strapi/packages/plugins/users-permissions/server/controllers/validation/auth.js

'use strict';

const { yup, validateYupSchema } = require('@strapi/utils');

const callbackSchema = yup.object({
  identifier: yup.string().required(),
  password: yup.string().required(),
});

const createRegisterSchema = (config) =>
  yup.object({
    email: yup.string().email().required(),
    username: yup.string().required(),
    password: yup
      .string()
      .required()
      .test(function (value) {
        if (!value) return true;
        const isValid = new TextEncoder().encode(value).length <= 72;
        if (!isValid) {
          return this.createError({ message: 'Password must be less than 73 bytes' });
        }
        return true;
      })
      .test(async function (value) {
        if (typeof config?.validatePassword === 'function') {
          try {
            const isValid = await config.validatePassword(value);
            if (!isValid) {
              return this.createError({ message: 'Password validation failed.' });
            }
          } catch (error) {
            return this.createError({ message: error.message || 'An error occurred.' });
          }
        }
        return true;
      }),
  });

const sendEmailConfirmationSchema = yup.object({
  email: yup.string().email().required(),
});

const validateEmailConfirmationSchema = yup.object({
  confirmation: yup.string().required(),
});

const forgotPasswordSchema = yup
  .object({
    email: yup.string().email().required(),
  })
  .noUnknown();

const createResetPasswordSchema = (config) =>
  yup
    .object({
      password: yup
        .string()
        .required()
        .test(function (value) {
          if (!value) return true;
          const isValid = new TextEncoder().encode(value).length <= 72;
          if (!isValid) {
            return this.createError({ message: 'Password must be less than 73 bytes' });
          }
          return true;
        })
        .test(async function (value) {
          if (typeof config?.validatePassword === 'function') {
            try {
              const isValid = await config.validatePassword(value);
              if (!isValid) {
                return this.createError({ message: 'Password validation failed.' });
              }
            } catch (error) {
              return this.createError({ message: error.message || 'An error occurred.' });
            }
          }
          return true;
        }),
      passwordConfirmation: yup
        .string()
        .required()
        .oneOf([yup.ref('password')], 'Passwords do not match'),

      code: yup.string().required(),
    })
    .noUnknown();

const createChangePasswordSchema = (config) =>
  yup
    .object({
      password: yup
        .string()
        .required()
        .test(function (value) {
          if (!value) return true;
          const isValid = new TextEncoder().encode(value).length <= 72;
          if (!isValid) {
            return this.createError({ message: 'Password must be less than 73 bytes' });
          }
          return true;
        })
        .test(async function (value) {
          if (typeof config?.validatePassword === 'function') {
            try {
              const isValid = await config.validatePassword(value);
              if (!isValid) {
                return this.createError({ message: 'Password validation failed.' });
              }
            } catch (error) {
              return this.createError({ message: error.message || 'An error occurred.' });
            }
          }
          return true;
        }),
      passwordConfirmation: yup
        .string()
        .required()
        .oneOf([yup.ref('password')], 'Passwords do not match'),
      currentPassword: yup.string().required(),
    })
    .noUnknown();

module.exports = {
  validateCallbackBody: validateYupSchema(callbackSchema),
  validateRegisterBody: (payload, config) =>
    validateYupSchema(createRegisterSchema(config))(payload),
  validateSendEmailConfirmationBody: validateYupSchema(sendEmailConfirmationSchema),
  validateEmailConfirmationBody: validateYupSchema(validateEmailConfirmationSchema),
  validateForgotPasswordBody: validateYupSchema(forgotPasswordSchema),
  validateResetPasswordBody: (payload, config) =>
    validateYupSchema(createResetPasswordSchema(config))(payload),
  validateChangePasswordBody: (payload, config) =>
    validateYupSchema(createChangePasswordSchema(config))(payload),
};
refactor error handling 2021-10-20 17:30:05 +02:00			`'use strict';`

