yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-12 19:41:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,036 Commits 122 Branches 483 Tags
Commit Graph

131 Commits

Author SHA1 Message Date
François Rosato
37e97d6219 Prevent user registration with confirmed status 
Pull request https://github.com/strapi/strapi/pull/6072 aimed to add security by preventing creation of user with email confirmation enabled. By limiting user params to 'username', 'email', 'password', the current code do not allow adding custom field to user entity during registration which may breaks existing applications that have added required custom fields into user model .

Signed-off-by: François Rosato <francois.rosato@ekino.com>
 2020-05-19 11:52:45 +02:00
Alexandre Bodin
a927f7e19b Only allow registeration with specific fields 
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
Co-authored-by: diogotcorreia
 2020-05-05 14:46:44 +02:00
Daniel
f56158b684 Fix email confirmation redirect which got broken in #5580 
Signed-off-by: Daniel <epegzz@gmail.com>
 2020-04-15 22:25:27 +02:00
Roel Beerens
2570e27238 feat: Added missing forgotPassword, changePassword and emailConfirmation mutations/resolvers. Made a slight adjustment to the emailConfirmation controller function in Auth.js to return a UsersPermissionsLoginPayload when using GraphQL 
Signed-off-by: Roel Beerens <roel@gravity.nl>
 2020-03-23 18:02:26 +01:00
Pierre Noël
b5ec9cb1c8 handle unexpected params from koa-router 
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
 2020-03-06 19:16:51 +01:00
Fredrik Söderquist
52e6d33f0e Match provider when logging in, to make sure the right user is found 
Signed-off-by: Fredrik Söderquist <fregu808@gmail.com>
 2020-02-06 21:14:36 +01:00
nurikabe
4ab268b134 RFC-822 doesn't require double quotes around the descriptive name in an email address 2020-01-18 16:39:27 -05:00
Fredrik Söderquist
21bbbbcfe8
Merge branch 'master' into fix/readCallbackProvider 2020-01-15 11:25:12 +01:00
Fredrik Söderquist
47a3a20654 remove querystring from ctx.path when reading provider 2020-01-15 11:18:12 +01:00
slackr
89675409ba
fix error reply text 2020-01-10 07:40:17 -05:00
Jim LAURIE
3fe87ffcc7 Fix #4559 lowercase the email in the forgot password function 2019-11-26 16:03:06 +01:00
matthieuowlie
ef9de8815c Add POST route /auth/send-email-confirmation (#4270) 
* Add POST route /auth/send-email-confirmation to call sendEmailConfirmation function of plugin users-permissions

* Add documentation about /auth/send-email-confirmation POST route

* Added documentation in docs\3.0.0-beta.x\plugins\users-permissions about email confirmation function

