU,SAAA;AACxE,QAAA;YAAED,MAAQ,EAAA,uCAAA;YAAyCC,QAAU,EAAA;AAAiB,SAAA;AAC9E,QAAA;YAAED,MAAQ,EAAA,mCAAA;YAAqCC,QAAU,EAAA;AAAiB,SAAA;AAC1E,QAAA;YAAED,MAAQ,EAAA,+CAAA;YAAiDC,QAAU,EAAA;AAAiB;AACvF,KAAA;IAED,MAAMC,uBAAAA,GAA0B,CAACC,UAAAA,GAAe,CAACC,KAAAA,GAAAA;AAC/C,YAAA,MAAMC,SAASD,KAAME,CAAAA,MAAM,IAAIF,KAAME,CAAAA,MAAM,CAACD,MAAM;AAClD,YAAA,MAAME,IAAOF,GAAAA,MAAAA,KAAWG,SAAY,GAAA,CAAA,EAAGH,SAASD,KAAMG,CAAAA,IAAI,CAAE,CAAA,GAAG,CAAC,CAAC,EAAEJ,UAAaC,CAAAA,EAAAA,KAAAA,CAAMG,IAAI,CAAE,CAAA;YAE5F,OAAO;AACL,gBAAA,GAAGH,KAAK;AACRG,gBAAAA;AACJ,aAAA;AACA,SAAA;AAEAE,IAAAA,gBAAAA,GAAiB,CAAC,EAAEC,MAAM,EAAE,IAAM;AAChCC,YAAAA,UAAAA,CAAAA,CAAW,EAAEC,aAAgB,GAAA,KAAK,EAAE,GAAG,EAAE,EAAA;AACvC,gBAAA,MAAMC,YAAY,EAAA;AAElB,gBAAA,MAAMC,eAAe,CAACd,MAAAA,GAAAA;oBACpB,IAAI,CAAClB,EAAEiC,GAAG,CAACf,QAAQgB,MAAOC,CAAAA,GAAG,CAAC,UAAc,CAAA,CAAA,EAAA;wBAC1C,OAAO,KAAA;AACR;oBAED,OAAOjB,MAAM,CAACgB,MAAOC,CAAAA,GAAG,CAAC,UAAY,CAAA,CAAA,CAACC,QAAQ,CAAC,aAAA,CAAA;AACrD,iBAAA;AAEIpC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;oBAC3B,MAAMC,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BH,IAAIE,WAAW,EACf,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,KAAK,EAAES,OAAAA,CAAAA,CAAS,CAAC,GAAG;AAAEC,4BAAAA;;AAClC;AACP,iBAAA,CAAA;AAEIzC,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;oBACjC,MAAMoB,WAAAA,GAAczC,EAAE0C,MAAM,CAC1BW,OAAOZ,WAAW,EAClB,CAACE,GAAAA,EAAKC,UAAYC,EAAAA,cAAAA,GAAAA;AAChB,wBAAA,MAAMC,iBAAoB9C,GAAAA,CAAAA,CAAE+C,MAAM,CAACH,UAAYZ,EAAAA,YAAAA,CAAAA;wBAE/C,IAAIhC,CAAAA,CAAEgD,OAAO,CAACF,iBAAoB,CAAA,EAAA;4BAChC,OAAOH,GAAAA;AACR;AAEDA,wBAAAA,GAAG,CAACE,cAAe,CAAA,GAAG7C,CAAEiD,CAAAA,SAAS,CAACH,iBAAmB,EAAA,IAAA;4BACnD,OAAO;gCACLI,OAASpB,EAAAA,aAAAA;gCACTqB,MAAQ,EAAA;AACtB,6BAAA;AACA,yBAAA,CAAA;wBAEU,OAAOR,GAAAA;AACR,qBAAA,EACD,EAAE,CAAA;AAGJ,oBAAA,IAAI,CAAC3C,CAAAA,CAAEgD,OAAO,CAACP,WAAc,CAAA,EAAA;AAC3BV,wBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEV,UAAAA,CAAAA,CAAY,CAAC,GAAG;AAAEoB,4BAAAA;;AACxC;AACP,iBAAA,CAAA;;gBAGI,OAAOzC,CAAAA,CAAEsD,SAAS,CAACvB,SAAAA,CAAAA;AACpB,aAAA;YAED,MAAMwB,SAAAA,CAAAA,GAAAA;AACJ,gBAAA,MAAMC,YAAY,EAAA;AAElBxD,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC3B,oBAAA,MAAMiB,SAASzD,CAAE0D,CAAAA,OAAO,CAACnB,GAAIkB,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACpC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,MAAMmC,MAAM;AACpB;wBAED,OAAOnC,KAAAA;qBACNpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,KAAK,EAAEhB,OAAS,CAAA,CAAA,CAAC,GAAGiB,MAAAA,CAAOtD,GAAG,CAAC,CAACmB,KAAAA,IAAW;AACpD,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEIzB,gBAAAA,CAAAA,CAAEqC,OAAO,CAACT,MAAAA,CAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACjC,oBAAA,MAAM2C,kBAAkB5C,uBAAwBC,CAAAA,UAAAA,CAAAA;AAEhD,oBAAA,MAAMoC,SAASzD,CAAE0D,CAAAA,OAAO,CAACL,MAAOI,CAAAA,MAAM,EAAE,CAACnC,KAAAA,GAAAA;AACvC,wBAAA,IAAItB,CAAEiC,CAAAA,GAAG,CAACX,KAAAA,EAAO,QAAW,CAAA,EAAA;AAC1B,4BAAA,OAAOA,KAAMmC,CAAAA,MAAM,CAACtD,GAAG,CAAC6D,eAAAA,CAAAA;AACzB;AAED,wBAAA,OAAOA,eAAgB1C,CAAAA,KAAAA,CAAAA;qBACtBpB,CAAAA,CAAAA,MAAM,CAAC,CAACoB,KAAAA,GAAUA,MAAMqC,IAAI,CAACC,IAAI,KAAK,aAAA,CAAA;oBAEzC,IAAIH,MAAAA,CAAOI,MAAM,KAAK,CAAG,EAAA;AACvB,wBAAA;AACD;AAED,oBAAA,MAAMC,SAAYlC,GAAAA,MAAAA,CAAOJ,MAAM,CAACuC,GAAG,CAAC,iBAAA,CAAA;AACpCP,oBAAAA,SAAS,CAAC,CAAC,QAAQ,EAAEnC,UAAY,CAAA,CAAA,CAAC,GAAGoC,MAAAA,CAAOtD,GAAG,CAAC,CAACmB,KAAAA,IAAW;AAC1D,4BAAA,GAAGA,KAAK;4BACRG,IAAMlB,EAAAA,OAAAA,CAAQuD,SAAWxC,EAAAA,KAAAA,CAAMG,IAAI;yBACpC,CAAA,CAAA;AACP,iBAAA,CAAA;AAEI,gBAAA,OAAOZ,iCAAkC2C,CAAAA,SAAAA,CAAAA;AAC1C,aAAA;YAED,MAAMS,eAAAA,CAAAA,GAAAA;gBACJ,MAAMC,KAAAA,GAAQ,MAAMtC,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCC,QAAQ,EAAA;gBAC9E,MAAMC,aAAAA,GAAgB,MAAM1C,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,wCAAwCC,QAAQ,EAAA;AAE5F,gBAAA,MAAME,uBAAuBvE,CAAEwE,CAAAA,IAAI,CAACxE,CAAEG,CAAAA,GAAG,CAACmE,aAAe,EAAA,QAAA,CAAA,CAAA;gBAEzD,MAAMG,UAAAA,GAAazE,EAAE0D,OAAO,CAAC9B,OAAOU,IAAI,EAAE,CAACC,GAAKC,EAAAA,OAAAA,GAAAA;AAC9C,oBAAA,OAAOxC,EAAE0D,OAAO,CAACnB,IAAIE,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAC7C,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,KAAK,EAAEnC,OAAAA,CAAQ,CAAC,EAAEK,cAAAA,CAAe,CAAC,EAAE8B,UAAY,CAAA,CAAA;AAClE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;gBAEI,MAAMC,cAAAA,GAAiB5E,EAAE0D,OAAO,CAAC9B,OAAOwB,OAAO,EAAE,CAACC,MAAQhC,EAAAA,UAAAA,GAAAA;AACxD,oBAAA,OAAOrB,EAAE0D,OAAO,CAACL,OAAOZ,WAAW,EAAE,CAACG,UAAYC,EAAAA,cAAAA,GAAAA;AAChD,wBAAA,OAAO7C,EAAE0E,IAAI,CAAC9B,UAAYzC,CAAAA,CAAAA,GAAG,CAAC,CAACwE,UAAAA,GAAAA;4BAC7B,OAAO,CAAC,QAAQ,EAAEtD,UAAAA,CAAW,CAAC,EAAEwB,cAAAA,CAAe,CAAC,EAAE8B,UAAY,CAAA,CAAA;AACxE,yBAAA,CAAA;AACA,qBAAA,CAAA;AACA,iBAAA,CAAA;AAEI,gBAAA,MAAME,UAAa,GAAA;AAAIJ,oBAAAA,GAAAA,UAAAA;AAAeG,oBAAAA,GAAAA;AAAe,iBAAA;AAErD,gBAAA,MAAME,QAAW9E,GAAAA,CAAAA,CAAE+E,UAAU,CAACR,oBAAsBM,EAAAA,UAAAA,CAAAA;AAEpD,gBAAA,MAAMG,QAAQC,GAAG,CACfH,QAAS3E,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,oBAAA,OAAOU,OAAOuC,EAAE,CACbC,KAAK,CAAC,sCAAA,CAAA,CACNc,MAAM,CAAC;wBAAEC,KAAO,EAAA;AAAEjE,4BAAAA;AAAM;AAAI,qBAAA,CAAA;AACvC,iBAAA,CAAA,CAAA;gBAGI,IAAIqD,oBAAAA,CAAqBV,MAAM,KAAK,CAAG,EAAA;;oBAErC,KAAK,MAAMuB,QAAQlB,KAAO,CAAA;AACxB,wBAAA,MAAMmB,WAAWjF,IACfF,CAAAA,MAAAA,CAAO,CAAC,EAAEiB,QAAQ,EAAE,GAAKA,QAAaiE,KAAAA,IAAAA,CAAKxB,IAAI,IAAIzC,QAAAA,KAAa,IAChEhB,CAAAA,EAAAA,GAAAA,CAAIE,KAAK,QACTY,CAAAA,CAAAA,CAAAA,CAAAA,mBAAAA,CAAAA;AAEF,wBAAA,MAAM+D,QAAQC,GAAG,CACfI,QAASlF,CAAAA,GAAG,CAAC,CAACe,MAAAA,GAAAA;AACZ,4BAAA,OAAOU,OAAOuC,EAAE,CAACC,KAAK,CAAC,sCAAA,CAAA,CAAwCkB,MAAM,CAAC;gCACpEC,IAAM,EAAA;AACJrE,oCAAAA,MAAAA;AACAkE,oCAAAA,IAAAA,EAAMA,KAAKI;AACZ;AACf,6BAAA,CAAA;AACA,yBAAA,CAAA,CAAA;AAEO;AACF;AACF,aAAA;YAED,MAAMC,UAAAA,CAAAA,GAAAA;gBACJ,MAAMC,SAAAA,GAAY,MAAM9D,MAAOuC,CAAAA,EAAE,CAACC,KAAK,CAAC,kCAAkCuB,KAAK,EAAA;AAE/E,gBAAA,IAAID,cAAc,CAAG,EAAA;AACnB,oBAAA,MAAM9D,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,eAAA;4BACNC,WAAa,EAAA,2CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AAEM,oBAAA,MAAMhC,OAAOuC,EAAE,CAACC,KAAK,CAAC,gCAAA,CAAA,CAAkCkB,MAAM,CAAC;wBAC7DC,IAAM,EAAA;4BACJK,IAAM,EAAA,QAAA;4BACNC,WAAa,EAAA,6CAAA;4BACbjC,IAAM,EAAA;AACP;AACT,qBAAA,CAAA;AACK;gBAED,OAAO7C,UAAAA,CAAW,qBAAqBkD,eAAe,EAAA;AACvD,aAAA;YAED,MAAM6B,cAAAA,CAAAA,CAAeC,IAAI,EAAEX,IAAI,EAAA;AAC7B,gBAAA,OAAOxD,OAAOuC,EAAE,CACbC,KAAK,CAAC,gCAAA,CAAA,CACN4B,MAAM,CAAC;oBAAEb,KAAO,EAAA;AAAEK,wBAAAA,EAAAA,EAAIO,KAAKP;AAAI,qBAAA;oBAAED,IAAM,EAAA;AAAEH,wBAAAA;AAAM;AAAA,iBAAA,CAAA;AACnD,aAAA;YAED3E,QAASwF,CAAAA,CAAAA,MAAM,EAAEV,IAAI,EAAA;gBACnB,MAAMW,wBAAAA,GAA2BtF,OAAQuF,CAAAA,QAAQ,CAACZ,IAAAA,CAAAA;;gBAGlD,MAAMa,WAAAA,GAAc1F,gCAAgCwF,wBAA0B,EAAA,GAAA,CAAA;gBAE9E,IAAI;oBACF,OAAOlG,CAAAA,CAAES,QAAQ,CAACwF,MAAQ,EAAA;AAAEG,wBAAAA,WAAAA;wBAAaC,QAAU,EAAA,KAAA;wBAAOC,MAAQ,EAAA;qBAASf,CAAAA,CAAAA,IAAAA,CAAAA;AAC5E,iBAAA,CAAC,OAAOgB,CAAG,EAAA;oBACV,MAAM,IAAI5F,MAAO6F,CAAAA,gBAAgB,CAAC,wBAAA,CAAA;AACnC;AACF;SACH,CAAA;;;;;;"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@strapi/plugin-users-permissions",
3
- "version": "0.0.0-next.f0bfcece1007e5aa527570187635aefc86db536e",
3
+ "version": "0.0.0-next.f0f36e3df4b18f167036dcbca529dcb933bf4e1d",
4
4
