npm - @strapi/plugin-users-permissions - Versions diffs - 4.3.2 → 4.3.5 - Mend

@strapi/plugin-users-permissions 4.3.2 → 4.3.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

package/admin/src/components/BoundRoute/getMethodColor.js +1 -1
package/admin/src/components/BoundRoute/index.js +1 -1
package/admin/src/components/FormModal/Input/index.js +1 -1
package/admin/src/components/FormModal/index.js +7 -9
package/admin/src/components/Permissions/PermissionRow/CheckboxWrapper.js +3 -3
package/admin/src/components/Permissions/PermissionRow/SubCategory.js +10 -14
package/admin/src/components/Permissions/PermissionRow/index.js +1 -1
package/admin/src/components/Permissions/index.js +2 -2
package/admin/src/components/Permissions/init.js +1 -1
package/admin/src/components/Permissions/reducer.js +1 -1
package/admin/src/components/Policies/index.js +1 -1
package/admin/src/components/UsersPermissions/index.js +5 -5
package/admin/src/components/UsersPermissions/reducer.js +1 -1
package/admin/src/hooks/useFetchRole/index.js +3 -3
package/admin/src/hooks/useFetchRole/reducer.js +1 -1
package/admin/src/hooks/useForm/index.js +1 -1
package/admin/src/hooks/useForm/reducer.js +1 -1
package/admin/src/hooks/usePlugins/index.js +1 -1
package/admin/src/hooks/usePlugins/reducer.js +1 -1
package/admin/src/hooks/useRolesList/reducer.js +1 -1
package/admin/src/index.js +5 -5
package/admin/src/pages/AdvancedSettings/index.js +11 -10
package/admin/src/pages/AdvancedSettings/utils/api.js +1 -1
package/admin/src/pages/AdvancedSettings/utils/schema.js +2 -4
package/admin/src/pages/EmailTemplates/index.js +8 -8
package/admin/src/pages/EmailTemplates/utils/api.js +1 -1
package/admin/src/pages/EmailTemplates/utils/schema.js +1 -4
package/admin/src/pages/Providers/index.js +22 -22
package/admin/src/pages/Providers/reducer.js +1 -1
package/admin/src/pages/Providers/utils/api.js +2 -2
package/admin/src/pages/Providers/utils/createProvidersArray.js +1 -1
package/admin/src/pages/Roles/CreatePage/index.js +1 -1
package/admin/src/pages/Roles/EditPage/index.js +1 -1
package/admin/src/pages/Roles/ListPage/components/TableBody.js +5 -4
package/admin/src/pages/Roles/ListPage/index.js +2 -2
package/admin/src/utils/axiosInstance.js +4 -4
package/admin/src/utils/cleanPermissions.js +1 -1
package/admin/src/utils/formatPolicies.js +1 -1
package/admin/src/utils/getRequestURL.js +1 -1
package/admin/src/utils/getTrad.js +1 -1
package/documentation/content-api.yaml +36 -1
package/jest.config.front.js +1 -1
package/package.json +12 -7
package/server/bootstrap/grant-config.js +1 -1
package/server/bootstrap/index.js +39 -39
package/server/controllers/auth.js +33 -5
package/server/controllers/content-manager-user.js +4 -12
package/server/controllers/settings.js +1 -1
package/server/controllers/user.js +2 -2
package/server/controllers/validation/auth.js +15 -12
package/server/controllers/validation/email-template.js +3 -2
package/server/controllers/validation/user.js +4 -16
package/server/graphql/mutations/auth/change-password.js +38 -0
package/server/graphql/mutations/auth/forgot-password.js +1 -4
package/server/graphql/mutations/auth/login.js +1 -4
package/server/graphql/mutations/auth/register.js +1 -4
package/server/graphql/mutations/auth/reset-password.js +1 -4
package/server/graphql/mutations/crud/role/create-role.js +1 -4
package/server/graphql/mutations/crud/role/delete-role.js +1 -4
package/server/graphql/mutations/crud/role/update-role.js +1 -4
package/server/graphql/mutations/crud/user/create-user.js +1 -4
package/server/graphql/mutations/crud/user/delete-user.js +1 -4
package/server/graphql/mutations/crud/user/update-user.js +1 -4
package/server/graphql/mutations/index.js +2 -1
package/server/graphql/resolvers-configs.js +5 -0
package/server/graphql/types/index.js +1 -1
package/server/middlewares/rateLimit.js +22 -25
package/server/register.js +2 -4
package/server/routes/content-api/auth.js +9 -0
package/server/services/jwt.js +11 -9
package/server/services/providers-registry.js +33 -42
package/server/services/providers.js +6 -6
package/server/services/role.js +7 -7
package/server/services/user.js +1 -8
package/server/services/users-permissions.js +13 -12
package/server/strategies/users-permissions.js +3 -3
package/server/utils/index.js +1 -1

