@strapi/plugin-users-permissions 4.2.0-alpha.O → 4.2.0-beta.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/admin/src/components/FormModal/index.js +1 -1
- package/admin/src/index.js +1 -1
- package/admin/src/pages/AdvancedSettings/index.js +2 -2
- package/admin/src/pages/EmailTemplates/components/EmailTable.js +2 -2
- package/admin/src/pages/Providers/index.js +4 -4
- package/admin/src/pages/Roles/CreatePage/index.js +3 -3
- package/admin/src/pages/Roles/EditPage/index.js +4 -4
- package/admin/src/pages/Roles/ListPage/components/TableBody.js +2 -3
- package/admin/src/pages/Roles/ListPage/index.js +6 -6
- package/admin/src/translations/ar.json +0 -1
- package/admin/src/translations/cs.json +0 -1
- package/admin/src/translations/de.json +0 -2
- package/admin/src/translations/dk.json +0 -11
- package/admin/src/translations/en.json +0 -11
- package/admin/src/translations/es.json +0 -11
- package/admin/src/translations/fr.json +0 -1
- package/admin/src/translations/id.json +0 -2
- package/admin/src/translations/it.json +0 -2
- package/admin/src/translations/ja.json +0 -1
- package/admin/src/translations/ko.json +0 -11
- package/admin/src/translations/ms.json +0 -1
- package/admin/src/translations/nl.json +0 -1
- package/admin/src/translations/pl.json +0 -1
- package/admin/src/translations/pt-BR.json +0 -1
- package/admin/src/translations/pt.json +0 -1
- package/admin/src/translations/ru.json +0 -2
- package/admin/src/translations/sk.json +0 -1
- package/admin/src/translations/sv.json +0 -2
- package/admin/src/translations/th.json +0 -2
- package/admin/src/translations/tr.json +0 -1
- package/admin/src/translations/uk.json +0 -1
- package/admin/src/translations/vi.json +0 -1
- package/admin/src/translations/zh-Hans.json +0 -3
- package/admin/src/translations/zh.json +0 -1
- package/package.json +6 -8
- package/server/bootstrap/index.js +13 -4
- package/server/controllers/auth.js +22 -17
- package/server/controllers/validation/email-template.js +10 -1
- package/server/services/providers-list.js +152 -348
- package/server/services/providers.js +58 -69
- package/server/services/user.js +3 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@strapi/plugin-users-permissions",
|
|
3
|
-
"version": "4.2.0-
|
|
3
|
+
"version": "4.2.0-beta.2",
|
|
4
4
|
"description": "Protect your API with a full-authentication process based on JWT",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -27,15 +27,14 @@
|
|
|
27
27
|
"test:front:watch:ce": "cross-env IS_EE=false jest --config ./jest.config.front.js --watchAll"
|
|
28
28
|
},
|
|
29
29
|
"dependencies": {
|
|
30
|
-
"@
|
|
31
|
-
"@strapi/
|
|
32
|
-
"@strapi/utils": "4.2.0-alpha.O",
|
|
30
|
+
"@strapi/helper-plugin": "4.2.0-beta.2",
|
|
31
|
+
"@strapi/utils": "4.2.0-beta.2",
|
|
33
32
|
"bcryptjs": "2.4.3",
|
|
34
33
|
"grant-koa": "5.4.8",
|
|
35
34
|
"jsonwebtoken": "^8.1.0",
|
|
36
35
|
"koa2-ratelimit": "^0.9.0",
|
|
37
36
|
"lodash": "4.17.21",
|
|
38
|
-
"purest": "
|
|
37
|
+
"purest": "4.0.2",
|
|
39
38
|
"react": "^17.0.2",
|
|
40
39
|
"react-dom": "^17.0.2",
|
|
41
40
|
"react-intl": "5.20.2",
|
|
@@ -44,8 +43,7 @@
|
|
|
44
43
|
"react-router-dom": "5.2.0",
|
|
45
44
|
"redux-saga": "^0.16.0",
|
|
46
45
|
"request": "^2.83.0",
|
|
47
|
-
"url-join": "4.0.1"
|
|
48
|
-
"uuid": "^3.1.0"
|
|
46
|
+
"url-join": "4.0.1"
|
|
49
47
|
},
|
|
50
48
|
"devDependencies": {
|
|
51
49
|
"koa": "^2.13.1"
|
|
@@ -61,5 +59,5 @@
|
|
|
61
59
|
"required": true,
|
|
62
60
|
"kind": "plugin"
|
|
63
61
|
},
|
|
64
|
-
"gitHead": "
|
|
62
|
+
"gitHead": "bff73257e7695d6f361c91dda8cc810a2bb70b6e"
|
|
65
63
|
}
|
|
@@ -7,9 +7,9 @@
|
|
|
7
7
|
* This gives you an opportunity to set up your data model,
|
|
8
8
|
* run jobs, or perform some special logic.
