store emails in lowercase + add /api as prefix

2025-10-17 02:53:22 +00:00 · 2021-09-29 12:04:42 +02:00 · 2021-09-29 12:04:42 +02:00 · 32eb442cd5
commit 32eb442cd5
parent c0c6c2aeab
7 changed files with 36 additions and 28 deletions
--- a/packages/plugins/users-permissions/server/bootstrap/index.js
+++ b/packages/plugins/users-permissions/server/bootstrap/index.js
@ -26,7 +26,6 @@ module.exports = async ({ strapi }) => {

  await getService('users-permissions').initialize();

-  // TODO: adapt with new extension system
  if (!strapi.config.get('plugin.users-permissions.jwtSecret')) {
    const jwtSecret = uuid();
    strapi.config.set('plugin.users-permissions.jwtSecret', jwtSecret);
@ -39,6 +38,9 @@ module.exports = async ({ strapi }) => {

 const initGrant = async pluginStore => {
  const grantConfig = {
+    defaults: {
+      prefix: '/api/connect',
+    },
    email: {
      enabled: true,
      icon: 'envelope',
@ -48,7 +50,7 @@ const initGrant = async pluginStore => {
      icon: 'discord',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/discord/callback`,
+      callback: `${strapi.config.server.url}/api/auth/discord/callback`,
      scope: ['identify', 'email'],
    },
    facebook: {
@ -56,7 +58,7 @@ const initGrant = async pluginStore => {
      icon: 'facebook-square',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/facebook/callback`,
+      callback: `${strapi.config.server.url}/api/auth/facebook/callback`,
      scope: ['email'],
    },
    google: {
@ -64,7 +66,7 @@ const initGrant = async pluginStore => {
      icon: 'google',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/google/callback`,
+      callback: `${strapi.config.server.url}/api/auth/google/callback`,
      scope: ['email'],
    },
    github: {
@ -72,7 +74,7 @@ const initGrant = async pluginStore => {
      icon: 'github',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/github/callback`,
+      callback: `${strapi.config.server.url}/api/auth/github/callback`,
      scope: ['user', 'user:email'],
    },
    microsoft: {
@ -80,7 +82,7 @@ const initGrant = async pluginStore => {
      icon: 'windows',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/microsoft/callback`,
+      callback: `${strapi.config.server.url}/api/auth/microsoft/callback`,
      scope: ['user.read'],
    },
    twitter: {
@ -88,14 +90,14 @@ const initGrant = async pluginStore => {
      icon: 'twitter',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/twitter/callback`,
+      callback: `${strapi.config.server.url}/api/auth/twitter/callback`,
    },
    instagram: {
      enabled: false,
      icon: 'instagram',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/instagram/callback`,
+      callback: `${strapi.config.server.url}/api/auth/instagram/callback`,
      scope: ['user_profile'],
    },
    vk: {
@ -103,7 +105,7 @@ const initGrant = async pluginStore => {
      icon: 'vk',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/vk/callback`,
+      callback: `${strapi.config.server.url}/api/auth/vk/callback`,
      scope: ['email'],
    },
    twitch: {
@ -111,7 +113,7 @@ const initGrant = async pluginStore => {
      icon: 'twitch',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/twitch/callback`,
+      callback: `${strapi.config.server.url}/api/auth/twitch/callback`,
      scope: ['user:read:email'],
    },
    linkedin: {
@ -119,7 +121,7 @@ const initGrant = async pluginStore => {
      icon: 'linkedin',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/linkedin/callback`,
+      callback: `${strapi.config.server.url}/api/auth/linkedin/callback`,
      scope: ['r_liteprofile', 'r_emailaddress'],
    },
    cognito: {
@ -128,7 +130,7 @@ const initGrant = async pluginStore => {
      key: '',
      secret: '',
      subdomain: 'my.subdomain.com',
-      callback: `${strapi.config.server.url}/auth/cognito/callback`,
+      callback: `${strapi.config.server.url}/api/auth/cognito/callback`,
      scope: ['email', 'openid', 'profile'],
    },
    reddit: {
@ -137,7 +139,7 @@ const initGrant = async pluginStore => {
      key: '',
      secret: '',
      state: true,
-      callback: `${strapi.config.server.url}/auth/reddit/callback`,
+      callback: `${strapi.config.server.url}/api/auth/reddit/callback`,
      scope: ['identity'],
    },
    auth0: {
@ -146,7 +148,7 @@ const initGrant = async pluginStore => {
      key: '',
      secret: '',
      subdomain: 'my-tenant.eu',
-      callback: `${strapi.config.server.url}/auth/auth0/callback`,
+      callback: `${strapi.config.server.url}/api/auth/auth0/callback`,
      scope: ['openid', 'email', 'profile'],
    },
    cas: {
@ -154,7 +156,7 @@ const initGrant = async pluginStore => {
      icon: 'book',
      key: '',
      secret: '',
-      callback: `${strapi.config.server.url}/auth/cas/callback`,
+      callback: `${strapi.config.server.url}/api/auth/cas/callback`,
      scope: ['openid email'], // scopes should be space delimited
      subdomain: 'my.subdomain.com/cas',
    },
--- a/packages/plugins/users-permissions/server/controllers/auth.js
+++ b/packages/plugins/users-permissions/server/controllers/auth.js
@ -234,7 +234,7 @@ module.exports = {
      .get();

