strapi/packages/strapi-plugin-users-permissions/services/Providers.js

'use strict';

/**
 * Module dependencies.
 */

// Public node modules.
const _ = require('lodash');
const request = require('request');

// Purest strategies.<
const Purest = require('purest');

/**
 * Connect thanks to a third-party provider.
 *
 *
 * @param {String}    provider
 * @param {String}    access_token
 *
 * @return  {*}
 */

exports.connect = (provider, query) => {
  const access_token = query.access_token || query.code || query.oauth_token;

  return new Promise((resolve, reject) => {
    if (!access_token) {
      return reject(null, {
        message: 'No access_token.'
      });
    }

    // Get the profile.
    getProfile(provider, query, async (err, profile) => {
      if (err) {
        return reject(err);
      }

      // We need at least the mail.
      if (!profile.email) {
        return reject([{
          message: 'Email was not available.'
        }, null]);
      }

      try {
        const users = await strapi.plugins['users-permissions'].queries('user', 'users-permissions').find({
          email: profile.email
        });

        const advanced = await strapi.store({
          environment: '',
          type: 'plugin',
          name: 'users-permissions',
          key: 'advanced'
        }).get();

        if (_.isEmpty(_.find(users, {provider})) && !advanced.allow_register) {
          return resolve([null, [{ messages: [{ id: 'Auth.advanced.allow_register' }] }], 'Register action is actualy not available.']);
        }

        const user = _.find(users, {provider});

        if (!_.isEmpty(user)) {
          return resolve([user, null]);
        }

        if (!_.isEmpty(_.find(users, user => user.provider !== provider)) && advanced.unique_email) {
          return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']);
        }

        // Retrieve default role.
        const defaultRole = await strapi.plugins['users-permissions'].queries('role', 'users-permissions').findOne({ type: advanced.default_role }, []);

        // Create the new user.
        const params = _.assign(profile, {
          provider: provider,
          role: defaultRole._id || defaultRole.id
        });

        const createdUser = await strapi.plugins['users-permissions'].queries('user', 'users-permissions').create(params);

        return resolve([createdUser, null]);
      } catch (err) {
        reject([null, err]);
      }
    });
  });
};

/**
 * Helper to get profiles
 *
 * @param {String}   provider
 * @param {Function} callback
 */

const getProfile = async (provider, query, callback) => {
  const access_token = query.access_token || query.code || query.oauth_token;

  const grant = await strapi.store({
    environment: '',
    type: 'plugin',
    name: 'users-permissions',
    key: 'grant'
  }).get();

  switch (provider) {
    case 'discord': {
      const discord = new Purest({
        provider: 'discord',
        config: {
          'discord': {
            'https://discordapp.com/api/': {
              '__domain': {
                'auth': {
                  'auth': {'bearer': '[0]'}
                }
              },
              '{endpoint}': {
                '__path': {
                  'alias': '__default'
                }
              }
            }
          }
        }
      });
      discord.query().get('users/@me').auth(access_token).request((err, res, body) => {
        if (err) {
          callback(err);
        } else {
          // Combine username and discriminator because discord username is not unique
          var username = `${body.username}#${body.discriminator}`;
          callback(null, {
            username: username,
            email: body.email
          });
        }
      });
      break;
    }
    case 'facebook': {
      const facebook = new Purest({
        provider: 'facebook'
      });

      facebook.query().get('me?fields=name,email').auth(access_token).request((err, res, body) => {
        if (err) {
          callback(err);
        } else {
          callback(null, {
            username: body.name,
            email: body.email
          });
        }
      });
      break;
    }
    case 'google': {
      const google = new Purest({
        provider: 'google'
      });

      google.query('plus').get('people/me').auth(access_token).request((err, res, body) => {
        if (err) {
          callback(err);
        } else {
          callback(null, {
            username: body.emails[0].value.split("@")[0],
            email: body.emails[0].value
          });
        }
      });
      break;
    }
    case 'github': {
      const github = new Purest({
        provider: 'github',
        defaults: {
          headers: {
            'user-agent': 'strapi'
          }
        }
      });

      request.post({
        url: 'https://github.com/login/oauth/access_token',
        form: {
          client_id: grant.github.key,
          client_secret: grant.github.secret,
          code: access_token
        }
      }, (err, res, body) => {
        github.query().get('user').auth(body.split('&')[0].split('=')[1]).request((err, res, body) => {
          if (err) {
            callback(err);
          } else {
            callback(null, {
              username: body.login,
              email: body.email
            });
          }
        });
      });
      break;
    }
    case 'microsoft': {
      const microsoft = new Purest({
        provider: 'microsoft',
        config:{
          'microsoft': {
            'https://graph.microsoft.com': {
              '__domain': {
                'auth': {
                  'auth': {'bearer': '[0]'}
                }
              },
              '[version]/{endpoint}': {
                '__path': {
                  'alias': '__default',
                  'version': 'v1.0'
                }
              }
            }
          }
        }
      });

