npm - @strapi/plugin-users-permissions - Versions diffs - 0.0.0-next.fd9757603c653ca239c45d6e28ab536d2dae0b39 → 0.0.0-next.fdac61dd05ca665168f51f655f1d165b55ec4231 - Mend

@strapi/plugin-users-permissions 0.0.0-next.fd9757603c653ca239c45d6e28ab536d2dae0b39 → 0.0.0-next.fdac61dd05ca665168f51f655f1d165b55ec4231

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (307) hide show

package/.eslintignore +2 -1
package/admin/src/components/BoundRoute/index.jsx +3 -3
package/admin/src/components/FormModal/Input/index.jsx +33 -32
package/admin/src/components/FormModal/index.jsx +58 -69
package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.jsx +4 -3
package/admin/src/components/Permissions/PermissionRow/SubCategory.jsx +13 -22
package/admin/src/components/Permissions/index.jsx +27 -35
package/admin/src/components/Permissions/reducer.js +1 -1
package/admin/src/components/Policies/index.jsx +8 -6
package/admin/src/components/UsersPermissions/index.jsx +15 -7
package/admin/src/components/UsersPermissions/reducer.js +1 -1
package/admin/src/index.js +17 -34
package/admin/src/pages/AdvancedSettings/index.jsx +84 -129
package/admin/src/pages/AdvancedSettings/utils/layout.js +20 -35
package/admin/src/pages/AdvancedSettings/utils/schema.js +5 -2
package/admin/src/pages/EmailTemplates/components/EmailForm.jsx +120 -140
package/admin/src/pages/EmailTemplates/components/EmailTable.jsx +21 -18
package/admin/src/pages/EmailTemplates/index.jsx +36 -62
package/admin/src/pages/EmailTemplates/utils/schema.js +18 -6
package/admin/src/pages/Providers/index.jsx +97 -112
package/admin/src/pages/Providers/utils/forms.js +23 -11
package/admin/src/pages/Roles/constants.js +3 -3
package/admin/src/pages/Roles/hooks/usePlugins.js +4 -4
package/admin/src/pages/Roles/index.jsx +10 -19
package/admin/src/pages/Roles/pages/CreatePage.jsx +53 -58
package/admin/src/pages/Roles/pages/EditPage.jsx +63 -68
package/admin/src/pages/Roles/pages/ListPage/components/TableBody.jsx +28 -32
package/admin/src/pages/Roles/pages/ListPage/index.jsx +79 -55
package/admin/src/pluginId.js +2 -2
package/admin/src/translations/en.json +1 -1
package/admin/src/utils/prefixPluginTranslations.js +13 -0
package/dist/admin/chunks/ar-BJwjobLp.js +45 -0
package/dist/admin/chunks/ar-BJwjobLp.js.map +1 -0
package/dist/admin/chunks/ar-G6bUGuUb.mjs +43 -0
package/dist/admin/chunks/ar-G6bUGuUb.mjs.map +1 -0
package/dist/admin/chunks/cs-Bu59JqhG.mjs +49 -0
package/dist/admin/chunks/cs-Bu59JqhG.mjs.map +1 -0
package/dist/admin/chunks/cs-uS_SIEo8.js +51 -0
package/dist/admin/chunks/cs-uS_SIEo8.js.map +1 -0
package/dist/admin/chunks/de-7MVMrqqI.js +63 -0
package/dist/admin/chunks/de-7MVMrqqI.js.map +1 -0
package/dist/admin/chunks/de-B81A69_5.mjs +61 -0
package/dist/admin/chunks/de-B81A69_5.mjs.map +1 -0
package/dist/admin/chunks/dk-BaelzvBE.mjs +85 -0
package/dist/admin/chunks/dk-BaelzvBE.mjs.map +1 -0
package/dist/admin/chunks/dk-DwCLGmy9.js +87 -0
package/dist/admin/chunks/dk-DwCLGmy9.js.map +1 -0
package/dist/admin/chunks/en-BhgCBe7M.mjs +85 -0
package/dist/admin/chunks/en-BhgCBe7M.mjs.map +1 -0
package/dist/admin/chunks/en-DwQjkHi_.js +87 -0
package/dist/admin/chunks/en-DwQjkHi_.js.map +1 -0
package/dist/admin/chunks/es-B0wXmvRj.mjs +85 -0
package/dist/admin/chunks/es-B0wXmvRj.mjs.map +1 -0
package/dist/admin/chunks/es-BOJOedG5.js +87 -0
package/dist/admin/chunks/es-BOJOedG5.js.map +1 -0
package/dist/admin/chunks/fr-BDNWCNs0.js +51 -0
package/dist/admin/chunks/fr-BDNWCNs0.js.map +1 -0
package/dist/admin/chunks/fr-CGYvGUXg.mjs +49 -0
package/dist/admin/chunks/fr-CGYvGUXg.mjs.map +1 -0
package/dist/admin/chunks/id-CNzbwFjA.mjs +61 -0
package/dist/admin/chunks/id-CNzbwFjA.mjs.map +1 -0
package/dist/admin/chunks/id-UqUPykHZ.js +63 -0
package/dist/admin/chunks/id-UqUPykHZ.js.map +1 -0
package/dist/admin/chunks/index-B-Z_z_qb.mjs +213 -0
package/dist/admin/chunks/index-B-Z_z_qb.mjs.map +1 -0
package/dist/admin/chunks/index-B2MJiSOD.mjs +279 -0
package/dist/admin/chunks/index-B2MJiSOD.mjs.map +1 -0
package/dist/admin/chunks/index-BPiDUOGt.js +471 -0
package/dist/admin/chunks/index-BPiDUOGt.js.map +1 -0
package/dist/admin/chunks/index-BtYUb_br.js +741 -0
package/dist/admin/chunks/index-BtYUb_br.js.map +1 -0
package/dist/admin/chunks/index-COXjHxFm.mjs +718 -0
package/dist/admin/chunks/index-COXjHxFm.mjs.map +1 -0
package/dist/admin/chunks/index-CkYplz_3.js +301 -0
package/dist/admin/chunks/index-CkYplz_3.js.map +1 -0
