npm - strapi-identity - Versions diffs - 0.4.2 → 0.5.0 - Mend

strapi-identity 0.4.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (60) hide show

package/dist/server/index.mjs CHANGED Viewed

@@ -9643,7 +9643,7 @@ const replaceLogin = (route2, secret2, domain) => {
           await strapi.service("plugin::strapi-identity.email").send(adminUser.email, otp);
         }
       } catch (err) {
-        console.log("Error sending login email OTP:", err);
+        strapi.log.error("Error sending login email OTP");
       }
     }
     ctx.res.removeHeader("set-cookie");
@@ -9657,7 +9657,7 @@ const replaceLogin = (route2, secret2, domain) => {
     const newToken = jwt.sign(newPayload, secret2, { expiresIn: "5m" });
     const expires = new Date(Date.now() + 5 * 60 * 1e3);
     const secure = strapi.config.get("admin.auth.cookie.secure") ?? process.env.NODE_ENV === "production";
-    const opt = { domain, httpOnly: false, overwrite: true, secure, expires };
+    const opt = { domain, httpOnly: true, overwrite: true, secure, expires };
     ctx.cookies.set("strapi_admin_mfa", newToken, opt);
     ctx.body.data = { data: {}, error: null };
   });
@@ -9703,7 +9703,6 @@ const registerMiddlewares = (server) => {
       "/admin/users/me",
       "/strapi-identity/status",
       "/strapi-identity/config",
-      "/strapi-identity/config/enabled",
       "/strapi-identity/enable",
       "/strapi-identity/setup",
       "/strapi-identity/enable-email",
@@ -9711,7 +9710,6 @@ const registerMiddlewares = (server) => {
     ];
     const isAllowed = allowedPaths.includes(ctx.path) || // Static assets (JS, CSS, images, fonts, sourcemaps)
     /\.(mjs|js|css|png|jpg|jpeg|gif|svg|ico|woff2?|ttf|eot|map)(\?.*)?$/.test(ctx.path) || ctx.path.startsWith("/admin/@") || ctx.path.startsWith("/admin/src/");
-    if (!isAllowed) console.log(ctx.path);
     if (!isAllowed) {
       if (ctx.accepts("html") && ctx.path.startsWith("/admin")) {
         ctx.redirect("/admin/strapi-identity/enforced");
@@ -9838,7 +9836,7 @@ const config$2 = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: enabled, error: null };
     } catch (error) {
-      console.log("Error checking if Strapi Identity is enabled:", error);
+      strapi2.log.error("Error checking if Strapi Identity is enabled");
       ctx.status = 500;
       ctx.body = { data: null, error: "Server Error" };
     }
@@ -9849,18 +9847,7 @@ const config$2 = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: config2, error: null };
     } catch (error) {
-      console.log("Error getting config:", error);
-      ctx.status = 500;
-      ctx.body = { data: null, error: "Server Error" };
-    }
-  },
-  async getEmailStatus(ctx) {
-    try {
-      const emailService = strapi2.config.get("plugin::email");
-      ctx.status = 200;
-      ctx.body = { data: emailService, error: null };
-    } catch (error) {
-      console.log("Error getting email status:", error);
+      strapi2.log.error("Error getting config");
       ctx.status = 500;
       ctx.body = { data: null, error: "Server Error" };
     }
@@ -9872,7 +9859,7 @@ const config$2 = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: updatedConfig, error: null };
     } catch (error) {
-      console.log("Error updating config:", error);
+      strapi2.log.error("Error updating config");
       ctx.status = 500;
       ctx.body = { data: null, error: "Server Error" };
     }
@@ -9924,6 +9911,18 @@ const buildCookieOptionsWithExpiry = (type, absoluteExpiresAtISO, secureRequest)