    const [requestPath] = ctx.request.url.split('?');
-    const provider = requestPath.split('/')[2];
+    const provider = requestPath.split('/connect/')[1].split('/')[0];

    if (!_.get(grantConfig[provider], 'enabled')) {
      return ctx.badRequest(null, 'This provider is disabled.');
--- a/packages/plugins/users-permissions/server/index.js
+++ b/packages/plugins/users-permissions/server/index.js
@ -3,7 +3,7 @@
 const register = require('./register');
 const bootstrap = require('./bootstrap');
 const contentTypes = require('./content-types');
-const policies = require('./policies');
+const middlewares = require('./middlewares');
 const services = require('./services');
 const routes = require('./routes');
 const controllers = require('./controllers');
@ -16,6 +16,6 @@ module.exports = () => ({
  routes,
  controllers,
  contentTypes,
-  policies,
+  middlewares,
  services,
 });
--- a/packages/plugins/users-permissions/server/middlewares/index.js
+++ b/packages/plugins/users-permissions/server/middlewares/index.js
--- a/packages/plugins/users-permissions/server/middlewares/rateLimit.js
+++ b/packages/plugins/users-permissions/server/middlewares/rateLimit.js
--- a/packages/plugins/users-permissions/server/routes/content-api/auth.js
+++ b/packages/plugins/users-permissions/server/routes/content-api/auth.js
@ -1,12 +1,14 @@
 'use strict';

+const { rateLimit } = require('../../middlewares');
+
 module.exports = [
  {
    method: 'GET',
    path: '/connect/(.*)',
    handler: 'auth.connect',
    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
+      middlewares: [rateLimit],
      prefix: '',
    },
  },
@ -15,7 +17,7 @@ module.exports = [
    path: '/auth/local',
    handler: 'auth.callback',
    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
+      middlewares: [rateLimit],
      prefix: '',
    },
  },
@ -24,7 +26,7 @@ module.exports = [
    path: '/auth/local/register',
    handler: 'auth.register',
    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
+      middlewares: [rateLimit],
      prefix: '',
    },
  },
@ -41,7 +43,7 @@ module.exports = [
    path: '/auth/forgot-password',
    handler: 'auth.forgotPassword',
    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
+      middlewares: [rateLimit],
      prefix: '',
    },
  },
@ -50,7 +52,7 @@ module.exports = [
    path: '/auth/reset-password',
    handler: 'auth.resetPassword',
    config: {
-      policies: ['plugin::users-permissions.rateLimit'],
+      middlewares: [rateLimit],
      prefix: '',
    },
  },
--- a/packages/plugins/users-permissions/server/services/providers.js
+++ b/packages/plugins/users-permissions/server/services/providers.js
@ -519,14 +519,16 @@ module.exports = ({ strapi }) => {
          return reject([null, err]);
        }

+        const email = _.toLower(profile.email);
+
        // We need at least the mail.
-        if (!profile.email) {
+        if (!email) {
          return reject([null, { message: 'Email was not available.' }]);
        }

        try {
          const users = await strapi.query('plugin::users-permissions.user').findMany({
-            where: { email: profile.email },
+            where: { email },
          });

          const advanced = await strapi
@ -564,11 +566,13 @@ module.exports = ({ strapi }) => {
            .findOne({ where: { type: advanced.default_role } });

          // Create the new user.
-          const params = _.assign(profile, {
+          const params = {
+            ...profile,
+            email, // overwrite with lowercased email
            provider,
            role: defaultRole.id,
            confirmed: true,
-          });
+          };

          const createdUser = await strapi
            .query('plugin::users-permissions.user')
@ -583,7 +587,7 @@ module.exports = ({ strapi }) => {
  };

  const buildRedirectUri = (provider = '') =>
-    `${getAbsoluteServerUrl(strapi.config)}/connect/${provider}/callback`;
+    `${getAbsoluteServerUrl(strapi.config)}/api/connect/${provider}/callback`;

  return {
    connect,