@strapi/plugin-users-permissions 4.12.0 → 4.12.2

package/admin/src/hooks/useForm/index.js

@@ -2,8 +2,6 @@ import { useCallback, useEffect, useReducer, useRef } from 'react';
 
 import { useFetchClient, useNotification, useRBAC } from '@strapi/helper-plugin';
 
-import { getRequestURL } from '../../utils';
-
 import reducer, { initialState } from './reducer';
 
 const useUserForm = (endPoint, permissions) => {
@@ -21,7 +19,7 @@ const useUserForm = (endPoint, permissions) => {
           type: 'GET_DATA',
         });
 
-        const { data } = await get(getRequestURL(endPoint));
+        const { data } = await get(`/users-permissions/${endPoint}`);
 
         dispatch({
           type: 'GET_DATA_SUCCEEDED',

package/admin/src/pages/AdvancedSettings/utils/api.js

@@ -1,10 +1,8 @@
 import { getFetchClient } from '@strapi/helper-plugin';
 
-import { getRequestURL } from '../../../utils';
-
 const fetchData = async () => {
   const { get } = getFetchClient();
-  const { data } = await get(getRequestURL('advanced'));
+  const { data } = await get('/users-permissions/advanced');
 
   return data;
 };
@@ -12,7 +10,7 @@ const fetchData = async () => {
 const putAdvancedSettings = (body) => {
   const { put } = getFetchClient();
 
-  return put(getRequestURL('advanced'), body);
+  return put('/users-permissions/advanced', body);
 };
 
 export { fetchData, putAdvancedSettings };

package/admin/src/pages/EmailTemplates/utils/api.js

@@ -1,10 +1,8 @@
 import { getFetchClient } from '@strapi/helper-plugin';
 
-import { getRequestURL } from '../../../utils';
-
 const fetchData = async () => {
   const { get } = getFetchClient();
-  const { data } = await get(getRequestURL('email-templates'));
+  const { data } = await get('/users-permissions/email-templates');
 
   return data;
 };
@@ -12,7 +10,7 @@ const fetchData = async () => {
 const putEmailTemplate = (body) => {
   const { put } = getFetchClient();
 
-  return put(getRequestURL('email-templates'), body);
+  return put('/users-permissions/email-templates', body);
 };
 
 export { fetchData, putEmailTemplate };

package/admin/src/pages/Providers/utils/api.js

@@ -1,12 +1,10 @@
 import { getFetchClient } from '@strapi/helper-plugin';
 
-import { getRequestURL } from '../../../utils';
-
 // eslint-disable-next-line import/prefer-default-export
 export const fetchData = async (toggleNotification) => {
   try {
     const { get } = getFetchClient();
-    const { data } = await get(getRequestURL('providers'));
+    const { data } = await get('/users-permissions/providers');
 
     return data;
   } catch (err) {
@@ -22,5 +20,5 @@ export const fetchData = async (toggleNotification) => {
 export const putProvider = (body) => {
   const { put } = getFetchClient();
 
-  return put(getRequestURL('providers'), body);
+  return put('/users-permissions/providers', body);
 };

package/admin/src/pages/Roles/ListPage/utils/api.js

@@ -1,11 +1,9 @@
 import { getFetchClient } from '@strapi/helper-plugin';
 
-import { getRequestURL } from '../../../../utils';
-
 export const fetchData = async (toggleNotification, notifyStatus) => {
   try {
     const { get } = getFetchClient();
-    const { data } = await get(getRequestURL('roles'));
+    const { data } = await get('/users-permissions/roles');
     notifyStatus('The roles have loaded successfully');
 
     return data;
@@ -22,7 +20,7 @@ export const fetchData = async (toggleNotification, notifyStatus) => {
 export const deleteData = async (id, toggleNotification) => {
   try {
     const { del } = getFetchClient();
-    await del(`${getRequestURL('roles')}/${id}`);
+    await del(`/users-permissions/roles/${id}`);
   } catch (error) {
     toggleNotification({
       type: 'warning',

package/admin/src/utils/index.js

@@ -1,4 +1,3 @@
 export { default as cleanPermissions } from './cleanPermissions';
 export { default as formatPolicies } from './formatPolicies';
-export { default as getRequestURL } from './getRequestURL';
 export { default as getTrad } from './getTrad';

package/documentation/content-api.yaml

@@ -93,7 +93,7 @@ paths:
         required: true
       responses:
         200:
-          description: Successfull registration
+          description: Successful registration
           content:
             application/json:
               schema:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "4.12.0",
+  "version": "4.12.2",
   "description": "Protect your API with a full-authentication process based on JWT",
   "repository": {
     "type": "git",
@@ -30,16 +30,16 @@
   },
   "dependencies": {
     "@strapi/design-system": "1.8.2",
-    "@strapi/helper-plugin": "4.12.0",
+    "@strapi/helper-plugin": "4.12.2",
     "@strapi/icons": "1.8.2",
-    "@strapi/utils": "4.12.0",
+    "@strapi/utils": "4.12.2",
     "bcryptjs": "2.4.3",
     "formik": "2.4.0",
     "grant-koa": "5.4.8",
     "immer": "9.0.19",
     "jsonwebtoken": "9.0.0",
     "jwk-to-pem": "2.0.5",
-    "koa": "^2.13.4",
+    "koa": "2.13.4",
     "koa2-ratelimit": "^1.1.2",
     "lodash": "4.17.21",
     "prop-types": "^15.8.1",
@@ -48,7 +48,7 @@
     "react-query": "3.39.3",
     "react-redux": "8.1.1",
     "url-join": "4.0.1",
-    "yup": "^0.32.9"
+    "yup": "0.32.9"
   },
   "devDependencies": {
     "@testing-library/dom": "9.2.0",
@@ -67,7 +67,7 @@
     "styled-components": "5.3.3"
   },
   "engines": {
-    "node": ">=14.19.1 <=18.x.x",
+    "node": ">=16.0.0 <=20.x.x",
     "npm": ">=6.0.0"
   },
   "strapi": {
@@ -77,5 +77,5 @@
     "required": true,
     "kind": "plugin"
   },
-  "gitHead": "7f8109a1a736c1d997fbb445469b3b59550c7aeb"
+  "gitHead": "b5a0cb4020ee9b170243e458decd5b1babf474e3"
 }

package/server/middlewares/rateLimit.js

@@ -1,27 +1,47 @@
 'use strict';
 
+const path = require('path');
+const utils = require('@strapi/utils');
+const { isString, has, toLower } = require('lodash/fp');
+
+const { RateLimitError } = utils.errors;
+
 module.exports =
   (config, { strapi }) =>
   async (ctx, next) => {
-    const ratelimit = require('koa2-ratelimit').RateLimit;
-
-    const message = [
-      {
-        messages: [
-          {
-            id: 'Auth.form.error.ratelimit',
-            message: 'Too many attempts, please try again in a minute.',
-          },
-        ],
-      },
-    ];
-
-    return ratelimit.middleware({
-      interval: 1 * 60 * 1000,
-      max: 5,
-      prefixKey: `${ctx.request.path}:${ctx.request.ip}`,
-      message,
-      ...strapi.config.get('plugin.users-permissions.ratelimit'),
-      ...config,
-    })(ctx, next);
+    let rateLimitConfig = strapi.config.get('plugin.users-permissions.ratelimit');
+
+    if (!rateLimitConfig) {
+      rateLimitConfig = {
+        enabled: true,
+      };
+    }
+
+    if (!has('enabled', rateLimitConfig)) {
+      rateLimitConfig.enabled = true;
+    }
+
+    if (rateLimitConfig.enabled === true) {
+      const rateLimit = require('koa2-ratelimit').RateLimit;
+
+      const userIdentifier = toLower(ctx.request.body.email) || 'unknownIdentifier';
+      const requestPath = isString(ctx.request.path)
+        ? toLower(path.normalize(ctx.request.path))
+        : 'invalidPath';
+
+      const loadConfig = {
+        interval: { min: 5 },
+        max: 5,
+        prefixKey: `${userIdentifier}:${requestPath}:${ctx.request.ip}`,
+        handler() {
+          throw new RateLimitError();
+        },
+        ...rateLimitConfig,
+        ...config,
+      };
+
+      return rateLimit.middleware(loadConfig)(ctx, next);
+    }
+
+    return next();
   };

package/admin/src/utils/getRequestURL.js

@@ -1,5 +0,0 @@
-import pluginId from '../pluginId';
-
-const getRequestURL = (endPoint) => `/${pluginId}/${endPoint}`;
-
-export default getRequestURL;