@strapi/plugin-users-permissions 4.0.0-next.9 → 4.0.3

package/server/routes/index.js

@@ -1,430 +1,6 @@
 'use strict';
 
-module.exports = [
-  {
-    method: 'GET',
-    path: '/',
-    handler: 'users-permissions.index',
-    config: {
-      policies: [],
-    },
-  },
-  {
-    method: 'GET',
-    path: '/search/:id',
-    handler: 'users-permissions.searchUsers',
-    config: {
-      policies: [],
-      description: 'Search for users',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-        actionType: 'find',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/policies',
-    handler: 'users-permissions.getPolicies',
-    config: {
-      policies: [],
-    },
-  },
-  {
-    method: 'GET',
-    path: '/roles/:id',
-    handler: 'users-permissions.getRole',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.roles.read'] },
-        },
-      ],
-      description: 'Retrieve a role depending on its id',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'Role',
-        actionType: 'findOne',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/roles',
-    handler: 'users-permissions.getRoles',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.roles.read'] },
-        },
-      ],
-      description: 'Retrieve all role documents',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'Role',
-        actionType: 'find',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/routes',
-    handler: 'users-permissions.getRoutes',
-    config: {
-      policies: [],
-    },
-  },
-  {
-    method: 'GET',
-    path: '/email-templates',
-    handler: 'users-permissions.getEmailTemplate',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.email-templates.read'] },
-        },
-      ],
-    },
-  },
-  {
-    method: 'PUT',
-    path: '/email-templates',
-    handler: 'users-permissions.updateEmailTemplate',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.email-templates.update'] },
-        },
-      ],
-    },
-  },
-  {
-    method: 'GET',
-    path: '/advanced',
-    handler: 'users-permissions.getAdvancedSettings',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.advanced-settings.read'] },
-        },
-      ],
-    },
-  },
-  {
-    method: 'PUT',
-    path: '/advanced',
-    handler: 'users-permissions.updateAdvancedSettings',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.advanced-settings.update'] },
-        },
-      ],
-    },
-  },
-  {
-    method: 'GET',
-    path: '/permissions',
-    handler: 'users-permissions.getPermissions',
-    config: {
-      policies: [],
-    },
-  },
-  {
-    method: 'GET',
-    path: '/providers',
-    handler: 'users-permissions.getProviders',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.providers.read'] },
-        },
-      ],
-    },
-  },
-
-  {
-    method: 'PUT',
-    path: '/providers',
-    handler: 'users-permissions.updateProviders',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.providers.update'] },
-        },
-      ],
-    },
-  },
-  {
-    method: 'POST',
-    path: '/roles',
-    handler: 'users-permissions.createRole',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.roles.create'] },
-        },
-      ],
-      description: 'Create a new role',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'Role',
-        actionType: 'create',
-      },
-    },
-  },
-  {
-    method: 'PUT',
-    path: '/roles/:role',
-    handler: 'users-permissions.updateRole',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.roles.update'] },
-        },
-      ],
-      description: 'Update a role',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'Role',
-        actionType: 'update',
-      },
-    },
-  },
-  {
-    method: 'DELETE',
-    path: '/roles/:role',
-    handler: 'users-permissions.deleteRole',
-    config: {
-      policies: [
-        {
-          name: 'admin::hasPermissions',
-          options: { actions: ['plugin::users-permissions.roles.delete'] },
-        },
-      ],
-      description: 'Delete a role',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'Role',
-        actionType: 'destroy',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/connect/*',
-    handler: 'auth.connect',
-    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
-      prefix: '',
-      description: 'Connect a provider',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-      },
-    },
-  },
-  {
-    method: 'POST',
-    path: '/auth/local',
-    handler: 'auth.callback',
-    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
-      prefix: '',
-      description: 'Login a user using the identifiers email and password',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-      },
-    },
-  },
-  {
-    method: 'POST',
-    path: '/auth/local/register',
-    handler: 'auth.register',
-    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
-      prefix: '',
-      description: 'Register a new user with the default role',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-        actionType: 'create',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/auth/:provider/callback',
-    handler: 'auth.callback',
-    config: {
-      policies: [],
-      prefix: '',
-      description: 'Successfull redirection after approving a provider',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-      },
-    },
-  },
-  {
-    method: 'POST',
-    path: '/auth/forgot-password',
-    handler: 'auth.forgotPassword',
-    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
-      prefix: '',
-      description: 'Send the reset password email link',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-      },
-    },
-  },
-  {
-    method: 'POST',
-    path: '/auth/reset-password',
-    handler: 'auth.resetPassword',
-    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
-      prefix: '',
-      description: 'Reset user password with a code (resetToken)',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/auth/email-confirmation',
-    handler: 'auth.emailConfirmation',
-    config: {
-      policies: [],
-      prefix: '',
-      description: 'Validate a user account',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-      },
-    },
-  },
-  {
-    method: 'POST',
-    path: '/auth/send-email-confirmation',
-    handler: 'auth.sendEmailConfirmation',
-    config: {
-      policies: [],
-      prefix: '',
-      description: 'Send a confirmation email to user',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/users/count',
-    handler: 'user.count',
-    config: {
-      prefix: '',
-      policies: [],
-    },
-  },
-  {
-    method: 'GET',
-    path: '/users',
-    handler: 'user.find',
-    config: {
-      policies: [],
-      prefix: '',
-      description: 'Retrieve all user documents',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-        actionType: 'find',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/users/me',
-    handler: 'user.me',
-    config: {
-      policies: [],
-      prefix: '',
-      description: 'Retrieve the logged in user information',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-        actionType: 'findOne',
-      },
-    },
-  },
-  {
-    method: 'GET',
-    path: '/users/:id',
-    handler: 'user.findOne',
-    config: {
-      policies: [],
-      prefix: '',
-      description: 'Retrieve a single user depending on his id',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-        actionType: 'findOne',
-      },
-    },
-  },
-  {
-    method: 'POST',
-    path: '/users',
-    handler: 'user.create',
-    config: {
-      policies: [],
-      prefix: '',
-    },
-  },
-  {
-    method: 'PUT',
-    path: '/users/:id',
-    handler: 'user.update',
-    config: {
-      policies: [],
-      prefix: '',
-      description: 'Update an existing user',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-        actionType: 'update',
-      },
-    },
-  },
-  {
-    method: 'DELETE',
-    path: '/users/:id',
-    handler: 'user.destroy',
-    config: {
-      policies: [],
-      prefix: '',
-      description: 'Delete an existing user',
-      tag: {
-        plugin: 'users-permissions',
-        name: 'User',
-        actionType: 'destroy',
-      },
-    },
-  },
-];
+module.exports = {
+  admin: require('./admin'),
+  'content-api': require('./content-api'),
+};

