yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2026-01-08 05:04:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Register new user with hashed password

Browse Source
This commit is contained in:
Jim Laurie 2017-11-16 14:12:03 +01:00
parent 83050fcaa6
commit b0a2b61be4
10 changed files with 118 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/strapi-mongoose/lib/index.js
View File

@ -169,7 +169,7 @@ module.exports = function (strapi) {
// Parse every registered model.
_.forEach(models, (definition, model) => {
if (plugin) {
definition.globalId = _.upperFirst(_.camelCase(`${plugin}-${model}`));
definition.globalId = _.upperFirst(_.camelCase(_.get(strapi.config.hook.settings.mongoose.collections, mongooseUtils.toCollectionName(model)) ? `${plugin}-${model}` : model));
}
definition.globalName = _.upperFirst(_.camelCase(definition.globalId));

6
packages/strapi-plugin-users-permissions/config/queries/mongoose.js
View File

@ -24,19 +24,21 @@ module.exports = {
create: async function (params) {
const entry = await this.create(Object.keys(params.values).reduce((acc, current) => {
if (this._attributes[current].type) {
if (_.get(this._attributes, [current, 'type'])) {
acc[current] = params.values[current];
}
return acc;
}, {}));
return module.exports.update.call(this, {
await module.exports.update.call(this, {
[this.primaryKey]: entry[this.primaryKey],
values: _.merge({
id: entry[this.primaryKey]
}, params.values)
});
return entry;
},
update: async function (params) {

9
packages/strapi-plugin-users-permissions/config/routes.json
View File

@ -42,6 +42,15 @@
"prefix": ""
}
},
{
"method": "POST",
"path": "/auth/local/register",
"handler": "Auth.register",
"config": {
"policies": [],
"prefix": ""
}
},
{
"method": "GET",

50
packages/strapi-plugin-users-permissions/controllers/Auth.js
View File

@ -6,6 +6,8 @@
* @description: A set of functions called "actions" for managing `Auth`.
*/
const _ = require('lodash');
module.exports = {
callback: async (ctx) => {
const provider = ctx.params.provider || 'local';
@ -101,5 +103,53 @@ module.exports = {
};
}
}
},
register: async (ctx) => {
const params = _.assign(ctx.request.body, {
provider: 'local'
});
// Password is required.
if (!params.password) {
ctx.status = 400;
return ctx.body = {
message: 'Invalid password field.'
};
}
// Throw an error if the password selected by the user
// contains more than two times the symbol '$'.
if (strapi.plugins['users-permissions'].services.user.isHashed(params.password)) {
ctx.status = 400;
return ctx.body = {
message: 'Your password can not contain more than three times the symbol `$`.'
};
}
// First, check if the user is the first one to register.
try {
const usersCount = await strapi.query('user', 'users-permissions').count();
// Check if the user is the first to register
if (usersCount === 0) {
params.admin = true;
}
const user = await strapi.query('user', 'users-permissions').create({
values: params
});
ctx.status = 200;
ctx.body = {
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
user: user
};
} catch (err) {
ctx.status = 500;
return ctx.body = {
message: err.message
};
}
}
};

3
packages/strapi-plugin-users-permissions/controllers/UsersPermissions.js
View File

@ -1,13 +1,12 @@
'use strict';
const fakeData = require('../config/fakeData.json');
const _ = require('lodash');
/**
* UsersPermissions.js controller
*
* @description: A set of functions called "actions" of the `users-permissions` plugin.
*/
const fakeData = require('../config/fakeData.json');
const _ = require('lodash');
module.exports = {

9
packages/strapi-plugin-users-permissions/models/User.js
View File

@ -46,10 +46,11 @@ module.exports = {
// Before creating a value.
// Fired before `insert` query.
// beforeCreate: function (next) {
// // Use `this` to get your current object
// next();
// },
beforeCreate: async function (next) {
// Use `this` to get your current object
this.password = await strapi.plugins['users-permissions'].services.user.hashPassword(this);
next();
},
// After creating a value.
// Fired after `insert` query.

5
packages/strapi-plugin-users-permissions/package.json
View File

@ -23,7 +23,10 @@
"prepublish": "npm run build",
"postinstall": "node node_modules/strapi-helper-plugin/lib/internals/scripts/postinstall.js"
},
"dependencies": {},
"dependencies": {
"bcryptjs": "^2.4.3",
"jsonwebtoken": "^8.1.0"
},
"devDependencies": {
"cross-env": "^5.1.1",
"eslint": "^4.11.0",

19
packages/strapi-plugin-users-permissions/services/Jwt.js Normal file
View File

@ -0,0 +1,19 @@
'use strict';
/**
* Jwt.js service
*
* @description: A set of functions similar to controller's actions to avoid code duplication.
*/
const _ = require('lodash');
const jwt = require('jsonwebtoken');
module.exports = {
issue: (payload) => {
return jwt.sign(
_.clone(payload.toJSON()),
process.env.JWT_SECRET || _.get(strapi, 'api.user.config.jwtSecret') || 'oursecret'
);
}
};

25
packages/strapi-plugin-users-permissions/services/User.js
View File

@ -8,6 +8,7 @@
// Public dependencies.
const _ = require('lodash');
const bcrypt = require('bcryptjs');
module.exports = {
@ -90,5 +91,27 @@ module.exports = {
});
return data;
}
},
hashPassword: function (user) {
return new Promise((resolve) => {
user = user.toJSON();
if (!user.hasOwnProperty('password') || !user.password || this.isHashed(user.password)) {
resolve(null);
} else {
bcrypt.hash(user.password, 10, (err, hash) => {
resolve(hash)
});
}
});
},
isHashed: (password) => {
if (typeof password !== 'string' || !password) {
return false;
}
return password.split('$').length === 4;
},
};

2
packages/strapi/lib/Strapi.js
View File

@ -255,7 +255,7 @@ class Strapi extends EventEmitter {
const model = entity.toLowerCase();
const Model = get(strapi, ['models', model]) || get(strapi.plugins, [plugin, 'models', model]) || undefined;
const Model = get(strapi.plugins, [plugin, 'models', model]) || get(strapi, ['models', model]) || undefined;
if (!Model) {
return this.log.error(`The model ${model} can't be found.`);