strapi/packages/strapi-admin/validation/common-validators.js

'use strict';

const { yup } = require('strapi-utils');
const _ = require('lodash');
const actionDomain = require('../domain/action');
const {
  checkFieldsAreCorrectlyNested,
  checkFieldsDontHaveDuplicates,
} = require('./common-functions');

const email = yup
  .string()
  .email()
  .lowercase();

const firstname = yup.string().min(1);

const lastname = yup.string().min(1);

const username = yup.string().min(1);

const password = yup
  .string()
  .min(8)
  .matches(/[a-z]/, '${path} must contain at least one lowercase character')
  .matches(/[A-Z]/, '${path} must contain at least one uppercase character')
  .matches(/\d/, '${path} must contain at least one number');

const roles = yup.array(yup.strapiID()).min(1);

const isAPluginName = yup
  .string()
  .test('is-a-plugin-name', 'is not a plugin name', function(value) {
    return [undefined, 'admin', ...Object.keys(strapi.plugins)].includes(value)
      ? true
      : this.createError({ path: this.path, message: `${this.path} is not an existing plugin` });
  });

const arrayOfConditionNames = yup
  .array()
  .of(yup.string())
  .test('is-an-array-of-conditions', 'is not a plugin name', function(value) {
    const ids = strapi.admin.services.permission.conditionProvider.getAll().map(c => c.id);
    return _.isUndefined(value) || _.difference(value, ids).length === 0
      ? true
      : this.createError({ path: this.path, message: `contains conditions that don't exist` });
  });

const permissionsAreEquals = (a, b) =>
  a.action === b.action && (a.subject === b.subject || (_.isNil(a.subject) && _.isNil(b.subject)));

const checkNoDuplicatedPermissions = permissions =>
  !Array.isArray(permissions) ||
  permissions.every((permA, i) =>
    permissions.slice(i + 1).every(permB => !permissionsAreEquals(permA, permB))
  );

const checkNilFields = function(fields) {
  // If the parent has no action field, then we ignore this test
  if (_.isNil(this.parent.action)) {
    return true;
  }

  const { actionProvider } = strapi.admin.services.permission;
  const action = actionProvider.getByActionId(this.parent.action);

  return actionDomain.hasFieldsRestriction(action) || _.isNil(fields);
};

const updatePermissions = yup
  .object()
  .shape({
    permissions: yup
      .array()
      .requiredAllowEmpty()
      .of(
        yup
          .object()
          .shape({
            action: yup.string().required(),
            subject: yup.string().nullable(),
            fields: yup
              .array()
              .of(yup.string())
              .nullable()
              .test(
                'field-nested',
                'Fields format are incorrect (bad nesting).',
                checkFieldsAreCorrectlyNested
              )
              .test(
                'field-nested',
                'Fields format are incorrect (duplicates).',
                checkFieldsDontHaveDuplicates
              )
              .test(
                'fields-restriction',
                'The permission at ${path} must have fields set to null or undefined',
                checkNilFields
              ),
            conditions: yup.array().of(yup.string()),
          })
          .noUnknown()
      )
      .test(
        'duplicated-permissions',
        'Some permissions are duplicated (same action and subject)',
        checkNoDuplicatedPermissions
      ),
  })
  .required()
  .noUnknown();

module.exports = {
  email,
  firstname,
  lastname,
  username,
  password,
  roles,
  isAPluginName,
  arrayOfConditionNames,
  updatePermissions,
};
Add /users/me routes Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 19:54:43 +02:00			`'use strict';`

			`const { yup } = require('strapi-utils');`
add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00			`const _ = require('lodash');`
Rename fieldsGranularity to fieldsRestriction, various bug fixes Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-11 18:16:39 +02:00			`const actionDomain = require('../domain/action');`
fix bad nesting Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-01 11:51:37 +02:00			`const {`
			`checkFieldsAreCorrectlyNested,`
			`checkFieldsDontHaveDuplicates,`
			`} = require('./common-functions');`
Add /users/me routes Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 19:54:43 +02:00
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`const email = yup`
			`.string()`
			`.email()`
set email validator to lowercase (#7645) * set email validator to lowercase Yup .lowercase() converts the string to lowercase which should be done in all instances of email across the application. Fixes bug where users created inside Strapi admin panel end up with mixed case emails in database. Signed-off-by: bglidwell <sintex+github@gmail.com> * match front-end profile validation to backend Removed .min(5) from backend validation due to redundancy with .email() check Signed-off-by: bglidwell <sintex+github@gmail.com> * cleanup redundant email.toLowerCase() Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * Revert "cleanup redundant email.toLowerCase()" This reverts commit 4565054b298e4518e4ddf41ca602c5960bd9cc28. Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix email case in admin user controller Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix email case in api user controller Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix for graphql tests Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> 2020-09-14 02:30:12 -05:00			`.lowercase();`
Add update user route in the user api 2020-05-27 16:06:15 +02:00
			`const firstname = yup.string().min(1);`