package/admin/src/pages/Providers/index.js CHANGED Viewed

@@ -53,26 +53,26 @@ export const ProvidersPage = () => {
     allowedActions: { canUpdate },
   } = useRBAC(updatePermissions);
-  const { isLoading: isLoadingForData, data: modifiedData, isFetching } = useQuery(
-    'get-providers',
-    () => fetchData(toggleNotification),
-    {
-      onSuccess: () => {
-        notifyStatus(
-          formatMessage({
-            id: getTrad('Providers.data.loaded'),
-            defaultMessage: 'Providers have been loaded',
-          })
-        );
-      },
-      initialData: {},
-    }
-  );
+  const {
+    isLoading: isLoadingForData,
+    data: modifiedData,
+    isFetching,
+  } = useQuery('get-providers', () => fetchData(toggleNotification), {
+    onSuccess() {
+      notifyStatus(
+        formatMessage({
+          id: getTrad('Providers.data.loaded'),
+          defaultMessage: 'Providers have been loaded',
+        })
+      );
+    },
+    initialData: {},
+  });
   const isLoading = isLoadingForData || isFetching;
   const submitMutation = useMutation(putProvider, {
-    onSuccess: async () => {
+    async onSuccess() {
       await queryClient.invalidateQueries('get-providers');
       toggleNotification({
         type: 'info',
@@ -84,7 +84,7 @@ export const ProvidersPage = () => {
       handleToggleModal();
       unlockApp();
     },
-    onError: () => {
+    onError() {
       toggleNotification({
         type: 'warning',
         message: { id: 'notification.error' },
@@ -104,7 +104,7 @@ export const ProvidersPage = () => {
       return false;
     }
-    const providerToEdit = providers.find(obj => obj.name === providerToEditName);
+    const providerToEdit = providers.find((obj) => obj.name === providerToEditName);
     return has(providerToEdit, 'subdomain');
   }, [providers, providerToEditName]);
@@ -127,17 +127,17 @@ export const ProvidersPage = () => {
   }, [providerToEditName, isProviderWithSubdomain]);
   const handleToggleModal = () => {
-    setIsOpen(prev => !prev);
+    setIsOpen((prev) => !prev);
   };
-  const handleClickEdit = provider => {
+  const handleClickEdit = (provider) => {
     if (canUpdate) {
       setProviderToEditName(provider.name);
       handleToggleModal();
     }
   };
-  const handleSubmit = async values => {
+  const handleSubmit = async (values) => {
     setIsSubmiting(true);
     lockApp();
@@ -196,7 +196,7 @@ export const ProvidersPage = () => {
                 </Tr>
               </Thead>
               <Tbody>
-                {providers.map(provider => (
+                {providers.map((provider) => (
                   <Tr
                     key={provider.name}
                     {...onRowClick({

package/admin/src/pages/Providers/reducer.js CHANGED Viewed

@@ -10,7 +10,7 @@ const initialState = {
 const reducer = (state, action) =>
   // eslint-disable-next-line consistent-return
-  produce(state, draftState => {
+  produce(state, (draftState) => {
     switch (action.type) {
       case 'GET_DATA': {
         draftState.isLoading = true;

package/admin/src/pages/Providers/utils/api.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import { getRequestURL, axiosInstance } from '../../../utils';
 // eslint-disable-next-line import/prefer-default-export
-export const fetchData = async toggleNotification => {
+export const fetchData = async (toggleNotification) => {
   try {
     const { data } = await axiosInstance.get(getRequestURL('providers'));
@@ -16,6 +16,6 @@ export const fetchData = async toggleNotification => {
   }
 };
-export const putProvider = body => {
+export const putProvider = (body) => {
   return axiosInstance.put(getRequestURL('providers'), body);
 };