   return { ...base, expires: chosen, maxAge: Math.max(0, chosen.getTime() - now) };
 };
 const controller = ({ strapi: strapi2 }) => ({
+  async verifyInfo(ctx) {
+    const secret2 = strapi2.config.get("admin.auth.secret");
+    const token = ctx.cookies.get("strapi_admin_mfa");
+    try {
+      const payload = jwt.verify(token, secret2);
+      ctx.status = 200;
+      ctx.body = { data: { mfaType: payload.mfaType || null }, error: null };
+    } catch {
+      ctx.status = 401;
+      ctx.body = { data: null, error: "Invalid or expired MFA session" };
+    }
+  },
   async verify(ctx) {
     const sessionManager = strapi2.sessionManager;
     const secret2 = strapi2.config.get("admin.auth.secret");
@@ -9970,7 +9969,7 @@ const controller = ({ strapi: strapi2 }) => ({
         error: null
       };
     } catch (error) {
-      console.log("Error verifying MFA code:", error);
+      strapi2.log.error("Error verifying MFA code");
       ctx.status = 500;
       ctx.body = { data: null, error: "Server Error" };
     }
@@ -9993,7 +9992,7 @@ const controller = ({ strapi: strapi2 }) => ({
         ctx.body = { data: { message: "MFA disabled" }, error: null };
       }
     } catch (error) {
-      console.log("Error enabling/disabling MFA:", error);
+      strapi2.log.error("Error enabling/disabling MFA");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to update MFA" };
     }
@@ -10038,7 +10037,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "MFA disabled" }, error: null };
     } catch (error) {
-      console.log("Error disabling MFA:", error);
+      strapi2.log.error("Error disabling MFA");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to disable MFA" };
     }
@@ -10066,7 +10065,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "Verification email sent" }, error: null };
     } catch (error) {
-      console.log("Error initiating email MFA setup:", error);
+      strapi2.log.error("Error initiating email MFA setup");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to initiate email MFA setup" };
     }
@@ -10086,7 +10085,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "Email OTP enabled" }, error: null };
     } catch (error) {
-      console.log("Error completing email MFA setup:", error);
+      strapi2.log.error("Error completing email MFA setup");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to enable email MFA" };
     }
@@ -10107,7 +10106,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "Verification email sent" }, error: null };
     } catch (error) {
-      console.log("Error sending disable email OTP:", error);
+      strapi2.log.error("Error sending disable email OTP");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to send verification email" };
     }
@@ -10135,7 +10134,7 @@ const controller = ({ strapi: strapi2 }) => ({
       ctx.status = 200;
       ctx.body = { data: { message: "Verification email resent" }, error: null };
     } catch (error) {
-      console.log("Error resending login email OTP:", error);
+      strapi2.log.error("Error resending login email OTP");
       ctx.status = 500;
       ctx.body = { data: null, error: "Failed to resend verification email" };
     }
@@ -10221,35 +10220,40 @@ const config$1 = [
       pluginName: "strapi-identity",
       type: "content-api"
     },
-    config: {}
-  },
-  {
-    method: "GET",
-    path: "/config",
-    handler: "config.getConfig",
-    info: {
-      apiName: "getConfig",
