From eb64d8fe7d07770ac59c2173015710a56e792662 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Mon, 15 Jan 2018 11:29:38 +0100 Subject: [PATCH 01/18] Create email template config file --- .../.gitignore | 1 + .../admin/src/translations/en.json | 4 ++ .../admin/src/translations/fr.json | 4 ++ .../config/functions/bootstrap.js | 59 ++++++++++++++++++- 4 files changed, 67 insertions(+), 1 deletion(-) diff --git a/packages/strapi-plugin-users-permissions/.gitignore b/packages/strapi-plugin-users-permissions/.gitignore index 7ea1136652..c8e919a383 100755 --- a/packages/strapi-plugin-users-permissions/.gitignore +++ b/packages/strapi-plugin-users-permissions/.gitignore @@ -6,6 +6,7 @@ stats.json roles.json jwt.json grant.json +email.json # Cruft .DS_Store diff --git a/packages/strapi-plugin-users-permissions/admin/src/translations/en.json b/packages/strapi-plugin-users-permissions/admin/src/translations/en.json index cc91456dba..dd187a386d 100755 --- a/packages/strapi-plugin-users-permissions/admin/src/translations/en.json +++ b/packages/strapi-plugin-users-permissions/admin/src/translations/en.json @@ -122,6 +122,10 @@ "Policies.header.hint": "Select the application's actions or the plugin's actions and click on the cog icon to display the bounded route", "Policies.header.title": "Advanced settings", + "Email.template.validation_email": "", + "Email.template.reset_password": "", + "Email.template.success_register": "", + "PopUpForm.button.cancel": "Cancel", "PopUpForm.button.save": "Save", "PopUpForm.header.add.providers": "Add New Provider", diff --git a/packages/strapi-plugin-users-permissions/admin/src/translations/fr.json b/packages/strapi-plugin-users-permissions/admin/src/translations/fr.json index 480e0a122d..ae09579b41 100755 --- a/packages/strapi-plugin-users-permissions/admin/src/translations/fr.json +++ b/packages/strapi-plugin-users-permissions/admin/src/translations/fr.json @@ -122,6 +122,10 @@ "Policies.header.hint": "Sélectionnez les actions de l'application ou d'un plugin et cliquer sur l'icon de paramètres pour voir les routes associées à cette action", "Policies.header.title": "Paramètres avancés", + "Email.template.validation_email": "", + "Email.template.reset_password": "", + "Email.template.success_register": "", + "popUpForm.button.cancel": "Annuler", "popUpForm.button.save": "Sauvegarder", "popUpForm.header.add.providers": "Ajouter un Nouveau Provider", diff --git a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js index 36d416a654..b672773380 100644 --- a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js +++ b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js @@ -21,7 +21,7 @@ module.exports = cb => { jwtSecret }, null, 2), 'utf8'); - _.set(strapi.plugins['users-permissions'], 'config.jwtSecret', jwtSecret); + _.set(strapi.plugins['users-permissions'], 'config.jwtSecret', jwtSecret); } catch(err) { strapi.log.error(err); } @@ -67,6 +67,63 @@ module.exports = cb => { } } + if (!_.get(strapi.plugins['users-permissions'], 'config.email')) { + try { + const email = { + 'validation_email': { + enable: true, + display: 'Email.template.validation_email', + icon: 'envelope', + options: { + from: { + email: '', + name: '' + }, + respond: '', + object: '', + message: '' + } + }, + 'reset_password': { + enable: true, + display: 'Email.template.reset_password', + icon: 'refresh', + options: { + from: { + email: '', + name: '' + }, + respond: '', + object: '', + message: '' + } + }, + 'success_register': { + enable: true, + display: 'Email.template.success_register', + icon: 'check', + options: { + from: { + email: '', + name: '' + }, + respond: '', + object: '', + message: '' + } + } + }; + + fs.writeFileSync(path.join(strapi.config.appPath, 'plugins', 'users-permissions', 'config', 'email.json'), JSON.stringify({ + email + }, null, 2), 'utf8'); + + _.set(strapi.plugins['users-permissions'], 'config.email', email); + } catch(err) { + strapi.log.error(err); + } + } + strapi.plugins['users-permissions'].services.userspermissions.syncSchema(() => { strapi.plugins['users-permissions'].services.userspermissions.updatePermissions(cb); }); From 24d5a5116f466bc1468992d0c5e95d16f82e8a44 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Mon, 15 Jan 2018 11:59:10 +0100 Subject: [PATCH 02/18] Get email template --- .../config/functions/bootstrap.js | 6 +++--- .../strapi-plugin-users-permissions/config/routes.json | 9 +++++++++ .../controllers/UsersPermissions.js | 4 ++++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js index b672773380..9731d57faa 100644 --- a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js +++ b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js @@ -71,7 +71,7 @@ module.exports = cb => { try { const email = { 'validation_email': { - enable: true, + enabled: true, display: 'Email.template.validation_email', icon: 'envelope', options: { @@ -85,7 +85,7 @@ module.exports = cb => { } }, 'reset_password': { - enable: true, + enabled: true, display: 