yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-07-12 11:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
13,335 Commits 122 Branches 483 Tags
Commit Graph

142 Commits

Author SHA1 Message Date
Alexandre BODIN
48a818041e
Fix some user permission issue (#6629) 
* Fix some security issue

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>

* compt node 10

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
 2020-06-15 10:34:59 +02:00
Damien Tsenkoff
1f9d6af6c9
🚑 Forgot/Reset password fix for MongoDB - only update mandatory fields (#6327) 
* 🚑 Reset password only update mandatory fields

Signed-off-by: Damien Tsenkoff <d.tsenkoff@gmail.com>

* 🔥 Remove unused / unnecessary code

Signed-off-by: Damien Tsenkoff <d.tsenkoff@gmail.com>
 2020-06-01 10:33:50 +02:00
Alexandre Bodin
0d5ccbfd2d Merge branch 'master' into documentation 
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
 2020-05-26 15:12:18 +02:00
Alexandre BODIN
f32bc7b30b
Merge pull request #5655 from ScottAgirs/patch---adjust-naming-to-password-mutations 
Fix #5653: improve UserPermissions - password mutations
 2020-05-25 15:44:48 +02:00
Alexandre BODIN
9f5844949d
Merge pull request #6124 from frosato-dev/master 
Prevent user registration with confirmed status
 2020-05-19 13:21:58 +02:00
François Rosato
37e97d6219 Prevent user registration with confirmed status 
Pull request https://github.com/strapi/strapi/pull/6072 aimed to add security by preventing creation of user with email confirmation enabled. By limiting user params to 'username', 'email', 'password', the current code do not allow adding custom field to user entity during registration which may breaks existing applications that have added required custom fields into user model .

Signed-off-by: François Rosato <francois.rosato@ekino.com>
 2020-05-19 11:52:45 +02:00
ramigs
24e015e3c0
in register, response has the jwt property only if email confirmation setting is true (#6192) 
Signed-off-by: ramigs <ramigs@gmail.com>
 2020-05-15 09:20:35 +02:00
Pierre Noël
57d7d876b7
Fix/#4513/ability to use a sub path behind a proxy (#5833) 
* add possibility to use strapi on a non-root base url path

* fix documentation password form

* use server.url and admin.url in config

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

* update doc proxy

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

* move server.url location in config

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

* refacto

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

* add possibility to put relative urls

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

* allow '/' as an admin url + refacto

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

* update yarn.lock

Signed-off-by: Pierre Noël <petersg83@gmail.com>

* refacto

Signed-off-by: Pierre Noël <petersg83@gmail.com>

* Remove default proxy option

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>

* fix github provider

Signed-off-by: Pierre Noël <petersg83@gmail.com>

* fix github login

Signed-off-by: Pierre Noël <petersg83@gmail.com>

* Remove files that should be here

Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>

Co-authored-by: Pierre Noël <pierre.noel@strapi.io>
Co-authored-by: Alexandre Bodin <bodin.alex@gmail.com>
 2020-05-08 13:50:00 +02:00
ScottAgirs
d41227b75d Merge branch 'master' into patch---adjust-naming-to-password-mutations 
Signed-off-by: ScottAgirs <scott@ijs.to>
 2020-05-07 13:05:29 -04:00
Alexandre Bodin
a927f7e19b Only allow registeration with specific fields 
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
Co-authored-by: diogotcorreia
 2020-05-05 14:46:44 +02:00
Daniel
f56158b684 Fix email confirmation redirect which got broken in #5580 
Signed-off-by: Daniel <epegzz@gmail.com>
 2020-04-15 22:25:27 +02:00
ScottAgirs
823acf4777 [deprecate] change-password in favour of reset-password 
Signed-off-by: ScottAgirs <scott@ijs.to>
 2020-04-11 13:41:09 -04:00
ScottAgirs
8e322285d6 [add] changePassword mutation 
Signed-off-by: ScottAgirs <scott@ijs.to>
 2020-03-31 00:55:35 -04:00
ScottAgirs
801224f2d9 [rename] changePassword > resetPassword for accuracy 
Signed-off-by: ScottAgirs <scott@ijs.to>
 2020-03-31 00:55:35 -04:00
Roel Beerens
2570e27238 feat: Added missing forgotPassword, changePassword and emailConfirmation mutations/resolvers. Made a slight adjustment to the emailConfirmation controller function in Auth.js to return a UsersPermissionsLoginPayload when using GraphQL 
Signed-off-by: Roel Beerens <roel@gravity.nl>
 2020-03-23 18:02:26 +01:00
Pierre Noël
b5ec9cb1c8 handle unexpected params from koa-router 
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>

Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
 2020-03-06 19:16:51 +01:00
Fredrik Söderquist
52e6d33f0e Match provider when logging in, to make sure the right user is found 
Signed-off-by: Fredrik Söderquist <fregu808@gmail.com>
 2020-02-06 21:14:36 +01:00
nurikabe
4ab268b134 RFC-822 doesn't require double quotes around the descriptive name in an email address 2020-01-18 16:39:27 -05:00
Fredrik Söderquist
21bbbbcfe8
Merge branch 'master' into fix/readCallbackProvider 2020-01-15 11:25:12 +01:00
Fredrik Söderquist
47a3a20654 remove querystring from ctx.path when reading provider 2020-01-15 11:18:12 +01:00
slackr
89675409ba
fix error reply text 2020-01-10 07:40:17 -05:00
Jim LAURIE
3fe87ffcc7 Fix #4559 lowercase the email in the forgot password function 2019-11-26 16:03:06 +01:00
matthieuowlie
ef9de8815c Add POST route /auth/send-email-confirmation (#4270) 
* Add POST route /auth/send-email-confirmation to call sendEmailConfirmation function of plugin users-permissions

* Add documentation about /auth/send-email-confirmation POST route

* Added documentation in docs\3.0.0-beta.x\plugins\users-permissions about email confirmation function

* Update code example for send-email-confirmation function
 2019-11-13 18:45:23 +01:00
Alexandre Bodin
e0424d4b88 Fix security issue with reset password code 2019-11-04 17:40:53 +01:00
NerdyLuffy
31ad1bca1b Added Validation on the email address 2019-11-03 10:41:21 +11:00
Jim LAURIE
5ddb32222b Apply PR feedback 2019-10-15 11:56:13 +02:00
Jim LAURIE
9b49bee4b4 Fix #549 forgot password url 2019-10-09 17:37:16 +02:00
Alexandre BODIN
cf58f742ef
Merge branch 'master' into patch-1 2019-10-04 14:41:08 +02:00
Alexandre BODIN
d5700feefb
Merge branch 'master' into patch-1 2019-09-20 09:37:36 +02:00
Alexandre Bodin
6ec284180a sanitize user model data 2019-09-12 10:50:52 +02:00
Alexandre Bodin
a22f2cefef Remove x-forwarded-host. 
- set security defaults for development mode that are standard
- refactor error messages to work without ctx.request.admin
- remove mask middleware and add a sanitization layer to the core-api to
hide private fileds
 2019-09-06 14:33:24 +02:00
Sajjad Shirazy
cc178e1cb2
Ability to pass OAuth callback dynamically 2019-08-26 10:41:50 +04:30
Alexandre Bodin
2a780ea10a Clear _id now that queries return an id everytime 2019-08-13 17:40:31 +02:00
Alexandre Bodin
7520961d27 Merge branch 'master' into develop 2019-08-06 13:49:10 +02:00
Alexandre BODIN
ce1f66970b
Merge branch 'master' into master 2019-08-06 08:31:42 +02:00
Rémi M
ad01efc7ff
Fix /auth/login, reformat code and fix comment 2019-08-06 00:51:27 +02:00
Rémi M
0d1450bd19
Fix /auth/login, user object was ignoring files and relations 
Remove useless variables
 2019-08-06 00:44:08 +02:00
Rémi M
04f0995b43
Fix /auth/login, user object ignore files and relations 
Find user by email or identifier to get files and relations.
 2019-08-03 15:58:01 +02:00
Alexandre Bodin
928c7f4776 fix create/update role 2019-07-16 20:52:31 +02:00
Alexandre Bodin
1658b48aa0 Refactor users-permissions to use the new strapi.query 2019-07-16 17:23:38 +02:00
Alexandre Bodin
44a382149f Fix grant-koa breaking with strapi on grant-koa v4.6.0 2019-06-27 18:24:04 +02:00
Alexandre Bodin
864a6ecaea Refactor middleware loading 2019-06-11 18:22:07 +02:00
Alexandre Bodin
a41641bfe4 Add a queries interface to the plugins 2019-04-26 13:40:23 +02:00
soupette
e56e46e030 Split admin and users. 
Co-authored-by: lauriejim
 2019-04-09 12:09:03 +02:00
Jim LAURIE
8640864b71
Merge branch 'master' into fix/confirm-email-token 2019-03-06 17:57:52 +01:00
Jim LAURIE
d110a942eb Remove token from register route if confirm email is required 2019-03-01 16:28:44 +01:00
Jim LAURIE
53e82cde6a Fix bad token for confirmation link 2019-03-01 15:01:09 +01:00
EpicUsaMan
ae50cace6e
Fix for SQLite 2019-02-28 19:27:36 +02:00
EpicUsaMan
82f83260e9
Fix after pull request review 2019-02-06 21:57:50 +02:00
EpicUsaMan
327f5f9d4e
Cannot send email because options.to is undefined 
Currently user doesn't have property email, but have attributes object with email property inside.
 2019-02-03 02:06:30 +02:00