2020-05-13 11:46:52 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2020-05-18 16:07:37 +02:00
|
|
|
const _ = require('lodash');
|
2021-04-29 13:51:12 +02:00
|
|
|
const { stringIncludes } = require('@strapi/utils');
|
2020-07-08 16:35:39 +02:00
|
|
|
const { createUser, hasSuperAdminRole } = require('../domain/user');
|
2020-10-12 22:46:56 +02:00
|
|
|
const { password: passwordValidator } = require('../validation/common-validators');
|
2020-10-27 11:27:17 +01:00
|
|
|
const { SUPER_ADMIN_CODE } = require('./constants');
|
2020-05-14 10:37:32 +02:00
|
|
|
|
2020-06-26 12:30:07 +02:00
|
|
|
const sanitizeUserRoles = role => _.pick(role, ['id', 'name', 'description', 'code']);
|
2020-05-28 11:10:49 +02:00
|
|
|
|
2020-05-18 16:07:37 +02:00
|
|
|
/**
|
|
|
|
|
* Remove private user fields
|
|
|
|
|
* @param {Object} user - user to sanitize
|
|
|
|
|
*/
|
|
|
|
|
const sanitizeUser = user => {
|
2020-05-27 16:06:15 +02:00
|
|
|
return {
|
|
|
|
|
..._.omit(user, ['password', 'resetPasswordToken', 'roles']),
|
2020-05-28 11:10:49 +02:00
|
|
|
roles: user.roles && user.roles.map(sanitizeUserRoles),
|
2020-05-27 16:06:15 +02:00
|
|
|
};
|
2020-05-18 16:07:37 +02:00
|
|
|
};
|
|
|
|
|
|
2020-05-14 10:37:32 +02:00
|
|
|
/**
|
|
|
|
|
* Create and save a user in database
|
|
|
|
|
* @param attributes A partial user object
|
|
|
|
|
* @returns {Promise<user>}
|
|
|
|
|
*/
|
2020-05-14 11:06:16 +02:00
|
|
|
const create = async attributes => {
|
2020-08-03 12:27:42 +02:00
|
|
|
const userInfo = {
|
2020-05-14 18:54:52 +02:00
|
|
|
registrationToken: strapi.admin.services.token.createToken(),
|
|
|
|
|
...attributes,
|
2020-08-03 12:27:42 +02:00
|
|
|
};
|
2020-05-14 18:54:52 +02:00
|
|
|
|
2020-08-03 12:27:42 +02:00
|
|
|
if (_.has(attributes, 'password')) {
|
|
|
|
|
userInfo.password = await strapi.admin.services.auth.hashPassword(attributes.password);
|
2020-08-03 11:20:42 +02:00
|
|
|
}
|
2020-05-22 11:15:06 +02:00
|
|
|
|
2020-08-03 12:27:42 +02:00
|
|
|
const user = createUser(userInfo);
|
2020-08-03 11:20:42 +02:00
|
|
|
const createdUser = await strapi.query('user', 'admin').create(user);
|
|
|
|
|
|
2020-08-03 12:27:42 +02:00
|
|
|
await strapi.admin.services.metrics.sendDidInviteUser();
|
2020-05-22 11:15:06 +02:00
|
|
|
|
2020-08-03 11:20:42 +02:00
|
|
|
return createdUser;
|
2020-05-14 11:06:16 +02:00
|
|
|
};
|
2020-05-13 11:46:52 +02:00
|
|
|
|
2020-05-18 17:16:49 +02:00
|
|
|
/**
|
|
|
|
|
* Update a user in database
|
2020-10-12 22:46:56 +02:00
|
|
|
* @param id query params to find the user to update
|
2020-05-18 17:16:49 +02:00
|
|
|
* @param attributes A partial user object
|
|
|
|
|
* @returns {Promise<user>}
|
|
|
|
|
*/
|
2020-06-18 18:10:12 +02:00
|
|
|
const updateById = async (id, attributes) => {
|
2020-06-16 16:29:10 +02:00
|
|
|
// Check at least one super admin remains
|
|
|
|
|
if (_.has(attributes, 'roles')) {
|
2020-07-08 16:35:39 +02:00
|
|
|
const lastAdminUser = await isLastSuperAdminUser(id);
|
2020-06-18 18:10:12 +02:00
|
|
|
const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();
|
2020-07-08 16:35:39 +02:00
|
|
|
const willRemoveSuperAdminRole = !stringIncludes(attributes.roles, superAdminRole.id);
|
|
|
|
|
|
|
|
|
|
if (lastAdminUser && willRemoveSuperAdminRole) {
|
|
|
|
|
throw strapi.errors.badRequest(
|
|
|
|
|
'ValidationError',
|
|
|
|
|
'You must have at least one user with super admin role.'
