npm - @strapi/plugin-users-permissions - Versions diffs - 0.0.0-next.fc231041206e6f3999b094160cfa05db2892ad54 → 0.0.0-next.fc9d26d995624dc886b29f563e1de655d47e6609 - Mend

@strapi/plugin-users-permissions 0.0.0-next.fc231041206e6f3999b094160cfa05db2892ad54 → 0.0.0-next.fc9d26d995624dc886b29f563e1de655d47e6609

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (310) hide show

package/.eslintignore +2 -1
package/LICENSE +18 -3
package/admin/src/components/BoundRoute/index.jsx +3 -3
package/admin/src/components/FormModal/Input/index.jsx +33 -32
package/admin/src/components/FormModal/index.jsx +58 -69
package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.jsx +4 -3
package/admin/src/components/Permissions/PermissionRow/SubCategory.jsx +13 -22
package/admin/src/components/Permissions/index.jsx +27 -35
package/admin/src/components/Permissions/reducer.js +1 -1
package/admin/src/components/Policies/index.jsx +8 -6
package/admin/src/components/UsersPermissions/index.jsx +15 -7
package/admin/src/components/UsersPermissions/reducer.js +1 -1
package/admin/src/index.js +17 -34
package/admin/src/pages/AdvancedSettings/index.jsx +84 -129
package/admin/src/pages/AdvancedSettings/utils/layout.js +20 -35
package/admin/src/pages/AdvancedSettings/utils/schema.js +5 -2
package/admin/src/pages/EmailTemplates/components/EmailForm.jsx +120 -140
package/admin/src/pages/EmailTemplates/components/EmailTable.jsx +21 -18
package/admin/src/pages/EmailTemplates/index.jsx +36 -62
package/admin/src/pages/EmailTemplates/utils/schema.js +18 -6
package/admin/src/pages/Providers/index.jsx +98 -113
package/admin/src/pages/Providers/utils/forms.js +23 -11
package/admin/src/pages/Roles/constants.js +3 -3
package/admin/src/pages/Roles/hooks/usePlugins.js +4 -4
package/admin/src/pages/Roles/index.jsx +10 -19
package/admin/src/pages/Roles/pages/CreatePage.jsx +53 -58
package/admin/src/pages/Roles/pages/EditPage.jsx +63 -68
package/admin/src/pages/Roles/pages/ListPage/components/TableBody.jsx +28 -32
package/admin/src/pages/Roles/pages/ListPage/index.jsx +79 -55
package/admin/src/pluginId.js +2 -2
package/admin/src/translations/en.json +1 -1
package/admin/src/utils/prefixPluginTranslations.js +13 -0
package/dist/admin/chunks/ar-BJwjobLp.js +45 -0
package/dist/admin/chunks/ar-BJwjobLp.js.map +1 -0
package/dist/admin/chunks/ar-G6bUGuUb.js +43 -0
package/dist/admin/chunks/ar-G6bUGuUb.js.map +1 -0
package/dist/admin/chunks/cs-Bu59JqhG.js +49 -0
package/dist/admin/chunks/cs-Bu59JqhG.js.map +1 -0
package/dist/admin/chunks/cs-uS_SIEo8.js +51 -0
package/dist/admin/chunks/cs-uS_SIEo8.js.map +1 -0
package/dist/admin/chunks/de-7MVMrqqI.js +63 -0
package/dist/admin/chunks/de-7MVMrqqI.js.map +1 -0
package/dist/admin/chunks/de-B81A69_5.js +61 -0
package/dist/admin/chunks/de-B81A69_5.js.map +1 -0
package/dist/admin/chunks/dk-BaelzvBE.js +85 -0
package/dist/admin/chunks/dk-BaelzvBE.js.map +1 -0
package/dist/admin/chunks/dk-DwCLGmy9.js +87 -0
package/dist/admin/chunks/dk-DwCLGmy9.js.map +1 -0
package/dist/admin/chunks/en-BhgCBe7M.js +85 -0
package/dist/admin/chunks/en-BhgCBe7M.js.map +1 -0
package/dist/admin/chunks/en-DwQjkHi_.js +87 -0
package/dist/admin/chunks/en-DwQjkHi_.js.map +1 -0
package/dist/admin/chunks/es-B0wXmvRj.js +85 -0
package/dist/admin/chunks/es-B0wXmvRj.js.map +1 -0
package/dist/admin/chunks/es-BOJOedG5.js +87 -0
package/dist/admin/chunks/es-BOJOedG5.js.map +1 -0
package/dist/admin/chunks/fr-BDNWCNs0.js +51 -0
package/dist/admin/chunks/fr-BDNWCNs0.js.map +1 -0
package/dist/admin/chunks/fr-CGYvGUXg.js +49 -0
package/dist/admin/chunks/fr-CGYvGUXg.js.map +1 -0
package/dist/admin/chunks/id-CNzbwFjA.js +61 -0
package/dist/admin/chunks/id-CNzbwFjA.js.map +1 -0
package/dist/admin/chunks/id-UqUPykHZ.js +63 -0
package/dist/admin/chunks/id-UqUPykHZ.js.map +1 -0
package/dist/admin/chunks/index-BPiDUOGt.js +471 -0
