@strapi/plugin-users-permissions 5.48.0 → 5.49.0

package/dist/server/utils/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sources":["../../../server/utils/index.js"],"sourcesContent":["'use strict';\n\nconst crypto = require('crypto');\nconst sanitize = require('./sanitize');\n\nconst MAX_USERNAME_ATTEMPTS = 10;\n\nconst getService = (name) => {\n  return strapi.plugin('users-permissions').service(name);\n};\n\nconst isUsernameTaken = async (username) => {\n  const user = await strapi.db\n    .query('plugin::users-permissions.user')\n    .findOne({ where: { username } });\n  return Boolean(user);\n};\n\nconst findValidUsername = async (basename) => {\n  const minLength =\n    strapi.getModel('plugin::users-permissions.user')?.attributes?.username?.minLength ?? 3;\n  const tryBasenameFirst = basename.length >= minLength;\n\n  let attempt = 0;\n  let candidate;\n  let taken;\n  do {\n    candidate =\n      attempt === 0 && tryBasenameFirst ? basename : `${basename}${crypto.randomInt(1000, 9999)}`;\n    taken = await isUsernameTaken(candidate);\n    attempt += 1;\n  } while (taken && attempt <= MAX_USERNAME_ATTEMPTS);\n\n  return taken ? crypto.randomUUID() : candidate;\n};\n\nmodule.exports = {\n  getService,\n  isUsernameTaken,\n  findValidUsername,\n  sanitize,\n};\n"],"names":["crypto","require$$0","sanitize","require$$1","MAX_USERNAME_ATTEMPTS","getService","name","strapi","plugin","service","isUsernameTaken","username","user","db","query","findOne","where","Boolean","findValidUsername","basename","minLength","getModel","attributes","tryBasenameFirst","length","attempt","candidate","taken","randomInt","randomUUID","utils"],"mappings":";;;;;;;;;;AAEA,IAAA,MAAMA,MAAAA,GAASC,UAAAA;AACf,IAAA,MAAMC,QAAAA,GAAWC,eAAAA,EAAAA;AAEjB,IAAA,MAAMC,qBAAAA,GAAwB,EAAA;AAE9B,IAAA,MAAMC,aAAa,CAACC,IAAAA,GAAAA;AAClB,QAAA,OAAOC,MAAAA,CAAOC,MAAM,CAAC,mBAAA,CAAA,CAAqBC,OAAO,CAACH,IAAAA,CAAAA;AACpD,IAAA,CAAA;AAEA,IAAA,MAAMI,kBAAkB,OAAOC,QAAAA,GAAAA;QAC7B,MAAMC,IAAAA,GAAO,MAAML,MAAAA,CAAOM,EAAA,CACvBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;YAAEC,KAAAA,EAAO;AAAEL,gBAAAA;AAAQ;AAAE,SAAA,CAAA;AAChC,QAAA,OAAOM,OAAAA,CAAQL,IAAAA,CAAAA;AACjB,IAAA,CAAA;AAEA,IAAA,MAAMM,oBAAoB,OAAOC,QAAAA,GAAAA;AAC/B,QAAA,MAAMC,YACJb,MAAAA,CAAOc,QAAQ,CAAC,gCAAA,CAAA,EAAmCC,UAAAA,EAAYX,UAAUS,SAAAA,IAAa,CAAA;QACxF,MAAMG,gBAAAA,GAAmBJ,QAAAA,CAASK,MAAM,IAAIJ,SAAAA;AAE5C,QAAA,IAAIK,OAAAA,GAAU,CAAA;QACd,IAAIC,SAAAA;QACJ,IAAIC,KAAAA;QACJ,GAAG;YACDD,SAAAA,GACED,OAAAA,KAAY,CAAA,IAAKF,gBAAAA,GAAmBJ,QAAAA,GAAW,CAAA,EAAGA,WAAWnB,MAAAA,CAAO4B,SAAS,CAAC,IAAA,EAAM,IAAA,CAAA,CAAA,CAAO;AAC7FD,YAAAA,KAAAA,GAAQ,MAAMjB,eAAAA,CAAgBgB,SAAAA,CAAAA;YAC9BD,OAAAA,IAAW,CAAA;QACf,CAAA,OAAWE,KAAAA,IAASF,WAAWrB,qBAAAA;QAE7B,OAAOuB,KAAAA,GAAQ3B,MAAAA,CAAO6B,UAAU,EAAA,GAAKH,SAAAA;AACvC,IAAA,CAAA;IAEAI,KAAAA,GAAiB;AACfzB,QAAAA,UAAAA;AACAK,QAAAA,eAAAA;AACAQ,QAAAA,iBAAAA;AACAhB,QAAAA;AACF,KAAA;;;;;;"}
