You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by John Peter <sy...@gmail.com> on 2016/10/07 12:08:27 UTC
End-user Password REST api
Does end-user require any setting to perform below requests. I always get
"HTTP Status 401 - User not authenticated".
POST
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/changePassword>
/users/self/changePassword
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/changePassword>
POST
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/confirmPasswordReset>
/users/self/confirmPasswordReset
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/confirmPasswordReset>
POST
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/requestPasswordReset>
/users/self/requestPasswordReset
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/requestPasswordReset>
Thanks.
Re: End-user Password REST api
Posted by John Peter <sy...@gmail.com>.
Thank you !! I would have a look at it.
Thanks.
On Fri, Oct 7, 2016 at 5:48 PM, Francesco Chicchiriccò <il...@apache.org>
wrote:
> On 07/10/2016 14:08, John Peter wrote:
>
> Does end-user require any setting to perform below requests. I always get
> "HTTP Status 401 - User not authenticated".
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
> /users/self/changePassword
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
>
>
> This endpoint is only accessible by users which were flagged with
> 'MustChangePassword' (from the admin console, for example).
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
> /users/self/confirmPasswordReset
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
>
>
> This is only accessible as anonymous (if you are resetting your password,
> then you should not be able to authenticate).
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
> /users/self/requestPasswordReset
>
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
>
>
> This is only accessible as anonymous (if you want to reset your password,
> then you should not be able to authenticate).
>
>
> You can take a look at how dealing with such REST endpoints is supposed to
> work by taking a look at
>
> https://github.com/apache/syncope/blob/2_0_X/fit/core-
> reference/src/test/java/org/apache/syncope/fit/core/
> UserSelfITCase.java#L256
>
> for the password reset process and
>
> https://github.com/apache/syncope/blob/2_0_X/fit/core-
> reference/src/test/java/org/apache/syncope/fit/core/
> UserSelfITCase.java#L358
>
> for handling 'MustChangePassword'.
>
> If you are instead only trying to understand how an user can update his
> own password, then the REST endpoint is
>
> PATCH /users/self
>
> or
>
> PUT /users/self
>
> depending on the payload.
>
> HTH
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellencehttp://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMailhttp://home.apache.org/~ilgrosso/
>
>
Re: End-user Password REST api
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 07/10/2016 14:08, John Peter wrote:
> Does end-user require any setting to perform below requests. I always get
> "HTTP Status 401 - User not authenticated".
>
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
> /users/self/changePassword
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
>
This endpoint is only accessible by users which were flagged with
'MustChangePassword' (from the admin console, for example).
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
> /users/self/confirmPasswordReset
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
>
This is only accessible as anonymous (if you are resetting your
password, then you should not be able to authenticate).
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
> /users/self/requestPasswordReset
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
>
This is only accessible as anonymous (if you want to reset your
password, then you should not be able to authenticate).
You can take a look at how dealing with such REST endpoints is supposed
to work by taking a look at
https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L256
for the password reset process and
https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L358
for handling 'MustChangePassword'.
If you are instead only trying to understand how an user can update his
own password, then the REST endpoint is
PATCH /users/self
or
PUT /users/self
depending on the payload.
HTH
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/