package/dist/admin/chunks/index-Cu2GvTiT.mjs +1516 -0
package/dist/admin/chunks/index-Cu2GvTiT.mjs.map +1 -0
package/dist/admin/chunks/index-D01zzG9y.js +1537 -0
package/dist/admin/chunks/index-D01zzG9y.js.map +1 -0
package/dist/admin/chunks/index-DAclA-0k.js +217 -0
package/dist/admin/chunks/index-DAclA-0k.js.map +1 -0
package/dist/admin/chunks/index-DVNIct2-.mjs +448 -0
package/dist/admin/chunks/index-DVNIct2-.mjs.map +1 -0
package/dist/admin/chunks/it-B2H2foTf.mjs +61 -0
package/dist/admin/chunks/it-B2H2foTf.mjs.map +1 -0
package/dist/admin/chunks/it-D5VuyoLU.js +63 -0
package/dist/admin/chunks/it-D5VuyoLU.js.map +1 -0
package/dist/admin/chunks/ja-C0z9d7L9.mjs +47 -0
package/dist/admin/chunks/ja-C0z9d7L9.mjs.map +1 -0
package/dist/admin/chunks/ja-MpqVsCgs.js +49 -0
package/dist/admin/chunks/ja-MpqVsCgs.js.map +1 -0
package/dist/admin/chunks/ko-Bm-grPSc.js +87 -0
package/dist/admin/chunks/ko-Bm-grPSc.js.map +1 -0
package/dist/admin/chunks/ko-CzUgzpeS.mjs +85 -0
package/dist/admin/chunks/ko-CzUgzpeS.mjs.map +1 -0
package/dist/admin/chunks/ms-CCacxjim.mjs +48 -0
package/dist/admin/chunks/ms-CCacxjim.mjs.map +1 -0
package/dist/admin/chunks/ms-D7eyBD5H.js +50 -0
package/dist/admin/chunks/ms-D7eyBD5H.js.map +1 -0
package/dist/admin/chunks/nl-BIOwAQtI.js +49 -0
package/dist/admin/chunks/nl-BIOwAQtI.js.map +1 -0
package/dist/admin/chunks/nl-DDC3nZW-.mjs +47 -0
package/dist/admin/chunks/nl-DDC3nZW-.mjs.map +1 -0
package/dist/admin/chunks/pl-D5BeNrg_.js +87 -0
package/dist/admin/chunks/pl-D5BeNrg_.js.map +1 -0
package/dist/admin/chunks/pl-XkS463rN.mjs +85 -0
package/dist/admin/chunks/pl-XkS463rN.mjs.map +1 -0
package/dist/admin/chunks/pt-BR-8cC7z8Km.mjs +43 -0
package/dist/admin/chunks/pt-BR-8cC7z8Km.mjs.map +1 -0
package/dist/admin/chunks/pt-BR-DxPBzQGx.js +45 -0
package/dist/admin/chunks/pt-BR-DxPBzQGx.js.map +1 -0
package/dist/admin/chunks/pt-DQpEvio8.mjs +47 -0
package/dist/admin/chunks/pt-DQpEvio8.mjs.map +1 -0
package/dist/admin/chunks/pt-kkCwzNvH.js +49 -0
package/dist/admin/chunks/pt-kkCwzNvH.js.map +1 -0
package/dist/admin/chunks/ru-BQ0gHmp3.js +87 -0
package/dist/admin/chunks/ru-BQ0gHmp3.js.map +1 -0
package/dist/admin/chunks/ru-nzL_7Mhg.mjs +85 -0
package/dist/admin/chunks/ru-nzL_7Mhg.mjs.map +1 -0
package/dist/admin/chunks/sk-Ddxc_tZA.mjs +49 -0
package/dist/admin/chunks/sk-Ddxc_tZA.mjs.map +1 -0
package/dist/admin/chunks/sk-nVwAPdYC.js +51 -0
package/dist/admin/chunks/sk-nVwAPdYC.js.map +1 -0
package/dist/admin/chunks/sv-BDfk2A-F.js +87 -0
package/dist/admin/chunks/sv-BDfk2A-F.js.map +1 -0
package/dist/admin/chunks/sv-By3RYpMG.mjs +85 -0
package/dist/admin/chunks/sv-By3RYpMG.mjs.map +1 -0
package/dist/admin/chunks/th-BtTtpHe2.js +61 -0
package/dist/admin/chunks/th-BtTtpHe2.js.map +1 -0
package/dist/admin/chunks/th-COl50vqb.mjs +59 -0
package/dist/admin/chunks/th-COl50vqb.mjs.map +1 -0
package/dist/admin/chunks/tr-80SJU6jg.mjs +84 -0
package/dist/admin/chunks/tr-80SJU6jg.mjs.map +1 -0
package/dist/admin/chunks/tr-Di-Nf7cT.js +86 -0
package/dist/admin/chunks/tr-Di-Nf7cT.js.map +1 -0
package/dist/admin/chunks/uk-CggQOx1l.js +50 -0
package/dist/admin/chunks/uk-CggQOx1l.js.map +1 -0
package/dist/admin/chunks/uk-D8JHuzch.mjs +48 -0
package/dist/admin/chunks/uk-D8JHuzch.mjs.map +1 -0
package/dist/admin/chunks/vi-69AF03Iv.mjs +49 -0
package/dist/admin/chunks/vi-69AF03Iv.mjs.map +1 -0
package/dist/admin/chunks/vi-D9cCsHsU.js +51 -0
package/dist/admin/chunks/vi-D9cCsHsU.js.map +1 -0
package/dist/admin/chunks/zh-BzSkqxo-.mjs +85 -0
package/dist/admin/chunks/zh-BzSkqxo-.mjs.map +1 -0
package/dist/admin/chunks/zh-BzWgJEzz.js +87 -0
package/dist/admin/chunks/zh-BzWgJEzz.js.map +1 -0
package/dist/admin/chunks/zh-Hans-CKqQbpsM.js +87 -0
package/dist/admin/chunks/zh-Hans-CKqQbpsM.js.map +1 -0
package/dist/admin/chunks/zh-Hans-DmDcSsp7.mjs +85 -0
package/dist/admin/chunks/zh-Hans-DmDcSsp7.mjs.map +1 -0
package/dist/admin/index.js +6 -3
package/dist/admin/index.js.map +1 -1
package/dist/admin/index.mjs +1 -5
package/dist/admin/index.mjs.map +1 -1
package/dist/server/index.js +4766 -0
package/dist/server/index.js.map +1 -0
package/dist/server/index.mjs +4764 -0
package/dist/server/index.mjs.map +1 -0
package/package.json +31 -32
package/rollup.config.mjs +52 -0
package/server/bootstrap/index.js +18 -51
package/server/content-types/user/index.js +0 -1
package/server/controllers/auth.js +41 -60
