strapi-plugin-magic-link-v5 5.3.5 → 5.3.7

package/dist/_chunks/{index-Cx9e2h19.mjs → index-BUHivW2a.mjs}

@@ -5,7 +5,7 @@ import { useIntl } from "react-intl";
 import { Box, Typography, Flex, Button, Accordion, SingleSelect, SingleSelectOption, Grid, Toggle, NumberInput, TextInput, Divider, Textarea, Badge } from "@strapi/design-system";
 import { Check, Cog, Lightning, Shield, Mail, CheckCircle, Code, Link, Lock, Key } from "@strapi/icons";
 import { useNotification, useFetchClient } from "@strapi/strapi/admin";
-import { g as getTrad } from "./index-8wsWImGa.mjs";
+import { g as getTrad } from "./index-C5VJ3M0F.mjs";
 import { u as usePluginLanguage, L as LicenseGuard, a as LanguageProvider } from "./LicenseGuard-B_r3b1Vh.mjs";
 const EMAIL_TEMPLATES = {
   modern: {
@@ -848,7 +848,14 @@ _Falls du diesen Link nicht angefordert hast, ignoriere diese Nachricht._`,
     e.preventDefault();
     setIsSaving(true);
     try {
-      await put("/magic-link/settings", { ...settings, ui_language: language });
+      const toSave = { ...settings, ui_language: language };
+      if (typeof toSave.context_whitelist === "string") {
+        toSave.context_whitelist = toSave.context_whitelist.split(",").map((s) => s.trim()).filter(Boolean);
+      }
+      if (typeof toSave.context_blacklist === "string") {
+        toSave.context_blacklist = toSave.context_blacklist.split(",").map((s) => s.trim()).filter(Boolean);
+      }
+      await put("/magic-link/settings", toSave);
       toggleNotification({
         type: "success",
         message: formatMessage({ id: getTrad("settings.save.success") })
@@ -1142,9 +1149,12 @@ _Falls du diesen Link nicht angefordert hast, ignoriere diese Nachricht._`,
                   TextInput,
                   {
                     hint: formatMessage({ id: getTrad("settings.context.whitelist.hint") }),
-                    value: (settings.context_whitelist || []).join(", "),
+                    value: typeof settings.context_whitelist === "string" ? settings.context_whitelist : (settings.context_whitelist || []).join(", "),
                     onChange: (e) => {
-                      const value = e.target.value;
+                      updateSetting("context_whitelist", e.target.value);
+                    },
+                    onBlur: (e) => {
+                      const value = typeof settings.context_whitelist === "string" ? settings.context_whitelist : "";
                       const list = value ? value.split(",").map((s) => s.trim()).filter(Boolean) : [];
                       updateSetting("context_whitelist", list);
                     },
@@ -1159,9 +1169,12 @@ _Falls du diesen Link nicht angefordert hast, ignoriere diese Nachricht._`,
                   TextInput,
                   {
                     hint: formatMessage({ id: getTrad("settings.context.blacklist.hint") }),
-                    value: (settings.context_blacklist || []).join(", "),
+                    value: typeof settings.context_blacklist === "string" ? settings.context_blacklist : (settings.context_blacklist || []).join(", "),
                     onChange: (e) => {
-                      const value = e.target.value;
+                      updateSetting("context_blacklist", e.target.value);
+                    },
+                    onBlur: (e) => {
+                      const value = typeof settings.context_blacklist === "string" ? settings.context_blacklist : "";
                       const list = value ? value.split(",").map((s) => s.trim()).filter(Boolean) : [];
                       updateSetting("context_blacklist", list);
                     },

