From 2570e27238f00710b99d2fa0ea18f2765c9ba771 Mon Sep 17 00:00:00 2001
From: Roel Beerens <roel@gravity.nl>
Date: Mon, 23 Mar 2020 17:57:54 +0100
Subject: [PATCH] feat: Added missing forgotPassword, changePassword and
 emailConfirmation mutations/resolvers. Made a slight adjustment to the
 emailConfirmation controller function in Auth.js to return a
 UsersPermissionsLoginPayload when using GraphQL

Signed-off-by: Roel Beerens <roel@gravity.nl>
---
 .../config/schema.graphql.js                  | 57 +++++++++++++++++++
 .../controllers/Auth.js                       | 33 +++++++----
 2 files changed, 79 insertions(+), 11 deletions(-)

diff --git a/packages/strapi-plugin-users-permissions/config/schema.graphql.js b/packages/strapi-plugin-users-permissions/config/schema.graphql.js
index 40e87590ac..ca53141b8c 100644
--- a/packages/strapi-plugin-users-permissions/config/schema.graphql.js
+++ b/packages/strapi-plugin-users-permissions/config/schema.graphql.js
@@ -44,6 +44,10 @@ module.exports = {
       jwt: String!
       user: UsersPermissionsMe!
     }
+    
+    type ForgotPassword {
+      ok: Boolean
+    }
   `,
   query: `
     me: UsersPermissionsMe
@@ -51,6 +55,9 @@ module.exports = {
   mutation: `
     login(input: UsersPermissionsLoginInput!): UsersPermissionsLoginPayload!
     register(input: UserInput!): UsersPermissionsLoginPayload!
+    forgotPassword(email: String!): ForgotPassword
+    changePassword(password: String!, passwordConfirmation: String!, code: String!): UsersPermissionsLoginPayload
+    emailConfirmation(confirmation: String!): UsersPermissionsLoginPayload
   `,
   resolver: {
     Query: {
@@ -199,6 +206,56 @@ module.exports = {
           };
         },
       },
+      forgotPassword: {
+        description: 'Request a reset password token',
+        resolverOf: 'plugins::users-permissions.auth.forgotPassword',
+        resolver: async (obj, options, { context }) => {
+          context.request.body = _.toPlainObject(options);
+
+          await strapi.plugins['users-permissions'].controllers.auth.forgotPassword(context);
+          let output = context.body.toJSON ? context.body.toJSON() : context.body;
+
+          checkBadRequest(output);
+
+          return {
+            ok: output.ok || output
+          };
+        }
+      },
+      changePassword: {
+        description: 'Change your password based on a code',
+        resolverOf: 'plugins::users-permissions.auth.changePassword',
+        resolver: async (obj, options, { context }) => {
+          context.request.body = _.toPlainObject(options);
+
+          await strapi.plugins['users-permissions'].controllers.auth.changePassword(context);
+          let output = context.body.toJSON ? context.body.toJSON() : context.body;
+
+          checkBadRequest(output);
+
+          return {
+            user: output.user || output,
+            jwt: output.jwt
+          };
+        }
+      },
+      emailConfirmation: {
+        description: 'Confirm an email users email address',
+        resolverOf: 'plugins::users-permissions.auth.emailConfirmation',
+        resolver: async (obj, options, { context }) => {
+          context.query = _.toPlainObject(options);
+
+          await strapi.plugins['users-permissions'].controllers.auth.emailConfirmation(context, true);
+          let output = context.body.toJSON ? context.body.toJSON() : context.body;
+
+          checkBadRequest(output);
+
+          return {
+            user: output.user || output,
+            jwt: output.jwt
+          };
+        }
+      }
     },
   },
 };
diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js
index 3aae9b4b44..cb0b5f1a4a 100644
--- a/packages/strapi-plugin-users-permissions/controllers/Auth.js
+++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js
@@ -568,28 +568,39 @@ module.exports = {
     }
   },
 
-  async emailConfirmation(ctx) {
+  async emailConfirmation(ctx, returnUser) {
     const params = ctx.query;
 
     const decodedToken = await strapi.plugins['users-permissions'].services.jwt.verify(
       params.confirmation
     );
 
-    await strapi.plugins['users-permissions'].services.user.edit(
+    let user = await strapi.plugins['users-permissions'].services.user.edit(
       { id: decodedToken.id },
       { confirmed: true }
     );
 
-    const settings = await strapi
-      .store({
-        environment: '',
-        type: 'plugin',
-        name: 'users-permissions',
-        key: 'advanced',
-      })
-      .get();
+    if(returnUser) {
+      ctx.send({
+        jwt: strapi.plugins['users-permissions'].services.jwt.issue({
+          id: user.id
+        }),
+        user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
+          model: strapi.query('user', 'users-permissions').model
+        })
+      });
+    } else {
+      const settings = await strapi
+        .store({
+          environment: '',
+          type: 'plugin',
+          name: 'users-permissions',
+          key: 'advanced',
+        })
+        .get();
 
-    ctx.redirect(settings.email_confirmation_redirection || '/');
+      ctx.redirect(settings.email_confirmation_redirection || '/');
+    }
   },
 
   async sendEmailConfirmation(ctx) {