|
|
9
9
|
*/
|
|
10
|
+
const crypto = require('crypto');
|
|
10
11
|
const _ = require('lodash');
|
|
11
12
|
const urljoin = require('url-join');
|
|
12
|
-
const uuid = require('uuid/v4');
|
|
13
13
|
const { getService } = require('../utils');
|
|
14
14
|
const getGrantConfig = require('./grant-config');
|
|
15
15
|
|
|
@@ -29,13 +29,22 @@ module.exports = async ({ strapi }) => {
|
|
|
29
29
|
await getService('users-permissions').initialize();
|
|
30
30
|
|
|
31
31
|
if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
|
|
32
|
-
|
|
32
|
+
if (process.env.NODE_ENV !== 'development') {
|
|
33
|
+
throw new Error(
|
|
34
|
+
`Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
|
|
35
|
+
For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
|
|
36
|
+
);
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
const jwtSecret = crypto.randomBytes(16).toString('base64');
|
|
40
|
+
|
|
33
41
|
strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
|
|
34
42
|
|
|
35
43
|
if (!process.env.JWT_SECRET) {
|
|
36
|
-
|
|
44
|
+
const envPath = process.env.ENV_PATH || '.env';
|
|
45
|
+
strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
|
|
37
46
|
strapi.log.info(
|
|
38
|
-
|
|
47
|
+
`The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`
|
|
39
48
|
);
|
|
40
49
|
}
|
|
41
50
|
}
|
|
@@ -17,7 +17,7 @@ const {
|
|
|
17
17
|
validateSendEmailConfirmationBody,
|
|
18
18
|
} = require('./validation/auth');
|
|
19
19
|
|
|
20
|
-
const { sanitize } = utils;
|
|
20
|
+
const { getAbsoluteAdminUrl, getAbsoluteServerUrl, sanitize } = utils;
|
|
21
21
|
const { ApplicationError, ValidationError } = utils.errors;
|
|
22
22
|
|
|
23
23
|
const emailRegExp = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
|
|
@@ -34,7 +34,7 @@ module.exports = {
|
|
|
34
34
|
const provider = ctx.params.provider || 'local';
|
|
35
35
|
const params = ctx.request.body;
|
|
36
36
|
|
|
37
|
-
const store =
|
|
37
|
+
const store = strapi.store({ type: 'plugin', name: 'users-permissions' });
|
|
38
38
|
|
|
39
39
|
if (provider === 'local') {
|
|
40
40
|
if (!_.get(await store.get({ key: 'grant' }), 'email.enabled')) {
|
|
@@ -101,22 +101,15 @@ module.exports = {
|
|
|
101
101
|
}
|
|
102
102
|
|
|
103
103
|
// Connect the user with the third-party provider.