package/dist/admin/chunks/index-BPiDUOGt.js.map +1 -0
package/dist/admin/chunks/index-BtYUb_br.js +741 -0
package/dist/admin/chunks/index-BtYUb_br.js.map +1 -0
package/dist/admin/chunks/index-CkYplz_3.js +301 -0
package/dist/admin/chunks/index-CkYplz_3.js.map +1 -0
package/dist/admin/chunks/index-CxiKMwJn.js +279 -0
package/dist/admin/chunks/index-CxiKMwJn.js.map +1 -0
package/dist/admin/chunks/index-D01zzG9y.js +1537 -0
package/dist/admin/chunks/index-D01zzG9y.js.map +1 -0
package/dist/admin/chunks/index-DAclA-0k.js +217 -0
package/dist/admin/chunks/index-DAclA-0k.js.map +1 -0
package/dist/admin/chunks/index-DG6Abn44.js +213 -0
package/dist/admin/chunks/index-DG6Abn44.js.map +1 -0
package/dist/admin/chunks/index-De_N0gr1.js +448 -0
package/dist/admin/chunks/index-De_N0gr1.js.map +1 -0
package/dist/admin/chunks/index-DgONbTcJ.js +718 -0
package/dist/admin/chunks/index-DgONbTcJ.js.map +1 -0
package/dist/admin/chunks/index-xVVRcuDA.js +1516 -0
package/dist/admin/chunks/index-xVVRcuDA.js.map +1 -0
package/dist/admin/chunks/it-B2H2foTf.js +61 -0
package/dist/admin/chunks/it-B2H2foTf.js.map +1 -0
package/dist/admin/chunks/it-D5VuyoLU.js +63 -0
package/dist/admin/chunks/it-D5VuyoLU.js.map +1 -0
package/dist/admin/chunks/ja-C0z9d7L9.js +47 -0
package/dist/admin/chunks/ja-C0z9d7L9.js.map +1 -0
package/dist/admin/chunks/ja-MpqVsCgs.js +49 -0
package/dist/admin/chunks/ja-MpqVsCgs.js.map +1 -0
package/dist/admin/chunks/ko-Bm-grPSc.js +87 -0
package/dist/admin/chunks/ko-Bm-grPSc.js.map +1 -0
package/dist/admin/chunks/ko-CzUgzpeS.js +85 -0
package/dist/admin/chunks/ko-CzUgzpeS.js.map +1 -0
package/dist/admin/chunks/ms-CCacxjim.js +48 -0
package/dist/admin/chunks/ms-CCacxjim.js.map +1 -0
package/dist/admin/chunks/ms-D7eyBD5H.js +50 -0
package/dist/admin/chunks/ms-D7eyBD5H.js.map +1 -0
package/dist/admin/chunks/nl-BIOwAQtI.js +49 -0
package/dist/admin/chunks/nl-BIOwAQtI.js.map +1 -0
package/dist/admin/chunks/nl-DDC3nZW-.js +47 -0
package/dist/admin/chunks/nl-DDC3nZW-.js.map +1 -0
package/dist/admin/chunks/pl-D5BeNrg_.js +87 -0
package/dist/admin/chunks/pl-D5BeNrg_.js.map +1 -0
package/dist/admin/chunks/pl-XkS463rN.js +85 -0
package/dist/admin/chunks/pl-XkS463rN.js.map +1 -0
package/dist/admin/chunks/pt-BR-8cC7z8Km.js +43 -0
package/dist/admin/chunks/pt-BR-8cC7z8Km.js.map +1 -0
package/dist/admin/chunks/pt-BR-DxPBzQGx.js +45 -0
package/dist/admin/chunks/pt-BR-DxPBzQGx.js.map +1 -0
package/dist/admin/chunks/pt-DQpEvio8.js +47 -0
package/dist/admin/chunks/pt-DQpEvio8.js.map +1 -0
package/dist/admin/chunks/pt-kkCwzNvH.js +49 -0
package/dist/admin/chunks/pt-kkCwzNvH.js.map +1 -0
package/dist/admin/chunks/ru-BQ0gHmp3.js +87 -0
package/dist/admin/chunks/ru-BQ0gHmp3.js.map +1 -0
package/dist/admin/chunks/ru-nzL_7Mhg.js +85 -0
package/dist/admin/chunks/ru-nzL_7Mhg.js.map +1 -0
package/dist/admin/chunks/sk-Ddxc_tZA.js +49 -0
package/dist/admin/chunks/sk-Ddxc_tZA.js.map +1 -0
package/dist/admin/chunks/sk-nVwAPdYC.js +51 -0
package/dist/admin/chunks/sk-nVwAPdYC.js.map +1 -0
package/dist/admin/chunks/sv-BDfk2A-F.js +87 -0
package/dist/admin/chunks/sv-BDfk2A-F.js.map +1 -0
package/dist/admin/chunks/sv-By3RYpMG.js +85 -0
package/dist/admin/chunks/sv-By3RYpMG.js.map +1 -0
package/dist/admin/chunks/th-BtTtpHe2.js +61 -0
package/dist/admin/chunks/th-BtTtpHe2.js.map +1 -0
package/dist/admin/chunks/th-COl50vqb.js +59 -0
package/dist/admin/chunks/th-COl50vqb.js.map +1 -0
package/dist/admin/chunks/tr-80SJU6jg.js +84 -0
package/dist/admin/chunks/tr-80SJU6jg.js.map +1 -0
package/dist/admin/chunks/tr-Di-Nf7cT.js +86 -0
package/dist/admin/chunks/tr-Di-Nf7cT.js.map +1 -0
package/dist/admin/chunks/uk-CggQOx1l.js +50 -0
package/dist/admin/chunks/uk-CggQOx1l.js.map +1 -0
package/dist/admin/chunks/uk-D8JHuzch.js +48 -0
package/dist/admin/chunks/uk-D8JHuzch.js.map +1 -0
package/dist/admin/chunks/vi-69AF03Iv.js +49 -0
package/dist/admin/chunks/vi-69AF03Iv.js.map +1 -0
