2021-09-07 14:51:48 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
|
|
|
|
const { castArray, map } = require('lodash/fp');
|
2022-01-08 15:46:36 +00:00
|
|
|
const { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors;
|
2021-09-07 14:51:48 +02:00
|
|
|
|
|
|
|
|
const { getService } = require('../utils');
|
|
|
|
|
|
|
|
|
|
const getAdvancedSettings = () => {
|
2021-09-13 12:03:12 +02:00
|
|
|
return strapi.store({ type: 'plugin', name: 'users-permissions' }).get({ key: 'advanced' });
|
2021-09-07 14:51:48 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const authenticate = async ctx => {
|
2021-11-15 17:54:17 +01:00
|
|
|
try {
|
|
|
|
|
const token = await getService('jwt').getToken(ctx);
|
|
|
|
|
|
|
|
|
|
if (token) {
|
|
|
|
|
const { id } = token;
|
2021-09-07 14:51:48 +02:00
|
|
|
|
|
|
|
|
if (id === undefined) {
|
2021-09-16 14:36:54 +02:00
|
|
|
return { authenticated: false };
|
2021-09-07 14:51:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// fetch authenticated user
|
|
|
|
|
const user = await getService('user').fetchAuthenticatedUser(id);
|
|
|
|
|
|
2021-09-08 16:16:16 +02:00
|
|
|
if (!user) {
|
2021-09-17 14:07:39 +02:00
|
|
|
return { error: 'Invalid credentials' };
|
2021-09-07 14:51:48 +02:00
|
|
|
}
|
|
|
|
|
|
2021-09-08 16:16:16 +02:00
|
|
|
const advancedSettings = await getAdvancedSettings();
|
|
|
|
|
|
|
|
|
|
if (advancedSettings.email_confirmation && !user.confirmed) {
|
2021-09-17 14:07:39 +02:00
|
|
|
return { error: 'Invalid credentials' };
|
2021-09-08 16:16:16 +02:00
|
|
|
}
|
2021-09-07 14:51:48 +02:00
|
|
|
|
2021-09-08 16:16:16 +02:00
|
|
|
if (user.blocked) {
|
2021-09-17 14:07:39 +02:00
|
|
|
return { error: 'Invalid credentials' };
|
2021-09-08 16:16:16 +02:00
|
|
|
}
|
2021-09-07 14:51:48 +02:00
|
|
|
|
2021-09-08 16:16:16 +02:00
|
|
|
ctx.state.user = user;
|
2021-09-07 14:51:48 +02:00
|
|
|
|
2021-09-08 16:16:16 +02:00
|
|
|
return {
|
|
|
|
|
authenticated: true,
|
|
|
|
|
credentials: user,
|
|
|
|
|
};
|
2021-09-07 14:51:48 +02:00
|
|
|
}
|
|
|
|
|
|
2021-11-15 17:54:17 +01:00
|
|
|
const publicPermissions = await strapi.query('plugin::users-permissions.permission').findMany({
|
|
|
|
|
where: {
|
|
|
|
|
role: { type: 'public' },
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (publicPermissions.length === 0) {
|
|
|
|
|
return { authenticated: false };
|
|
|
|
|
}
|
2021-09-07 14:51:48 +02:00
|
|
|
|
2021-11-15 17:54:17 +01:00
|
|
|
return {
|
|
|
|
|
authenticated: true,
|
|
|
|
|
credentials: null,
|
|
|
|
|
};
|
|
|
|
|
} catch (err) {
|
2021-09-07 14:51:48 +02:00
|
|
|
return { authenticated: false };
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const verify = async (auth, config) => {
|
|
|
|
|
const { credentials: user } = auth;
|
|
|
|
|
|
2022-01-21 04:42:07 +00:00
|
|
|
if (!config.scope) {
|
|
|
|
|
if (!user) {
|
|
|
|
|
// A non authenticated user cannot access routes that do not have a scope
|
|
|
|
|
throw new UnauthorizedError();
|
|
|
|
|
} else {
|
|
|
|
|
// An authenticated user can access non scoped routes
|
|
|
|
|
return;
|
|
|
|
|
}
|
2022-01-08 15:46:36 +00:00
|
|
|
}
|
|
|
|
|
|
2021-12-28 16:10:03 +00:00
|
|
|
let allowedActions = auth.allowedActions;
|
2021-09-07 14:51:48 +02:00
|
|
|
|
2021-12-28 16:10:03 +00:00
|
|
|
if (!allowedActions) {
|
|
|
|
|
const permissions = await strapi.query('plugin::users-permissions.permission').findMany({
|
|
|
|
|
where: { role: user ? user.role.id : { type: 'public' } },
|
|
|
|
|
});
|
2021-09-07 14:51:48 +02:00
|
|
|
|
2022-02-11 15:32:14 +05:00
|
|
|
allowedActions = map('action', permissions);
|
|
|
|
|
auth.allowedActions = allowedActions;
|
2021-09-07 14:51:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const isAllowed = castArray(config.scope).every(scope => allowedActions.includes(scope));
|
|
|
|
|
|
|
|
|
|
if (!isAllowed) {
|
2021-10-27 18:54:58 +02:00
|
|
|
throw new ForbiddenError();
|
2021-09-07 14:51:48 +02:00
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
module.exports = {
|
|
|
|
|
name: 'users-permissions',
|
|
|
|
|
authenticate,
|
|
|
|
|
verify,
|
|
|
|
|
};
|