package/dist/_chunks/{index-8wsWImGa.mjs → index-C5VJ3M0F.mjs}

@@ -59,7 +59,7 @@ const index = {
       },
       Component: () => import(
         /* webpackChunkName: "magic-link-tokens" */
-        "./index-CMA6rFEs.mjs"
+        "./index-CuGZgFmB.mjs"
       ),
       permissions: []
       // Leeres Array = keine Permission-Prüfung nötig
@@ -82,7 +82,7 @@ const index = {
           to: `${PLUGIN_ID}/config`,
           Component: () => import(
             /* webpackChunkName: "magic-link-settings" */
-            "./index-Cx9e2h19.mjs"
+            "./index-BUHivW2a.mjs"
           ),
           permissions: pluginPermissions.readSettings
         },
@@ -121,7 +121,7 @@ const index = {
           to: `${PLUGIN_ID}/whatsapp`,
           Component: () => import(
             /* webpackChunkName: "magic-link-whatsapp" */
-            "./index-OEvO68kw.mjs"
+            "./index-DY0oHIyx.mjs"
           ),
           permissions: []
         }

package/dist/_chunks/{index-CrTiXLRe.js → index-C9OJSkTr.js}

@@ -7,7 +7,7 @@ const styled = require("styled-components");
 const reactIntl = require("react-intl");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
-const index = require("./index-BD7sPPVF.js");
+const index = require("./index-DK6dkTEP.js");
 const admin = require("@strapi/strapi/admin");
 const LicenseGuard = require("./LicenseGuard-BEEd9IpN.js");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };

package/dist/_chunks/{index-CMA6rFEs.mjs → index-CuGZgFmB.mjs}

@@ -5,7 +5,7 @@ import styled, { keyframes, css } from "styled-components";
 import { useIntl } from "react-intl";
 import { Box, Flex, Typography, Button, TextInput, Textarea, Checkbox, IconButton, Loader, Searchbar, SingleSelect, SingleSelectOption, Thead, Tr, Th, Tbody, Td, Pagination, PreviousLink, PageLink, NextLink, Table, Badge, VisuallyHidden, Main } from "@strapi/design-system";
 import { Cross, Sparkle, Check, Shield, Clock, Lock, Trash, ArrowClockwise, CaretDown, User, Monitor, Calendar, Plus, Earth, WarningCircle, Server, Eye, Mail, Cog, Key, Link } from "@strapi/icons";
-import { g as getTrad, P as PLUGIN_ID } from "./index-8wsWImGa.mjs";
+import { g as getTrad, P as PLUGIN_ID } from "./index-C5VJ3M0F.mjs";
 import { useFetchClient, useNotification } from "@strapi/strapi/admin";
 import { L as LicenseGuard, a as LanguageProvider } from "./LicenseGuard-B_r3b1Vh.mjs";
 const CreateTokenModal = ({ isOpen, onClose, onSubmit, formData, setFormData }) => {

package/dist/_chunks/{index-BD7sPPVF.js → index-DK6dkTEP.js}

@@ -60,7 +60,7 @@ const index = {
       },
       Component: () => Promise.resolve().then(() => require(
         /* webpackChunkName: "magic-link-tokens" */
-        "./index-CrTiXLRe.js"
+        "./index-C9OJSkTr.js"
       )),
       permissions: []
       // Leeres Array = keine Permission-Prüfung nötig
@@ -83,7 +83,7 @@ const index = {
           to: `${PLUGIN_ID}/config`,
           Component: () => Promise.resolve().then(() => require(
             /* webpackChunkName: "magic-link-settings" */
-            "./index-EZVtOYIf.js"
+            "./index-wXx2DRow.js"
           )),
           permissions: pluginPermissions.readSettings
         },
@@ -122,7 +122,7 @@ const index = {
           to: `${PLUGIN_ID}/whatsapp`,
           Component: () => Promise.resolve().then(() => require(
             /* webpackChunkName: "magic-link-whatsapp" */
-            "./index-UIfKHe3H.js"
+            "./index-JjtRSZnt.js"
           )),
           permissions: []
         }

package/dist/_chunks/{index-OEvO68kw.mjs → index-DY0oHIyx.mjs}

@@ -5,7 +5,7 @@ import { useIntl } from "react-intl";
 import { Flex, Loader, Box, Typography, Button, TextInput, Badge } from "@strapi/design-system";
 import { Phone, Check, Message, ArrowClockwise } from "@strapi/icons";
 import { useNotification, useFetchClient } from "@strapi/strapi/admin";
-import { g as getTrad } from "./index-8wsWImGa.mjs";
+import { g as getTrad } from "./index-C5VJ3M0F.mjs";
 const theme = {
   colors: {
     primary: { 700: "#075985", 100: "#E0F2FE", 50: "#F0F9FF" },

