yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-29 16:16:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Review Auth response

Browse Source
This commit is contained in:
Jim Laurie 2017-11-20 16:28:50 +01:00
parent fa329a05a7
commit 156e21f650
6 changed files with 93 additions and 145 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/strapi-plugin-email/package.json
View File

@ -46,4 +46,4 @@
"npm": ">= 3.0.0"
},
"license": "MIT"
}
}

10
packages/strapi-plugin-users-permissions/admin/src/translations/en.json
View File

@ -29,6 +29,16 @@
"Auth.form.register-success.email.label": "Email send with success to",
"Auth.form.register-success.email.placeholder": "mysuperemail@gmail.com",
"Auth.form.error.email.provide": "Please provide your username or your e-mail.",
"Auth.form.error.password.provide": "Please provide your password.",
"Auth.form.error.invalid": "Identifier or password invalid.",
"Auth.form.error.password.local": "This user never set a local password, please login thanks to the provider used during account creation.",
"Auth.form.error.password.format": "Your password can not contain more than three times the symbol `$`.",
"Auth.form.error.user.not-exist": "This email does not exist.",
"Auth.form.error.code.provide": "Incorrect code provided.",
"Auth.form.error.password.matching": "Passwords not matching.",
"Auth.form.error.params.provide": "Incorrect params provided.",
"Auth.link.forgot-password": "Forgot your password?",
"Auth.link.ready": "Reasy to sign-in?",

10
packages/strapi-plugin-users-permissions/admin/src/translations/fr.json
View File

@ -29,6 +29,16 @@
"Auth.form.register-success.email.label": "Email envoyé avec succès à",
"Auth.form.register-success.email.placeholder": "mysuperemail@gmail.com",
"Auth.form.error.email.provide": "Votre identifiant est manquant.",
"Auth.form.error.password.provide": "Votre mot de passe est manquant.",
"Auth.form.error.invalid": "Votre identifiant ou mot de passe est incorrect.",
"Auth.form.error.password.local": "Ce compte n'a pas de mot de passe.",
"Auth.form.error.password.format": "Votre mot de passe ne peut pas contenir trois fois le symbole `$`.",
"Auth.form.error.user.not-exist": "Cette e-mails n'existe pas.",
"Auth.form.error.code.provide": "Le code est incorrect.",
"Auth.form.error.password.matching": "Les mots de passe ne sont pas identique.",
"Auth.form.error.params.provide": "Les informations nos incorrect.",
"Auth.link.forgot-password": "Mot de passe oublié?",
"Auth.link.ready": "Prêt à vous connecter?",

2
packages/strapi-plugin-users-permissions/config/queries/bookshelf.js
View File

@ -31,7 +31,7 @@ module.exports = {
const entry = await this
.forge()
.save(Object.keys(params.values).reduce((acc, current) => {
if (this._attributes[current].type) {
if (_.get(this, ['_attributes', current, 'type'])) {
acc[current] = params.values[current];
}

8
packages/strapi-plugin-users-permissions/config/roles.json
View File

@ -152,6 +152,10 @@
"users-permissions": {
"controllers": {
"auth": {
"identity": {
"enabled": false,
"policy": ""
},
"callback": {
"enabled": false,
"policy": ""
@ -167,10 +171,6 @@
"changePassword": {
"enabled": false,
"policy": ""
},
"identity": {
"enabled": false,
"policy": ""
}
},
"user": {