+{"version":3,"file":"index.js","sources":["../../../server/utils/index.js"],"sourcesContent":["'use strict';\n\nconst crypto = require('crypto');\nconst sanitize = require('./sanitize');\n\nconst MAX_USERNAME_ATTEMPTS = 10;\n\nconst getService = (name) => {\n  return strapi.plugin('users-permissions').service(name);\n};\n\nconst isUsernameTaken = async (username) => {\n  const user = await strapi.db\n    .query('plugin::users-permissions.user')\n    .findOne({ where: { username } });\n  return Boolean(user);\n};\n\nconst findValidUsername = async (basename) => {\n  const minLength =\n    strapi.getModel('plugin::users-permissions.user')?.attributes?.username?.minLength ?? 3;\n  const tryBasenameFirst = basename.length >= minLength;\n\n  let attempt = 0;\n  let candidate;\n  let taken;\n  do {\n    candidate =\n      attempt === 0 && tryBasenameFirst ? basename : `${basename}${crypto.randomInt(1000, 9999)}`;\n    taken = await isUsernameTaken(candidate);\n    attempt += 1;\n  } while (taken && attempt <= MAX_USERNAME_ATTEMPTS);\n\n  return taken ? crypto.randomUUID() : candidate;\n};\n\nmodule.exports = {\n  getService,\n  isUsernameTaken,\n  findValidUsername,\n  sanitize,\n};\n"],"names":["crypto","require$$0","sanitize","require$$1","MAX_USERNAME_ATTEMPTS","getService","name","strapi","plugin","service","isUsernameTaken","username","user","db","query","findOne","where","Boolean","findValidUsername","basename","minLength","getModel","attributes","tryBasenameFirst","length","attempt","candidate","taken","randomInt","randomUUID","utils"],"mappings":";;;;;;;;;;;;;;AAEA,IAAA,MAAMA,MAAAA,GAASC,2BAAAA;AACf,IAAA,MAAMC,QAAAA,GAAWC,eAAAA,EAAAA;AAEjB,IAAA,MAAMC,qBAAAA,GAAwB,EAAA;AAE9B,IAAA,MAAMC,aAAa,CAACC,IAAAA,GAAAA;AAClB,QAAA,OAAOC,MAAAA,CAAOC,MAAM,CAAC,mBAAA,CAAA,CAAqBC,OAAO,CAACH,IAAAA,CAAAA;AACpD,IAAA,CAAA;AAEA,IAAA,MAAMI,kBAAkB,OAAOC,QAAAA,GAAAA;QAC7B,MAAMC,IAAAA,GAAO,MAAML,MAAAA,CAAOM,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;YAAEC,KAAAA,EAAO;AAAEL,gBAAAA;AAAQ;AAAE,SAAA,CAAA;AAChC,QAAA,OAAOM,OAAAA,CAAQL,IAAAA,CAAAA;AACjB,IAAA,CAAA;AAEA,IAAA,MAAMM,oBAAoB,OAAOC,QAAAA,GAAAA;AAC/B,QAAA,MAAMC,YACJb,MAAAA,CAAOc,QAAQ,CAAC,gCAAA,CAAA,EAAmCC,UAAAA,EAAYX,UAAUS,SAAAA,IAAa,CAAA;QACxF,MAAMG,gBAAAA,GAAmBJ,QAAAA,CAASK,MAAM,IAAIJ,SAAAA;AAE5C,QAAA,IAAIK,OAAAA,GAAU,CAAA;QACd,IAAIC,SAAAA;QACJ,IAAIC,