strapi/packages/plugins/users-permissions/controllers/user/api.js

'use strict';

const _ = require('lodash');
const { sanitizeEntity } = require('@strapi/utils');
const { getService } = require('../../utils');

const sanitizeUser = user =>
  sanitizeEntity(user, {
    model: strapi.getModel('plugins::users-permissions.user'),
  });

const formatError = error => [
  { messages: [{ id: error.id, message: error.message, field: error.field }] },
];

module.exports = {
  /**
   * Create a/an user record.
   * @return {Object}
   */
  async create(ctx) {
    const advanced = await strapi
      .store({
        environment: '',
        type: 'plugin',
        name: 'users-permissions',
        key: 'advanced',
      })
      .get();

    const { email, username, password, role } = ctx.request.body;

    if (!email) return ctx.badRequest('missing.email');
    if (!username) return ctx.badRequest('missing.username');
    if (!password) return ctx.badRequest('missing.password');

    const userWithSameUsername = await strapi
      .query('plugins::users-permissions.user')
      .findOne({ where: { username } });

    if (userWithSameUsername) {
      return ctx.badRequest(
        null,
        formatError({
          id: 'Auth.form.error.username.taken',
          message: 'Username already taken.',
          field: ['username'],
        })
      );
    }

    if (advanced.unique_email) {
      const userWithSameEmail = await strapi
        .query('plugins::users-permissions.user')
        .findOne({ where: { email: email.toLowerCase() } });

      if (userWithSameEmail) {
        return ctx.badRequest(
          null,

          formatError({
            id: 'Auth.form.error.email.taken',
            message: 'Email already taken.',
            field: ['email'],
          })
        );
      }
    }

    const user = {
      ...ctx.request.body,
      provider: 'local',
    };

    user.email = user.email.toLowerCase();

    if (!role) {
      const defaultRole = await strapi
        .query('plugins::users-permissions.role')
        .findOne({ where: { type: advanced.default_role } });

      user.role = defaultRole.id;
    }

    try {
      const data = await getService('user').add(user);

      ctx.created(sanitizeUser(data));
    } catch (error) {
      ctx.badRequest(null, formatError(error));
    }
  },
  /**
   * Update a/an user record.
   * @return {Object}
   */

  async update(ctx) {
    const advancedConfigs = await strapi
      .store({
        environment: '',
        type: 'plugin',
        name: 'users-permissions',
        key: 'advanced',
      })
      .get();

    const { id } = ctx.params;
    const { email, username, password } = ctx.request.body;

    const user = await getService('user').fetch({
      id,
    });

    if (_.has(ctx.request.body, 'email') && !email) {
      return ctx.badRequest('email.notNull');
    }

    if (_.has(ctx.request.body, 'username') && !username) {
      return ctx.badRequest('username.notNull');
    }

    if (_.has(ctx.request.body, 'password') && !password && user.provider === 'local') {
      return ctx.badRequest('password.notNull');
    }

    if (_.has(ctx.request.body, 'username')) {
      const userWithSameUsername = await strapi
        .query('plugins::users-permissions.user')
        .findOne({ where: { username } });

      if (userWithSameUsername && userWithSameUsername.id != id) {
        return ctx.badRequest(
          null,
          formatError({
            id: 'Auth.form.error.username.taken',
            message: 'username.alreadyTaken.',
            field: ['username'],
          })
        );
      }
    }

    if (_.has(ctx.request.body, 'email') && advancedConfigs.unique_email) {
      const userWithSameEmail = await strapi
        .query('plugins::users-permissions.user')
        .findOne({ where: { email: email.toLowerCase() } });

      if (userWithSameEmail && userWithSameEmail.id != id) {
        return ctx.badRequest(
          null,
          formatError({
            id: 'Auth.form.error.email.taken',
            message: 'Email already taken',
            field: ['email'],
          })
        );
      }
      ctx.request.body.email = ctx.request.body.email.toLowerCase();
    }

    let updateData = {
      ...ctx.request.body,
    };

    if (_.has(ctx.request.body, 'password') && password === user.password) {
      delete updateData.password;
    }

    const data = await getService('user').edit({ id }, updateData);

    ctx.send(sanitizeUser(data));
  },
};
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`'use strict';`

			`const _ = require('lodash');`
Rename import & requires, fix tests 2021-04-29 13:51:12 +02:00			`const { sanitizeEntity } = require('@strapi/utils');`
Use getService 2021-07-08 22:07:52 +02:00			`const { getService } = require('../../utils');`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`const sanitizeUser = user =>`
			`sanitizeEntity(user, {`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`model: strapi.getModel('plugins::users-permissions.user'),`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`});`

			`const formatError = error => [`
			`{ messages: [{ id: error.id, message: error.message, field: error.field }] },`
			`];`

			`module.exports = {`
			`/**`
			`* Create a/an user record.`
			`* @return {Object}`
			`*/`
			`async create(ctx) {`
			`const advanced = await strapi`
			`.store({`
			`environment: '',`
			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced',`
			`})`
			`.get();`

			`const { email, username, password, role } = ctx.request.body;`

			`if (!email) return ctx.badRequest('missing.email');`
			`if (!username) return ctx.badRequest('missing.username');`
			`if (!password) return ctx.badRequest('missing.password');`

			`const userWithSameUsername = await strapi`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`.query('plugins::users-permissions.user')`
			`.findOne({ where: { username } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`if (userWithSameUsername) {`
			`return ctx.badRequest(`
			`null,`
			`formatError({`
			`id: 'Auth.form.error.username.taken',`
			`message: 'Username already taken.',`
			`field: ['username'],`
			`})`
			`);`
			`}`