      microsoft.query().get('me').auth(access_token).request((err, res, body) => {
        if (err) {
          callback(err);
        } else {
          callback(null, {
            username: body.userPrincipalName,
            email: body.userPrincipalName
          });
        }
      });
      break;
    }
    case 'twitter': {
      const twitter = new Purest({
        provider: 'twitter',
        key: grant.twitter.key,
        secret: grant.twitter.secret
      });

      twitter.query().get('account/verify_credentials').auth(access_token, query.access_secret).qs({screen_name: query['raw[screen_name]'], include_email: 'true'}).request((err, res, body) => {
        if (err) {
          callback(err);
        } else {
          callback(null, {
            username: body.screen_name,
            email: body.email
          });
        }
      });
      break;
    }
    default:
      callback({
        message: 'Unknown provider.'
      });
      break;
  }
};
Add provider connection 2018-01-12 15:20:13 +01:00			`'use strict';`

			`/**`
			`* Module dependencies.`
			`*/`

			`// Public node modules.`
			`const _ = require('lodash');`
Fix PR feedback and add twitter provider 2018-01-23 09:30:25 +01:00			`const request = require('request');`
Add provider connection 2018-01-12 15:20:13 +01:00
Refactor strapi load 2019-04-05 16:11:09 +02:00			`// Purest strategies.<`
Add provider connection 2018-01-12 15:20:13 +01:00			`const Purest = require('purest');`

			`/**`
			`* Connect thanks to a third-party provider.`
			`*`
			`*`
			`* @param {String} provider`
			`* @param {String} access_token`
			`*`
			`* @return {*}`
			`*/`

Fix PR feedback and add twitter provider 2018-01-23 09:30:25 +01:00			`exports.connect = (provider, query) => {`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`const access_token = query.access_token \|\| query.code \|\| query.oauth_token;`
Fix PR feedback and add twitter provider 2018-01-23 09:30:25 +01:00
Add provider connection 2018-01-12 15:20:13 +01:00			`return new Promise((resolve, reject) => {`
			`if (!access_token) {`
Fix PR feedback 2018-01-25 11:53:22 +01:00			`return reject(null, {`
Add provider connection 2018-01-12 15:20:13 +01:00			`message: 'No access_token.'`
			`});`
			`}`
Fix PR feedback 2018-01-25 11:53:22 +01:00
			`// Get the profile.`
			`getProfile(provider, query, async (err, profile) => {`
			`if (err) {`
			`return reject(err);`
			`}`

			`// We need at least the mail.`
			`if (!profile.email) {`
Remove last else condition 2018-01-25 12:26:09 +01:00			`return reject([{`
Fix PR feedback 2018-01-25 11:53:22 +01:00			`message: 'Email was not available.'`
			`}, null]);`
Fix conflict 2018-01-25 13:43:07 +01:00			`}`

Remove last else condition 2018-01-25 12:26:09 +01:00			`try {`
Add a queries interface to the plugins 2019-04-26 10:17:04 +02:00			`const users = await strapi.plugins['users-permissions'].queries('user', 'users-permissions').find({`
Fixed bug following recommendation 2019-01-11 22:52:28 +13:00			`email: profile.email`
No longer use convertParams 2019-02-03 13:49:55 +01:00			`});`
Fix PR feedback 2018-01-25 11:53:22 +01:00
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`const advanced = await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced'`
			`}).get();`
Use database config for users-permissions plugin Delete advanced, grant and email json files Update setter to update data 2018-02-01 18:12:38 +01:00
			`if (_.isEmpty(_.find(users, {provider})) && !advanced.allow_register) {`
Remove last else condition 2018-01-25 12:26:09 +01:00			`return resolve([null, [{ messages: [{ id: 'Auth.advanced.allow_register' }] }], 'Register action is actualy not available.']);`
			`}`
Fix PR feedback 2018-01-25 11:53:22 +01:00
Hot fix provider login Co-authored-by: soupette <cyril.lpz@gmail.com> 2018-02-14 17:02:44 +01:00			`const user = _.find(users, {provider});`

