{"version":3,"file":"users-permissions.mjs","sources":["../../../server/strategies/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst { castArray, map, every, pipe } = require('lodash/fp');\nconst { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors;\n\nconst { getService } = require('../utils');\n\nconst getAdvancedSettings = () => {\n return strapi.store({ type: 'plugin', name: 'users-permissions' }).get({ key: 'advanced' });\n};\n\nconst authenticate = async (ctx) => {\n try {\n const token = await getService('jwt').getToken(ctx);\n\n if (token) {\n const { id, sessionId } = token;\n\n // Invalid token\n if (id === undefined) {\n return { authenticated: false };\n }\n\n const user = await getService('user').fetchAuthenticatedUser(id);\n\n // No user associated to the token\n if (!user) {\n return { error: 'Invalid credentials' };\n }\n\n const advancedSettings = await getAdvancedSettings();\n\n // User not confirmed\n if (advancedSettings.email_confirmation && !user.confirmed) {\n return { error: 'Invalid credentials' };\n }\n\n // User blocked\n if (user.blocked) {\n return { error: 'Invalid credentials' };\n }\n\n // Fetch user's permissions\n const permissions = await Promise.resolve(user.role.id)\n .then(getService('permission').findRolePermissions)\n .then(map(getService('permission').toContentAPIPermission));\n\n // Generate an ability (content API engine) based on the given permissions\n const ability = await strapi.contentAPI.permissions.engine.generateAbility(permissions);\n\n ctx.state.user = user;\n // Expose the session backing this request (refresh mode only) so endpoints\n // can flag the \"current\" session when listing active sessions.\n if (sessionId) {\n ctx.state.session = { id: sessionId };\n }\n\n return {\n authenticated: true,\n credentials: user,\n ability,\n };\n }\n\n const publicPermissions = await getService('permission')\n .findPublicPermissions()\n .then(map(getService('permission').toContentAPIPermission));\n\n if (publicPermissions.length === 0) {\n return { authenticated: false };\n }\n\n const ability = await strapi.contentAPI.permissions.engine.generateAbility(publicPermissions);\n\n return {\n authenticated: true,\n credentials: null,\n ability,\n };\n } catch (err) {\n return { authenticated: false };\n }\n};\n\nconst verify = async (auth, config) => {\n const { credentials: user, ability } = auth;\n\n if (!config.scope) {\n if (!user) {\n // A non authenticated user cannot access routes that do not have a scope\n throw new UnauthorizedError();\n } else {\n // An authenticated user can access non scoped routes\n return;\n }\n }\n\n // If no ability have been generated, then consider auth is missing\n if (!ability) {\n throw new UnauthorizedError();\n }\n\n const isAllowed = pipe(\n // Make sure we're dealing with an array\n castArray,\n // Transform the scope array into an action array\n every((scope) => ability.can(scope))\n )(config.scope);\n\n if (!isAllowed) {\n throw new ForbiddenError();\n }\n};\n\nmodule.exports = {\n name: 'users-permissions',\n authenticate,\n