package/server/controllers/content-manager-user.js +28 -30
package/server/controllers/role.js +17 -4
package/server/controllers/user.js +8 -9
package/server/controllers/validation/auth.js +104 -25
package/server/graphql/types/index.js +1 -0
package/server/graphql/types/me.js +1 -0
package/server/graphql/types/user-input.js +20 -0
package/server/middlewares/rateLimit.js +1 -1
package/server/register.js +2 -2
package/server/services/jwt.js +3 -3
package/server/services/permission.js +3 -7
package/server/services/providers-registry.js +468 -279
package/server/services/providers.js +10 -5
package/server/services/role.js +15 -13
package/server/services/user.js +56 -19
package/server/services/users-permissions.js +15 -13
package/server/utils/index.d.ts +2 -1
package/server/utils/sanitize/sanitizers.js +7 -3
package/server/utils/sanitize/visitors/remove-user-relation-from-role-entities.js +2 -2
package/admin/src/pages/Roles/pages/ListPage/utils/api.js +0 -30
package/dist/_chunks/ar-MvD8Ghac.mjs +0 -44
package/dist/_chunks/ar-MvD8Ghac.mjs.map +0 -1
package/dist/_chunks/ar-t5qTFaAD.js +0 -44
package/dist/_chunks/ar-t5qTFaAD.js.map +0 -1
package/dist/_chunks/cs-BMuXwxA1.mjs +0 -50
package/dist/_chunks/cs-BMuXwxA1.mjs.map +0 -1
package/dist/_chunks/cs-I8N4u-Sd.js +0 -50
package/dist/_chunks/cs-I8N4u-Sd.js.map +0 -1
package/dist/_chunks/de-YTjtq89K.js +0 -62
package/dist/_chunks/de-YTjtq89K.js.map +0 -1
package/dist/_chunks/de-zs2qqc0W.mjs +0 -62
package/dist/_chunks/de-zs2qqc0W.mjs.map +0 -1
package/dist/_chunks/dk-HctVBMsG.mjs +0 -86
package/dist/_chunks/dk-HctVBMsG.mjs.map +0 -1
package/dist/_chunks/dk-TF-dWjzl.js +0 -86
package/dist/_chunks/dk-TF-dWjzl.js.map +0 -1
package/dist/_chunks/en-CE3wEy_c.mjs +0 -86
package/dist/_chunks/en-CE3wEy_c.mjs.map +0 -1
package/dist/_chunks/en-m608rMZx.js +0 -86
package/dist/_chunks/en-m608rMZx.js.map +0 -1
package/dist/_chunks/es-9381tih_.mjs +0 -86
package/dist/_chunks/es-9381tih_.mjs.map +0 -1
package/dist/_chunks/es-XBQsB8_9.js +0 -86
package/dist/_chunks/es-XBQsB8_9.js.map +0 -1
package/dist/_chunks/fr-6cz3U-IF.js +0 -50
package/dist/_chunks/fr-6cz3U-IF.js.map +0 -1
package/dist/_chunks/fr-CMSc77If.mjs +0 -50
package/dist/_chunks/fr-CMSc77If.mjs.map +0 -1
package/dist/_chunks/id-RJ934rq-.js +0 -62
package/dist/_chunks/id-RJ934rq-.js.map +0 -1
package/dist/_chunks/id-SDuyIkZa.mjs +0 -62
package/dist/_chunks/id-SDuyIkZa.mjs.map +0 -1
package/dist/_chunks/index-7cDy9OFu.mjs +0 -301
package/dist/_chunks/index-7cDy9OFu.mjs.map +0 -1
package/dist/_chunks/index-F7bt_caK.mjs +0 -1159
package/dist/_chunks/index-F7bt_caK.mjs.map +0 -1
package/dist/_chunks/index-H1mhyWXP.mjs +0 -385
package/dist/_chunks/index-H1mhyWXP.mjs.map +0 -1
package/dist/_chunks/index-Uclk5uc0.mjs +0 -250
package/dist/_chunks/index-Uclk5uc0.mjs.map +0 -1
package/dist/_chunks/index-cNS7FpQt.js +0 -320
package/dist/_chunks/index-cNS7FpQt.js.map +0 -1
package/dist/_chunks/index-e4dnRonE.js +0 -407
package/dist/_chunks/index-e4dnRonE.js.map +0 -1
package/dist/_chunks/index-oFjO2L1S.mjs +0 -615
package/dist/_chunks/index-oFjO2L1S.mjs.map +0 -1
package/dist/_chunks/index-rU_BkerL.js +0 -1191
package/dist/_chunks/index-rU_BkerL.js.map +0 -1
package/dist/_chunks/index-sm9u2cPw.js +0 -638
package/dist/_chunks/index-sm9u2cPw.js.map +0 -1
package/dist/_chunks/index-vLWD-DRR.js +0 -249
package/dist/_chunks/index-vLWD-DRR.js.map +0 -1
package/dist/_chunks/it-YhZOlM2X.js +0 -62
package/dist/_chunks/it-YhZOlM2X.js.map +0 -1
package/dist/_chunks/it-bvH7DgQo.mjs +0 -62
package/dist/_chunks/it-bvH7DgQo.mjs.map +0 -1
package/dist/_chunks/ja-o_-JPvQv.mjs +0 -48
package/dist/_chunks/ja-o_-JPvQv.mjs.map +0 -1
package/dist/_chunks/ja-xssHUXFv.js +0 -48
package/dist/_chunks/ja-xssHUXFv.js.map +0 -1
package/dist/_chunks/ko-C3mHUSJa.js +0 -86
package/dist/_chunks/ko-C3mHUSJa.js.map +0 -1
package/dist/_chunks/ko-XJbPSez_.mjs +0 -86
package/dist/_chunks/ko-XJbPSez_.mjs.map +0 -1
package/dist/_chunks/ms-II5Ea73J.mjs +0 -49
package/dist/_chunks/ms-II5Ea73J.mjs.map +0 -1
package/dist/_chunks/ms-d0hfg65Z.js +0 -49
package/dist/_chunks/ms-d0hfg65Z.js.map +0 -1
package/dist/_chunks/nl-TA7TfK_5.js +0 -48
package/dist/_chunks/nl-TA7TfK_5.js.map +0 -1
package/dist/_chunks/nl-vEy6TN0K.mjs +0 -48
package/dist/_chunks/nl-vEy6TN0K.mjs.map +0 -1
package/dist/_chunks/pl-0pUL9hdA.js +0 -86
package/dist/_chunks/pl-0pUL9hdA.js.map +0 -1
package/dist/_chunks/pl-2VowaFGt.mjs +0 -86
