From d0d70976c911486e8b33d3481b541db9554705d2 Mon Sep 17 00:00:00 2001 From: Luca Perret Date: Sat, 13 Jan 2018 00:20:43 +0100 Subject: [PATCH 1/8] feat(plugin-users-permissions): auth email case-insensitive --- packages/strapi-plugin-users-permissions/controllers/Auth.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 5ab1d66e73..5270836daa 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -32,10 +32,11 @@ module.exports = { const isEmail = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(params.identifier); // Set the identifier to the appropriate query field. + const identifier = params.identifier.toLowerCase(); if (isEmail) { - query.email = params.identifier; + query.email = identifier; } else { - query.username = params.identifier; + query.username = identifier; } // Check if the user exists. From 2816863cfc7629d13cc34c32d257d143118e1613 Mon Sep 17 00:00:00 2001 From: Luca Perret Date: Sat, 13 Jan 2018 09:20:39 +0100 Subject: [PATCH 2/8] fix(plugin-users-permissions): auth register lower case identifier --- packages/strapi-plugin-users-permissions/controllers/Auth.js | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 5270836daa..21dc179af7 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -169,6 +169,7 @@ module.exports = { params.role = '1'; } + params.identifier = values.identifier.toLowerCase(); params.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params); try { From 0641c7b279500a6d4024a33990c8a981e690869f Mon Sep 17 00:00:00 2001 From: Luca Perret Date: Sat, 13 Jan 2018 09:22:09 +0100 Subject: [PATCH 3/8] fix(plugin-users-permissions): undefined value --- packages/strapi-plugin-users-permissions/controllers/Auth.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 21dc179af7..fe14f428da 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -169,7 +169,7 @@ module.exports = { params.role = '1'; } - params.identifier = values.identifier.toLowerCase(); + params.identifier = params.identifier.toLowerCase(); params.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params); try { From 4de3abe9e93ccfc767308eeaf8200774c2154a94 Mon Sep 17 00:00:00 2001 From: Luca Perret Date: Thu, 18 Jan 2018 23:37:16 +0100 Subject: [PATCH 4/8] fix(mongoose): unescaped character in username/password --- packages/strapi-mongoose/lib/index.js | 5 ++++- packages/strapi-mongoose/lib/utils/connectivity.js | 7 ++++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/packages/strapi-mongoose/lib/index.js b/packages/strapi-mongoose/lib/index.js index 0b1cf3ba84..fa4ca380db 100755 --- a/packages/strapi-mongoose/lib/index.js +++ b/packages/strapi-mongoose/lib/index.js @@ -46,7 +46,10 @@ module.exports = function (strapi) { if (_.isEmpty(username) || _.isEmpty(password)) { instance.connect(`mongodb://${host}:${port}/${database}`); } else { - instance.connect(`mongodb://${username}:${password}@${host}:${port}/${database}`); + instance.connect(`mongodb://${host}:${port}/${database}`, { + user: username, + pass: password + }); } // Handle error diff --git a/packages/strapi-mongoose/lib/utils/connectivity.js b/packages/strapi-mongoose/lib/utils/connectivity.js index cedafdf697..2eee67a812 100644 --- a/packages/strapi-mongoose/lib/utils/connectivity.js +++ b/packages/strapi-mongoose/lib/utils/connectivity.js @@ -10,7 +10,12 @@ const logger = require('strapi-utils').logger; module.exports = (scope, success, error) => { const Mongoose = require(path.resolve(`${scope.rootPath}/node_modules/mongoose`)); - Mongoose.connect(`mongodb://${ (scope.database.settings.username && scope.database.settings.password) ? `${scope.database.settings.username}:${scope.database.settings.password}@` : '' }${scope.database.settings.host}:${scope.database.settings.port}/${scope.database.settings.database}`, function (err) { + const connectOptions = {} + if (scope.database.settings.username && scope.database.settings.password) { + connectOptions.user = scope.database.settings.username + connectOptions.pass = scope.database.settings.password + } + Mongoose.connect(`mongodb://${scope.database.settings.host}:${scope.database.settings.port}/${scope.database.settings.database}`, connectOptions, function (err) { if (err) { logger.warn('Database connection has failed! Make sure your database is running.'); return error(); From d17a50dd87d2b73cff40b5d0ef253d4f513a38d6 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 23 Jan 2018 07:23:15 +0100 Subject: [PATCH 5/8] fix(mongoose): allow to connect without password --- packages/strapi-mongoose/lib/index.js | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/strapi-mongoose/lib/index.js b/packages/strapi-mongoose/lib/index.js index fa4ca380db..6bef5d61e5 100755 --- a/packages/strapi-mongoose/lib/index.js +++ b/packages/strapi-mongoose/lib/index.js @@ -43,14 +43,14 @@ module.exports = function (strapi) { const { host, port, username, password, database } = _.defaults(connection.settings, strapi.config.hook.settings.mongoose); // Connect to mongo database - if (_.isEmpty(username) || _.isEmpty(password)) { - instance.connect(`mongodb://${host}:${port}/${database}`); - } else { - instance.connect(`mongodb://${host}:${port}/${database}`, { - user: username, - pass: password - }); + const connectOptions = {} + if (!