verify,\n};\n"],"names":["castArray","map","every","pipe","require$$0","ForbiddenError","UnauthorizedError","require$$1","errors","getService","require$$2","getAdvancedSettings","strapi","store","type","name","get","key","authenticate","ctx","token","getToken","id","sessionId","undefined","authenticated","user","fetchAuthenticatedUser","error","advancedSettings","email_confirmation","confirmed","blocked","permissions","Promise","resolve","role","then","findRolePermissions","toContentAPIPermission","ability","contentAPI","engine","generateAbility","state","session","credentials","publicPermissions","findPublicPermissions","length","err","verify","auth","config","scope","isAllowed","can","usersPermissions"],"mappings":";;;;;;;;;IAEA,MAAM,EAAEA,SAAS,EAAEC,GAAG,EAAEC,KAAK,EAAEC,IAAI,EAAE,GAAGC,UAAAA;AACxC,IAAA,MAAM,EAAEC,cAAc,EAAEC,iBAAiB,EAAE,GAAGC,WAAyBC,MAAM;IAE7E,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAAA,GAAsB,IAAA;QAC1B,OAAOC,MAAAA,CAAOC,KAAK,CAAC;YAAEC,IAAAA,EAAM,QAAA;YAAUC,IAAAA,EAAM;AAAmB,SAAA,CAAA,CAAIC,GAAG,CAAC;YAAEC,GAAAA,EAAK;AAAU,SAAA,CAAA;AAC1F,IAAA,CAAA;AAEA,IAAA,MAAMC,eAAe,OAAOC,GAAAA,GAAAA;QAC1B,IAAI;AACF,YAAA,MAAMC,KAAAA,GAAQ,MAAMX,UAAAA,CAAW,KAAA,CAAA,CAAOY,QAAQ,CAACF,GAAAA,CAAAA;AAE/C,YAAA,IAAIC,KAAAA,EAAO;AACT,gBAAA,MAAM,EAAEE,EAAE,EAAEC,SAAS,EAAE,GAAGH,KAAAA;;AAG1B,gBAAA,IAAIE,OAAOE,SAAAA,EAAW;oBACpB,OAAO;wBAAEC,aAAAA,EAAe;;AAChC,gBAAA;AAEM,gBAAA,MAAMC,IAAAA,GAAO,MAAMjB,UAAAA,CAAW,MAAA,CAAA,CAAQkB,sBAAsB,CAACL,EAAAA,CAAAA;;AAG7D,gBAAA,IAAI,CAACI,IAAAA,EAAM;oBACT,OAAO;wBAAEE,KAAAA,EAAO;;AACxB,gBAAA;AAEM,gBAAA,MAAMC,mBAAmB,MAAMlB,mBAAAA,EAAAA;;AAG/B,gBAAA,IAAIkB,iBAAiBC,kBAAkB,IAAI,CAACJ,IAAAA,CAAKK,SAAS,EAAE;oBAC1D,OAAO;wBAAEH,KAAAA,EAAO;;AACxB,gBAAA;;gBAGM,IAAIF,IAAAA,CAAKM,OAAO,EAAE;oBAChB,OAAO;wBAAEJ,KAAAA,EAAO;;AACxB,gBAAA;;gBAGM,MAAMK,WAAAA,GAAc,MAAMC,OAAAA,CAAQC,OAAO,CAACT,IAAAA,CAAKU,IAAI,CAACd,EAAE,CAAA,CACnDe,IAAI,CAAC5B,UAAAA,CAAW,cAAc6B,mBAAmB,CAAA,CACjDD,IAAI,CAACpC,GAAAA,CAAIQ,UAAAA,CAAW,YAAA,CAAA,CAAc8B,sBAAsB,CAAA,CAAA;;gBAG3D,MAAMC,OAAAA,GAAU,MAAM5B,MAAAA,CAAO6B,UAAU,CAACR,WAAW,CAACS,MAAM,CAACC,eAAe,CAACV,WAAAA,CAAAA;gBAE3Ed,GAAAA,CAAIyB,KAAK,CAAClB,IAAI,GAAGA,IAAAA;;;AAGjB,gBAAA,IAAIH,SAAAA,EAAW;oBACbJ,GAAAA,CAAIyB,KAAK,CAACC,OAAO,GAAG;wBAAEvB,EAAAA,EAAIC;AAAS,qBAAA;AAC3C,gBAAA;gBAEM,OAAO;oBACLE,aAAAA,EAAe,IAAA;oBACfqB,WAAAA,EAAapB,IAAAA;AACbc,oBAAAA;AACR,iBAAA;AACA,YAAA;YAEI,MAAMO,iBAAAA,GAAoB,MAAMtC,UAAAA,CAAW,YAAA,CAAA,CACxCuC,qBAAqB,EAAA,CACrBX,IAAI,CAACpC,GAAAA,CAAIQ,UAAAA,CAAW,YAAA,CAAA,CAAc8B,sBAAsB,CAAA,CAAA;YAE3D,IAAIQ,iBAAAA,CAAkBE,MAAM,KAAK,CAAA,EAAG;gBAClC,OAAO;oBAAExB,aAAAA,EAAe;;AAC9B,YAAA;YAEI,MAAMe,OAAAA,GAAU,MAAM5B,MAAAA,CAAO6B,UAAU,CAACR,WAAW,CAACS,MAAM,CAACC,eAAe,CAACI,iBAAAA,CAAAA;YAE3E,OAAO;gBACLtB,aAAAA,EAAe,IAAA;gBACfqB,WAAAA,EAAa,IAAA;AACbN,gBAAAA;AACN,aAAA;AACA,QAAA,CAAA,CAAI,OAAOU,GAAAA,EAAK;YACZ,OAAO;gBAAEzB,aAAAA,EAAe;;AAC5B,QAAA;AACA,IAAA,CAAA;IAEA,MAAM0B,MAAAA,GAAS,OAAOC,IAAAA,EAAMC,MAAAA,GAAAA;AAC1B,QAAA,MAAM,EAAEP,WAAAA,EAAapB,IAAI,EAAEc,OAAO,EAAE,GAAGY,IAAAA;QAEvC,IAAI,CAACC,MAAAA,CAAOC,KAAK,EAAE;AACjB,YAAA,IAAI,CAAC5B,IAAAA,EAAM;;AAET,gBAAA,MAAM,IAAIpB,iBAAAA,EAAAA;YAChB,CAAA,MAAW;;AAEL,gBAAA;AACN,YAAA;AACA,QAAA;;AAGE,QAAA,IAAI,CAACkC,OAAAA,EAAS;AACZ,YAAA,MAAM,IAAIlC,iBAAAA,EAAAA;AACd,QAAA;QAEE,MAAMiD,SAAAA,GAAYpD;AAEhBH,QAAAA,SAAAA;AAEAE,QAAAA,KAAAA,CAAM,CAACoD,KAAAA,GAAUd,OAAAA,CAAQgB,GAAG,CAACF,KAAAA,CAAAA,CAAAA,CAAAA,CAC7BD,OAAOC,KAAK,CAAA;AAEd,QAAA,IAAI,CAACC,SAAAA,EAAW;AACd,YAAA,MAAM,IAAIlD,cAAAA,EAAAA;AACd,QAAA;AACA,IAAA,CAAA;IAEAoD,gBAAAA,GAAiB;QACf1C,IAAAA,EAAM,mBAAA;AACNG,QAAAA,YAAAA;AACAiC,QAAAA;AACF,KAAA;;;;;;"}