2017-11-14 11:49:19 +01:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Auth.js controller
|
|
|
|
*
|
|
|
|
* @description: A set of functions called "actions" for managing `Auth`.
|
|
|
|
*/
|
|
|
|
|
2018-04-30 18:26:56 +02:00
|
|
|
/* eslint-disable no-useless-escape */
|
2017-11-16 18:00:15 +01:00
|
|
|
const crypto = require('crypto');
|
2018-04-30 18:26:56 +02:00
|
|
|
const _ = require('lodash');
|
2019-06-27 18:24:04 +02:00
|
|
|
const grant = require('grant-koa');
|
2019-09-12 10:50:52 +02:00
|
|
|
const { sanitizeEntity } = require('strapi-utils');
|
2019-01-18 16:08:15 +01:00
|
|
|
|
2018-01-23 13:35:51 +01:00
|
|
|
const emailRegExp = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
|
2019-08-21 12:10:23 +02:00
|
|
|
const formatError = error => [
|
|
|
|
{ messages: [{ id: error.id, message: error.message, field: error.field }] },
|
|
|
|
];
|
2017-11-16 14:12:03 +01:00
|
|
|
|
2017-11-14 11:49:19 +01:00
|
|
|
module.exports = {
|
2019-07-15 23:16:50 +02:00
|
|
|
async callback(ctx) {
|
2017-11-14 11:49:19 +01:00
|
|
|
const provider = ctx.params.provider || 'local';
|
|
|
|
const params = ctx.request.body;
|
|
|
|
|
2018-02-06 13:10:43 +01:00
|
|
|
const store = await strapi.store({
|
2018-02-13 15:04:21 +01:00
|
|
|
environment: '',
|
2018-02-06 13:10:43 +01:00
|
|
|
type: 'plugin',
|
2019-04-09 12:09:03 +02:00
|
|
|
name: 'users-permissions',
|
2018-02-06 13:10:43 +01:00
|
|
|
});
|
|
|
|
|
2017-11-14 11:49:19 +01:00
|
|
|
if (provider === 'local') {
|
2019-08-21 12:10:23 +02:00
|
|
|
if (!_.get(await store.get({ key: 'grant' }), 'email.enabled')) {
|
2018-01-18 16:01:52 +01:00
|
|
|
return ctx.badRequest(null, 'This provider is disabled.');
|
|
|
|
}
|
|
|
|
|
2017-11-14 11:49:19 +01:00
|
|
|
// The identifier is required.
|
|
|
|
if (!params.identifier) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.email.provide',
|
|
|
|
message: 'Please provide your username or your e-mail.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-11-14 11:49:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// The password is required.
|
|
|
|
if (!params.password) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.password.provide',
|
|
|
|
message: 'Please provide your password.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-11-14 11:49:19 +01:00
|
|
|
}
|
|
|
|
|
2020-02-06 11:15:25 +01:00
|
|
|
const query = {
|
|
|
|
provider,
|
|
|
|
};
|
2017-11-14 11:49:19 +01:00
|
|
|
|
|
|
|
// Check if the provided identifier is an email or not.
|
2018-01-23 13:35:51 +01:00
|
|
|
const isEmail = emailRegExp.test(params.identifier);
|
2017-11-14 11:49:19 +01:00
|
|
|
|
|
|
|
// Set the identifier to the appropriate query field.
|
|
|
|
if (isEmail) {
|
2018-01-23 13:35:51 +01:00
|
|
|
query.email = params.identifier.toLowerCase();
|
2017-11-14 11:49:19 +01:00
|
|
|
} else {
|
|
|
|
query.username = params.identifier;
|
|
|
|
}
|
|
|
|
|
2019-08-06 00:51:27 +02:00
|
|
|
// Check if the user exists.
