strapi-plugin-oidc 1.6.5 → 1.6.6

package/README.md

@@ -79,7 +79,7 @@ Manage the plugin under **Settings → OIDC Plugin**.
 - Bulk delete with confirmation
 - Unsaved changes are held in the UI until **Save Changes** is clicked
 
-**Audit Logs** — Every authentication event is recorded in the plugin's audit log table and visible in the **Audit Logs** section at the bottom of the settings page. A **Download** button exports all records as JSON, compatible with SIEM tools and log processors. Setting `AUDIT_LOG_RETENTION_DAYS` to `0` disables audit logging entirely. Otherwise records older than the configured value (default: 90 days) are automatically purged by a daily cron job. The audit log is also accessible [via API](#audit-log-api).
+**Audit Logs** — Every authentication event is recorded in the plugin's audit log table and visible in the **Audit Logs** section at the bottom of the settings page. A **Download** button exports all records as NDJSON (newline-delimited JSON), compatible with SIEM tools and log processors. Setting `AUDIT_LOG_RETENTION_DAYS` to `0` disables audit logging entirely. Otherwise records older than the configured value (default: 90 days) are automatically purged by a daily cron job. The audit log is also accessible [via API](#audit-log-api).
 
 **Enforce OIDC Login** — Removes the standard email/password fields from the login page and blocks direct login API calls server-side. Automatically disabled when the whitelist is empty to prevent lockout.
 
@@ -187,10 +187,10 @@ curl -X DELETE -H "Authorization: Bearer <token>" \
 
 Audit log entries can be fetched programmatically using a Strapi **API token** (Settings → API Tokens → Full Access). Endpoints are under `/api/strapi-plugin-oidc` and require `Authorization: Bearer <token>`.
 
-| Method | Path                                        | Description                   |
-| ------ | ------------------------------------------- | ----------------------------- |
-| `GET`  | `/api/strapi-plugin-oidc/audit-logs`        | Paginated list of log entries |
-| `GET`  | `/api/strapi-plugin-oidc/audit-logs/export` | All records as JSON download  |
+| Method | Path                                        | Description                    |
+| ------ | ------------------------------------------- | ------------------------------ |
+| `GET`  | `/api/strapi-plugin-oidc/audit-logs`        | Paginated list of log entries  |
+| `GET`  | `/api/strapi-plugin-oidc/audit-logs/export` | All records as NDJSON download |
 
 ### Query parameters (`GET /audit-logs`)
 
@@ -238,10 +238,10 @@ Each event is also emitted on Strapi's internal eventHub as `strapi-plugin-oidc:
 curl -H "Authorization: Bearer <token>" \
   "http://localhost:1337/api/strapi-plugin-oidc/audit-logs?page=1&pageSize=50"
 
