backend/extensions/users-permissions/controllers/User.js (view raw)
1const {removeUndefined, sanitizeEntity} = require('strapi-utils');
2
3module.exports = {
4 /**
5 * Update authenticated user.
6 *
7 * @return {Object}
8 */
9 updateMe: async ctx => {
10 const user = ctx.state.user;
11
12 if (!user) {
13 return ctx.badRequest(null, [
14 {messages: [{id: 'No authorization header was found'}]},
15 ]);
16 }
17
18 const body = ctx.request.body.input || ctx.request.body;
19 const {
20 username,
21 email,
22 password,
23 old_password,
24 firstName,
25 lastName,
26 onboardingUser,
27 onboardingCreator,
28 lang,
29 events,
30 } = body;
31
32 if (password) {
33 const validPassword = await strapi.plugins[
34 'users-permissions'
35 ].services.user.validatePassword(old_password, user.password);
36 if (!validPassword) throw new Error('Auth.form.error.password.matching');
37 delete ctx.request.body.old_password;
38 }
39
40 const currentUser = await strapi.plugins[
41 'users-permissions'
42 ].services.user.fetch({id: user.id});
43
44 const updatedEvents = events
45 ? [...currentUser.events, ...events]
46 : currentUser.events;
47
48 const data = await strapi.plugins['users-permissions'].services.user.edit(
49 {id: user.id},
50 removeUndefined({
51 username,
52 email,
53 password,
54 firstName,
55 lastName,
56 onboardingUser,
57 onboardingCreator,
58 lang,
59 events: updatedEvents,
60 })
61 );
62
63 ctx.send({user: data});
64 },
65
66 /**
67 * Retrieve authenticated user.
68 * @return {Object}
69 */
70 async me(ctx) {
71 if (!ctx.state.user) throw new Error('no_user');
72
73 const {id} = ctx.state.user;
74 const user = await strapi.plugins['users-permissions'].services.user.fetch({
75 id,
76 });
77
78 if (!user) {
79 return ctx.badRequest(null, [
80 {messages: [{id: 'No authorization header was found'}]},
81 ]);
82 }
83
84 const data = sanitizeEntity(user, {
85 model: strapi.query('user', 'users-permissions').model,
86 });
87 ctx.send({...ctx.state.user, profile: data});
88 },
89};