package/server/services/index.js

@@ -1,13 +1,15 @@
 'use strict';
 
-const jwtService = require('./jwt');
-const providersService = require('./providers');
-const userService = require('./user');
-const usersPermissionsService = require('./users-permissions');
+const jwt = require('./jwt');
+const providers = require('./providers');
+const user = require('./user');
+const role = require('./role');
+const usersPermissions = require('./users-permissions');
 
 module.exports = {
-  jwt: jwtService,
-  providers: providersService,
-  user: userService,
-  'users-permissions': usersPermissionsService,
+  jwt,
+  providers,
+  role,
+  user,
+  'users-permissions': usersPermissions,
 };

package/server/services/jwt.js

@@ -11,28 +11,20 @@ const jwt = require('jsonwebtoken');
 
 module.exports = ({ strapi }) => ({
   getToken(ctx) {
-    const params = _.assign({}, ctx.request.body, ctx.request.query);
-
-    let token = '';
+    let token;
 
     if (ctx.request && ctx.request.header && ctx.request.header.authorization) {
-      const parts = ctx.request.header.authorization.split(' ');
+      const parts = ctx.request.header.authorization.split(/\s+/);
 
-      if (parts.length === 2) {
-        const scheme = parts[0];
-        const credentials = parts[1];
-        if (/^Bearer$/i.test(scheme)) {
-          token = credentials;
-        }
-      } else {
-        throw new Error(
-          'Invalid authorization header format. Format is Authorization: Bearer [token]'
-        );
+      if (parts[0].toLowerCase() !== 'bearer' || parts.length !== 2) {
+        return null;
       }
-    } else if (params.token) {
-      token = params.token;
+
+      token = parts[1];
+    } else if (ctx.query.access_token) {
+      token = ctx.query.access_token;
     } else {
-      throw new Error('No authorization header was found');
+      return null;
     }
 
     return this.verify(token);

package/server/services/providers.js

@@ -6,15 +6,18 @@
 
 // Public node modules.
 const _ = require('lodash');
-const request = require('request');
+const jwt = require('jsonwebtoken');
+const urlJoin = require('url-join');
 
