AuthenticationService v0.3.0+7-g8a7f190
Public Member Functions | List of all members
Joutsen.AuthenticationService.v2.UserController Class Reference

A controller that manages users authenticated by the service. More...

Public Member Functions

 UserController (UserRepository userRepository, ApplicationRepository applicationRepository, RoleRepository roleRepository, AuthenticationConfiguration config, Authenticator authenticator, Logger logger)
 Creates a new instance of the controller. More...
 
ActionResult Add ([Required] NewUser requestBody)
 Creates a new user. More...
 
ActionResult Update ([Required] UserModification requestBody)
 Modifies a user. More...
 
ActionResult ChangePassword ([Required] PasswordChange requestBody)
 Changes a users password. More...
 
ActionResult ResetPassword ([Required] String username)
 Changes a users password. More...
 
ActionResult Delete ([Required] String username)
 Removes a user. More...
 
ActionResult List (String applicationName=null, String applicationKey=null, String role=null, int pageNumber=0, int numberOfResults=int.MaxValue)
 Fetches a list of users managed by the service. More...
 
ActionResult Activate ([Required] ActivationToken requestBody)
 Activates a user with a token and initial password. More...
 
ActionResult RenewActivationToken ([Required] NewUser requestBody)
 Generates a new activation token for a user and application. More...
 

Detailed Description

A controller that manages users authenticated by the service.

Remarks
Access to this controller is restricted to the administrator of the service and the administrators of the individual application.
Since
0.2.0

Constructor & Destructor Documentation

◆ UserController()

Joutsen.AuthenticationService.v2.UserController.UserController ( UserRepository  userRepository,
ApplicationRepository  applicationRepository,
RoleRepository  roleRepository,
AuthenticationConfiguration  config,
Authenticator  authenticator,
Logger  logger 
)

Creates a new instance of the controller.

Member Function Documentation

◆ Activate()

ActionResult Joutsen.AuthenticationService.v2.UserController.Activate ( [Required] ActivationToken  requestBody)

Activates a user with a token and initial password.

Parameters
requestBodythe model for the request body containing the activation token and initial password of the user
Returns
HTTP 401 Unauthorized if the token is not a valid activation token or if the user is not inactive or does not have the activation role, HTTP 200 if the user was successfully activated

◆ Add()

ActionResult Joutsen.AuthenticationService.v2.UserController.Add ( [Required] NewUser  requestBody)

Creates a new user.

Parameters
requestBodythe model for the request body containing the name of the new user and optionally an application
Returns
HTTP 409 Conflict if a user with the provided name already exists, HTTP 404 No Found if the user should be added to an application that cannot be identified, HTTP 401 Unauthorized if the the user creating the new user is not an administartor of the service or not hte administrator of the application the user is created for. HTTP 200 if the user was successfully added. The body contains the activation token if the user was added for an application.
Remarks
This method only creates inactive users. Users need to be activated by either by the system administrator or by using the activation token returned by this method. Because activation tokens require the user to be assigned to at least one application tokens are only returned if they are created for an application. Users created without an application need to be activated by the system administrator using the "Update" endpoint and cannot be activated by Application administrators.

◆ ChangePassword()

ActionResult Joutsen.AuthenticationService.v2.UserController.ChangePassword ( [Required] PasswordChange  requestBody)

Changes a users password.

Parameters
requestBodythe model for the request body containing the old and new password of a user for the user
Returns
HTTP 401 Unauthorized if the user is not authorized to change the password HTTP 200 if the password was changed
Remarks
This method only allows users to change their account or a service administrator to apply changes. Application administrators are not allowed to change users because these changes affect all applications.

◆ Delete()

ActionResult Joutsen.AuthenticationService.v2.UserController.Delete ( [Required] String  username)

Removes a user.

Parameters
usernamethe name of the user to remove
Returns
HTTP 404 Not Found if the user cannot be identified, HTTP 200 OK if the user was successfully removed.

◆ List()

ActionResult Joutsen.AuthenticationService.v2.UserController.List ( String  applicationName = null,
String  applicationKey = null,
String  role = null,
int  pageNumber = 0,
int  numberOfResults = int.MaxValue 
)

Fetches a list of users managed by the service.

Parameters
applicationNamethe name of the application for which to fetch the users
applicationKeythe hash key of the application for which to fetch the users
rolethe name of the role the returned users need to have
pageNumberthe zero based page number to fetch
numberOfResultsthe maximum number of results to fetch
Returns
HTTP 404 NotFound if the application could not be identified, HTTP 401 Unauthorized if a user is trying to fetch the users who is not a service administrator or does not have the Neighbour or administrator role for the requested application
Remarks
This method allows a service administrator to fetch all users of the servie while an application administrator is limited to the users of its application. Users with the special role Neighbour are also allowed to fetch the users of the requested application. This allows applications to use user lists for e.g. sharing or communication.

◆ RenewActivationToken()

ActionResult Joutsen.AuthenticationService.v2.UserController.RenewActivationToken ( [Required] NewUser  requestBody)

Generates a new activation token for a user and application.

Parameters
requestBodythe model for the request body containing the username and application
Returns
HTTP 401 Unauthorized if the user is not an admin HTTP 404 NotFound if the user or the application HTTP 200 and the new token in the body if the token could be renewed

◆ ResetPassword()

ActionResult Joutsen.AuthenticationService.v2.UserController.ResetPassword ( [Required] String  username)

Changes a users password.

Parameters
requestBodythe model for the request body containing the old and new password of a user for the user
Returns
HTTP 404 Not Found if the the user cannot be identified, HTTP 401 Unauthorized if the user is not authorized to change the password HTTP 200 if the password was changed
Remarks
This method only allows users to change their account or a service administrator to apply changes. Application administrators are not allowed to change users because these changes affect all applications.

◆ Update()

ActionResult Joutsen.AuthenticationService.v2.UserController.Update ( [Required] UserModification  requestBody)

Modifies a user.

Parameters
requestBodythe model for the request body containing the changes for the user
Returns
HTTP 404 Not Found if the the user cannot be identified, HTTP 409 Conflict if the new username is already in use, HTTP 401 Unauthorized if the change is not attempted by the user itself or a service administrator
Remarks
This method only allows users to change their account or a service administrator to apply changes. Application administrators are not allowed to change users because these changes affect all applications.
Generated by doxygen 1.9.4