package/admin/src/pages/Providers/utils/createProvidersArray.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { sortBy } from 'lodash';
-const createProvidersArray = data => {
+const createProvidersArray = (data) => {
   return sortBy(
     Object.keys(data).reduce((acc, current) => {
       const { icon: iconName, enabled, subdomain } = data[current];

package/admin/src/pages/Roles/CreatePage/index.js CHANGED Viewed

@@ -36,7 +36,7 @@ const EditPage = () => {
   const { trackUsage } = useTracking();
   const permissionsRef = useRef();
-  const handleCreateRoleSubmit = async data => {
+  const handleCreateRoleSubmit = async (data) => {
     // Set loading state
     lockApp();
     setIsSubmitting(true);

package/admin/src/pages/Roles/EditPage/index.js CHANGED Viewed

@@ -40,7 +40,7 @@ const EditPage = () => {
   const { role, onSubmitSucceeded, isLoading: isLoadingRole } = useFetchRole(id);
   const permissionsRef = useRef();
-  const handleEditRoleSubmit = async data => {
+  const handleEditRoleSubmit = async (data) => {
     // Set loading state
     lockApp();
     setIsSubmitting(true);

package/admin/src/pages/Roles/ListPage/components/TableBody.js CHANGED Viewed

@@ -17,20 +17,21 @@ const TableBody = ({ sortedRoles, canDelete, permissions, setRoleToDelete, onDel
   const { push } = useHistory();
   const [showConfirmDelete, setShowConfirmDelete] = onDelete;
-  const checkCanDeleteRole = role => canDelete && !['public', 'authenticated'].includes(role.type);
+  const checkCanDeleteRole = (role) =>
+    canDelete && !['public', 'authenticated'].includes(role.type);
-  const handleClickDelete = id => {
+  const handleClickDelete = (id) => {
     setRoleToDelete(id);
     setShowConfirmDelete(!showConfirmDelete);
   };
-  const handleClickEdit = id => {
+  const handleClickEdit = (id) => {
     push(`/settings/${pluginId}/roles/${id}`);
   };
   return (
     <Tbody>
-      {sortedRoles?.map(role => (
+      {sortedRoles?.map((role) => (
         <Tr key={role.name} {...onRowClick({ fn: () => handleClickEdit(role.id) })}>
           <Td width="20%">
             <Typography>{role.name}</Typography>

package/admin/src/pages/Roles/ListPage/index.js CHANGED Viewed

@@ -97,8 +97,8 @@ const RoleListPage = () => {
     defaultMessage: 'Roles',
   });
-  const deleteMutation = useMutation(id => deleteData(id, toggleNotification), {
-    onSuccess: async () => {
+  const deleteMutation = useMutation((id) => deleteData(id, toggleNotification), {
+    async onSuccess() {
       await queryClient.invalidateQueries('get-roles');
     },
   });

package/admin/src/utils/axiosInstance.js CHANGED Viewed

@@ -6,7 +6,7 @@ const instance = axios.create({
 });
 instance.interceptors.request.use(
-  async config => {
+  async (config) => {
     config.headers = {
       Authorization: `Bearer ${auth.getToken()}`,
       Accept: 'application/json',
@@ -15,14 +15,14 @@ instance.interceptors.request.use(
     return config;
   },
-  error => {
+  (error) => {
     Promise.reject(error);
   }
 );
 instance.interceptors.response.use(
-  response => response,
-  error => {
+  (response) => response,
+  (error) => {
     // whatever you want to do with the error
     if (error.response?.status === 401) {
       auth.clearAppStorage();

package/admin/src/utils/cleanPermissions.js CHANGED Viewed

@@ -1,6 +1,6 @@
 import { isEmpty } from 'lodash';
-const cleanPermissions = permissions =>
+const cleanPermissions = (permissions) =>
   Object.keys(permissions).reduce((acc, current) => {
     const currentPermission = permissions[current].controllers;
     const cleanedControllers = Object.keys(currentPermission).reduce((acc2, curr) => {

package/admin/src/utils/formatPolicies.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const formatPolicies = policies =>
+const formatPolicies = (policies) =>
   policies.reduce((acc, current) => {
     acc.push({ label: current, value: current });

