strapi/packages/strapi-admin/services/user.js

'use strict';

const _ = require('lodash');
const { createUser } = require('../domain/user');

const sanitizeUserRoles = role => _.pick(role, ['id', 'name', 'description']);

/**
 * Remove private user fields
 * @param {Object} user - user to sanitize
 */
const sanitizeUser = user => {
  return {
    ..._.omit(user, ['password', 'resetPasswordToken', 'roles']),
    roles: user.roles && user.roles.map(sanitizeUserRoles),
  };
};

/**
 * Create and save a user in database
 * @param attributes A partial user object
 * @returns {Promise<user>}
 */
const create = async attributes => {
  const user = createUser({
    registrationToken: strapi.admin.services.token.createToken(),
    ...attributes,
  });

  // hash password if a new one is sent
  if (_.has(user, 'password')) {
    const hashedPassword = await strapi.admin.services.auth.hashPassword(user.password);

    return strapi.query('user', 'admin').create({
      ...user,
      password: hashedPassword,
    });
  }

  return strapi.query('user', 'admin').create(user);
};

/**
 * Update a user in database
 * @param params query params to find the user to update
 * @param attributes A partial user object
 * @returns {Promise<user>}
 */
const update = async (params, attributes) => {
  // hash password if a new one is sent
  if (_.has(attributes, 'password')) {
    const hashedPassword = await strapi.admin.services.auth.hashPassword(attributes.password);

    return strapi.query('user', 'admin').update(params, {
      ...attributes,
      password: hashedPassword,
    });
  }

  return strapi.query('user', 'admin').update(params, attributes);
};

/**
 * Check if a user with specific attributes exists in the database
 * @param attributes A partial user object
 * @returns {Promise<boolean>}
 */
const exists = async (attributes = {}) => {
  return (await strapi.query('user', 'admin').count(attributes)) > 0;
};

/**
 * Returns a user registration info
 * @param {string} registrationToken - a user registration token
 * @returns {Promise<registrationInfo>} - Returns user email, firstname and lastname
 */
const findRegistrationInfo = async registrationToken => {
  const user = await strapi.query('user', 'admin').findOne({ registrationToken });

  if (!user) {
    return undefined;
  }

  return _.pick(user, ['email', 'firstname', 'lastname']);
};

/**
 * Registers a user based on a registrationToken and some informations to update
 * @param {Object} params
 * @param {Object} params.registrationToken registration token
 * @param {Object} params.userInfo user info
 */
const register = async ({ registrationToken, userInfo }) => {
  const matchingUser = await strapi.query('user', 'admin').findOne({ registrationToken });

  if (!matchingUser) {
    throw strapi.errors.badRequest('Invalid registration info');
  }

  return strapi.admin.services.user.update(
    { id: matchingUser.id },
    {
      password: userInfo.password,
      firstname: userInfo.firstname,
      lastname: userInfo.lastname,
      registrationToken: null,
      isActive: true,
    }
  );
};

/**
 * Find one user
 */
const findOne = async params => {
  return strapi.query('user', 'admin').findOne(params);
};

/** Find many users (paginated)
 * @param query
 * @returns {Promise<user>}
 */
const findPage = async query => {
  return strapi.query('user', 'admin').findPage(query);
};

/** Search for many users (paginated)
 * @param query
 * @returns {Promise<user>}
 */
const searchPage = async query => {
  return strapi.query('user', 'admin').searchPage(query);
};

/** Delete a user
 * @param query
 * @returns {Promise<user>}
 */
const deleteOne = async query => {
  return strapi.query('user', 'admin').delete(query);
};