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// cannot disable last super admin
|
|
|
|
|
if (attributes.isActive === false) {
|
|
|
|
|
const lastAdminUser = await isLastSuperAdminUser(id);
|
|
|
|
|
if (lastAdminUser) {
|
|
|
|
|
throw strapi.errors.badRequest(
|
|
|
|
|
'ValidationError',
|
|
|
|
|
'You must have at least one active user with super admin role.'
|
|
|
|
|
);
|
2020-06-16 16:29:10 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-18 19:54:43 +02:00
|
|
|
// hash password if a new one is sent
|
|
|
|
|
if (_.has(attributes, 'password')) {
|
|
|
|
|
const hashedPassword = await strapi.admin.services.auth.hashPassword(attributes.password);
|
|
|
|
|
|
2020-06-18 18:10:12 +02:00
|
|
|
return strapi.query('user', 'admin').update(
|
|
|
|
|
{ id },
|
|
|
|
|
{
|
|
|
|
|
...attributes,
|
|
|
|
|
password: hashedPassword,
|
|
|
|
|
}
|
|
|
|
|
);
|
2020-05-18 19:54:43 +02:00
|
|
|
}
|
|
|
|
|
|
2020-06-18 18:10:12 +02:00
|
|
|
return strapi.query('user', 'admin').update({ id }, attributes);
|
2020-05-18 17:16:49 +02:00
|
|
|
};
|
|
|
|
|
|
2020-10-12 22:46:56 +02:00
|
|
|
/**
|
|
|
|
|
* Reset a user password by email. (Used in admin:reset CLI)
|
|
|
|
|
* @param {string} email - user email
|
|
|
|
|
* @param {string} password - new password
|
|
|
|
|
*/
|
|
|
|
|
const resetPasswordByEmail = async (email, password) => {
|
|
|
|
|
const user = await findOne({ email });
|
|
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
throw new Error(`User not found for email: ${email}`);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
await passwordValidator.validate(password);
|
|
|
|
|
} catch (error) {
|
|
|
|
|
throw new Error(
|
|
|
|
|
'Invalid password. Expected a minimum of 8 characters with at least one number and one uppercase letter'
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-13 15:13:15 +02:00
|
|
|
await updateById(user.id, { password });
|
2020-10-12 22:46:56 +02:00
|
|
|
};
|
|
|
|
|
|
2020-07-08 16:35:39 +02:00
|
|
|
/**
|
|
|
|
|
* Check if a user is the last super admin
|
|
|
|
|
* @param {int|string} userId user's id to look for
|
|
|
|
|
*/
|
|
|
|
|
const isLastSuperAdminUser = async userId => {
|
|
|
|
|
const user = await findOne({ id: userId }, ['roles']);
|
|
|
|
|
const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();
|
|
|
|
|
|
|
|
|
|
return superAdminRole.usersCount === 1 && hasSuperAdminRole(user);
|
|
|
|
|
};
|
|
|
|
|
|
2020-05-14 10:37:32 +02:00
|
|
|
/**
|
|
|
|
|
* Check if a user with specific attributes exists in the database
|
|
|
|
|
* @param attributes A partial user object
|
|
|
|
|
* @returns {Promise<boolean>}
|
|
|
|
|
*/
|
2020-05-22 16:09:37 +02:00
|
|
|
const exists = async (attributes = {}) => {
|
2020-05-14 10:37:32 +02:00
|
|
|
return (await strapi.query('user', 'admin').count(attributes)) > 0;
|
2020-05-14 11:06:16 +02:00
|
|
|
};
|
2020-05-13 11:46:52 +02:00
|
|
|
|
2020-05-18 16:07:37 +02:00
|
|
|
/**
|
|
|
|
|
* Returns a user registration info
|
|
|
|
|
* @param {string} registrationToken - a user registration token
|
|
|
|
|
* @returns {Promise<registrationInfo>} - Returns user email, firstname and lastname
