@strapi/plugin-users-permissions 4.0.2 → 4.0.6

package/admin/src/components/FormModal/Input/index.js

@@ -28,12 +28,12 @@ const Input = ({
 
   const label = formatMessage(
     { id: intlLabel.id, defaultMessage: intlLabel.defaultMessage },
-    { ...intlLabel.values }
+    { provider: providerToEditName, ...intlLabel.values }
   );
   const hint = description
     ? formatMessage(
         { id: description.id, defaultMessage: description.defaultMessage },
-        { ...description.values }
+        { provider: providerToEditName, ...description.values }
       )
     : '';
 

package/admin/src/pages/Providers/utils/forms.js

@@ -23,9 +23,6 @@ const keyLabel = { id: getTrad('PopUpForm.Providers.key.label'), defaultMessage:
 const hintLabel = {
   id: getTrad('PopUpForm.Providers.redirectURL.label'),
   defaultMessage: 'The redirect URL to add in your {provider} application configurations',
-  values: {
-    provider: 'VK',
-  },
 };
 const textPlaceholder = {
   id: getTrad('PopUpForm.Providers.key.placeholder'),

package/admin/src/translations/dk.json

@@ -44,5 +44,51 @@
   "notification.success.submit": "Indstillingerne er blevet opdateret",
   "plugin.description.long": "Beskyt din API med fuld godkendelse med JWT. Dette plugin kommer også med en ACL strategi som tillader dig at håndtere rettigeheder mellem grupper af brugere.",
   "plugin.description.short": "Beskyt din API med fuld godkendelse med JWT",
-  "plugin.name": "Roller & rettigheder"
+  "plugin.name": "Roller & rettigheder",
+  "EditForm.inputToggle.placeholder.email-confirmation-redirection": "f.eks. https://hjemmeside.dk/nulstil-kodeord",
+  "EditForm.inputToggle.placeholder.email-reset-password": "f.eks. https://hjemmeside.dk/nulstil-kodeord",
+  "EditPage.form.roles": "Rolle detaljer",
+  "Email.template.data.loaded": "E-mail skabeloner er hentet",
+  "Email.template.form.edit.label": "Redigér en skabelon",
+  "Email.template.table.action.label": "handling",
+  "Email.template.table.icon.label": "ikon",
+  "Email.template.table.name.label": "navn",
+  "Form.advancedSettings.data.loaded": "Avancerede indstillinger hentet",
+  "Form.save": "Gem",
+  "Form.title.advancedSettings": "Indstillinger",
+  "PopUpForm.Email.options.object.placeholder": "Bekræft venligst din e-mail adresse for %APP_NAME%",
+  "PopUpForm.Providers.redirectURL.front-end.label": "Omstillings URL til din font-end app",
+  "PopUpForm.Providers.redirectURL.label": "Omstillings URL som tilføjes til din {provider} applikation konfigurationer",
+  "PopUpForm.Providers.subdomain.label": "Host URI (Subdomain)",
+  "PopUpForm.Providers.subdomain.placeholder": "mit.subdomain.dk",
+  "Providers.data.loaded": "Providers hentet",
+  "Providers.disabled": "Deaktiveret",
+  "Providers.enabled": "Aktiveret",
+  "Providers.image": "Billede",
+  "Providers.name": "Navn",
+  "Providers.settings": "Indstillinger",
+  "Providers.status": "Status",
+  "Roles.description": "Beskrivelse",
+  "Roles.empty": "Du har endnu ingen roller.",
+  "Roles.empty.search": "Ingen roller matcher søgningen.",
+  "Roles.name": "Navn",
+  "Roles.users": "Brugere",
+  "Settings.roles.deleted": "Rolle slettet",
+  "Settings.roles.edited": "Rolle redigeret",
+  "Settings.section-label": "Brugere & Tilladelser plugin",
+  "components.Input.error.validation.email": "Dette er en ugyldig e.mail",
+  "components.Input.error.validation.json": "Dette stemmer ikke med JSON formatet",
+  "components.Input.error.validation.max": "Værdien er for høj.",
+  "components.Input.error.validation.maxLength": "Værdien er for lang.",
+  "components.Input.error.validation.min": "Værdien er for lav.",
+  "components.Input.error.validation.minLength": "Værdien er for kort.",
+  "components.Input.error.validation.minSupMax": "Kan ikke være overlegen",
+  "components.Input.error.validation.regex": "Værdien stemmer ikke overens med regex.",
+  "components.Input.error.validation.required": "Værdien er påkrævet.",
+  "components.Input.error.validation.unique": "Værdien er allerede brugt.",
+  "page.title": "Indstillinger - Roller",
+  "popUpWarning.button.cancel": "Annuller",
+  "popUpWarning.button.confirm": "Bekræft",
+  "popUpWarning.title": "Bekræft venligst",
+  "popUpWarning.warning.cancel": "Er du sikker på at du vil annullere dine ændringer?"
 }

package/admin/src/translations/es.json

@@ -12,8 +12,19 @@
   "EditForm.inputToggle.label.email-confirmation-redirection": "URL de redirección",
   "EditForm.inputToggle.label.email-reset-password": "Página de reestablecer la contraseña",
   "EditForm.inputToggle.label.sign-up": "Habilitar inscripciones",
+  "EditForm.inputToggle.placeholder.email-confirmation-redirection": "ej: https://tufrontend.com/restablecer-contrasena",
+  "EditForm.inputToggle.placeholder.email-reset-password": "ej: https://tufrontend.com/restablecer-contrasena",
+  "EditPage.form.roles": "Detalles del rol",
+  "Email.template.data.loaded": "Se han cargado las plantillas de correo electrónico",
   "Email.template.email_confirmation": "Confirmación de dirección de correo electrónico",
+  "Email.template.form.edit.label": "Editar una plantilla",
   "Email.template.reset_password": "Restablecer la contraseña",
+  "Email.template.table.action.label": "acción",
+  "Email.template.table.icon.label": "icono",
+  "Email.template.table.name.label": "nombre",
+  "Form.advancedSettings.data.loaded": "Se han cargado los datos de configuración avanzada",
+  "Form.save": "Guardar",
+  "Form.title.advancedSettings": "Ajustes",
   "HeaderNav.link.advancedSettings": "Ajustes avanzados",
   "HeaderNav.link.emailTemplates": "Plantillas de email",
   "HeaderNav.link.providers": "Proveedores",
@@ -42,14 +53,37 @@
   "PopUpForm.Providers.redirectURL.label": "La URL de redireccionamiento para agregar en las configuraciones de su aplicación de {proveedor}",
   "PopUpForm.Providers.secret.label": "Secreto Cliente",
   "PopUpForm.Providers.secret.placeholder": "TEXTO",
-  "PopUpForm.Providers.subdomain.label": "Host URI (Subdomain)",
-  "PopUpForm.Providers.subdomain.placeholder": "my.subdomain.com",
+  "PopUpForm.Providers.subdomain.label": "URI de host (subdominio)",
+  "PopUpForm.Providers.subdomain.placeholder": "mi.subdominio.com",
   "PopUpForm.header.edit.email-templates": "Editar Plantillas de Email",
   "PopUpForm.header.edit.providers": "Editar proveedor",
+  "Providers.data.loaded": "Los proveedores se han cargado",
+  "Providers.disabled": "Deshabilitado",
+  "Providers.enabled": "Habilitado",
+  "Providers.image": "Imagen",
+  "Providers.name": "Nombre",
+  "Providers.settings": "Ajustes",
+  "Providers.status": "Estado",
+  "Roles.description": "Descripción",
+  "Roles.empty": "Aún no tienes ningún rol.",
+  "Roles.empty.search": "Ningún rol coincide con la búsqueda.",
+  "Roles.name": "Nombre",
+  "Roles.users": "Usuarios",
   "Settings.roles.deleted": "Rol eliminado",
   "Settings.roles.edited": "Rol editado",
   "Settings.section-label": "Plugin de Usuarios y Permisos",
+  "components.Input.error.validation.email": "El correo electrónico inválido",
+  "components.Input.error.validation.json": "No coincide con el formato JSON",
+  "components.Input.error.validation.max": "El valor es demasiado alto.",
+  "components.Input.error.validation.maxLength": "El valor es demasiado largo.",
+  "components.Input.error.validation.min": "El valor es demasiado bajo.",
+  "components.Input.error.validation.minLength": "El valor es demasiado corto.",
+  "components.Input.error.validation.minSupMax": "No puede ser superior",
+  "components.Input.error.validation.regex": "El valor no coincide con la expresión regular.",
+  "components.Input.error.validation.required": "Este valor es obligatorio.",
+  "components.Input.error.validation.unique": "Este valor ya se utiliza.",
   "notification.success.submit": "Los ajustes se han actualizado",
+  "page.title": "Configuración - Roles",
   "plugin.description.long": "Proteja su API con un proceso de autenticación completo basado en JWT. Este plugin viene también con una estrategia ACL que le permite administrar los permisos entre los grupos de usuarios.",
   "plugin.description.short": "Proteja su API con un proceso de autenticación completo basado en JWT",
   "plugin.name": "Roles y Permisos",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "4.0.2",
+  "version": "4.0.6",
   "description": "Protect your API with a full-authentication process based on JWT",
   "repository": {
     "type": "git",
@@ -28,8 +28,8 @@
   },
   "dependencies": {
     "@purest/providers": "^1.0.2",
-    "@strapi/helper-plugin": "4.0.2",
-    "@strapi/utils": "4.0.2",
+    "@strapi/helper-plugin": "4.0.6",
+    "@strapi/utils": "4.0.6",
     "bcryptjs": "2.4.3",
     "grant-koa": "5.4.8",
     "jsonwebtoken": "^8.1.0",
@@ -51,7 +51,7 @@
     "koa": "^2.13.1"
   },
   "engines": {
-    "node": ">=12.x.x <=16.x.x",
+    "node": ">=12.22.0 <=16.x.x",
     "npm": ">=6.0.0"
   },
   "strapi": {
@@ -61,5 +61,5 @@
     "required": true,
     "kind": "plugin"
   },
-  "gitHead": "fd656a47698e0a33aae42abd4330410c8cba1d08"
+  "gitHead": "5b48053946aacfb564ff423342fe70d79cd6d66d"
 }

package/server/bootstrap/index.js

@@ -31,7 +31,10 @@ module.exports = async ({ strapi }) => {
     strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
 
     if (!process.env.JWT_SECRET) {
-      strapi.fs.appendFile('.env', `JWT_SECRET=${jwtSecret}\n`);
+      strapi.fs.appendFile(process.env.ENV_PATH || '.env', `JWT_SECRET=${jwtSecret}\n`);
+      strapi.log.info(
+        'The Users & Permissions plugin automatically generated a jwt secret and stored it in your .env file under the name JWT_SECRET.'
+      );
     }
   }
 };

package/server/controllers/auth.js

@@ -188,7 +188,10 @@ module.exports = {
     }
 
     // Ability to pass OAuth callback dynamically
-    grantConfig[provider].callback = _.get(ctx, 'query.callback') || grantConfig[provider].callback;
+    grantConfig[provider].callback =
+      _.get(ctx, 'query.callback') ||
+      _.get(ctx, 'session.grant.dynamic.callback') ||
+      grantConfig[provider].callback;
     grantConfig[provider].redirect_uri = getService('providers').buildRedirectUri(provider);
 
     return grant(grantConfig)(ctx, next);
@@ -386,7 +389,7 @@ module.exports = {
       throw new ValidationError('token.invalid');
     }
 
-    await userService.edit({ id: user.id }, { confirmed: true, confirmationToken: null });
+    await userService.edit(user.id, { confirmed: true, confirmationToken: null });
 
     if (returnUser) {
       ctx.send({

package/server/controllers/user.js

@@ -123,7 +123,7 @@ module.exports = {
       ...ctx.request.body,
     };
 
-    const data = await getService('user').edit({ id }, updateData);
+    const data = await getService('user').edit(user.id, updateData);
     const sanitizedData = await sanitizeOutput(data, ctx);
 
     ctx.send(sanitizedData);

package/server/services/jwt.js

@@ -21,8 +21,6 @@ module.exports = ({ strapi }) => ({
       }
 
       token = parts[1];
-    } else if (ctx.query.access_token) {
-      token = ctx.query.access_token;
     } else {
       return null;
     }

package/server/services/user.js

@@ -8,6 +8,7 @@
 
 const crypto = require('crypto');
 const bcrypt = require('bcryptjs');
+const urlJoin = require('url-join');
 
 const { getAbsoluteServerUrl, sanitize } = require('@strapi/utils');
 const { getService } = require('../utils');
@@ -45,16 +46,19 @@ module.exports = ({ strapi }) => ({
 
   /**
    * Promise to edit a/an user.
+   * @param {string} userId
+   * @param {object} params
    * @return {Promise}
    */
-  async edit(params, values) {
-    if (values.password) {
-      values.password = await getService('user').hashPassword(values);
+  async edit(userId, params = {}) {
+    if (params.password) {
+      params.password = await getService('user').hashPassword(params);
     }
 
-    return strapi
-      .query('plugin::users-permissions.user')
-      .update({ where: params, data: values, populate: ['role'] });
+    return strapi.entityService.update('plugin::users-permissions.user', userId, {
+      data: params,
+      populate: ['role'],
+    });
   },
 
   /**
@@ -132,10 +136,11 @@ module.exports = ({ strapi }) => ({
 
     const confirmationToken = crypto.randomBytes(20).toString('hex');
 
-    await this.edit({ id: user.id }, { confirmationToken });
+    await this.edit(user.id, { confirmationToken });
 
+    const apiPrefix = strapi.config.get('api.rest.prefix');
     settings.message = await userPermissionService.template(settings.message, {
-      URL: `${getAbsoluteServerUrl(strapi.config)}/auth/email-confirmation`,
+      URL: urlJoin(getAbsoluteServerUrl(strapi.config), apiPrefix, '/auth/email-confirmation'),
       USER: sanitizedUserInfo,
       CODE: confirmationToken,
     });

package/server/services/users-permissions.js

@@ -2,6 +2,7 @@
 
 const _ = require('lodash');
 const { filter, map, pipe, prop } = require('lodash/fp');
+const urlJoin = require('url-join');
 
 const { getService } = require('../utils');
 
@@ -112,9 +113,10 @@ module.exports = ({ strapi }) => ({
         return;
       }
 
+      const apiPrefix = strapi.config.get('api.rest.prefix');
       routesMap[`api::${apiName}`] = routes.map(route => ({
         ...route,
-        path: `/api${route.path}`,
+        path: urlJoin(apiPrefix, route.path),
       }));
     });
 
@@ -133,9 +135,10 @@ module.exports = ({ strapi }) => ({
         return;
       }
 
+      const apiPrefix = strapi.config.get('api.rest.prefix');
       routesMap[`plugin::${pluginName}`] = routes.map(route => ({
         ...route,
-        path: `/api${route.path}`,
+        path: urlJoin(apiPrefix, route.path),
       }));
     });