Merge pull request #5580 from roelbeerens/feature/missing-auth-mutations

Added missing forgotPassword, changePassword and emailConfirmation mutations/resolvers

packages/strapi-plugin-users-permissions/config/schema.graphql.js

@@ -44,6 +44,10 @@ module.exports = {
       jwt: String!
       user: UsersPermissionsMe!
     }
+    
+    type ForgotPassword {
+      ok: Boolean
+    }
   `,
   query: `
     me: UsersPermissionsMe
@@ -51,6 +55,9 @@ module.exports = {
   mutation: `
     login(input: UsersPermissionsLoginInput!): UsersPermissionsLoginPayload!
     register(input: UserInput!): UsersPermissionsLoginPayload!
+    forgotPassword(email: String!): ForgotPassword
+    changePassword(password: String!, passwordConfirmation: String!, code: String!): UsersPermissionsLoginPayload
+    emailConfirmation(confirmation: String!): UsersPermissionsLoginPayload
   `,
   resolver: {
     Query: {
@@ -199,6 +206,56 @@ module.exports = {
           };
         },
       },
+      forgotPassword: {
+        description: 'Request a reset password token',
+        resolverOf: 'plugins::users-permissions.auth.forgotPassword',
+        resolver: async (obj, options, { context }) => {
+          context.request.body = _.toPlainObject(options);
+
+          await strapi.plugins['users-permissions'].controllers.auth.forgotPassword(context);
+          let output = context.body.toJSON ? context.body.toJSON() : context.body;
+
+          checkBadRequest(output);
+
+          return {
+            ok: output.ok || output
+          };
+        }
+      },
+      changePassword: {
+        description: 'Change your password based on a code',
+        resolverOf: 'plugins::users-permissions.auth.changePassword',
+        resolver: async (obj, options, { context }) => {
+          context.request.body = _.toPlainObject(options);
+
+          await strapi.plugins['users-permissions'].controllers.auth.changePassword(context);
+          let output = context.body.toJSON ? context.body.toJSON() : context.body;
+
+          checkBadRequest(output);
+
+          return {
+            user: output.user || output,
+            jwt: output.jwt
+          };
+        }
+      },
+      emailConfirmation: {
+        description: 'Confirm an email users email address',
+        resolverOf: 'plugins::users-permissions.auth.emailConfirmation',
+        resolver: async (obj, options, { context }) => {
+          context.query = _.toPlainObject(options);
+
+          await strapi.plugins['users-permissions'].controllers.auth.emailConfirmation(context, true);
+          let output = context.body.toJSON ? context.body.toJSON() : context.body;
+
+          checkBadRequest(output);
+
+          return {
+            user: output.user || output,
+            jwt: output.jwt
+          };
+        }
+      }
     },
   },
 };

packages/strapi-plugin-users-permissions/controllers/Auth.js

@@ -568,18 +568,28 @@ module.exports = {
     }
   },
 
-  async emailConfirmation(ctx) {
+  async emailConfirmation(ctx, returnUser) {
     const params = ctx.query;
 
     const decodedToken = await strapi.plugins['users-permissions'].services.jwt.verify(
       params.confirmation
     );
 
-    await strapi.plugins['users-permissions'].services.user.edit(
+    let user = await strapi.plugins['users-permissions'].services.user.edit(
       { id: decodedToken.id },
       { confirmed: true }
     );
 
+    if(returnUser) {
+      ctx.send({
+        jwt: strapi.plugins['users-permissions'].services.jwt.issue({
+          id: user.id
+        }),
+        user: sanitizeEntity(user.toJSON ? user.toJSON() : user, {
+          model: strapi.query('user', 'users-permissions').model
+        })
+      });
+    } else {
       const settings = await strapi
         .store({
           environment: '',
@@ -590,6 +600,7 @@ module.exports = {
         .get();
 
       ctx.redirect(settings.email_confirmation_redirection || '/');
+    }
   },
 
   async sendEmailConfirmation(ctx) {