KAAAA;QACJ,GAAG;YACDD,SAAAA,GACED,OAAAA,KAAY,CAAA,IAAKF,gBAAAA,GAAmBJ,QAAAA,GAAW,CAAA,EAAGA,WAAWnB,MAAAA,CAAO4B,SAAS,CAAC,IAAA,EAAM,IAAA,CAAA,CAAA,CAAO;AAC7FD,YAAAA,KAAAA,GAAQ,MAAMjB,eAAAA,CAAgBgB,SAAAA,CAAAA;YAC9BD,OAAAA,IAAW,CAAA;QACf,CAAA,OAAWE,KAAAA,IAASF,WAAWrB,qBAAAA;QAE7B,OAAOuB,KAAAA,GAAQ3B,MAAAA,CAAO6B,UAAU,EAAA,GAAKH,SAAAA;AACvC,IAAA,CAAA;IAEAI,KAAAA,GAAiB;AACfzB,QAAAA,UAAAA;AACAK,QAAAA,eAAAA;AACAQ,QAAAA,iBAAAA;AACAhB,QAAAA;AACF,KAAA;;;;;;"}

package/dist/server/utils/index.mjs.map

@@ -1 +1 @@
-{"version":3,"file":"index.mjs","sources":["../../../server/utils/index.js"],"sourcesContent":["'use strict';\n\nconst crypto = require('crypto');\nconst sanitize = require('./sanitize');\n\nconst MAX_USERNAME_ATTEMPTS = 10;\n\nconst getService = (name) => {\n  return strapi.plugin('users-permissions').service(name);\n};\n\nconst isUsernameTaken = async (username) => {\n  const user = await strapi.db\n    .query('plugin::users-permissions.user')\n    .findOne({ where: { username } });\n  return Boolean(user);\n};\n\nconst findValidUsername = async (basename) => {\n  const minLength =\n    strapi.getModel('plugin::users-permissions.user')?.attributes?.username?.minLength ?? 3;\n  const tryBasenameFirst = basename.length >= minLength;\n\n  let attempt = 0;\n  let candidate;\n  let taken;\n  do {\n    candidate =\n      attempt === 0 && tryBasenameFirst ? basename : `${basename}${crypto.randomInt(1000, 9999)}`;\n    taken = await isUsernameTaken(candidate);\n    attempt += 1;\n  } while (taken && attempt <= MAX_USERNAME_ATTEMPTS);\n\n  return taken ? crypto.randomUUID() : candidate;\n};\n\nmodule.exports = {\n  getService,\n  isUsernameTaken,\n  findValidUsername,\n  sanitize,\n};\n"],"names":["crypto","require$$0","sanitize","require$$1","MAX_USERNAME_ATTEMPTS","getService","name","strapi","plugin","service","isUsernameTaken","username","user","db","query","findOne","where","Boolean","findValidUsername","basename","minLength","getModel","attributes","tryBasenameFirst","length","attempt","candidate","taken","randomInt","randomUUID","utils"],"mappings":";;;;;;;;AAEA,IAAA,MAAMA,MAAAA,GAASC,UAAAA;AACf,IAAA,MAAMC,QAAAA,GAAWC,eAAAA,EAAAA;AAEjB,IAAA,MAAMC,qBAAAA,GAAwB,EAAA;AAE9B,IAAA,MAAMC,aAAa,CAACC,IAAAA,GAAAA;AAClB,QAAA,OAAOC,MAAAA,CAAOC,MAAM,CAAC,mBAAA,CAAA,CAAqBC,OAAO,CAACH,IAAAA,CAAAA;AACpD,IAAA,CAAA;AAEA,IAAA,MAAMI,kBAAkB,OAAOC,QAAAA,GAAAA;QAC7B,MAAMC,IAAAA,GAAO,MAAML,MAAAA,CAAOM,EAAA,CACvBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;YAAEC,KAAAA,EAAO;AAAEL,gBAAAA;AAAQ;AAAE,SAAA,CAAA;AAChC,QAAA,OAAOM,OAAAA,CAAQL,IAAAA,CAAAA;AACjB,IAAA,CAAA;AAEA,IAAA,MAAMM,oBAAoB,OAAOC,QAAAA,GAAAA;AAC/B,QAAA,MAAMC,YACJb,MAAAA,CAAOc,QAAQ,CAAC,gCAAA,CAAA,EAAmCC,UAAAA,EAAYX,UAAUS,SAAAA,IAAa,CAAA;QACxF,MAAMG,gBAAAA,GAAmBJ,QAAAA,CAASK,MAAM,IAAIJ,SAAAA;AAE5C,QAAA,IAAIK,OAAAA,GAAU,CAAA;QACd,IAAIC,SAAAA;QACJ,IAAIC,KAAAA;QACJ,GAAG;YACDD,SAAAA,GACED,OAAAA,KAAY,CAAA,IAAKF,gBAAAA,GAAmBJ,QAAAA,GAAW,CAAA,EAAGA,WAAWnB,MAAAA,CAAO4B,SAAS,CAAC,IAAA,EAAM,IAAA,CAAA,CAAA,CAAO;AAC7FD,YAAAA,KAAAA,GAAQ,MAAMjB,eAAAA,CAAgBgB,SAAAA,CAAAA;YAC9BD,OAAAA,IAAW,CAAA;QACf,CAAA,OAAWE,KAAAA,IAASF,WAAWrB,qBAAAA;QAE7B,OAAOuB,KAAAA,GAAQ3B,MAAAA,CAAO6B,UAAU,EAAA,GAAKH,SAAAA;AACvC,IAAA,CAAA;IAEAI,KAAAA,GAAiB;AACfzB,QAAAA,UAAAA;AACAK,QAAAA,eAAAA;AACAQ,QAAAA,iBAAAA;AACAhB,QAAAA;AACF,KAAA;;;;;;"}
+{"version":3,"file":"index.mjs","sources":["../../../server/utils/index.js"],"sourcesContent":["'use strict';\n\nconst crypto = require('crypto');\nconst sanitize = require('./sanitize');\n\nconst MAX_USERNAME_ATTEMPTS = 10;\n\nconst getService = (name) => {\n  return strapi.plugin('users-permissions').service(name);\n};\n\nconst isUsernameTaken = async (username) => {\n  const user = await strapi.db\n    .query('plugin::users-permissions.user')\n    .findOne({ where: { username } });\n  return Boolean(user);\n};\n\nconst findValidUsername = async (basename) => {\n  const minLength =\n    strapi.getModel('plugin::users-permissions.user')?.attributes?.username?.minLength ?? 3;\n  const tryBasenameFirst = basename.length >= minLength;\n\n  let attempt = 0;\n  let candidate;\n  let taken;\n  do {\n    candidate =\n      attempt === 0 && tryBasenameFirst ? basename : `${basename}${crypto.randomInt(1000, 9999)}`;\n    taken = await isUsernameTaken(candidate);\n    attempt += 1;\n  } while (taken && attempt <= MAX_USERNAME_ATTEMPTS);\n\n  return taken ? crypto.randomUUID() : candidate;\n};\n\nmodule.exports = {\n  getService,\n  isUsernameTaken,\n  findValidUsername,\n  sanitize,\n};\n"],"names":["crypto","require$$0","sanitize","require$$1","MAX_USERNAME_ATTEMPTS","getService","name","strapi","plugin","service","isUsernameTaken","username","user","db","query","findOne","where","Boolean","findValidUsername","basename","minLength","getModel","attributes","tryBasenameFirst","length","attempt","candidate","taken","randomInt","randomUUID","utils"],"mappings":";;;;;;;;AAEA,IAAA,MAAMA,MAAAA,GAASC,UAAAA;AACf,IAAA,MAAMC,QAAAA,GAAWC,eAAAA,EAAAA;AAEjB,IAAA,MAAMC,qBAAAA,GAAwB,EAAA;AAE9B,IAAA,MAAMC,aAAa,CAACC,IAAAA,GAAAA;AAClB,QAAA,OAAOC,MAAAA,CAAOC,MAAM,CAAC,mBAAA,CAAA,CAAqBC,OAAO,CAACH,IAAAA,CAAAA;AACpD,IAAA,CAAA;AAEA,IAAA,MAAMI,kBAAkB,OAAOC,QAAAA,GAAAA;QAC7B,MAAMC,IAAAA,GAAO,MAAML,MAAAA,CAAOM,EAAE,CACzBC,KAAK,CAAC,gCAAA,CAAA,CACNC,OAAO,CAAC;YAAEC,KAAAA,EAAO;AAAEL,gBAAAA;AAAQ;AAAE,SAAA,CAAA;AAChC,QAAA,OAAOM,OAAAA,CAAQL,IAAAA,CAAAA;AACjB,IAAA,CAAA;AAEA,IAAA,MAAMM,oBAAoB,OAAOC,QAAAA,GAAAA;AAC/B,QAAA,MAAMC,YACJb,MAAAA,CAAOc,QAAQ,CAAC,gCAAA,CAAA,EAAmCC,UAAAA,EAAYX,UAAUS,SAAAA,IAAa,CAAA;QACxF,MAAMG,gBAAAA,GAAmBJ,QAAAA,CAASK,MAAM,IAAIJ,SAAAA;AAE5C,QAAA,IAAIK,OAAAA,GAAU,CAAA;QACd,IAAIC,SAAAA;QACJ,IAAIC,KAAAA;QACJ,GAAG;YACDD,SAAAA,GACED,OAAAA,KAAY,CAAA,IAAKF,gBAAAA,GAAmBJ,QAAAA,GAAW,CAAA,EAAGA,WAAWnB,MAAAA,CAAO4B,SAAS,CAAC,IAAA,EAAM,IAAA,CAAA,CAAA,CAAO;AAC7FD,YAAAA,KAAAA,GAAQ,MAAMjB,eAAAA,CAAgBgB,SAAAA,CAAAA;YAC9BD,OAAAA,IAAW,CAAA;QACf,CAAA,OAAWE,KAAAA,IAASF,WAAWrB,qBAAAA;QAE7B,OAAOuB,KAAAA,GAAQ3B,MAAAA,CAAO6B,UAAU,EAAA,GAAKH,SAAAA;AACvC,IAAA,CAAA;IAEAI,KAAAA,GAAiB;AACfzB,QAAAA,UAAAA;AACAK,QAAAA,eAAAA;AACAQ,QAAAA,iBAAAA;AACAhB,QAAAA;AACF,KAAA;;;;;;"}

package/dist/server/utils/sanitize/sanitizers.js

@@ -4,13 +4,18 @@ var require$$0 = require('lodash/fp');
 var require$$1 = require('@strapi/utils');
 var index = require('./visitors/index.js');
 
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var require$$0__default = /*#__PURE__*/_interopDefault(require$$0);
+var require$$1__default = /*#__PURE__*/_interopDefault(require$$1);
+
 var sanitizers;
 var hasRequiredSanitizers;
 function requireSanitizers() {
     if (hasRequiredSanitizers) return sanitizers;
     hasRequiredSanitizers = 1;
-    const { curry } = require$$0;
-    const { traverseEntity, async } = require$$1;
+    const { curry } = require$$0__default.default;
+    const { traverseEntity, async } = require$$1__default.default;
     const { removeUserRelationFromRoleEntities } = index.__require();
     const sanitizeUserRelationFromRoleEntities = curry((schema, entity)=>{
         return traverseEntity(removeUserRelationFromRoleEntities, {

package/dist/server/utils/sanitize/sanitizers.js.map

@@ -1 +1 @@
-{"version":3,"file":"sanitizers.js","sources":["../../../../server/utils/sanitize/sanitizers.js"],"sourcesContent":["'use strict';\n\nconst { curry } = require('lodash/fp');\nconst { traverseEntity, async } = require('@strapi/utils');\n\nconst { removeUserRelationFromRoleEntities } = require('./visitors');\n\nconst sanitizeUserRelationFromRoleEntities = curry((schema, entity) => {\n  return traverseEntity(\n    removeUserRelationFromRoleEntities,\n    { schema, getModel: strapi.getModel.bind(strapi) },\n    entity\n  );\n});\n\nconst defaultSanitizeOutput = curry((schema, entity) => {\n  return async.pipe(sanitizeUserRelationFromRoleEntities(schema))(entity);\n});\n\nmodule.exports = {\n  