You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@syncope.apache.org by John Peter <sy...@gmail.com> on 2016/10/07 12:08:27 UTC

End-user Password REST api

Does end-user require any setting to perform below requests. I always get
"HTTP Status 401 - User not authenticated".

POST
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/changePassword>
/users/self/changePassword
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/changePassword>
POST
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/confirmPasswordReset>
 /users/self/confirmPasswordReset
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/confirmPasswordReset>
POST
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/requestPasswordReset>
 /users/self/requestPasswordReset
<http://135.249.22.223:8080/syncope/swagger/#!/users%2Fself/requestPasswordReset>

Thanks.

Re: End-user Password REST api

Posted by John Peter <sy...@gmail.com>.

Thank you !! I would have a look at it.

Thanks.

On Fri, Oct 7, 2016 at 5:48 PM, Francesco Chicchiriccò <il...@apache.org>
wrote:

> On 07/10/2016 14:08, John Peter wrote:
>
> Does end-user require any setting to perform below requests. I always get
> "HTTP Status 401 - User not authenticated".
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
>  /users/self/changePassword
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
>
>
> This endpoint is only accessible by users which were flagged with
> 'MustChangePassword' (from the admin console, for example).
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
>  /users/self/confirmPasswordReset
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
>
>
> This is only accessible as anonymous (if you are resetting your password,
> then you should not be able to authenticate).
>
> POST
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
>  /users/self/requestPasswordReset
>
> <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
>
>
> This is only accessible as anonymous (if you want to reset your password,
> then you should not be able to authenticate).
>
>
> You can take a look at how dealing with such REST endpoints is supposed to
> work by taking a look at
>
> https://github.com/apache/syncope/blob/2_0_X/fit/core-
> reference/src/test/java/org/apache/syncope/fit/core/
> UserSelfITCase.java#L256
>
> for the password reset process and
>
> https://github.com/apache/syncope/blob/2_0_X/fit/core-
> reference/src/test/java/org/apache/syncope/fit/core/
> UserSelfITCase.java#L358
>
> for handling 'MustChangePassword'.
>
> If you are instead only trying to understand how an user can update his
> own password, then the REST endpoint is
>
> PATCH /users/self
>
> or
>
> PUT /users/self
>
> depending on the payload.
>
> HTH
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellencehttp://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMailhttp://home.apache.org/~ilgrosso/
>
>

Re: End-user Password REST api

Posted by Francesco Chicchiriccò <il...@apache.org>.

On 07/10/2016 14:08, John Peter wrote:
> Does end-user require any setting to perform below requests. I always get
> "HTTP Status 401 - User not authenticated".
>
>
>       POST
>       <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
>       /users/self/changePassword
>       <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
>

This endpoint is only accessible by users which were flagged with 
'MustChangePassword' (from the admin console, for example).

>
>       POST
>       <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
>       /users/self/confirmPasswordReset
>       <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
>

This is only accessible as anonymous (if you are resetting your 
password, then you should not be able to authenticate).

>
>       POST
>       <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
>       /users/self/requestPasswordReset
>       <http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
>

This is only accessible as anonymous (if you want to reset your 
password, then you should not be able to authenticate).


You can take a look at how dealing with such REST endpoints is supposed 
to work by taking a look at

https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L256

for the password reset process and

https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L358

for handling 'MustChangePassword'.

If you are instead only trying to understand how an user can update his 
own password, then the REST endpoint is

PATCH /users/self

or

PUT /users/self

depending on the payload.

HTH
Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/