strapi/packages/strapi-admin/services/user.js

'use strict';

const _ = require('lodash');
const { stringIncludes, stringEquals } = require('strapi-utils');
const { createUser } = require('../domain/user');

const sanitizeUserRoles = role => _.pick(role, ['id', 'name', 'description']);

/**
 * Remove private user fields
 * @param {Object} user - user to sanitize
 */
const sanitizeUser = user => {
  return {
    ..._.omit(user, ['password', 'resetPasswordToken', 'roles']),
    roles: user.roles && user.roles.map(sanitizeUserRoles),
  };
};

/**
 * Create and save a user in database
 * @param attributes A partial user object
 * @returns {Promise<user>}
 */
const create = async attributes => {
  const user = createUser({
    registrationToken: strapi.admin.services.token.createToken(),
    ...attributes,
  });

  // hash password if a new one is sent
  if (_.has(user, 'password')) {
    const hashedPassword = await strapi.admin.services.auth.hashPassword(user.password);

    return strapi.query('user', 'admin').create({
      ...user,
      password: hashedPassword,
    });
  }

  return strapi.query('user', 'admin').create(user);
};

/**
 * Update a user in database
 * @param params query params to find the user to update
 * @param attributes A partial user object
 * @returns {Promise<user>}
 */
const updateById = async (id, attributes) => {
  // Check at least one super admin remains
  if (_.has(attributes, 'roles')) {
    const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();
    const nbOfSuperAdminUsers = _.get(superAdminRole, 'usersCount');
    const mayRemoveSuperAdmins = !stringIncludes(attributes.roles, superAdminRole.id);

    if (nbOfSuperAdminUsers === 1 && mayRemoveSuperAdmins) {
      const userWithAdminRole = await strapi
        .query('user', 'admin')
        .findOne({ roles: [superAdminRole.id] });
      if (stringEquals(userWithAdminRole.id, id)) {
        throw strapi.errors.badRequest(
          'ValidationError',
          'You must have at least one user with super admin role.'
        );
      }
    }
  }

  // hash password if a new one is sent
  if (_.has(attributes, 'password')) {
    const hashedPassword = await strapi.admin.services.auth.hashPassword(attributes.password);

    return strapi.query('user', 'admin').update(
      { id },
      {
        ...attributes,
        password: hashedPassword,
      }
    );
  }

  return strapi.query('user', 'admin').update({ id }, attributes);
};

/**
 * Check if a user with specific attributes exists in the database
 * @param attributes A partial user object
 * @returns {Promise<boolean>}
 */
const exists = async (attributes = {}) => {
  return (await strapi.query('user', 'admin').count(attributes)) > 0;
};

/**
 * Returns a user registration info
 * @param {string} registrationToken - a user registration token
 * @returns {Promise<registrationInfo>} - Returns user email, firstname and lastname
 */
const findRegistrationInfo = async registrationToken => {
  const user = await strapi.query('user', 'admin').findOne({ registrationToken });

  if (!user) {
    return undefined;
  }

  return _.pick(user, ['email', 'firstname', 'lastname']);
};

/**
 * Registers a user based on a registrationToken and some informations to update
 * @param {Object} params
 * @param {Object} params.registrationToken registration token
 * @param {Object} params.userInfo user info
 */
const register = async ({ registrationToken, userInfo }) => {
  const matchingUser = await strapi.query('user', 'admin').findOne({ registrationToken });

  if (!matchingUser) {
    throw strapi.errors.badRequest('Invalid registration info');
  }

  return strapi.admin.services.user.updateById(matchingUser.id, {
    password: userInfo.password,
    firstname: userInfo.firstname,
    lastname: userInfo.lastname,
    registrationToken: null,
    isActive: true,
  });
};

/**
 * Find one user
 */
const findOne = async params => {
  return strapi.query('user', 'admin').findOne(params);
};