package/dist/_chunks/{index-UIfKHe3H.js → index-JjtRSZnt.js}

@@ -7,7 +7,7 @@ const reactIntl = require("react-intl");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
 const admin = require("@strapi/strapi/admin");
-const index = require("./index-BD7sPPVF.js");
+const index = require("./index-DK6dkTEP.js");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const styled__default = /* @__PURE__ */ _interopDefault(styled);
 const theme = {

package/dist/_chunks/{index-EZVtOYIf.js → index-wXx2DRow.js}

@@ -7,7 +7,7 @@ const reactIntl = require("react-intl");
 const designSystem = require("@strapi/design-system");
 const icons = require("@strapi/icons");
 const admin = require("@strapi/strapi/admin");
-const index = require("./index-BD7sPPVF.js");
+const index = require("./index-DK6dkTEP.js");
 const LicenseGuard = require("./LicenseGuard-BEEd9IpN.js");
 const _interopDefault = (e) => e && e.__esModule ? e : { default: e };
 const styled__default = /* @__PURE__ */ _interopDefault(styled);
@@ -852,7 +852,14 @@ _Falls du diesen Link nicht angefordert hast, ignoriere diese Nachricht._`,
     e.preventDefault();
     setIsSaving(true);
     try {
-      await put("/magic-link/settings", { ...settings, ui_language: language });
+      const toSave = { ...settings, ui_language: language };
+      if (typeof toSave.context_whitelist === "string") {
+        toSave.context_whitelist = toSave.context_whitelist.split(",").map((s) => s.trim()).filter(Boolean);
+      }
+      if (typeof toSave.context_blacklist === "string") {
+        toSave.context_blacklist = toSave.context_blacklist.split(",").map((s) => s.trim()).filter(Boolean);
+      }
+      await put("/magic-link/settings", toSave);
       toggleNotification({
         type: "success",
         message: formatMessage({ id: index.getTrad("settings.save.success") })
@@ -1146,9 +1153,12 @@ _Falls du diesen Link nicht angefordert hast, ignoriere diese Nachricht._`,
                   designSystem.TextInput,
                   {
                     hint: formatMessage({ id: index.getTrad("settings.context.whitelist.hint") }),
-                    value: (settings.context_whitelist || []).join(", "),
+                    value: typeof settings.context_whitelist === "string" ? settings.context_whitelist : (settings.context_whitelist || []).join(", "),
                     onChange: (e) => {
-                      const value = e.target.value;
+                      updateSetting("context_whitelist", e.target.value);
+                    },
+                    onBlur: (e) => {
+                      const value = typeof settings.context_whitelist === "string" ? settings.context_whitelist : "";
                       const list = value ? value.split(",").map((s) => s.trim()).filter(Boolean) : [];
                       updateSetting("context_whitelist", list);
                     },
@@ -1163,9 +1173,12 @@ _Falls du diesen Link nicht angefordert hast, ignoriere diese Nachricht._`,
                   designSystem.TextInput,
                   {
                     hint: formatMessage({ id: index.getTrad("settings.context.blacklist.hint") }),
-                    value: (settings.context_blacklist || []).join(", "),
+                    value: typeof settings.context_blacklist === "string" ? settings.context_blacklist : (settings.context_blacklist || []).join(", "),
                     onChange: (e) => {
-                      const value = e.target.value;
+                      updateSetting("context_blacklist", e.target.value);
+                    },
+                    onBlur: (e) => {
+                      const value = typeof settings.context_blacklist === "string" ? settings.context_blacklist : "";
                       const list = value ? value.split(",").map((s) => s.trim()).filter(Boolean) : [];
                       updateSetting("context_blacklist", list);
                     },

package/dist/admin/index.js

@@ -1,4 +1,4 @@
 "use strict";
-const index = require("../_chunks/index-BD7sPPVF.js");
+const index = require("../_chunks/index-DK6dkTEP.js");
 require("@strapi/icons");
 module.exports = index.index;

package/dist/admin/index.mjs

@@ -1,4 +1,4 @@
-import { i } from "../_chunks/index-8wsWImGa.mjs";
+import { i } from "../_chunks/index-C5VJ3M0F.mjs";
 import "@strapi/icons";
 export {
   i as default

package/dist/server/index.js

@@ -23591,20 +23591,22 @@ var auth$1 = {
     } catch (e2) {
       context = {};
     }
-    const allowedContextFields = ["redirectUrl", "locale", "source", "ttl", "metadata"];
+    const sensitiveKeys = ["password", "secret", "apiKey", "token", "resetPasswordToken", "confirmationToken"];
     const sanitizedContext = {};
-    for (const field of allowedContextFields) {
-      if (context[field] !== void 0) {
-        if (typeof context[field] === "string") {
-          sanitizedContext[field] = String(context[field]).substring(0, 500);
-        } else if (typeof context[field] === "number" && !isNaN(context[field])) {
-          sanitizedContext[field] = context[field];
-        } else if (typeof context[field] === "object" && context[field] !== null) {
-          try {
-            const jsonStr = JSON.stringify(context[field]).substring(0, 1e3);
-            sanitizedContext[field] = JSON.parse(jsonStr);
-          } catch {
-          }
+    for (const [key, val] of Object.entries(context)) {
+      if (sensitiveKeys.includes(key)) continue;
+      if (val === void 0) continue;
+      if (typeof val === "string") {
+        sanitizedContext[key] = val.substring(0, 2e3);
+      } else if (typeof val === "boolean") {
+        sanitizedContext[key] = val;
+      } else if (typeof val === "number" && !isNaN(val)) {
+        sanitizedContext[key] = val;
+      } else if (typeof val === "object" && val !== null) {
+        try {
+          const jsonStr = JSON.stringify(val).substring(0, 5e3);
+          sanitizedContext[key] = JSON.parse(jsonStr);
+        } catch {
         }
       }
     }
@@ -23809,10 +23811,30 @@ var auth$1 = {
     delete sanitizedUser.resetPasswordToken;
     delete sanitizedUser.confirmationToken;
     delete sanitizedUser.roles;
+    const mfaSensitiveKeys = ["password", "secret", "apiKey", "token", "resetPasswordToken", "confirmationToken", "requiresTOTP", "totpVerified", "userId"];
+    const mfaSanitizedContext = {};
+    for (const [key, val] of Object.entries(context)) {
+      if (mfaSensitiveKeys.includes(key)) continue;
+      if (val === void 0) continue;
+      if (typeof val === "string") {
+        mfaSanitizedContext[key] = val.substring(0, 2e3);
+      } else if (typeof val === "boolean") {
+        mfaSanitizedContext[key] = val;
+      } else if (typeof val === "number" && !isNaN(val)) {
+        mfaSanitizedContext[key] = val;
+      } else if (typeof val === "object" && val !== null) {
+        try {
+          const jsonStr = JSON.stringify(val).substring(0, 5e3);
+          mfaSanitizedContext[key] = JSON.parse(jsonStr);
+        } catch {
+        }
+      }
+    }
     const settings = await magicLink2.settings();
     const jwtToken = jwtService.issue({
       id: user.id,
-      mfaVerified: true
+      mfaVerified: true,
+      context: mfaSanitizedContext
     });
     let expirationTime = settings.jwt_token_expires_in || "30d";
     let expiresAt = /* @__PURE__ */ new Date();
@@ -23843,7 +23865,8 @@ var auth$1 = {
         userAgent: requestInfo.userAgent,
         source: "Magic Link + TOTP (MFA)",
         lastUsedAt: (/* @__PURE__ */ new Date()).toISOString(),
-        mfaVerified: true
+        mfaVerified: true,
+        context: mfaSanitizedContext
       });
       await pluginStore.set({ key: "jwt_sessions", value: jwtSessions });
     } catch (error2) {
@@ -23853,6 +23876,7 @@ var auth$1 = {
       jwt: jwtToken,
       user: sanitizedUser,
       mfaVerified: true,
+      context: mfaSanitizedContext,
       expires_at: expiresAt.toISOString()
     });
   },
@@ -25526,8 +25550,42 @@ var otp$3 = {
         return ctx.badRequest("User not found");
       }
       const user = users[0];
+      let tokenContext = {};
+      if (magicLinkToken) {
+        try {
+          const magicLinkService = strapi.plugin("magic-link").service("magic-link");
+          const token2 = await magicLinkService.fetchToken(magicLinkToken);
+          if (token2 && token2.context) {
+            tokenContext = token2.context;
+          }
+        } catch (e2) {
+          strapi.log.warn("[OTP] Could not retrieve magic link token context:", e2.message);
+        }
+      }
+      const sensitiveKeys = ["password", "secret", "apiKey", "token", "resetPasswordToken", "confirmationToken"];
+      const sanitizedContext = {};
+      for (const [key, val] of Object.entries(tokenContext)) {
+        if (sensitiveKeys.includes(key)) continue;
+        if (val === void 0) continue;
+        if (typeof val === "string") {
+          sanitizedContext[key] = val.substring(0, 2e3);
+        } else if (typeof val === "boolean") {
+          sanitizedContext[key] = val;
+        } else if (typeof val === "number" && !isNaN(val)) {
+          sanitizedContext[key] = val;
+        } else if (typeof val === "object" && val !== null) {
+          try {
+            const jsonStr = JSON.stringify(val).substring(0, 5e3);
+            sanitizedContext[key] = JSON.parse(jsonStr);
+          } catch {
+          }
+        }
+      }
       const jwtService = strapi.plugin("users-permissions").service("jwt");
-      const jwt2 = jwtService.issue({ id: user.id });
+      const jwt2 = jwtService.issue({
+        id: user.id,
+        context: sanitizedContext
+      });
       const pluginStore = strapi.store({
         type: "plugin",
         name: "magic-link"
@@ -25550,7 +25608,8 @@ var otp$3 = {
           id: user.id,
           username: user.username,
           email: user.email
-        }
+        },
+        context: sanitizedContext
       });
     } catch (error2) {
       strapi.log.error("Error verifying OTP:", error2);