|
2020-03-06 19:16:23 +01:00
|
|
|
const user = await strapi.query('user', 'users-permissions').findOne(query);
|
2017-11-20 16:28:50 +01:00
|
|
|
|
|
|
|
if (!user) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.invalid',
|
|
|
|
message: 'Identifier or password invalid.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2018-10-23 18:44:49 +02:00
|
|
|
}
|
2017-11-20 16:28:50 +01:00
|
|
|
|
2019-04-09 12:09:03 +02:00
|
|
|
if (
|
|
|
|
_.get(await store.get({ key: 'advanced' }), 'email_confirmation') &&
|
|
|
|
user.confirmed !== true
|
|
|
|
) {
|
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.confirmed',
|
|
|
|
message: 'Your account email is not confirmed',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2018-09-05 11:14:03 +02:00
|
|
|
}
|
|
|
|
|
2019-04-09 12:09:03 +02:00
|
|
|
if (user.blocked === true) {
|
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.blocked',
|
|
|
|
message: 'Your account has been blocked by an administrator',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2018-01-24 11:38:42 +01:00
|
|
|
}
|
|
|
|
|
2018-03-14 16:56:12 +01:00
|
|
|
// The user never authenticated with the `local` provider.
|
2017-11-20 16:28:50 +01:00
|
|
|
if (!user.password) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.password.local',
|
|
|
|
message:
|
2020-01-10 07:40:17 -05:00
|
|
|
'This user never set a local password, please login with the provider used during account creation.',
|
2019-08-21 12:10:23 +02:00
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-11-20 16:28:50 +01:00
|
|
|
}
|
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
const validPassword = strapi.plugins['users-permissions'].services.user.validatePassword(
|
|
|
|
params.password,
|
|
|
|
user.password
|
|
|
|
);
|
2017-11-20 16:28:50 +01:00
|
|
|
|
|
|
|
if (!validPassword) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.invalid',
|
|
|
|
message: 'Identifier or password invalid.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-11-20 16:28:50 +01:00
|
|
|
} else {
|
|
|
|
ctx.send({
|
2019-08-13 16:31:29 +02:00
|
|
|
jwt: strapi.plugins['users-permissions'].services.jwt.issue({
|
|
|
|
id: user.id,
|
|
|
|
}),
|
2019-09-12 10:50:52 +02:00
|
|
|
user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
|
|
|
|
model: strapi.query('user', 'users-permissions').model,
|
|
|
|
}),
|
2017-11-20 16:28:50 +01:00
|
|
|
});
|
2017-11-14 11:49:19 +01:00
|
|
|
}
|
|
|
|
} else {
|
2019-04-09 12:09:03 +02:00
|
|
|
if (!_.get(await store.get({ key: 'grant' }), [provider, 'enabled'])) {
|
2019-08-21 12:10:23 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
|
|
|
formatError({
|
|
|
|
id: 'provider.disabled',
|
|
|
|
message: 'This provider is disabled.',
|
|
|
|
})
|
|
|
|
);
|
2018-01-29 13:12:49 +01:00
|
|
|
}
|
|
|
|
|
2020-01-10 07:40:17 -05:00
|
|
|
// Connect the user with the third-party provider.
|
2018-01-25 15:04:42 +01:00
|
|
|
let user, error;
|
2018-01-25 11:52:17 +01:00
|
|
|
try {
|
2020-03-06 19:16:23 +01:00
|
|
|
[user, error] = await strapi.plugins['users-permissions'].services.providers.connect(
|
|
|
|
provider,
|
|
|
|
ctx.query
|
|
|
|
);
|
2019-04-09 12:09:03 +02:00
|
|
|
} catch ([user, error]) {
|
2019-08-21 12:10:23 +02:00
|
|
|
return ctx.badRequest(null, error === 'array' ? error[0] : error);
|
2018-01-15 15:19:59 +01:00
|
|
|
}
|
|
|
|
|
2018-01-25 15:04:42 +01:00
|
|
|
if (!user) {
|
2019-08-21 12:10:23 +02:00
|
|
|
return ctx.badRequest(null, error === 'array' ? error[0] : error);
|
2018-01-25 15:04:42 +01:00
|
|
|
}
|
|
|
|
|
2018-01-12 15:20:13 +01:00
|
|
|
ctx.send({
|
2019-08-13 16:31:29 +02:00
|
|
|
jwt: strapi.plugins['users-permissions'].services.jwt.issue({
|
|
|
|
id: user.id,
|
|
|
|
}),
|
2019-09-12 10:50:52 +02:00
|
|
|
user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
|
|
|
|
model: strapi.query('user', 'users-permissions').model,
|
|
|
|
}),
|
2018-01-12 15:20:13 +01:00
|
|
|
});
|
2017-11-14 11:49:19 +01:00
|
|
|
}
|
2017-11-16 14:12:03 +01:00
|
|
|
},