|
|
|
|
|
*/
|
|
|
|
|
const findRegistrationInfo = async registrationToken => {
|
|
|
|
|
const user = await strapi.query('user', 'admin').findOne({ registrationToken });
|
|
|
|
|
|
|
|
|
|
if (!user) {
|
|
|
|
|
return undefined;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return _.pick(user, ['email', 'firstname', 'lastname']);
|
|
|
|
|
};
|
|
|
|
|
|
2020-05-18 17:16:49 +02:00
|
|
|
/**
|
|
|
|
|
* Registers a user based on a registrationToken and some informations to update
|
|
|
|
|
* @param {Object} params
|
2020-05-19 16:10:53 +02:00
|
|
|
* @param {Object} params.registrationToken registration token
|
2020-05-18 17:16:49 +02:00
|
|
|
* @param {Object} params.userInfo user info
|
|
|
|
|
*/
|
|
|
|
|
const register = async ({ registrationToken, userInfo }) => {
|
2020-05-19 16:10:53 +02:00
|
|
|
const matchingUser = await strapi.query('user', 'admin').findOne({ registrationToken });
|
2020-05-18 17:16:49 +02:00
|
|
|
|
|
|
|
|
if (!matchingUser) {
|
|
|
|
|
throw strapi.errors.badRequest('Invalid registration info');
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-18 18:10:12 +02:00
|
|
|
return strapi.admin.services.user.updateById(matchingUser.id, {
|
|
|
|
|
password: userInfo.password,
|
|
|
|
|
firstname: userInfo.firstname,
|
|
|
|
|
lastname: userInfo.lastname,
|
|
|
|
|
registrationToken: null,
|
|
|
|
|
isActive: true,
|
|
|
|
|
});
|
2020-05-19 16:10:53 +02:00
|
|
|
};
|
2020-05-19 10:55:52 +02:00
|
|
|
|
2020-05-28 14:03:48 +02:00
|
|
|
/**
|
|
|
|
|
* Find one user
|
|
|
|
|
*/
|
2020-07-08 16:35:39 +02:00
|
|
|
const findOne = async (params, populate) => {
|
|
|
|
|
return strapi.query('user', 'admin').findOne(params, populate);
|
2020-05-28 14:03:48 +02:00
|
|
|
};
|
|
|
|
|
|
2020-05-19 10:55:52 +02:00
|
|
|
/** Find many users (paginated)
|
|
|
|
|
* @param query
|
|
|
|
|
* @returns {Promise<user>}
|
|
|
|
|
*/
|
|
|
|
|
const findPage = async query => {
|
|
|
|
|
return strapi.query('user', 'admin').findPage(query);
|
2020-05-18 17:16:49 +02:00
|
|
|
};
|
|
|
|
|
|
2020-05-19 16:10:53 +02:00
|
|
|
/** Search for many users (paginated)
|
|
|
|
|
* @param query
|
|
|
|
|
* @returns {Promise<user>}
|
|
|
|
|
*/
|
|
|
|
|
const searchPage = async query => {
|
|
|
|
|
return strapi.query('user', 'admin').searchPage(query);
|
|
|
|
|
};
|
|
|
|
|
|
2020-07-15 15:46:59 +02:00
|
|
|
/** Delete a user
|
|
|
|
|
* @param id id of the user to delete
|
2020-06-18 11:40:50 +02:00
|
|
|
* @returns {Promise<user>}
|
|
|
|
|
*/
|
2020-06-24 16:48:53 +02:00
|
|
|
const deleteById = async id => {
|
|
|
|
|
// Check at least one super admin remains
|
2020-06-25 10:40:17 +02:00
|
|
|
const userToDelete = await strapi.query('user', 'admin').findOne({ id }, ['roles']);
|
2020-06-24 16:48:53 +02:00
|
|
|
if (userToDelete) {
|
|
|
|
|
if (userToDelete.roles.some(r => r.code === SUPER_ADMIN_CODE)) {
|
|
|
|
|
const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();
|
|
|
|
|
if (superAdminRole.usersCount === 1) {
|
|
|
|
|
throw strapi.errors.badRequest(
|
|
|
|
|
'ValidationError',
|
|
|
|
|
'You must have at least one user with super admin role.'