package/admin/src/utils/getRequestURL.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import pluginId from '../pluginId';
-const getRequestURL = endPoint => `/${pluginId}/${endPoint}`;
+const getRequestURL = (endPoint) => `/${pluginId}/${endPoint}`;
 export default getRequestURL;

package/admin/src/utils/getTrad.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import pluginId from '../pluginId';
-const getTrad = id => `${pluginId}.${id}`;
+const getTrad = (id) => `${pluginId}.${id}`;
 export default getTrad;

package/documentation/content-api.yaml CHANGED Viewed

@@ -44,7 +44,7 @@ paths:
                 password:
                   type: string
             example:
-              identier: foobar
+              identifier: foobar
               password: Test1234
         required: true
       responses:
@@ -185,6 +185,41 @@ paths:
               schema:
                 $ref: '#/components/schemas/Error'
+  /auth/change-password:
+    post:
+      tags:
+        - Users-Permissions - Auth
+      summary: Update user's own password
+      requestBody:
+        required: true
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                password:
+                  required: true
+                  type: string
+                currentPassword:
+                  required: true
+                  type: string
+                passwordConfirmation:
+                  required: true
+                  type: string
+      responses:
+        200:
+          description: Returns a jwt token and user info
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Users-Permissions-UserRegistration'
+        default:
+          description: Error
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Error'
   /auth/email-confirmation:
     get:
       tags:

package/jest.config.front.js CHANGED Viewed

@@ -1,7 +1,7 @@
 'use strict';
 const baseConfig = require('../../../jest.base-config.front');
-const pkg = require('./package');
+const pkg = require('./package.json');
 module.exports = {
   ...baseConfig,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "4.3.2",
+  "version": "4.3.5",
   "description": "Protect your API with a full-authentication process based on JWT",
   "repository": {
     "type": "git",
@@ -27,26 +27,31 @@
     "test:front:watch:ce": "cross-env IS_EE=false jest --config ./jest.config.front.js --watchAll"
   },
   "dependencies": {
-    "@strapi/helper-plugin": "4.3.2",
-    "@strapi/utils": "4.3.2",
+    "@strapi/helper-plugin": "4.3.5",
+    "@strapi/utils": "4.3.5",
     "bcryptjs": "2.4.3",
     "grant-koa": "5.4.8",
     "jsonwebtoken": "^8.1.0",
+    "koa": "^2.13.4",
     "koa2-ratelimit": "^1.1.1",
     "lodash": "4.17.21",
     "purest": "4.0.2",
     "react": "^17.0.2",
     "react-dom": "^17.0.2",
-    "react-intl": "5.20.2",
+    "react-intl": "5.25.1",
     "react-redux": "7.2.8",
     "react-router": "^5.2.0",
     "react-router-dom": "5.2.0",
-    "redux-saga": "^0.16.0",
     "request": "^2.83.0",
     "url-join": "4.0.1"
   },
   "devDependencies": {
-    "koa": "^2.13.4"
+    "@testing-library/dom": "8.17.1",
+    "@testing-library/react": "12.1.4",
+    "@testing-library/react-hooks": "8.0.1",
+    "@testing-library/user-event": "14.4.2",
+    "msw": "0.42.3",
+    "react-test-renderer": "^17.0.2"
   },
   "engines": {
     "node": ">=14.19.1 <=16.x.x",
@@ -59,5 +64,5 @@
     "required": true,
     "kind": "plugin"
   },
-  "gitHead": "7039c0d22836c94457130515b3a55eb93d2411f8"
+  "gitHead": "a52b0535513ff35b4ef46c9daf7be48f2ba71737"
 }

package/server/bootstrap/grant-config.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict';
-module.exports = baseURL => ({
+module.exports = (baseURL) => ({
   email: {
     enabled: true,
     icon: 'envelope',