-      pluginName: "strapi-identity",
-      type: "content-api"
-    },
     config: {
       policies: [
-        "admin::isAuthenticatedAdmin"
+        "admin::isAuthenticatedAdmin",
+        {
+          name: "admin::hasPermissions",
+          config: {
+            actions: [
+              "plugin::strapi-identity.settings.read"
+            ]
+          }
+        }
       ]
     }
   },
   {
     method: "GET",
-    path: "/config/email",
-    handler: "config.getEmailStatus",
+    path: "/config",
+    handler: "config.getConfig",
     info: {
-      apiName: "getEmailStatus",
+      apiName: "getConfig",
       pluginName: "strapi-identity",
       type: "content-api"
     },
     config: {
       policies: [
-        "admin::isAuthenticatedAdmin"
+        "admin::isAuthenticatedAdmin",
+        {
+          name: "admin::hasPermissions",
+          config: {
+            actions: [
+              "plugin::strapi-identity.settings.read"
+            ]
+          }
+        }
       ]
     }
   },
@@ -10278,6 +10282,22 @@ const config$1 = [
   }
 ];
 const mfa = [
+  {
+    method: "GET",
+    path: "/verify/info",
+    handler: "controller.verifyInfo",
+    info: {
+      apiName: "verifyInfo",
+      pluginName: "strapi-identity",
+      type: "content-api"
+    },
+    config: {
+      auth: false,
+      policies: [
+        "has-mfa"
+      ]
+    }
+  },
   {
     method: "POST",
     path: "/verify",
@@ -10291,6 +10311,9 @@ const mfa = [
       auth: false,
       policies: [
         "has-mfa"
+      ],
+      middlewares: [
+        "admin::rateLimit"
       ]
     }
   },
@@ -10351,7 +10374,8 @@ const mfa = [
       auth: false,
       policies: [
         "has-mfa"
-      ]
+      ],
+      middlewares: []
     }
   },
   {
@@ -10400,7 +10424,7 @@ const isEnabled$1 = (id) => {
   try {
     return mfaToken2.count({ where: { admin_user: { id }, enabled: true } }).then((count) => count > 0);
   } catch (error) {
-    console.log("Error checking if 2FA is enabled for user:", error);
+    strapi.log.error("Error checking if 2FA is enabled for user");
     return false;
   }
 };
@@ -10417,7 +10441,7 @@ const reset = async (id) => {
       existingTemp ? mfaTemp2.delete({ documentId: existingTemp.documentId }) : null
     ]);
   } catch (error) {
-    console.log("Error resetting 2FA for user:", error);
+    strapi.log.error("Error resetting 2FA for user");
     throw new Error("Failed to reset 2FA for user");
   }
 };
@@ -10481,7 +10505,7 @@ const disableEmailMFAForAllUsers = async () => {
       )
     ]);
   } catch (err) {
-    console.log("Error disabling email MFA for all users:", err);
+    strapi.log.error("Error disabling email MFA for all users");
   }
 };
 const disableMFAForAllUsers = async () => {
@@ -10497,7 +10521,7 @@ const disableMFAForAllUsers = async () => {
       ...temps.map((temp) => tempDocument.delete({ documentId: temp.documentId }))
     ]);
   } catch (err) {
-    console.log("Error disabling MFA for all users:", err);
+    strapi.log.error("Error disabling MFA for all users");
   }
 };
 const checkUserByJWT = async (jwtToken) => {
@@ -10550,7 +10574,7 @@ const send = async (to, otp) => {
     sendConfig.replyTo = config2.response_email;
   }
   return emailService.send(sendConfig).catch((error) => {
-    console.log("Error sending email:", error);
+    strapi.log.error("Error sending email");
   });
 };
 const replaceTemplateVariables = (template, variables) => {

