Update branch

Merge branch 'auth-provider/configs' of github.com:strapi/strapi into auth-provider/configs-front

packages/strapi-plugin-content-manager/package.json

@@ -2,27 +2,6 @@
   "name": "strapi-plugin-content-manager",
   "version": "3.0.0-alpha.8.3",
   "description": "A powerful UI to easily manage your data.",
-  "engines": {
-    "node": ">= 8.0.0",
-    "npm": ">= 5.3.0"
-  },
-  "author": {
-    "email": "hi@strapi.io",
-    "name": "Strapi team",
-    "url": "http://strapi.io"
-  },
-  "maintainers": [
-    {
-      "name": "Strapi team",
-      "email": "hi@strapi.io",
-      "url": "http://strapi.io"
-    }
-  ],
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/strapi/strapi.git"
-  },
-  "license": "MIT",
   "strapi": {
     "name": "Content Manager",
     "icon": "plug",
@@ -46,5 +25,26 @@
   "devDependencies": {
     "react-select": "^1.0.0-rc.5",
     "strapi-helper-plugin": "3.0.0-alpha.8.3"
+  },
+  "author": {
+    "name": "Strapi team",
+    "email": "hi@strapi.io",
+    "url": "http://strapi.io"
+  },
+  "maintainers": [
+    {
+      "name": "Strapi team",
+      "email": "hi@strapi.io",
+      "url": "http://strapi.io"
     }
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/strapi/strapi.git"
+  },
+  "engines": {
+    "node": ">= 8.0.0",
+    "npm": ">= 3.0.0"
+  },
+  "license": "MIT"
 }

packages/strapi-plugin-content-type-builder/package.json

@@ -42,6 +42,10 @@
       "url": "http://strapi.io"
     }
   ],
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/strapi/strapi.git"
+  },
   "engines": {
     "node": ">= 8.0.0",
     "npm": ">= 3.0.0"

packages/strapi-plugin-email/package.json

@@ -29,17 +29,21 @@
     "strapi-helper-plugin": "3.0.0-alpha.8.3"
   },
   "author": {
-    "name": "A Strapi developer",
+    "name": "Strapi team",
-    "email": "",
+    "email": "hi@strapi.io",
-    "url": ""
+    "url": "http://strapi.io"
   },
   "maintainers": [
     {
-      "name": "A Strapi developer",
+      "name": "Strapi team",
-      "email": "",
+      "email": "hi@strapi.io",
-      "url": ""
+      "url": "http://strapi.io"
     }
   ],
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/strapi/strapi.git"
+  },
   "engines": {
     "node": ">= 7.0.0",
     "npm": ">= 3.0.0"

packages/strapi-plugin-settings-manager/package.json

@@ -39,6 +39,10 @@
       "url": "http://strapi.io"
     }
   ],
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/strapi/strapi.git"
+  },
   "engines": {
     "node": ">= 8.0.0",
     "npm": ">= 3.0.0"

packages/strapi-plugin-users-permissions/config/functions/bootstrap.js

@@ -55,17 +55,18 @@ module.exports = cb => {
           icon: 'github',
           key: '',
           secret: '',
-          callback: '/auth/github/callback'
+          redirect_uri: '/auth/google/callback',
+          scope: [
+            'user',
+            'user:email'
+          ]
         },
-        linkedin2: {
+        twitter: {
           enabled: false,
           icon: 'linkedin',
           key: '',
           secret: '',
-          callback: '/auth/linkedin2/callback',
+          callback: '/auth/twitter/callback'
-          custom_params: {
-            'state': ''
-          }
         }
       };
 

packages/strapi-plugin-users-permissions/controllers/Auth.js

@@ -13,7 +13,6 @@ module.exports = {
   callback: async (ctx) => {
     const provider = ctx.params.provider || 'local';
     const params = ctx.request.body;
-    const access_token = ctx.query.access_token;
 
     if (provider === 'local') {
       if (!_.get(strapi.plugins['users-permissions'].config.grant['email'], 'enabled') && !ctx.request.admin) {
@@ -66,7 +65,7 @@ module.exports = {
       }
     } else {
       // Connect the user thanks to the third-party provider.
-      const [user, error] = await strapi.plugins['users-permissions'].services.providers.connect(provider, access_token);
+      const [user, error] = await strapi.plugins['users-permissions'].services.providers.connect(provider, ctx.query);
 
       if (error) {
         return ctx.badRequest(null, (error === 'array') ? (ctx.request.admin ? error[0] : error[1]) : error);

packages/strapi-plugin-users-permissions/middlewares/provider/index.js

@@ -7,7 +7,6 @@
 // Public node modules.
 const _ = require('lodash');
 const Grant = require('grant-koa');
-const mount = require('koa-mount');
 
 module.exports = strapi => {
   return {
@@ -40,7 +39,7 @@ module.exports = strapi => {
         }
       });
 