			`const lastname = yup.string().min(1);`
Add /users/me routes Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com> 2020-05-18 19:54:43 +02:00
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`const username = yup.string().min(1);`

			`const password = yup`
			`.string()`
			`.min(8)`
			`.matches(/[a-z]/, '${path} must contain at least one lowercase character')`
			`.matches(/[A-Z]/, '${path} must contain at least one uppercase character')`
			`.matches(/\d/, '${path} must contain at least one number');`

Use custom type for strapiID & move it to strapi-utils 2020-05-28 16:56:44 +02:00			`const roles = yup.array(yup.strapiID()).min(1);`
Add update user route in the user api 2020-05-27 16:06:15 +02:00
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-09 17:45:53 +02:00			`const isAPluginName = yup`
			`.string()`
			`.test('is-a-plugin-name', 'is not a plugin name', function(value) {`
			`return [undefined, 'admin', ...Object.keys(strapi.plugins)].includes(value)`
			`? true`
			: this.createError({ path: this.path, message: `${this.path} is not an existing plugin` });
			`});`

first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`const arrayOfConditionNames = yup`
add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00			`.array()`
			`.of(yup.string())`
			`.test('is-an-array-of-conditions', 'is not a plugin name', function(value) {`
use new condition format Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 15:34:09 +02:00			`const ids = strapi.admin.services.permission.conditionProvider.getAll().map(c => c.id);`
add conditions logic for author/editor Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-15 19:11:36 +02:00			`return _.isUndefined(value) \|\| _.difference(value, ids).length === 0`
			`? true`
			: this.createError({ path: this.path, message: `contains conditions that don't exist` });
			`});`

refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-03 18:33:38 +02:00			`const permissionsAreEquals = (a, b) =>`
			`a.action === b.action && (a.subject === b.subject \|\| (_.isNil(a.subject) && _.isNil(b.subject)));`

			`const checkNoDuplicatedPermissions = permissions =>`
simplify validator Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-06 09:56:37 +02:00			`!Array.isArray(permissions) \|\|`
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-03 18:33:38 +02:00			`permissions.every((permA, i) =>`
			`permissions.slice(i + 1).every(permB => !permissionsAreEquals(permA, permB))`
			`);`

Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-14 16:31:36 +02:00			`const checkNilFields = function(fields) {`
			`// If the parent has no action field, then we ignore this test`
			`if (_.isNil(this.parent.action)) {`
			`return true;`
			`}`

			`const { actionProvider } = strapi.admin.services.permission;`
			`const action = actionProvider.getByActionId(this.parent.action);`

			`return actionDomain.hasFieldsRestriction(action) \|\| _.isNil(fields);`
			`};`

simplify validator Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-06 09:56:37 +02:00			`const updatePermissions = yup`
			`.object()`
			`.shape({`
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-03 18:33:38 +02:00			`permissions: yup`
			`.array()`
simplify validator Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-06 09:56:37 +02:00			`.requiredAllowEmpty()`
			`.of(`
			`yup`
			`.object()`
			`.shape({`
			`action: yup.string().required(),`
			`subject: yup.string().nullable(),`
			`fields: yup`
			`.array()`
			`.of(yup.string())`
			`.nullable()`
			`.test(`
			`'field-nested',`
			`'Fields format are incorrect (bad nesting).',`
			`checkFieldsAreCorrectlyNested`
			`)`
			`.test(`
			`'field-nested',`
			`'Fields format are incorrect (duplicates).',`
			`checkFieldsDontHaveDuplicates`
Refactor validators and add better messages Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-13 14:15:25 +02:00			`)`
			`.test(`
			`'fields-restriction',`
			`'The permission at ${path} must have fields set to null or undefined',`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-14 16:31:36 +02:00			`checkNilFields`
simplify validator Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-06 09:56:37 +02:00			`),`
clean conditions at get and update Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-20 17:40:01 +02:00			`conditions: yup.array().of(yup.string()),`
simplify validator Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-06 09:56:37 +02:00			`})`
			`.noUnknown()`
Refactor validators and add better messages Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-13 14:15:25 +02:00			`)`
			`.test(`
Fix pr comments Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-14 16:31:36 +02:00			`'duplicated-permissions',`
Refactor validators and add better messages Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-08-13 14:15:25 +02:00			`'Some permissions are duplicated (same action and subject)',`
			`checkNoDuplicatedPermissions`
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-03 18:33:38 +02:00			`),`
simplify validator Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-06 09:56:37 +02:00			`})`
			`.required()`
			`.noUnknown();`
fifth refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-23 16:31:16 +02:00
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`module.exports = {`
			`email,`
			`firstname,`
			`lastname,`
			`username,`
			`password,`
			`roles,`
refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-09 17:45:53 +02:00			`isAPluginName,`
first refacto Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-06-18 11:40:50 +02:00			`arrayOfConditionNames,`
simplify validator Signed-off-by: Pierre Noël <petersg83@gmail.com> 2020-07-06 09:56:37 +02:00			`updatePermissions,`
Add update user route in the user api 2020-05-27 16:06:15 +02:00			`};`