-# JSON export
+# NDJSON export
 curl -H "Authorization: Bearer <token>" \
   http://localhost:1337/api/strapi-plugin-oidc/audit-logs/export \
-  -o oidc-audit-log.json
+  -o oidc-audit-log.ndjson
 ```
 
 ## Credits & Changes

package/dist/admin/{index-HQ2uuypE.mjs → index-CKyNupYU.mjs}

@@ -1,11 +1,11 @@
 import { jsxs, Fragment, jsx } from "react/jsx-runtime";
 import { useBlocker, Routes, Route } from "react-router-dom";
 import { useNotification, useFetchClient, Page, Layouts } from "@strapi/strapi/admin";
-import { useState, useRef, useCallback, useEffect, memo } from "react";
+import { useState, useRef, useCallback, useEffect, useReducer, useMemo, memo } from "react";
 import { Typography, Flex, Box, MultiSelect, MultiSelectOption, Dialog, Button, Table, Pagination, PreviousLink, NextLink, PageLink, Field, Divider, Thead, Tr, Th, Tbody, Td, IconButton, Tooltip, Alert } from "@strapi/design-system";
 import { WarningCircle, Download, Upload, Trash, Plus, Information } from "@strapi/icons";
 import { useIntl } from "react-intl";
-import { g as getTrad } from "./index-DgUClS5s.mjs";
+import { g as getTrad } from "./index-D2aMSVmR.mjs";
 import styled from "styled-components";
 function Role({ oidcRoles, roles, onChangeRole }) {
   const { formatMessage } = useIntl();
@@ -367,8 +367,7 @@ function AuditLog() {
         });
         return;
       }
-      const text = await response.text();
-      const blob = new Blob([text], { type: "application/x-ndjson" });
+      const blob = await response.blob();
       const url = URL.createObjectURL(blob);
       const a = document.createElement("a");
       a.href = url;
@@ -571,75 +570,201 @@ function formatDatetimeForFilename(date) {
   const seconds = String(date.getSeconds()).padStart(2, "0");
   return `${year}${month}${day}_${hours}${minutes}${seconds}`;
 }
-function deepClone(value) {
-  return JSON.parse(JSON.stringify(value));
+function downloadJson(basename, data) {
+  const datetime = formatDatetimeForFilename(/* @__PURE__ */ new Date());
+  const blob = new Blob([JSON.stringify(data, null, 2)], { type: "application/json" });
+  const url = URL.createObjectURL(blob);
+  const a = document.createElement("a");
+  a.href = url;
+  a.download = `${basename}-${datetime}.json`;
+  a.click();
+  URL.revokeObjectURL(url);
+}
+const initialState = {
+  current: {
+    oidcRoles: [],
+    users: [],
+    useWhitelist: false,
+    enforceOIDC: false
+  },
+  initial: {
+    oidcRoles: [],
+    users: [],
+    useWhitelist: false,
+    enforceOIDC: false
+  },
+  roles: [],
+  enforceOIDCConfig: null,
+  auditLogEnabled: true,
+  loading: false,
+  showSuccess: false,
+  showError: false
+};
+function reducer(state, action) {
+  switch (action.type) {
+    case "hydrate/roles":
+      return { ...state, roles: action.roles };
+    case "hydrate/oidcRoles": {
+      const snapshot = { oidcRoles: action.oidcRoles };
+      return {
+        ...state,
+        current: { ...state.current, ...snapshot },
+        initial: { ...state.initial, ...snapshot }
+      };
+    }
+    case "hydrate/whitelist": {
+      const snapshot = {
+        oidcRoles: action.snapshot.oidcRoles ?? state.current.oidcRoles,
+        users: action.snapshot.users ?? state.current.users,
+        useWhitelist: action.snapshot.useWhitelist ?? state.current.useWhitelist,
+        enforceOIDC: action.snapshot.enforceOIDC ?? state.current.enforceOIDC
+      };
+      return {
+        ...state,
+        current: snapshot,
+        initial: structuredClone(snapshot),
+        enforceOIDCConfig: action.enforceOIDCConfig,
+        auditLogEnabled: action.auditLogEnabled
+      };
+    }
+    case "patch/oidcRole":
+      return {
+        ...state,
+        current: {
+          ...state.current,
+          oidcRoles: state.current.oidcRoles.map(
+            (role) => role.oauth_type === action.oidcId ? { ...role, role: action.values } : role
+          )
+        }
+      };
+    case "user/add":
+      return {
+        ...state,
+        current: {
+          ...state.current,
+          users: [
+            ...state.current.users,
+            { email: action.email, createdAt: (/* @__PURE__ */ new Date()).toISOString() }