'Email.template.reset_password', icon: 'refresh', options: { @@ -99,7 +99,7 @@ module.exports = cb => { } }, 'success_register': { - enable: true, + enabled: true, display: 'Email.template.success_register', icon: 'check', options: { diff --git a/packages/strapi-plugin-users-permissions/config/routes.json b/packages/strapi-plugin-users-permissions/config/routes.json index 95b5c0e1ee..d8f0dc711c 100644 --- a/packages/strapi-plugin-users-permissions/config/routes.json +++ b/packages/strapi-plugin-users-permissions/config/routes.json @@ -64,6 +64,15 @@ "policies": [] } }, + { + "method": "GET", + "path": "/email-template", + "handler": "UsersPermissions.getEmailTemplate", + "config": { + "policies": [] + } + }, + { "method": "POST", diff --git a/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js b/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js index da6c037a06..e01500c0fc 100644 --- a/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js +++ b/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js @@ -145,5 +145,9 @@ module.exports = { } catch(error) { ctx.badRequest(null, [{ messages: [{ id: 'An error occurred' }] }]); } + }, + + getEmailTemplate: async (ctx) => { + ctx.send(strapi.plugins['users-permissions'].config.email); } }; From 7ab44d4b0f17402f4b1af2b23bd53bc3ff8c9314 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Mon, 15 Jan 2018 12:05:01 +0100 Subject: [PATCH 03/18] Update email template config --- .../config/routes.json | 8 ++++++++ .../controllers/UsersPermissions.js | 17 +++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/packages/strapi-plugin-users-permissions/config/routes.json b/packages/strapi-plugin-users-permissions/config/routes.json index d8f0dc711c..cebd68b71d 100644 --- a/packages/strapi-plugin-users-permissions/config/routes.json +++ b/packages/strapi-plugin-users-permissions/config/routes.json @@ -72,6 +72,14 @@ "policies": [] } }, + { + "method": "PUT", + "path": "/email-template", + "handler": "UsersPermissions.updateEmailTemplate", + "config": { + "policies": [] + } + }, { diff --git a/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js b/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js index e01500c0fc..fe5e5ac9f1 100644 --- a/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js +++ b/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js @@ -6,6 +6,9 @@ * @description: A set of functions called "actions" of the `users-permissions` plugin. */ +const path = require('path'); +const fs = require('fs'); + const _ = require('lodash'); module.exports = { @@ -149,5 +152,19 @@ module.exports = { getEmailTemplate: async (ctx) => { ctx.send(strapi.plugins['users-permissions'].config.email); + }, + + updateEmailTemplate: async (ctx) => { + if (_.isEmpty(ctx.request.body)) { + return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]); + } + + strapi.plugins['users-permissions'].config.email = ctx.request.body; + + fs.writeFileSync(path.join(strapi.config.appPath, 'plugins', 'users-permissions', 'config', 'email.json'), JSON.stringify({ + email: strapi.plugins['users-permissions'].config.email + }, null, 2), 'utf8'); + + return ctx.send({ ok: true }); } }; From 3a9cb9b453d896c7ab1fa91116bde15680f5e471 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Mon, 15 Jan 2018 14:50:53 +0100 Subject: [PATCH 04/18] Use email templte config reset password --- .../strapi-plugin-email/services/Email.js | 2 ++ .../config/functions/bootstrap.js | 13 +++++++----- .../controllers/Auth.js | 21 ++++++++++--------- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/packages/strapi-plugin-email/services/Email.js b/packages/strapi-plugin-email/services/Email.js index 44a9053985..18cced2725 100644 --- a/packages/strapi-plugin-email/services/Email.js +++ b/packages/strapi-plugin-email/services/Email.js @@ -17,6 +17,7 @@ module.exports = { // Default values. options = _.isObject(options) ? options : {}; options.from = options.from || '"Administration Panel" '; + options.replyTo = options.replyTo || '"Administration Panel" '; options.text = options.text || options.html; options.html = options.html || options.text; @@ -24,6 +25,7 @@ module.exports = { sendmail({ from: options.from, to: options.to, + replyTo: options.replyTo, subject: options.subject, text: options.text, html: options.html diff --git a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js index 9731d57faa..a48b9df357 100644 --- a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js +++ b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js @@ -71,7 +71,6 @@ module.exports = cb => { try { const email = { 'validation_email': { - enabled: true, display: 'Email.template.validation_email', icon: 'envelope', options: { @@ -85,7 +84,6 @@ module.exports = cb => { } }, 'reset_password': { - enabled: true, display: 'Email.template.reset_password', icon: 'refresh', options: { @@ -94,12 +92,17 @@ module.exports = cb => { name: '' }, respond: '', - object: '', - message: '' + object: '­Reset password 🔑 ', + message: `

