| 
									
										
										
										
											2020-05-11 17:09:48 +02:00
										 |  |  | 'use strict'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | const passport = require('koa-passport'); | 
					
						
							|  |  |  | const compose = require('koa-compose'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-18 20:08:03 +02:00
										 |  |  | const { | 
					
						
							|  |  |  |   validateRegistrationInput, | 
					
						
							| 
									
										
										
										
											2020-05-22 11:15:06 +02:00
										 |  |  |   validateAdminRegistrationInput, | 
					
						
							| 
									
										
										
										
											2020-05-18 20:08:03 +02:00
										 |  |  |   validateRegistrationInfoQuery, | 
					
						
							| 
									
										
										
										
											2020-05-22 13:45:58 +02:00
										 |  |  |   validateForgotPasswordInput, | 
					
						
							| 
									
										
										
										
											2020-05-22 13:58:58 +02:00
										 |  |  |   validateResetPasswordInput, | 
					
						
							| 
									
										
										
										
											2020-05-18 20:08:03 +02:00
										 |  |  | } = require('../validation/authentication'); | 
					
						
							| 
									
										
										
										
											2020-05-18 17:16:49 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-12 13:21:26 +02:00
										 |  |  | module.exports = { | 
					
						
							|  |  |  |   login: compose([ | 
					
						
							|  |  |  |     (ctx, next) => { | 
					
						
							|  |  |  |       return passport.authenticate('local', { session: false }, (err, user, info) => { | 
					
						
							|  |  |  |         if (err) { | 
					
						
							| 
									
										
										
										
											2021-01-27 11:52:02 +01:00
										 |  |  |           strapi.eventHub.emit('admin.auth.error', { error: err, provider: 'local' }); | 
					
						
							| 
									
										
										
										
											2020-05-12 13:21:26 +02:00
										 |  |  |           return ctx.badImplementation(); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (!user) { | 
					
						
							| 
									
										
										
										
											2021-01-27 11:52:02 +01:00
										 |  |  |           strapi.eventHub.emit('admin.auth.error', { | 
					
						
							|  |  |  |             error: new Error(info.message), | 
					
						
							|  |  |  |             provider: 'local', | 
					
						
							|  |  |  |           }); | 
					
						
							| 
									
										
										
										
											2020-05-12 14:57:24 +02:00
										 |  |  |           return ctx.badRequest(info.message); | 
					
						
							| 
									
										
										
										
											2020-05-12 13:21:26 +02:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-11 17:09:48 +02:00
										 |  |  |         ctx.state.user = user; | 
					
						
							| 
									
										
										
										
											2021-01-27 11:52:02 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  |         strapi.eventHub.emit('admin.auth.success', { user, provider: 'local' }); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-11 17:09:48 +02:00
										 |  |  |         return next(); | 
					
						
							| 
									
										
										
										
											2020-05-12 13:21:26 +02:00
										 |  |  |       })(ctx, next); | 
					
						
							|  |  |  |     }, | 
					
						
							|  |  |  |     ctx => { | 
					
						
							|  |  |  |       const { user } = ctx.state; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       ctx.body = { | 
					
						
							|  |  |  |         data: { | 
					
						
							| 
									
										
										
										
											2020-05-14 11:06:16 +02:00
										 |  |  |           token: strapi.admin.services.token.createJwtToken(user), | 
					
						
							| 
									
										
										
										
											2020-05-13 11:46:52 +02:00
										 |  |  |           user: strapi.admin.services.user.sanitizeUser(ctx.state.user), // TODO: fetch more detailed info
 | 
					
						
							| 
									
										
										
										
											2020-05-12 13:21:26 +02:00
										 |  |  |         }, | 
					
						
							|  |  |  |       }; | 
					
						
							|  |  |  |     }, | 
					
						
							|  |  |  |   ]), | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   renewToken(ctx) { | 
					
						
							|  |  |  |     const { token } = ctx.request.body; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (token === undefined) { | 
					
						
							| 
									
										
										
										
											2020-05-12 20:46:48 +02:00
										 |  |  |       return ctx.badRequest('Missing token'); | 
					
						
							| 
									
										
										
										
											2020-05-12 13:21:26 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-14 11:06:16 +02:00
										 |  |  |     const { isValid, payload } = strapi.admin.services.token.decodeJwtToken(token); | 
					
						
							| 
									
										
										
										
											2020-05-12 13:21:26 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if (!isValid) { | 
					
						
							| 
									
										
										
										
											2020-05-12 20:46:48 +02:00
										 |  |  |       return ctx.badRequest('Invalid token'); | 
					
						
							| 
									
										
										
										
											2020-05-12 13:21:26 +02:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2020-05-11 17:09:48 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     ctx.body = { | 
					
						
							|  |  |  |       data: { | 
					
						
							| 
									
										
										
										
											2020-07-08 12:29:45 +02:00
										 |  |  |         token: strapi.admin.services.token.createJwtToken({ id: payload.id }), | 
					
						
							| 
									
										
										
										
											2020-05-11 17:09:48 +02:00
										 |  |  |       }, | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  |   }, | 
					
						
							| 
									
										
										
										
											2020-05-18 16:07:37 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |   async registrationInfo(ctx) { | 
					
						
							| 
									
										
										
										
											2020-05-18 20:08:03 +02:00
										 |  |  |     try { | 
					
						
							|  |  |  |       await validateRegistrationInfoQuery(ctx.request.query); | 
					
						
							|  |  |  |     } catch (err) { | 
					
						
							|  |  |  |       return ctx.badRequest('QueryError', err); | 
					
						
							| 
									
										
										