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return strapi.query('user', 'admin').delete({ id });
|
2020-06-18 11:40:50 +02:00
|
|
|
};
|
|
|
|
|
|
2020-07-15 15:46:59 +02:00
|
|
|
/** Delete a user
|
|
|
|
|
* @param ids ids of the users to delete
|
|
|
|
|
* @returns {Promise<user>}
|
|
|
|
|
*/
|
|
|
|
|
const deleteByIds = async ids => {
|
|
|
|
|
// Check at least one super admin remains
|
2020-07-16 10:00:21 +02:00
|
|
|
const superAdminRole = await strapi.admin.services.role.getSuperAdminWithUsersCount();
|
|
|
|
|
const nbOfSuperAdminToDelete = await strapi
|
|
|
|
|
.query('user', 'admin')
|
|
|
|
|
.count({ id_in: ids, roles: [superAdminRole.id] });
|
|
|
|
|
if (superAdminRole.usersCount === nbOfSuperAdminToDelete) {
|
|
|
|
|
throw strapi.errors.badRequest(
|
|
|
|
|
'ValidationError',
|
|
|
|
|
'You must have at least one user with super admin role.'
|
|
|
|
|
);
|
2020-07-15 15:46:59 +02:00
|
|
|
}
|
2020-07-16 10:00:21 +02:00
|
|
|
|
2020-07-15 15:46:59 +02:00
|
|
|
return strapi.query('user', 'admin').delete({ id_in: ids });
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-12 18:42:07 +02:00
|
|
|
/** Count the users that don't have any associated roles
|
|
|
|
|
* @returns {Promise<number>}
|
|
|
|
|
*/
|
|
|
|
|
const countUsersWithoutRole = async () => {
|
|
|
|
|
const userModel = strapi.query('user', 'admin').model;
|
|
|
|
|
let count;
|
|
|
|
|
|
|
|
|
|
if (userModel.orm === 'bookshelf') {
|
2020-06-18 11:40:50 +02:00
|
|
|
count = await strapi.query('user', 'admin').count({ roles_null: true });
|
2020-06-12 18:42:07 +02:00
|
|
|
} else if (userModel.orm === 'mongoose') {
|
2020-06-18 11:40:50 +02:00
|
|
|
count = await strapi.query('user', 'admin').model.countDocuments({
|
|
|
|
|
$or: [{ roles: { $exists: false } }, { roles: { $size: 0 } }],
|
|
|
|
|
});
|
2020-06-12 18:42:07 +02:00
|
|
|
} else {
|
2020-06-22 13:00:21 +02:00
|
|
|
const allRoles = await strapi.query('role', 'admin').find({ _limit: -1 });
|
2020-06-12 18:42:07 +02:00
|
|
|
count = await strapi.query('user', 'admin').count({
|
|
|
|
|
roles_nin: allRoles.map(r => r.id),
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return count;
|
|
|
|
|
};
|
|
|
|
|
|
2020-08-03 11:20:42 +02:00
|
|
|
/**
|
2020-08-03 12:27:42 +02:00
|
|
|
* Count the number of users based on search params
|
|
|
|
|
* @param params params used for the query
|
2020-08-03 11:20:42 +02:00
|
|
|
* @returns {Promise<number>}
|
|
|
|
|
*/
|
2020-08-03 12:27:42 +02:00
|
|
|
const count = async (params = {}) => {
|
|
|
|
|
return strapi.query('user', 'admin').count(params);
|
2020-08-03 11:20:42 +02:00
|
|
|
};
|
|
|
|
|
|
2020-06-19 18:54:37 +02:00
|
|
|
/** Assign some roles to several users
|
|
|
|
|
* @returns {undefined}
|
|
|
|
|
*/
|
|
|
|
|
const assignARoleToAll = async roleId => {
|
|
|
|
|
const userModel = strapi.query('user', 'admin').model;
|
|
|
|
|
|
|
|
|
|
if (userModel.orm === 'bookshelf') {
|
2020-06-22 13:00:21 +02:00
|
|
|
const assocTable = userModel.associations.find(a => a.alias === 'roles').tableCollectionName;
|
|
|
|
|
