mirror of
https://github.com/strapi/strapi.git
synced 2025-08-25 09:08:52 +00:00
Update branch
Merge branch 'user-permissions' of github.com:strapi/strapi into user-permissions
This commit is contained in:
cyril lopez
commit
ec09ee6a28
File diff suppressed because one or more lines are too long
@ -82,6 +82,7 @@ function serverRestartWatcher(response) {
|
|||||||
// Set headers
|
// Set headers
|
||||||
options.headers = Object.assign({
|
options.headers = Object.assign({
|
||||||
'Content-Type': 'application/json',
|
'Content-Type': 'application/json',
|
||||||
|
'X-Forwarded-Host': 'strapi',
|
||||||
}, options.headers);
|
}, options.headers);
|
||||||
|
|
||||||
const token = auth.getToken();
|
const token = auth.getToken();
|
||||||
|
|||||||
@ -87,6 +87,7 @@ export default function request(url, options, shouldWatchServerRestart = false)
|
|||||||
// Set headers
|
// Set headers
|
||||||
optionsObj.headers = {
|
optionsObj.headers = {
|
||||||
'Content-Type': 'application/json',
|
'Content-Type': 'application/json',
|
||||||
|
'X-Forwarded-Host': 'strapi',
|
||||||
};
|
};
|
||||||
|
|
||||||
const token = auth.getToken();
|
const token = auth.getToken();
|
||||||
|
|||||||
@ -18,12 +18,12 @@ module.exports = {
|
|||||||
if (provider === 'local') {
|
if (provider === 'local') {
|
||||||
// The identifier is required.
|
// The identifier is required.
|
||||||
if (!params.identifier) {
|
if (!params.identifier) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.email.provide' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.email.provide' }] }] : 'Please provide your username or your e-mail.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// The password is required.
|
// The password is required.
|
||||||
if (!params.password) {
|
if (!params.password) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.provide' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.provide' }] }] : 'Please provide your password.');
|
||||||
}
|
}
|
||||||
|
|
||||||
const query = {};
|
const query = {};
|
||||||
@ -42,18 +42,18 @@ module.exports = {
|
|||||||
const user = await strapi.query('user', 'users-permissions').findOne(query);
|
const user = await strapi.query('user', 'users-permissions').findOne(query);
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.invalid' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.invalid' }] }] : 'Identifier or password invalid.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// The user never registered with the `local` provider.
|
// The user never registered with the `local` provider.
|
||||||
if (!user.password) {
|
if (!user.password) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.local' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.local' }] }] : 'This user never set a local password, please login thanks to the provider used during account creation.');
|
||||||
}
|
}
|
||||||
|
|
||||||
const validPassword = strapi.plugins['users-permissions'].services.user.validatePassword(params.password, user.password);
|
const validPassword = strapi.plugins['users-permissions'].services.user.validatePassword(params.password, user.password);
|
||||||
|
|
||||||
if (!validPassword) {
|
if (!validPassword) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.invalid' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.invalid' }] }] : 'Identifier or password invalid.');
|
||||||
} else {
|
} else {
|
||||||
ctx.send({
|
ctx.send({
|
||||||
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
|
jwt: strapi.plugins['users-permissions'].services.jwt.issue(user),
|
||||||
@ -75,13 +75,13 @@ module.exports = {
|
|||||||
|
|
||||||
// Password is required.
|
// Password is required.
|
||||||
if (!params.password) {
|
if (!params.password) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.provide' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.provide' }] }] : 'Please provide your password.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Throw an error if the password selected by the user
|
// Throw an error if the password selected by the user
|
||||||
// contains more than two times the symbol '$'.
|
// contains more than two times the symbol '$'.
|
||||||
if (strapi.plugins['users-permissions'].services.user.isHashed(params.password)) {
|
if (strapi.plugins['users-permissions'].services.user.isHashed(params.password)) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.format' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.format' }] }] : 'Your password can not contain more than three times the symbol `$`.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// First, check if the user is the first one to register as admin.
|
// First, check if the user is the first one to register as admin.
|
||||||
@ -120,7 +120,7 @@ module.exports = {
|
|||||||
|
|
||||||
// User not found.
|
// User not found.
|
||||||
if (!user) {
|
if (!user) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.user.not-exist' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.user.not-exist' }] }] : 'This email does not exist.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Generate random token.
|
// Generate random token.