+          ]
+        }
+      };
+    case "user/delete": {
+      const updatedUsers = state.current.users.filter((u) => u.email !== action.email);
+      const updated = { users: updatedUsers };
+      let enforceOIDC = state.current.enforceOIDC;
+      if (state.current.useWhitelist && updatedUsers.length === 0) {
+        enforceOIDC = false;
+      }
+      return {
+        ...state,
+        current: { ...state.current, ...updated, enforceOIDC }
+      };
+    }
+    case "users/clear": {
+      const updated = { users: [] };
+      let enforceOIDC = state.current.enforceOIDC;
+      if (state.current.useWhitelist) {
+        enforceOIDC = false;
+      }
+      return {
+        ...state,
+        current: { ...state.current, ...updated, enforceOIDC }
+      };
+    }
+    case "users/replace":
+      return {
+        ...state,
+        current: { ...state.current, users: action.users }
+      };
+    case "toggle/useWhitelist": {
+      const useWhitelist = action.value;
+      let enforceOIDC = state.current.enforceOIDC;
+      if (useWhitelist && state.current.users.length === 0) {
+        enforceOIDC = false;
+      }
+      return {
+        ...state,
+        current: { ...state.current, useWhitelist, enforceOIDC }
+      };
+    }
+    case "toggle/enforceOIDC":
+      return {
+        ...state,
+        current: { ...state.current, enforceOIDC: action.value }
+      };
+    case "commit":
+      return {
+        ...state,
+        initial: structuredClone(
+          action.snapshot ? { ...state.current, ...action.snapshot } : state.current
+        )
+      };
+    case "loading":
+      return { ...state, loading: action.value };
+    case "flash/success":
+      return { ...state, showSuccess: true };
+    case "flash/error":
+      return { ...state, showError: true };
+    case "flash/clear":
+      return {
+        ...state,
+        showSuccess: action.kind === "success" ? false : state.showSuccess,
+        showError: action.kind === "error" ? false : state.showError
+      };
+    default:
+      return state;
+  }
+}
+function isDirtyPrimitive(a, b) {
+  return a !== b;
+}
+function isDirtyArray(a, b) {
+  return JSON.stringify(a) !== JSON.stringify(b);
 }
 function useOidcSettings() {
   const { get, put, post } = useFetchClient();
-  const [loading, setLoading] = useState(false);
-  const [showSuccess, setSuccess] = useState(false);
-  const [showError, setError] = useState(false);
-  const [initialOidcRoles, setInitialOIDCRoles] = useState([]);
-  const [oidcRoles, setOIDCRoles] = useState([]);
-  const [roles, setRoles] = useState([]);
-  const [initialUseWhitelist, setInitialUseWhitelist] = useState(false);
-  const [useWhitelist, setUseWhitelist] = useState(false);
-  const [initialEnforceOIDC, setInitialEnforceOIDC] = useState(false);
-  const [enforceOIDC, setEnforceOIDC] = useState(false);
-  const [enforceOIDCConfig, setEnforceOIDCConfig] = useState(null);
-  const [initialUsers, setInitialUsers] = useState([]);
-  const [users, setUsers] = useState([]);
-  const [whitelistResponse, setWhitelistResponse] = useState({});
+  const [state, dispatch] = useReducer(reducer, initialState);
   useEffect(() => {
     get(`/strapi-plugin-oidc/oidc-roles`).then((response) => {
-      setOIDCRoles(response.data);
-      setInitialOIDCRoles(deepClone(response.data));
+      dispatch({ type: "hydrate/oidcRoles", oidcRoles: response.data });
     });
     get(`/admin/roles`).then((response) => {
-      setRoles(response.data.data);
+      dispatch({ type: "hydrate/roles", roles: response.data.data });
     });
     get("/strapi-plugin-oidc/whitelist").then((response) => {
       const data = response.data;
-      setWhitelistResponse(data);
-      setUsers(data.whitelistUsers);
-      setInitialUsers(deepClone(data.whitelistUsers));
-      setUseWhitelist(data.useWhitelist);
-      setInitialUseWhitelist(data.useWhitelist);
-      setEnforceOIDC(data.enforceOIDC);
-      setInitialEnforceOIDC(data.enforceOIDC);
-      setEnforceOIDCConfig(data.enforceOIDCConfig ?? null);
+      dispatch({
+        type: "hydrate/whitelist",