* Update code example for send-email-confirmation function
 2019-11-13 18:45:23 +01:00
Alexandre Bodin
e0424d4b88 Fix security issue with reset password code 2019-11-04 17:40:53 +01:00
NerdyLuffy
31ad1bca1b Added Validation on the email address 2019-11-03 10:41:21 +11:00
Jim LAURIE
5ddb32222b Apply PR feedback 2019-10-15 11:56:13 +02:00
Jim LAURIE
9b49bee4b4 Fix #549 forgot password url 2019-10-09 17:37:16 +02:00
Alexandre BODIN
cf58f742ef
Merge branch 'master' into patch-1 2019-10-04 14:41:08 +02:00
Alexandre BODIN
d5700feefb
Merge branch 'master' into patch-1 2019-09-20 09:37:36 +02:00
Alexandre Bodin
6ec284180a sanitize user model data 2019-09-12 10:50:52 +02:00
Alexandre Bodin
a22f2cefef Remove x-forwarded-host. 
- set security defaults for development mode that are standard
- refactor error messages to work without ctx.request.admin
- remove mask middleware and add a sanitization layer to the core-api to
hide private fileds
 2019-09-06 14:33:24 +02:00
Sajjad Shirazy
cc178e1cb2
Ability to pass OAuth callback dynamically 2019-08-26 10:41:50 +04:30
Alexandre Bodin
2a780ea10a Clear _id now that queries return an id everytime 2019-08-13 17:40:31 +02:00
Alexandre Bodin
7520961d27 Merge branch 'master' into develop 2019-08-06 13:49:10 +02:00
Alexandre BODIN
ce1f66970b
Merge branch 'master' into master 2019-08-06 08:31:42 +02:00
Rémi M
ad01efc7ff
Fix /auth/login, reformat code and fix comment 2019-08-06 00:51:27 +02:00
Rémi M
0d1450bd19
Fix /auth/login, user object was ignoring files and relations 
Remove useless variables
 2019-08-06 00:44:08 +02:00
Rémi M
04f0995b43
Fix /auth/login, user object ignore files and relations 
Find user by email or identifier to get files and relations.
 2019-08-03 15:58:01 +02:00
Alexandre Bodin
928c7f4776 fix create/update role 2019-07-16 20:52:31 +02:00
Alexandre Bodin
1658b48aa0 Refactor users-permissions to use the new strapi.query 2019-07-16 17:23:38 +02:00
Alexandre Bodin
44a382149f Fix grant-koa breaking with strapi on grant-koa v4.6.0 2019-06-27 18:24:04 +02:00
Alexandre Bodin
864a6ecaea Refactor middleware loading 2019-06-11 18:22:07 +02:00
Alexandre Bodin
a41641bfe4 Add a queries interface to the plugins 2019-04-26 13:40:23 +02:00
soupette
e56e46e030 Split admin and users. 
Co-authored-by: lauriejim
 2019-04-09 12:09:03 +02:00
Jim LAURIE
8640864b71
Merge branch 'master' into fix/confirm-email-token 2019-03-06 17:57:52 +01:00
Jim LAURIE
d110a942eb Remove token from register route if confirm email is required 2019-03-01 16:28:44 +01:00
Jim LAURIE
53e82cde6a Fix bad token for confirmation link 2019-03-01 15:01:09 +01:00
EpicUsaMan
ae50cace6e
Fix for SQLite 2019-02-28 19:27:36 +02:00
EpicUsaMan
82f83260e9
Fix after pull request review 2019-02-06 21:57:50 +02:00
EpicUsaMan
327f5f9d4e
Cannot send email because options.to is undefined 
Currently user doesn't have property email, but have attributes object with email property inside.
 2019-02-03 02:06:30 +02:00
Aurélien Georget
f534340ca2 Add listeners to events 2019-01-18 16:08:15 +01:00
ByoungYong Kim
fa2c6f37aa
Merge branch 'master' into fix/reattempt-1851 2018-11-17 20:27:08 +01:00
aDeve
429973f814 code review : remove longline, and invers logic condition 2018-11-02 11:47:04 +01:00
aDeve
f39e917ab1 fix #2108 : handle redirect after reset password 2018-10-31 17:36:00 +01:00
Benjamin Devaublanc
0383c4a6ba Check if user exists before testing user.confirmed 2018-10-23 18:49:49 +02:00
Benjamin Devaublanc
a468f82da0 Fix error 500 when user trying to signin with bad credentials 2018-10-23 13:17:27 +02:00
ByoungYong Kim
a51b030e82 Made hold public base url and Auth controller utilize the value. 2018-10-09 13:03:59 +02:00
ByoungYong Kim
1c7102381d Using optional proxy config to generate url for and 2018-10-09 11:09:34 +02:00
Jim LAURIE
d2eb881ca8
Merge branch 'master' into master 2018-09-10 17:38:12 +02:00
Jim LAURIE
34124bd6a3
Check user exist before user is blocked 2018-09-05 11:14:03 +02:00
Jim LAURIE
3a396972f0 Fix #1882 2018-09-03 14:19:51 +02:00