0.12.9 : fix send email validation

2025-11-30 20:51:56 +01:00
parent a928acb7d2
commit 7df45f5c1c
4 changed files with 244 additions and 4 deletions
--- a/src/extensions/users-permissions/strapi-server.ts
+++ b/src/extensions/users-permissions/strapi-server.ts
@@ -1,7 +1,75 @@
 "use strict";
 const lod = require("lodash");
+const utils = require("@strapi/utils");
+const { concat, compact, isArray, toNumber, getOr } = require("lodash/fp");
+const cryptoLib = require("crypto");
+const bcrypt = require("bcryptjs");
+
 module.exports = (plugin) => {
  const rawProviders = plugin.services.providers({ strapi });
+  const { ApplicationError, ValidationError, ForbiddenError } = utils.errors;
+  const USER_MODEL_UID = "plugin::users-permissions.user";
+
+  const sanitizeUser = (user, ctx) => {
+    const { auth } = ctx.state;
+    const userSchema = strapi.getModel("plugin::users-permissions.user");
+
+    return strapi.contentAPI.sanitize.output(user, userSchema, { auth });
+  };
+
+  const ensureHashedPasswords = async (values) => {
+    const attributes = strapi.getModel(USER_MODEL_UID).attributes;
+
+    for (const key in values) {
+      if (attributes[key] && attributes[key].type === "password") {
+        // Check if a custom encryption.rounds has been set on the password attribute
+        const rounds = toNumber(
+          getOr(10, "encryption.rounds", attributes[key])
+        );
+        values[key] = await bcrypt.hash(values[key], rounds);
+      }
+    }
+    values["confirmed"] = false;
+    return values;
+  };
+
+  const edit = async (userId, params = {}) => {
+    return strapi.db.query(USER_MODEL_UID).update({
+      where: { id: userId },
+      data: await ensureHashedPasswords(params),
+      populate: ["role"],
+    });
+  };
+
+  const sendConfirmationEmail = async (user) => {
+    // Génération du token de confirmation
+
+    const confirmationToken = cryptoLib.randomBytes(20).toString("hex");
+
+    await edit(user.id, { confirmationToken });
+    const confirmUrl = `${process.env.NEXTJS_URL}/confirmation/submit?confirmation=${confirmationToken}`;
+
+    // Récupération du template HTML défini dans plugins.ts
+    let html = strapi
+      .plugin("email")
+      .config("settings.templates.confirmation.html") as string;
+
+    // Remplacement des variables
+    html = html
+      .replace(/{{USER_NAME}}/g, user.username || user.email)
+      .replace(/{{CONFIRM_URL}}/g, confirmUrl)
+      .replace(/{{YEAR}}/g, new Date().getFullYear().toString());
+
+    // Envoi de l'e-mail
+    await strapi.plugin("email").service("email").send({
+      to: user.email,
+      subject: "Confirme ton adresse e-mail",
+      html,
+      from: "ChoralSync <admin@harmonychoral.com>",
+    });
+
+    return { ok: true };
+  };

  const getService = (name) => {
    return strapi.plugin("users-permissions").service(name);
@@ -47,9 +115,13 @@ module.exports = (plugin) => {
            where: { email },
          });

-        const advancedSettings = await strapi
+        const advancedSettings = (await strapi
          .store({ type: "plugin", name: "users-permissions", key: "advanced" })
-          .get();
+          .get()) as {
+          allow_register: boolean;
+          unique_email?: boolean;
+          default_role?: string;
+        };

        let user = lod.find(users, { provider });
        if (lod.isEmpty(user)) {
@@ -453,6 +525,8 @@ module.exports = (plugin) => {
        activityType: "user" as const,
      };

+      await sendConfirmationEmail(result);
+
      await strapi.entityService.update(
        "plugin::users-permissions.user",
        result.id,