-// Purest strategies.
-const purest = require('purest')({ request });
-const purestConfig = require('@purest/providers');
 const { getAbsoluteServerUrl } = require('@strapi/utils');
-const jwt = require('jsonwebtoken');
 
 module.exports = ({ strapi }) => {
+  // lazy load heavy dependencies
+  const request = require('request');
+  // Purest strategies.
+  const purest = require('purest')({ request });
+  const purestConfig = require('@purest/providers');
+
   /**
    * Helper to get profiles
    *
@@ -25,13 +28,8 @@ module.exports = ({ strapi }) => {
   const getProfile = async (provider, query, callback) => {
     const access_token = query.access_token || query.code || query.oauth_token;
 
-    const grant = await strapi
-      .store({
-        environment: '',
-        type: 'plugin',
-        name: 'users-permissions',
-        key: 'grant',
-      })
+    const providers = await strapi
+      .store({ type: 'plugin', name: 'users-permissions', key: 'grant' })
       .get();
 
     switch (provider) {
@@ -66,7 +64,7 @@ module.exports = ({ strapi }) => {
               // Combine username and discriminator because discord username is not unique
               var username = `${body.username}#${body.discriminator}`;
               callback(null, {
-                username: username,
+                username,
                 email: body.email,
               });
             }
@@ -203,8 +201,8 @@ module.exports = ({ strapi }) => {
         const twitter = purest({
           provider: 'twitter',
           config: purestConfig,
-          key: grant.twitter.key,
-          secret: grant.twitter.secret,
+          key: providers.twitter.key,
+          secret: providers.twitter.secret,
         });
 
         twitter
@@ -227,8 +225,8 @@ module.exports = ({ strapi }) => {
       case 'instagram': {
         const instagram = purest({
           provider: 'instagram',
-          key: grant.instagram.key,
-          secret: grant.instagram.secret,
+          key: providers.instagram.key,
+          secret: providers.instagram.secret,
           config: purestConfig,
         });
 
@@ -300,7 +298,7 @@ module.exports = ({ strapi }) => {
 
         twitch
           .get('users')
-          .auth(access_token, grant.twitch.key)
+          .auth(access_token, providers.twitch.key)
           .request((err, res, body) => {
             if (err) {
               callback(err);
@@ -405,7 +403,7 @@ module.exports = ({ strapi }) => {
       }
       case 'auth0': {
         const purestAuth0Conf = {};
-        purestAuth0Conf[`https://${grant.auth0.subdomain}.auth0.com`] = {
+        purestAuth0Conf[`https://${providers.auth0.subdomain}.auth0.com`] = {
           __domain: {
             auth: {
               auth: { bearer: '[0]' },
@@ -444,7 +442,7 @@ module.exports = ({ strapi }) => {
         break;
       }
       case 'cas': {
-        const provider_url = 'https://' + _.get(grant['cas'], 'subdomain');
+        const provider_url = 'https://' + _.get(providers.cas, 'subdomain');
         const cas = purest({
           provider: 'cas',
           config: {
@@ -522,23 +520,20 @@ module.exports = ({ strapi }) => {
           return reject([null, err]);
         }
 
+        const email = _.toLower(profile.email);
+
         // We need at least the mail.
-        if (!profile.email) {
+        if (!email) {
           return reject([null, { message: 'Email was not available.' }]);
         }
 
         try {
           const users = await strapi.query('plugin::users-permissions.user').findMany({
-            where: { email: profile.email },
+            where: { email },
           });
 
           const advanced = await strapi
-            .store({
-              environment: '',
-              type: 'plugin',
-              name: 'users-permissions',
-              key: 'advanced',
-            })
+            .store({ type: 'plugin', name: 'users-permissions', key: 'advanced' })
             .get();
 
           const user = _.find(users, { provider });
@@ -572,11 +567,13 @@ module.exports = ({ strapi }) => {
             .findOne({ where: { type: advanced.default_role } });
 
           // Create the new user.
-          const params = _.assign(profile, {
-            provider: provider,
+          const params = {
+            ...profile,
+            email, // overwrite with lowercased email
+            provider,
             role: defaultRole.id,
             confirmed: true,
-          });
+          };
 
           const createdUser = await strapi
             .query('plugin::users-permissions.user')
@@ -590,8 +587,10 @@ module.exports = ({ strapi }) => {
     });
   };
 
-  const buildRedirectUri = (provider = '') =>
-    `${getAbsoluteServerUrl(strapi.config)}/connect/${provider}/callback`;
+  const buildRedirectUri = (provider = '') => {
+    const apiPrefix = strapi.config.get('api.rest.prefix');
+    return urlJoin(getAbsoluteServerUrl(strapi.config), apiPrefix, 'connect', provider, 'callback');
+  };
 
   return {
     connect,