strapi-custom-auth 1.2.14 → 1.2.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/server/index.js +48 -13
  2. package/dist/server/index.mjs +48 -13
  3. package/package.json +1 -1
package/dist/server/index.js CHANGED
@@ -3304,38 +3304,62 @@ async function microsoftSignInCallback(ctx) {
3304
3304
  }
3305
3305
  }
3306
3306
  );
3307
- console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback TOKEN RESPONSE", tokenResponse?.data.access_token);
3307
+ console.log(
3308
+ "[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback TOKEN RESPONSE",
3309
+ tokenResponse?.data.access_token
3310
+ );
3308
3311
  const userResponse = await axios.get("https://graph.microsoft.com/v1.0/me", {
3309
3312
  headers: {
3310
3313
  Authorization: `Bearer ${tokenResponse?.data.access_token}`
3311
3314
  }
3312
3315
  });
3313
3316
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback USER RESPONSE", userResponse?.data);
3314
- const groupResponse = await axios.get(`https://graph.microsoft.com/v1.0/me/memberOf`, {
3315
- headers: {
3316
- Authorization: `Bearer ${tokenResponse?.data.access_token}`
3317
- }
3318
- });
3319
- const groupsList = groupResponse?.data.value;
3320
- console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback USER groups", groupsList);
3317
+ const groupResponse = (await Promise.all(
3318
+ [config2["ENTRA_ADMIN_GROUP_NAME"], config2["ENTRA_EDITOR_GROUP_NAME"]].map(
3319
+ (groupName) => axios.get(
3320
+ `https://graph.microsoft.com/v1.0/me/memberOf/microsoft.graph.group?$search="displayName:${groupName}"&$select=displayName`,
3321
+ {
3322
+ headers: {
3323
+ Authorization: `Bearer ${tokenResponse?.data.access_token}`,
3324
+ ConsistencyLevel: "eventual"
3325
+ }
3326
+ }
3327
+ )
3328
+ )
3329
+ )).flatMap((response) => response.data.value);
3330
+ console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback USER groups", groupResponse);
3321
3331
  const { mail, givenName, surname } = userResponse?.data;
3322
3332
  const dbUser = await userService.findOneByEmail(mail, { roles: true });
3323
3333
  let activateUser;
3324
3334
  let jwtToken;
3325
3335
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: check user existence");
3326
3336
  if (dbUser) {
3337
+ const isForcedAdmin = roleService.isForcedAdmin(dbUser);
3338
+ if (isForcedAdmin) {
3339
+ const adminGroupName = config2["ENTRA_ADMIN_GROUP_NAME"];
3340
+ if (adminGroupName && !groupResponse.some((group) => group.displayName === adminGroupName)) {
3341
+ groupResponse.push({ displayName: adminGroupName });
3342
+ console.log(`[STRAPI-CUSTOM-AUTH] User ${mail} is forced to be an admin.`);
3343
+ }
3344
+ }
3327
3345
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user exists generating token");
3328
- const hasRoleMismatch = await roleService.checkMicrosoftUserRolesMismatch(dbUser, groupsList, config2);
3346
+ const hasRoleMismatch = await roleService.checkMicrosoftUserRolesMismatch(
3347
+ dbUser,
3348
+ groupResponse,
3349
+ config2
3350
+ );
3329
3351
  if (hasRoleMismatch) {
3330
- console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user exists but has role mismatch, fixing it.");
3331
- activateUser = await roleService.updateMicrosoftUserRoles(dbUser, groupsList, config2);
3352
+ console.log(
3353
+ "[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user exists but has role mismatch, fixing it."
