diff --git a/packages/strapi-plugin-users-permissions/config/schema.graphql.js b/packages/strapi-plugin-users-permissions/config/schema.graphql.js index 40e87590ac..ca53141b8c 100644 --- a/packages/strapi-plugin-users-permissions/config/schema.graphql.js +++ b/packages/strapi-plugin-users-permissions/config/schema.graphql.js @@ -44,6 +44,10 @@ module.exports = { jwt: String! user: UsersPermissionsMe! } + + type ForgotPassword { + ok: Boolean + } `, query: ` me: UsersPermissionsMe @@ -51,6 +55,9 @@ module.exports = { mutation: ` login(input: UsersPermissionsLoginInput!): UsersPermissionsLoginPayload! register(input: UserInput!): UsersPermissionsLoginPayload! + forgotPassword(email: String!): ForgotPassword + changePassword(password: String!, passwordConfirmation: String!, code: String!): UsersPermissionsLoginPayload + emailConfirmation(confirmation: String!): UsersPermissionsLoginPayload `, resolver: { Query: { @@ -199,6 +206,56 @@ module.exports = { }; }, }, + forgotPassword: { + description: 'Request a reset password token', + resolverOf: 'plugins::users-permissions.auth.forgotPassword', + resolver: async (obj, options, { context }) => { + context.request.body = _.toPlainObject(options); + + await strapi.plugins['users-permissions'].controllers.auth.forgotPassword(context); + let output = context.body.toJSON ? context.body.toJSON() : context.body; + + checkBadRequest(output); + + return { + ok: output.ok || output + }; + } + }, + changePassword: { + description: 'Change your password based on a code', + resolverOf: 'plugins::users-permissions.auth.changePassword', + resolver: async (obj, options, { context }) => { + context.request.body = _.toPlainObject(options); + + await strapi.plugins['users-permissions'].controllers.auth.changePassword(context); + let output = context.body.toJSON ? context.body.toJSON() : context.body; + + checkBadRequest(output); + + return { + user: output.user || output, + jwt: output.jwt + }; + } + }, + emailConfirmation: { + description: 'Confirm an email users email address', + resolverOf: 'plugins::users-permissions.auth.emailConfirmation', + resolver: async (obj, options, { context }) => { + context.query = _.toPlainObject(options); + + await strapi.plugins['users-permissions'].controllers.auth.emailConfirmation(context, true); + let output = context.body.toJSON ? context.body.toJSON() : context.body; + + checkBadRequest(output); + + return { + user: output.user || output, + jwt: output.jwt + }; + } + } }, }, }; diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 3aae9b4b44..cb0b5f1a4a 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -568,28 +568,39 @@ module.exports = { } }, - async emailConfirmation(ctx) { + async emailConfirmation(ctx, returnUser) { const params = ctx.query; const decodedToken = await strapi.plugins['users-permissions'].services.jwt.verify( params.confirmation ); - await strapi.plugins['users-permissions'].services.user.edit( + let user = await strapi.plugins['users-permissions'].services.user.edit( { id: decodedToken.id }, { confirmed: true } ); - const settings = await strapi - .store({ - environment: '', - type: 'plugin', - name: 'users-permissions', - key: 'advanced', - }) - .get(); + if(returnUser) { + ctx.send({ + jwt: strapi.plugins['users-permissions'].services.jwt.issue({ + id: user.id + }), + user: sanitizeEntity(user.toJSON ? user.toJSON() : user, { + model: strapi.query('user', 'users-permissions').model + }) + }); + } else { + const settings = await strapi + .store({ + environment: '', + type: 'plugin', + name: 'users-permissions', + key: 'advanced', + }) + .get(); - ctx.redirect(settings.email_confirmation_redirection || '/'); + ctx.redirect(settings.email_confirmation_redirection || '/'); + } }, async sendEmailConfirmation(ctx) {