/** Find many users (paginated)
 * @param query
 * @returns {Promise<user>}
 */
const findPage = async query => {
  return strapi.query('user', 'admin').findPage(query);
};

/** Search for many users (paginated)
 * @param query
 * @returns {Promise<user>}
 */
const searchPage = async query => {
  return strapi.query('user', 'admin').searchPage(query);
};

/** Delete users
 * @param query
 * @returns {Promise<user>}
 */
const deleteFn = async query => {
  return strapi.query('user', 'admin').delete(query);
};

/** Count the users that don't have any associated roles
 * @returns {Promise<number>}
 */
const countUsersWithoutRole = async () => {
  const userModel = strapi.query('user', 'admin').model;
  let count;

  if (userModel.orm === 'bookshelf') {
    count = await strapi.query('user', 'admin').count({ roles_null: true });
  } else if (userModel.orm === 'mongoose') {
    count = await strapi.query('user', 'admin').model.countDocuments({
      $or: [{ roles: { $exists: false } }, { roles: { $size: 0 } }],
    });
  } else {
    const allRoles = await strapi.query('role', 'admin').find({ _limit: -1 });
    count = await strapi.query('user', 'admin').count({
      roles_nin: allRoles.map(r => r.id),
    });
  }

  return count;
};

/** Assign some roles to several users
 * @returns {undefined}
 */
const assignARoleToAll = async roleId => {
  const userModel = strapi.query('user', 'admin').model;

  if (userModel.orm === 'bookshelf') {
    const assocTable = userModel.associations.find(a => a.alias === 'roles').tableCollectionName;
    const userTable = userModel.collectionName;
    const knex = strapi.connections[userModel.connection];
    const usersIds = await knex
      .select(`${userTable}.id`)
      .from(userTable)
      .leftJoin(assocTable, `${userTable}.id`, `${assocTable}.user_id`)
      .where(`${assocTable}.role_id`, null)
      .pluck(`${userTable}.id`);

    if (usersIds.length > 0) {
      const newRelations = usersIds.map(userId => ({ user_id: userId, role_id: roleId }));
      await knex.insert(newRelations).into(assocTable);
    }
  } else if (userModel.orm === 'mongoose') {
    await strapi.query('user', 'admin').model.updateMany({}, { roles: [roleId] });
  }
};

module.exports = {
  create,
  updateById,
  exists,
  findRegistrationInfo,
  register,
  sanitizeUser,
  findOne,
  findPage,
  searchPage,
  delete: deleteFn,
  countUsersWithoutRole,
  assignARoleToAll,
};
Add tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-13 11:46:52 +02:00			`'use strict';`

Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`const _ = require('lodash');`
fifth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-23 16:31:16 +02:00			`const { stringIncludes, stringEquals } = require('strapi-utils');`
Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`const { createUser } = require('../domain/user');`

Extract sanitizeUserRoles to outer scope, fix typo 2020-05-28 11:10:49 +02:00			`const sanitizeUserRoles = role => _.pick(role, ['id', 'name', 'description']);`

Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`/**`
			`* Remove private user fields`
			`* @param {Object} user - user to sanitize`
			`*/`
			`const sanitizeUser = user => {`
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`return {`
			`..._.omit(user, ['password', 'resetPasswordToken', 'roles']),`
Extract sanitizeUserRoles to outer scope, fix typo 2020-05-28 11:10:49 +02:00			`roles: user.roles && user.roles.map(sanitizeUserRoles),`
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`};`
Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`};`

Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`/**`
			`* Create and save a user in database`
			`* @param attributes A partial user object`
			`* @returns {Promise<user>}`
			`*/`
Uniformize code with rbac/login Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 11:06:16 +02:00			`const create = async attributes => {`
Add e2e tests, fix validation for mongoose, update services Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 18:54:52 +02:00			`const user = createUser({`
			`registrationToken: strapi.admin.services.token.createToken(),`
			`...attributes,`
			`});`