package/dist/admin/chunks/vi-D9cCsHsU.js +51 -0
package/dist/admin/chunks/vi-D9cCsHsU.js.map +1 -0
package/dist/admin/chunks/zh-BzSkqxo-.js +85 -0
package/dist/admin/chunks/zh-BzSkqxo-.js.map +1 -0
package/dist/admin/chunks/zh-BzWgJEzz.js +87 -0
package/dist/admin/chunks/zh-BzWgJEzz.js.map +1 -0
package/dist/admin/chunks/zh-Hans-CKqQbpsM.js +87 -0
package/dist/admin/chunks/zh-Hans-CKqQbpsM.js.map +1 -0
package/dist/admin/chunks/zh-Hans-DmDcSsp7.js +85 -0
package/dist/admin/chunks/zh-Hans-DmDcSsp7.js.map +1 -0
package/dist/admin/index.js +6 -3
package/dist/admin/index.js.map +1 -1
package/dist/admin/index.mjs +1 -5
package/dist/admin/index.mjs.map +1 -1
package/dist/server/index.js +4739 -0
package/dist/server/index.js.map +1 -0
package/dist/server/index.mjs +4737 -0
package/dist/server/index.mjs.map +1 -0
package/package.json +31 -32
package/rollup.config.mjs +52 -0
package/server/bootstrap/index.js +18 -51
package/server/bootstrap/users-permissions-actions.js +6 -0
package/server/config.js +29 -0
package/server/content-types/user/index.js +0 -1
package/server/controllers/auth.js +63 -64
package/server/controllers/content-manager-user.js +28 -30
package/server/controllers/role.js +17 -4
package/server/controllers/user.js +8 -9
package/server/controllers/validation/auth.js +81 -25
package/server/graphql/types/index.js +1 -0
package/server/graphql/types/me.js +1 -0
package/server/graphql/types/user-input.js +20 -0
package/server/middlewares/rateLimit.js +1 -1
package/server/register.js +2 -2
package/server/services/jwt.js +3 -3
package/server/services/permission.js +3 -7
package/server/services/providers-registry.js +468 -275
package/server/services/providers.js +10 -5
package/server/services/role.js +15 -13
package/server/services/user.js +56 -19
package/server/services/users-permissions.js +15 -13
package/server/utils/index.d.ts +2 -1
package/server/utils/sanitize/sanitizers.js +7 -3
package/server/utils/sanitize/visitors/remove-user-relation-from-role-entities.js +2 -2
package/admin/src/pages/Roles/pages/ListPage/utils/api.js +0 -30
package/dist/_chunks/ar-MvD8Ghac.mjs +0 -44
package/dist/_chunks/ar-MvD8Ghac.mjs.map +0 -1
package/dist/_chunks/ar-t5qTFaAD.js +0 -44
package/dist/_chunks/ar-t5qTFaAD.js.map +0 -1
package/dist/_chunks/cs-BMuXwxA1.mjs +0 -50
package/dist/_chunks/cs-BMuXwxA1.mjs.map +0 -1
package/dist/_chunks/cs-I8N4u-Sd.js +0 -50
package/dist/_chunks/cs-I8N4u-Sd.js.map +0 -1
package/dist/_chunks/de-YTjtq89K.js +0 -62
package/dist/_chunks/de-YTjtq89K.js.map +0 -1
package/dist/_chunks/de-zs2qqc0W.mjs +0 -62
package/dist/_chunks/de-zs2qqc0W.mjs.map +0 -1
package/dist/_chunks/dk-HctVBMsG.mjs +0 -86
package/dist/_chunks/dk-HctVBMsG.mjs.map +0 -1
package/dist/_chunks/dk-TF-dWjzl.js +0 -86
package/dist/_chunks/dk-TF-dWjzl.js.map +0 -1
package/dist/_chunks/en-CE3wEy_c.mjs +0 -86
package/dist/_chunks/en-CE3wEy_c.mjs.map +0 -1
package/dist/_chunks/en-m608rMZx.js +0 -86
package/dist/_chunks/en-m608rMZx.js.map +0 -1
package/dist/_chunks/es-9381tih_.mjs +0 -86
package/dist/_chunks/es-9381tih_.mjs.map +0 -1
package/dist/_chunks/es-XBQsB8_9.js +0 -86
package/dist/_chunks/es-XBQsB8_9.js.map +0 -1
package/dist/_chunks/fr-6cz3U-IF.js +0 -50
package/dist/_chunks/fr-6cz3U-IF.js.map +0 -1
package/dist/_chunks/fr-CMSc77If.mjs +0 -50
package/dist/_chunks/fr-CMSc77If.mjs.map +0 -1
package/dist/_chunks/id-RJ934rq-.js +0 -62
package/dist/_chunks/id-RJ934rq-.js.map +0 -1
package/dist/_chunks/id-SDuyIkZa.mjs +0 -62
package/dist/_chunks/id-SDuyIkZa.mjs.map +0 -1
package/dist/_chunks/index-5-krOCaE.mjs +0 -250
package/dist/_chunks/index-5-krOCaE.mjs.map +0 -1
package/dist/_chunks/index-Aq7T7skI.js +0 -1191
package/dist/_chunks/index-Aq7T7skI.js.map +0 -1
package/dist/_chunks/index-LN8gSFZ3.mjs +0 -385
package/dist/_chunks/index-LN8gSFZ3.mjs.map +0 -1
package/dist/_chunks/index-RWAJu_-T.js +0 -407
package/dist/_chunks/index-RWAJu_-T.js.map +0 -1
package/dist/_chunks/index-SICvbeQf.mjs +0 -301
package/dist/_chunks/index-SICvbeQf.mjs.map +0 -1
package/dist/_chunks/index-YkMqn-9t.js +0 -249
package/dist/_chunks/index-YkMqn-9t.js.map +0 -1
package/dist/_chunks/index-_wwOOuf_.js +0 -320
package/dist/_chunks/index-_wwOOuf_.js.map +0 -1
package/dist/_chunks/index-dnfs8wOQ.js +0 -638
package/dist/_chunks/index-dnfs8wOQ.js.map +0 -1
package/dist/_chunks/index-l_QWM0NZ.mjs +0 -1159
package/dist/_chunks/index-l_QWM0NZ.mjs.map +0 -1
package/dist/_chunks/index-wiA9qAAp.mjs +0 -615
package/dist/_chunks/index-wiA9qAAp.mjs.map +0 -1
package/dist/_chunks/it-YhZOlM2X.js +0 -62
package/dist/_chunks/it-YhZOlM2X.js.map +0 -1
package/dist/_chunks/it-bvH7DgQo.mjs +0 -62
package/dist/_chunks/it-bvH7DgQo.mjs.map +0 -1
package/dist/_chunks/ja-o_-JPvQv.mjs +0 -48
package/dist/_chunks/ja-o_-JPvQv.mjs.map +0 -1
package/dist/_chunks/ja-xssHUXFv.js +0 -48
package/dist/_chunks/ja-xssHUXFv.js.map +0 -1
package/dist/_chunks/ko-C3mHUSJa.js +0 -86
package/dist/_chunks/ko-C3mHUSJa.js.map +0 -1
package/dist/_chunks/ko-XJbPSez_.mjs +0 -86
package/dist/_chunks/ko-XJbPSez_.mjs.map +0 -1
package/dist/_chunks/ms-II5Ea73J.mjs +0 -49
package/dist/_chunks/ms-II5Ea73J.mjs.map +0 -1
package/dist/_chunks/ms-d0hfg65Z.js +0 -49
package/dist/_chunks/ms-d0hfg65Z.js.map +0 -1
package/dist/_chunks/nl-TA7TfK_5.js +0 -48
package/dist/_chunks/nl-TA7TfK_5.js.map +0 -1
package/dist/_chunks/nl-vEy6TN0K.mjs +0 -48
package/dist/_chunks/nl-vEy6TN0K.mjs.map +0 -1
package/dist/_chunks/pl-0pUL9hdA.js +0 -86
package/dist/_chunks/pl-0pUL9hdA.js.map +0 -1
package/dist/_chunks/pl-2VowaFGt.mjs +0 -86
package/dist/_chunks/pl-2VowaFGt.mjs.map +0 -1
package/dist/_chunks/pt-BR-WNOhafR4.js +0 -44
package/dist/_chunks/pt-BR-WNOhafR4.js.map +0 -1
package/dist/_chunks/pt-BR-sS1Xp3Jt.mjs +0 -44
package/dist/_chunks/pt-BR-sS1Xp3Jt.mjs.map +0 -1
package/dist/_chunks/pt-Rf9W51IO.mjs +0 -48
package/dist/_chunks/pt-Rf9W51IO.mjs.map +0 -1
package/dist/_chunks/pt-guNR9Gax.js +0 -48
package/dist/_chunks/pt-guNR9Gax.js.map +0 -1
package/dist/_chunks/ru-X3BMXDds.js +0 -86
package/dist/_chunks/ru-X3BMXDds.js.map +0 -1
package/dist/_chunks/ru-qKHnd5or.mjs +0 -86
package/dist/_chunks/ru-qKHnd5or.mjs.map +0 -1
package/dist/_chunks/sk-NWPw1oTN.js +0 -50
package/dist/_chunks/sk-NWPw1oTN.js.map +0 -1
package/dist/_chunks/sk-_Ryr-eTT.mjs +0 -50
package/dist/_chunks/sk-_Ryr-eTT.mjs.map +0 -1
package/dist/_chunks/sv-76NnbB__.js +0 -86
package/dist/_chunks/sv-76NnbB__.js.map +0 -1
package/dist/_chunks/sv-BqzScFXS.mjs +0 -86
package/dist/_chunks/sv-BqzScFXS.mjs.map +0 -1
package/dist/_chunks/th-WsknMEpq.mjs +0 -60
package/dist/_chunks/th-WsknMEpq.mjs.map +0 -1
package/dist/_chunks/th-cbppX21D.js +0 -60
package/dist/_chunks/th-cbppX21D.js.map +0 -1
package/dist/_chunks/tr-6mm_Fmz7.js +0 -85
package/dist/_chunks/tr-6mm_Fmz7.js.map +0 -1
package/dist/_chunks/tr-_DB1F1GW.mjs +0 -85
package/dist/_chunks/tr-_DB1F1GW.mjs.map +0 -1
package/dist/_chunks/uk-sI2I1ogF.js +0 -49
package/dist/_chunks/uk-sI2I1ogF.js.map +0 -1
package/dist/_chunks/uk-yxMSQAwI.mjs +0 -49
package/dist/_chunks/uk-yxMSQAwI.mjs.map +0 -1
package/dist/_chunks/vi-A3zJxaiI.js +0 -50
package/dist/_chunks/vi-A3zJxaiI.js.map +0 -1
package/dist/_chunks/vi-xY0zCW3d.mjs +0 -50
package/dist/_chunks/vi-xY0zCW3d.mjs.map +0 -1
package/dist/_chunks/zh-72SpmFXa.js +0 -86
package/dist/_chunks/zh-72SpmFXa.js.map +0 -1
package/dist/_chunks/zh-Hans-ArWWtyP4.js +0 -86
package/dist/_chunks/zh-Hans-ArWWtyP4.js.map +0 -1
package/dist/_chunks/zh-Hans-E84cu4kP.mjs +0 -86
package/dist/_chunks/zh-Hans-E84cu4kP.mjs.map +0 -1
package/dist/_chunks/zh-OFeldzbX.mjs +0 -86
package/dist/_chunks/zh-OFeldzbX.mjs.map +0 -1
package/packup.config.ts +0 -22
package/server/bootstrap/grant-config.js +0 -140
package/strapi-server.js +0 -3