package/server/bootstrap/index.js CHANGED Viewed

@@ -15,42 +15,7 @@ const getGrantConfig = require('./grant-config');
 const usersPermissionsActions = require('./users-permissions-actions');
-module.exports = async ({ strapi }) => {
-  const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
-  await initGrant(pluginStore);
-  await initEmails(pluginStore);
-  await initAdvancedOptions(pluginStore);
-  await strapi.admin.services.permission.actionProvider.registerMany(
-    usersPermissionsActions.actions
-  );
-  await getService('users-permissions').initialize();
-  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
-    if (process.env.NODE_ENV !== 'development') {
-      throw new Error(
-        `Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
-For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
-      );
-    }
-    const jwtSecret = crypto.randomBytes(16).toString('base64');
-    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
-    if (!process.env.JWT_SECRET) {
-      const envPath = process.env.ENV_PATH || '.env';
-      strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
-      strapi.log.info(
-        `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`
-      );
-    }
-  }
-};
-const initGrant = async pluginStore => {
+const initGrant = async (pluginStore) => {
   const apiPrefix = strapi.config.get('api.rest.prefix');
   const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');
@@ -62,7 +27,7 @@ const initGrant = async pluginStore => {
   // or we have added/deleted provider here.
   if (!prevGrantConfig || !_.isEqual(_.keys(prevGrantConfig), _.keys(grantConfig))) {
     // merge with the previous provider config.
-    _.keys(grantConfig).forEach(key => {
+    _.keys(grantConfig).forEach((key) => {
       if (key in prevGrantConfig) {
         grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);
       }
@@ -71,7 +36,7 @@ const initGrant = async pluginStore => {
   }
 };
-const initEmails = async pluginStore => {
+const initEmails = async (pluginStore) => {
   if (!(await pluginStore.get({ key: 'email' }))) {
     const value = {
       reset_password: {
@@ -117,7 +82,7 @@ const initEmails = async pluginStore => {
   }
 };
-const initAdvancedOptions = async pluginStore => {
+const initAdvancedOptions = async (pluginStore) => {
   if (!(await pluginStore.get({ key: 'advanced' }))) {
     const value = {
       unique_email: true,
@@ -131,3 +96,38 @@ const initAdvancedOptions = async pluginStore => {
     await pluginStore.set({ key: 'advanced', value });
   }
 };
+module.exports = async ({ strapi }) => {
+  const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
+  await initGrant(pluginStore);
+  await initEmails(pluginStore);
+  await initAdvancedOptions(pluginStore);
+  await strapi.admin.services.permission.actionProvider.registerMany(
+    usersPermissionsActions.actions
+  );
+  await getService('users-permissions').initialize();
+  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
+    if (process.env.NODE_ENV !== 'development') {
+      throw new Error(
+        `Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
+For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
+      );
+    }
+    const jwtSecret = crypto.randomBytes(16).toString('base64');
+    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
+    if (!process.env.JWT_SECRET) {
+      const envPath = process.env.ENV_PATH || '.env';
+      strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
+      strapi.log.info(
+        `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`
+      );
+    }
+  }
+};

package/server/controllers/auth.js CHANGED Viewed

@@ -18,6 +18,7 @@ const {
   validateForgotPasswordBody,
   validateResetPasswordBody,
   validateEmailConfirmationBody,
+  validateChangePasswordBody,
 } = require('./validation/auth');
 const { getAbsoluteAdminUrl, getAbsoluteServerUrl, sanitize } = utils;
@@ -104,6 +105,36 @@ module.exports = {
     }
   },
+  async changePassword(ctx) {
+    if (!ctx.state.user) {
+      throw new ApplicationError('You must be authenticated to reset your password');
+    }
+    const { currentPassword, password } = await validateChangePasswordBody(ctx.request.body);
+    const user = await strapi.entityService.findOne(
+      'plugin::users-permissions.user',
+      ctx.state.user.id
+    );
+    const validPassword = await getService('user').validatePassword(currentPassword, user.password);
+    if (!validPassword) {
+      throw new ValidationError('The provided current password is invalid');
+    }
+    if (currentPassword === password) {
+      throw new ValidationError('Your new password must be different than your current password');
+    }
+    await getService('user').edit(user.id, { password });
+    ctx.send({
+      jwt: getService('jwt').issue({ id: user.id }),
+      user: await sanitizeUser(user, ctx),
+    });
+  },
   async resetPassword(ctx) {
     const { password, passwordConfirmation, code } = await validateResetPasswordBody(
       ctx.request.body
@@ -228,10 +259,7 @@ module.exports = {
     await getService('user').edit(user.id, { resetPasswordToken });
     // Send an email to the user.
-    await strapi
-      .plugin('email')
-      .service('email')
-      .send(emailToSend);
+    await strapi.plugin('email').service('email').send(emailToSend);
     ctx.send({ ok: true });
   },
@@ -295,7 +323,7 @@ module.exports = {
       }
     }
-    let newUser = {
+    const newUser = {
       ...params,
       role: role.id,
       email: email.toLowerCase(),