const userTable = userModel.collectionName;
|
2020-06-19 18:54:37 +02:00
|
|
|
const knex = strapi.connections[userModel.connection];
|
|
|
|
|
const usersIds = await knex
|
|
|
|
|
.select(`${userTable}.id`)
|
|
|
|
|
.from(userTable)
|
|
|
|
|
.leftJoin(assocTable, `${userTable}.id`, `${assocTable}.user_id`)
|
|
|
|
|
.where(`${assocTable}.role_id`, null)
|
|
|
|
|
.pluck(`${userTable}.id`);
|
|
|
|
|
|
|
|
|
|
if (usersIds.length > 0) {
|
|
|
|
|
const newRelations = usersIds.map(userId => ({ user_id: userId, role_id: roleId }));
|
|
|
|
|
await knex.insert(newRelations).into(assocTable);
|
|
|
|
|
}
|
|
|
|
|
} else if (userModel.orm === 'mongoose') {
|
|
|
|
|
await strapi.query('user', 'admin').model.updateMany({}, { roles: [roleId] });
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2020-06-24 14:09:43 +02:00
|
|
|
/** Display a warning if some users don't have at least one role
|
|
|
|
|
* @returns {Promise<>}
|
|
|
|
|
*/
|
|
|
|
|
const displayWarningIfUsersDontHaveRole = async () => {
|
|
|
|
|
const count = await countUsersWithoutRole();
|
|
|
|
|
|
|
|
|
|
if (count > 0) {
|
|
|
|
|
strapi.log.warn(`Some users (${count}) don't have any role.`);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2020-07-06 18:44:56 +02:00
|
|
|
const migrateUsers = async () => {
|
|
|
|
|
const someRolesExist = await strapi.admin.services.role.exists();
|
|
|
|
|
if (someRolesExist) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const userModel = strapi.query('user', 'admin').model;
|
|
|
|
|
|
|
|
|
|
if (userModel.orm === 'bookshelf') {
|
|
|
|
|
await userModel
|
|
|
|
|
.query(qb => qb.where('blocked', false).orWhere('blocked', null))
|
|
|
|
|
.save({ isActive: true }, { method: 'update', patch: true, require: false });
|
|
|
|
|
await userModel
|
|
|
|
|
.query(qb => qb.where('blocked', true))
|
|
|
|
|
.save({ isActive: false }, { method: 'update', patch: true, require: false });
|
|
|
|
|
} else if (userModel.orm === 'mongoose') {
|
|
|
|
|
await userModel.updateMany({ blocked: { $in: [false, null] } }, { isActive: true });
|
|
|
|
|
await userModel.updateMany({ blocked: true }, { isActive: false });
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2020-05-14 10:37:32 +02:00
|
|
|
module.exports = {
|
|
|
|
|
create,
|
2020-06-18 18:10:12 +02:00
|
|
|
updateById,
|
2020-05-14 10:37:32 +02:00
|
|
|
exists,
|
2020-05-18 16:07:37 +02:00
|
|
|
findRegistrationInfo,
|
2020-05-18 17:16:49 +02:00
|
|
|
register,
|
2020-05-19 10:55:52 +02:00
|
|
|
sanitizeUser,
|
2020-05-28 14:03:48 +02:00
|
|
|
findOne,
|
2020-05-19 10:55:52 +02:00
|
|
|
findPage,
|
2020-05-19 16:10:53 +02:00
|
|
|
searchPage,
|
2020-06-24 16:48:53 +02:00
|
|
|
deleteById,
|
2020-07-15 15:46:59 +02:00
|
|
|
deleteByIds,
|
2020-06-12 18:42:07 +02:00
|
|
|
countUsersWithoutRole,
|
2020-08-03 11:20:42 +02:00
|
|
|
count,
|
2020-06-19 18:54:37 +02:00
|
|
|
assignARoleToAll,
|
2020-06-24 14:09:43 +02:00
|
|
|
displayWarningIfUsersDontHaveRole,
|
2020-07-06 18:44:56 +02:00
|
|
|
migrateUsers,
|
2020-10-12 22:46:56 +02:00
|
|
|
resetPasswordByEmail,
|
2020-05-13 11:46:52 +02:00
|
|
|
};
|
