strapi/packages/plugins/users-permissions/server/bootstrap/index.js

'use strict';

/**
 * An asynchronous bootstrap function that runs before
 * your application gets started.
 *
 * This gives you an opportunity to set up your data model,
 * run jobs, or perform some special logic.
 */
const crypto = require('crypto');
const _ = require('lodash');
const { getService } = require('../utils');
const usersPermissionsActions = require('./users-permissions-actions');

const initGrant = async (pluginStore) => {
  const allProviders = getService('providers-registry').getAll();

  const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {
    const { icon, enabled, grantConfig } = provider;

    acc[name] = {
      icon,
      enabled,
      ...grantConfig,
    };
    return acc;
  }, {});

  const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};

  if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {
    // merge with the previous provider config.
    _.keys(grantConfig).forEach((key) => {
      if (key in prevGrantConfig) {
        grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);
      }
    });
    await pluginStore.set({ key: 'grant', value: grantConfig });
  }
};

const initEmails = async (pluginStore) => {
  if (!(await pluginStore.get({ key: 'email' }))) {
    const value = {
      reset_password: {
        display: 'Email.template.reset_password',
        icon: 'sync',
        options: {
          from: {
            name: 'Administration Panel',
            email: 'no-reply@strapi.io',
          },
          response_email: '',
          object: 'Reset password',
          message: `<p>We heard that you lost your password. Sorry about that!</p>

<p>But don’t worry! You can use the following link to reset your password:</p>
<p><%= URL %>?code=<%= TOKEN %></p>

<p>Thanks.</p>`,
        },
      },
      email_confirmation: {
        display: 'Email.template.email_confirmation',
        icon: 'check-square',
        options: {
          from: {
            name: 'Administration Panel',
            email: 'no-reply@strapi.io',
          },
          response_email: '',
          object: 'Account confirmation',
          message: `<p>Thank you for registering!</p>

<p>You have to confirm your email address. Please click on the link below.</p>

<p><%= URL %>?confirmation=<%= CODE %></p>

<p>Thanks.</p>`,
        },
      },
    };

    await pluginStore.set({ key: 'email', value });
  }
};

const initAdvancedOptions = async (pluginStore) => {
  if (!(await pluginStore.get({ key: 'advanced' }))) {
    const value = {
      unique_email: true,
      allow_register: true,
      email_confirmation: false,
      email_reset_password: null,
      email_confirmation_redirection: null,
      default_role: 'authenticated',
    };

    await pluginStore.set({ key: 'advanced', value });
  }
};

module.exports = async ({ strapi }) => {
  const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });

  await initGrant(pluginStore);
  await initEmails(pluginStore);
  await initAdvancedOptions(pluginStore);

  await strapi
    .service('admin::permission')
    .actionProvider.registerMany(usersPermissionsActions.actions);

  await getService('users-permissions').initialize();

  if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
    if (process.env.NODE_ENV !== 'development') {
      throw new Error(
        `Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
      );
    }

    const jwtSecret = crypto.randomBytes(16).toString('base64');

    strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);

    if (!process.env.JWT_SECRET) {
      const envPath = process.env.ENV_PATH || '.env';
      strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
      strapi.log.info(
        `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`
      );
    }
  }
};
-												Add bootstrap function in plugins

											
										
										
											2017-11-17 11:17:20 +01:00
+								'use strict';
 								/**
 								 * An asynchronous bootstrap function that runs before
 								 * your application gets started.
 								 *
 								 * This gives you an opportunity to set up your data model,
 								 * run jobs, or perform some special logic.
 								 */
-												harmonize secret generation + don't generate in production mode

											
										
										
											2022-01-24 18:13:27 +01:00
+								const crypto = require('crypto');
-												Add eslint to users-permissions backend

											
										
										
											2018-04-30 18:26:56 +02:00
+								const _ = require('lodash');
-												migrate plugin structures to V4

											
										
										
											2021-08-19 16:49:33 +02:00
+								const { getService } = require('../utils');
 								const usersPermissionsActions = require('./users-permissions-actions');
-												add route GET /admin/permissions

Signed-off-by: Pierre Noël <petersg83@gmail.com>

											
										