3354
+ );
3355
+ activateUser = await roleService.updateMicrosoftUserRoles(dbUser, groupResponse, config2);
3332
3356
  } else {
3333
3357
  activateUser = dbUser;
3334
3358
  }
3335
3359
  jwtToken = await tokenService.createJwtToken(activateUser);
3336
3360
  } else {
3337
3361
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user does not exist, creating it");
3338
- const roles2 = await roleService.retrieveMicrosoftUserRoles(groupsList, config2);
3362
+ const roles2 = await roleService.retrieveMicrosoftUserRoles(groupResponse, config2);
3339
3363
  const defaultLocale = oauthService.localeFindByHeader(ctx.request.headers);
3340
3364
  activateUser = await oauthService.createUser(mail, surname, givenName, defaultLocale, roles2);
3341
3365
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user created, generating token");
@@ -3343,7 +3367,13 @@ async function microsoftSignInCallback(ctx) {
3343
3367
  }
3344
3368
  oauthService.triggerSignInSuccess(activateUser);
3345
3369
  const nonce = v4();
3346
- const html = oauthService.renderSignUpSuccess(jwtToken, activateUser, nonce, tokenResponse.data?.refresh_token, "microsoft");
3370
+ const html = oauthService.renderSignUpSuccess(
3371
+ jwtToken,
3372
+ activateUser,
3373
+ nonce,
3374
+ tokenResponse.data?.refresh_token,
3375
+ "microsoft"
3376
+ );
3347
3377
  ctx.set("Content-Security-Policy", `script-src 'nonce-${nonce}'`);
3348
3378
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: All went well, redirecting user");
3349
3379
  return ctx.send(html);
@@ -39467,6 +39497,11 @@ var role = ({ strapi: strapi2 }) => ({
39467
39497
  const updatedUser = await userService.findOne(user.id);
39468
39498
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback updateMicrosoftUserRoles: END");
39469
39499
  return updatedUser;
39500
+ },
39501
+ isForcedAdmin(user) {
39502
+ const config2 = strapi2.config.get("plugin.strapi-custom-auth");
39503
+ const forcedAdminEmails = (config2["ENTRA_FORCED_ADMIN_EMAILS"] || "").split(",").map((email2) => email2.trim());
39504
+ return forcedAdminEmails.includes(user?.email);
39470
39505
  }
39471
39506
  });
39472
39507
  const role$1 = /* @__PURE__ */ getDefaultExportFromCjs(role);
package/dist/server/index.mjs CHANGED
@@ -3289,38 +3289,62 @@ async function microsoftSignInCallback(ctx) {
3289
3289
  }
3290
3290
  }
3291
3291
  );
3292
- console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback TOKEN RESPONSE", tokenResponse?.data.access_token);
3292
+ console.log(
3293
+ "[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback TOKEN RESPONSE",
3294
+ tokenResponse?.data.access_token
3295
+ );
3293
3296
  const userResponse = await axios.get("https://graph.microsoft.com/v1.0/me", {
3294
3297
  headers: {
3295
3298
  Authorization: `Bearer ${tokenResponse?.data.access_token}`
3296
3299
  }
3297
3300
  });
3298
3301
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback USER RESPONSE", userResponse?.data);
3299
- const groupResponse = await axios.get(`https://graph.microsoft.com/v1.0/me/memberOf`, {
3300
- headers: {
3301
- Authorization: `Bearer ${tokenResponse?.data.access_token}`
3302
- }
3303
- });
3304
- const groupsList = groupResponse?.data.value;
3305
- console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback USER groups", groupsList);
3302
+ const groupResponse = (await Promise.all(
3303
+ [config2["ENTRA_ADMIN_GROUP_NAME"], config2["ENTRA_EDITOR_GROUP_NAME"]].map(
3304
+ (groupName) => axios.get(
3305
+ `https://graph.microsoft.com/v1.0/me/memberOf/microsoft.graph.group?$search="displayName:${groupName}"&$select=displayName`,
3306
+ {
3307
+ headers: {
3308
+ Authorization: `Bearer ${tokenResponse?.data.access_token}`,
3309
+ ConsistencyLevel: "eventual"
3310
+ }
3311
+ }
3312
+ )
3313
+ )
3314
+ )).flatMap((response) => response.data.value);
3315
+ console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback USER groups", groupResponse);
