Update branch

Merge branch 'user-permissions' of github.com:strapi/strapi into user-permissions

packages/strapi-helper-plugin/lib/src/utils/request.js

@@ -82,6 +82,7 @@ function serverRestartWatcher(response) {
    // Set headers
    options.headers = Object.assign({
      'Content-Type': 'application/json',
+     'X-Forwarded-Host': 'strapi',
    }, options.headers);
 
    const token = auth.getToken();

packages/strapi-plugin-settings-manager/admin/src/utils/request.js

@@ -87,6 +87,7 @@ export default function request(url, options, shouldWatchServerRestart = false)
   // Set headers
   optionsObj.headers = {
     'Content-Type': 'application/json',
+    'X-Forwarded-Host': 'strapi',
   };
 
   const token = auth.getToken();

packages/strapi-plugin-users-permissions/config/roles.json

@@ -521,4 +521,4 @@
       }
     }
   }
-}
+}

packages/strapi-plugin-users-permissions/controllers/Auth.js

@@ -18,12 +18,12 @@ module.exports = {
     if (provider === 'local') {
       // The identifier is required.
       if (!params.identifier) {
-        return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.email.provide' }] }]);
+        return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.provide' }] }] : 'Please provide your username or your e-mail.');
       }
 
       // The password is required.
       if (!params.password) {
-        return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.provide' }] }]);
+        return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.provide' }] }] : 'Please provide your password.');
       }
 
       const query = {};
@@ -42,18 +42,18 @@ module.exports = {
       const user = await strapi.query('user', 'users-permissions').findOne(query);
 
       if (!user) {
-        return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.invalid' }] }]);
+        return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.invalid' }] }] : 'Identifier or password invalid.');
       }
 
       // The user never registered with the `local` provider.
       if (!user.password) {
-        return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.local' }] }]);
+        return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.local' }] }] : 'This user never set a local password, please login thanks to the provider used during account creation.');
       }
 
       const validPassword = strapi.plugins['users-permissions'].services.user.validatePassword(params.password, user.password);
 
       if (!validPassword) {
-        return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.invalid' }] }]);
+        return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.invalid' }] }] : 'Identifier or password invalid.');
       } else {
         ctx.send({
           jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
@@ -75,13 +75,13 @@ module.exports = {
 
     // Password is required.
     if (!params.password) {
-      return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.provide' }] }]);
+      return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.provide' }] }] : 'Please provide your password.');
     }
 
     // Throw an error if the password selected by the user
     // contains more than two times the symbol '$'.
     if (strapi.plugins['users-permissions'].services.user.isHashed(params.password)) {
-      return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.format' }] }]);
+      return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.format' }] }] : 'Your password can not contain more than three times the symbol `$`.');
     }
 
     // First, check if the user is the first one to register as admin.
@@ -120,7 +120,7 @@ module.exports = {
 
     // User not found.
     if (!user) {
-      return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.user.not-exist' }] }]);
+      return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.user.not-exist' }] }] : 'This email does not exist.');
     }
 
     // Generate random token.
@@ -164,7 +164,7 @@ module.exports = {
       const user = await strapi.query('user', 'users-permissions').findOne({ resetPasswordToken: params.code });
 
       if (!user) {
-        return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.code.provide' }] }]);
+        return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.code.provide' }] }] : 'Incorrect code provided.');
       }
 
       // Delete the current code
@@ -180,9 +180,9 @@ module.exports = {
         user: user
       });
     } else if (params.password && params.passwordConfirmation && params.password !== params.passwordConfirmation) {
-      return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.matching' }] }]);
+      return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.matching' }] }] : 'Passwords do not match.');
     } else {
-      return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.params.provide' }] }]);
+      return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.params.provide' }] }] : 'Incorrect params provided.');
     }
   }
 };

packages/strapi-plugin-users-permissions/services/User.js

@@ -47,6 +47,10 @@ module.exports = {
       values.provider = 'local';
     }
 
+    if (!values.role) {
+      values.role = '1';
+    }
+
     return strapi.query('user', 'users-permissions').create(values);
   },
 

packages/strapi-plugin-users-permissions/services/UsersPermissions.js

@@ -190,16 +190,18 @@ module.exports = {
 
     Service.writePermissions(appRoles);
 
-    const diffUser = _.differenceBy(body.users, await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', {
+    const currentUsers = await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', {
       role: roleId
-    })), 'id');
+    }));
 
-    _.forEach(diffUser, (user) => {
-      if (_.find(body.user, { id: user.id})) {
-        Service.updateUserRole(user, '1');
-      } else {
-        Service.updateUserRole(user, roleId);
-      }
+    const userToAdd = _.differenceBy(body.users, currentUsers, 'id');
+    const userToRemove = _.differenceBy(currentUsers, body.users, 'id');
+
+    _.forEach(userToAdd, (user) => {
+      Service.updateUserRole(user, roleId);
+    });
+    _.forEach(userToRemove, (user) => {
+      Service.updateUserRole(user, '1');
     });
   },
 
@@ -214,7 +216,7 @@ module.exports = {
   },
 
   updateUserRole: async (user, role) => {
-    return await strapi.query('user', 'users-permissions').update({
+    await strapi.query('user', 'users-permissions').update({
       _id: user._id || user.id,
       role: role.toString()
     });

packages/strapi/lib/middlewares/index.js

@@ -6,12 +6,9 @@ const { parallel } = require('async');
 const { after, includes, indexOf, drop, dropRight, uniq, defaultsDeep, get, set, isEmpty, isUndefined, union, merge } = require('lodash');
 
 module.exports = async function() {
-  const accepted = Object.keys(this.plugins).map(url => `^\/${url}/`).concat([`^${get(this.config.currentEnvironment.server, 'admin.path', '/admin')}/`]);
-
   // Set if is admin destination for middleware application.
-  // TODO: Use dynamic config for admin url.
   this.app.use(async (ctx, next) => {
-    ctx.request.admin = accepted.some(rx => new RegExp(rx).test(ctx.request.url));
+    ctx.request.admin = ctx.request.header['x-forwarded-host'] === 'strapi';
 
     await next();
   });

scripts/setup.js

@@ -54,6 +54,7 @@ shell.cd('../strapi-plugin-users-permissions');
 shell.exec('npm install ../strapi-helper-plugin');
 shell.rm('-f', 'package-lock.json');
 shell.exec('npm link');
+shell.exec('npm run build');
 
 shell.cd('../strapi-plugin-content-manager');
 shell.exec('npm install ../strapi-helper-plugin');