Alexandre BODIN
f32bc7b30b
Merge pull request #5655 from ScottAgirs/patch---adjust-naming-to-password-mutations
...
Fix #5653 : improve UserPermissions - password mutations
2020-05-25 15:44:48 +02:00
Alexandre BODIN
9f5844949d
Merge pull request #6124 from frosato-dev/master
...
Prevent user registration with confirmed status
2020-05-19 13:21:58 +02:00
François Rosato
37e97d6219
Prevent user registration with confirmed status
...
Pull request https://github.com/strapi/strapi/pull/6072 aimed to add security by preventing creation of user with email confirmation enabled. By limiting user params to 'username', 'email', 'password', the current code do not allow adding custom field to user entity during registration which may breaks existing applications that have added required custom fields into user model .
Signed-off-by: François Rosato <francois.rosato@ekino.com>
2020-05-19 11:52:45 +02:00
ramigs
24e015e3c0
in register, response has the jwt property only if email confirmation setting is true ( #6192 )
...
Signed-off-by: ramigs <ramigs@gmail.com>
2020-05-15 09:20:35 +02:00
trick0
04337262cb
Merge branch 'master' into master
...
Signed-off-by: Walter Cossu <walter.cossu@realt.it>
2020-05-13 18:33:44 +02:00
Pierre Noël
57d7d876b7
Fix/#4513/ability to use a sub path behind a proxy ( #5833 )
...
* add possibility to use strapi on a non-root base url path
* fix documentation password form
* use server.url and admin.url in config
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* update doc proxy
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* move server.url location in config
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* refacto
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* add possibility to put relative urls
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* allow '/' as an admin url + refacto
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
* update yarn.lock
Signed-off-by: Pierre Noël <petersg83@gmail.com>
* refacto
Signed-off-by: Pierre Noël <petersg83@gmail.com>
* Remove default proxy option
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
* fix github provider
Signed-off-by: Pierre Noël <petersg83@gmail.com>
* fix github login
Signed-off-by: Pierre Noël <petersg83@gmail.com>
* Remove files that should be here
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
Co-authored-by: Pierre Noël <pierre.noel@strapi.io>
Co-authored-by: Alexandre Bodin <bodin.alex@gmail.com>
2020-05-08 13:50:00 +02:00
ScottAgirs
d41227b75d
Merge branch 'master' into patch---adjust-naming-to-password-mutations
...
Signed-off-by: ScottAgirs <scott@ijs.to>
2020-05-07 13:05:29 -04:00
Alexandre Bodin
a927f7e19b
Only allow registeration with specific fields
...
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
Co-authored-by: diogotcorreia
2020-05-05 14:46:44 +02:00
Walter Cossu
c01bda9fff
added user count
...
Signed-off-by: Walter Cossu <walter.cossu@realt.it>
2020-04-17 18:00:03 +02:00
Alexandre Bodin
94dbf10adc
Merge branch 'master' into develop
2020-04-16 14:05:23 +02:00
Daniel
f56158b684
Fix email confirmation redirect which got broken in #5580
...
Signed-off-by: Daniel <epegzz@gmail.com>
2020-04-15 22:25:27 +02:00
ScottAgirs
823acf4777
[deprecate] change-password in favour of reset-password
...
Signed-off-by: ScottAgirs <scott@ijs.to>
2020-04-11 13:41:09 -04:00
ScottAgirs
8e322285d6
[add] changePassword mutation
...
Signed-off-by: ScottAgirs <scott@ijs.to>
2020-03-31 00:55:35 -04:00
ScottAgirs
801224f2d9
[rename] changePassword > resetPassword for accuracy
...
Signed-off-by: ScottAgirs <scott@ijs.to>
2020-03-31 00:55:35 -04:00
soupette
38b7823b34
Merge branch 'develop' of github.com:strapi/strapi into features/media-lib
2020-03-26 08:01:22 +01:00
Roel Beerens
2570e27238
feat: Added missing forgotPassword, changePassword and emailConfirmation mutations/resolvers. Made a slight adjustment to the emailConfirmation controller function in Auth.js to return a UsersPermissionsLoginPayload when using GraphQL
...
Signed-off-by: Roel Beerens <roel@gravity.nl>
2020-03-23 18:02:26 +01:00
soupette
f99f83af02
Merge branch 'develop' of github.com:strapi/strapi into features/media-lib
2020-03-13 11:04:45 +01:00
Pierre Noël
b5ec9cb1c8
handle unexpected params from koa-router
...
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
Signed-off-by: Pierre Noël <pierre.noel@strapi.io>
2020-03-06 19:16:51 +01:00
Alexandre Bodin
7a8c865051
Merge branch 'develop' into features/media-lib
...
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
2020-03-02 15:18:08 +01:00
Alexandre Bodin
0c6d39297f
Add graphql tests for single-types
...