			`if (!_.isEmpty(user)) {`
Fix second auth with provider 2018-01-25 15:48:56 +01:00			`return resolve([user, null]);`
Remove last else condition 2018-01-25 12:26:09 +01:00			`}`
Fix PR feedback 2018-01-25 11:53:22 +01:00
Use database config for users-permissions plugin Delete advanced, grant and email json files Update setter to update data 2018-02-01 18:12:38 +01:00			`if (!_.isEmpty(_.find(users, user => user.provider !== provider)) && advanced.unique_email) {`
Remove last else condition 2018-01-25 12:26:09 +01:00			`return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']);`
			`}`
Fix PR feedback 2018-01-25 11:53:22 +01:00
Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00			`// Retrieve default role.`
Add a queries interface to the plugins 2019-04-26 10:17:04 +02:00			`const defaultRole = await strapi.plugins['users-permissions'].queries('role', 'users-permissions').findOne({ type: advanced.default_role }, []);`
Assign guest role to user using provider auth 2018-01-25 16:37:35 +01:00
Fix block provider conditions 2018-01-29 17:12:49 +01:00			`// Create the new user.`
			`const params = _.assign(profile, {`
			`provider: provider,`
Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00			`role: defaultRole._id \|\| defaultRole.id`
Fix block provider conditions 2018-01-29 17:12:49 +01:00			`});`
Fix PR feedback 2018-01-25 11:53:22 +01:00
Add a queries interface to the plugins 2019-04-26 10:17:04 +02:00			`const createdUser = await strapi.plugins['users-permissions'].queries('user', 'users-permissions').create(params);`
Fix PR feedback 2018-01-25 11:53:22 +01:00
Fix block provider conditions 2018-01-29 17:12:49 +01:00			`return resolve([createdUser, null]);`
Remove last else condition 2018-01-25 12:26:09 +01:00			`} catch (err) {`
			`reject([null, err]);`
Fix PR feedback 2018-01-25 11:53:22 +01:00			`}`
			`});`
Add provider connection 2018-01-12 15:20:13 +01:00			`});`
			`};`

			`/**`
			`* Helper to get profiles`
			`*`
			`* @param {String} provider`
			`* @param {Function} callback`
			`*/`

Use database config for users-permissions plugin Delete advanced, grant and email json files Update setter to update data 2018-02-01 18:12:38 +01:00			`const getProfile = async (provider, query, callback) => {`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`const access_token = query.access_token \|\| query.code \|\| query.oauth_token;`
Fix PR feedback and add twitter provider 2018-01-23 09:30:25 +01:00
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`const grant = await strapi.store({`
Environment agnostic for users-permissions configs 2018-02-13 15:04:21 +01:00			`environment: '',`
New format store constructor strapi.store(source).get(params) strapi.store(source).set({params, value}) Co-authored-by: Aurelsicoko <aurelsicoko@gmail.com> 2018-02-06 13:10:43 +01:00			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'grant'`
			`}).get();`
Use database config for users-permissions plugin Delete advanced, grant and email json files Update setter to update data 2018-02-01 18:12:38 +01:00
Add provider connection 2018-01-12 15:20:13 +01:00			`switch (provider) {`
Finish adding Discord to Providers.js Thanks to synth3tk for your help! Note that with Discord the username is not unique so I combined the username and discriminator in order to store a unique "username" 2018-07-29 17:43:45 -07:00			`case 'discord': {`
			`const discord = new Purest({`
			`provider: 'discord',`
			`config: {`
			`'discord': {`
			`'https://discordapp.com/api/': {`
			`'__domain': {`
			`'auth': {`
			`'auth': {'bearer': '[0]'}`
			`}`
			`},`
			`'{endpoint}': {`
			`'__path': {`
			`'alias': '__default'`
			`}`
			`}`
			`}`
			`}`
			`}`
			`});`
			`discord.query().get('users/@me').auth(access_token).request((err, res, body) => {`
			`if (err) {`
			`callback(err);`
			`} else {`
			`// Combine username and discriminator because discord username is not unique`
Fix policy error 2018-08-06 16:59:14 +02:00			var username = `${body.username}#${body.discriminator}`;
Finish adding Discord to Providers.js Thanks to synth3tk for your help! Note that with Discord the username is not unique so I combined the username and discriminator in order to store a unique "username" 2018-07-29 17:43:45 -07:00			`callback(null, {`
			`username: username,`
			`email: body.email`
			`});`
			`}`
			`});`
			`break;`
			`}`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`case 'facebook': {`
Fix get twitter data 2018-01-25 15:04:42 +01:00			`const facebook = new Purest({`
			`provider: 'facebook'`
			`});`