|
|
|
|
|
2019-07-15 23:16:50 +02:00
|
|
|
async changePassword(ctx) {
|
2017-12-07 15:21:54 +01:00
|
|
|
const params = _.assign({}, ctx.request.body, ctx.params);
|
2017-11-16 14:12:03 +01:00
|
|
|
|
2019-04-09 12:09:03 +02:00
|
|
|
if (
|
|
|
|
params.password &&
|
|
|
|
params.passwordConfirmation &&
|
|
|
|
params.password === params.passwordConfirmation &&
|
|
|
|
params.code
|
|
|
|
) {
|
2019-07-15 23:16:50 +02:00
|
|
|
const user = await strapi
|
|
|
|
.query('user', 'users-permissions')
|
2019-11-04 17:40:27 +01:00
|
|
|
.findOne({ resetPasswordToken: `${params.code}` });
|
2017-11-16 14:12:03 +01:00
|
|
|
|
2017-12-07 15:21:54 +01:00
|
|
|
if (!user) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.code.provide',
|
|
|
|
message: 'Incorrect code provided.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-12-07 15:21:54 +01:00
|
|
|
}
|
2017-11-16 14:12:03 +01:00
|
|
|
|
2017-12-07 15:21:54 +01:00
|
|
|
// Delete the current code
|
|
|
|
user.resetPasswordToken = null;
|
2017-11-16 14:12:03 +01:00
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
user.password = await strapi.plugins['users-permissions'].services.user.hashPassword({
|
|
|
|
password: params.password,
|
|
|
|
});
|
2017-11-16 14:29:49 +01:00
|
|
|
|
2017-12-07 15:21:54 +01:00
|
|
|
// Update the user.
|
2020-03-06 19:16:23 +01:00
|
|
|
await strapi.query('user', 'users-permissions').update({ id: user.id }, user);
|
2017-12-06 11:47:39 +01:00
|
|
|
|
|
|
|
ctx.send({
|
2019-08-13 16:31:29 +02:00
|
|
|
jwt: strapi.plugins['users-permissions'].services.jwt.issue({
|
|
|
|
id: user.id,
|
|
|
|
}),
|
2019-09-12 10:50:52 +02:00
|
|
|
user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
|
|
|
|
model: strapi.query('user', 'users-permissions').model,
|
|
|
|
}),
|
2017-12-06 11:47:39 +01:00
|
|
|
});
|
2019-04-09 12:09:03 +02:00
|
|
|
} else if (
|
|
|
|
params.password &&
|
|
|
|
params.passwordConfirmation &&
|
|
|
|
params.password !== params.passwordConfirmation
|
|
|
|
) {
|
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.password.matching',
|
|
|
|
message: 'Passwords do not match.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-12-07 15:21:54 +01:00
|
|
|
} else {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.params.provide',
|
|
|
|
message: 'Incorrect params provided.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-12-06 11:47:39 +01:00
|
|
|
}
|
2017-11-16 18:00:15 +01:00
|
|
|
},
|
|
|
|
|
2019-07-15 23:16:50 +02:00
|
|
|
async connect(ctx, next) {
|
2019-04-09 12:09:03 +02:00
|
|
|
const grantConfig = await strapi
|
|
|
|
.store({
|
|
|
|
environment: '',
|
|
|
|
type: 'plugin',
|
|
|
|
name: 'users-permissions',
|
|
|
|
key: 'grant',
|
|
|
|
})
|
|
|
|
.get();
|
|
|
|
|
|
|
|
const [protocol, host] = strapi.config.url.split('://');
|
2018-10-09 13:03:59 +02:00
|
|
|
_.defaultsDeep(grantConfig, { server: { protocol, host } });
|
2018-01-25 09:59:24 +01:00
|
|
|
|
2020-01-15 11:18:12 +01:00
|
|
|
const [requestPath] = ctx.request.url.split('?');
|
2019-04-09 12:09:03 +02:00
|
|
|
const provider =
|
2020-03-06 19:16:23 +01:00
|
|
|
process.platform === 'win32' ? requestPath.split('\\')[2] : requestPath.split('/')[2];
|
2018-02-01 18:12:38 +01:00
|
|
|
const config = grantConfig[provider];
|
2018-01-25 09:59:24 +01:00
|
|
|
|
|
|
|
if (!_.get(config, 'enabled')) {
|
|
|
|
return ctx.badRequest(null, 'This provider is disabled.');
|
|
|
|
}
|
2019-08-26 10:41:50 +04:30
|
|
|
// Ability to pass OAuth callback dynamically
|
2019-10-09 17:37:16 +02:00
|
|
|
grantConfig[provider].callback =
|
2020-03-06 19:16:23 +01:00
|
|
|
ctx.query && ctx.query.callback ? ctx.query.callback : grantConfig[provider].callback;
|
2019-06-27 18:24:04 +02:00
|
|
|
return grant(grantConfig)(ctx, next);
|
2018-01-25 09:59:24 +01:00
|
|
|
},
|
|
|
|
|
2019-07-15 23:16:50 +02:00
|
|
|
async forgotPassword(ctx) {
|
2019-11-26 16:03:06 +01:00
|
|
|
let { email } = ctx.request.body;
|
|
|
|
|
|
|
|
// Check if the provided email is valid or not.