We heard that you lost your password. Sorry about that!

+ +

But don’t worry! You can use the following link to reset your password:

+ +

<%= url %>?code=<%= token %>

+ +

Thanks.

` } }, 'success_register': { - enabled: true, display: 'Email.template.success_register', icon: 'check', options: { diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 896f125937..547300844a 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -117,21 +117,22 @@ module.exports = { // Set the property code. user.resetPasswordToken = resetPasswordToken; - // Send an email to the user. - const template = ` -

We heard that you lost your password. Sorry about that!

+ const settings = strapi.plugins['users-permissions'].config.email['reset_password'].options; -

But don’t worry! You can use the following link to reset your password:

- -

${url}?code=${resetPasswordToken}

- -

Thanks.

- `; + const compiled = _.template(settings.message); + const template = compiled({ + url, + user: _.omit(user.toJSON(), ['password', 'resetPasswordToken']), + token: resetPasswordToken + }); try { + // Send an email to the user. await strapi.plugins['email'].services.email.send({ to: user.email, - subject: '­Reset password 🔑 ', + from: (settings.from.email || settings.from.email) ? `"${settings.from.name}" <${settings.from.email}>` : undefined, + replyTo: settings.respond, + subject: settings.object, text: template, html: template }); From 02a89fbb5b6f530670f8072a17b40c3ce7336385 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Mon, 15 Jan 2018 15:01:21 +0100 Subject: [PATCH 05/18] Generate advanced configs --- .../strapi-plugin-users-permissions/.gitignore | 1 + .../config/functions/bootstrap.js | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/packages/strapi-plugin-users-permissions/.gitignore b/packages/strapi-plugin-users-permissions/.gitignore index c8e919a383..4b509dade9 100755 --- a/packages/strapi-plugin-users-permissions/.gitignore +++ b/packages/strapi-plugin-users-permissions/.gitignore @@ -6,6 +6,7 @@ stats.json roles.json jwt.json grant.json +advanced.json email.json # Cruft diff --git a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js index a48b9df357..467a316e74 100644 --- a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js +++ b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js @@ -127,6 +127,23 @@ module.exports = cb => { } } + if (!_.get(strapi.plugins['users-permissions'], 'config.advanced')) { + try { + const advanced = { + unique_email: true, + allow_register: true + }; + + fs.writeFileSync(path.join(strapi.config.appPath, 'plugins', 'users-permissions', 'config', 'advanced.json'), JSON.stringify({ + advanced + }, null, 2), 'utf8'); + + _.set(strapi.plugins['users-permissions'], 'config.advanced', advanced); + } catch(err) { + strapi.log.error(err); + } + } + strapi.plugins['users-permissions'].services.userspermissions.syncSchema(() => { strapi.plugins['users-permissions'].services.userspermissions.updatePermissions(cb); }); From 072dc10137ae22079bcd5938ad05a0bd8084b8f9 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Mon, 15 Jan 2018 15:19:59 +0100 Subject: [PATCH 06/18] Add registration restriction on provider and local register --- .../admin/src/translations/en.json | 2 ++ .../admin/src/translations/fr.json | 2 ++ .../strapi-plugin-users-permissions/controllers/Auth.js | 8 ++++++++ .../strapi-plugin-users-permissions/services/Providers.js | 4 ++++ 4 files changed, 16 insertions(+) diff --git a/packages/strapi-plugin-users-permissions/admin/src/translations/en.json b/packages/strapi-plugin-users-permissions/admin/src/translations/en.json index dd187a386d..e848840dac 100755 --- a/packages/strapi-plugin-users-permissions/admin/src/translations/en.json +++ b/packages/strapi-plugin-users-permissions/admin/src/translations/en.json @@ -126,6 +126,8 @@ "Email.template.reset_password": "", "Email.template.success_register": "", + "Auth.advanced.allow_register": "", + "PopUpForm.button.cancel": "Cancel", "PopUpForm.button.save": "Save", "PopUpForm.header.add.providers": "Add New Provider", diff --git a/packages/strapi-plugin-users-permissions/admin/src/translations/fr.json b/packages/strapi-plugin-users-permissions/admin/src/translations/fr.json index ae09579b41..493abd549e 100755 --- a/packages/strapi-plugin-users-permissions/admin/src/translations/fr.json +++ b/packages/strapi-plugin-users-permissions/admin/src/translations/fr.json @@ -126,6 +126,8 @@ "Email.template.reset_password": "", "Email.template.success_register": "", + "Auth.advanced.allow_register": "", + "popUpForm.button.cancel": "Annuler", "popUpForm.button.save": "Sauvegarder", "popUpForm.header.add.providers": "Ajouter un Nouveau Provider", diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 547300844a..9f2e1844eb 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -64,6 +64,10 @@ module.exports = { // Connect the user thanks to the third-party provider. const user = await strapi.plugins['users-permissions'].services.providers.connect(provider, access_token); + if (!strapi.plugins['users-permissions'].config.advanced.allow_register && !user) { + return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.advanced.allow_register' }] }] : 'Register action is actualy not available.'); + } + ctx.send({ jwt: strapi.plugins['users-permissions'].services.jwt.issue(user), user: _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']) @@ -147,6 +151,10 @@ module.exports = { }, register: async (ctx) => { + if (!strapi.plugins['users-permissions'].config.advanced.allow_register) { + return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.advanced.allow_register' }] }] : 'Register action is actualy not available.'); + } + const params = _.assign(ctx.request.body, { provider: 'local' }); diff --git a/packages/strapi-plugin-users-permissions/services/Providers.js b/packages/strapi-plugin-users-permissions/services/Providers.js index 5d3d3a2219..430a58fbe9 100644 --- a/packages/strapi-plugin-users-permissions/services/Providers.js +++ b/packages/strapi-plugin-users-permissions/services/Providers.js @@ -61,6 +61,10 @@ exports.connect = (provider, access_token) => { } else { strapi.query('user', 'users-permissions').findOne({email: profile.email}) .then(user => { + if (!strapi.plugins['users-permissions'].config.advanced.allow_register) { + return resolve(false); + } + if (!user) { // Create the new user. const params = _.assign(profile, { From 1b2897bd838865eaef446fed15c8343e64b6a096 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Mon, 15 Jan 2018 16:23:54 +0100 Subject: [PATCH 