										
											2020-06-04 18:30:26 +02:00
-												Prettier and backend fix

											
										
										
											2022-08-08 23:33:39 +02:00
+								const initGrant = async (pluginStore) => {
-												enhancement: add a way to register a u&p provider

											
										
										
											2024-06-26 11:06:02 +02:00
+								  const allProviders = getService('providers-registry').getAll();
-												Move u&p providers urls

											
										
										
											2021-10-26 16:51:29 +02:00
-												enhancement: add a way to register a u&p provider

											
										
										
											2024-06-26 11:06:02 +02:00
+								  const grantConfig = Object.entries(allProviders).reduce((acc, [name, provider]) => {
 								    const { icon, enabled, grantConfig } = provider;
 								    acc[name] = {
 								      icon,
 								      enabled,
 								      ...grantConfig,
 								    };
 								    return acc;
 								  }, {});
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								  const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};
-												enhancement: add a way to register a u&p provider

											
										
										
											2024-06-26 11:06:02 +02:00
 								  if (!prevGrantConfig || !_.isEqual(prevGrantConfig, grantConfig)) {
-												merge the previous provider config

											
										
										
											2018-04-24 22:18:21 +08:00
+								    // merge with the previous provider config.
-												Prettier and backend fix

											
										
										
											2022-08-08 23:33:39 +02:00
+								    _.keys(grantConfig).forEach((key) => {
-												merge the previous provider config

											
										
										
											2018-04-24 22:18:21 +08:00
+								      if (key in prevGrantConfig) {
 								        grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);
 								      }
 								    });
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								    await pluginStore.set({ key: 'grant', value: grantConfig });
-												Add provider connection

											
										
										
											2018-01-12 15:20:13 +01:00
+								  }
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
+								};
-												Add provider connection

											
										
										
											2018-01-12 15:20:13 +01:00
-												Prettier and backend fix

											
										
										
											2022-08-08 23:33:39 +02:00
+								const initEmails = async (pluginStore) => {
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								  if (!(await pluginStore.get({ key: 'email' }))) {
-												New format store constructor
strapi.store(source).get(params)
strapi.store(source).set({params, value})

Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com>

											
										
										
											2018-02-06 13:10:43 +01:00
+								    const value = {
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								      reset_password: {
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								        display: 'Email.template.reset_password',
-												Dynamic zone edit view ui

											
										
										
											2019-11-19 16:17:15 +01:00
+								        icon: 'sync',
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								        options: {
 								          from: {
 								            name: 'Administration Panel',
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								            email: 'no-reply@strapi.io',
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								          },
 								          response_email: '',
-												Remove soft hyphen (U+00AD) from reset password email subject line

											
										
										
											2020-01-11 11:29:24 -05:00
+								          object: 'Reset password',
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								          message: `<p>We heard that you lost your password. Sorry about that!</p>
-												Use email templte config reset password

											
										
										
											2018-01-15 14:50:53 +01:00
-												Fix css and wording

As seen in the demo I removed the test transform capitalize in the ListRow component.
Add width to the iconContainer so it s now perfectly aligned.
Add missing trad key and change wording for the toggle label

											
										
										
											2018-01-26 17:31:52 +01:00
+								<p>But don’t worry! You can use the following link to reset your password:</p>
-												Merge branch 'master' into fix/users-front
											
										
										
											2018-01-26 17:37:01 +01:00
+								<p><%= URL %>?code=<%= TOKEN %></p>
-												Use email templte config reset password

											
										
										
											2018-01-15 14:50:53 +01:00
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								<p>Thanks.</p>`,
 								        },
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								      },
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								      email_confirmation: {
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								        display: 'Email.template.email_confirmation',
-												Dynamic zone edit view ui

											
										
										
											2019-11-19 16:17:15 +01:00
+								        icon: 'check-square',
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								        options: {
 								          from: {
 								            name: 'Administration Panel',
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								            email: 'no-reply@strapi.io',
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								          },
 								          response_email: '',
 								          object: 'Account confirmation',
-												Modify template for english


											
										
										
											2018-08-27 08:11:23 -07:00
+								          message: `<p>Thank you for registering!</p>
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
-												Update bootstrap.js
											
