@strapi/plugin-users-permissions 4.0.0-next.12 → 4.0.0-next.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +4 -4
- package/server/content-types/user/index.js +1 -1
- package/server/controllers/user/admin.js +10 -16
- package/server/controllers/user/api.js +3 -9
- package/server/register.js +1 -1
- package/server/services/users-permissions.js +10 -4
- package/server/{auth/strategy.js → strategies/users-permissions.js} +2 -2
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@strapi/plugin-users-permissions",
|
|
3
|
-
"version": "4.0.0-next.
|
|
3
|
+
"version": "4.0.0-next.13",
|
|
4
4
|
"description": "Protect your API with a full-authentication process based on JWT",
|
|
5
5
|
"strapi": {
|
|
6
6
|
"displayName": "Roles & Permissions",
|
|
@@ -15,8 +15,8 @@
|
|
|
15
15
|
},
|
|
16
16
|
"dependencies": {
|
|
17
17
|
"@purest/providers": "^1.0.2",
|
|
18
|
-
"@strapi/helper-plugin": "4.0.0-next.
|
|
19
|
-
"@strapi/utils": "4.0.0-next.
|
|
18
|
+
"@strapi/helper-plugin": "4.0.0-next.13",
|
|
19
|
+
"@strapi/utils": "4.0.0-next.13",
|
|
20
20
|
"bcryptjs": "^2.4.3",
|
|
21
21
|
"grant-koa": "5.4.8",
|
|
22
22
|
"jsonwebtoken": "^8.1.0",
|
|
@@ -58,5 +58,5 @@
|
|
|
58
58
|
"npm": ">=6.0.0"
|
|
59
59
|
},
|
|
60
60
|
"license": "SEE LICENSE IN LICENSE",
|
|
61
|
-
"gitHead": "
|
|
61
|
+
"gitHead": "c1369c796034fb1b57471498eb1e0c75ce2d7715"
|
|
62
62
|
}
|
|
@@ -51,10 +51,9 @@ module.exports = {
|
|
|
51
51
|
* @return {Object}
|
|
52
52
|
*/
|
|
53
53
|
async create(ctx) {
|
|
54
|
-
const {
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
} = ctx;
|
|
54
|
+
const { body } = ctx.request;
|
|
55
|
+
const { user: admin, userAbility } = ctx.state;
|
|
56
|
+
|
|
58
57
|
const { email, username, password } = body;
|
|
59
58
|
|
|
60
59
|
const pm = strapi.admin.services.permission.createPermissionsManager({
|
|
@@ -117,7 +116,7 @@ module.exports = {
|
|
|
117
116
|
[UPDATED_BY_ATTRIBUTE]: admin.id,
|
|
118
117
|
};
|
|
119
118
|
|
|
120
|
-
user.email = user.email
|
|
119
|
+
user.email = _.toLower(user.email);
|
|
121
120
|
|
|
122
121
|
if (!user.role) {
|
|
123
122
|
const defaultRole = await strapi
|
|
@@ -141,15 +140,14 @@ module.exports = {
|
|
|
141
140
|
*/
|
|
142
141
|
|
|
143
142
|
async update(ctx) {
|
|
143
|
+
const { id } = ctx.params;
|
|
144
|
+
const { body } = ctx.request;
|
|
145
|
+
const { user: admin, userAbility } = ctx.state;
|
|
146
|
+
|
|
144
147
|
const advancedConfigs = await strapi
|
|
145
148
|
.store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
|
|
146
149
|
.get();
|
|
147
150
|
|
|
148
|
-
const {
|
|
149
|
-
params: { id },
|
|
150
|
-
request: { body },
|
|
151
|
-
state: { userAbility, admin },
|
|
152
|
-
} = ctx;
|
|
153
151
|
const { email, username, password } = body;
|
|
154
152
|
|
|
155
153
|
const { pm, entity: user } = await findEntityAndCheckPermissions(
|
|
@@ -191,7 +189,7 @@ module.exports = {
|
|
|
191
189
|
if (_.has(body, 'email') && advancedConfigs.unique_email) {
|
|
192
190
|
const userWithSameEmail = await strapi
|
|
193
191
|
.query('plugin::users-permissions.user')
|
|
194
|
-
.findOne({ where: { email:
|
|
192
|
+
.findOne({ where: { email: _.toLower(email) } });
|
|
195
193
|
|
|
196
194
|
if (userWithSameEmail && userWithSameEmail.id != id) {
|
|
197
195
|
return ctx.badRequest(
|
|
@@ -203,16 +201,12 @@ module.exports = {
|
|
|
203
201
|
})
|
|
204
202
|
);
|
|
205
203
|
}
|
|
206
|
-
body.email = body.email
|
|
204
|
+
body.email = _.toLower(body.email);
|
|
207
205
|
}
|
|
208
206
|
|
|
209
207
|
const sanitizedData = pm.pickPermittedFieldsOf(body, { subject: pm.toSubject(user) });
|
|
210
208
|
const updateData = _.omit({ ...sanitizedData, updatedBy: admin.id }, 'createdBy');
|
|
211
209
|
|
|
212
|
-
if (_.has(body, 'password') && password === user.password) {
|
|
213
|
-
delete updateData.password;
|
|
214
|
-
}
|
|
215
|
-
|
|
216
210
|
const data = await getService('user').edit({ id }, updateData);
|
|
217
211
|
|
|
218
212
|
ctx.body = pm.sanitize(data, { action: ACTIONS.read });
|
|
@@ -67,7 +67,7 @@ module.exports = {
|
|
|
67
67
|
provider: 'local',
|
|
68
68
|
};
|
|
69
69
|
|
|
70
|
-
user.email = user.email
|
|
70
|
+
user.email = _.toLower(user.email);
|
|
71
71
|
|
|
72
72
|
if (!role) {
|
|
73
73
|
const defaultRole = await strapi
|
|
@@ -85,11 +85,11 @@ module.exports = {
|
|
|
85
85
|
ctx.badRequest(null, formatError(error));
|
|
86
86
|
}
|
|
87
87
|
},
|
|
88
|
+
|
|
88
89
|
/**
|
|
89
90
|
* Update a/an user record.