sanitizeUserRelationFromRoleEntities,\n  defaultSanitizeOutput,\n};\n"],"names":["curry","require$$0","traverseEntity","async","require$$1","removeUserRelationFromRoleEntities","require$$2","sanitizeUserRelationFromRoleEntities","schema","entity","getModel","strapi","bind","defaultSanitizeOutput","pipe","sanitizers"],"mappings":";;;;;;;;;;;IAEA,MAAM,EAAEA,KAAK,EAAE,GAAGC,UAAAA;AAClB,IAAA,MAAM,EAAEC,cAAc,EAAEC,KAAK,EAAE,GAAGC,UAAAA;IAElC,MAAM,EAAEC,kCAAkC,EAAE,GAAGC,eAAAA,EAAAA;IAE/C,MAAMC,oCAAAA,GAAuCP,KAAAA,CAAM,CAACQ,MAAAA,EAAQC,MAAAA,GAAAA;AAC1D,QAAA,OAAOP,eACLG,kCAAAA,EACA;AAAEG,YAAAA,MAAAA;AAAQE,YAAAA,QAAAA,EAAUC,MAAAA,CAAOD,QAAQ,CAACE,IAAI,CAACD,MAAAA;SAAO,EAChDF,MAAAA,CAAAA;AAEJ,IAAA,CAAA,CAAA;IAEA,MAAMI,qBAAAA,GAAwBb,KAAAA,CAAM,CAACQ,MAAAA,EAAQC,MAAAA,GAAAA;AAC3C,QAAA,OAAON,KAAAA,CAAMW,IAAI,CAACP,oCAAAA,CAAqCC,MAAAA,CAAAA,CAAAA,CAASC,MAAAA,CAAAA;AAClE,IAAA,CAAA,CAAA;IAEAM,UAAAA,GAAiB;AACfR,QAAAA,oCAAAA;AACAM,QAAAA;AACF,KAAA;;;;;;"}
+{"version":3,"file":"sanitizers.js","sources":["../../../../server/utils/sanitize/sanitizers.js"],"sourcesContent":["'use strict';\n\nconst { curry } = require('lodash/fp');\nconst { traverseEntity, async } = require('@strapi/utils');\n\nconst { removeUserRelationFromRoleEntities } = require('./visitors');\n\nconst sanitizeUserRelationFromRoleEntities = curry((schema, entity) => {\n  return traverseEntity(\n    removeUserRelationFromRoleEntities,\n    { schema, getModel: strapi.getModel.bind(strapi) },\n    entity\n  );\n});\n\nconst defaultSanitizeOutput = curry((schema, entity) => {\n  return async.pipe(sanitizeUserRelationFromRoleEntities(schema))(entity);\n});\n\nmodule.exports = {\n  sanitizeUserRelationFromRoleEntities,\n  defaultSanitizeOutput,\n};\n"],"names":["curry","require$$0","traverseEntity","async","require$$1","removeUserRelationFromRoleEntities","require$$2","sanitizeUserRelationFromRoleEntities","schema","entity","getModel","strapi","bind","defaultSanitizeOutput","pipe","sanitizers"],"mappings":";;;;;;;;;;;;;;;;IAEA,MAAM,EAAEA,KAAK,EAAE,GAAGC,2BAAAA;AAClB,IAAA,MAAM,EAAEC,cAAc,EAAEC,KAAK,EAAE,GAAGC,2BAAAA;IAElC,MAAM,EAAEC,kCAAkC,EAAE,GAAGC,eAAAA,EAAAA;IAE/C,MAAMC,oCAAAA,GAAuCP,KAAAA,CAAM,CAACQ,MAAAA,EAAQC,MAAAA,GAAAA;AAC1D,QAAA,OAAOP,eACLG,kCAAAA,EACA;AAAEG,YAAAA,MAAAA;AAAQE,YAAAA,QAAAA,EAAUC,MAAAA,CAAOD,QAAQ,CAACE,IAAI,CAACD,MAAAA;SAAO,EAChDF,MAAAA,CAAAA;AAEJ,IAAA,CAAA,CAAA;IAEA,MAAMI,qBAAAA,GAAwBb,KAAAA,CAAM,CAACQ,MAAAA,EAAQC,MAAAA,GAAAA;AAC3C,QAAA,OAAON,KAAAA,CAAMW,IAAI,CAACP,oCAAAA,CAAqCC,MAAAA,CAAAA,CAAAA,CAASC,MAAAA,CAAAA;AAClE,IAAA,CAAA,CAAA;IAEAM,UAAAA,GAAiB;AACfR,QAAAA,oCAAAA;AACAM,QAAAA;AACF,KAAA;;;;;;"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strapi/plugin-users-permissions",
