strapi/packages/strapi-plugin-users-permissions/controllers/User.js

'use strict';

/**
 * User.js controller
 *
 * @description: A set of functions called "actions" for managing `User`.
 */

const _ = require('lodash');

const sanitizeUser = user => _.omit(user, ['password', 'resetPasswordToken']);
const formatError = error => [
  { messages: [{ id: error.id, message: error.message, field: error.field }] },
];

module.exports = {
  /**
   * Retrieve user records.
   * @return {Object|Array}
   */
  async find(ctx, next, { populate } = {}) {
    let users;

    if (_.has(ctx.query, '_q')) {
      // use core strapi query to search for users
      users = await strapi
        .query('user', 'users-permissions')
        .search(ctx.query, populate);
    } else {
      users = await strapi.plugins['users-permissions'].services.user.fetchAll(
        ctx.query,
        populate
      );
    }

    const data = users.map(sanitizeUser);
    ctx.send(data);
  },

  /**
   * Retrieve authenticated user.
   * @return {Object|Array}
   */
  async me(ctx) {
    const user = ctx.state.user;

    if (!user) {
      return ctx.badRequest(null, [
        { messages: [{ id: 'No authorization header was found' }] },
      ]);
    }

    const data = sanitizeUser(user);
    ctx.send(data);
  },

  /**
   * Retrieve a user record.
   * @return {Object}
   */
  async findOne(ctx) {
    const { id } = ctx.params;
    let data = await strapi.plugins['users-permissions'].services.user.fetch({
      id,
    });

    if (data) {
      data = sanitizeUser(data);
    }

    // Send 200 `ok`
    ctx.send(data);
  },

  /**
   * Create a/an user record.
   * @return {Object}
   */
  async create(ctx) {
    const advanced = await strapi
      .store({
        environment: '',
        type: 'plugin',
        name: 'users-permissions',
        key: 'advanced',
      })
      .get();

    const { email, username, password, role } = ctx.request.body;

    if (!email) return ctx.badRequest('missing.email');
    if (!username) return ctx.badRequest('missing.username');
    if (!password) return ctx.badRequest('missing.password');

    const userWithSameUsername = await strapi
      .query('user', 'users-permissions')
      .findOne({ username });

    if (userWithSameUsername) {
      return ctx.badRequest(
        null,
        formatError({
          id: 'Auth.form.error.username.taken',
          message: 'Username already taken.',
          field: ['username'],
        })
      );
    }

    if (advanced.unique_email) {
      const userWithSameEmail = await strapi
        .query('user', 'users-permissions')
        .findOne({ email });

      if (userWithSameEmail) {
        return ctx.badRequest(
          null,

          formatError({
            id: 'Auth.form.error.email.taken',
            message: 'Email already taken.',
            field: ['email'],
          })
        );
      }
    }

    const user = {
      ...ctx.request.body,
      provider: 'local',
    };

    if (!role) {
      const defaultRole = await strapi
        .query('role', 'users-permissions')
        .findOne({ type: advanced.default_role }, []);

      user.role = defaultRole.id;
    }

    try {
      const data = await strapi.plugins['users-permissions'].services.user.add(
        user
      );

      ctx.created(data);
    } catch (error) {
      ctx.badRequest(null, formatError(error));
    }
  },

  /**
   * Update a/an user record.
   * @return {Object}
   */
  async update(ctx) {
    const advancedConfigs = await strapi
      .store({
        environment: '',
        type: 'plugin',
        name: 'users-permissions',
        key: 'advanced',
      })
      .get();

    const { id } = ctx.params;
    const { email, username, password } = ctx.request.body;

    if (!email) return ctx.badRequest('missing.email');
    if (!username) return ctx.badRequest('missing.username');
    if (!password) return ctx.badRequest('missing.password');

    const userWithSameUsername = await strapi
      .query('user', 'users-permissions')
      .findOne({ username });

    if (userWithSameUsername && userWithSameUsername.id != id) {
      return ctx.badRequest(
        null,
        formatError({
          id: 'Auth.form.error.username.taken',
          message: 'username.alreadyTaken.',
          field: ['username'],
        })
      );
    }

    if (advancedConfigs.unique_email) {
      const userWithSameEmail = await strapi
        .query('user', 'users-permissions')
        .findOne({ email });

      if (userWithSameEmail && userWithSameEmail.id != id) {
        return ctx.badRequest(
          null,
          formatError({
            id: 'Auth.form.error.email.taken',
            message: 'Eamil already taken',
            field: ['email'],
          })
        );
      }
    }

    const user = await strapi.plugins['users-permissions'].services.user.fetch({
      id,
    });