Signed-off-by: Alexandre Bodin <bodin.alex@gmail.com>
2020-02-10 21:38:37 +01:00
Fredrik Söderquist
52e6d33f0e
Match provider when logging in, to make sure the right user is found
...
Signed-off-by: Fredrik Söderquist <fregu808@gmail.com>
2020-02-06 21:14:36 +01:00
nurikabe
4ab268b134
RFC-822 doesn't require double quotes around the descriptive name in an email address
2020-01-18 16:39:27 -05:00
Fredrik Söderquist
21bbbbcfe8
Merge branch 'master' into fix/readCallbackProvider
2020-01-15 11:25:12 +01:00
Fredrik Söderquist
47a3a20654
remove querystring from ctx.path when reading provider
2020-01-15 11:18:12 +01:00
slackr
89675409ba
fix error reply text
2020-01-10 07:40:17 -05:00
Jim LAURIE
d4432d1627
fix: update user loggedin via provider
...
Apply the password not null validation only if the provider is local.
With that provider users not require a password on profile update.
fix #2963
2019-12-28 16:42:53 +01:00
Jim LAURIE
3fe87ffcc7
Fix #4559 lowercase the email in the forgot password function
2019-11-26 16:03:06 +01:00
matthieuowlie
ef9de8815c
Add POST route /auth/send-email-confirmation ( #4270 )
...
* Add POST route /auth/send-email-confirmation to call sendEmailConfirmation function of plugin users-permissions
* Add documentation about /auth/send-email-confirmation POST route
* Added documentation in docs\3.0.0-beta.x\plugins\users-permissions about email confirmation function
* Update code example for send-email-confirmation function
2019-11-13 18:45:23 +01:00
Alexandre Bodin
e0424d4b88
Fix security issue with reset password code
2019-11-04 17:40:53 +01:00
NerdyLuffy
31ad1bca1b
Added Validation on the email address
2019-11-03 10:41:21 +11:00
Jonathan Tey
b35409cf5e
Fix spelling Eamil -> Email
2019-10-17 18:01:09 +08:00
KalanyuZ
edbff44c82
Add GraphQL register/login ( #3879 )
...
* Add GraphQL login
* Add GraphQL register
* Add graphql login/register/delete End2End test
* Update from requests
* Remove logging
* Update to beta.16
* Update
* Add error handling
* Util function
* Update
2019-10-15 17:17:54 +02:00
Jim LAURIE
5ddb32222b
Apply PR feedback
2019-10-15 11:56:13 +02:00
Jim LAURIE
9b49bee4b4
Fix #549 forgot password url
2019-10-09 17:37:16 +02:00
Alexandre BODIN
cf58f742ef
Merge branch 'master' into patch-1
2019-10-04 14:41:08 +02:00
Alexandre BODIN
d5700feefb
Merge branch 'master' into patch-1
2019-09-20 09:37:36 +02:00
Alexandre Bodin
bf7870de3b
Merge branch 'master' of github.com:strapi/strapi into chore/routing-x-forwarded
2019-09-18 17:29:09 +02:00
Alexandre Bodin
c9a3bfc763
Clean code styling
2019-09-18 13:26:56 +02:00
Alexandre Bodin
6c2d413ba0
Fix user-permissions graphql permissions and update user
2019-09-18 12:07:45 +02:00
Alexandre Bodin
6ec284180a
sanitize user model data
2019-09-12 10:50:52 +02:00
Alexandre Bodin
a22f2cefef
Remove x-forwarded-host.
...
- set security defaults for development mode that are standard
- refactor error messages to work without ctx.request.admin
- remove mask middleware and add a sanitization layer to the core-api to
hide private fileds
2019-09-06 14:33:24 +02:00
Sajjad Shirazy
cc178e1cb2
Ability to pass OAuth callback dynamically
2019-08-26 10:41:50 +04:30
Alexandre Bodin
2a780ea10a
Clear _id now that queries return an id everytime
2019-08-13 17:40:31 +02:00
Alexandre Bodin
7520961d27
Merge branch 'master' into develop
2019-08-06 13:49:10 +02:00
Alexandre BODIN
ce1f66970b
Merge branch 'master' into master
2019-08-06 08:31:42 +02:00
Rémi M
ad01efc7ff
Fix /auth/login, reformat code and fix comment
2019-08-06 00:51:27 +02:00
Rémi M
0d1450bd19
Fix /auth/login, user object was ignoring files and relations
...
Remove useless variables
2019-08-06 00:44:08 +02:00
Alexandre Bodin
e4c7a699fb
Add image upload in routing policy of the content manager
2019-08-05 10:31:18 +02:00
Rémi M
04f0995b43
Fix /auth/login, user object ignore files and relations
...
Find user by email or identifier to get files and relations.
2019-08-03 15:58:01 +02:00
Alexandre Bodin
928c7f4776
fix create/update role
2019-07-16 20:52:31 +02:00