-  "version": "5.48.0",
+  "version": "5.49.0",
   "description": "Protect your API with a full-authentication process based on JWT",
   "homepage": "https://strapi.io",
   "bugs": {
@@ -55,7 +55,7 @@
   "dependencies": {
     "@strapi/design-system": "2.2.0",
     "@strapi/icons": "2.2.0",
-    "@strapi/utils": "5.48.0",
+    "@strapi/utils": "5.49.0",
     "bcryptjs": "2.4.3",
     "formik": "2.4.5",
     "grant": "5.4.24",
@@ -75,7 +75,7 @@
     "zod": "3.25.67"
   },
   "devDependencies": {
-    "@strapi/strapi": "5.48.0",
+    "@strapi/strapi": "5.49.0",
     "@testing-library/dom": "10.4.1",
     "@testing-library/react": "16.3.2",
     "@testing-library/user-event": "14.6.1",
@@ -93,7 +93,7 @@
     "styled-components": "^6.0.0"
   },
   "engines": {
-    "node": ">=20.0.0 <=24.x.x",
+    "node": ">=20.0.0 <=26.x.x",
     "npm": ">=6.0.0"
   },
   "strapi": {

package/server/services/user.js

@@ -59,8 +59,12 @@ module.exports = ({ strapi }) => ({
    * @return {Promise}
    */
   async add(values) {
-    return strapi.db.query(USER_MODEL_UID).create({
-      data: await this.ensureHashedPasswords(values),
+    // Use the Document Service so relation inputs accept both the internal
+    // numeric id (legacy) and the documentId (v5 default) syntax, consistent
+    // with every other content-type endpoint. The Document Service hashes
+    // `password` attributes itself, so we must not pre-hash here.
+    return strapi.documents(USER_MODEL_UID).create({
+      data: values,
       populate: ['role'],
     });
   },
@@ -72,9 +76,22 @@ module.exports = ({ strapi }) => ({
    * @return {Promise}
    */
   async edit(userId, params = {}) {
-    return strapi.db.query(USER_MODEL_UID).update({
-      where: { id: userId },
-      data: await this.ensureHashedPasswords(params),
+    // The user is addressed by its numeric id (e.g. the `/users/:id` route),
+    // but the Document Service updates by documentId. Resolve it first so the
+    // relation inputs are processed by the Document Service, which accepts both
+    // numeric ids (legacy) and documentIds (v5 default). The Document Service
+    // hashes `password` attributes itself, so we must not pre-hash here.
+    const entry = await strapi.db
+      .query(USER_MODEL_UID)
+      .findOne({ where: { id: userId }, select: ['documentId'] });
+
+    if (!entry) {
+      return null;
+    }
+
+    return strapi.documents(USER_MODEL_UID).update({
+      documentId: entry.documentId,
+      data: params,
       populate: ['role'],
     });
   },