package/dist/server/src/bootstrap.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { Plugin } from '@strapi/types';
+declare const bootstrap: Plugin.LoadedPlugin['bootstrap'];
+export default bootstrap;

package/dist/server/src/config/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { Plugin } from '@strapi/types';
+declare const config: Plugin.LoadedPlugin['config'];
+export default config;

package/dist/server/src/content-types/config/index.d.ts ADDED Viewed

@@ -0,0 +1,72 @@
+declare const _default: {
+    schema: {
+        kind: string;
+        collectionName: string;
+        info: {
+            singularName: string;
+            pluralName: string;
+            displayName: string;
+        };
+        options: {
+            draftAndPublish: boolean;
+        };
+        pluginOptions: {
+            "content-manager": {
+                visible: boolean;
+            };
+            "content-type-builder": {
+                visible: boolean;
+            };
+        };
+        attributes: {
+            enabled: {
+                type: string;
+                default: boolean;
+            };
+            enforce: {
+                type: string;
+                default: boolean;
+            };
+            issuer: {
+                type: string;
+                required: boolean;
+                default: string;
+            };
+            email_enabled: {
+                type: string;
+                default: boolean;
+            };
+            from_email: {
+                type: string;
+                required: boolean;
+                default: string;
+            };
+            from_name: {
+                type: string;
+                required: boolean;
+                default: string;
+            };
+            response_email: {
+                type: string;
+                required: boolean;
+                default: string;
+            };
+            subject: {
+                type: string;
+                required: boolean;
+                default: string;
+            };
+            text: {
+                type: string;
+                required: boolean;
+                default: string;
+            };
+            message: {
+                type: string;
+                required: boolean;
+                default: string;
+            };
+        };
+    };
+};
+export default _default;

package/dist/server/src/content-types/config/schema.json.d.ts ADDED Viewed

@@ -0,0 +1,72 @@
+declare const _default: {
+  "kind": "singleType",
+  "collectionName": "strapi-identity-config",
+  "info": {
+    "singularName": "strapi-identity-config",
+    "pluralName": "strapi-identity-configs",
+    "displayName": "Strapi Identity Config"
+  },
+  "options": {
+    "draftAndPublish": false
+  },
+  "pluginOptions": {
+    "content-manager": {
+      "visible": false
+    },
+    "content-type-builder": {
+      "visible": false
+    }
+  },
+  "attributes": {
+    "enabled": {
+      "type": "boolean",
+      "default": false
+    },
+    "enforce": {
+      "type": "boolean",
+      "default": false
+    },
+    "issuer": {
+      "type": "string",
+      "required": false,
+      "default": "Strapi"
+    },
+    "email_enabled": {
+      "type": "boolean",
+      "default": false
+    },
+    "from_email": {
+      "type": "string",
+      "required": false,
+      "default": ""
+    },
+    "from_name": {
+      "type": "string",
+      "required": false,
+      "default": ""
+    },
+    "response_email": {
+      "type": "string",
+      "required": false,
+      "default": ""
+    },
+    "subject": {
+      "type": "string",
+      "required": false,
+      "default": ""
+    },
+    "text": {
+      "type": "text",
+      "required": false,
+      "default": ""
+    },
+    "message": {
+      "type": "text",
+      "required": false,
+      "default": ""
+    }
+  }
+}
+;
+export default _default;

package/dist/server/src/content-types/email-otp/index.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+declare const _default: {
+    schema: {
+        kind: string;
+        collectionName: string;
+        info: {
+            singularName: string;
+            pluralName: string;
+            displayName: string;
+        };
+        options: {
+            draftAndPublish: boolean;
+        };
+        pluginOptions: {
+            "content-manager": {
+                visible: boolean;
+            };
+            "content-type-builder": {
+                visible: boolean;
+            };
+        };
+        attributes: {
+            admin_user: {
+                type: string;
+                relation: string;
+                target: string;
+            };
+            code_hash: {
+                type: string;
+                required: boolean;
+                private: boolean;
+            };
+            expires_at: {
+                type: string;
+                required: boolean;
+            };
+            attempts: {
+                type: string;
+                default: number;
+            };
+            purpose: {
+                type: string;
+                enum: string[];
+                default: string;
+            };
+        };
+    };
+};
+export default _default;