07/18] Get and update advanced settings --- .../config/routes.json | 16 ++++++++++++++++ .../controllers/UsersPermissions.js | 18 ++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/packages/strapi-plugin-users-permissions/config/routes.json b/packages/strapi-plugin-users-permissions/config/routes.json index cebd68b71d..68863e029d 100644 --- a/packages/strapi-plugin-users-permissions/config/routes.json +++ b/packages/strapi-plugin-users-permissions/config/routes.json @@ -80,6 +80,22 @@ "policies": [] } }, + { + "method": "GET", + "path": "/advanced", + "handler": "UsersPermissions.getAdvancedSettings", + "config": { + "policies": [] + } + }, + { + "method": "PUT", + "path": "/advanced", + "handler": "UsersPermissions.updateAdvancedSettings", + "config": { + "policies": [] + } + }, { diff --git a/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js b/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js index fe5e5ac9f1..f1be02211b 100644 --- a/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js +++ b/packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js @@ -165,6 +165,24 @@ module.exports = { email: strapi.plugins['users-permissions'].config.email }, null, 2), 'utf8'); + return ctx.send({ ok: true }); + }, + + getAdvancedSettings: async (ctx) => { + ctx.send(strapi.plugins['users-permissions'].config.advanced); + }, + + updateAdvancedSettings: async (ctx) => { + if (_.isEmpty(ctx.request.body)) { + return ctx.badRequest(null, [{ messages: [{ id: 'Cannot be empty' }] }]); + } + + strapi.plugins['users-permissions'].config.advanced = ctx.request.body; + + fs.writeFileSync(path.join(strapi.config.appPath, 'plugins', 'users-permissions', 'config', 'advanced.json'), JSON.stringify({ + email: strapi.plugins['users-permissions'].config.advanced + }, null, 2), 'utf8'); + return ctx.send({ ok: true }); } }; From 1bcae6c73e3d6a620ed93d2d0566558e0edcf35b Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Mon, 15 Jan 2018 17:58:11 +0100 Subject: [PATCH 08/18] Add unique email restriction on provider and local register --- .../controllers/Auth.js | 18 ++++++++++++--- .../models/User.settings.json | 1 - .../services/Providers.js | 22 +++++++++++++------ 3 files changed, 30 insertions(+), 11 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 9f2e1844eb..0163edef72 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -62,10 +62,10 @@ module.exports = { } } else { // Connect the user thanks to the third-party provider. - const user = await strapi.plugins['users-permissions'].services.providers.connect(provider, access_token); + const [user, error] = await strapi.plugins['users-permissions'].services.providers.connect(provider, access_token); - if (!strapi.plugins['users-permissions'].config.advanced.allow_register && !user) { - return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.advanced.allow_register' }] }] : 'Register action is actualy not available.'); + if (error) { + return ctx.badRequest(null, (error === 'array') ? (ctx.request.admin ? error[0] : error[1]) : error); } ctx.send({ @@ -182,6 +182,18 @@ module.exports = { params.password = await strapi.plugins['users-permissions'].services.user.hashPassword(params); + const user = await strapi.query('user', 'users-permissions').findOne({ + email: params.email + }); + + if (user && user.provider === params.provider) { + return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken' }] }] : 'Email is already taken.'); + } + + if (user && user.provider !== params.provider && strapi.plugins['users-permissions'].config.advanced.unique_email) { + return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken' }] }] : 'Email is already taken.'); + } + try { const user = await strapi.query('user', 'users-permissions').create(params); diff --git a/packages/strapi-plugin-users-permissions/models/User.settings.json b/packages/strapi-plugin-users-permissions/models/User.settings.json index 6ae2794ddf..6151eb6301 100644 --- a/packages/strapi-plugin-users-permissions/models/User.settings.json +++ b/packages/strapi-plugin-users-permissions/models/User.settings.json @@ -15,7 +15,6 @@ "email": { "type": "email", "minLength": 6, - "unique": true, "configurable": false, "required": true }, diff --git a/packages/strapi-plugin-users-permissions/services/Providers.js b/packages/strapi-plugin-users-permissions/services/Providers.js index 430a58fbe9..7fa0ff3f37 100644 --- a/packages/strapi-plugin-users-permissions/services/Providers.js +++ b/packages/strapi-plugin-users-permissions/services/Providers.js @@ -44,7 +44,7 @@ const linkedin = new Purest({ exports.connect = (provider, access_token) => { return new Promise((resolve, reject) => { if (!access_token) { - reject({ + reject(null, { message: 'No access_token.' }); } else { @@ -62,10 +62,18 @@ exports.connect = (provider, access_token) => { strapi.query('user', 'users-permissions').findOne({email: profile.email}) .then(user => { if (!strapi.plugins['users-permissions'].config.advanced.allow_register) { - return resolve(false); + return resolve([null, [{ messages: [{ id: 'Auth.advanced.allow_register' }] }], 'Register action is actualy not available.']); } - if (!user) { + if (user && user.provider === provider) { + return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); + } + + if (user && user.provider !== provider && strapi.plugins['users-permissions'].config.advanced.unique_email) { + return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); + } + + if (!user || _.get(user, 'provider') !== provider) { // Create the new user. const params = _.assign(profile, { provider: provider @@ -73,17 +81,17 @@ exports.connect = (provider, access_token) => { strapi.query('user', 'users-permissions').create(params) .then(user => { - resolve(user); + resolve([user, null]); }) .catch(err => { - reject(err); + reject([null, err]); }); } else { - resolve(user); + resolve([user, null]); } }) .catch(err => { - reject(err); + reject([null, err]); }); } } From b2e07979c7ebc85cdb872911e7797b48e93c9bba Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Thu, 18 Jan 2018 10:03:29 +0100 Subject: [PATCH 09/18] Template forgot password email object --- .../controllers/Auth.js | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 0163edef72..eb7deb85e5 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -123,22 +123,27 @@ module.exports = { const settings = strapi.plugins['users-permissions'].config.email['reset_password'].options; - const compiled = _.template(settings.message); - const template = compiled({ + const compiledMessage = _.template(settings.message); + const