From fc4cef992686e18a9709fddc497c3f7300d3c89e Mon Sep 17 00:00:00 2001
From: Jim LAURIE <j.laurie6993@gmail.com>
Date: Fri, 22 May 2020 10:34:38 +0200
Subject: [PATCH] fix: fix pr feedback

Signed-off-by: Jim LAURIE <j.laurie6993@gmail.com>
---
 .../3.0.0-beta.x/plugins/users-permissions.md | 25 +++++++++++++++----
 .../config/{jwt.json => security.json}        |  2 ++
 .../services/Jwt.js                           |  3 +--
 3 files changed, 23 insertions(+), 7 deletions(-)
 rename packages/strapi-plugin-users-permissions/config/{jwt.json => security.json} (63%)

diff --git a/docs/3.0.0-beta.x/plugins/users-permissions.md b/docs/3.0.0-beta.x/plugins/users-permissions.md
index 8a4264e68a..f8ae3aad86 100644
--- a/docs/3.0.0-beta.x/plugins/users-permissions.md
+++ b/docs/3.0.0-beta.x/plugins/users-permissions.md
@@ -48,11 +48,6 @@ To change the default role, go to the `Advanced settings` tab and update the `De
 
 A jwt token may be used for making permission-restricted API requests. To make an API request as a user, place the jwt token into an `Authorization` header of the GET request. A request without a token, will assume the `public` role permissions by default. Modify the permissions of each user's role in admin dashboard. Authentication failures return a 401 (unauthorized) error.
 
-### JWT Configuration
-
-You can fully configure the JWT Configuration options by modifying the file in `strapi-plugin-users-permissions/config/jwt.json`.
-For example you can change the expiration date of the JWT token, or you can set the time when the JWT token will start to be valid.
-
 #### Usage
 
 - The `token` variable is the `data.jwt` received when logging in or registering.
@@ -79,6 +74,26 @@ axios
   });
 ```
 
+### JWT configuration
+
+You can configure option for the JWT generation by creating `extensions/users-permissions/config/security.json` file.
+We are using [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken) to generate the JWT.
+
+Available options:
+
+- `expiresIn`: expressed in seconds or a string describing a time span zeit/ms.<br>
+  Eg: 60, "2 days", "10h", "7d". A numeric value is interpreted as a seconds count. If you use a string be sure you provide the time units (days, hours, etc), otherwise milliseconds unit is used by default ("120" is equal to "120ms").
+
+**Path —** `extensions/users-permissions/config/security.json`
+
+```json
+{
+  "jwt": {
+    "expiresIn": "1d"
+  }
+}
+```
+
 ### Registration
 
 Creates a new user in the database with a default role as 'registered'.
diff --git a/packages/strapi-plugin-users-permissions/config/jwt.json b/packages/strapi-plugin-users-permissions/config/security.json
similarity index 63%
rename from packages/strapi-plugin-users-permissions/config/jwt.json
rename to packages/strapi-plugin-users-permissions/config/security.json
index 79215b2b9c..0d74db128a 100644
--- a/packages/strapi-plugin-users-permissions/config/jwt.json
+++ b/packages/strapi-plugin-users-permissions/config/security.json
@@ -1,3 +1,5 @@
 {
+  "jwt": {
     "expiresIn": "30d"
+  }
 }
\ No newline at end of file
diff --git a/packages/strapi-plugin-users-permissions/services/Jwt.js b/packages/strapi-plugin-users-permissions/services/Jwt.js
index d209ab559d..b92c56b2fc 100644
--- a/packages/strapi-plugin-users-permissions/services/Jwt.js
+++ b/packages/strapi-plugin-users-permissions/services/Jwt.js
@@ -8,7 +8,6 @@
 
 const _ = require('lodash');
 const jwt = require('jsonwebtoken');
-const defaultJwtOptions = require('../config/jwt.json');
 
 module.exports = {
   getToken(ctx) {
@@ -40,7 +39,7 @@ module.exports = {
   },
 
   issue(payload, jwtOptions = {}) {
-    _.defaults(jwtOptions, defaultJwtOptions);
+    _.defaults(jwtOptions, strapi.plugins['users-permissions'].config.jwt);
     return jwt.sign(
       _.clone(payload.toJSON ? payload.toJSON() : payload),
       _.get(strapi.plugins, ['users-permissions', 'config', 'jwtSecret']),