package/dist/_chunks/pl-2VowaFGt.mjs.map +0 -1
package/dist/_chunks/pt-BR-WNOhafR4.js +0 -44
package/dist/_chunks/pt-BR-WNOhafR4.js.map +0 -1
package/dist/_chunks/pt-BR-sS1Xp3Jt.mjs +0 -44
package/dist/_chunks/pt-BR-sS1Xp3Jt.mjs.map +0 -1
package/dist/_chunks/pt-Rf9W51IO.mjs +0 -48
package/dist/_chunks/pt-Rf9W51IO.mjs.map +0 -1
package/dist/_chunks/pt-guNR9Gax.js +0 -48
package/dist/_chunks/pt-guNR9Gax.js.map +0 -1
package/dist/_chunks/ru-X3BMXDds.js +0 -86
package/dist/_chunks/ru-X3BMXDds.js.map +0 -1
package/dist/_chunks/ru-qKHnd5or.mjs +0 -86
package/dist/_chunks/ru-qKHnd5or.mjs.map +0 -1
package/dist/_chunks/sk-NWPw1oTN.js +0 -50
package/dist/_chunks/sk-NWPw1oTN.js.map +0 -1
package/dist/_chunks/sk-_Ryr-eTT.mjs +0 -50
package/dist/_chunks/sk-_Ryr-eTT.mjs.map +0 -1
package/dist/_chunks/sv-76NnbB__.js +0 -86
package/dist/_chunks/sv-76NnbB__.js.map +0 -1
package/dist/_chunks/sv-BqzScFXS.mjs +0 -86
package/dist/_chunks/sv-BqzScFXS.mjs.map +0 -1
package/dist/_chunks/th-WsknMEpq.mjs +0 -60
package/dist/_chunks/th-WsknMEpq.mjs.map +0 -1
package/dist/_chunks/th-cbppX21D.js +0 -60
package/dist/_chunks/th-cbppX21D.js.map +0 -1
package/dist/_chunks/tr-6mm_Fmz7.js +0 -85
package/dist/_chunks/tr-6mm_Fmz7.js.map +0 -1
package/dist/_chunks/tr-_DB1F1GW.mjs +0 -85
package/dist/_chunks/tr-_DB1F1GW.mjs.map +0 -1
package/dist/_chunks/uk-sI2I1ogF.js +0 -49
package/dist/_chunks/uk-sI2I1ogF.js.map +0 -1
package/dist/_chunks/uk-yxMSQAwI.mjs +0 -49
package/dist/_chunks/uk-yxMSQAwI.mjs.map +0 -1
package/dist/_chunks/vi-A3zJxaiI.js +0 -50
package/dist/_chunks/vi-A3zJxaiI.js.map +0 -1
package/dist/_chunks/vi-xY0zCW3d.mjs +0 -50
package/dist/_chunks/vi-xY0zCW3d.mjs.map +0 -1
package/dist/_chunks/zh-72SpmFXa.js +0 -86
package/dist/_chunks/zh-72SpmFXa.js.map +0 -1
package/dist/_chunks/zh-Hans-ArWWtyP4.js +0 -86
package/dist/_chunks/zh-Hans-ArWWtyP4.js.map +0 -1
package/dist/_chunks/zh-Hans-E84cu4kP.mjs +0 -86
package/dist/_chunks/zh-Hans-E84cu4kP.mjs.map +0 -1
package/dist/_chunks/zh-OFeldzbX.mjs +0 -86
package/dist/_chunks/zh-OFeldzbX.mjs.map +0 -1
package/packup.config.ts +0 -22
package/server/bootstrap/grant-config.js +0 -140
package/strapi-server.js +0 -3

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "0.0.0-next.fd9757603c653ca239c45d6e28ab536d2dae0b39",
+  "version": "0.0.0-next.fdac61dd05ca665168f51f655f1d165b55ec4231",
   "description": "Protect your API with a full-authentication process based on JWT",
   "repository": {
     "type": "git",
@@ -27,14 +27,16 @@
       "default": "./dist/admin/index.js"
     },
     "./strapi-server": {
-      "source": "./strapi-server.js",
-      "require": "./strapi-server.js",
-      "default": "./strapi-server.js"
+      "source": "./server/index.js",
+      "import": "./dist/server/index.mjs",
+      "require": "./dist/server/index.js",
+      "default": "./dist/server/index.js"
     },
     "./package.json": "./package.json"
   },
   "scripts": {
-    "build": "pack-up build",
+    "build": "run -T npm-run-all clean build:code",
+    "build:code": "run -T rollup -c",
     "clean": "run -T rimraf dist",
     "lint": "run -T eslint .",
     "test:front": "run -T cross-env IS_EE=true jest --config ./jest.config.front.js",
@@ -43,51 +45,49 @@
     "test:front:watch:ce": "run -T cross-env IS_EE=false jest --config ./jest.config.front.js --watchAll",
     "test:unit": "run -T jest",
     "test:unit:watch": "run -T jest --watch",
-    "watch": "pack-up watch"
+    "watch": "run -T rollup -c -w"
   },
   "dependencies": {
-    "@strapi/design-system": "1.19.0",
-    "@strapi/helper-plugin": "0.0.0-next.fd9757603c653ca239c45d6e28ab536d2dae0b39",
-    "@strapi/icons": "1.19.0",
-    "@strapi/utils": "0.0.0-next.fd9757603c653ca239c45d6e28ab536d2dae0b39",
+    "@strapi/design-system": "2.0.0-rc.16",
+    "@strapi/icons": "2.0.0-rc.16",
+    "@strapi/utils": "0.0.0-next.fdac61dd05ca665168f51f655f1d165b55ec4231",
     "bcryptjs": "2.4.3",
-    "formik": "2.4.0",
-    "grant-koa": "5.4.8",
-    "immer": "9.0.19",
+    "formik": "2.4.5",
+    "grant": "^5.4.8",
+    "immer": "9.0.21",
     "jsonwebtoken": "9.0.0",
     "jwk-to-pem": "2.0.5",
-    "koa": "2.13.4",
-    "koa2-ratelimit": "^1.1.2",
+    "koa": "2.15.2",
+    "koa2-ratelimit": "^1.1.3",
     "lodash": "4.17.21",
     "prop-types": "^15.8.1",
     "purest": "4.0.2",
-    "react-intl": "6.4.1",
+    "react-intl": "6.6.2",
     "react-query": "3.39.3",
-    "react-redux": "8.1.1",
+    "react-redux": "8.1.3",
     "url-join": "4.0.1",
     "yup": "0.32.9"
   },
   "devDependencies": {
-    "@strapi/pack-up": "4.23.0",
-    "@strapi/strapi": "0.0.0-next.fd9757603c653ca239c45d6e28ab536d2dae0b39",
-    "@testing-library/dom": "9.2.0",
-    "@testing-library/react": "14.0.0",
-    "@testing-library/user-event": "14.4.3",
+    "@strapi/strapi": "0.0.0-next.fdac61dd05ca665168f51f655f1d165b55ec4231",
+    "@testing-library/dom": "10.1.0",
+    "@testing-library/react": "15.0.7",
+    "@testing-library/user-event": "14.5.2",
     "msw": "1.3.0",
-    "react": "^18.2.0",
-    "react-dom": "^18.2.0",
-    "react-router-dom": "5.3.4",
-    "styled-components": "5.3.3"
+    "react": "18.3.1",
+    "react-dom": "18.3.1",
+    "react-router-dom": "6.22.3",
+    "styled-components": "6.1.8"
   },
   "peerDependencies": {
-    "@strapi/strapi": "^4.0.0",
+    "@strapi/strapi": "^5.0.0",
     "react": "^17.0.0 || ^18.0.0",
     "react-dom": "^17.0.0 || ^18.0.0",
-    "react-router-dom": "^5.2.0",
-    "styled-components": "^5.2.1"
+    "react-router-dom": "^6.0.0",
+    "styled-components": "^6.0.0"
   },
   "engines": {
-    "node": ">=18.0.0 <=20.x.x",
+    "node": ">=18.0.0 <=22.x.x",
     "npm": ">=6.0.0"
   },
   "strapi": {
@@ -96,6 +96,5 @@
     "description": "Protect your API with a full authentication process based on JWT. This plugin comes also with an ACL strategy that allows you to manage the permissions between the groups of users.",
     "required": true,
     "kind": "plugin"
-  },
-  "gitHead": "fd9757603c653ca239c45d6e28ab536d2dae0b39"
+  }
 }

package/rollup.config.mjs ADDED Viewed

@@ -0,0 +1,52 @@
+import { defineConfig } from 'rollup';
+import path from 'path';
+import { basePlugins } from '../../../rollup.utils.mjs';
+export default defineConfig([
+  {
+    input: path.join(import.meta.dirname, 'admin/src/index.js'),
+    external: (id) => !path.isAbsolute(id) && !id.startsWith('.'),
+    output: [
+      {
+        dir: path.join(import.meta.dirname, 'dist/admin'),
+        entryFileNames: '[name].js',
+        chunkFileNames: 'chunks/[name]-[hash].js',
+        exports: 'auto',
+        format: 'cjs',
+        sourcemap: true,
+      },
+      {
+        dir: path.join(import.meta.dirname, 'dist/admin'),
+        entryFileNames: '[name].mjs',
+        chunkFileNames: 'chunks/[name]-[hash].mjs',
+        exports: 'auto',
+        format: 'esm',
+        sourcemap: true,
+      },
+    ],
+    plugins: [...basePlugins(import.meta.dirname)],
+  },
+  {
+    input: path.join(import.meta.dirname, 'server/index.js'),
+    external: (id) => !path.isAbsolute(id) && !id.startsWith('.'),
+    output: [
+      {
+        dir: path.join(import.meta.dirname, 'dist/server'),
+        entryFileNames: '[name].js',
+        chunkFileNames: 'chunks/[name]-[hash].js',
+        exports: 'auto',
+        format: 'cjs',
+        sourcemap: true,
+      },
+      {
+        dir: path.join(import.meta.dirname, 'dist/server'),
+        entryFileNames: '[name].mjs',
+        chunkFileNames: 'chunks/[name]-[hash].mjs',
+        exports: 'auto',
+        format: 'esm',
+        sourcemap: true,
+      },
+    ],
+    plugins: [...basePlugins(import.meta.dirname)],
+  },
+]);

package/server/bootstrap/index.js CHANGED Viewed

@@ -9,25 +9,26 @@
  */
 const crypto = require('crypto');
 const _ = require('lodash');
-const urljoin = require('url-join');
-const { isArray } = require('lodash/fp');
 const { getService } = require('../utils');
-const getGrantConfig = require('./grant-config');
 const usersPermissionsActions = require('./users-permissions-actions');
-const userSchema = require('../content-types/user');
 const initGrant = async (pluginStore) => {
-  const apiPrefix = strapi.config.get('api.rest.prefix');
-  const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');
+  const allProviders = getService('providers-registry').getAll();
+  const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {
+    const { icon, enabled, grantConfig } = provider;
-  const grantConfig = getGrantConfig(baseURL);
+    acc[name] = {
+      icon,
+      enabled,
+      ...grantConfig,
+    };
+    return acc;
+  }, {});
   const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};
-  // store grant auth config to db
-  // when plugin_users-permissions_grant is not existed in db
-  // or we have added/deleted provider here.