message = compiledMessage({ url, user: _.omit(user.toJSON(), ['password', 'resetPasswordToken']), token: resetPasswordToken }); + const compiledObject = _.template(settings.object); + const object = compiledObject({ + user: _.omit(user.toJSON(), ['password', 'resetPasswordToken']) + }); + try { // Send an email to the user. await strapi.plugins['email'].services.email.send({ to: user.email, from: (settings.from.email || settings.from.email) ? `"${settings.from.name}" <${settings.from.email}>` : undefined, replyTo: settings.respond, - subject: settings.object, - text: template, - html: template + subject: object, + text: message, + html: message }); } catch (err) { return ctx.badRequest(null, err); From 6ae2f6dfeeff27a24fce72fb45022fcbccfd862d Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Thu, 18 Jan 2018 14:10:26 +0100 Subject: [PATCH 10/18] Add unique email verification on user update --- .../controllers/User.js | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/packages/strapi-plugin-users-permissions/controllers/User.js b/packages/strapi-plugin-users-permissions/controllers/User.js index 15f1c242be..8d31e48e21 100644 --- a/packages/strapi-plugin-users-permissions/controllers/User.js +++ b/packages/strapi-plugin-users-permissions/controllers/User.js @@ -39,7 +39,7 @@ module.exports = { if (!user) { return ctx.badRequest(null, [{ messages: [{ id: 'No authorization header was found' }] }]); } - + const data = _.omit(user.toJSON ? user.toJSON() : user, ['password', 'resetPasswordToken']); // Send 200 `ok` @@ -98,6 +98,16 @@ module.exports = { delete ctx.request.body.role; } + if (ctx.request.body.email && strapi.plugins['users-permissions'].config.advanced.unique_email) { + const user = await strapi.query('user', 'users-permissions').findOne({ + email: ctx.request.body.email + }); + + if (user.id !== ctx.params.id) { + return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.taken' }] }] : 'Email is already taken.'); + } + } + const data = await strapi.plugins['users-permissions'].services.user.edit(ctx.params, ctx.request.body) ; // Send 200 `ok` From 5e8259af73c59b5afc5c797127a7c205b8b8f5ae Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Thu, 18 Jan 2018 15:45:02 +0100 Subject: [PATCH 11/18] Can disable a provider --- .../config/functions/bootstrap.js | 7 +++++++ .../middlewares/provider/index.js | 15 +++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js index 467a316e74..c2604476ca 100644 --- a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js +++ b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js @@ -30,24 +30,31 @@ module.exports = cb => { if (!_.get(strapi.plugins['users-permissions'], 'config.grant')) { try { const grant = { + local: { + enabled: true + }, facebook: { + enabled: false, key: '', secret: '', callback: '/auth/facebook/callback', scope: ['email'] }, google: { + enabled: false, key: '', secret: '', callback: '/auth/google/callback', scope: ['email'] }, github: { + enabled: false, key: '', secret: '', callback: '/auth/github/callback' }, linkedin2: { + enabled: false, key: '', secret: '', callback: '/auth/linkedin2/callback', diff --git a/packages/strapi-plugin-users-permissions/middlewares/provider/index.js b/packages/strapi-plugin-users-permissions/middlewares/provider/index.js index 25b518f413..5fdb4aee90 100644 --- a/packages/strapi-plugin-users-permissions/middlewares/provider/index.js +++ b/packages/strapi-plugin-users-permissions/middlewares/provider/index.js @@ -25,6 +25,21 @@ module.exports = strapi => { const grant = new Grant(strapi.plugins['users-permissions'].config.grant); + strapi.app.use(async (ctx, next) => { + if (_.startsWith(ctx.request.url, '/connect') && ctx.request.method === 'GET') { + const provider = _.last(ctx.request.url.split('/')); + const config = strapi.plugins['users-permissions'].config.grant[provider]; + + if (_.get(config, 'enabled')) { + await next(); + } else { + return ctx.badRequest(null, 'This provider is disabled.'); + } + } else { + await next(); + } + }); + strapi.app.use(mount(grant)); cb(); From f9920a4739e512ec9acd00ed46d4d2c832e117de Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Thu, 18 Jan 2018 16:01:52 +0100 Subject: [PATCH 12/18] Disable local provider --- packages/strapi-plugin-users-permissions/controllers/Auth.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index eb7deb85e5..c8833922fa 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -16,6 +16,10 @@ module.exports = { const access_token = ctx.query.access_token; if (provider === 'local') { + if (!_.get(strapi.plugins['users-permissions'].config.grant[provider], 'enabled') && !ctx.request.admin) { + return ctx.badRequest(null, 'This provider is disabled.'); + } + // The identifier is required. if (!params.identifier) { return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.provide' }] }] : 'Please provide your username or your e-mail.'); From 9ddd7f12a80771737f7d5fc387190e6e1d0c38ab Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Tue, 23 Jan 2018 11:32:40 +0100 Subject: [PATCH 13/18] Fix missing save conflict --- packages/strapi-bookshelf/package.json | 2 +- packages/strapi-ejs/package.json | 2 +- packages/strapi-generate-api/package.json | 2 +- packages/strapi-generate-controller/package.json | 2 +- packages/strapi-generate-model/package.json | 2 +- packages/strapi-generate-new/package.json | 2 +- packages/strapi-generate-plugin/package.json | 2 +- packages/strapi-generate-policy/package.json | 2 +- packages/strapi-generate-service/package.json | 2 +- packages/strapi-plugin-content-manager/package.json | 2 +- packages/strapi-plugin-email/package.json | 2 +- packages/strapi-plugin-settings-manager/package.json | 2 +- .../config/functions/bootstrap.js | 6 +----- packages/strapi-plugin-users-permissions/package.json | 2 +- 14 files changed, 14 insertions(+), 18 deletions(-) diff --git a/packages/strapi-bookshelf/package.json b/packages/strapi-bookshelf/package.json index dc107668b0..590c648289 100755 --- a/packages/strapi-bookshelf/package.json +++ b/packages/strapi-bookshelf/package.json @@ -55,4 +55,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-ejs/package.json b/packages/strapi-ejs/package.json index 8221d0f30d..bcc43f517e 100755 --- a/packages/strapi-ejs/package.json +++ b/packages/strapi-ejs/package.json @@ -46,4 +46,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-generate-api/package.json b/packages/strapi-generate-api/package.json index 0bbaa2a21f..a4b2a99851 100755 --- a/packages/strapi-generate-api/package.json +++ b/packages/strapi-generate-api/package.json @@ -43,4 +43,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-generate-controller/package.json b/packages/strapi-generate-controller/package.json index 6f38e7de43..1ec0a1c872 100755 --- a/packages/strapi-generate-controller/package.json +++ b/packages/strapi-generate-controller/package.json @@ -43,4 +43,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-generate-model/package.json b/packages/strapi-generate-model/package.json index 5c098933e9..65cd21fb4c 100755 --- a/packages/strapi-generate-model/package.json +++ b/packages/strapi-generate-model/package.json @@ -43,4 +43,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-generate-new/package.json b/packages/strapi-generate-new/package.json index b84b986c04..261f76f1be 100755 --- a/packages/strapi-generate-new/package.json +++ b/packages/strapi-generate-new/package.json @@ -48,4 +48,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-generate-plugin/package.json b/packages/strapi-generate-plugin/package.json index 0588cc1024..21250bd6ca 100755 --- a/packages/strapi-generate-plugin/package.json +++ b/packages/strapi-generate-plugin/package.json @@ -44,4 +44,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-generate-policy/package.json b/packages/strapi-generate-policy/package.json index 33fa26b59f..810bcfd27f 100755 --- a/packages/strapi-generate-policy/package.json +++ b/packages/strapi-generate-policy/package.json @@ -43,4 +43,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-generate-service/package.json b/packages/strapi-generate-service/package.json index 005be9e8cd..f65a53c7d3 100755 --- a/packages/strapi-generate-service/package.json +++ b/packages/strapi-generate-service/package.json @@ -43,4 +43,4 @@ "npm": ">= 5.3.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-content-manager/package.json b/packages/strapi-plugin-content-manager/package.json index 242c3e61d7..03b141eb78 100755 --- a/packages/strapi-plugin-content-manager/package.json +++ b/packages/strapi-plugin-content-manager/package.json @@ -47,4 +47,4 @@ "npm": ">= 3.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-email/package.json b/packages/strapi-plugin-email/package.json index 4cbdac0053..9e13dcac21 100644 --- a/packages/strapi-plugin-email/package.json +++ b/packages/strapi-plugin-email/package.json @@ -49,4 +49,4 @@ "npm": ">= 3.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-settings-manager/package.json b/packages/strapi-plugin-settings-manager/package.json index bd50a4be09..cbd06820c3 100755 --- a/packages/strapi-plugin-settings-manager/package.json +++ b/packages/strapi-plugin-settings-manager/package.json @@ -48,4 +48,4 @@ "npm": ">= 3.0.0" }, "license": "MIT" -} +} \ No newline at end of file diff --git a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js index a4ce01085f..a0be7e77f2 100644 --- a/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js +++ b/packages/strapi-plugin-users-permissions/config/functions/bootstrap.js @@ -57,12 +57,8 @@ module.exports = cb => { 'user:email' ] }, -<<<<<<< HEAD - linkedin2: { - enabled: false, -======= twitter: { ->>>>>>> eb1d1645fd14de170fb55d6ca4c570eb9c82733c + enabled: false, key: '', secret: '', callback: '/auth/twitter/callback' diff --git a/packages/strapi-plugin-users-permissions/package.json b/packages/strapi-plugin-users-permissions/package.json index 3d4315bd9b..09a921ee1a 100644 --- a/packages/strapi-plugin-users-permissions/package.json +++ b/packages/strapi-plugin-users-permissions/package.json @@ -1,6 +1,6 @@ { "name": "strapi-plugin-users-permissions", - "version": "3.0.0-alpha.8", + "version": "3.0.0-alpha.8.3", "description": "Protect your API with a full-authentication process based on JWT", "strapi": { "name": "Auth & Permissions", From a2d7ffce74a6b50d33a3c76db0ef35bba8d52061 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Thu, 25 Jan 2018 08:38:46 +0100 Subject: [PATCH 14/18] User service to template email --- .../controllers/Auth.js | 18 ++++++++---------- .../services/UsersPermissions.js | 5 +++++ 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index 562517c7e7..fdc54e20c8 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -126,27 +126,25 @@ module.exports = { const settings = strapi.plugins['users-permissions'].config.email['reset_password'].options; - const compiledMessage = _.template(settings.message); - const message = compiledMessage({ + settings.message = await strapi.plugins['users-permissions'].services.userspermissions.template(settings.message, { url, - user: _.omit(user.toJSON(), ['password', 'resetPasswordToken']), + user: _.omit(user.toJSON(), ['password', 'resetPasswordToken', 'role', 'provider']), token: resetPasswordToken }); - const compiledObject = _.template(settings.object); - const object = compiledObject({ - user: _.omit(user.toJSON(), ['password', 'resetPasswordToken']) + settings.object = await strapi.plugins['users-permissions'].services.userspermissions.template(settings.object, { + user: _.omit(user.toJSON(), ['password', 'resetPasswordToken', 'role', 'provider']) }); try { // Send an email to the user. await strapi.plugins['email'].services.email.send({ to: user.email, - from: (settings.from.email || settings.from.email) ? `"${settings.from.name}" <${settings.from.email}>` : undefined, + from: (settings.from.email || settings.from.name) ? `"${settings.from.name}" <${settings.from.email}>` : undefined, replyTo: settings.respond, - subject: object, - text: message, - html: message + subject: settings.object, + text: settings.message, + html: settings.message }); } catch (err) { return ctx.badRequest(null, err); diff --git a/packages/strapi-plugin-users-permissions/services/UsersPermissions.js b/packages/strapi-plugin-users-permissions/services/UsersPermissions.js index 7db58d8c3a..90bfa54fb1 100644 --- a/packages/strapi-plugin-users-permissions/services/UsersPermissions.js +++ b/packages/strapi-plugin-users-permissions/services/UsersPermissions.js @@ -345,5 +345,10 @@ ${commands} cb(); }); }); + }, + + template: (layout, data) => { + const compiledObject = _.template(layout); + return compiledObject(data); } }; From 4eb81abe5fb24c4cdbb955ed72c96d899a711a35 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Thu, 25 Jan 2018 08:54:17 +0100 Subject: [PATCH 15/18] Use async/await provider service --- .../middlewares/provider/index.js | 2 +- .../services/Providers.js | 26 ++++++++----------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/middlewares/provider/index.js b/packages/strapi-plugin-users-permissions/middlewares/provider/index.js index cdaf648aa6..b2155d1c25 100644 --- a/packages/strapi-plugin-users-permissions/middlewares/provider/index.js +++ b/packages/strapi-plugin-users-permissions/middlewares/provider/index.js @@ -26,7 +26,7 @@ module.exports = strapi => { strapi.app.use(async (ctx, next) => { if (_.startsWith(ctx.request.url, '/connect') && ctx.request.method === 'GET') { - const provider = _.last(ctx.request.url.split('/')); + const provider = ctx.request.url.split('/')[2]; const config = strapi.plugins['users-permissions'].config.grant[provider]; if (_.get(config, 'enabled')) { diff --git a/packages/strapi-plugin-users-permissions/services/Providers.js b/packages/strapi-plugin-users-permissions/services/Providers.js index 0495ea1d1b..b153cb521e 100644 --- a/packages/strapi-plugin-users-permissions/services/Providers.js +++ b/packages/strapi-plugin-users-permissions/services/Providers.js @@ -52,18 +52,19 @@ exports.connect = (provider, query) => { }); } else { // Get the profile. - getProfile(provider, query, (err, profile) => { + getProfile(provider, query, async (err, profile) => { if (err) { reject(err); } else { // We need at least the mail. if (!profile.email) { - reject({ + reject([{ message: 'Email was not available.' - }); + }, null]); } else { - strapi.query('user', 'users-permissions').findOne({email: profile.email}) - .then(user => { + try { + const user = await strapi.query('user', 'users-permissions').findOne({email: profile.email}); + if (!strapi.plugins['users-permissions'].config.advanced.allow_register) { return resolve([null, [{ messages: [{ id: 'Auth.advanced.allow_register' }] }], 'Register action is actualy not available.']); } @@ -82,20 +83,15 @@ exports.connect = (provider, query) => { provider: provider }); - strapi.query('user', 'users-permissions').create(params) - .then(user => { - resolve([user, null]); - }) - .catch(err => { - reject([null, err]); - }); + const createdUser = await strapi.query('user', 'users-permissions').create(params); + + resolve([createdUser, null]); } else { resolve([user, null]); } - }) - .catch(err => { + } catch (err) { reject([null, err]); - }); + } } } }); From 2b57c3e6de60a09a156553580b9550a0f2450ff9 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Thu, 25 Jan 2018 09:59:24 +0100 Subject: [PATCH 16/18] Move grant middleware in controller action --- .../config/routes.json | 9 ++++ .../controllers/Auth.js | 21 +++++++++ .../middlewares/provider/defaults.json | 5 -- .../middlewares/provider/index.js | 47 ------------------- 4 files changed, 30 insertions(+), 52 deletions(-) delete mode 100644 packages/strapi-plugin-users-permissions/middlewares/provider/defaults.json delete mode 100644 packages/strapi-plugin-users-permissions/middlewares/provider/index.js diff --git a/packages/strapi-plugin-users-permissions/config/routes.json b/packages/strapi-plugin-users-permissions/config/routes.json index 68863e029d..218fe15231 100644 --- a/packages/strapi-plugin-users-permissions/config/routes.json +++ b/packages/strapi-plugin-users-permissions/config/routes.json @@ -131,6 +131,15 @@ } }, + { + "method": "GET", + "path": "/connect/*", + "handler": "Auth.connect", + "config": { + "policies": [], + "prefix": "" + } + }, { "method": "POST", "path": "/auth/local", diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index fdc54e20c8..2d0f0e098c 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -8,6 +8,7 @@ const _ = require('lodash'); const crypto = require('crypto'); +const Grant = require('grant-koa'); module.exports = { callback: async (ctx) => { @@ -107,6 +108,26 @@ module.exports = { } }, + connect: async (ctx, next) => { + _.defaultsDeep(strapi.plugins['users-permissions'].config.grant, { + server: { + protocol: 'http', + host: 'localhost:1337' + } + }); + + const provider = ctx.request.url.split('/')[2]; + const config = strapi.plugins['users-permissions'].config.grant[provider]; + + if (!_.get(config, 'enabled')) { + return ctx.badRequest(null, 'This provider is disabled.'); + } + + const grant = new Grant(strapi.plugins['users-permissions'].config.grant); + + return strapi.koaMiddlewares.compose(grant.middleware)(ctx, next); + }, + forgotPassword: async (ctx) => { const { email, url } = ctx.request.body; diff --git a/packages/strapi-plugin-users-permissions/middlewares/provider/defaults.json b/packages/strapi-plugin-users-permissions/middlewares/provider/defaults.json deleted file mode 100644 index 621bacef88..0000000000 --- a/packages/strapi-plugin-users-permissions/middlewares/provider/defaults.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "provider": { - "enabled": true - } -} diff --git a/packages/strapi-plugin-users-permissions/middlewares/provider/index.js b/packages/strapi-plugin-users-permissions/middlewares/provider/index.js deleted file mode 100644 index b2155d1c25..0000000000 --- a/packages/strapi-plugin-users-permissions/middlewares/provider/index.js +++ /dev/null @@ -1,47 +0,0 @@ -'use strict'; - -/** - * Module dependencies - */ - -// Public node modules. -const _ = require('lodash'); -const Grant = require('grant-koa'); - -module.exports = strapi => { - return { - beforeInitialize: function() { - strapi.config.middleware.load.after.push('provider'); - }, - - initialize: function(cb) { - _.defaultsDeep(strapi.plugins['users-permissions'].config.grant, { - server: { - protocol: 'http', - host: 'localhost:1337' - } - }); - - const grant = new Grant(strapi.plugins['users-permissions'].config.grant); - - strapi.app.use(async (ctx, next) => { - if (_.startsWith(ctx.request.url, '/connect') && ctx.request.method === 'GET') { - const provider = ctx.request.url.split('/')[2]; - const config = strapi.plugins['users-permissions'].config.grant[provider]; - - if (_.get(config, 'enabled')) { - await next(); - } else { - return ctx.badRequest(null, 'This provider is disabled.'); - } - } else { - await next(); - } - }); - - strapi.app.use(strapi.koaMiddlewares.compose(grant.middleware)); - - cb(); - } - }; -}; From 64d3149876b4fa19bfc7f4904cfad4c9218d92d4 Mon Sep 17 00:00:00 2001 From: Jim Laurie Date: Thu, 25 Jan 2018 11:53:22 +0100 Subject: [PATCH 17/18] Fix PR feedback --- .../controllers/Auth.js | 3 +- .../package.json | 2 +- .../services/Providers.js | 92 +++++++++---------- 3 files changed, 49 insertions(+), 48 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/controllers/Auth.js b/packages/strapi-plugin-users-permissions/controllers/Auth.js index bd6bf26f07..85e9a4dec7 100644 --- a/packages/strapi-plugin-users-permissions/controllers/Auth.js +++ b/packages/strapi-plugin-users-permissions/controllers/Auth.js @@ -8,6 +8,7 @@ const _ = require('lodash'); const crypto = require('crypto'); +const Grant = require('grant-koa'); const emailRegExp = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; module.exports = { @@ -112,7 +113,7 @@ module.exports = { _.defaultsDeep(strapi.plugins['users-permissions'].config.grant, { server: { protocol: 'http', - host: 'localhost:1337' + host: `${strapi.config.currentEnvironment.server.host}:${strapi.config.currentEnvironment.server.port}` } }); diff --git a/packages/strapi-plugin-users-permissions/package.json b/packages/strapi-plugin-users-permissions/package.json index 09a921ee1a..63e3e687b7 100644 --- a/packages/strapi-plugin-users-permissions/package.json +++ b/packages/strapi-plugin-users-permissions/package.json @@ -55,4 +55,4 @@ "npm": ">= 3.0.0" }, "license": "MIT" -} \ No newline at end of file +} diff --git a/packages/strapi-plugin-users-permissions/services/Providers.js b/packages/strapi-plugin-users-permissions/services/Providers.js index b153cb521e..9119fc9957 100644 --- a/packages/strapi-plugin-users-permissions/services/Providers.js +++ b/packages/strapi-plugin-users-permissions/services/Providers.js @@ -47,55 +47,55 @@ exports.connect = (provider, query) => { return new Promise((resolve, reject) => { if (!access_token) { - reject(null, { + return reject(null, { message: 'No access_token.' }); - } else { - // Get the profile. - getProfile(provider, query, async (err, profile) => { - if (err) { - reject(err); - } else { - // We need at least the mail. - if (!profile.email) { - reject([{ - message: 'Email was not available.' - }, null]); - } else { - try { - const user = await strapi.query('user', 'users-permissions').findOne({email: profile.email}); - - if (!strapi.plugins['users-permissions'].config.advanced.allow_register) { - return resolve([null, [{ messages: [{ id: 'Auth.advanced.allow_register' }] }], 'Register action is actualy not available.']); - } - - if (user && user.provider === provider) { - return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); - } - - if (user && user.provider !== provider && strapi.plugins['users-permissions'].config.advanced.unique_email) { - return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); - } - - if (!user || _.get(user, 'provider') !== provider) { - // Create the new user. - const params = _.assign(profile, { - provider: provider - }); - - const createdUser = await strapi.query('user', 'users-permissions').create(params); - - resolve([createdUser, null]); - } else { - resolve([user, null]); - } - } catch (err) { - reject([null, err]); - } - } - } - }); } + + // Get the profile. + getProfile(provider, query, async (err, profile) => { + if (err) { + return reject(err); + } + + // We need at least the mail. + if (!profile.email) { + reject([{ + message: 'Email was not available.' + }, null]); + } else { + try { + const user = await strapi.query('user', 'users-permissions').findOne({email: profile.email}); + + if (!strapi.plugins['users-permissions'].config.advanced.allow_register) { + return resolve([null, [{ messages: [{ id: 'Auth.advanced.allow_register' }] }], 'Register action is actualy not available.']); + } + + if (user && user.provider === provider) { + return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); + } + + if (user && user.provider !== provider && strapi.plugins['users-permissions'].config.advanced.unique_email) { + return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); + } + + if (!user || _.get(user, 'provider') !== provider) { + // Create the new user. + const params = _.assign(profile, { + provider: provider + }); + + const createdUser = await strapi.query('user', 'users-permissions').create(params); + + return resolve([createdUser, null]); + } + + resolve([user, null]); + } catch (err) { + reject([null, err]); + } + } + }); }); }; From 01bb4cd0e2544c2fe969776e236d03fc7035c88f Mon Sep 17 00:00:00 2001 From: Jim LAURIE Date: Thu, 25 Jan 2018 12:26:09 +0100 Subject: [PATCH 18/18] Remove last else condition --- .../services/Providers.js | 59 +++++++++---------- 1 file changed, 29 insertions(+), 30 deletions(-) diff --git a/packages/strapi-plugin-users-permissions/services/Providers.js b/packages/strapi-plugin-users-permissions/services/Providers.js index 9119fc9957..e9b5887334 100644 --- a/packages/strapi-plugin-users-permissions/services/Providers.js +++ b/packages/strapi-plugin-users-permissions/services/Providers.js @@ -60,40 +60,39 @@ exports.connect = (provider, query) => { // We need at least the mail. if (!profile.email) { - reject([{ + return reject([{ message: 'Email was not available.' }, null]); - } else { - try { - const user = await strapi.query('user', 'users-permissions').findOne({email: profile.email}); + } + + try { + const user = await strapi.query('user', 'users-permissions').findOne({email: profile.email}); - if (!strapi.plugins['users-permissions'].config.advanced.allow_register) { - return resolve([null, [{ messages: [{ id: 'Auth.advanced.allow_register' }] }], 'Register action is actualy not available.']); - } - - if (user && user.provider === provider) { - return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); - } - - if (user && user.provider !== provider && strapi.plugins['users-permissions'].config.advanced.unique_email) { - return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); - } - - if (!user || _.get(user, 'provider') !== provider) { - // Create the new user. - const params = _.assign(profile, { - provider: provider - }); - - const createdUser = await strapi.query('user', 'users-permissions').create(params); - - return resolve([createdUser, null]); - } - - resolve([user, null]); - } catch (err) { - reject([null, err]); + if (!strapi.plugins['users-permissions'].config.advanced.allow_register) { + return resolve([null, [{ messages: [{ id: 'Auth.advanced.allow_register' }] }], 'Register action is actualy not available.']); } + + if (user && user.provider === provider) { + return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); + } + + if (user && user.provider !== provider && strapi.plugins['users-permissions'].config.advanced.unique_email) { + return resolve([null, [{ messages: [{ id: 'Auth.form.error.email.taken' }] }], 'Email is already taken.']); + } + + if (!user || _.get(user, 'provider') !== provider) { + // Create the new user. + const params = _.assign(profile, { + provider: provider + }); + + const createdUser = await strapi.query('user', 'users-permissions').create(params); + + return resolve([createdUser, null]); + } + resolve([user, null]); + } catch (err) { + reject([null, err]); } }); });