From 9ef6935446c82a8a137cc1f2e33175864670f415 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20FAMIBELLE-PRONZOLA?= <c.pronzola@tuta.io>
Date: Thu, 16 Apr 2026 21:40:18 +0400
Subject: [PATCH] fix: overload Strapi registration

---
 .../users-permissions/strapi-server.js        | 110 +++++++++++++-----
 1 file changed, 84 insertions(+), 26 deletions(-)

diff --git a/src/extensions/users-permissions/strapi-server.js b/src/extensions/users-permissions/strapi-server.js
index 6e746d6..0234d43 100644
--- a/src/extensions/users-permissions/strapi-server.js
+++ b/src/extensions/users-permissions/strapi-server.js
@@ -1,29 +1,87 @@
-module.exports = plugin => {
-  const sanitizeOutput = (user) => {
-    const {password, resetPasswordToken, confirmationToken, ...sanitizedUser} = user
-    return sanitizedUser;
+'use strict';
+
+const yup = require('yup');
+
+module.exports = (plugin) => {
+  /**
+   * Validation custom (équivalent Strapi)
+   */
+  const registerSchema = yup.object({
+    username: yup.string().required(),
+    email: yup.string().email().required(),
+    password: yup.string().min(6).required(),
+  });
+
+  const validateRegisterBody = async (data) => {
+    try {
+      return await registerSchema.validate(data, {
+        abortEarly: false,
+        stripUnknown: true,
+      });
+    } catch (err) {
+      const message = err.errors.join(', ');
+      throw new Error(message);
+    }
   };
-  
-  plugin.controllers.user.me = async (ctx) => {
-    if (!ctx.state.user) {
-      return ctx.unauthorized();
+
+  /**
+   * Override du controller register
+   */
+  plugin.controllers.auth.register = async (ctx) => {
+    const { body } = ctx.request;
+
+    // 🔒 1. Validation
+    let params;
+    try {
+      params = await validateRegisterBody(body);
+    } catch (err) {
+      return ctx.badRequest(err.message);
     }
 
-    const user = await strapi.entityService.findOne('plugin::users-permissions.user', ctx.state.user.id, {populate: {
-      paroles: {
-        filters: {
-          publishedAt: {
-            $eq: null
-          }
-        },
-        populate: {
-          artistes: true,
-          traductions: true
-        }
-      }
-    }})
-    
-    ctx.body = sanitizeOutput(user)
-  }
-  return plugin
-}
+    const { email, username, password } = params;
+
+    // 🔎 2. Vérifier si user existe déjà
+    const userService = strapi.service('plugin::users-permissions.user');
+
+    const existingUser = await userService.fetchAll({
+      filters: {
+        $or: [{ email }, { username }],
+      },
+    });
+
+    if (existingUser.length > 0) {
+      return ctx.badRequest('Email or Username already taken');
+    }
+
+    // ⚙️ 3. Récupérer rôle "authenticated"
+    const role = await strapi
+      .query('plugin::users-permissions.role')
+      .findOne({ where: { type: 'authenticated' } });
+
+    if (!role) {
+      return ctx.badRequest('Default role not found');
+    }
+
+    // 👤 4. Création user
+    const newUser = await userService.add({
+      username,
+      email,
+      password,
+      role: role.id,
+      confirmed: false,
+    });
+
+    // 🔑 5. Générer JWT
+    const jwtService = strapi.service('plugin::users-permissions.jwt');
+
+    const token = jwtService.issue({ id: newUser.id });
+
+    // 📤 6. Réponse
+    ctx.send({
+      jwt: token,
+      user: newUser,
+    });
+  };
+
+  return plugin;
+};
\ No newline at end of file