-  if (!prevGrantConfig || !_.isEqual(_.keys(prevGrantConfig), _.keys(grantConfig))) {
+  if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {
     // merge with the previous provider config.
     _.keys(grantConfig).forEach((key) => {
       if (key in prevGrantConfig) {
@@ -99,27 +100,6 @@ const initAdvancedOptions = async (pluginStore) => {
   }
 };
-const userSchemaAdditions = () => {
-  const defaultSchema = Object.keys(userSchema.attributes);
-  const currentSchema = Object.keys(
-    strapi.contentTypes['plugin::users-permissions.user'].attributes
-  );
-  // Some dynamic fields may not have been initialized yet, so we need to ignore them
-  // TODO: we should have a global method for finding these
-  const ignoreDiffs = [
-    'createdBy',
-    'createdAt',
-    'updatedBy',
-    'updatedAt',
-    'publishedAt',
-    'strapi_stage',
-    'strapi_assignee',
-  ];
-  return currentSchema.filter((key) => !(ignoreDiffs.includes(key) || defaultSchema.includes(key)));
-};
 module.exports = async ({ strapi }) => {
   const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
@@ -127,13 +107,13 @@ module.exports = async ({ strapi }) => {
   await initEmails(pluginStore);
   await initAdvancedOptions(pluginStore);
-  await strapi.admin.services.permission.actionProvider.registerMany(
-    usersPermissionsActions.actions
-  );
+  await strapi
+    .service('admin::permission')
+    .actionProvider.registerMany(usersPermissionsActions.actions);
   await getService('users-permissions').initialize();
-  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
+  if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
     if (process.env.NODE_ENV !== 'development') {
       throw new Error(
         `Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
@@ -143,7 +123,7 @@ For security reasons, prefer storing the secret in an environment variable and r
     const jwtSecret = crypto.randomBytes(16).toString('base64');
-    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
+    strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
     if (!process.env.JWT_SECRET) {
       const envPath = process.env.ENV_PATH || '.env';
@@ -153,17 +133,4 @@ For security reasons, prefer storing the secret in an environment variable and r
       );
     }
   }
-  // TODO v5: Remove this block of code and default allowedFields to empty array
-  if (!isArray(strapi.config.get('plugin.users-permissions.register.allowedFields'))) {
-    const modifications = userSchemaAdditions();
-    if (modifications.length > 0) {
-      // if there is a potential vulnerability, show a warning
-      strapi.log.warn(
-        `Users-permissions registration has defaulted to accepting the following additional user fields during registration: ${modifications.join(
-          ','
-        )}`
-      );
-    }
-  }
 };

package/server/content-types/user/index.js CHANGED Viewed

@@ -12,7 +12,6 @@ module.exports = {
     displayName: 'User',
   },
   options: {
-    draftAndPublish: false,
     timestamps: true,
   },
   attributes: {

package/server/controllers/auth.js CHANGED Viewed

@@ -11,9 +11,6 @@ const crypto = require('crypto');
 const _ = require('lodash');
 const { concat, compact, isArray } = require('lodash/fp');
 const utils = require('@strapi/utils');
-const {
-  contentTypes: { getNonWritableAttributes },
-} = require('@strapi/utils');
 const { getService } = require('../utils');
 const {
   validateCallbackBody,
@@ -25,17 +22,16 @@ const {
   validateChangePasswordBody,
 } = require('./validation/auth');
-const { getAbsoluteAdminUrl, getAbsoluteServerUrl, sanitize } = utils;
 const { ApplicationError, ValidationError, ForbiddenError } = utils.errors;
 const sanitizeUser = (user, ctx) => {
   const { auth } = ctx.state;
   const userSchema = strapi.getModel('plugin::users-permissions.user');
-  return sanitize.contentAPI.output(user, userSchema, { auth });
+  return strapi.contentAPI.sanitize.output(user, userSchema, { auth });
 };
-module.exports = {
+module.exports = ({ strapi }) => ({
   async callback(ctx) {
     const provider = ctx.params.provider || 'local';
     const params = ctx.request.body;
@@ -55,7 +51,7 @@ module.exports = {
       const { identifier } = params;
       // Check if the user exists.