+        snapshot: {
+          users: data.whitelistUsers,
+          useWhitelist: data.useWhitelist,
+          enforceOIDC: data.enforceOIDC
+        },
+        enforceOIDCConfig: data.enforceOIDCConfig ?? null,
+        auditLogEnabled: data.auditLogEnabled ?? true
+      });
     });
   }, [get]);
   const onChangeRole = useCallback((values, oidcId) => {
-    setOIDCRoles(
-      (prev) => prev.map((role) => role.oauth_type === oidcId ? { ...role, role: values } : role)
-    );
+    dispatch({ type: "patch/oidcRole", oidcId, values });
   }, []);
   const onRegisterWhitelist = useCallback((email) => {
-    setUsers((prev) => [...prev, { email, createdAt: (/* @__PURE__ */ new Date()).toISOString() }]);
+    dispatch({ type: "user/add", email });
+  }, []);
+  const onDeleteWhitelist = useCallback((email) => {
+    dispatch({ type: "user/delete", email });
   }, []);
-  const onDeleteWhitelist = useCallback(
-    (email) => {
-      setUsers((prev) => {
-        const updated = prev.filter((u) => u.email !== email);
-        if (useWhitelist && updated.length === 0) setEnforceOIDC(false);
-        return updated;
-      });
-    },
-    [useWhitelist]
-  );
   const onDeleteAll = useCallback(() => {
-    setUsers([]);
-    if (useWhitelist) setEnforceOIDC(false);
-  }, [useWhitelist]);
+    dispatch({ type: "users/clear" });
+  }, []);
   const onImport = useCallback(
     async (emails) => {
       const response = await post("/strapi-plugin-oidc/whitelist/import", {
         users: emails.map((e) => ({ email: e }))
       });
       const refreshed = await get("/strapi-plugin-oidc/whitelist");
-      setUsers(refreshed.data.whitelistUsers);
-      setInitialUsers(deepClone(refreshed.data.whitelistUsers));
+      dispatch({ type: "users/replace", users: refreshed.data.whitelistUsers });
+      dispatch({ type: "commit" });
       return response.data.importedCount;
     },
     [post, get]
@@ -647,74 +772,77 @@ function useOidcSettings() {
   const onExport = useCallback(async () => {
     const response = await get("/strapi-plugin-oidc/whitelist/export");
     const data = response.data;
-    const datetime = formatDatetimeForFilename(/* @__PURE__ */ new Date());
-    const blob = new Blob([JSON.stringify(data, null, 2)], { type: "application/json" });
-    const url = URL.createObjectURL(blob);
-    const a = document.createElement("a");
-    a.href = url;
-    a.download = `strapi-oidc-whitelist-${datetime}.json`;
-    a.click();
-    URL.revokeObjectURL(url);
+    downloadJson("strapi-oidc-whitelist", data);
   }, [get]);
-  const onToggleWhitelist = useCallback(
-    (e) => {
-      const checked = e.target.checked;
-      setUseWhitelist(checked);
-      if (checked && users.length === 0) setEnforceOIDC(false);
-    },
-    [users.length]
-  );
+  const onToggleWhitelist = useCallback((e) => {
+    dispatch({ type: "toggle/useWhitelist", value: e.target.checked });
+  }, []);
   const onToggleEnforce = useCallback((e) => {
-    setEnforceOIDC(e.target.checked);
+    dispatch({ type: "toggle/enforceOIDC", value: e.target.checked });
   }, []);
-  const isDirty = useWhitelist !== initialUseWhitelist || enforceOIDC !== initialEnforceOIDC || JSON.stringify(oidcRoles) !== JSON.stringify(initialOidcRoles) || JSON.stringify(users) !== JSON.stringify(initialUsers);
+  const isDirty = useMemo(
+    () => isDirtyPrimitive(state.current.useWhitelist, state.initial.useWhitelist) || isDirtyPrimitive(state.current.enforceOIDC, state.initial.enforceOIDC) || isDirtyArray(state.current.oidcRoles, state.initial.oidcRoles) || isDirtyArray(state.current.users, state.initial.users),
+    [state.current, state.initial]
+  );
   const onSaveAll = useCallback(async () => {
-    setLoading(true);
+    dispatch({ type: "loading", value: true });
     try {
-      await put("/strapi-plugin-oidc/oidc-roles", {
-        roles: oidcRoles.map((role) => ({ oauth_type: role.oauth_type, role: role.role }))
-      });
-      await put("/strapi-plugin-oidc/whitelist/sync", {
-        users: users.map((u) => ({ email: u.email }))
-      });
-      await put("/strapi-plugin-oidc/whitelist/settings", { useWhitelist, enforceOIDC });