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "0.0.0-next.fc231041206e6f3999b094160cfa05db2892ad54",
+  "version": "0.0.0-next.fc9d26d995624dc886b29f563e1de655d47e6609",
   "description": "Protect your API with a full-authentication process based on JWT",
   "repository": {
     "type": "git",
@@ -27,14 +27,16 @@
       "default": "./dist/admin/index.js"
     },
     "./strapi-server": {
-      "source": "./strapi-server.js",
-      "require": "./strapi-server.js",
-      "default": "./strapi-server.js"
+      "source": "./server/index.js",
+      "import": "./dist/server/index.mjs",
+      "require": "./dist/server/index.js",
+      "default": "./dist/server/index.js"
     },
     "./package.json": "./package.json"
   },
   "scripts": {
-    "build": "pack-up build",
+    "build": "run -T npm-run-all clean build:code",
+    "build:code": "run -T rollup -c",
     "clean": "run -T rimraf dist",
     "lint": "run -T eslint .",
     "test:front": "run -T cross-env IS_EE=true jest --config ./jest.config.front.js",
@@ -43,51 +45,49 @@
     "test:front:watch:ce": "run -T cross-env IS_EE=false jest --config ./jest.config.front.js --watchAll",
     "test:unit": "run -T jest",
     "test:unit:watch": "run -T jest --watch",
-    "watch": "pack-up watch"
+    "watch": "run -T rollup -c -w"
   },
   "dependencies": {
-    "@strapi/design-system": "1.16.0",
-    "@strapi/helper-plugin": "0.0.0-next.fc231041206e6f3999b094160cfa05db2892ad54",
-    "@strapi/icons": "1.16.0",
-    "@strapi/utils": "0.0.0-next.fc231041206e6f3999b094160cfa05db2892ad54",
+    "@strapi/design-system": "2.0.0-rc.14",
+    "@strapi/icons": "2.0.0-rc.14",
+    "@strapi/utils": "0.0.0-next.fc9d26d995624dc886b29f563e1de655d47e6609",
     "bcryptjs": "2.4.3",
-    "formik": "2.4.0",
-    "grant-koa": "5.4.8",
-    "immer": "9.0.19",
+    "formik": "2.4.5",
+    "grant": "^5.4.8",
+    "immer": "9.0.21",
     "jsonwebtoken": "9.0.0",
     "jwk-to-pem": "2.0.5",
-    "koa": "2.13.4",
-    "koa2-ratelimit": "^1.1.2",
+    "koa": "2.15.2",
+    "koa2-ratelimit": "^1.1.3",
     "lodash": "4.17.21",
     "prop-types": "^15.8.1",
     "purest": "4.0.2",
-    "react-intl": "6.4.1",
+    "react-intl": "6.6.2",
     "react-query": "3.39.3",
-    "react-redux": "8.1.1",
+    "react-redux": "8.1.3",
     "url-join": "4.0.1",
     "yup": "0.32.9"
   },
   "devDependencies": {
-    "@strapi/pack-up": "0.0.0-next.fc231041206e6f3999b094160cfa05db2892ad54",
-    "@strapi/strapi": "0.0.0-next.fc231041206e6f3999b094160cfa05db2892ad54",
-    "@testing-library/dom": "9.2.0",
-    "@testing-library/react": "14.0.0",
-    "@testing-library/user-event": "14.4.3",
+    "@strapi/strapi": "0.0.0-next.fc9d26d995624dc886b29f563e1de655d47e6609",
+    "@testing-library/dom": "10.1.0",
+    "@testing-library/react": "15.0.7",
+    "@testing-library/user-event": "14.5.2",
     "msw": "1.3.0",
-    "react": "^18.2.0",
-    "react-dom": "^18.2.0",
-    "react-router-dom": "5.3.4",
-    "styled-components": "5.3.3"
+    "react": "18.3.1",
+    "react-dom": "18.3.1",
+    "react-router-dom": "6.22.3",
+    "styled-components": "6.1.8"
   },
   "peerDependencies": {
-    "@strapi/strapi": "^4.0.0",
+    "@strapi/strapi": "^5.0.0",
     "react": "^17.0.0 || ^18.0.0",
     "react-dom": "^17.0.0 || ^18.0.0",
-    "react-router-dom": "^5.2.0",
-    "styled-components": "^5.2.1"
+    "react-router-dom": "^6.0.0",
+    "styled-components": "^6.0.0"
   },
   "engines": {
-    "node": ">=18.0.0 <=20.x.x",
+    "node": ">=18.0.0 <=22.x.x",
     "npm": ">=6.0.0"
   },
   "strapi": {
@@ -96,6 +96,5 @@
     "description": "Protect your API with a full authentication process based on JWT. This plugin comes also with an ACL strategy that allows you to manage the permissions between the groups of users.",
     "required": true,
     "kind": "plugin"
-  },
-  "gitHead": "fc231041206e6f3999b094160cfa05db2892ad54"
+  }
 }