|
|
104
|
-
let user;
|
|
105
|
-
let error;
|
|
106
104
|
try {
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
105
|
+
const user = await getService('providers').connect(provider, ctx.query);
|
|
106
|
+
ctx.send({
|
|
107
|
+
jwt: getService('jwt').issue({ id: user.id }),
|
|
108
|
+
user: await sanitizeUser(user, ctx),
|
|
109
|
+
});
|
|
110
|
+
} catch (error) {
|
|
113
111
|
throw new ApplicationError(error.message);
|
|
114
112
|
}
|
|
115
|
-
|
|
116
|
-
ctx.send({
|
|
117
|
-
jwt: getService('jwt').issue({ id: user.id }),
|
|
118
|
-
user: await sanitizeUser(user, ctx),
|
|
119
|
-
});
|
|
120
113
|
}
|
|
121
114
|
},
|
|
122
115
|
|
|
@@ -137,7 +130,10 @@ module.exports = {
|
|
|
137
130
|
throw new ValidationError('Incorrect code provided');
|
|
138
131
|
}
|
|
139
132
|
|
|
140
|
-
await getService('user').edit(user.id, {
|
|
133
|
+
await getService('user').edit(user.id, {
|
|
134
|
+
resetPasswordToken: null,
|
|
135
|
+
password: params.password,
|
|
136
|
+
});
|
|
141
137
|
// Update the user.
|
|
142
138
|
ctx.send({
|
|
143
139
|
jwt: getService('jwt').issue({ id: user.id }),
|
|
@@ -240,6 +236,8 @@ module.exports = {
|
|
|
240
236
|
|
|
241
237
|
settings.message = await getService('users-permissions').template(settings.message, {
|
|
242
238
|
URL: advanced.email_reset_password,
|
|
239
|
+
SERVER_URL: getAbsoluteServerUrl(strapi.config),
|
|
240
|
+
ADMIN_URL: getAbsoluteAdminUrl(strapi.config),
|
|
243
241
|
USER: userInfo,
|
|
244
242
|
TOKEN: resetPasswordToken,
|
|
245
243
|
});
|
|
@@ -338,7 +336,7 @@ module.exports = {
|
|
|
338
336
|
params.confirmed = true;
|
|
339
337
|
}
|
|
340
338
|
|
|
341
|
-
|
|
339
|
+
const user = await getService('user').add(params);
|
|
342
340
|
|
|
343
341
|
const sanitizedUser = await sanitizeUser(user, ctx);
|
|
344
342
|
|
|
@@ -419,6 +417,13 @@ module.exports = {
|
|
|
419
417
|
where: { email: params.email },
|
|
420
418
|
});
|
|
421
419
|
|
|
420
|
+
if (!user) {
|
|
421
|
+
return ctx.send({
|
|
422
|
+
email: params.email,
|
|
423
|
+
sent: true,
|
|
424
|
+
});
|
|
425
|
+
}
|
|
426
|
+
|
|
422
427
|
if (user.confirmed) {
|
|
423
428
|
throw new ApplicationError('already.confirmed');
|
|
424
429
|
}
|
|
@@ -3,7 +3,16 @@
|
|
|
3
3
|
const _ = require('lodash');
|
|
4
4
|
|
|
5
5
|
const invalidPatternsRegexes = [/<%[^=]([^<>%]*)%>/m, /\${([^{}]*)}/m];
|
|
6
|
-
const authorizedKeys = [
|
|
6
|
+
const authorizedKeys = [
|
|
7
|
+
'URL',
|
|
8
|
+
'ADMIN_URL',
|
|
9
|
+
'SERVER_URL',
|
|
10
|
+
'CODE',
|
|
11
|
+
'USER',
|
|
12
|
+
'USER.email',
|
|
13
|
+
'USER.username',
|
|
14
|
+
'TOKEN',
|
|
15
|
+
];
|
|
7
16
|
|
|
8
17
|
const matchAll = (pattern, src) => {
|
|
9
18
|
const matches = [];
|