package/dist/server/index.mjs

@@ -23557,20 +23557,22 @@ var auth$1 = {
     } catch (e2) {
       context = {};
     }
-    const allowedContextFields = ["redirectUrl", "locale", "source", "ttl", "metadata"];
+    const sensitiveKeys = ["password", "secret", "apiKey", "token", "resetPasswordToken", "confirmationToken"];
     const sanitizedContext = {};
-    for (const field of allowedContextFields) {
-      if (context[field] !== void 0) {
-        if (typeof context[field] === "string") {
-          sanitizedContext[field] = String(context[field]).substring(0, 500);
-        } else if (typeof context[field] === "number" && !isNaN(context[field])) {
-          sanitizedContext[field] = context[field];
-        } else if (typeof context[field] === "object" && context[field] !== null) {
-          try {
-            const jsonStr = JSON.stringify(context[field]).substring(0, 1e3);
-            sanitizedContext[field] = JSON.parse(jsonStr);
-          } catch {
-          }
+    for (const [key, val] of Object.entries(context)) {
+      if (sensitiveKeys.includes(key)) continue;
+      if (val === void 0) continue;
+      if (typeof val === "string") {
+        sanitizedContext[key] = val.substring(0, 2e3);
+      } else if (typeof val === "boolean") {
+        sanitizedContext[key] = val;
+      } else if (typeof val === "number" && !isNaN(val)) {
+        sanitizedContext[key] = val;
+      } else if (typeof val === "object" && val !== null) {
+        try {
+          const jsonStr = JSON.stringify(val).substring(0, 5e3);
+          sanitizedContext[key] = JSON.parse(jsonStr);
+        } catch {
         }
       }
     }
@@ -23775,10 +23777,30 @@ var auth$1 = {
     delete sanitizedUser.resetPasswordToken;
     delete sanitizedUser.confirmationToken;
     delete sanitizedUser.roles;
+    const mfaSensitiveKeys = ["password", "secret", "apiKey", "token", "resetPasswordToken", "confirmationToken", "requiresTOTP", "totpVerified", "userId"];
+    const mfaSanitizedContext = {};
+    for (const [key, val] of Object.entries(context)) {
+      if (mfaSensitiveKeys.includes(key)) continue;
+      if (val === void 0) continue;
+      if (typeof val === "string") {
+        mfaSanitizedContext[key] = val.substring(0, 2e3);
+      } else if (typeof val === "boolean") {
+        mfaSanitizedContext[key] = val;
+      } else if (typeof val === "number" && !isNaN(val)) {
+        mfaSanitizedContext[key] = val;
+      } else if (typeof val === "object" && val !== null) {
+        try {
+          const jsonStr = JSON.stringify(val).substring(0, 5e3);
+          mfaSanitizedContext[key] = JSON.parse(jsonStr);
+        } catch {
+        }
+      }
+    }
     const settings = await magicLink2.settings();
     const jwtToken = jwtService.issue({
       id: user.id,
-      mfaVerified: true
+      mfaVerified: true,
+      context: mfaSanitizedContext
     });
     let expirationTime = settings.jwt_token_expires_in || "30d";
     let expiresAt = /* @__PURE__ */ new Date();
@@ -23809,7 +23831,8 @@ var auth$1 = {
         userAgent: requestInfo.userAgent,
         source: "Magic Link + TOTP (MFA)",
         lastUsedAt: (/* @__PURE__ */ new Date()).toISOString(),
-        mfaVerified: true
+        mfaVerified: true,
+        context: mfaSanitizedContext
       });
       await pluginStore.set({ key: "jwt_sessions", value: jwtSessions });
     } catch (error2) {
@@ -23819,6 +23842,7 @@ var auth$1 = {
       jwt: jwtToken,
       user: sanitizedUser,
       mfaVerified: true,
+      context: mfaSanitizedContext,
       expires_at: expiresAt.toISOString()
     });
   },
@@ -25492,8 +25516,42 @@ var otp$3 = {
         return ctx.badRequest("User not found");
       }
       const user = users[0];
+      let tokenContext = {};
+      if (magicLinkToken) {
+        try {
+          const magicLinkService = strapi.plugin("magic-link").service("magic-link");
+          const token2 = await magicLinkService.fetchToken(magicLinkToken);
+          if (token2 && token2.context) {
+            tokenContext = token2.context;
+          }
+        } catch (e2) {
+          strapi.log.warn("[OTP] Could not retrieve magic link token context:", e2.message);
+        }
+      }
+      const sensitiveKeys = ["password", "secret", "apiKey", "token", "resetPasswordToken", "confirmationToken"];
+      const sanitizedContext = {};
+      for (const [key, val] of Object.entries(tokenContext)) {
+        if (sensitiveKeys.includes(key)) continue;
+        if (val === void 0) continue;
+        if (typeof val === "string") {
+          sanitizedContext[key] = val.substring(0, 2e3);
+        } else if (typeof val === "boolean") {
+          sanitizedContext[key] = val;
+        } else if (typeof val === "number" && !isNaN(val)) {
+          sanitizedContext[key] = val;
+        } else if (typeof val === "object" && val !== null) {
+          try {
+            const jsonStr = JSON.stringify(val).substring(0, 5e3);
+            sanitizedContext[key] = JSON.parse(jsonStr);
+          } catch {
+          }
+        }
+      }
       const jwtService = strapi.plugin("users-permissions").service("jwt");
-      const jwt2 = jwtService.issue({ id: user.id });
+      const jwt2 = jwtService.issue({
+        id: user.id,
+        context: sanitizedContext
+      });
       const pluginStore = strapi.store({
         type: "plugin",
         name: "magic-link"
@@ -25516,7 +25574,8 @@ var otp$3 = {
           id: user.id,
           username: user.username,
           email: user.email
-        }
+        },
+        context: sanitizedContext
       });
     } catch (error2) {
       strapi.log.error("Error verifying OTP:", error2);

package/package.json

@@ -1,5 +1,5 @@
 {
-  "version": "5.3.5",
+  "version": "5.3.7",
   "keywords": [],
   "type": "commonjs",
   "exports": {