Add provider connection 2018-01-12 15:20:13 +01:00			`facebook.query().get('me?fields=name,email').auth(access_token).request((err, res, body) => {`
			`if (err) {`
			`callback(err);`
			`} else {`
			`callback(null, {`
			`username: body.name,`
			`email: body.email`
			`});`
			`}`
			`});`
			`break;`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`}`
			`case 'google': {`
Fix get twitter data 2018-01-25 15:04:42 +01:00			`const google = new Purest({`
			`provider: 'google'`
			`});`

Add provider connection 2018-01-12 15:20:13 +01:00			`google.query('plus').get('people/me').auth(access_token).request((err, res, body) => {`
			`if (err) {`
			`callback(err);`
			`} else {`
			`callback(null, {`
Update username for Google Auth to fix #2285 2018-11-11 00:26:53 +05:30			`username: body.emails[0].value.split("@")[0],`
Add provider connection 2018-01-12 15:20:13 +01:00			`email: body.emails[0].value`
			`});`
			`}`
			`});`
			`break;`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`}`
			`case 'github': {`
Fix get twitter data 2018-01-25 15:04:42 +01:00			`const github = new Purest({`
			`provider: 'github',`
			`defaults: {`
			`headers: {`
			`'user-agent': 'strapi'`
			`}`
			`}`
			`});`

Fix PR feedback and add twitter provider 2018-01-23 09:30:25 +01:00			`request.post({`
			`url: 'https://github.com/login/oauth/access_token',`
			`form: {`
Use database config for users-permissions plugin Delete advanced, grant and email json files Update setter to update data 2018-02-01 18:12:38 +01:00			`client_id: grant.github.key,`
			`client_secret: grant.github.secret,`
Fix PR feedback and add twitter provider 2018-01-23 09:30:25 +01:00			`code: access_token`
Add provider connection 2018-01-12 15:20:13 +01:00			`}`
Fix PR feedback and add twitter provider 2018-01-23 09:30:25 +01:00			`}, (err, res, body) => {`
			`github.query().get('user').auth(body.split('&')[0].split('=')[1]).request((err, res, body) => {`
			`if (err) {`
			`callback(err);`
			`} else {`
			`callback(null, {`
			`username: body.login,`
			`email: body.email`
			`});`
			`}`
			`});`
Add provider connection 2018-01-12 15:20:13 +01:00			`});`
			`break;`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`}`
Add Microsoft auth provider Closes #1385 2018-07-22 22:03:29 -04:00			`case 'microsoft': {`
			`const microsoft = new Purest({`
			`provider: 'microsoft',`
			`config:{`
			`'microsoft': {`
			`'https://graph.microsoft.com': {`
			`'__domain': {`
			`'auth': {`
			`'auth': {'bearer': '[0]'}`
			`}`
			`},`
			`'[version]/{endpoint}': {`
			`'__path': {`
			`'alias': '__default',`
			`'version': 'v1.0'`
			`}`
			`}`
			`}`
			`}`
			`}`
			`});`

			`microsoft.query().get('me').auth(access_token).request((err, res, body) => {`
			`if (err) {`
			`callback(err);`
			`} else {`
			`callback(null, {`
			`username: body.userPrincipalName,`
			`email: body.userPrincipalName`
			`});`
			`}`
			`});`
			`break;`
			`}`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`case 'twitter': {`
Fix get twitter data 2018-01-25 15:04:42 +01:00			`const twitter = new Purest({`
			`provider: 'twitter',`
Use database config for users-permissions plugin Delete advanced, grant and email json files Update setter to update data 2018-02-01 18:12:38 +01:00			`key: grant.twitter.key,`
			`secret: grant.twitter.secret`
Fix get twitter data 2018-01-25 15:04:42 +01:00			`});`

			`twitter.query().get('account/verify_credentials').auth(access_token, query.access_secret).qs({screen_name: query['raw[screen_name]'], include_email: 'true'}).request((err, res, body) => {`
Add provider connection 2018-01-12 15:20:13 +01:00			`if (err) {`
			`callback(err);`
			`} else {`
			`callback(null, {`
Fix PR feedback and add twitter provider 2018-01-23 09:30:25 +01:00			`username: body.screen_name,`
			`email: body.email`
Add provider connection 2018-01-12 15:20:13 +01:00			`});`
			`}`
			`});`
			`break;`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`}`
Add provider connection 2018-01-12 15:20:13 +01:00			`default:`
			`callback({`
			`message: 'Unknown provider.'`
			`});`
			`break;`
			`}`
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`};`