{"version":3,"file":"users-permissions.mjs","sources":["../../../server/strategies/users-permissions.js"],"sourcesContent":["'use strict';\n\nconst { castArray, map, every, pipe } = require('lodash/fp');\nconst { ForbiddenError, UnauthorizedError } = require('@strapi/utils').errors;\n\nconst { getService } = require('../utils');\n\nconst getAdvancedSettings = () => {\n  return strapi.store({ type: 'plugin', name: 'users-permissions' }).get({ key: 'advanced' });\n};\n\nconst authenticate = async (ctx) => {\n  try {\n    const token = await getService('jwt').getToken(ctx);\n\n    if (token) {\n      const { id } = token;\n\n      // Invalid token\n      if (id === undefined) {\n        return { authenticated: false };\n      }\n\n      const user = await getService('user').fetchAuthenticatedUser(id);\n\n      // No user associated to the token\n      if (!user) {\n        return { error: 'Invalid credentials' };\n      }\n\n      const advancedSettings = await getAdvancedSettings();\n\n      // User not confirmed\n      if (advancedSettings.email_confirmation && !user.confirmed) {\n        return { error: 'Invalid credentials' };\n      }\n\n      // User blocked\n      if (user.blocked) {\n        return { error: 'Invalid credentials' };\n      }\n\n      // Fetch user's permissions\n      const permissions = await Promise.resolve(user.role.id)\n        .then(getService('permission').findRolePermissions)\n        .then(map(getService('permission').toContentAPIPermission));\n\n      // Generate an ability (content API engine) based on the given permissions\n      const ability = await strapi.contentAPI.permissions.engine.generateAbility(permissions);\n\n      ctx.state.user = user;\n\n      return {\n        authenticated: true,\n        credentials: user,\n        ability,\n      };\n    }\n\n    const publicPermissions = await getService('permission')\n      .findPublicPermissions()\n      .then(map(getService('permission').toContentAPIPermission));\n\n    if (publicPermissions.length === 0) {\n      return { authenticated: false };\n    }\n\n    const ability = await strapi.contentAPI.permissions.engine.generateAbility(publicPermissions);\n\n    return {\n      authenticated: true,\n      credentials: null,\n      ability,\n    };\n  } catch (err) {\n    return { authenticated: false };\n  }\n};\n\nconst verify = async (auth, config) => {\n  const { credentials: user, ability } = auth;\n\n  if (!config.scope) {\n    if (!user) {\n      // A non authenticated user cannot access routes that do not have a scope\n      throw new UnauthorizedError();\n    } else {\n      // An authenticated user can access non scoped routes\n      return;\n    }\n  }\n\n  // If no ability have been generated, then consider auth is missing\n  if (!ability) {\n    throw new UnauthorizedError();\n  }\n\n  const isAllowed = pipe(\n    // Make sure we're dealing with an array\n    castArray,\n    // Transform the scope array into an action array\n    every((scope) => ability.can(scope))\n  )(config.scope);\n\n  if (!isAllowed) {\n    throw new ForbiddenError();\n  }\n};\n\nmodule.exports = {\n  name: 'users-permissions',\n  authenticate,\n  