yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-12-29 08:04:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into fix/beta.18_migration

Browse Source
This commit is contained in:
Jim LAURIE 2019-12-26 14:51:14 +01:00 committed by GitHub
commit 505cbb7674
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 227 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/.vuepress/config.js
View File

@ -197,6 +197,7 @@ module.exports = {
'/3.0.0-beta.x/guides/process-manager',
'/3.0.0-beta.x/guides/jwt-validation',
'/3.0.0-beta.x/guides/api-token',
'/3.0.0-beta.x/guides/auth-request',
'/3.0.0-beta.x/guides/error-catching',
'/3.0.0-beta.x/guides/secure-your-app',
'/3.0.0-beta.x/guides/external-data',

172
docs/3.0.0-beta.x/guides/auth-request.md Normal file
View File

@ -0,0 +1,172 @@
# Authenticated request
In this guide you will see how you can request the API as an authenticated user.
## Introduction
To show you many of the concepts on the [roles and permissions](../plugins/users-permissions.md#manage-roles-permissions) part, we will use many users and roles.
After that we will see the [authentication workflow](../plugins/users-permissions.md#authentication) to get a `JWT` and use it for an API request.
We will have one group of users that will be able to only fetch **Articles** and an other group that will be able to fetch, create and update **Articles**.
## Setup
### Create Content Type
Lets create a new Content Type **Article**
- Click on `Content Type Builder` in the left menu
- Then `+ Create new content-type`
- Fill `Display name` with `article`
- Create 2 fields
- **Text** short named `title`
- **Rich text** named `content`
- And save this new Content Type
Then create some **Articles** from the Content Manager.
### Create Roles & Permissions
We will create 2 new groups to manage available actions for different kind of users.
- Click on `Roles & Permissions` in the left menu
- Then `+ Add New Role`
- Fill `name` with `Author`
- Check `Select All` for the Application Article Content Type.
- And save the new role
And repeat the opperation for the `Reader` group and check `find`, `findOne` and `count`.
### Create users
Finally create **2 users** with the following data.
**User 1**
- **username**: author
- **email**: author@strapi.io
- **password**: strapi
- **role**: Author
**User 2**
- **username**: reader
- **email**: reader@strapi.io
- **password**: strapi
- **role**: Reader
## Login as a Reader
To login as a user your will have to follow the [login documentation](../plugins/users-permissions.md#login).
Here is the API route for the authentication `/auth/local`.
You have to request it in **POST**.
:::: tabs
::: tab axios
```js
import axios from 'axios';
const { data } = await axios.post('http://localhost:1337/auth/local', {
identifier: 'reader@strapi.io',
password: 'strapi',
});
console.log(data);
```
:::
::: tab Postman
If you are using **Postman** for example you will have to set the `body` as `raw` with the `JSON (application/json)` type.
```json
{
"identifier": "reader@strapi.io",
"password": "strapi"
}
```
:::
::::
The API response contains the **user's JWT** in the `jwt` key.
```json
{
"jwt": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNTc2OTM4MTUwLCJleHAiOjE1Nzk1MzAxNTB9.UgsjjXkAZ-anD257BF7y1hbjuY3ogNceKfTAQtzDEsU",
"user": {
"id": 1,
"username": "reader",
...
}
}
```
You will have to store this `JWT` in your application, it's important because you will have to use it the next requests.
### Fetch articles
Let's fetch Articles you created.
To do so, you will have to fetch `/articles` route in **GET**.
```js
import axios from 'axios';
const { data } = await axios.get('http://localhost:1337/articles');
console.log(data);
```
Here you should receive a **403 error** because you are not allowed, as Public user, to access to the **articles**.
You should use the `JWT` in the request to say that you can access to this data as **Reader user**.
```js
import axios from 'axios';
const { data } = await axios.get('http://localhost:1337/articles', {
headers: {
Authorization:
'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNTc2OTM4MTUwLCJleHAiOjE1Nzk1MzAxNTB9.UgsjjXkAZ-anD257BF7y1hbjuY3ogNceKfTAQtzDEsU',
},
});
console.log(data);
```
And tada you have access to the data.
### Create an Article
To do so, you will have to request the `/articles` route in **POST**.
```js
import axios from 'axios';
const {data} = await axios
.get('http://localhost:1337/articles', {
data: {
title: 'my article'
content: 'my super article content'
},
headers: {
'Authorization': 'Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwiaWF0IjoxNTc2OTM4MTUwLCJleHAiOjE1Nzk1MzAxNTB9.UgsjjXkAZ-anD257BF7y1hbjuY3ogNceKfTAQtzDEsU'
}
});
console.log(data);
```
If you request this as a **Reader user**, you will receive a **403 error**. It's because the **Reader role** does not have access to the create function of the **Article** Content Type.
To fix that you will have to login with the **Author user** and use its `JWT` into the request to create an **Article**.
With that done, you will be able to create an **Article**.

39
docs/3.0.0-beta.x/plugins/email.md
View File

@ -111,3 +111,42 @@ If you want to create your own provider without publishing it on **npm** you can
```
- Finally, run `yarn install` or `npm install` to install your new custom provider.
## Trouble shooting
You received an `Auth.form.error.email.invalid` error even though the email is valid and exists in the database.
Here is the error response you get from the API.
```json
{
"statusCode": 400,
"error": "Bad Request",
"message": [
{
"messages": [
{
"id": "Auth.form.error.email.invalid"
}
]
}
]
}
```
This error is due to your IP connection. By default, Strapi uses the [`sendmail`](https://github.com/guileen/node-sendmail) package.
This package sends an email from the server it runs on. Depending on the network you are on, the connection to the SMTP server could fail.
Here is the `sendmail` error.
```
Error: SMTP code:550 msg:550-5.7.1 [87.88.179.13] The IP you're using to send mail is not authorized to
550-5.7.1 send email directly to our servers. Please use the SMTP relay at your
550-5.7.1 service provider instead. Learn more at
550 5.7.1 https://support.google.com/mail/?p=NotAuthorizedError 30si2132728pjz.75 - gsmtp
```
To fix it, I suggest you to use another email provider that uses third party to send emails.
When using a third party provider, you avoid having to setup a mail server on your server and get extra features such as email analytics.

1
packages/strapi-plugin-content-type-builder/admin/src/containers/FormModal/utils/forms.js
View File

@ -343,6 +343,7 @@ const forms = {
},
],
[fields.divider],
[fields.private],
[fields.required],
[fields.unique],
];

12
packages/strapi-plugin-content-type-builder/admin/src/containers/FormModal/utils/staticFields.js
View File

@ -82,6 +82,18 @@ const fields = {
},
validations: {},
},
private: {
autoFocus: false,
name: 'private',
type: 'checkbox',
label: {
id: getTrad('form.attribute.item.privateField'),
},
description: {
id: getTrad('form.attribute.item.privateField.description'),
},
validations: {},
},
unique: {
autoFocus: false,
name: 'unique',

2
packages/strapi-plugin-content-type-builder/admin/src/translations/en.json
View File

@ -77,6 +77,8 @@
"form.attribute.item.requiredField": "Required field",
"form.attribute.item.requiredField.description": "You won't be able to create an entry if this field is empty",
"form.attribute.item.settings.name": "Settings",
"form.attribute.item.privateField": "Private field",
"form.attribute.item.privateField.description": "This field will not show up in the API response",
"form.attribute.item.uniqueField": "Unique field",
"form.attribute.item.uniqueField.description": "You won't be able to create an entry if there is an existing entry with identical content",
"form.attribute.media.option.multiple": "Multiple media",