strapi/packages/strapi-plugin-users-permissions/services/User.js

'use strict';

/**
 * User.js service
 *
 * @description: A set of functions similar to controller's actions to avoid code duplication.
 */

// Public dependencies.
const _ = require('lodash');
const bcrypt = require('bcryptjs');

module.exports = {

  /**
   * Promise to fetch all users.
   *
   * @return {Promise}
   */

  fetchAll: (params) => {
    return strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', params));
  },

  /**
   * Promise to fetch a/an user.
   *
   * @return {Promise}
   */

  fetch: (params) => {
    return strapi.query('user', 'users-permissions').findOne(_.pick(params, '_id'));
  },

  /**
   * Promise to add a/an user.
   *
   * @return {Promise}
   */

  add: async (values) => {
    if (values.password) {
      values.password = await strapi.plugins['users-permissions'].services.user.hashPassword(values);
    }

    return strapi.query('user', 'users-permissions').create(values);
  },

  /**
   * Promise to edit a/an user.
   *
   * @return {Promise}
   */

  edit: async (params, values) => {
    // Note: The current method will return the full response of Mongo.
    // To get the updated object, you have to execute the `findOne()` method
    // or use the `findOneOrUpdate()` method with `{ new:true }` option.
    if (values.password) {
      values.password = await strapi.plugins['users-permissions'].services.user.hashPassword(values);
    }

    await strapi.hook.mongoose.manageRelations('user', _.merge(_.clone(params), { values }));
    return strapi.plugins['users-permissions'].models.user.update(params, values, { multi: true });
  },

  /**
   * Promise to remove a/an user.
   *
   * @return {Promise}
   */

  remove: async params => {
    // Note: To get the full response of Mongo, use the `remove()` method
    // or add spent the parameter `{ passRawResult: true }` as second argument.
    const data = await strapi.plugins['users-permissions'].models.user.findOneAndRemove(params, {})
      .populate(_.keys(_.groupBy(_.reject(strapi.plugins['users-permissions'].models.user.associations, {autoPopulate: false}), 'alias')).join(' '));

    _.forEach(User.associations, async association => {
      const search = (_.endsWith(association.nature, 'One')) ? { [association.via]: data._id } : { [association.via]: { $in: [data._id] } };
      const update = (_.endsWith(association.nature, 'One')) ? { [association.via]: null } : { $pull: { [association.via]: data._id } };

      await strapi.models[association.model || association.collection].update(
        search,
        update,
        { multi: true });
    });

    return data;
  },

  hashPassword: function (user = {}) {
    return new Promise((resolve) => {
      if (!user.password || this.isHashed(user.password)) {
        resolve(null);
      } else {
        bcrypt.hash(user.password, 10, (err, hash) => {
          resolve(hash)
        });
      }
    });
  },

  isHashed: (password) => {
    if (typeof password !== 'string' || !password) {
      return false;
    }

    return password.split('$').length === 4;
  },

  validatePassword: (password, hash) => {
    return bcrypt.compareSync(password, hash);
  }
};
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`'use strict';`

			`/**`
			`* User.js service`
			`*`
			`* @description: A set of functions similar to controller's actions to avoid code duplication.`
			`*/`

			`// Public dependencies.`
			`const _ = require('lodash');`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`const bcrypt = require('bcryptjs');`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
			`module.exports = {`

			`/**`
			`* Promise to fetch all users.`
			`*`
			`* @return {Promise}`
			`*/`

			`fetchAll: (params) => {`
Use query User fetch fetchAll 2017-11-28 10:51:03 +01:00			`return strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', params));`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Promise to fetch a/an user.`
			`*`
			`* @return {Promise}`
			`*/`

			`fetch: (params) => {`
Use query User fetch fetchAll 2017-11-28 10:51:03 +01:00			`return strapi.query('user', 'users-permissions').findOne(_.pick(params, '_id'));`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Promise to add a/an user.`
			`*`
			`* @return {Promise}`
			`*/`

			`add: async (values) => {`
Redirect CM action to plugin's controller for User plugin 2017-11-29 16:10:13 +01:00			`if (values.password) {`
			`values.password = await strapi.plugins['users-permissions'].services.user.hashPassword(values);`
			`}`

Update user API with queries 2017-11-29 17:09:19 +01:00			`return strapi.query('user', 'users-permissions').create(values);`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Promise to edit a/an user.`
			`*`
			`* @return {Promise}`
			`*/`

			`edit: async (params, values) => {`
			`// Note: The current method will return the full response of Mongo.`
			// To get the updated object, you have to execute the `findOne()` method
			// or use the `findOneOrUpdate()` method with `{ new:true }` option.
Redirect CM action to plugin's controller for User plugin 2017-11-29 16:10:13 +01:00			`if (values.password) {`
			`values.password = await strapi.plugins['users-permissions'].services.user.hashPassword(values);`
			`}`

Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`await strapi.hook.mongoose.manageRelations('user', _.merge(_.clone(params), { values }));`
Update user generated API 2017-11-17 12:05:03 +01:00			`return strapi.plugins['users-permissions'].models.user.update(params, values, { multi: true });`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Promise to remove a/an user.`
			`*`
			`* @return {Promise}`
			`*/`

			`remove: async params => {`
			// Note: To get the full response of Mongo, use the `remove()` method
			// or add spent the parameter `{ passRawResult: true }` as second argument.
Update user generated API 2017-11-17 12:05:03 +01:00			`const data = await strapi.plugins['users-permissions'].models.user.findOneAndRemove(params, {})`
			`.populate(_.keys(_.groupBy(_.reject(strapi.plugins['users-permissions'].models.user.associations, {autoPopulate: false}), 'alias')).join(' '));`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
			`_.forEach(User.associations, async association => {`
			`const search = (_.endsWith(association.nature, 'One')) ? { [association.via]: data._id } : { [association.via]: { $in: [data._id] } };`
			`const update = (_.endsWith(association.nature, 'One')) ? { [association.via]: null } : { $pull: { [association.via]: data._id } };`

			`await strapi.models[association.model \|\| association.collection].update(`
			`search,`
			`update,`
			`{ multi: true });`
			`});`

			`return data;`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`},`

Update doc and generated template 2017-11-29 15:46:28 +01:00			`hashPassword: function (user = {}) {`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`return new Promise((resolve) => {`
Update doc and generated template 2017-11-29 15:46:28 +01:00			`if (!user.password \|\| this.isHashed(user.password)) {`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`resolve(null);`
			`} else {`
			`bcrypt.hash(user.password, 10, (err, hash) => {`
			`resolve(hash)`
			`});`
			`}`
			`});`
			`},`

			`isHashed: (password) => {`
			`if (typeof password !== 'string' \|\| !password) {`
			`return false;`
			`}`

			`return password.split('$').length === 4;`
			`},`
Use db users for login 2017-11-16 14:29:49 +01:00
			`validatePassword: (password, hash) => {`
			`return bcrypt.compareSync(password, hash);`
			`}`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`};`