206
packages/strapi-plugin-users-permissions/controllers/Auth.js
View File

@ -18,18 +18,12 @@ module.exports = {
if (provider === 'local') {
// The identifier is required.
if (!params.identifier) {
ctx.status = 400;
return ctx.body = {
message: 'Please provide your username or your e-mail.'
};
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.email.provide' }] }]);
}
// The password is required.
if (!params.password) {
ctx.status = 400;
return ctx.body = {
message: 'Please provide your password.'
};
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.provide' }] }]);
}
const query = {};
@ -45,56 +39,32 @@ module.exports = {
}
// Check if the user exists.
try {
const user = await strapi.query('user', 'users-permissions').findOne(query);
const user = await strapi.query('user', 'users-permissions').findOne(query);
if (!user) {
ctx.status = 403;
return ctx.body = {
message: 'Identifier or password invalid.'
};
}
if (!user) {
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.invalid' }] }]);
}
// The user never registered with the `local` provider.
if (!user.password) {
ctx.status = 400;
return ctx.body = {
message: 'This user never set a local password, please login thanks to the provider used during account creation.'
};
}
// The user never registered with the `local` provider.
if (!user.password) {
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.local' }] }]);
}
const validPassword = strapi.plugins['users-permissions'].services.user.validatePassword(params.password, user.password);
const validPassword = strapi.plugins['users-permissions'].services.user.validatePassword(params.password, user.password);
if (!validPassword) {
ctx.status = 403;
return ctx.body = {
message: 'Identifier or password invalid.'
};
} else {
ctx.status = 200;
ctx.body = {
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
user: user
};
}
} catch (err) {
ctx.status = 500;
return ctx.body = {
message: err.message
};
if (!validPassword) {
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.invalid' }] }]);
} else {
ctx.send({
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
user: user
});
}
} else {
// Connect the user thanks to the third-party provider.
try {
const user = await strapi.api.user.services.grant.connect(provider, access_token);
const user = await strapi.api.user.services.grant.connect(provider, access_token);
ctx.redirect(strapi.config.frontendUrl || strapi.config.url + '?jwt=' + strapi.api.user.services.jwt.issue(user) + '&user=' + JSON.stringify(user));
} catch (err) {
ctx.status = 500;
return ctx.body = {
message: err.message
};
}
ctx.redirect(strapi.config.frontendUrl || strapi.config.url + '?jwt=' + strapi.api.user.services.jwt.issue(user) + '&user=' + JSON.stringify(user));
}
},
@ -105,47 +75,33 @@ module.exports = {
// Password is required.
if (!params.password) {
ctx.status = 400;
return ctx.body = {
message: 'Invalid password field.'
};
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.provide' }] }]);
}
// Throw an error if the password selected by the user
// contains more than two times the symbol '$'.
if (strapi.plugins['users-permissions'].services.user.isHashed(params.password)) {
ctx.status = 400;
return ctx.body = {
message: 'Your password can not contain more than three times the symbol `$`.'
};
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.format' }] }]);
}
// First, check if the user is the first one to register as admin.
try {
const adminUsers = await strapi.query('user', 'users-permissions').find({ admin: true });
const adminUsers = await strapi.query('user', 'users-permissions').find({ admin: true });
// Check if the user is the first to register
if (adminUsers.length === 0) {
params.admin = true;
}
params.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params);
const user = await strapi.query('user', 'users-permissions').create({
values: params
});
ctx.status = 200;
ctx.body = {
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
user: user
};
} catch (err) {
ctx.status = 500;
return ctx.body = {
message: err.message
};
// Check if the user is the first to register
if (adminUsers.length === 0) {
params.admin = true;
}
params.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params);
const user = await strapi.query('user', 'users-permissions').create({
values: params
});
ctx.send({
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
user: user
});
},
forgotPassword: async (ctx) => {
@ -157,10 +113,7 @@ module.exports = {
// User not found.
if (!user) {
ctx.status = 400;
return ctx.body = {
message: 'This email does not exist.'
};
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.user.not-exist' }] }]);
}
// Generate random token.
@ -176,70 +129,45 @@ module.exports = {
});
// Send an email to the user.
try {
await strapi.plugins['email'].services.email.send({
to: user.email,
subject: 'Reset password',
text: url + '?code=' + resetPasswordToken,
html: url + '?code=' + resetPasswordToken
});
ctx.status = 200;
ctx.body = {};
} catch (err) {
ctx.status = 500;
ctx.body = {
message: 'Error sending the email'
};
}
await strapi.plugins['email'].services.email.send({
to: user.email,
subject: 'Reset password',
text: url + '?code=' + resetPasswordToken,
html: url + '?code=' + resetPasswordToken
});
ctx.send();
},
changePassword: async (ctx) => {
const params = _.assign({}, ctx.request.body, ctx.params);
if (params.password && params.passwordConfirmation && params.password === params.passwordConfirmation && params.code) {
try {
const user = await strapi.query('user', 'users-permissions').findOne({ resetPasswordToken: params.code });
const user = await strapi.query('user', 'users-permissions').findOne({ resetPasswordToken: params.code });
if (!user) {
ctx.status = 400;
return ctx.body = {
message: 'Incorrect code provided.'
};
}
// Delete the current code
user.resetPasswordToken = null;
user.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params);
// Update the user.
await strapi.query('user', 'users-permissions').update({
id: user.id,
values: user
});
ctx.status = 200;
return ctx.body = {
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
user: user
};
} catch (err) {
ctx.status = 500;
return ctx.body = {
message: err.message
};
if (!user) {
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.code.provide' }] }]);
}
// Delete the current code
user.resetPasswordToken = null;
user.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params);
// Update the user.
await strapi.query('user', 'users-permissions').update({
id: user.id,
values: user
});
ctx.send({
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
user: user
});
} else if (params.password && params.passwordConfirmation && params.password !== params.passwordConfirmation) {
ctx.status = 400;
return ctx.body = {
message: 'Passwords not matching.'
};
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.matching' }] }]);
} else {
ctx.status = 400;
return ctx.body = {
status: 'error',
message: 'Incorrect params provided.'
};
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.params.provide' }] }]);
}
}
};