strapi/packages/strapi-admin/services/auth.js

const _ = require('lodash');
const bcrypt = require('bcryptjs');

const sanitizeUser = user => {
  return _.omit(user.toJSON ? user.toJSON() : user, [
    'password',
    'resetPasswordToken',
  ]);
};

/**
 * Creates a JWT token for an administration user
 * @param {object} admon - admin user
 */
const createJwtToken = admin => {
  const payload = _.pick(admin.toJSON ? admin.toJSON() : admin, ['_id', 'id']);
  return strapi.plugins['users-permissions'].services.jwt.issue({
    ...payload,
    isAdmin: true,
  });
};

/**
 * hashes a password
 * @param {string} password - password to hash
 * @returns {string} hashed password
 */
const hashPassword = password => bcrypt.hash(password, 10);

/**
 * Validate a password
 * @param {string} password
 * @param {string} hash
 * @returns {boolean} is the password valid
 */
const validatePassword = (password, hash) => bcrypt.compare(password, hash);

module.exports = {
  createJwtToken,
  sanitizeUser,
  validatePassword,
  hashPassword,
};
Refactor strapi-admin services and controllers 2019-05-24 14:05:25 +02:00			`const _ = require('lodash');`
			`const bcrypt = require('bcryptjs');`

			`const sanitizeUser = user => {`
			`return _.omit(user.toJSON ? user.toJSON() : user, [`
			`'password',`
			`'resetPasswordToken',`
			`]);`
			`};`

			`/**`
			`* Creates a JWT token for an administration user`
			`* @param {object} admon - admin user`
			`*/`
			`const createJwtToken = admin => {`
			`const payload = _.pick(admin.toJSON ? admin.toJSON() : admin, ['_id', 'id']);`
Fix permission policy mixing users jwt and admin jwt 2019-06-07 15:16:52 +02:00			`return strapi.plugins['users-permissions'].services.jwt.issue({`
			`...payload,`
			`isAdmin: true,`
			`});`
Refactor strapi-admin services and controllers 2019-05-24 14:05:25 +02:00			`};`

			`/**`
			`* hashes a password`
			`* @param {string} password - password to hash`
			`* @returns {string} hashed password`
			`*/`
			`const hashPassword = password => bcrypt.hash(password, 10);`

			`/**`
			`* Validate a password`
			`* @param {string} password`
			`* @param {string} hash`
			`* @returns {boolean} is the password valid`
			`*/`
			`const validatePassword = (password, hash) => bcrypt.compare(password, hash);`

			`module.exports = {`
			`createJwtToken,`
			`sanitizeUser,`
			`validatePassword,`
			`hashPassword,`
			`};`