clean yup validations 2021-11-03 19:31:57 +01:00			`const { yup, validateYupSchema } = require('@strapi/utils');`
refactor error handling 2021-10-20 17:30:05 +02:00
Refactor providers and cleanup auth code 2022-06-01 16:22:19 +02:00			`const callbackSchema = yup.object({`
refactor error handling 2021-10-20 17:30:05 +02:00			`identifier: yup.string().required(),`
			`password: yup.string().required(),`
			`});`

fix: refactoring validation methods 2024-10-02 12:03:28 +03:00			`const createRegisterSchema = (config) =>`
feat: add password rules config to users-permissions 2024-09-27 10:54:37 +03:00			`yup.object({`
			`email: yup.string().email().required(),`
			`username: yup.string().required(),`
			`password: yup`
			`.string()`
			`.required()`
fix: validation message shape 2025-01-29 16:54:15 +01:00			`.test(function (value) {`
			`if (!value) return true;`
			`const isValid = new TextEncoder().encode(value).length <= 72;`
			`if (!isValid) {`
			`return this.createError({ message: 'Password must be less than 73 bytes' });`
fix: validation on front-end forms 2025-01-29 12:34:22 +01:00			`}`
fix: validation message shape 2025-01-29 16:54:15 +01:00			`return true;`
			`})`
feat: use yup.test and make error messages customizable 2024-09-30 16:28:57 +03:00			`.test(async function (value) {`
			`if (typeof config?.validatePassword === 'function') {`
			`try {`
			`const isValid = await config.validatePassword(value);`
			`if (!isValid) {`
			`return this.createError({ message: 'Password validation failed.' });`
			`}`
			`} catch (error) {`
			`return this.createError({ message: error.message \|\| 'An error occurred.' });`
			`}`
			`}`
			`return true;`
feat: add validatePassword to the plugin configs 2024-09-27 12:59:32 +03:00			`}),`
feat: add password rules config to users-permissions 2024-09-27 10:54:37 +03:00			`});`
refactor error handling 2021-10-20 17:30:05 +02:00
Refactor providers and cleanup auth code 2022-06-01 16:22:19 +02:00			`const sendEmailConfirmationSchema = yup.object({`
Prettier and backend fix 2022-08-08 23:33:39 +02:00			`email: yup.string().email().required(),`
refactor error handling 2021-10-20 17:30:05 +02:00			`});`

Cleanup email confirmation api 2022-06-01 17:59:30 +02:00			`const validateEmailConfirmationSchema = yup.object({`
			`confirmation: yup.string().required(),`
			`});`

Refactor providers and cleanup auth code 2022-06-01 16:22:19 +02:00			`const forgotPasswordSchema = yup`
			`.object({`
Prettier and backend fix 2022-08-08 23:33:39 +02:00			`email: yup.string().email().required(),`
Fix username vs email registration and login issues 2022-05-31 19:38:08 +02:00			`})`
			`.noUnknown();`

fix: refactoring validation methods 2024-10-02 12:03:28 +03:00			`const createResetPasswordSchema = (config) =>`
feat: add password rules config to users-permissions 2024-09-27 10:54:37 +03:00			`yup`
			`.object({`
			`password: yup`
			`.string()`
			`.required()`
fix: validation message shape 2025-01-29 16:54:15 +01:00			`.test(function (value) {`
			`if (!value) return true;`
			`const isValid = new TextEncoder().encode(value).length <= 72;`
			`if (!isValid) {`
			`return this.createError({ message: 'Password must be less than 73 bytes' });`
fix: validation on front-end forms 2025-01-29 12:34:22 +01:00			`}`
fix: validation message shape 2025-01-29 16:54:15 +01:00			`return true;`
			`})`
feat: use yup.test and make error messages customizable 2024-09-30 16:28:57 +03:00			`.test(async function (value) {`
			`if (typeof config?.validatePassword === 'function') {`
			`try {`
			`const isValid = await config.validatePassword(value);`
			`if (!isValid) {`
			`return this.createError({ message: 'Password validation failed.' });`
			`}`
			`} catch (error) {`
			`return this.createError({ message: error.message \|\| 'An error occurred.' });`
			`}`
			`}`
			`return true;`
feat: add validatePassword to the plugin configs 2024-09-27 12:59:32 +03:00			`}),`
feat: add password rules config to users-permissions 2024-09-27 10:54:37 +03:00			`passwordConfirmation: yup`
			`.string()`
			`.required()`
			`.oneOf([yup.ref('password')], 'Passwords do not match'),`