										
											2020-05-18 16:07:37 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-18 20:08:03 +02:00
										 |  |  |     const { registrationToken } = ctx.request.query; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-18 16:07:37 +02:00
										 |  |  |     const registrationInfo = await strapi.admin.services.user.findRegistrationInfo( | 
					
						
							|  |  |  |       registrationToken | 
					
						
							|  |  |  |     ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (!registrationInfo) { | 
					
						
							|  |  |  |       return ctx.badRequest('Invalid registrationToken'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     ctx.body = { data: registrationInfo }; | 
					
						
							|  |  |  |   }, | 
					
						
							| 
									
										
										
										
											2020-05-18 17:16:49 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |   async register(ctx) { | 
					
						
							|  |  |  |     const input = ctx.request.body; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try { | 
					
						
							|  |  |  |       await validateRegistrationInput(input); | 
					
						
							|  |  |  |     } catch (err) { | 
					
						
							|  |  |  |       return ctx.badRequest('ValidationError', err); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     const user = await strapi.admin.services.user.register(input); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     ctx.body = { | 
					
						
							|  |  |  |       data: { | 
					
						
							|  |  |  |         token: strapi.admin.services.token.createJwtToken(user), | 
					
						
							|  |  |  |         user: strapi.admin.services.user.sanitizeUser(user), | 
					
						
							|  |  |  |       }, | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  |   }, | 
					
						
							| 
									
										
										
										
											2020-05-22 11:15:06 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |   async registerAdmin(ctx) { | 
					
						
							|  |  |  |     const input = ctx.request.body; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try { | 
					
						
							|  |  |  |       await validateAdminRegistrationInput(input); | 
					
						
							|  |  |  |     } catch (err) { | 
					
						
							|  |  |  |       return ctx.badRequest('ValidationError', err); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-22 16:09:37 +02:00
										 |  |  |     const hasAdmin = await strapi.admin.services.user.exists(); | 
					
						
							| 
									
										
										
										
											2020-05-22 11:15:06 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     if (hasAdmin) { | 
					
						
							|  |  |  |       return ctx.badRequest('You cannot register a new super admin'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-18 11:40:50 +02:00
										 |  |  |     const superAdminRole = await strapi.admin.services.role.getSuperAdmin(); | 
					
						
							| 
									
										
										
										
											2020-06-12 18:42:07 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-06-18 18:10:12 +02:00
										 |  |  |     if (!superAdminRole) { | 
					
						
							|  |  |  |       throw new Error( | 
					
						
							|  |  |  |         "Cannot register the first admin because the super admin role doesn't exist." | 
					
						
							|  |  |  |       ); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-22 11:15:06 +02:00
										 |  |  |     const user = await strapi.admin.services.user.create({ | 
					
						
							|  |  |  |       ...input, | 
					
						
							|  |  |  |       registrationToken: null, | 
					
						
							|  |  |  |       isActive: true, | 
					
						
							| 
									
										
										
										
											2020-06-18 11:40:50 +02:00
										 |  |  |       roles: superAdminRole ? [superAdminRole.id] : [], | 
					
						
							| 
									
										
										
										
											2020-05-22 11:15:06 +02:00
										 |  |  |     }); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-07-23 18:36:29 +02:00
										 |  |  |     await strapi.telemetry.send('didCreateFirstAdmin'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-22 11:15:06 +02:00
										 |  |  |     ctx.body = { | 
					
						
							|  |  |  |       data: { | 
					
						
							|  |  |  |         token: strapi.admin.services.token.createJwtToken(user), | 
					
						
							|  |  |  |         user: strapi.admin.services.user.sanitizeUser(user), | 
					
						
							|  |  |  |       }, | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  |   }, | 
					
						
							| 
									
										
										
										
											2020-05-22 13:45:58 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |   async forgotPassword(ctx) { | 
					
						
							|  |  |  |     const input = ctx.request.body; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try { | 
					
						
							|  |  |  |       await validateForgotPasswordInput(input); | 
					
						
							|  |  |  |     } catch (err) { | 
					
						
							|  |  |  |       return ctx.badRequest('ValidationError', err); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-05-22 16:01:34 +02:00
										 |  |  |     strapi.admin.services.auth.forgotPassword(input); | 
					
						
							| 
									
										
										
										
											2020-05-22 13:45:58 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |     ctx.status = 204; | 
					
						
							|  |  |  |   }, | 
					
						
							| 
									
										
										
										
											2020-05-22 13:58:58 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  |   async resetPassword(ctx) { | 
					
						
							|  |  |  |     const input = ctx.request.body; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     try { | 
					
						
							|  |  |  |       await validateResetPasswordInput(input); | 
					
						
							|  |  |  |     } catch (err) { | 
					
						
							|  |  |  |       return ctx.badRequest('ValidationError', err); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     const user = await strapi.admin.services.auth.resetPassword(input); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     ctx.body = { | 
					
						
							|  |  |  |       data: { | 
					
						
							|  |  |  |         token: strapi.admin.services.token.createJwtToken(user), | 
					
						
							|  |  |  |         user: strapi.admin.services.user.sanitizeUser(user), | 
					
						
							|  |  |  |       }, | 
					
						
							|  |  |  |     }; | 
					
						
							|  |  |  |   }, | 
					
						
							| 
									
										
										
										
											2020-05-11 17:09:48 +02:00
										 |  |  | }; |