  "description": "Protect your API with a full-authentication process based on JWT",
5
5
  "repository": {
6
6
  "type": "git",
@@ -48,9 +48,9 @@
48
48
  "watch": "run -T rollup -c -w"
49
49
  },
50
50
  "dependencies": {
51
- "@strapi/design-system": "2.0.0-rc.29",
52
- "@strapi/icons": "2.0.0-rc.29",
53
- "@strapi/utils": "0.0.0-next.f0bfcece1007e5aa527570187635aefc86db536e",
51
+ "@strapi/design-system": "2.0.1",
52
+ "@strapi/icons": "2.0.1",
53
+ "@strapi/utils": "0.0.0-next.f0f36e3df4b18f167036dcbca529dcb933bf4e1d",
54
54
  "bcryptjs": "2.4.3",
55
55
  "formik": "2.4.5",
56
56
  "grant": "^5.4.8",
@@ -70,10 +70,10 @@
70
70
  "zod": "3.25.67"
71
71
  },
72
72
  "devDependencies": {
73
- "@strapi/strapi": "0.0.0-next.f0bfcece1007e5aa527570187635aefc86db536e",
74
- "@testing-library/dom": "10.1.0",
75
- "@testing-library/react": "15.0.7",
76
- "@testing-library/user-event": "14.5.2",
73
+ "@strapi/strapi": "0.0.0-next.f0f36e3df4b18f167036dcbca529dcb933bf4e1d",
74
+ "@testing-library/dom": "10.4.1",
75
+ "@testing-library/react": "16.3.0",
76
+ "@testing-library/user-event": "14.6.1",
77
77
  "msw": "1.3.0",
78
78
  "react": "18.3.1",
79
79
  "react-dom": "18.3.1",
@@ -88,7 +88,7 @@
88
88
  "styled-components": "^6.0.0"
89
89
  },
90
90
  "engines": {
91
- "node": ">=18.0.0 <=22.x.x",
91
+ "node": ">=20.0.0 <=24.x.x",
92
92
  "npm": ">=6.0.0"
93
93
  },
94
94
  "strapi": {
package/server/bootstrap/index.js CHANGED
@@ -11,6 +11,18 @@ const crypto = require('crypto');
11
11
  const _ = require('lodash');
12
12
  const { getService } = require('../utils');
13
13
  const usersPermissionsActions = require('./users-permissions-actions');
14
+ const {
15
+ DEFAULT_ACCESS_TOKEN_LIFESPAN,
16
+ DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,
17
+ DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,
18
+ DEFAULT_MAX_SESSION_LIFESPAN,
19
+ DEFAULT_IDLE_SESSION_LIFESPAN,
20
+ } = require('../services/constants');
21
+
22
+ const getSessionManager = () => {
23
+ const manager = strapi.sessionManager;
24
+ return manager ?? null;
25
+ };
14
26
 
15
27
  const initGrant = async (pluginStore) => {
16
28
  const allProviders = getService('providers-registry').getAll();
@@ -113,6 +125,25 @@ module.exports = async ({ strapi }) => {
113
125
 
114
126
  await getService('users-permissions').initialize();
115
127
 
128