										
										
											2018-08-23 12:00:46 +02:00
+								<p>You have to confirm your email address. Please click on the link below.</p>
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
 								<p><%= URL %>?confirmation=<%= CODE %></p>
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								<p>Thanks.</p>`,
 								        },
 								      },
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								    };
-												Create email template config file

											
										
										
											2018-01-15 11:29:38 +01:00
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								    await pluginStore.set({ key: 'email', value });
-												Create email template config file

											
										
										
											2018-01-15 11:29:38 +01:00
+								  }
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
+								};
-												Create email template config file

											
										
										
											2018-01-15 11:29:38 +01:00
-												Prettier and backend fix

											
										
										
											2022-08-08 23:33:39 +02:00
+								const initAdvancedOptions = async (pluginStore) => {
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								  if (!(await pluginStore.get({ key: 'advanced' }))) {
-												New format store constructor
strapi.store(source).get(params)
strapi.store(source).set({params, value})

Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com>

											
										
										
											2018-02-06 13:10:43 +01:00
+								    const value = {
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								      unique_email: true,
-												Add default role in advanced settings

											
										
										
											2018-03-12 15:56:25 +01:00
+								      allow_register: true,
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								      email_confirmation: false,
-												update doc + add localhost in confirmation links if url is not set

Signed-off-by: Pierre Noël <petersg83@gmail.com>

											
										
										
											2020-07-17 14:24:31 +02:00
+								      email_reset_password: null,
 								      email_confirmation_redirection: null,
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								      default_role: 'authenticated',
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								    };
-												Generate advanced configs

											
										
										
											2018-01-15 15:01:21 +01:00
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								    await pluginStore.set({ key: 'advanced', value });
-												Generate advanced configs

											
										
										
											2018-01-15 15:01:21 +01:00
+								  }
-												Add bootstrap function in plugins

											
										
										
											2017-11-17 11:17:20 +01:00
+								};
-												Prettier and backend fix

											
										
										
											2022-08-08 23:33:39 +02:00
 								module.exports = async ({ strapi }) => {
 								  const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
 								  await initGrant(pluginStore);
 								  await initEmails(pluginStore);
 								  await initAdvancedOptions(pluginStore);
-												chore: use strapi.service instead of strapi.admin.services

											
										
										
											2024-03-27 23:16:51 +01:00
+								  await strapi
 								    .service('admin::permission')
 								    .actionProvider.registerMany(usersPermissionsActions.actions);
-												Prettier and backend fix

											
										
										
											2022-08-08 23:33:39 +02:00
 								  await getService('users-permissions').initialize();
-												fix(core): use module uid for config namespace instead of dot notation


											
										
										
											2024-03-11 12:28:46 +01:00
+								  if (!strapi.config.get('plugin::users-permissions.jwtSecret')) {
-												Prettier and backend fix

											
										
										
											2022-08-08 23:33:39 +02:00
+								    if (process.env.NODE_ENV !== 'development') {
 								      throw new Error(
 								        `Missing jwtSecret. Please, set configuration variable "jwtSecret" for the users-permissions plugin in config/plugins.js (ex: you can generate one using Node with \`crypto.randomBytes(16).toString('base64')\`).
 								For security reasons, prefer storing the secret in an environment variable and read it in config/plugins.js. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
 								      );
 								    }
 								    const jwtSecret = crypto.randomBytes(16).toString('base64');
-												fix(core): use module uid for config namespace instead of dot notation


											
										
										
											2024-03-11 12:28:46 +01:00
+								    strapi.config.set('plugin::users-permissions.jwtSecret', jwtSecret);
-												Prettier and backend fix

											
										
										
											2022-08-08 23:33:39 +02:00
 								    if (!process.env.JWT_SECRET) {
 								      const envPath = process.env.ENV_PATH || '.env';
 								      strapi.fs.appendFile(envPath, `JWT_SECRET=${jwtSecret}\n`);
 								      strapi.log.info(
 								        `The Users & Permissions plugin automatically generated a jwt secret and stored it in ${envPath} under the name JWT_SECRET.`
 								      );
 								    }
 								  }
 								};