-      setInitialOIDCRoles(deepClone(oidcRoles));
-      setInitialUseWhitelist(useWhitelist);
-      setInitialEnforceOIDC(enforceOIDC);
-      get("/strapi-plugin-oidc/whitelist").then((getResponse) => {
-        const data = getResponse.data;
-        setWhitelistResponse(data);
-        setUsers(data.whitelistUsers);
-        setInitialUsers(deepClone(data.whitelistUsers));
+      await Promise.all([
+        put("/strapi-plugin-oidc/oidc-roles", {
+          roles: state.current.oidcRoles.map((role) => ({
+            oauth_type: role.oauth_type,
+            role: role.role
+          }))
+        }),
+        put("/strapi-plugin-oidc/whitelist/sync", {
+          users: state.current.users.map((u) => ({ email: u.email }))
+        }),
+        put("/strapi-plugin-oidc/whitelist/settings", {
+          useWhitelist: state.current.useWhitelist,
+          enforceOIDC: state.current.enforceOIDC
+        })
+      ]);
+      dispatch({ type: "commit" });
+      const getResponse = await get("/strapi-plugin-oidc/whitelist");
+      const data = getResponse.data;
+      dispatch({
+        type: "hydrate/whitelist",
+        snapshot: {
+          users: data.whitelistUsers,
+          useWhitelist: data.useWhitelist,
+          enforceOIDC: data.enforceOIDC
+        },
+        enforceOIDCConfig: data.enforceOIDCConfig ?? null,
+        auditLogEnabled: data.auditLogEnabled ?? true
       });
-      setSuccess(true);
-      setTimeout(() => setSuccess(false), 3e3);
+      dispatch({ type: "flash/success" });
+      setTimeout(() => dispatch({ type: "flash/clear", kind: "success" }), 3e3);
     } catch (e) {
       console.error(e);
-      setError(true);
-      setTimeout(() => setError(false), 3e3);
+      dispatch({ type: "flash/error" });
+      setTimeout(() => dispatch({ type: "flash/clear", kind: "error" }), 3e3);
     } finally {
-      setLoading(false);
+      dispatch({ type: "loading", value: false });
     }
-  }, [put, get, oidcRoles, users, useWhitelist, enforceOIDC]);
+  }, [put, get, state.current]);
   return {
     state: {
-      loading,
-      showSuccess,
-      showError,
-      oidcRoles,
-      roles,
-      useWhitelist,
-      enforceOIDC,
-      enforceOIDCConfig,
-      initialEnforceOIDC,
-      users,
+      loading: state.loading,
+      showSuccess: state.showSuccess,
+      showError: state.showError,
+      oidcRoles: state.current.oidcRoles,
+      roles: state.roles,
+      useWhitelist: state.current.useWhitelist,
+      enforceOIDC: state.current.enforceOIDC,
+      enforceOIDCConfig: state.enforceOIDCConfig,
+      initialEnforceOIDC: state.initial.enforceOIDC,
+      users: state.current.users,
       isDirty,
-      auditLogEnabled: whitelistResponse.auditLogEnabled ?? true
+      auditLogEnabled: state.auditLogEnabled
     },
     actions: {
-      setSuccess,
-      setError,
+      setSuccess: (val) => dispatch({ type: val ? "flash/success" : "flash/clear", kind: "success" }),
+      setError: (val) => dispatch({ type: val ? "flash/error" : "flash/clear", kind: "error" }),
       onChangeRole,
       onRegisterWhitelist,
       onDeleteWhitelist,

package/dist/admin/{index-DgUClS5s.mjs → index-D2aMSVmR.mjs}

@@ -22,9 +22,6 @@ const pluginPkg = {
   strapi
 };
 const pluginId = pluginPkg.name.replace(/^@strapi\/plugin-/i, "");
-function getTranslation(id) {
-  return `${pluginId}.${id}`;
-}
 function Initializer({ setPlugin }) {
   const ref = useRef();
   ref.current = setPlugin;
@@ -148,7 +145,7 @@ const index = {
           defaultMessage: "Configuration"
         },
         Component: async () => {
-          return await import("./index-HQ2uuypE.mjs");
+          return await import("./index-CKyNupYU.mjs");
         },
         permissions: [{ action: "plugin::strapi-plugin-oidc.read", subject: null }]
       }
@@ -261,7 +258,7 @@ const index = {
   async registerTrads({ locales }) {
     const transformKeys = (data) => Object.fromEntries(
       Object.entries(data).map(([key, value]) => [
-        key.startsWith("global.") ? key : getTranslation(key),
+        key.startsWith("global.") ? key : `${pluginId}.${key}`,
         value
       ])
     );