			`code: yup.string().required(),`
			`})`
			`.noUnknown();`

fix: refactoring validation methods 2024-10-02 12:03:28 +03:00			`const createChangePasswordSchema = (config) =>`
feat: add password rules config to users-permissions 2024-09-27 10:54:37 +03:00			`yup`
			`.object({`
			`password: yup`
			`.string()`
			`.required()`
fix: validation message shape 2025-01-29 16:54:15 +01:00			`.test(function (value) {`
			`if (!value) return true;`
			`const isValid = new TextEncoder().encode(value).length <= 72;`
			`if (!isValid) {`
			`return this.createError({ message: 'Password must be less than 73 bytes' });`
fix: validation on front-end forms 2025-01-29 12:34:22 +01:00			`}`
fix: validation message shape 2025-01-29 16:54:15 +01:00			`return true;`
			`})`
feat: use yup.test and make error messages customizable 2024-09-30 16:28:57 +03:00			`.test(async function (value) {`
			`if (typeof config?.validatePassword === 'function') {`
			`try {`
			`const isValid = await config.validatePassword(value);`
			`if (!isValid) {`
			`return this.createError({ message: 'Password validation failed.' });`
			`}`
			`} catch (error) {`
			`return this.createError({ message: error.message \|\| 'An error occurred.' });`
			`}`
			`}`
			`return true;`
feat: add validatePassword to the plugin configs 2024-09-27 12:59:32 +03:00			`}),`
feat: add password rules config to users-permissions 2024-09-27 10:54:37 +03:00			`passwordConfirmation: yup`
			`.string()`
			`.required()`
			`.oneOf([yup.ref('password')], 'Passwords do not match'),`
			`currentPassword: yup.string().required(),`
			`})`
			`.noUnknown();`
Apply feedback and finish some tasks 2022-08-02 20:58:37 +02:00
refactor error handling 2021-10-20 17:30:05 +02:00			`module.exports = {`
Refactor providers and cleanup auth code 2022-06-01 16:22:19 +02:00			`validateCallbackBody: validateYupSchema(callbackSchema),`
fix: refactoring validation methods 2024-10-02 12:03:28 +03:00			`validateRegisterBody: (payload, config) =>`
			`validateYupSchema(createRegisterSchema(config))(payload),`
Refactor providers and cleanup auth code 2022-06-01 16:22:19 +02:00			`validateSendEmailConfirmationBody: validateYupSchema(sendEmailConfirmationSchema),`
Cleanup email confirmation api 2022-06-01 17:59:30 +02:00			`validateEmailConfirmationBody: validateYupSchema(validateEmailConfirmationSchema),`
Refactor providers and cleanup auth code 2022-06-01 16:22:19 +02:00			`validateForgotPasswordBody: validateYupSchema(forgotPasswordSchema),`
fix: refactoring validation methods 2024-10-02 12:03:28 +03:00			`validateResetPasswordBody: (payload, config) =>`
			`validateYupSchema(createResetPasswordSchema(config))(payload),`
			`validateChangePasswordBody: (payload, config) =>`
			`validateYupSchema(createChangePasswordSchema(config))(payload),`
refactor error handling 2021-10-20 17:30:05 +02:00			`};`