-      const user = await strapi.query('plugin::users-permissions.user').findOne({
+      const user = await strapi.db.query('plugin::users-permissions.user').findOne({
         where: {
           provider,
           $or: [{ email: identifier.toLowerCase() }, { username: identifier }],
@@ -118,13 +114,17 @@ module.exports = {
       throw new ApplicationError('You must be authenticated to reset your password');
     }
-    const { currentPassword, password } = await validateChangePasswordBody(ctx.request.body);
+    const validations = strapi.config.get('plugin::users-permissions.validationRules');
-    const user = await strapi.entityService.findOne(
-      'plugin::users-permissions.user',
-      ctx.state.user.id
+    const { currentPassword, password } = await validateChangePasswordBody(
+      ctx.request.body,
+      validations
     );
+    const user = await strapi.db
+      .query('plugin::users-permissions.user')
+      .findOne({ where: { id: ctx.state.user.id } });
     const validPassword = await getService('user').validatePassword(currentPassword, user.password);
     if (!validPassword) {
@@ -144,15 +144,18 @@ module.exports = {
   },
   async resetPassword(ctx) {
+    const validations = strapi.config.get('plugin::users-permissions.validationRules');
     const { password, passwordConfirmation, code } = await validateResetPasswordBody(
-      ctx.request.body
+      ctx.request.body,
+      validations
     );
     if (password !== passwordConfirmation) {
       throw new ValidationError('Passwords do not match');
     }
-    const user = await strapi
+    const user = await strapi.db
       .query('plugin::users-permissions.user')
       .findOne({ where: { resetPasswordToken: code } });
@@ -173,7 +176,7 @@ module.exports = {
   },
   async connect(ctx, next) {
-    const grant = require('grant-koa');
+    const grant = require('grant').koa();
     const providers = await strapi
       .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })
@@ -237,7 +240,7 @@ module.exports = {
     const advancedSettings = await pluginStore.get({ key: 'advanced' });
     // Find the user by email.
-    const user = await strapi
+    const user = await strapi.db
       .query('plugin::users-permissions.user')
       .findOne({ where: { email: email.toLowerCase() } });
@@ -255,8 +258,8 @@ module.exports = {
       resetPasswordSettings.message,
       {
         URL: advancedSettings.email_reset_password,
-        SERVER_URL: getAbsoluteServerUrl(strapi.config),
-        ADMIN_URL: getAbsoluteAdminUrl(strapi.config),
+        SERVER_URL: strapi.config.get('server.absoluteUrl'),
+        ADMIN_URL: strapi.config.get('admin.absoluteUrl'),
         USER: userInfo,
         TOKEN: resetPasswordToken,
       }
@@ -299,55 +302,32 @@ module.exports = {
       throw new ApplicationError('Register action is currently disabled');
     }
-    const { register } = strapi.config.get('plugin.users-permissions');
+    const { register } = strapi.config.get('plugin::users-permissions');
     const alwaysAllowedKeys = ['username', 'password', 'email'];
-    const userModel = strapi.contentTypes['plugin::users-permissions.user'];
-    const { attributes } = userModel;
-    const nonWritable = getNonWritableAttributes(userModel);
+    // Note that we intentionally do not filter allowedFields to allow a project to explicitly accept private or other Strapi field on registration
     const allowedKeys = compact(
-      concat(
-        alwaysAllowedKeys,
-        isArray(register?.allowedFields)
-          ? // Note that we do not filter allowedFields in case a user explicitly chooses to allow a private or otherwise omitted field on registration
-            register.allowedFields // if null or undefined, compact will remove it
-          : // to prevent breaking changes, if allowedFields is not set in config, we only remove private and known dangerous user schema fields
-            // TODO V5: allowedFields defaults to [] when undefined and remove this case
-            Object.keys(attributes).filter(
-              (key) =>
-                !nonWritable.includes(key) &&
-                !attributes[key].private &&
-                ![
-                  // many of these are included in nonWritable, but we'll list them again to be safe and since we're removing this code in v5 anyway
-                  // Strapi user schema fields
-                  'confirmed',
-                  'blocked',
-                  'confirmationToken',
-                  'resetPasswordToken',
-                  'provider',
-                  'id',
-                  'role',
-                  // other Strapi fields that might be added
-                  'createdAt',
-                  'updatedAt',
-                  'createdBy',
-                  'updatedBy',
-                  'publishedAt', // d&p
-                  'strapi_reviewWorkflows_stage', // review workflows
-                ].includes(key)
-            )
-      )
+      concat(alwaysAllowedKeys, isArray(register?.allowedFields) ? register.allowedFields : [])
     );
+    // Check if there are any keys in requestBody that are not in allowedKeys
+    const invalidKeys = Object.keys(ctx.request.body).filter((key) => !allowedKeys.includes(key));
+    if (invalidKeys.length > 0) {
+      // If there are invalid keys, throw an error
+      throw new ValidationError(`Invalid parameters: ${invalidKeys.join(', ')}`);
+    }
     const params = {
       ..._.pick(ctx.request.body, allowedKeys),
       provider: 'local',
     };
-    await validateRegisterBody(params);
+    const validations = strapi.config.get('plugin::users-permissions.validationRules');
-    const role = await strapi
+    await validateRegisterBody(params, validations);
+    const role = await strapi.db
       .query('plugin::users-permissions.role')
       .findOne({ where: { type: settings.default_role } });
@@ -366,7 +346,7 @@ module.exports = {
       ],
     };
-    const conflictingUserCount = await strapi.query('plugin::users-permissions.user').count({
+    const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({