|
|
|
|
const isEmail = emailRegExp.test(email);
|
|
|
|
|
|
|
|
if (isEmail) {
|
|
|
|
email = email.toLowerCase();
|
|
|
|
} else {
|
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.email.format',
|
|
|
|
message: 'Please provide valid email address.',
|
|
|
|
})
|
|
|
|
);
|
|
|
|
}
|
2019-10-09 17:37:16 +02:00
|
|
|
|
|
|
|
const pluginStore = await strapi.store({
|
|
|
|
environment: '',
|
|
|
|
type: 'plugin',
|
|
|
|
name: 'users-permissions',
|
|
|
|
});
|
2017-11-16 18:00:15 +01:00
|
|
|
|
2020-01-10 07:40:17 -05:00
|
|
|
// Find the user by email.
|
2020-03-06 19:16:23 +01:00
|
|
|
const user = await strapi.query('user', 'users-permissions').findOne({ email });
|
2017-11-16 18:00:15 +01:00
|
|
|
|
|
|
|
// User not found.
|
|
|
|
if (!user) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.user.not-exist',
|
|
|
|
message: 'This email does not exist.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-11-16 18:00:15 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Generate random token.
|
|
|
|
const resetPasswordToken = crypto.randomBytes(64).toString('hex');
|
|
|
|
|
2017-11-17 11:41:23 +01:00
|
|
|
// Set the property code.
|
2017-11-16 18:00:15 +01:00
|
|
|
user.resetPasswordToken = resetPasswordToken;
|
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
const settings = await pluginStore.get({ key: 'email' }).then(storeEmail => {
|
|
|
|
try {
|
|
|
|
return storeEmail['reset_password'].options;
|
|
|
|
} catch (error) {
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
});
|
2019-10-09 17:37:16 +02:00
|
|
|
|
|
|
|
const advanced = await pluginStore.get({
|
|
|
|
key: 'advanced',
|
|
|
|
});
|
2019-04-09 12:09:03 +02:00
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
settings.message = await strapi.plugins['users-permissions'].services.userspermissions.template(
|
|
|
|
settings.message,
|
|
|
|
{
|
|
|
|
URL: advanced.email_reset_password,
|
|
|
|
USER: _.omit(user.toJSON ? user.toJSON() : user, [
|
|
|
|
'password',
|
|
|
|
'resetPasswordToken',
|
|
|
|
'role',
|
|
|
|
'provider',
|
|
|
|
]),
|
|
|
|
TOKEN: resetPasswordToken,
|
|
|
|
}
|
|
|
|
);
|
2017-12-04 14:11:00 +01:00
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
settings.object = await strapi.plugins['users-permissions'].services.userspermissions.template(
|
|
|
|
settings.object,
|
|
|
|
{
|
|
|
|
USER: _.omit(user.toJSON ? user.toJSON() : user, [
|
|
|
|
'password',
|
|
|
|
'resetPasswordToken',
|
|
|
|
'role',
|
|
|
|
'provider',
|
|
|
|
]),
|
|
|
|
}
|
|
|
|
);
|
2019-03-01 16:28:44 +01:00
|
|
|
|
2017-12-04 14:00:09 +01:00
|
|
|
try {
|
2018-01-15 14:50:53 +01:00
|
|
|
// Send an email to the user.