|
|
90
91
|
* @return {Object}
|
|
91
92
|
*/
|
|
92
|
-
|
|
93
93
|
async update(ctx) {
|
|
94
94
|
const advancedConfigs = await strapi
|
|
95
95
|
.store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
|
|
@@ -98,9 +98,7 @@ module.exports = {
|
|
|
98
98
|
const { id } = ctx.params;
|
|
99
99
|
const { email, username, password } = ctx.request.body;
|
|
100
100
|
|
|
101
|
-
const user = await getService('user').fetch({
|
|
102
|
-
id,
|
|
103
|
-
});
|
|
101
|
+
const user = await getService('user').fetch({ id });
|
|
104
102
|
|
|
105
103
|
if (_.has(ctx.request.body, 'email') && !email) {
|
|
106
104
|
return ctx.badRequest('email.notNull');
|
|
@@ -153,10 +151,6 @@ module.exports = {
|
|
|
153
151
|
...ctx.request.body,
|
|
154
152
|
};
|
|
155
153
|
|
|
156
|
-
if (_.has(ctx.request.body, 'password') && password === user.password) {
|
|
157
|
-
delete updateData.password;
|
|
158
|
-
}
|
|
159
|
-
|
|
160
154
|
const data = await getService('user').edit({ id }, updateData);
|
|
161
155
|
|
|
162
156
|
ctx.send(sanitizeUser(data));
|
package/server/register.js
CHANGED
|
@@ -101,7 +101,10 @@ module.exports = ({ strapi }) => ({
|
|
|
101
101
|
return;
|
|
102
102
|
}
|
|
103
103
|
|
|
104
|
-
routesMap[`api::${apiName}`] = routes
|
|
104
|
+
routesMap[`api::${apiName}`] = routes.map(route => ({
|
|
105
|
+
...route,
|
|
106
|
+
path: `/api${route.path}`,
|
|
107
|
+
}));
|
|
105
108
|
});
|
|
106
109
|
|
|
107
110
|
_.forEach(strapi.plugins, (plugin, pluginName) => {
|
|
@@ -119,7 +122,10 @@ module.exports = ({ strapi }) => ({
|
|
|
119
122
|
return;
|
|
120
123
|
}
|
|
121
124
|
|
|
122
|
-
routesMap[`plugin::${pluginName}`] = routes
|
|
125
|
+
routesMap[`plugin::${pluginName}`] = routes.map(route => ({
|
|
126
|
+
...route,
|
|
127
|
+
path: `/api${route.path}`,
|
|
128
|
+
}));
|
|
123
129
|
});
|
|
124
130
|
|
|
125
131
|
return routesMap;
|
|
@@ -134,7 +140,7 @@ module.exports = ({ strapi }) => ({
|
|
|
134
140
|
const appActions = _.flatMap(strapi.api, (api, apiName) => {
|
|
135
141
|
return _.flatMap(api.controllers, (controller, controllerName) => {
|
|
136
142
|
return _.keys(controller).map(actionName => {
|
|
137
|
-
return `api::${apiName}.${controllerName}.${
|
|
143
|
+
return `api::${apiName}.${controllerName}.${actionName}`;
|
|
138
144
|
});
|
|
139
145
|
});
|
|
140
146
|
});
|
|
@@ -142,7 +148,7 @@ module.exports = ({ strapi }) => ({
|
|
|
142
148
|
const pluginsActions = _.flatMap(strapi.plugins, (plugin, pluginName) => {
|
|
143
149
|
return _.flatMap(plugin.controllers, (controller, controllerName) => {
|
|
144
150
|
return _.keys(controller).map(actionName => {
|
|
145
|
-
return `plugin::${pluginName}.${controllerName}.${
|
|
151
|
+
return `plugin::${pluginName}.${controllerName}.${actionName}`;
|
|
146
152
|
});
|
|
147
153
|
});
|
|
148
154
|
});
|
|
@@ -14,7 +14,7 @@ const authenticate = async ctx => {
|
|
|
14
14
|
const { id } = await getService('jwt').getToken(ctx);
|
|
15
15
|
|
|
16
16
|
if (id === undefined) {
|
|
17
|
-
return {
|
|
17
|
+
return { authenticated: false };
|
|
18
18
|
}
|
|
19
19
|
|
|
20
20
|
// fetch authenticated user
|
|
@@ -41,7 +41,7 @@ const authenticate = async ctx => {
|
|
|
41
41
|
credentials: user,
|
|
42
42
|
};
|
|
43
43
|
} catch (err) {
|
|
44
|
-
return {
|
|
44
|
+
return { authenticated: false };
|
|
45
45
|
}
|
|
46
46
|
}
|
|
47
47
|
|