package/server/controllers/content-manager-user.js CHANGED Viewed

@@ -2,12 +2,8 @@
 const _ = require('lodash');
 const { contentTypes: contentTypesUtils } = require('@strapi/utils');
-const {
-  ApplicationError,
-  ValidationError,
-  NotFoundError,
-  ForbiddenError,
-} = require('@strapi/utils').errors;
+const { ApplicationError, ValidationError, NotFoundError, ForbiddenError } =
+  require('@strapi/utils').errors;
 const { validateCreateUserBody, validateUpdateUserBody } = require('./validation/user');
 const { UPDATED_BY_ATTRIBUTE, CREATED_BY_ATTRIBUTE } = contentTypesUtils.constants;
@@ -132,17 +128,13 @@ module.exports = {
     const { email, username, password } = body;
-    let pm;
-    let user;
-    const { pm: permissionManager, entity } = await findEntityAndCheckPermissions(
+    const { pm, entity } = await findEntityAndCheckPermissions(
       userAbility,
       ACTIONS.edit,
       userModel,
       id
     );
-    pm = permissionManager;
-    user = entity;
+    const user = entity;
     await validateUpdateUserBody(ctx.request.body);

package/server/controllers/settings.js CHANGED Viewed

@@ -17,7 +17,7 @@ module.exports = {
     const emailTemplates = ctx.request.body['email-templates'];
-    for (let key in emailTemplates) {
+    for (const key of Object.keys(emailTemplates)) {
       const template = emailTemplates[key].options.message;
       if (!isValidEmailTemplate(template)) {

package/server/controllers/user.js CHANGED Viewed

@@ -121,7 +121,7 @@ module.exports = {
       ctx.request.body.email = ctx.request.body.email.toLowerCase();
     }
-    let updateData = {
+    const updateData = {
       ...ctx.request.body,
     };
@@ -138,7 +138,7 @@ module.exports = {
   async find(ctx) {
     const users = await getService('user').fetchAll(ctx.query);
-    ctx.body = await Promise.all(users.map(user => sanitizeOutput(user, ctx)));
+    ctx.body = await Promise.all(users.map((user) => sanitizeOutput(user, ctx)));
   },
   /**

package/server/controllers/validation/auth.js CHANGED Viewed

@@ -8,19 +8,13 @@ const callbackSchema = yup.object({
 });
 const registerSchema = yup.object({
-  email: yup
-    .string()
-    .email()
-    .required(),
+  email: yup.string().email().required(),
   username: yup.string().required(),
   password: yup.string().required(),
 });
 const sendEmailConfirmationSchema = yup.object({
-  email: yup
-    .string()
-    .email()
-    .required(),
+  email: yup.string().email().required(),
 });
 const validateEmailConfirmationSchema = yup.object({
@@ -29,10 +23,7 @@ const validateEmailConfirmationSchema = yup.object({
 const forgotPasswordSchema = yup
   .object({
-    email: yup
-      .string()
-      .email()
-      .required(),
+    email: yup.string().email().required(),
   })
   .noUnknown();
@@ -44,6 +35,17 @@ const resetPasswordSchema = yup
   })
   .noUnknown();
+const changePasswordSchema = yup
+  .object({
+    password: yup.string().required(),
+    passwordConfirmation: yup
+      .string()
+      .required()
+      .oneOf([yup.ref('password')], 'Passwords do not match'),
+    currentPassword: yup.string().required(),
+  })
+  .noUnknown();
 module.exports = {
   validateCallbackBody: validateYupSchema(callbackSchema),
   validateRegisterBody: validateYupSchema(registerSchema),
@@ -51,4 +53,5 @@ module.exports = {
   validateEmailConfirmationBody: validateYupSchema(validateEmailConfirmationSchema),
   validateForgotPasswordBody: validateYupSchema(forgotPasswordSchema),
   validateResetPasswordBody: validateYupSchema(resetPasswordSchema),
+  validateChangePasswordBody: validateYupSchema(changePasswordSchema),
 };