|
2017-12-04 14:00:09 +01:00
|
|
|
await strapi.plugins['email'].services.email.send({
|
|
|
|
to: user.email,
|
2019-04-09 12:09:03 +02:00
|
|
|
from:
|
|
|
|
settings.from.email || settings.from.name
|
2020-01-18 16:39:27 -05:00
|
|
|
? `${settings.from.name} <${settings.from.email}>`
|
2019-04-09 12:09:03 +02:00
|
|
|
: undefined,
|
2018-01-19 13:34:55 +01:00
|
|
|
replyTo: settings.response_email,
|
2018-01-25 08:38:46 +01:00
|
|
|
subject: settings.object,
|
|
|
|
text: settings.message,
|
2019-04-09 12:09:03 +02:00
|
|
|
html: settings.message,
|
2017-12-04 14:00:09 +01:00
|
|
|
});
|
|
|
|
} catch (err) {
|
|
|
|
return ctx.badRequest(null, err);
|
|
|
|
}
|
|
|
|
|
2017-11-16 18:00:15 +01:00
|
|
|
// Update the user.
|
2020-03-06 19:16:23 +01:00
|
|
|
await strapi.query('user', 'users-permissions').update({ id: user.id }, user);
|
2017-11-16 18:00:15 +01:00
|
|
|
|
2017-12-04 13:40:07 +01:00
|
|
|
ctx.send({ ok: true });
|
2017-11-17 11:41:23 +01:00
|
|
|
},
|
|
|
|
|
2019-07-15 23:16:50 +02:00
|
|
|
async register(ctx) {
|
2018-08-23 18:28:13 +02:00
|
|
|
const pluginStore = await strapi.store({
|
2018-02-13 15:04:21 +01:00
|
|
|
environment: '',
|
2018-02-06 13:10:43 +01:00
|
|
|
type: 'plugin',
|
2019-04-09 12:09:03 +02:00
|
|
|
name: 'users-permissions',
|
2018-08-23 18:28:13 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
const settings = await pluginStore.get({
|
2019-04-09 12:09:03 +02:00
|
|
|
key: 'advanced',
|
2018-08-23 18:28:13 +02:00
|
|
|
});
|
2018-03-12 16:06:54 +01:00
|
|
|
|
|
|
|
if (!settings.allow_register) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.advanced.allow_register',
|
|
|
|
message: 'Register action is currently disabled.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2018-01-15 15:19:59 +01:00
|
|
|
}
|
|
|
|
|
2017-12-07 15:21:54 +01:00
|
|
|
const params = _.assign(ctx.request.body, {
|
2019-04-09 12:09:03 +02:00
|
|
|
provider: 'local',
|
2017-12-07 15:21:54 +01:00
|
|
|
});
|
2017-11-17 11:41:23 +01:00
|
|
|
|
2017-12-07 15:21:54 +01:00
|
|
|
// Password is required.
|
|
|
|
if (!params.password) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.password.provide',
|
|
|
|
message: 'Please provide your password.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-12-07 15:21:54 +01:00
|
|
|
}
|
2017-11-17 11:41:23 +01:00
|
|
|
|
2019-07-15 23:16:50 +02:00
|
|
|
// Email is required.
|
|
|
|
if (!params.email) {
|
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.email.provide',
|
|
|
|
message: 'Please provide your email.',
|
|
|
|
})
|
2019-07-15 23:16:50 +02:00
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2017-12-07 15:21:54 +01:00
|
|
|
// Throw an error if the password selected by the user
|
|
|
|
// contains more than two times the symbol '$'.
|
2020-03-06 19:16:23 +01:00
|
|
|
if (strapi.plugins['users-permissions'].services.user.isHashed(params.password)) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.password.format',
|
2020-03-06 19:16:23 +01:00
|
|
|
message: 'Your password cannot contain more than three times the symbol `$`.',
|
2019-08-21 12:10:23 +02:00
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-12-07 15:21:54 +01:00
|
|
|
}
|
2017-11-17 11:41:23 +01:00
|
|
|
|
2019-07-15 23:16:50 +02:00
|
|
|
const role = await strapi
|
|
|
|
.query('role', 'users-permissions')
|
2019-04-09 12:09:03 +02:00
|
|
|
.findOne({ type: settings.default_role }, []);
|
2018-01-17 18:50:12 +01:00
|
|
|
|
|
|
|
if (!role) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.role.notFound',
|
|
|
|
message: 'Impossible to find the default role.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2017-12-07 15:21:54 +01:00
|
|
|
}
|
2017-11-17 11:41:23 +01:00
|
|
|
|
2018-07-13 20:29:41 +05:30
|
|
|
// Check if the provided email is valid or not.