package/rollup.config.mjs ADDED Viewed

@@ -0,0 +1,52 @@
+import { defineConfig } from 'rollup';
+import path from 'path';
+import { basePlugins } from '../../../rollup.utils.mjs';
+export default defineConfig([
+  {
+    input: path.join(import.meta.dirname, 'admin/src/index.js'),
+    external: (id) => !path.isAbsolute(id) && !id.startsWith('.'),
+    output: [
+      {
+        dir: path.join(import.meta.dirname, 'dist/admin'),
+        entryFileNames: '[name].js',
+        chunkFileNames: 'chunks/[name]-[hash].js',
+        exports: 'auto',
+        format: 'cjs',
+        sourcemap: true,
+      },
+      {
+        dir: path.join(import.meta.dirname, 'dist/admin'),
+        entryFileNames: '[name].mjs',
+        chunkFileNames: 'chunks/[name]-[hash].js',
+        exports: 'auto',
+        format: 'esm',
+        sourcemap: true,
+      },
+    ],
+    plugins: [...basePlugins(import.meta.dirname)],
+  },
+  {
+    input: path.join(import.meta.dirname, 'server/index.js'),
+    external: (id) => !path.isAbsolute(id) && !id.startsWith('.'),
+    output: [
+      {
+        dir: path.join(import.meta.dirname, 'dist/server'),
+        entryFileNames: '[name].js',
+        chunkFileNames: 'chunks/[name]-[hash].js',
+        exports: 'auto',
+        format: 'cjs',
+        sourcemap: true,
+      },
+      {
+        dir: path.join(import.meta.dirname, 'dist/server'),
+        entryFileNames: '[name].mjs',
+        chunkFileNames: 'chunks/[name]-[hash].js',
+        exports: 'auto',
+        format: 'esm',
+        sourcemap: true,
+      },
+    ],
+    plugins: [...basePlugins(import.meta.dirname)],
+  },
+]);

package/server/bootstrap/index.js CHANGED Viewed

@@ -9,25 +9,26 @@
  */
 const crypto = require('crypto');
 const _ = require('lodash');
-const urljoin = require('url-join');
-const { isArray } = require('lodash/fp');
 const { getService } = require('../utils');
-const getGrantConfig = require('./grant-config');
 const usersPermissionsActions = require('./users-permissions-actions');
-const userSchema = require('../content-types/user');
 const initGrant = async (pluginStore) => {
-  const apiPrefix = strapi.config.get('api.rest.prefix');
-  const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');
+  const allProviders = getService('providers-registry').getAll();
+  const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {
+    const { icon, enabled, grantConfig } = provider;
-  const grantConfig = getGrantConfig(baseURL);
+    acc[name] = {
+      icon,
+      enabled,
+      ...grantConfig,
+    };
+    return acc;
+  }, {});
   const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};
-  // store grant auth config to db
-  // when plugin_users-permissions_grant is not existed in db
-  // or we have added/deleted provider here.
-  if (!prevGrantConfig || !_.isEqual(_.keys(prevGrantConfig), _.keys(grantConfig))) {
+  if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {
     // merge with the previous provider config.
     _.keys(grantConfig).forEach((key) => {
       if (key in prevGrantConfig) {
@@ -99,27 +100,6 @@ const initAdvancedOptions = async (pluginStore) => {
   }
 };
-const userSchemaAdditions = () => {
-  const defaultSchema = Object.keys(userSchema.attributes);
-  const currentSchema = Object.keys(
-    strapi.contentTypes['plugin::users-permissions.user'].attributes
-  );
-  // Some dynamic fields may not have been initialized yet, so we need to ignore them
-  // TODO: we should have a global method for finding these
-  const ignoreDiffs = [
-    'createdBy',
-    'createdAt',
-    'updatedBy',
-    'updatedAt',
-    'publishedAt',
-    'strapi_stage',
-    'strapi_assignee',
-  ];
-  return currentSchema.filter((key) => !(ignoreDiffs.includes(key) || defaultSchema.includes(key)));
-};
 module.exports = async ({ strapi }) => {
   const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
@@ -127,13 +107,13 @@ module.exports = async ({ strapi }) => {
   await initEmails(pluginStore);
   await initAdvancedOptions(pluginStore);
-  await strapi.admin.services.permission.actionProvider.registerMany(
-    usersPermissionsActions.actions
-  );
+  await strapi
+    .service('admin::permission')
+    .actionProvider.registerMany(usersPermissionsActions.actions);
   await getService('users-permissions').initialize();
-  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
+  if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
     if (process.env.NODE_ENV !== 'development') {
       throw new Error(
         `Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
@@ -143,7 +123,7 @@ For security reasons, prefer storing the secret in an environment variable and r
     const jwtSecret = crypto.randomBytes(16).toString('base64');
-    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
+    strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
     if (!process.env.JWT_SECRET) {
       const envPath = process.env.ENV_PATH || '.env';
@@ -153,17 +133,4 @@ For security reasons, prefer storing the secret in an environment variable and r
       );
     }
   }
-  // TODO v5: Remove this block of code and default allowedFields to empty array
-  if (!isArray(strapi.config.get('plugin.users-permissions.register.allowedFields'))) {
-    const modifications = userSchemaAdditions();
-    if (modifications.length > 0) {
-      // if there is a potential vulnerability, show a warning
-      strapi.log.warn(
-        `Users-permissions registration has defaulted to accepting the following additional user fields during registration: ${modifications.join(
-          ','
-        )}`
-      );
-    }
-  }
 };