			`if (advanced.unique_email) {`
Autofix yarn.lock conflict Signed-off-by: Rémi de Juvigny <remi@hey.com> 2020-09-23 14:25:55 +02:00			`const userWithSameEmail = await strapi`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`.query('plugins::users-permissions.user')`
			`.findOne({ where: { email: email.toLowerCase() } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`if (userWithSameEmail) {`
			`return ctx.badRequest(`
			`null,`

			`formatError({`
			`id: 'Auth.form.error.email.taken',`
			`message: 'Email already taken.',`
			`field: ['email'],`
			`})`
			`);`
			`}`
			`}`

			`const user = {`
			`...ctx.request.body,`
			`provider: 'local',`
			`};`

set email validator to lowercase (#7645) * set email validator to lowercase Yup .lowercase() converts the string to lowercase which should be done in all instances of email across the application. Fixes bug where users created inside Strapi admin panel end up with mixed case emails in database. Signed-off-by: bglidwell <sintex+github@gmail.com> * match front-end profile validation to backend Removed .min(5) from backend validation due to redundancy with .email() check Signed-off-by: bglidwell <sintex+github@gmail.com> * cleanup redundant email.toLowerCase() Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * Revert "cleanup redundant email.toLowerCase()" This reverts commit 4565054b298e4518e4ddf41ca602c5960bd9cc28. Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix email case in admin user controller Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix email case in api user controller Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix for graphql tests Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> 2020-09-14 02:30:12 -05:00			`user.email = user.email.toLowerCase();`

Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`if (!role) {`
			`const defaultRole = await strapi`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`.query('plugins::users-permissions.role')`
			`.findOne({ where: { type: advanced.default_role } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`user.role = defaultRole.id;`
			`}`

			`try {`
Use getService 2021-07-08 22:07:52 +02:00			`const data = await getService('user').add(user);`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`ctx.created(sanitizeUser(data));`
			`} catch (error) {`
			`ctx.badRequest(null, formatError(error));`
			`}`
			`},`
			`/**`
			`* Update a/an user record.`
			`* @return {Object}`
			`*/`

			`async update(ctx) {`
			`const advancedConfigs = await strapi`
			`.store({`
			`environment: '',`
			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced',`
			`})`
			`.get();`

			`const { id } = ctx.params;`
			`const { email, username, password } = ctx.request.body;`

Use getService 2021-07-08 22:07:52 +02:00			`const user = await getService('user').fetch({`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`id,`
			`});`

			`if (_.has(ctx.request.body, 'email') && !email) {`
			`return ctx.badRequest('email.notNull');`
			`}`

			`if (_.has(ctx.request.body, 'username') && !username) {`
			`return ctx.badRequest('username.notNull');`
			`}`

			`if (_.has(ctx.request.body, 'password') && !password && user.provider === 'local') {`
			`return ctx.badRequest('password.notNull');`
			`}`

			`if (_.has(ctx.request.body, 'username')) {`
			`const userWithSameUsername = await strapi`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`.query('plugins::users-permissions.user')`
			`.findOne({ where: { username } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`if (userWithSameUsername && userWithSameUsername.id != id) {`
			`return ctx.badRequest(`
			`null,`
			`formatError({`
			`id: 'Auth.form.error.username.taken',`
			`message: 'username.alreadyTaken.',`
			`field: ['username'],`
			`})`
			`);`
			`}`
			`}`

			`if (_.has(ctx.request.body, 'email') && advancedConfigs.unique_email) {`
Autofix yarn.lock conflict Signed-off-by: Rémi de Juvigny <remi@hey.com> 2020-09-23 14:25:55 +02:00			`const userWithSameEmail = await strapi`
Refactor all query() calls 2021-07-08 18:15:32 +02:00			`.query('plugins::users-permissions.user')`
			`.findOne({ where: { email: email.toLowerCase() } });`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`if (userWithSameEmail && userWithSameEmail.id != id) {`
			`return ctx.badRequest(`
			`null,`
			`formatError({`
			`id: 'Auth.form.error.email.taken',`
			`message: 'Email already taken',`
			`field: ['email'],`
			`})`
			`);`
			`}`
set email validator to lowercase (#7645) * set email validator to lowercase Yup .lowercase() converts the string to lowercase which should be done in all instances of email across the application. Fixes bug where users created inside Strapi admin panel end up with mixed case emails in database. Signed-off-by: bglidwell <sintex+github@gmail.com> * match front-end profile validation to backend Removed .min(5) from backend validation due to redundancy with .email() check Signed-off-by: bglidwell <sintex+github@gmail.com> * cleanup redundant email.toLowerCase() Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * Revert "cleanup redundant email.toLowerCase()" This reverts commit 4565054b298e4518e4ddf41ca602c5960bd9cc28. Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix email case in admin user controller Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix email case in api user controller Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> * fix for graphql tests Signed-off-by: Bobby Glidwell <sintex+github@gmail.com> 2020-09-14 02:30:12 -05:00			`ctx.request.body.email = ctx.request.body.email.toLowerCase();`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00			`}`

			`let updateData = {`
			`...ctx.request.body,`
			`};`

			`if (_.has(ctx.request.body, 'password') && password === user.password) {`
			`delete updateData.password;`
			`}`

Use getService 2021-07-08 22:07:52 +02:00			`const data = await getService('user').edit({ id }, updateData);`
Rewrote users-permissions's controller to fit with rbac, fix various bugs in content-manager's controllers Signed-off-by: Convly <jean-sebastien.herbaux@epitech.eu> 2020-07-06 16:25:25 +02:00
			`ctx.send(sanitizeUser(data));`
			`},`
			`};`