Add admin registeration API Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-22 11:15:06 +02:00			`// hash password if a new one is sent`
			`if (_.has(user, 'password')) {`
			`const hashedPassword = await strapi.admin.services.auth.hashPassword(user.password);`

			`return strapi.query('user', 'admin').create({`
			`...user,`
			`password: hashedPassword,`
			`});`
			`}`

Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`return strapi.query('user', 'admin').create(user);`
Uniformize code with rbac/login Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 11:06:16 +02:00			`};`
Add tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-13 11:46:52 +02:00
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`/**`
			`* Update a user in database`
			`* @param params query params to find the user to update`
			`* @param attributes A partial user object`
			`* @returns {Promise<user>}`
			`*/`
add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`const updateById = async (id, attributes) => {`
prevent removing the last superadmin Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 16:29:10 +02:00			`// Check at least one super admin remains`
			`if (_.has(attributes, 'roles')) {`
add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();`
fifth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-23 16:31:16 +02:00			`const nbOfSuperAdminUsers = _.get(superAdminRole, 'usersCount');`
			`const mayRemoveSuperAdmins = !stringIncludes(attributes.roles, superAdminRole.id);`

			`if (nbOfSuperAdminUsers === 1 && mayRemoveSuperAdmins) {`
add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`const userWithAdminRole = await strapi`
prevent removing the last superadmin Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 16:29:10 +02:00			`.query('user', 'admin')`
add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`.findOne({ roles: [superAdminRole.id] });`
fifth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-23 16:31:16 +02:00			`if (stringEquals(userWithAdminRole.id, id)) {`
prevent removing the last superadmin Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-16 16:29:10 +02:00			`throw strapi.errors.badRequest(`
			`'ValidationError',`
			`'You must have at least one user with super admin role.'`
			`);`
			`}`
			`}`
			`}`

Add /users/me routes Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 19:54:43 +02:00			`// hash password if a new one is sent`
			`if (_.has(attributes, 'password')) {`
			`const hashedPassword = await strapi.admin.services.auth.hashPassword(attributes.password);`

add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`return strapi.query('user', 'admin').update(`
			`{ id },`
			`{`
			`...attributes,`
			`password: hashedPassword,`
			`}`
			`);`
Add /users/me routes Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 19:54:43 +02:00			`}`

add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`return strapi.query('user', 'admin').update({ id }, attributes);`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`};`

Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`/**`
			`* Check if a user with specific attributes exists in the database`
			`* @param attributes A partial user object`
			`* @returns {Promise<boolean>}`
			`*/`
Cleanup Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-22 16:09:37 +02:00			`const exists = async (attributes = {}) => {`
Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`return (await strapi.query('user', 'admin').count(attributes)) > 0;`
Uniformize code with rbac/login Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 11:06:16 +02:00			`};`
Add tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-13 11:46:52 +02:00
Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`/**`
			`* Returns a user registration info`
			`* @param {string} registrationToken - a user registration token`
			`* @returns {Promise<registrationInfo>} - Returns user email, firstname and lastname`
			`*/`
			`const findRegistrationInfo = async registrationToken => {`
			`const user = await strapi.query('user', 'admin').findOne({ registrationToken });`

			`if (!user) {`
			`return undefined;`
			`}`

			`return _.pick(user, ['email', 'firstname', 'lastname']);`
			`};`

Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`/**`
			`* Registers a user based on a registrationToken and some informations to update`
			`* @param {Object} params`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`* @param {Object} params.registrationToken registration token`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`* @param {Object} params.userInfo user info`
			`*/`
			`const register = async ({ registrationToken, userInfo }) => {`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`const matchingUser = await strapi.query('user', 'admin').findOne({ registrationToken });`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00
			`if (!matchingUser) {`
			`throw strapi.errors.badRequest('Invalid registration info');`
			`}`

add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`return strapi.admin.services.user.updateById(matchingUser.id, {`
			`password: userInfo.password,`
			`firstname: userInfo.firstname,`
			`lastname: userInfo.lastname,`
			`registrationToken: null,`
			`isActive: true,`
			`});`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`};`
Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00
Add GET /admin/users/:id route 2020-05-28 14:03:48 +02:00			`/**`
			`* Find one user`
			`*/`
			`const findOne = async params => {`
			`return strapi.query('user', 'admin').findOne(params);`
			`};`

Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00			`/** Find many users (paginated)`
			`* @param query`
			`* @returns {Promise<user>}`
			`*/`
			`const findPage = async query => {`
			`return strapi.query('user', 'admin').findPage(query);`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`};`

fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`/** Search for many users (paginated)`
			`* @param query`
			`* @returns {Promise<user>}`
			`*/`
			`const searchPage = async query => {`
			`return strapi.query('user', 'admin').searchPage(query);`
			`};`

first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`/** Delete users`
			`* @param query`
			`* @returns {Promise<user>}`
			`*/`
			`const deleteFn = async query => {`
			`return strapi.query('user', 'admin').delete(query);`
			`};`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`/** Count the users that don't have any associated roles`
			`* @returns {Promise<number>}`
			`*/`
			`const countUsersWithoutRole = async () => {`
			`const userModel = strapi.query('user', 'admin').model;`
			`let count;`

			`if (userModel.orm === 'bookshelf') {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`count = await strapi.query('user', 'admin').count({ roles_null: true });`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`} else if (userModel.orm === 'mongoose') {`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`count = await strapi.query('user', 'admin').model.countDocuments({`
			`$or: [{ roles: { $exists: false } }, { roles: { $size: 0 } }],`
			`});`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`} else {`
fourth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-22 13:00:21 +02:00			`const allRoles = await strapi.query('role', 'admin').find({ _limit: -1 });`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`count = await strapi.query('user', 'admin').count({`
			`roles_nin: allRoles.map(r => r.id),`
			`});`
			`}`

			`return count;`
			`};`

third refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-19 18:54:37 +02:00			`/** Assign some roles to several users`
			`* @returns {undefined}`
			`*/`
			`const assignARoleToAll = async roleId => {`
			`const userModel = strapi.query('user', 'admin').model;`

			`if (userModel.orm === 'bookshelf') {`
fourth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-22 13:00:21 +02:00			`const assocTable = userModel.associations.find(a => a.alias === 'roles').tableCollectionName;`
			`const userTable = userModel.collectionName;`
third refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-19 18:54:37 +02:00			`const knex = strapi.connections[userModel.connection];`
			`const usersIds = await knex`
			.select(`${userTable}.id`)
			`.from(userTable)`
			.leftJoin(assocTable, `${userTable}.id`, `${assocTable}.user_id`)
			.where(`${assocTable}.role_id`, null)
			.pluck(`${userTable}.id`);

			`if (usersIds.length > 0) {`
			`const newRelations = usersIds.map(userId => ({ user_id: userId, role_id: roleId }));`
			`await knex.insert(newRelations).into(assocTable);`
			`}`
			`} else if (userModel.orm === 'mongoose') {`
			`await strapi.query('user', 'admin').model.updateMany({}, { roles: [roleId] });`
			`}`
			`};`

Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`module.exports = {`
			`create,`
add upload permissions to default roles + second refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 18:10:12 +02:00			`updateById,`
Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`exists,`
Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`findRegistrationInfo,`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`register,`
Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00			`sanitizeUser,`
Add GET /admin/users/:id route 2020-05-28 14:03:48 +02:00			`findOne,`
Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00			`findPage,`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`searchPage,`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`delete: deleteFn,`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`countUsersWithoutRole,`
third refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-19 18:54:37 +02:00			`assignARoleToAll,`
Add tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-13 11:46:52 +02:00			`};`