You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your project Javascript or Typescript: Javascript
Describe the bug
When using the plugin users-permissions to update one the provided email templates we cannot use custom fields from the user schema.
Indeed we can see that the authorized keys only contain USER.email and USER.username.
Steps to reproduce the behavior
Go to Settings
Go to Email templates
Click on one of the email templates (Reset password or Email address confirmation)
Fill the Message field with <%= USER.firstName %> (or any other configured field in the User content type)
See error Invalid template
Expected behavior
Actually I guess this is the expected behavior but we may want to be able to use any field from user schema.
Mitigating the issue
We can override this behavior to be able to use any field from user schema.
Create a file ./src/extensions/users-permissions/overrides.js which is a copy of the original function where we use our custom email validation
'use strict';const_=require("lodash");// Addition : use our custom validationconst{ isValidEmailTemplate }=require("./email-template");module.exports={asyncupdateEmailTemplate(ctx){if(_.isEmpty(ctx.request.body)){thrownewValidationError('Request body cannot be empty');}constemailTemplates=ctx.request.body['email-templates'];for(constkeyofObject.keys(emailTemplates)){consttemplate=emailTemplates[key].options.message;if(!isValidEmailTemplate(template)){thrownewValidationError('Invalid template');}}awaitstrapi.store({type: 'plugin',name: 'users-permissions',key: 'email'}).set({value: emailTemplates});ctx.send({ok: true});}}
Create a file ./src/extensions/users-permissions/email-template.js which is a copy of the original rule where we change the authorizedKeys array
'use strict';const{ trim }=require('lodash/fp');const{template: { createLooseInterpolationRegExp, createStrictInterpolationRegExp },}=require('@strapi/utils');constinvalidPatternsRegexes=[// Ignore "evaluation" patterns: <% ... %>/<%[^=]([\s\S]*?)%>/m,// Ignore basic string interpolations/\${([^{}]*)}/m,];// Addition : get the user schemaconstuserSchema=strapi.getModel('plugin::users-permissions.user');constauthorizedKeys=['URL','ADMIN_URL','SERVER_URL','CODE','USER',// Addition : spread user attributes
...Object.entries(userSchema.attributes).map(([key,value])=>`USER.${key}`),'TOKEN',];constmatchAll=(pattern,src)=>{constmatches=[];letmatch;constregexPatternWithGlobal=RegExp(pattern,'g');// eslint-disable-next-line no-cond-assignwhile((match=regexPatternWithGlobal.exec(src))){const[,group]=match;matches.push(trim(group));}returnmatches;};constisValidEmailTemplate=(template)=>{// Check for known invalid patternsfor(constregofinvalidPatternsRegexes){if(reg.test(template)){returnfalse;}}constinterpolation={// Strict interpolation pattern to match only valid groupsstrict: createStrictInterpolationRegExp(authorizedKeys),// Weak interpolation pattern to match as many group as possible.loose: createLooseInterpolationRegExp(),};// Compute both strict & loose matchesconststrictMatches=matchAll(interpolation.strict,template);constlooseMatches=matchAll(interpolation.loose,template);// If we have more matches with the loose RegExp than with the strict one,// then it means that at least one of the interpolation group is invalid// Note: In the future, if we wanted to give more details for error formatting// purposes, we could return the difference between the two arraysif(looseMatches.length>strictMatches.length){returnfalse;}returntrue;};module.exports={
isValidEmailTemplate,};
Now we can override the controller function in ./src/index.js
'use strict';module.exports={/** * An asynchronous register function that runs before * your application is initialized. * * This gives you an opportunity to extend code. */register({ strapi }){strapi.controllers['plugin::users-permissions.settings'].updateEmailTemplate=require('./extensions/users-permissions/overrides').updateEmailTemplate;},/** * An asynchronous bootstrap function that runs before * your application gets started. * * This gives you an opportunity to set up your data model, * run jobs, or perform some special logic. */bootstrap(/*{ strapi }*/){},};
The text was updated successfully, but these errors were encountered:
First thank you for reporting this feature need.
To manage feature requests and the Strapi roadmap, we are using Canny.
You will be able to access the Public Roadmap here: https://feedback.strapi.io.
In your message, please mention the URL of this thread in case some messages are posted there. But the most important is to have your feedback posted on our feedback/roadmap site.
The product team is reading EVERY comment, that really helps us to develop the project in the right direction. We are keeping all feature requests and project insights in one place, our feedback website.
In order to keep our GitHub issues clean and for valid bug reports this issue will be marked as closed, but please feel free to continue the discussion with other community members here.
Bug report
Required System information
Describe the bug
When using the plugin
users-permissions
to update one the provided email templates we cannot use custom fields from the user schema.Indeed we can see that the authorized keys only contain
USER.email
andUSER.username
.Steps to reproduce the behavior
Settings
Email templates
Message
field with<%= USER.firstName %>
(or any other configured field in the User content type)Invalid template
Expected behavior
Actually I guess this is the expected behavior but we may want to be able to use any field from user schema.
Mitigating the issue
We can override this behavior to be able to use any field from user schema.
Create a file
./src/extensions/users-permissions/overrides.js
which is a copy of the original function where we use our custom email validationCreate a file
./src/extensions/users-permissions/email-template.js
which is a copy of the original rule where we change theauthorizedKeys
arrayNow we can override the controller function in
./src/index.js
The text was updated successfully, but these errors were encountered: