strapi/packages/plugins/users-permissions/server/bootstrap/index.js

'use strict';

/**
 * An asynchronous bootstrap function that runs before
 * your application gets started.
 *
 * This gives you an opportunity to set up your data model,
 * run jobs, or perform some special logic.
 */
const crypto = require('crypto');
const _ = require('lodash');
const urljoin = require('url-join');
const { getService } = require('../utils');
const getGrantConfig = require('./grant-config');

const usersPermissionsActions = require('./users-permissions-actions');

module.exports = async ({ strapi }) => {
  const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });

  await initGrant(pluginStore);
  await initEmails(pluginStore);
  await initAdvancedOptions(pluginStore);

  await strapi.admin.services.permission.actionProvider.registerMany(
    usersPermissionsActions.actions
  );

  await getService('users-permissions').initialize();

  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
    const jwtSecret = crypto.randomBytes(16).toString('base64');

    if (process.env.NODE_ENV === 'production') {
      throw new Error(
        `[Users & Permissions] Missing jwtSecret. Please, in config/plugins.js, set config.jwtSecret for the users-permissions plugin or set environment variable JWT_SECRET (ex: ${jwtSecret}).
For security reasons, prefere storing the secret in a environment variable. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
      );
    }

    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);

    if (!process.env.JWT_SECRET) {
      strapi.fs.appendFile(process.env.ENV_PATH || '.env', `JWT_SECRET=${jwtSecret}\n`);
      strapi.log.info(
        'The Users & Permissions plugin automatically generated a jwt secret and stored it in your .env file under the name JWT_SECRET.'
      );
    }
  }
};

const initGrant = async pluginStore => {
  const apiPrefix = strapi.config.get('api.rest.prefix');
  const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');

  const grantConfig = getGrantConfig(baseURL);

  const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};
  // store grant auth config to db
  // when plugin_users-permissions_grant is not existed in db
  // or we have added/deleted provider here.
  if (!prevGrantConfig || !_.isEqual(_.keys(prevGrantConfig), _.keys(grantConfig))) {
    // merge with the previous provider config.
    _.keys(grantConfig).forEach(key => {
      if (key in prevGrantConfig) {
        grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);
      }
    });
    await pluginStore.set({ key: 'grant', value: grantConfig });
  }
};

const initEmails = async pluginStore => {
  if (!(await pluginStore.get({ key: 'email' }))) {
    const value = {
      reset_password: {
        display: 'Email.template.reset_password',
        icon: 'sync',
        options: {
          from: {
            name: 'Administration Panel',
            email: 'no-reply@strapi.io',
          },
          response_email: '',
          object: 'Reset password',
          message: `<p>We heard that you lost your password. Sorry about that!</p>

<p>But don’t worry! You can use the following link to reset your password:</p>
<p><%= URL %>?code=<%= TOKEN %></p>

<p>Thanks.</p>`,
        },
      },
      email_confirmation: {
        display: 'Email.template.email_confirmation',
        icon: 'check-square',
        options: {
          from: {
            name: 'Administration Panel',
            email: 'no-reply@strapi.io',
          },
          response_email: '',
          object: 'Account confirmation',
          message: `<p>Thank you for registering!</p>

<p>You have to confirm your email address. Please click on the link below.</p>

<p><%= URL %>?confirmation=<%= CODE %></p>

<p>Thanks.</p>`,
        },
      },
    };

    await pluginStore.set({ key: 'email', value });
  }
};

const initAdvancedOptions = async pluginStore => {
  if (!(await pluginStore.get({ key: 'advanced' }))) {
    const value = {
      unique_email: true,
      allow_register: true,
      email_confirmation: false,
      email_reset_password: null,
      email_confirmation_redirection: null,
      default_role: 'authenticated',
    };

    await pluginStore.set({ key: 'advanced', value });
  }
};
-												Add bootstrap function in plugins

											
										
										
											2017-11-17 11:17:20 +01:00
+								'use strict';
 								/**
 								 * An asynchronous bootstrap function that runs before
 								 * your application gets started.
 								 *
 								 * This gives you an opportunity to set up your data model,
 								 * run jobs, or perform some special logic.
 								 */
-												harmonize secret generation + don't generate in production mode

											
										
										
											2022-01-24 18:13:27 +01:00
+								const crypto = require('crypto');
-												Add eslint to users-permissions backend

											
										
										
											2018-04-30 18:26:56 +02:00
+								const _ = require('lodash');
-												using url-join lib to generate base url
											
										
										
											2022-02-09 10:36:41 +08:00
+								const urljoin = require('url-join');
-												migrate plugin structures to V4

											
										
										
											2021-08-19 16:49:33 +02:00
+								const { getService } = require('../utils');
-												Split providers and grant config to a new files

Signed-off-by: Abdón Rodríguez Davila <a@abdonrd.com>

											
										
										
											2022-01-13 16:17:04 +01:00
+								const getGrantConfig = require('./grant-config');
-												Generate uuid for jwt encryption

											
										
										
											2017-12-04 16:43:24 +01:00
-												migrate plugin structures to V4

											
										
										
											2021-08-19 16:49:33 +02:00
+								const usersPermissionsActions = require('./users-permissions-actions');
-												add route GET /admin/permissions

Signed-off-by: Pierre Noël <petersg83@gmail.com>

											
										
										
											2020-06-04 18:30:26 +02:00
-												use { strapi } as params in all lifecycle functions

											
										
										
											2021-09-28 16:54:07 +02:00
+								module.exports = async ({ strapi }) => {
-												Init migration v4

- Hooks registry
- D&P CT migrations
- i18N CT migrations
- Umzug with js / sql migrations
- Eslint updates

											
										
										
											2021-09-13 12:03:12 +02:00
+								  const pluginStore = strapi.store({ type: 'plugin', name: 'users-permissions' });
-												New format store constructor
strapi.store(source).get(params)
strapi.store(source).set({params, value})

Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com>

											
										
										
											2018-02-06 13:10:43 +01:00
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
+								  await initGrant(pluginStore);
 								  await initEmails(pluginStore);
 								  await initAdvancedOptions(pluginStore);
 								  await strapi.admin.services.permission.actionProvider.registerMany(
 								    usersPermissionsActions.actions
 								  );
-												Wip

											
										
										
											2021-07-08 21:53:30 +02:00
+								  await getService('users-permissions').initialize();
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
-												fix e2e tests

											
										
										
											2021-08-17 19:28:10 +02:00
+								  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
-												harmonize secret generation + don't generate in production mode

											
										
										
											2022-01-24 18:13:27 +01:00
+								    const jwtSecret = crypto.randomBytes(16).toString('base64');
 								    if (process.env.NODE_ENV === 'production') {
 								      throw new Error(
-												Improve error messages

											
										
										
											2022-02-09 17:46:53 +01:00
+								        `[Users & Permissions] Missing jwtSecret. Please, in config/plugins.js, set config.jwtSecret for the users-permissions plugin or set environment variable JWT_SECRET (ex: ${jwtSecret}).
 								For security reasons, prefere storing the secret in a environment variable. See https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/environment.html#configuration-using-environment-variables.`
-												harmonize secret generation + don't generate in production mode

											
										
										
											2022-01-24 18:13:27 +01:00
+								      );
 								    }
-												fixes

											
										
										
											2021-08-20 15:23:02 +02:00
+								    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
-												add extension system for content-types

											
										
										
											2021-08-13 15:35:19 +02:00
+								    if (!process.env.JWT_SECRET) {
-												[FIX] respect custom ENV_PATH when setting JWT_SECRET
											
										
										
											2021-12-22 10:15:15 +01:00
+								      strapi.fs.appendFile(process.env.ENV_PATH || '.env', `JWT_SECRET=${jwtSecret}\n`);
-												use strapi.log.info + replace uuid by crypto + remove dead code

											
										
										
											2021-12-20 18:00:02 +01:00
+								      strapi.log.info(
 								        'The Users & Permissions plugin automatically generated a jwt secret and stored it in your .env file under the name JWT_SECRET.'
-												add session middleware + remove authentication using url param access_token

											
										
										
											2021-12-06 16:13:10 +01:00
+								      );
-												add extension system for content-types

											
										
										
											2021-08-13 15:35:19 +02:00
+								    }
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
+								  }
 								};
 								const initGrant = async pluginStore => {
-												Move u&p providers urls

											
										
										
											2021-10-26 16:51:29 +02:00
+								  const apiPrefix = strapi.config.get('api.rest.prefix');
-												Update packages/plugins/users-permissions/server/bootstrap/index.js

Co-authored-by: Alexandre BODIN <alexandrebodin@users.noreply.github.com>
											
										
										
											2022-02-11 18:51:01 +08:00
+								  const baseURL = urljoin(strapi.config.server.url, apiPrefix, 'auth');
-												Move u&p providers urls

											
										
										
											2021-10-26 16:51:29 +02:00
-												Split providers and grant config to a new files

Signed-off-by: Abdón Rodríguez Davila <a@abdonrd.com>

											
										
										
											2022-01-13 16:17:04 +01:00
+								  const grantConfig = getGrantConfig(baseURL);
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								  const prevGrantConfig = (await pluginStore.get({ key: 'grant' })) || {};
-												reload grant value to db when add/delete provider

											
										
										
											2018-04-21 12:29:00 +08:00
+								  // store grant auth config to db
 								  // when plugin_users-permissions_grant is not existed in db
 								  // or we have added/deleted provider here.
-												Merge branch 'develop' into features/media-lib

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>

											
										
										
											2020-03-02 15:18:08 +01:00
+								  if (!prevGrantConfig || !_.isEqual(_.keys(prevGrantConfig), _.keys(grantConfig))) {
-												merge the previous provider config

											
										
										
											2018-04-24 22:18:21 +08:00
+								    // merge with the previous provider config.
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								    _.keys(grantConfig).forEach(key => {
-												merge the previous provider config

											
										
										
											2018-04-24 22:18:21 +08:00
+								      if (key in prevGrantConfig) {
 								        grantConfig[key] = _.merge(grantConfig[key], prevGrantConfig[key]);
 								      }
 								    });
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								    await pluginStore.set({ key: 'grant', value: grantConfig });
-												Add provider connection

											
										
										
											2018-01-12 15:20:13 +01:00
+								  }
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
+								};
-												Add provider connection

											
										
										
											2018-01-12 15:20:13 +01:00
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
+								const initEmails = async pluginStore => {
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								  if (!(await pluginStore.get({ key: 'email' }))) {
-												New format store constructor
strapi.store(source).get(params)
strapi.store(source).set({params, value})

Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com>

											
										
										
											2018-02-06 13:10:43 +01:00
+								    const value = {
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								      reset_password: {
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								        display: 'Email.template.reset_password',
-												Dynamic zone edit view ui

											
										
										
											2019-11-19 16:17:15 +01:00
+								        icon: 'sync',
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								        options: {
 								          from: {
 								            name: 'Administration Panel',
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								            email: 'no-reply@strapi.io',
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								          },
 								          response_email: '',
-												Remove soft hyphen (U+00AD) from reset password email subject line

											
										
										
											2020-01-11 11:29:24 -05:00
+								          object: 'Reset password',
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								          message: `<p>We heard that you lost your password. Sorry about that!</p>
-												Use email templte config reset password

											
										
										
											2018-01-15 14:50:53 +01:00
-												Fix css and wording

As seen in the demo I removed the test transform capitalize in the ListRow component.
Add width to the iconContainer so it s now perfectly aligned.
Add missing trad key and change wording for the toggle label

											
										
										
											2018-01-26 17:31:52 +01:00
+								<p>But don’t worry! You can use the following link to reset your password:</p>
-												Merge branch 'master' into fix/users-front
											
										
										
											2018-01-26 17:37:01 +01:00
+								<p><%= URL %>?code=<%= TOKEN %></p>
-												Use email templte config reset password

											
										
										
											2018-01-15 14:50:53 +01:00
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								<p>Thanks.</p>`,
 								        },
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								      },
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								      email_confirmation: {
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								        display: 'Email.template.email_confirmation',
-												Dynamic zone edit view ui

											
										
										
											2019-11-19 16:17:15 +01:00
+								        icon: 'check-square',
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								        options: {
 								          from: {
 								            name: 'Administration Panel',
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								            email: 'no-reply@strapi.io',
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								          },
 								          response_email: '',
 								          object: 'Account confirmation',
-												Modify template for english


											
										
										
											2018-08-27 08:11:23 -07:00
+								          message: `<p>Thank you for registering!</p>
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
-												Update bootstrap.js
											
										
										
											2018-08-23 12:00:46 +02:00
+								<p>You have to confirm your email address. Please click on the link below.</p>
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
 								<p><%= URL %>?confirmation=<%= CODE %></p>
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								<p>Thanks.</p>`,
 								        },
 								      },
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								    };
-												Create email template config file

											
										
										
											2018-01-15 11:29:38 +01:00
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								    await pluginStore.set({ key: 'email', value });
-												Create email template config file

											
										
										
											2018-01-15 11:29:38 +01:00
+								  }
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
+								};
-												Create email template config file

											
										
										
											2018-01-15 11:29:38 +01:00
-												Remove mongoose connector

											
										
										
											2021-06-29 16:27:35 +02:00
+								const initAdvancedOptions = async pluginStore => {
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								  if (!(await pluginStore.get({ key: 'advanced' }))) {
-												New format store constructor
strapi.store(source).get(params)
strapi.store(source).set({params, value})

Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com>

											
										
										
											2018-02-06 13:10:43 +01:00
+								    const value = {
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								      unique_email: true,
-												Add default role in advanced settings

											
										
										
											2018-03-12 15:56:25 +01:00
+								      allow_register: true,
-												Add confirmation email

											
										
										
											2018-08-08 17:57:02 +02:00
+								      email_confirmation: false,
-												update doc + add localhost in confirmation links if url is not set

Signed-off-by: Pierre Noël <petersg83@gmail.com>

											
										
										
											2020-07-17 14:24:31 +02:00
+								      email_reset_password: null,
 								      email_confirmation_redirection: null,
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								      default_role: 'authenticated',
-												Use database config for users-permissions plugin
Delete advanced, grant and email json files
Update setter to update data

											
										
										
											2018-02-01 18:12:38 +01:00
+								    };
-												Generate advanced configs

											
										
										
											2018-01-15 15:01:21 +01:00
-												Exports schema.graphql in devmode, load extensions folder and run merge config and overwrites

											
										
										
											2019-04-10 18:11:55 +02:00
+								    await pluginStore.set({ key: 'advanced', value });
-												Generate advanced configs

											
										
										
											2018-01-15 15:01:21 +01:00
+								  }
-												Add bootstrap function in plugins

											
										
										
											2017-11-17 11:17:20 +01:00
+								};