Override user permission plugin and add custom logic strapi v4

Bibek_Gupta · March 25, 2022, 4:56pm

[details=“System Information”]

Strapi Version V4:
Operating System Linux:
Database postgresql:
Node Version 16.13.0:

file path → /src/extensions/users-permissions)/strapi-server.js

‘use strict’;

const _ = require(‘lodash’);
const jwt = require(‘jsonwebtoken’);
const utils = require(’@strapi/utils’);
const { sanitize } = utils;
const { ApplicationError, ValidationError } = utils.errors;

const emailRegExp =
/^(([^<>()[]\.,;:\s@"]+(.[^<>()[]\.,;:\s@"]+)*)|(".+"))@(([[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}])|(([a-zA-Z-0-9]+.)+[a-zA-Z]{2,}))$/;

const sanitizeUser = (user, ctx) => {
const { auth } = ctx.state;
const userSchema = strapi.getModel(‘plugin::users-permissions.user’);

return sanitize.contentAPI.output(user, userSchema, { auth });
};

// validation
const { yup, validateYupSchema } = require(’@strapi/utils’);
const registerBodySchema = yup.object().shape({
email: yup.string().email().required(),
password: yup.string().required(),
});

const validateRegisterBody = validateYupSchema(registerBodySchema);

const getService = (name) => {
return strapi.plugin(‘users-permissions’).service(name);
};

module.exports = (plugin) => {
// JWT issuer
const issue = (payload, jwtOptions = {}) => {
_.defaults(jwtOptions, strapi.config.get(‘plugin.users-permissions.jwt’));
return jwt.sign(
_.clone(payload.toJSON ? payload.toJSON() : payload),
strapi.config.get(‘plugin.users-permissions.jwtSecret’),
jwtOptions
);
};

// Register controller override
plugin.controllers.auth.register = async (ctx) => {
const pluginStore = await strapi.store({
type: ‘plugin’,
name: ‘users-permissions’,
});

const settings = await pluginStore.get({
  key: 'advanced',
});

if (!settings.allow_register) {
  throw new ApplicationError('Register action is currently disabled');
}

const params = {
  ..._.omit(ctx.request.body, [
    'confirmed',
    'confirmationToken',
    'resetPasswordToken',
  ]),
  provider: 'local',
};

await validateRegisterBody(params);

// Throw an error if the password selected by the user
// contains more than three times the symbol '$'.
if (getService('user').isHashed(params.password)) {
  throw new ValidationError(
    'Your password cannot contain more than three times the symbol `$`'
  );
}

const role = await strapi
  .query('plugin::users-permissions.role')
  .findOne({ where: { type: settings.default_role } });

if (!role) {
  throw new ApplicationError('Impossible to find the default role');
}
const isUsernameExist = (
  await strapi.db.query('plugin::users-permissions.user').findOne({
    where: {
      username: {
        $eq: params.username,
      },
    },
  })
)?.username;

if (isUsernameExist) {
  throw new ApplicationError('Username is already taken');
}
// Check if the provided email is valid or not.
const isEmail = emailRegExp.test(params.email);

if (isEmail) {
  params.email = params.email.toLowerCase();
} else {
  throw new ValidationError('Please provide a valid email address');
}

params.role = role.id;

const user = await strapi.query('plugin::users-permissions.user').findOne({
  where: { email: params.email },
});

if (user && user.provider === params.provider) {
  throw new ApplicationError('Email is already taken');
}

if (user && user.provider !== params.provider && settings.unique_email) {
  throw new ApplicationError('Email is already taken');
}

try {
  if (!settings.email_confirmation) {
    params.confirmed = true;
  }

  const user = await getService('user').add(params);
  /**

custom logic start

 Add here your custom logic you want during registration process

custom logic end
*/

  const sanitizedUser = await sanitizeUser(user, ctx);

  if (settings.email_confirmation) {
    try {
      await getService('user').sendConfirmationEmail(sanitizedUser);
    } catch (err) {
      throw new ApplicationError(err.message);
    }

    return ctx.send({ user: sanitizedUser });
  }

  const jwt = getService('jwt').issue(_.pick(user, ['id']));

  return ctx.send({
    jwt,
    user: sanitizedUser,
  });
} catch (err) {
  if (_.includes(err.message, 'username')) {
    throw new ApplicationError('Username already taken');
  } else if (_.includes(err.message, 'email')) {
    throw new ApplicationError('Email already taken');
  } else {
    strapi.log.error(err);
    throw new ApplicationError('An error occurred during account creation');
  }
}

};

plugin.routes[‘content-api’].routes.unshift({
method: ‘POST’,
path: ‘/auth/local/register’,
handler: ‘auth.register’,
config: {
middlewares: [‘plugin::users-permissions.rateLimit’],
prefix: ‘’,
},
});

return plugin;
};

Bibek_Gupta · March 25, 2022, 4:57pm

@bibekgupta3333 github
code grab over here

gist.github.com

https://gist.github.com/bibekgupta3333/7c4d4ec259045d7089c36b5ae0c4e763

strapi_v4_user_register_override.js

// src/extensions/users-permissions/strapi-server.js

'use strict';

const _ = require('lodash');
const jwt = require('jsonwebtoken');
const utils = require('@strapi/utils');

const { sanitize } = utils;
const { ApplicationError, ValidationError } = utils.errors;

This file has been truncated. show original

lindsayRae · February 3, 2024, 7:16pm

Can you give more information on this? I am trying to make the login and register API take a bearer token in the headers. Do you know how to do that?