-      strapi.app.use(mount(grant));
+      strapi.app.use(strapi.koaMiddlewares.compose(grant.middleware));
 
       cb();
     }

packages/strapi-plugin-users-permissions/package.json

@@ -1,7 +1,7 @@
 {
   "name": "strapi-plugin-users-permissions",
   "version": "3.0.0-alpha.8.3",
-  "description": "This is the description of the plugin.",
+  "description": "Protect your API with a full-authentication process based on JWT",
   "strapi": {
     "name": "Auth & Permissions",
     "icon": "users",
@@ -27,7 +27,6 @@
     "grant-koa": "^3.8.1",
     "jsonwebtoken": "^8.1.0",
     "koa": "^2.1.0",
-    "koa-mount": "^3.0.0",
     "purest": "^2.0.1",
     "request": "^2.83.0",
     "uuid": "^3.1.0"
@@ -47,6 +46,10 @@
       "url": "http://strapi.io"
     }
   ],
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/strapi/strapi.git"
+  },
   "engines": {
     "node": ">= 7.0.0",
     "npm": ">= 3.0.0"

packages/strapi-plugin-users-permissions/services/Providers.js

@@ -6,6 +6,7 @@
 
 // Public node modules.
 const _ = require('lodash');
+const request = require('request');
 
 // Purest strategies.
 const Purest = require('purest');
@@ -27,8 +28,8 @@ const google = new Purest({
   provider: 'google'
 });
 
-const linkedin = new Purest({
+const twitter = new Purest({
-  provider: 'linkedin'
+  provider: 'twitter'
 });
 
 /**
@@ -41,7 +42,9 @@ const linkedin = new Purest({
  * @return  {*}
  */
 
-exports.connect = (provider, access_token) => {
+exports.connect = (provider, query) => {
+  const access_token = query.access_token || query.code || query.oauth_token;
+
   return new Promise((resolve, reject) => {
     if (!access_token) {
       reject(null, {
@@ -49,7 +52,7 @@ exports.connect = (provider, access_token) => {
       });
     } else {
       // Get the profile.
-      getProfile(provider, access_token, (err, profile) => {
+      getProfile(provider, query, (err, profile) => {
         if (err) {
           reject(err);
         } else {
@@ -107,8 +110,9 @@ exports.connect = (provider, access_token) => {
  * @param {Function} callback
  */
 
-const getProfile = (provider, access_token, callback) => {
+const getProfile = (provider, query, callback) => {
-  let fields;
+  const access_token = query.access_token || query.code || query.oauth_token;
+
   switch (provider) {
     case 'facebook':
       facebook.query().get('me?fields=name,email').auth(access_token).request((err, res, body) => {
@@ -135,7 +139,15 @@ const getProfile = (provider, access_token, callback) => {
       });
       break;
     case 'github':
-      github.query().get('user').auth(access_token).request((err, res, body) => {
+      request.post({
+        url: 'https://github.com/login/oauth/access_token',
+        form: {
+          client_id: strapi.plugins['users-permissions'].config.grant.github.key,
+          client_secret: strapi.plugins['users-permissions'].config.grant.github.secret,
+          code: access_token
+        }
+      }, (err, res, body) => {
+        github.query().get('user').auth(body.split('&')[0].split('=')[1]).request((err, res, body) => {
           if (err) {
             callback(err);
           } else {
@@ -145,18 +157,16 @@ const getProfile = (provider, access_token, callback) => {
             });
           }
         });
+      });
       break;
-    case 'linkedin2':
+    case 'twitter':
-      fields = [
+      twitter.query().get('account/verify_credentials').auth(access_token, query.access_secret).qs({screen_name: query['raw[screen_name]']}).qs({include_email: 'true'}).request((err, res, body) => {
-        'public-profile-url', 'email-address'
-      ];
-      linkedin.query().select('people/~:(' + fields.join() + ')?format=json').auth(access_token).request((err, res, body) => {
         if (err) {
           callback(err);
         } else {
           callback(null, {
-            username: substr(body.publicProfileUrl.lastIndexOf('/') + 1),
+            username: body.screen_name,
-            email: body.emailAddress
+            email: body.email
           });
         }
       });

packages/strapi/lib/core/middlewares.js

@@ -110,7 +110,7 @@ module.exports = function() {
             return reject(err);
           }
 
-          mountMiddlewares.call(this, files, cwd)(resolve, reject);
+          mountMiddlewares.call(this, files, cwd, true)(resolve, reject);
         }
       );
     })
@@ -154,13 +154,13 @@ const requireMiddlewares = function (files, cwd) {
     );
 };
 
-const mountMiddlewares = function (files, cwd) {
+const mountMiddlewares = function (files, cwd, isPlugin) {
   return (resolve, reject) =>
     parallel(
       files.map(p => cb => {
         const folders = p.replace(/^.\/node_modules\/strapi-middleware-/, './')
           .split('/');
-        const name = folders[folders.length - 2];
+        const name = isPlugin ? folders[folders.length - 2] : folders[1];
 
         this.middleware[name] = this.middleware[name] || {
           loaded: false