    let updateData = {
      ...ctx.request.body,
    };

    if (password === user.password) {
      delete updateData.password;
    }

    const data = await strapi.plugins['users-permissions'].services.user.edit(
      { id },
      updateData
    );

    ctx.send(data);
  },

  /**
   * Destroy a/an user record.
   * @return {Object}
   */
  async destroy(ctx) {
    const { id } = ctx.params;
    const data = await strapi.plugins['users-permissions'].services.user.remove(
      { id }
    );

    ctx.send(data);
  },

  async destroyAll(ctx) {
    const data = await strapi.plugins[
      'users-permissions'
    ].services.user.removeAll(ctx.params, ctx.request.query);

    ctx.send(data);
  },
};
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`'use strict';`

			`/**`
			`* User.js controller`
			`*`
			* @description: A set of functions called "actions" for managing `User`.
			`*/`

Fix user update encrypted password 2017-12-04 15:35:45 +01:00			`const _ = require('lodash');`

Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`const sanitizeUser = user => _.omit(user, ['password', 'resetPasswordToken']);`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`const formatError = error => [`
			`{ messages: [{ id: error.id, message: error.message, field: error.field }] },`
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`];`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`module.exports = {`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`/**`
			`* Retrieve user records.`
			`* @return {Object\|Array}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async find(ctx, next, { populate } = {}) {`
			`let users;`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
Add _q param to GET /users 2019-05-21 16:18:18 +02:00			`if (_.has(ctx.query, '_q')) {`
			`// use core strapi query to search for users`
			`users = await strapi`
			`.query('user', 'users-permissions')`
			`.search(ctx.query, populate);`
			`} else {`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`users = await strapi.plugins['users-permissions'].services.user.fetchAll(`
			`ctx.query,`
			`populate`
			`);`
Add _q param to GET /users 2019-05-21 16:18:18 +02:00			`}`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`const data = users.map(sanitizeUser);`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`ctx.send(data);`
			`},`

feat(plugin-users-permissions): add /user/me to fetch authenticated user model 2018-01-10 20:29:34 +01:00			`/**`
			`* Retrieve authenticated user.`
			`* @return {Object\|Array}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async me(ctx) {`
feat(plugin-users-permissions): add /user/me to fetch authenticated user model 2018-01-10 20:29:34 +01:00			`const user = ctx.state.user;`
Throw error when trying to get /user/me with no headers 2018-01-11 16:24:16 +01:00
			`if (!user) {`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return ctx.badRequest(null, [`
			`{ messages: [{ id: 'No authorization header was found' }] },`
			`]);`
Throw error when trying to get /user/me with no headers 2018-01-11 16:24:16 +01:00			`}`
Add unique email verification on user update 2018-01-18 14:10:26 +01:00
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`const data = sanitizeUser(user);`
feat(plugin-users-permissions): add /user/me to fetch authenticated user model 2018-01-10 20:29:34 +01:00			`ctx.send(data);`
			`},`

Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`/**`
			`* Retrieve a user record.`
			`* @return {Object}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async findOne(ctx) {`
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`const { id } = ctx.params;`
			`let data = await strapi.plugins['users-permissions'].services.user.fetch({`
			`id,`
			`});`
Remove password and token from fetchable data USER API / AUTH 2017-12-06 14:15:27 +01:00
			`if (data) {`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`data = sanitizeUser(data);`
Remove password and token from fetchable data USER API / AUTH 2017-12-06 14:15:27 +01:00			`}`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
			// Send 200 `ok`
			`ctx.send(data);`
			`},`

			`/**`
			`* Create a/an user record.`
			`* @return {Object}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async create(ctx) {`
			`const advanced = await strapi`
			`.store({`
			`environment: '',`
			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced',`
			`})`
			`.get();`
Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`const { email, username, password, role } = ctx.request.body;`

			`if (!email) return ctx.badRequest('missing.email');`
			`if (!username) return ctx.badRequest('missing.username');`
			`if (!password) return ctx.badRequest('missing.password');`

Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`const userWithSameUsername = await strapi`
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`.query('user', 'users-permissions')`
			`.findOne({ username });`

Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`if (userWithSameUsername) {`
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`return ctx.badRequest(`
			`null,`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`formatError({`
			`id: 'Auth.form.error.username.taken',`
			`message: 'Username already taken.',`
			`field: ['username'],`
			`})`
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`);`
			`}`