/** Count the users that don't have any associated roles
 * @returns {Promise<number>}
 */
const countUsersWithoutRole = async () => {
  const userModel = strapi.query('user', 'admin').model;
  const assocTable = userModel.associations.find(a => a.alias === 'roles').tableCollectionName;
  let count;

  if (userModel.orm === 'bookshelf') {
    const result = await userModel
      .query(qb => {
        qb.count()
          .leftJoin(assocTable, `${userModel.collectionName}.id`, `${assocTable}.user_id`)
          .where(`${assocTable}.role_id`, null);
      })
      .fetch();
    count = result.toJSON()['count(*)'];
  } else if (userModel.orm === 'mongoose') {
    count = await strapi.query('user', 'admin').model.countDocuments({ roles: { $size: 0 } });
  } else {
    const allRoles = await strapi.query('role', 'admin').find();
    count = await strapi.query('user', 'admin').count({
      roles_nin: allRoles.map(r => r.id),
    });
  }

  return count;
};

module.exports = {
  create,
  update,
  exists,
  findRegistrationInfo,
  register,
  sanitizeUser,
  findOne,
  findPage,
  searchPage,
  deleteOne,
  countUsersWithoutRole,
};
Add tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-13 11:46:52 +02:00			`'use strict';`

Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`const _ = require('lodash');`
Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`const { createUser } = require('../domain/user');`

Extract sanitizeUserRoles to outer scope, fix typo 2020-05-28 11:10:49 +02:00			`const sanitizeUserRoles = role => _.pick(role, ['id', 'name', 'description']);`

Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`/**`
			`* Remove private user fields`
			`* @param {Object} user - user to sanitize`
			`*/`
			`const sanitizeUser = user => {`
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`return {`
			`..._.omit(user, ['password', 'resetPasswordToken', 'roles']),`
Extract sanitizeUserRoles to outer scope, fix typo 2020-05-28 11:10:49 +02:00			`roles: user.roles && user.roles.map(sanitizeUserRoles),`
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`};`
Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`};`

Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`/**`
			`* Create and save a user in database`
			`* @param attributes A partial user object`
			`* @returns {Promise<user>}`
			`*/`
Uniformize code with rbac/login Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 11:06:16 +02:00			`const create = async attributes => {`
Add e2e tests, fix validation for mongoose, update services Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 18:54:52 +02:00			`const user = createUser({`
			`registrationToken: strapi.admin.services.token.createToken(),`
			`...attributes,`
			`});`

Add admin registeration API Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-22 11:15:06 +02:00			`// hash password if a new one is sent`
			`if (_.has(user, 'password')) {`
			`const hashedPassword = await strapi.admin.services.auth.hashPassword(user.password);`

			`return strapi.query('user', 'admin').create({`
			`...user,`
			`password: hashedPassword,`
			`});`
			`}`

Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`return strapi.query('user', 'admin').create(user);`
Uniformize code with rbac/login Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 11:06:16 +02:00			`};`
Add tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-13 11:46:52 +02:00
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`/**`
			`* Update a user in database`
			`* @param params query params to find the user to update`
			`* @param attributes A partial user object`
			`* @returns {Promise<user>}`
			`*/`
			`const update = async (params, attributes) => {`
Add /users/me routes Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 19:54:43 +02:00			`// hash password if a new one is sent`
			`if (_.has(attributes, 'password')) {`
			`const hashedPassword = await strapi.admin.services.auth.hashPassword(attributes.password);`

			`return strapi.query('user', 'admin').update(params, {`
			`...attributes,`
			`password: hashedPassword,`
			`});`
			`}`

Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`return strapi.query('user', 'admin').update(params, attributes);`
			`};`

Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`/**`
			`* Check if a user with specific attributes exists in the database`
			`* @param attributes A partial user object`
			`* @returns {Promise<boolean>}`
			`*/`
Cleanup Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-22 16:09:37 +02:00			`const exists = async (attributes = {}) => {`
Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`return (await strapi.query('user', 'admin').count(attributes)) > 0;`
Uniformize code with rbac/login Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 11:06:16 +02:00			`};`
Add tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-13 11:46:52 +02:00
Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`/**`
			`* Returns a user registration info`
			`* @param {string} registrationToken - a user registration token`
			`* @returns {Promise<registrationInfo>} - Returns user email, firstname and lastname`
			`*/`
			`const findRegistrationInfo = async registrationToken => {`
			`const user = await strapi.query('user', 'admin').findOne({ registrationToken });`

