strapi/packages/strapi-plugin-users-permissions/services/User.js

'use strict';

/**
 * User.js service
 *
 * @description: A set of functions similar to controller's actions to avoid code duplication.
 */

// Public dependencies.
const _ = require('lodash');
const bcrypt = require('bcryptjs');

module.exports = {
  /**
   * Promise to add a/an user.
   * @return {Promise}
   */
  async add(values) {
    if (values.password) {
      values.password = await strapi.plugins[
        'users-permissions'
      ].services.user.hashPassword(values);
    }

    return strapi.query('user', 'users-permissions').create(values);
  },

  /**
   * Promise to edit a/an user.
   * @return {Promise}
   */
  async edit(params, values) {
    // Note: The current method will return the full response of Mongo.
    // To get the updated object, you have to execute the `findOne()` method
    // or use the `findOneOrUpdate()` method with `{ new:true }` option.
    if (values.password) {
      values.password = await strapi.plugins[
        'users-permissions'
      ].services.user.hashPassword(values);
    }

    // Use Content Manager business logic to handle relation.
    if (strapi.plugins['content-manager']) {
      params.model = 'user';
      params.id = params._id || params.id;

      return await strapi.plugins['content-manager'].services[
        'contentmanager'
      ].edit(params, values, 'users-permissions');
    }

    return strapi
      .query('user', 'users-permissions')
      .update(_.assign(params, values));
  },

  /**
   * Promise to fetch a/an user.
   * @return {Promise}
   */
  fetch(params) {
    return strapi
      .query('user', 'users-permissions')
      .findOne(_.pick(params, ['_id', 'id']));
  },

  /**
   * Promise to fetch all users.
   * @return {Promise}
   */
  fetchAll(params, populate) {
    return strapi.query('user', 'users-permissions').find(params, populate);
  },

  hashPassword(user = {}) {
    return new Promise(resolve => {
      if (!user.password || this.isHashed(user.password)) {
        resolve(null);
      } else {
        bcrypt.hash(`${user.password}`, 10, (err, hash) => {
          resolve(hash);
        });
      }
    });
  },

  isHashed(password) {
    if (typeof password !== 'string' || !password) {
      return false;
    }

    return password.split('$').length === 4;
  },

  /**
   * Promise to remove a/an user.
   * @return {Promise}
   */
  async remove(params) {
    // Use Content Manager business logic to handle relation.
    if (strapi.plugins['content-manager']) {
      params.model = 'user';
      params.id = params._id || params.id;

      return await strapi.plugins['content-manager'].services[
        'contentmanager'
      ].delete(params, { source: 'users-permissions' });
    }

    return strapi.query('user', 'users-permissions').delete(params);
  },

  async removeAll(params, query) {
    // Use Content Manager business logic to handle relation.
    if (strapi.plugins['content-manager']) {
      params.model = 'user';
      query.source = 'users-permissions';

      return await strapi.plugins['content-manager'].services[
        'contentmanager'
      ].deleteMany(params, query);
    }

    // TODO remove this logic when we develop plugins' dependencies
    const primaryKey = strapi.query('user', 'users-permissions').primaryKey;
    const toRemove = Object.keys(query).reduce((acc, curr) => {
      if (curr !== 'source') {
        return acc.concat([query[curr]]);
      }

      return acc;
    }, []);

    return strapi.query('user', 'users-permissions').deleteMany({
      [primaryKey]: toRemove,
    });
  },

  validatePassword(password, hash) {
    return bcrypt.compareSync(password, hash);
  },
};
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`'use strict';`

			`/**`
			`* User.js service`
			`*`
			`* @description: A set of functions similar to controller's actions to avoid code duplication.`
			`*/`

			`// Public dependencies.`
			`const _ = require('lodash');`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`const bcrypt = require('bcryptjs');`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
			`module.exports = {`
			`/**`
			`* Promise to add a/an user.`
			`* @return {Promise}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async add(values) {`
Redirect CM action to plugin's controller for User plugin 2017-11-29 16:10:13 +01:00			`if (values.password) {`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`values.password = await strapi.plugins[`
			`'users-permissions'`
			`].services.user.hashPassword(values);`
Redirect CM action to plugin's controller for User plugin 2017-11-29 16:10:13 +01:00			`}`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return strapi.query('user', 'users-permissions').create(values);`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Promise to edit a/an user.`
			`* @return {Promise}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async edit(params, values) {`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`// Note: The current method will return the full response of Mongo.`
			// To get the updated object, you have to execute the `findOne()` method
			// or use the `findOneOrUpdate()` method with `{ new:true }` option.
Redirect CM action to plugin's controller for User plugin 2017-11-29 16:10:13 +01:00			`if (values.password) {`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`values.password = await strapi.plugins[`
			`'users-permissions'`
			`].services.user.hashPassword(values);`
Redirect CM action to plugin's controller for User plugin 2017-11-29 16:10:13 +01:00			`}`