package/server/bootstrap/users-permissions-actions.js CHANGED Viewed

@@ -16,6 +16,12 @@ module.exports = {
       uid: 'roles.read',
       subCategory: 'roles',
       pluginName: 'users-permissions',
+      aliases: [
+        {
+          actionId: 'plugin::content-manager.explorer.read',
+          subjects: ['plugin::users-permissions.role'],
+        },
+      ],
     },
     {
       section: 'plugins',

package/server/config.js CHANGED Viewed

@@ -18,6 +18,35 @@ module.exports = {
         },
       },
     },
+    callback: {
+      validate(callback, provider) {
+        let uCallback;
+        let uProviderCallback;
+        try {
+          uCallback = new URL(callback);
+          uProviderCallback = new URL(provider.callback);
+        } catch {
+          throw new Error('The callback is not a valid URL');
+        }
+        // Make sure the different origin matches
+        if (uCallback.origin !== uProviderCallback.origin) {
+          throw new Error(
+            `Forbidden callback provided: origins don't match. Please verify your config.`
+          );
+        }
+        // Make sure the different pathname matches
+        if (uCallback.pathname !== uProviderCallback.pathname) {
+          throw new Error(
+            `Forbidden callback provided: pathname don't match. Please verify your config.`
+          );
+        }
+        // NOTE: We're not checking the search parameters on purpose to allow passing different states
+      },
+    },
   }),
   validator() {},
 };

package/server/content-types/user/index.js CHANGED Viewed

@@ -12,7 +12,6 @@ module.exports = {
     displayName: 'User',
   },
   options: {
-    draftAndPublish: false,
     timestamps: true,
   },
   attributes: {