			`if (advanced.unique_email) {`
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`const userWithSameEmail = await strapi`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`.query('user', 'users-permissions')`
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`.findOne({ email });`
Fix unique email for user API 2018-01-26 09:37:24 +01:00
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`if (userWithSameEmail) {`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`return ctx.badRequest(`
			`null,`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00
			`formatError({`
			`id: 'Auth.form.error.email.taken',`
			`message: 'Email already taken.',`
			`field: ['email'],`
			`})`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`);`
Fix unique email for user API 2018-01-26 09:37:24 +01:00			`}`
			`}`

Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`const user = {`
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`...ctx.request.body,`
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`provider: 'local',`
			`};`

			`if (!role) {`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`const defaultRole = await strapi`
			`.query('role', 'users-permissions')`
			`.findOne({ type: advanced.default_role }, []);`
Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`user.role = defaultRole.id;`
Fix default role provider and create user fix #1212 2018-06-12 19:19:10 +02:00			`}`

Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`try {`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`const data = await strapi.plugins['users-permissions'].services.user.add(`
Fix username unique in users-permissions plugin and implement sql db unique option 2019-07-16 15:31:15 +02:00			`user`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`);`
Allow private attribute into input definition 2018-11-27 14:59:28 +01:00
Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`ctx.created(data);`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`} catch (error) {`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`ctx.badRequest(null, formatError(error));`
Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`}`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Update a/an user record.`
			`* @return {Object}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async update(ctx) {`
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`const advancedConfigs = await strapi`
			`.store({`
			`environment: '',`
			`type: 'plugin',`
			`name: 'users-permissions',`
			`key: 'advanced',`
			`})`
			`.get();`
Fix user update encrypted password 2017-12-04 15:35:45 +01:00
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`const { id } = ctx.params;`
			`const { email, username, password } = ctx.request.body;`
Fix user update encrypted password 2017-12-04 15:35:45 +01:00
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`if (!email) return ctx.badRequest('missing.email');`
			`if (!username) return ctx.badRequest('missing.username');`
			`if (!password) return ctx.badRequest('missing.password');`
Add unique email verification on user update 2018-01-18 14:10:26 +01:00
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`const userWithSameUsername = await strapi`
			`.query('user', 'users-permissions')`
			`.findOne({ username });`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`if (userWithSameUsername && userWithSameUsername.id != id) {`
			`return ctx.badRequest(`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`null,`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`formatError({`
			`id: 'Auth.form.error.username.taken',`
			`message: 'username.alreadyTaken.',`
			`field: ['username'],`
			`})`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`);`
Handle backend errors in ctm 2017-12-06 15:11:55 +01:00			`}`
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00
			`if (advancedConfigs.unique_email) {`
			`const userWithSameEmail = await strapi`
			`.query('user', 'users-permissions')`
			`.findOne({ email });`

			`if (userWithSameEmail && userWithSameEmail.id != id) {`
			`return ctx.badRequest(`
			`null,`
Remove x-forwarded-host. - set security defaults for development mode that are standard - refactor error messages to work without ctx.request.admin - remove mask middleware and add a sanitization layer to the core-api to hide private fileds 2019-08-21 12:10:23 +02:00			`formatError({`
			`id: 'Auth.form.error.email.taken',`
			`message: 'Eamil already taken',`
			`field: ['email'],`
			`})`
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`);`
			`}`
			`}`

			`const user = await strapi.plugins['users-permissions'].services.user.fetch({`
			`id,`
			`});`

			`let updateData = {`
			`...ctx.request.body,`
			`};`

			`if (password === user.password) {`
Add image upload in routing policy of the content manager 2019-08-05 10:31:18 +02:00			`delete updateData.password;`
Fix user update and boolean values in DB 2019-07-16 16:26:53 +02:00			`}`

			`const data = await strapi.plugins['users-permissions'].services.user.edit(`
			`{ id },`
			`updateData`
			`);`

			`ctx.send(data);`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`},`

			`/**`
			`* Destroy a/an user record.`
			`* @return {Object}`
			`*/`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async destroy(ctx) {`
Implement delete user 2019-07-16 16:49:36 +02:00			`const { id } = ctx.params;`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`const data = await strapi.plugins['users-permissions'].services.user.remove(`
Implement delete user 2019-07-16 16:49:36 +02:00			`{ id }`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`);`

Handle delete many with models from users-permissions 2018-06-06 16:20:52 +02:00			`ctx.send(data);`
			`},`

Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`async destroyAll(ctx) {`
			`const data = await strapi.plugins[`
			`'users-permissions'`
			`].services.user.removeAll(ctx.params, ctx.request.query);`
Handle delete many with models from users-permissions 2018-06-06 16:20:52 +02:00
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`ctx.send(data);`
Refactor users-permissions to use the new strapi.query 2019-07-15 23:16:50 +02:00			`},`
Init user models and fix api prefix 2017-11-14 11:11:22 +01:00			`};`