|
|
|
|
const isEmail = emailRegExp.test(params.email);
|
2018-01-24 11:52:09 +01:00
|
|
|
|
2018-01-23 13:35:51 +01:00
|
|
|
if (isEmail) {
|
2018-07-13 20:29:41 +05:30
|
|
|
params.email = params.email.toLowerCase();
|
2019-11-03 10:41:21 +11:00
|
|
|
} else {
|
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.email.format',
|
|
|
|
message: 'Please provide valid email address.',
|
|
|
|
})
|
|
|
|
);
|
2018-01-23 13:35:51 +01:00
|
|
|
}
|
2018-01-24 11:52:09 +01:00
|
|
|
|
2019-08-13 16:31:29 +02:00
|
|
|
params.role = role.id;
|
2020-03-06 19:16:23 +01:00
|
|
|
params.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params);
|
2017-12-07 15:21:54 +01:00
|
|
|
|
2019-07-15 23:16:50 +02:00
|
|
|
const user = await strapi.query('user', 'users-permissions').findOne({
|
|
|
|
email: params.email,
|
|
|
|
});
|
2018-01-15 17:58:11 +01:00
|
|
|
|
|
|
|
if (user && user.provider === params.provider) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.email.taken',
|
|
|
|
message: 'Email is already taken.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2018-01-15 17:58:11 +01:00
|
|
|
}
|
|
|
|
|
2018-09-03 14:19:51 +02:00
|
|
|
if (user && user.provider !== params.provider && settings.unique_email) {
|
2019-04-09 12:09:03 +02:00
|
|
|
return ctx.badRequest(
|
|
|
|
null,
|
2019-08-21 12:10:23 +02:00
|
|
|
formatError({
|
|
|
|
id: 'Auth.form.error.email.taken',
|
|
|
|
message: 'Email is already taken.',
|
|
|
|
})
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2018-01-15 17:58:11 +01:00
|
|
|
}
|
|
|
|
|
2017-12-07 15:21:54 +01:00
|
|
|
try {
|
2018-08-23 18:28:13 +02:00
|
|
|
if (!settings.email_confirmation) {
|
|
|
|
params.confirmed = true;
|
|
|
|
}
|
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
const user = await strapi.query('user', 'users-permissions').create(params);
|
2017-11-17 11:41:23 +01:00
|
|
|
|
2019-04-09 12:09:03 +02:00
|
|
|
const jwt = strapi.plugins['users-permissions'].services.jwt.issue(
|
2019-07-15 23:16:50 +02:00
|
|
|
_.pick(user.toJSON ? user.toJSON() : user, ['id'])
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2018-08-08 17:57:02 +02:00
|
|
|
|
|
|
|
if (settings.email_confirmation) {
|
2020-03-06 19:16:23 +01:00
|
|
|
const settings = await pluginStore.get({ key: 'email' }).then(storeEmail => {
|
|
|
|
try {
|
|
|
|
return storeEmail['email_confirmation'].options;
|
|
|
|
} catch (error) {
|
|
|
|
return {};
|
|
|
|
}
|
|
|
|
});
|
2019-04-09 12:09:03 +02:00
|
|
|
|
|
|
|
settings.message = await strapi.plugins[
|
|
|
|
'users-permissions'
|
|
|
|
].services.userspermissions.template(settings.message, {
|
2020-03-06 19:16:23 +01:00
|
|
|
URL: new URL('/auth/email-confirmation', strapi.config.url).toString(),
|
2019-04-09 12:09:03 +02:00
|
|
|
USER: _.omit(user.toJSON ? user.toJSON() : user, [
|
|
|
|
'password',
|
|
|
|
'resetPasswordToken',
|
|
|
|
'role',
|
|
|
|
'provider',
|
|
|
|
]),
|
|
|
|
CODE: jwt,
|
2018-08-08 17:57:02 +02:00
|
|
|
});
|
|
|
|
|
2019-04-09 12:09:03 +02:00
|
|
|
settings.object = await strapi.plugins[
|
|
|
|
'users-permissions'
|
|
|
|
].services.userspermissions.template(settings.object, {
|
|
|
|
USER: _.omit(user.toJSON ? user.toJSON() : user, [
|
|
|
|
'password',
|
|
|
|
'resetPasswordToken',
|
|
|
|
'role',
|
|
|
|
'provider',
|
|
|
|
]),
|
2018-08-08 17:57:02 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
try {
|
|
|
|
// Send an email to the user.