			`if (!user) {`
			`return undefined;`
			`}`

			`return _.pick(user, ['email', 'firstname', 'lastname']);`
			`};`

Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`/**`
			`* Registers a user based on a registrationToken and some informations to update`
			`* @param {Object} params`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`* @param {Object} params.registrationToken registration token`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`* @param {Object} params.userInfo user info`
			`*/`
			`const register = async ({ registrationToken, userInfo }) => {`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`const matchingUser = await strapi.query('user', 'admin').findOne({ registrationToken });`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00
			`if (!matchingUser) {`
			`throw strapi.errors.badRequest('Invalid registration info');`
			`}`

			`return strapi.admin.services.user.update(`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`{ id: matchingUser.id },`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`{`
Add /users/me routes Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 19:54:43 +02:00			`password: userInfo.password,`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`firstname: userInfo.firstname,`
			`lastname: userInfo.lastname,`
			`registrationToken: null,`
			`isActive: true,`
			`}`
			`);`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`};`
Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00
Add GET /admin/users/:id route 2020-05-28 14:03:48 +02:00			`/**`
			`* Find one user`
			`*/`
			`const findOne = async params => {`
			`return strapi.query('user', 'admin').findOne(params);`
			`};`

Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00			`/** Find many users (paginated)`
			`* @param query`
			`* @returns {Promise<user>}`
			`*/`
			`const findPage = async query => {`
			`return strapi.query('user', 'admin').findPage(query);`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`};`

fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`/** Search for many users (paginated)`
			`* @param query`
			`* @returns {Promise<user>}`
			`*/`
			`const searchPage = async query => {`
			`return strapi.query('user', 'admin').searchPage(query);`
			`};`

Fix PR: Refactor user e2e tests, fix domain logic, add user::deleteOne route 2020-06-04 10:25:02 +02:00			`/** Delete a user`
			`* @param query`
			`* @returns {Promise<user>}`
			`*/`
			`const deleteOne = async query => {`
			`return strapi.query('user', 'admin').delete(query);`
			`};`

create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`/** Count the users that don't have any associated roles`
			`* @returns {Promise<number>}`
			`*/`
			`const countUsersWithoutRole = async () => {`
			`const userModel = strapi.query('user', 'admin').model;`
			`const assocTable = userModel.associations.find(a => a.alias === 'roles').tableCollectionName;`
			`let count;`

			`if (userModel.orm === 'bookshelf') {`
			`const result = await userModel`
			`.query(qb => {`
			`qb.count()`
			.leftJoin(assocTable, `${userModel.collectionName}.id`, `${assocTable}.user_id`)
			.where(`${assocTable}.role_id`, null);
			`})`
			`.fetch();`
			`count = result.toJSON()['count(*)'];`
			`} else if (userModel.orm === 'mongoose') {`
			`count = await strapi.query('user', 'admin').model.countDocuments({ roles: { $size: 0 } });`
			`} else {`
			`const allRoles = await strapi.query('role', 'admin').find();`
			`count = await strapi.query('user', 'admin').count({`
			`roles_nin: allRoles.map(r => r.id),`
			`});`
			`}`

			`return count;`
			`};`

Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`module.exports = {`
			`create,`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`update,`
Cleanup strapi-admin services & domain Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-14 10:37:32 +02:00			`exists,`
Add registration info route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 16:07:37 +02:00			`findRegistrationInfo,`
Add register route Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 17:16:49 +02:00			`register,`
Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00			`sanitizeUser,`
Add GET /admin/users/:id route 2020-05-28 14:03:48 +02:00			`findOne,`
Add GET /admin/users route and new pagination system Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 10:55:52 +02:00			`findPage,`
fix PR comments, move pagination logic to the database layer, handle searches Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-05-19 16:10:53 +02:00			`searchPage,`
Fix PR: Refactor user e2e tests, fix domain logic, add user::deleteOne route 2020-06-04 10:25:02 +02:00			`deleteOne,`
create role at startup + warning Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-12 18:42:07 +02:00			`countUsersWithoutRole,`
Add tests Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-13 11:46:52 +02:00			`};`