|
||||||
@ -164,7 +164,7 @@ module.exports = {
|
|||||||
const user = await strapi.query('user', 'users-permissions').findOne({ resetPasswordToken: params.code });
|
const user = await strapi.query('user', 'users-permissions').findOne({ resetPasswordToken: params.code });
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.code.provide' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.code.provide' }] }] : 'Incorrect code provided.');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete the current code
|
// Delete the current code
|
||||||
@ -180,9 +180,9 @@ module.exports = {
|
|||||||
user: user
|
user: user
|
||||||
});
|
});
|
||||||
} else if (params.password && params.passwordConfirmation && params.password !== params.passwordConfirmation) {
|
} else if (params.password && params.passwordConfirmation && params.password !== params.passwordConfirmation) {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.password.matching' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.password.matching' }] }] : 'Passwords do not match.');
|
||||||
} else {
|
} else {
|
||||||
return ctx.badRequest(null, [{ messages: [{ id: 'Auth.form.error.params.provide' }] }]);
|
return ctx.badRequest(null, ctx.request.admin ? [{ messages: [{ id: 'Auth.form.error.params.provide' }] }] : 'Incorrect params provided.');
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|||||||
@ -47,6 +47,10 @@ module.exports = {
|
|||||||
values.provider = 'local';
|
values.provider = 'local';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!values.role) {
|
||||||
|
values.role = '1';
|
||||||
|
}
|
||||||
|
|
||||||
return strapi.query('user', 'users-permissions').create(values);
|
return strapi.query('user', 'users-permissions').create(values);
|
||||||
},
|
},
|
||||||
|
|
||||||
|
|||||||
@ -190,16 +190,18 @@ module.exports = {
|
|||||||
|
|
||||||
Service.writePermissions(appRoles);
|
Service.writePermissions(appRoles);
|
||||||
|
|
||||||
const diffUser = _.differenceBy(body.users, await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', {
|
const currentUsers = await strapi.query('user', 'users-permissions').find(strapi.utils.models.convertParams('user', {
|
||||||
role: roleId
|
role: roleId
|
||||||
})), 'id');
|
}));
|
||||||
|
|
||||||
_.forEach(diffUser, (user) => {
|
const userToAdd = _.differenceBy(body.users, currentUsers, 'id');
|
||||||
if (_.find(body.user, { id: user.id})) {
|
const userToRemove = _.differenceBy(currentUsers, body.users, 'id');
|
||||||
Service.updateUserRole(user, '1');
|
|
||||||
} else {
|
_.forEach(userToAdd, (user) => {
|
||||||
Service.updateUserRole(user, roleId);
|
Service.updateUserRole(user, roleId);
|
||||||
}
|
});
|
||||||
|
_.forEach(userToRemove, (user) => {
|
||||||
|
Service.updateUserRole(user, '1');
|
||||||
});
|
});
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -214,7 +216,7 @@ module.exports = {
|
|||||||
},
|
},
|
||||||
|
|
||||||
updateUserRole: async (user, role) => {
|
updateUserRole: async (user, role) => {
|
||||||
return await strapi.query('user', 'users-permissions').update({
|
await strapi.query('user', 'users-permissions').update({
|
||||||
_id: user._id || user.id,
|
_id: user._id || user.id,
|
||||||
role: role.toString()
|
role: role.toString()
|
||||||
});
|
});
|
||||||
|
|||||||
@ -6,12 +6,9 @@ const { parallel } = require('async');
|
|||||||
const { after, includes, indexOf, drop, dropRight, uniq, defaultsDeep, get, set, isEmpty, isUndefined, union, merge } = require('lodash');
|
const { after, includes, indexOf, drop, dropRight, uniq, defaultsDeep, get, set, isEmpty, isUndefined, union, merge } = require('lodash');
|
||||||
|
|
||||||
module.exports = async function() {
|
module.exports = async function() {
|
||||||
const accepted = Object.keys(this.plugins).map(url => `^\/${url}/`).concat([`^${get(this.config.currentEnvironment.server, 'admin.path', '/admin')}/`]);
|
|
||||||
|
|
||||||
// Set if is admin destination for middleware application.
|
// Set if is admin destination for middleware application.
|
||||||
// TODO: Use dynamic config for admin url.
|
|
||||||
this.app.use(async (ctx, next) => {
|
this.app.use(async (ctx, next) => {
|
||||||
ctx.request.admin = accepted.some(rx => new RegExp(rx).test(ctx.request.url));
|
ctx.request.admin = ctx.request.header['x-forwarded-host'] === 'strapi';
|
||||||
|
|
||||||
await next();
|
await next();
|
||||||
});
|
});
|
||||||
|
|||||||
@ -54,6 +54,7 @@ shell.cd('../strapi-plugin-users-permissions');
|
|||||||
shell.exec('npm install ../strapi-helper-plugin');
|
shell.exec('npm install ../strapi-helper-plugin');
|
||||||
shell.rm('-f', 'package-lock.json');
|
shell.rm('-f', 'package-lock.json');
|
||||||
shell.exec('npm link');
|
shell.exec('npm link');
|
||||||
|
shell.exec('npm run build');
|
||||||
|
|
||||||
shell.cd('../strapi-plugin-content-manager');
|
shell.cd('../strapi-plugin-content-manager');
|
||||||
shell.exec('npm install ../strapi-helper-plugin');
|
shell.exec('npm install ../strapi-helper-plugin');
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user