|
|
|
|
await strapi.plugins['email'].services.email.send({
|
2019-02-06 21:57:50 +02:00
|
|
|
to: (user.toJSON ? user.toJSON() : user).email,
|
2019-04-09 12:09:03 +02:00
|
|
|
from:
|
|
|
|
settings.from.email && settings.from.name
|
2020-01-18 16:39:27 -05:00
|
|
|
? `${settings.from.name} <${settings.from.email}>`
|
2019-04-09 12:09:03 +02:00
|
|
|
: undefined,
|
2018-08-08 17:57:02 +02:00
|
|
|
replyTo: settings.response_email,
|
|
|
|
subject: settings.object,
|
|
|
|
text: settings.message,
|
2019-04-09 12:09:03 +02:00
|
|
|
html: settings.message,
|
2018-08-08 17:57:02 +02:00
|
|
|
});
|
|
|
|
} catch (err) {
|
|
|
|
return ctx.badRequest(null, err);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-20 16:28:50 +01:00
|
|
|
ctx.send({
|
2019-04-09 12:09:03 +02:00
|
|
|
jwt,
|
2019-09-12 10:50:52 +02:00
|
|
|
user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
|
|
|
|
model: strapi.query('user', 'users-permissions').model,
|
|
|
|
}),
|
2017-11-20 16:28:50 +01:00
|
|
|
});
|
2019-04-09 12:09:03 +02:00
|
|
|
} catch (err) {
|
|
|
|
const adminError = _.includes(err.message, 'username')
|
2019-08-21 12:10:23 +02:00
|
|
|
? {
|
|
|
|
id: 'Auth.form.error.username.taken',
|
|
|
|
message: 'Username already taken',
|
|
|
|
}
|
|
|
|
: { id: 'Auth.form.error.email.taken', message: 'Email already taken' };
|
2019-04-09 12:09:03 +02:00
|
|
|
|
2019-08-21 12:10:23 +02:00
|
|
|
ctx.badRequest(null, formatError(adminError));
|
2017-11-17 11:41:23 +01:00
|
|
|
}
|
2018-08-08 17:57:02 +02:00
|
|
|
},
|
|
|
|
|
2020-03-23 17:57:54 +01:00
|
|
|
async emailConfirmation(ctx, returnUser) {
|
2018-08-08 17:57:02 +02:00
|
|
|
const params = ctx.query;
|
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
const decodedToken = await strapi.plugins['users-permissions'].services.jwt.verify(
|
|
|
|
params.confirmation
|
|
|
|
);
|
2018-08-08 17:57:02 +02:00
|
|
|
|
2020-03-23 17:57:54 +01:00
|
|
|
let user = await strapi.plugins['users-permissions'].services.user.edit(
|
2019-08-13 16:31:29 +02:00
|
|
|
{ id: decodedToken.id },
|
2019-06-08 18:50:07 +02:00
|
|
|
{ confirmed: true }
|
2019-04-09 12:09:03 +02:00
|
|
|
);
|
2018-08-08 17:57:02 +02:00
|
|
|
|
2020-03-23 17:57:54 +01:00
|
|
|
if(returnUser) {
|
|
|
|
ctx.send({
|
|
|
|
jwt: strapi.plugins['users-permissions'].services.jwt.issue({
|
|
|
|
id: user.id
|
|
|
|
}),
|
|
|
|
user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
|
|
|
|
model: strapi.query('user', 'users-permissions').model
|
|
|
|
})
|
|
|
|
});
|
|
|
|
} else {
|
|
|
|
const settings = await strapi
|
|
|
|
.store({
|
|
|
|
environment: '',
|
|
|
|
type: 'plugin',
|
|
|
|
name: 'users-permissions',
|
|
|
|
key: 'advanced',
|
|
|
|
})
|
|
|
|
.get();
|
2018-08-08 17:57:02 +02:00
|
|
|
|
2020-03-23 17:57:54 +01:00
|
|
|
ctx.redirect(settings.email_confirmation_redirection || '/');
|
|
|
|
}
|
2019-04-09 12:09:03 +02:00
|
|
|
},
|
2019-11-13 18:45:23 +01:00
|
|
|
|
|
|
|
async sendEmailConfirmation(ctx) {