_.isEmpty(username)) { + connectOptions.user = username } + if (!_.isEmpty(password)) { + connectOptions.pass = password + } + instance.connect(`mongodb://${host}:${port}/${database}`, connectOptions); // Handle error instance.connection.on('error', error => { From ec106bce41247875322e63e823607aded0efadbd Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 23 Jan 2018 07:26:00 +0100 Subject: [PATCH 6/8] fix(mongoose): allow to connect without password --- packages/strapi-mongoose/lib/utils/connectivity.js | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/packages/strapi-mongoose/lib/utils/connectivity.js b/packages/strapi-mongoose/lib/utils/connectivity.js index 2eee67a812..3fd6e6592b 100644 --- a/packages/strapi-mongoose/lib/utils/connectivity.js +++ b/packages/strapi-mongoose/lib/utils/connectivity.js @@ -9,11 +9,14 @@ const logger = require('strapi-utils').logger; module.exports = (scope, success, error) => { const Mongoose = require(path.resolve(`${scope.rootPath}/node_modules/mongoose`)); - + + const { username, password } = scope.database.settings const connectOptions = {} - if (scope.database.settings.username && scope.database.settings.password) { - connectOptions.user = scope.database.settings.username - connectOptions.pass = scope.database.settings.password + if (username) { + connectOptions.user = username + if (password) { + connectOptions.pass = password + } } Mongoose.connect(`mongodb://${scope.database.settings.host}:${scope.database.settings.port}/${scope.database.settings.database}`, connectOptions, function (err) { if (err) { From 97da3ba12d2b343fa40ff5472533a370ed35713c Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 23 Jan 2018 07:26:57 +0100 Subject: [PATCH 7/8] fix(mongoose): password require username --- packages/strapi-mongoose/lib/index.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/strapi-mongoose/lib/index.js b/packages/strapi-mongoose/lib/index.js index 6bef5d61e5..29aad1cbb9 100755 --- a/packages/strapi-mongoose/lib/index.js +++ b/packages/strapi-mongoose/lib/index.js @@ -46,9 +46,9 @@ module.exports = function (strapi) { const connectOptions = {} if (!_.isEmpty(username)) { connectOptions.user = username - } - if (!_.isEmpty(password)) { - connectOptions.pass = password + if (!_.isEmpty(password)) { + connectOptions.pass = password + } } instance.connect(`mongodb://${host}:${port}/${database}`, connectOptions); From adc532cf742d4b76a0523dfb32c19d8d46fc76a8 Mon Sep 17 00:00:00 2001 From: Luca Date: Tue, 23 Jan 2018 13:35:51 +0100 Subject: [PATCH 8/8] feat(plugin-users-permissions): lowercase email --- .../controllers/Auth.js | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index fe14f428da..8b6d14abbf 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -8,6 +8,7 @@ const _ = require('lodash'); const crypto = require('crypto'); +const emailRegExp = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; module.exports = { callback: async (ctx) => { @@ -29,14 +30,13 @@ module.exports = { const query = {}; // Check if the provided identifier is an email or not. - const isEmail = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/.test(params.identifier); + const isEmail = emailRegExp.test(params.identifier); // Set the identifier to the appropriate query field. - const identifier = params.identifier.toLowerCase(); if (isEmail) { - query.email = identifier; + query.email = params.identifier.toLowerCase(); } else { - query.username = identifier; + query.username = params.identifier; } // Check if the user exists. @@ -169,7 +169,11 @@ module.exports = { params.role = '1'; } - params.identifier = params.identifier.toLowerCase(); + // Check if the provided identifier is an email or not. + const isEmail = emailRegExp.test(params.identifier); + if (isEmail) { + params.identifier = params.identifier.toLowerCase(); + } params.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params); try {