package/server/controllers/auth.js CHANGED Viewed

@@ -11,9 +11,6 @@ const crypto = require('crypto');
 const _ = require('lodash');
 const { concat, compact, isArray } = require('lodash/fp');
 const utils = require('@strapi/utils');
-const {
-  contentTypes: { getNonWritableAttributes },
-} = require('@strapi/utils');
 const { getService } = require('../utils');
 const {
   validateCallbackBody,
@@ -25,17 +22,16 @@ const {
   validateChangePasswordBody,
 } = require('./validation/auth');
-const { getAbsoluteAdminUrl, getAbsoluteServerUrl, sanitize } = utils;
 const { ApplicationError, ValidationError, ForbiddenError } = utils.errors;
 const sanitizeUser = (user, ctx) => {
   const { auth } = ctx.state;
   const userSchema = strapi.getModel('plugin::users-permissions.user');
-  return sanitize.contentAPI.output(user, userSchema, { auth });
+  return strapi.contentAPI.sanitize.output(user, userSchema, { auth });
 };
-module.exports = {
+module.exports = ({ strapi }) => ({
   async callback(ctx) {
     const provider = ctx.params.provider || 'local';
     const params = ctx.request.body;
@@ -55,7 +51,7 @@ module.exports = {
       const { identifier } = params;
       // Check if the user exists.
-      const user = await strapi.query('plugin::users-permissions.user').findOne({
+      const user = await strapi.db.query('plugin::users-permissions.user').findOne({
         where: {
           provider,
           $or: [{ email: identifier.toLowerCase() }, { username: identifier }],
@@ -118,13 +114,17 @@ module.exports = {
       throw new ApplicationError('You must be authenticated to reset your password');
     }
-    const { currentPassword, password } = await validateChangePasswordBody(ctx.request.body);
+    const validations = strapi.config.get('plugin::users-permissions.validationRules');
-    const user = await strapi.entityService.findOne(
-      'plugin::users-permissions.user',
-      ctx.state.user.id
+    const { currentPassword, password } = await validateChangePasswordBody(
+      ctx.request.body,
+      validations
     );
+    const user = await strapi.db
+      .query('plugin::users-permissions.user')
+      .findOne({ where: { id: ctx.state.user.id } });
     const validPassword = await getService('user').validatePassword(currentPassword, user.password);
     if (!validPassword) {
@@ -144,15 +144,18 @@ module.exports = {
   },
   async resetPassword(ctx) {
+    const validations = strapi.config.get('plugin::users-permissions.validationRules');
     const { password, passwordConfirmation, code } = await validateResetPasswordBody(
-      ctx.request.body
+      ctx.request.body,
+      validations
     );
     if (password !== passwordConfirmation) {
       throw new ValidationError('Passwords do not match');
     }
-    const user = await strapi
+    const user = await strapi.db
       .query('plugin::users-permissions.user')
       .findOne({ where: { resetPasswordToken: code } });
@@ -173,7 +176,7 @@ module.exports = {
   },
   async connect(ctx, next) {
-    const grant = require('grant-koa');
+    const grant = require('grant').koa();
     const providers = await strapi
       .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })
@@ -201,10 +204,28 @@ module.exports = {
     }
     // Ability to pass OAuth callback dynamically
-    grantConfig[provider].callback =
-      _.get(ctx, 'query.callback') ||
-      _.get(ctx, 'session.grant.dynamic.callback') ||
-      grantConfig[provider].callback;
+    const queryCustomCallback = _.get(ctx, 'query.callback');
+    const dynamicSessionCallback = _.get(ctx, 'session.grant.dynamic.callback');
+    const customCallback = queryCustomCallback ?? dynamicSessionCallback;
+    // The custom callback is validated to make sure it's not redirecting to an unwanted actor.
+    if (customCallback !== undefined) {
+      try {
+        // We're extracting the callback validator from the plugin config since it can be user-customized
+        const { validate: validateCallback } = strapi
+          .plugin('users-permissions')
+          .config('callback');
+        await validateCallback(customCallback, grantConfig[provider]);
+        grantConfig[provider].callback = customCallback;
+      } catch (e) {
+        throw new ValidationError('Invalid callback URL provided', { callback: customCallback });
+      }
+    }
+    // Build a valid redirect URI for the current provider
     grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);
     return grant(grantConfig)(ctx, next);
@@ -219,7 +240,7 @@ module.exports = {
     const advancedSettings = await pluginStore.get({ key: 'advanced' });
     // Find the user by email.
-    const user = await strapi
+    const user = await strapi.db
       .query('plugin::users-permissions.user')
       .findOne({ where: { email: email.toLowerCase() } });
@@ -237,8 +258,8 @@ module.exports = {
       resetPasswordSettings.message,
       {
         URL: advancedSettings.email_reset_password,
-        SERVER_URL: getAbsoluteServerUrl(strapi.config),
-        ADMIN_URL: getAbsoluteAdminUrl(strapi.config),
+        SERVER_URL: strapi.config.get('server.absoluteUrl'),
+        ADMIN_URL: strapi.config.get('admin.absoluteUrl'),
         USER: userInfo,
         TOKEN: resetPasswordToken,
       }
@@ -281,55 +302,32 @@ module.exports = {
       throw new ApplicationError('Register action is currently disabled');
     }
-    const { register } = strapi.config.get('plugin.users-permissions');
+    const { register } = strapi.config.get('plugin::users-permissions');
     const alwaysAllowedKeys = ['username', 'password', 'email'];
-    const userModel = strapi.contentTypes['plugin::users-permissions.user'];
-    const { attributes } = userModel;
-    const nonWritable = getNonWritableAttributes(userModel);
+    // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration
     const allowedKeys = compact(
-      concat(
-        alwaysAllowedKeys,
-        isArray(register?.allowedFields)
-          ? // Note that we do not filter allowedFields in case a user explicitly chooses to allow a private or otherwise omitted field on registration
-            register.allowedFields // if null or undefined, compact will remove it
-          : // to prevent breaking changes, if allowedFields is not set in config, we only remove private and known dangerous user schema fields
-            // TODO V5: allowedFields defaults to [] when undefined and remove this case
-            Object.keys(attributes).filter(
-              (key) =>
-                !nonWritable.includes(key) &&
-                !attributes[key].private &&
-                ![
-                  // many of these are included in nonWritable, but we'll list them again to be safe and since we're removing this code in v5 anyway
-                  // Strapi user schema fields
-                  'confirmed',
-                  'blocked',
-                  'confirmationToken',
-                  'resetPasswordToken',
-                  'provider',
-                  'id',
-                  'role',
-                  // other Strapi fields that might be added
-                  'createdAt',
-                  'updatedAt',
-                  'createdBy',
-                  'updatedBy',
-                  'publishedAt', // d&p
-                  'strapi_reviewWorkflows_stage', // review workflows
-                ].includes(key)
-            )
-      )
+      concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : [])
     );
+    // Check if there are any keys in requestBody that are not in allowedKeys
+    const invalidKeys = Object.keys(ctx.request.body).filter((key) => !allowedKeys.includes(key));
+    if (invalidKeys.length > 0) {
+      // If there are invalid keys, throw an error
+      throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);
+    }
     const params = {
       ..._.pick(ctx.request.body, allowedKeys),
       provider: 'local',
     };
-    await validateRegisterBody(params);
+    const validations = strapi.config.get('plugin::users-permissions.validationRules');
-    const role = await strapi
+    await validateRegisterBody(params, validations);
+    const role = await strapi.db
       .query('plugin::users-permissions.role')
       .findOne({ where: { type: settings.default_role } });
@@ -348,7 +346,7 @@ module.exports = {
       ],
     };
-    const conflictingUserCount = await strapi.query('plugin::users-permissions.user').count({
+    const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({
       where: { ...identifierFilter, provider },
     });
@@ -357,7 +355,7 @@ module.exports = {
     }
     if (settings.unique_email) {
-      const conflictingUserCount = await strapi.query('plugin::users-permissions.user').count({
+      const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({
         where: { ...identifierFilter },
       });
@@ -382,7 +380,8 @@ module.exports = {
       try {
         await getService('user').sendConfirmationEmail(sanitizedUser);
       } catch (err) {
-        throw new ApplicationError(err.message);
+        strapi.log.error(err);
+        throw new ApplicationError('Error sending confirmation email');
       }
       return ctx.send({ user: sanitizedUser });
@@ -427,7 +426,7 @@ module.exports = {
   async sendEmailConfirmation(ctx) {
     const { email } = await validateSendEmailConfirmationBody(ctx.request.body);
-    const user = await strapi.query('plugin::users-permissions.user').findOne({
+    const user = await strapi.db.query('plugin::users-permissions.user').findOne({
       where: { email: email.toLowerCase() },
     });
@@ -450,4 +449,4 @@ module.exports = {
       sent: true,
     });
   },
-};
+});