       where: { ...identifierFilter, provider },
     });
@@ -375,7 +355,7 @@ module.exports = {
     }
     if (settings.unique_email) {
-      const conflictingUserCount = await strapi.query('plugin::users-permissions.user').count({
+      const conflictingUserCount = await strapi.db.query('plugin::users-permissions.user').count({
         where: { ...identifierFilter },
       });
@@ -400,7 +380,8 @@ module.exports = {
       try {
         await getService('user').sendConfirmationEmail(sanitizedUser);
       } catch (err) {
-        throw new ApplicationError(err.message);
+        strapi.log.error(err);
+        throw new ApplicationError('Error sending confirmation email');
       }
       return ctx.send({ user: sanitizedUser });
@@ -445,7 +426,7 @@ module.exports = {
   async sendEmailConfirmation(ctx) {
     const { email } = await validateSendEmailConfirmationBody(ctx.request.body);
-    const user = await strapi.query('plugin::users-permissions.user').findOne({
+    const user = await strapi.db.query('plugin::users-permissions.user').findOne({
       where: { email: email.toLowerCase() },
     });
@@ -468,4 +449,4 @@ module.exports = {
       sent: true,
     });
   },
-};
+});

package/server/controllers/content-manager-user.js CHANGED Viewed

@@ -17,24 +17,25 @@ const ACTIONS = {
 };
 const findEntityAndCheckPermissions = async (ability, action, model, id) => {
-  const entity = await strapi.query(userModel).findOne({
-    where: { id },
+  const doc = await strapi.service('plugin::content-manager.document-manager').findOne(id, model, {
     populate: [`${CREATED_BY_ATTRIBUTE}.roles`],
   });
-  if (_.isNil(entity)) {
+  if (_.isNil(doc)) {
     throw new NotFoundError();
   }
-  const pm = strapi.admin.services.permission.createPermissionsManager({ ability, action, model });
+  const pm = strapi
+    .service('admin::permission')
+    .createPermissionsManager({ ability, action, model });
-  if (pm.ability.cannot(pm.action, pm.toSubject(entity))) {
+  if (pm.ability.cannot(pm.action, pm.toSubject(doc))) {
     throw new ForbiddenError();
   }
-  const entityWithoutCreatorRoles = _.omit(entity, `${CREATED_BY_ATTRIBUTE}.roles`);
+  const docWithoutCreatorRoles = _.omit(doc, `${CREATED_BY_ATTRIBUTE}.roles`);
-  return { pm, entity: entityWithoutCreatorRoles };
+  return { pm, doc: docWithoutCreatorRoles };
 };
 module.exports = {
@@ -48,7 +49,7 @@ module.exports = {
     const { email, username } = body;
-    const pm = strapi.admin.services.permission.createPermissionsManager({
+    const pm = strapi.service('admin::permission').createPermissionsManager({
       ability: userAbility,
       action: ACTIONS.create,
       model: userModel,
@@ -66,7 +67,7 @@ module.exports = {
     await validateCreateUserBody(ctx.request.body);
-    const userWithSameUsername = await strapi
+    const userWithSameUsername = await strapi.db
       .query('plugin::users-permissions.user')
       .findOne({ where: { username } });
@@ -75,7 +76,7 @@ module.exports = {
     }
     if (advanced.unique_email) {
-      const userWithSameEmail = await strapi
+      const userWithSameEmail = await strapi.db
         .query('plugin::users-permissions.user')
         .findOne({ where: { email: email.toLowerCase() } });
@@ -93,18 +94,11 @@ module.exports = {
     user.email = _.toLower(user.email);
-    if (!user.role) {
-      const defaultRole = await strapi
-        .query('plugin::users-permissions.role')
-        .findOne({ where: { type: advanced.default_role } });
-      user.role = defaultRole.id;
-    }
     try {
       const data = await strapi
-        .service('plugin::content-manager.entity-manager')
-        .create(user, userModel);
+        .service('plugin::content-manager.document-manager')
+        .create(userModel, { data: user });
       const sanitizedData = await pm.sanitizeOutput(data, { action: ACTIONS.read });
       ctx.created(sanitizedData);
@@ -118,7 +112,7 @@ module.exports = {
    */
   async update(ctx) {
-    const { id } = ctx.params;
+    const { id: documentId } = ctx.params;
     const { body } = ctx.request;
     const { user: admin, userAbility } = ctx.state;
@@ -128,13 +122,14 @@ module.exports = {
     const { email, username, password } = body;
-    const { pm, entity } = await findEntityAndCheckPermissions(
+    const { pm, doc } = await findEntityAndCheckPermissions(
       userAbility,
       ACTIONS.edit,
       userModel,
-      id
+      documentId
     );
-    const user = entity;
+    const user = doc;
     await validateUpdateUserBody(ctx.request.body);
@@ -143,23 +138,24 @@ module.exports = {
     }
     if (_.has(body, 'username')) {
-      const userWithSameUsername = await strapi
+      const userWithSameUsername = await strapi.db
         .query('plugin::users-permissions.user')
         .findOne({ where: { username } });
-      if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(id)) {
+      if (userWithSameUsername && _.toString(userWithSameUsername.id) !== _.toString(user.id)) {
         throw new ApplicationError('Username already taken');
       }
     }
     if (_.has(body, 'email') && advancedConfigs.unique_email) {
-      const userWithSameEmail = await strapi
+      const userWithSameEmail = await strapi.db
         .query('plugin::users-permissions.user')
         .findOne({ where: { email: _.toLower(email) } });
-      if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(id)) {
+      if (userWithSameEmail && _.toString(userWithSameEmail.id) !== _.toString(user.id)) {
         throw new ApplicationError('Email already taken');
       }
       body.email = _.toLower(body.email);
     }
@@ -167,8 +163,10 @@ module.exports = {
     const updateData = _.omit({ ...sanitizedData, updatedBy: admin.id }, 'createdBy');
     const data = await strapi
-      .service('plugin::content-manager.entity-manager')
-      .update({ id }, updateData, userModel);
+      .service('plugin::content-manager.document-manager')
+      .update(documentId, userModel, {
+        data: updateData,
+      });
     ctx.body = await pm.sanitizeOutput(data, { action: ACTIONS.read });
   },