3306
3316
  const { mail, givenName, surname } = userResponse?.data;
3307
3317
  const dbUser = await userService.findOneByEmail(mail, { roles: true });
3308
3318
  let activateUser;
3309
3319
  let jwtToken;
3310
3320
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: check user existence");
3311
3321
  if (dbUser) {
3322
+ const isForcedAdmin = roleService.isForcedAdmin(dbUser);
3323
+ if (isForcedAdmin) {
3324
+ const adminGroupName = config2["ENTRA_ADMIN_GROUP_NAME"];
3325
+ if (adminGroupName && !groupResponse.some((group) => group.displayName === adminGroupName)) {
3326
+ groupResponse.push({ displayName: adminGroupName });
3327
+ console.log(`[STRAPI-CUSTOM-AUTH] User ${mail} is forced to be an admin.`);
3328
+ }
3329
+ }
3312
3330
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user exists generating token");
3313
- const hasRoleMismatch = await roleService.checkMicrosoftUserRolesMismatch(dbUser, groupsList, config2);
3331
+ const hasRoleMismatch = await roleService.checkMicrosoftUserRolesMismatch(
3332
+ dbUser,
3333
+ groupResponse,
3334
+ config2
3335
+ );
3314
3336
  if (hasRoleMismatch) {
3315
- console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user exists but has role mismatch, fixing it.");
3316
- activateUser = await roleService.updateMicrosoftUserRoles(dbUser, groupsList, config2);
3337
+ console.log(
3338
+ "[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user exists but has role mismatch, fixing it."
3339
+ );
3340
+ activateUser = await roleService.updateMicrosoftUserRoles(dbUser, groupResponse, config2);
3317
3341
  } else {
3318
3342
  activateUser = dbUser;
3319
3343
  }
3320
3344
  jwtToken = await tokenService.createJwtToken(activateUser);
3321
3345
  } else {
3322
3346
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user does not exist, creating it");
3323
- const roles2 = await roleService.retrieveMicrosoftUserRoles(groupsList, config2);
3347
+ const roles2 = await roleService.retrieveMicrosoftUserRoles(groupResponse, config2);
3324
3348
  const defaultLocale = oauthService.localeFindByHeader(ctx.request.headers);
3325
3349
  activateUser = await oauthService.createUser(mail, surname, givenName, defaultLocale, roles2);
3326
3350
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: user created, generating token");
@@ -3328,7 +3352,13 @@ async function microsoftSignInCallback(ctx) {
3328
3352
  }
3329
3353
  oauthService.triggerSignInSuccess(activateUser);
3330
3354
  const nonce = v4();
3331
- const html = oauthService.renderSignUpSuccess(jwtToken, activateUser, nonce, tokenResponse.data?.refresh_token, "microsoft");
3355
+ const html = oauthService.renderSignUpSuccess(
3356
+ jwtToken,
3357
+ activateUser,
3358
+ nonce,
3359
+ tokenResponse.data?.refresh_token,
3360
+ "microsoft"
3361
+ );
3332
3362
  ctx.set("Content-Security-Policy", `script-src 'nonce-${nonce}'`);
3333
3363
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback: All went well, redirecting user");
3334
3364
  return ctx.send(html);
@@ -39452,6 +39482,11 @@ var role = ({ strapi: strapi2 }) => ({
39452
39482
  const updatedUser = await userService.findOne(user.id);
39453
39483
  console.log("[STRAPI-CUSTOM-AUTH] Microsoft Sign Callback updateMicrosoftUserRoles: END");
39454
39484
  return updatedUser;
39485
+ },
39486
+ isForcedAdmin(user) {
39487
+ const config2 = strapi2.config.get("plugin.strapi-custom-auth");
39488
+ const forcedAdminEmails = (config2["ENTRA_FORCED_ADMIN_EMAILS"] || "").split(",").map((email2) => email2.trim());
39489
+ return forcedAdminEmails.includes(user?.email);
39455
39490
  }
39456
39491
  });
39457
39492
  const role$1 = /* @__PURE__ */ getDefaultExportFromCjs(role);
package/package.json CHANGED
@@ -1,5 +1,5 @@
1
1
  {
2
- "version": "1.2.14",
2
+ "version": "1.2.17",
3
3
  "keywords": [],
4
4
  "type": "commonjs",
5
5
  "exports": {