+ // Define users-permissions origin configuration for sessionManager
129
+ const upConfig = strapi.config.get('plugin::users-permissions');
130
+ const sessionManager = getSessionManager();
131
+
132
+ if (sessionManager) {
133
+ sessionManager.defineOrigin('users-permissions', {
134
+ jwtSecret: upConfig.jwtSecret || strapi.config.get('admin.auth.secret'),
135
+ accessTokenLifespan: upConfig.sessions?.accessTokenLifespan || DEFAULT_ACCESS_TOKEN_LIFESPAN,
136
+ maxRefreshTokenLifespan:
137
+ upConfig.sessions?.maxRefreshTokenLifespan || DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,
138
+ idleRefreshTokenLifespan:
139
+ upConfig.sessions?.idleRefreshTokenLifespan || DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,
140
+ maxSessionLifespan: upConfig.sessions?.maxSessionLifespan || DEFAULT_MAX_SESSION_LIFESPAN,
141
+ idleSessionLifespan: upConfig.sessions?.idleSessionLifespan || DEFAULT_IDLE_SESSION_LIFESPAN,
142
+ algorithm: upConfig.jwt?.algorithm,
143
+ jwtOptions: upConfig.jwt || {},
144
+ });
145
+ }
146
+
116
147
  if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
117
148
  if (process.env.NODE_ENV !== 'development') {
118
149
  throw new Error(
package/server/config.js CHANGED
@@ -1,11 +1,33 @@
1
1
  'use strict';
2
2
 
3
+ const {
4
+ DEFAULT_ACCESS_TOKEN_LIFESPAN,
5
+ DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,
6
+ DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,
7
+ DEFAULT_MAX_SESSION_LIFESPAN,
8
+ DEFAULT_IDLE_SESSION_LIFESPAN,
9
+ } = require('./services/constants');
10
+
3
11
  module.exports = {
4
12
  default: ({ env }) => ({
5
13
  jwtSecret: env('JWT_SECRET'),
6
14
  jwt: {
7
15
  expiresIn: '30d',
8
16
  },
17
+ /**
18
+ * JWT management mode for the Content API authentication
19
+ * - "legacy-support": use plugin JWTs (backward compatible)
20
+ * - "refresh": use SessionManager (access/refresh tokens)
21
+ */
22
+ jwtManagement: 'legacy-support',
23
+ sessions: {
24
+ accessTokenLifespan: DEFAULT_ACCESS_TOKEN_LIFESPAN,
25
+ maxRefreshTokenLifespan: DEFAULT_MAX_REFRESH_TOKEN_LIFESPAN,
26
+ idleRefreshTokenLifespan: DEFAULT_IDLE_REFRESH_TOKEN_LIFESPAN,
27
+ maxSessionLifespan: DEFAULT_MAX_SESSION_LIFESPAN,
28
+ idleSessionLifespan: DEFAULT_IDLE_SESSION_LIFESPAN,
29
+ httpOnly: false,
30
+ },
9
31
  ratelimit: {
10
32
  interval: 60000,
11
33
  max: 10,