package/dist/server/src/content-types/email-otp/schema.json.d.ts ADDED Viewed

@@ -0,0 +1,48 @@
+declare const _default: {
+  "kind": "collectionType",
+  "collectionName": "email-otps",
+  "info": {
+    "singularName": "email-otp",
+    "pluralName": "email-otps",
+    "displayName": "Email OTP"
+  },
+  "options": {
+    "draftAndPublish": false
+  },
+  "pluginOptions": {
+    "content-manager": {
+      "visible": false
+    },
+    "content-type-builder": {
+      "visible": false
+    }
+  },
+  "attributes": {
+    "admin_user": {
+      "type": "relation",
+      "relation": "oneToOne",
+      "target": "admin::user"
+    },
+    "code_hash": {
+      "type": "string",
+      "required": true,
+      "private": true
+    },
+    "expires_at": {
+      "type": "string",
+      "required": true
+    },
+    "attempts": {
+      "type": "integer",
+      "default": 0
+    },
+    "purpose": {
+      "type": "enumeration",
+      "enum": ["login", "setup", "disable"],
+      "default": "login"
+    }
+  }
+}
+;
+export default _default;

package/dist/server/src/content-types/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import { Plugin } from '@strapi/types';
+declare const contentTypes: Plugin.LoadedPlugin['contentTypes'];
+export default contentTypes;

package/dist/server/src/content-types/mfa/index.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+declare const _default: {
+    schema: {
+        kind: string;
+        collectionName: string;
+        info: {
+            singularName: string;
+            pluralName: string;
+            displayName: string;
+        };
+        options: {
+            draftAndPublish: boolean;
+        };
+        pluginOptions: {
+            "content-manager": {
+                visible: boolean;
+            };
+            "content-type-builder": {
+                visible: boolean;
+            };
+        };
+        attributes: {
+            admin_user: {
+                type: string;
+                relation: string;
+                target: string;
+            };
+            enabled: {
+                type: string;
+                default: boolean;
+            };
+            type: {
+                type: string;
+                enum: string[];
+                default: string;
+            };
+            secret: {
+                type: string;
+                private: boolean;
+            };
+            counter: {
+                type: string;
+                default: string;
+            };
+            digits: {
+                type: string;
+                default: number;
+            };
+            recovery_codes: {
+                type: string;
+                private: boolean;
+            };
+        };
+    };
+};
+export default _default;

package/dist/server/src/content-types/mfa/schema.json.d.ts ADDED Viewed

@@ -0,0 +1,55 @@
+declare const _default: {
+  "kind": "collectionType",
+  "collectionName": "mfa-tokens",
+  "info": {
+    "singularName": "mfa-token",
+    "pluralName": "mfa-tokens",
+    "displayName": "MFA Token"
+  },
+  "options": {
+    "draftAndPublish": false
+  },
+  "pluginOptions": {
+    "content-manager": {
+      "visible": false
+    },
+    "content-type-builder": {
+      "visible": false
+    }
+  },
+  "attributes": {
+    "admin_user": {
+      "type": "relation",
+      "relation": "oneToOne",
+      "target": "admin::user"
+    },
+    "enabled": {
+      "type": "boolean",
+      "default": false
+    },
+    "type": {
+      "type": "enumeration",
+      "enum": ["totp", "hotp", "email"],
+      "default": "totp"
+    },
+    "secret": {
+      "type": "string",
+      "private": true
+    },
+    "counter": {
+      "type": "biginteger",
+      "default": "0"
+    },
+    "digits": {
+      "type": "integer",
+      "default": 6
+    },
+    "recovery_codes": {
+      "type": "json",
+      "private": true
+    }
+  }
+}
+;
+export default _default;

package/dist/server/src/content-types/temp-mfa/index.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+declare const _default: {
+    schema: {
+        kind: string;
+        collectionName: string;
+        info: {
+            singularName: string;
+            pluralName: string;
+            displayName: string;
+        };
+        options: {
+            draftAndPublish: boolean;
+        };
+        pluginOptions: {
+            "content-manager": {
+                visible: boolean;
+            };
+            "content-type-builder": {
+                visible: boolean;
+            };
+        };
+        attributes: {
+            admin_user: {
+                type: string;
+                relation: string;
+                target: string;
+            };
+            secret: {
+                type: string;
+                required: boolean;
+                private: boolean;
+            };
+        };
+    };
+};
+export default _default;