|
|
|
|
const pluginStore = await strapi.store({
|
|
|
|
environment: '',
|
|
|
|
type: 'plugin',
|
|
|
|
name: 'users-permissions',
|
|
|
|
});
|
|
|
|
|
|
|
|
const params = _.assign(ctx.request.body);
|
|
|
|
|
|
|
|
if (!params.email) {
|
|
|
|
return ctx.badRequest('missing.email');
|
|
|
|
}
|
|
|
|
|
|
|
|
const isEmail = emailRegExp.test(params.email);
|
|
|
|
|
|
|
|
if (isEmail) {
|
|
|
|
params.email = params.email.toLowerCase();
|
|
|
|
} else {
|
|
|
|
return ctx.badRequest('wrong.email');
|
|
|
|
}
|
|
|
|
|
|
|
|
const user = await strapi.query('user', 'users-permissions').findOne({
|
2019-11-26 16:03:06 +01:00
|
|
|
email: params.email,
|
2019-11-13 18:45:23 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
if (user.confirmed) {
|
|
|
|
return ctx.badRequest('already.confirmed');
|
|
|
|
}
|
|
|
|
|
|
|
|
if (user.blocked) {
|
|
|
|
return ctx.badRequest('blocked.user');
|
|
|
|
}
|
|
|
|
|
|
|
|
const jwt = strapi.plugins['users-permissions'].services.jwt.issue(
|
|
|
|
_.pick(user.toJSON ? user.toJSON() : user, ['id'])
|
|
|
|
);
|
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
const settings = await pluginStore.get({ key: 'email' }).then(storeEmail => {
|
|
|
|
try {
|
|
|
|
return storeEmail['email_confirmation'].options;
|
|
|
|
} catch (err) {
|
|
|
|
return {};
|
|
|
|
}
|
2019-11-13 18:45:23 +01:00
|
|
|
});
|
|
|
|
|
2020-03-06 19:16:23 +01:00
|
|
|
settings.message = await strapi.plugins['users-permissions'].services.userspermissions.template(
|
|
|
|
settings.message,
|
|
|
|
{
|
|
|
|
URL: new URL('/auth/email-confirmation', strapi.config.url).toString(),
|
|
|
|
USER: _.omit(user.toJSON ? user.toJSON() : user, [
|
|
|
|
'password',
|
|
|
|
'resetPasswordToken',
|
|
|
|
'role',
|
|
|
|
'provider',
|
|
|
|
]),
|
|
|
|
CODE: jwt,
|
|
|
|
}
|
|
|
|
);
|
|
|
|
|
|
|
|
settings.object = await strapi.plugins['users-permissions'].services.userspermissions.template(
|
|
|
|
settings.object,
|
|
|
|
{
|
|
|
|
USER: _.omit(user.toJSON ? user.toJSON() : user, [
|
|
|
|
'password',
|
|
|
|
'resetPasswordToken',
|
|
|
|
'role',
|
|
|
|
'provider',
|
|
|
|
]),
|
|
|
|
}
|
|
|
|
);
|
2019-11-13 18:45:23 +01:00
|
|
|
|
|
|
|
try {
|
|
|
|
await strapi.plugins['email'].services.email.send({
|
|
|
|
to: (user.toJSON ? user.toJSON() : user).email,
|
|
|
|
from:
|
|
|
|
settings.from.email && settings.from.name
|
|
|
|
? `"${settings.from.name}" <${settings.from.email}>`
|
|
|
|
: undefined,
|
|
|
|
replyTo: settings.response_email,
|
|
|
|
subject: settings.object,
|
|
|
|
text: settings.message,
|
2019-11-26 16:03:06 +01:00
|
|
|
html: settings.message,
|
2019-11-13 18:45:23 +01:00
|
|
|
});
|
|
|
|
ctx.send({
|
|
|
|
email: (user.toJSON ? user.toJSON() : user).email,
|
2019-11-26 16:03:06 +01:00
|
|
|
sent: true,
|
2019-11-13 18:45:23 +01:00
|
|
|
});
|
|
|
|
} catch (err) {
|
|
|
|
return ctx.badRequest(null, err);
|
|
|
|
}
|
|
|
|
},
|
2017-11-14 11:49:19 +01:00
|
|
|
};
|