Split Content-Manager logic into service & allow CRUD and associations w/ plugin's models w/ Mongoose 2017-12-11 18:23:15 +01:00			`// Use Content Manager business logic to handle relation.`
			`if (strapi.plugins['content-manager']) {`
Fix user update via API and content-type-builder 2018-02-02 12:59:34 +01:00			`params.model = 'user';`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`params.id = params._id \|\| params.id;`
Fix user update via API and content-type-builder 2018-02-02 12:59:34 +01:00
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return await strapi.plugins['content-manager'].services[`
			`'contentmanager'`
			`].edit(params, values, 'users-permissions');`
Split Content-Manager logic into service & allow CRUD and associations w/ plugin's models w/ Mongoose 2017-12-11 18:23:15 +01:00			`}`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return strapi`
			`.query('user', 'users-permissions')`
			`.update(_.assign(params, values));`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
Sort functions by name 2017-12-07 15:27:11 +01:00			`* Promise to fetch a/an user.`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`* @return {Promise}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`fetch(params) {`
			`return strapi`
			`.query('user', 'users-permissions')`
			`.findOne(_.pick(params, ['_id', 'id']));`
Sort functions by name 2017-12-07 15:27:11 +01:00			`},`

			`/**`
			`* Promise to fetch all users.`
			`* @return {Promise}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`fetchAll(params, populate) {`
			`return strapi.query('user', 'users-permissions').find(params, populate);`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`},`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`hashPassword(user = {}) {`
			`return new Promise(resolve => {`
Update doc and generated template 2017-11-29 15:46:28 +01:00			`if (!user.password \|\| this.isHashed(user.password)) {`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`resolve(null);`
			`} else {`
[#932] fixed Setting user with numeric password fails 2018-09-22 18:45:49 +05:30			bcrypt.hash(`${user.password}`, 10, (err, hash) => {
Add eslint to users-permissions backend 2018-04-30 18:26:56 +02:00			`resolve(hash);`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`});`
			`}`
			`});`
			`},`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`isHashed(password) {`
Register new user with hashed password 2017-11-16 14:12:03 +01:00			`if (typeof password !== 'string' \|\| !password) {`
			`return false;`
			`}`

			`return password.split('$').length === 4;`
			`},`
Use db users for login 2017-11-16 14:29:49 +01:00
Sort functions by name 2017-12-07 15:27:11 +01:00			`/**`
			`* Promise to remove a/an user.`
			`* @return {Promise}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async remove(params) {`
Split Content-Manager logic into service & allow CRUD and associations w/ plugin's models w/ Mongoose 2017-12-11 18:23:15 +01:00			`// Use Content Manager business logic to handle relation.`
			`if (strapi.plugins['content-manager']) {`
Delete file upload 2018-02-19 16:00:37 +01:00			`params.model = 'user';`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`params.id = params._id \|\| params.id;`
Delete file upload 2018-02-19 16:00:37 +01:00
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return await strapi.plugins['content-manager'].services[`
			`'contentmanager'`
			`].delete(params, { source: 'users-permissions' });`
Split Content-Manager logic into service & allow CRUD and associations w/ plugin's models w/ Mongoose 2017-12-11 18:23:15 +01:00			`}`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return strapi.query('user', 'users-permissions').delete(params);`
Sort functions by name 2017-12-07 15:27:11 +01:00			`},`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async removeAll(params, query) {`
Handle delete many with models from users-permissions 2018-06-06 16:20:52 +02:00			`// Use Content Manager business logic to handle relation.`
			`if (strapi.plugins['content-manager']) {`
			`params.model = 'user';`
			`query.source = 'users-permissions';`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return await strapi.plugins['content-manager'].services[`
			`'contentmanager'`
			`].deleteMany(params, query);`
Handle delete many with models from users-permissions 2018-06-06 16:20:52 +02:00			`}`

			`// TODO remove this logic when we develop plugins' dependencies`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`const primaryKey = strapi.query('user', 'users-permissions').primaryKey;`
Handle delete many with models from users-permissions 2018-06-06 16:20:52 +02:00			`const toRemove = Object.keys(query).reduce((acc, curr) => {`
			`if (curr !== 'source') {`
			`return acc.concat([query[curr]]);`
			`}`

			`return acc;`
			`}, []);`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return strapi.query('user', 'users-permissions').deleteMany({`
Handle delete many with models from users-permissions 2018-06-06 16:20:52 +02:00			`[primaryKey]: toRemove,`
			`});`
			`},`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`validatePassword(password, hash) {`
Use db users for login 2017-11-16 14:29:49 +01:00			`return bcrypt.compareSync(password, hash);`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`},`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`};`