verify,\n};\n"],"names":["castArray","map","every","pipe","require$$0","ForbiddenError","UnauthorizedError","require$$1","errors","getService","require$$2","getAdvancedSettings","strapi","store","type","name","get","key","authenticate","ctx","token","getToken","id","undefined","authenticated","user","fetchAuthenticatedUser","error","advancedSettings","email_confirmation","confirmed","blocked","permissions","Promise","resolve","role","then","findRolePermissions","toContentAPIPermission","ability","contentAPI","engine","generateAbility","state","credentials","publicPermissions","findPublicPermissions","length","err","verify","auth","config","scope","isAllowed","can","usersPermissions"],"mappings":";;;;;;;;;IAEA,MAAM,EAAEA,SAAS,EAAEC,GAAG,EAAEC,KAAK,EAAEC,IAAI,EAAE,GAAGC,UAAAA;AACxC,IAAA,MAAM,EAAEC,cAAc,EAAEC,iBAAiB,EAAE,GAAGC,WAAyBC,MAAM;IAE7E,MAAM,EAAEC,UAAU,EAAE,GAAGC,YAAAA,EAAAA;AAEvB,IAAA,MAAMC,mBAAsB,GAAA,IAAA;QAC1B,OAAOC,MAAAA,CAAOC,KAAK,CAAC;YAAEC,IAAM,EAAA,QAAA;YAAUC,IAAM,EAAA;AAAqB,SAAA,CAAA,CAAEC,GAAG,CAAC;YAAEC,GAAK,EAAA;AAAY,SAAA,CAAA;AAC5F,KAAA;AAEA,IAAA,MAAMC,eAAe,OAAOC,GAAAA,GAAAA;QAC1B,IAAI;AACF,YAAA,MAAMC,KAAQ,GAAA,MAAMX,UAAW,CAAA,KAAA,CAAA,CAAOY,QAAQ,CAACF,GAAAA,CAAAA;AAE/C,YAAA,IAAIC,KAAO,EAAA;gBACT,MAAM,EAAEE,EAAE,EAAE,GAAGF,KAAAA;;AAGf,gBAAA,IAAIE,OAAOC,SAAW,EAAA;oBACpB,OAAO;wBAAEC,aAAe,EAAA;;AACzB;AAED,gBAAA,MAAMC,IAAO,GAAA,MAAMhB,UAAW,CAAA,MAAA,CAAA,CAAQiB,sBAAsB,CAACJ,EAAAA,CAAAA;;AAG7D,gBAAA,IAAI,CAACG,IAAM,EAAA;oBACT,OAAO;wBAAEE,KAAO,EAAA;;AACjB;AAED,gBAAA,MAAMC,mBAAmB,MAAMjB,mBAAAA,EAAAA;;AAG/B,gBAAA,IAAIiB,iBAAiBC,kBAAkB,IAAI,CAACJ,IAAAA,CAAKK,SAAS,EAAE;oBAC1D,OAAO;wBAAEH,KAAO,EAAA;;AACjB;;gBAGD,IAAIF,IAAAA,CAAKM,OAAO,EAAE;oBAChB,OAAO;wBAAEJ,KAAO,EAAA;;AACjB;;gBAGD,MAAMK,WAAAA,GAAc,MAAMC,OAAQC,CAAAA,OAAO,CAACT,IAAKU,CAAAA,IAAI,CAACb,EAAE,CAAA,CACnDc,IAAI,CAAC3B,UAAAA,CAAW,cAAc4B,mBAAmB,CAAA,CACjDD,IAAI,CAACnC,GAAAA,CAAIQ,UAAW,CAAA,YAAA,CAAA,CAAc6B,sBAAsB,CAAA,CAAA;;gBAG3D,MAAMC,OAAAA,GAAU,MAAM3B,MAAAA,CAAO4B,UAAU,CAACR,WAAW,CAACS,MAAM,CAACC,eAAe,CAACV,WAAAA,CAAAA;gBAE3Eb,GAAIwB,CAAAA,KAAK,CAAClB,IAAI,GAAGA,IAAAA;gBAEjB,OAAO;oBACLD,aAAe,EAAA,IAAA;oBACfoB,WAAanB,EAAAA,IAAAA;AACbc,oBAAAA;AACR,iBAAA;AACK;YAED,MAAMM,iBAAAA,GAAoB,MAAMpC,UAAAA,CAAW,YACxCqC,CAAAA,CAAAA,qBAAqB,EACrBV,CAAAA,IAAI,CAACnC,GAAAA,CAAIQ,UAAW,CAAA,YAAA,CAAA,CAAc6B,sBAAsB,CAAA,CAAA;YAE3D,IAAIO,iBAAAA,CAAkBE,MAAM,KAAK,CAAG,EAAA;gBAClC,OAAO;oBAAEvB,aAAe,EAAA;;AACzB;YAED,MAAMe,OAAAA,GAAU,MAAM3B,MAAAA,CAAO4B,UAAU,CAACR,WAAW,CAACS,MAAM,CAACC,eAAe,CAACG,iBAAAA,CAAAA;YAE3E,OAAO;gBACLrB,aAAe,EAAA,IAAA;gBACfoB,WAAa,EAAA,IAAA;AACbL,gBAAAA;AACN,aAAA;AACG,SAAA,CAAC,OAAOS,GAAK,EAAA;YACZ,OAAO;gBAAExB,aAAe,EAAA;;AACzB;AACH,KAAA;IAEA,MAAMyB,MAAAA,GAAS,OAAOC,IAAMC,EAAAA,MAAAA,GAAAA;AAC1B,QAAA,MAAM,EAAEP,WAAanB,EAAAA,IAAI,EAAEc,OAAO,EAAE,GAAGW,IAAAA;QAEvC,IAAI,CAACC,MAAOC,CAAAA,KAAK,EAAE;AACjB,YAAA,IAAI,CAAC3B,IAAM,EAAA;;AAET,gBAAA,MAAM,IAAInB,iBAAAA,EAAAA;aACL,MAAA;;AAEL,gBAAA;AACD;AACF;;AAGD,QAAA,IAAI,CAACiC,OAAS,EAAA;AACZ,YAAA,MAAM,IAAIjC,iBAAAA,EAAAA;AACX;QAED,MAAM+C,SAAAA,GAAYlD;AAEhBH,QAAAA,SAAAA;AAEAE,QAAAA,KAAAA,CAAM,CAACkD,KAAUb,GAAAA,OAAAA,CAAQe,GAAG,CAACF,KAAAA,CAAAA,CAAAA,CAAAA,CAC7BD,OAAOC,KAAK,CAAA;AAEd,QAAA,IAAI,CAACC,SAAW,EAAA;AACd,YAAA,MAAM,IAAIhD,cAAAA,EAAAA;AACX;AACH,KAAA;IAEAkD,gBAAiB,GAAA;QACfxC,IAAM,EAAA,mBAAA;AACNG,QAAAA,YAAAA;AACA+B,QAAAA;AACF,KAAA;;;;;;"}