Pull request https://github.com/strapi/strapi/pull/6072 aimed to add security by preventing creation of user with email confirmation enabled. By limiting user params to 'username', 'email', 'password', the current code do not allow adding custom field to user entity during registration which may breaks existing applications that have added required custom fields into user model .
Signed-off-by: François Rosato <francois.rosato@ekino.com>
* add possibility to use strapi on a non-root base url path
* fix documentation password form
* use server.url and admin.url in config
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* update doc proxy
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* move server.url location in config
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* refacto
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* add possibility to put relative urls
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* allow '/' as an admin url + refacto
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* update yarn.lock
Signed-off-by: Pierre Noël <petersg83@gmail.com>
* refacto
Signed-off-by: Pierre Noël <petersg83@gmail.com>
* Remove default proxy option
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
* fix github provider
Signed-off-by: Pierre Noël <petersg83@gmail.com>
* fix github login
Signed-off-by: Pierre Noël <petersg83@gmail.com>
* Remove files that should be here
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
Co-authored-by: Pierre Noël <pierre.noel@strapi.io>
Co-authored-by: Alexandre Bodin <bodin.alex@gmail.com>
* Add POST route /auth/send-email-confirmation to call sendEmailConfirmation function of plugin users-permissions
* Add documentation about /auth/send-email-confirmation POST route
* Added documentation in docs\3.0.0-beta.x\plugins\users-permissions about email confirmation function
* Update code example for send-email-confirmation function
- set security defaults for development mode that are standard
- refactor error messages to work without ctx.request.admin
- remove mask middleware and add a sanitization layer to the core-api to
hide private fileds
