Invitations to register (invites)

Table of Contents

Overview
Requests
- Sending an invitation
- Replacing a forgotten password (without authorization)
Error codes

Overview

Manages user registration invitations.

Two-stage algorithm:

1. POST-a request from an authorized domain administrator to send an email with a registration invitation link.
- 1.1. Checking if 'userid' field is present in JSON body of request. The domain is the same, where the admin is authorized.
- 1.2. Create an entity system/Invites with a lifetime limit of 3 days.
- 1.3. Send an email to the user’s mail with a link containing the UUID of the registration request. The link leads to the system web application /app-root, but it contains an identifier that can be applied to a direct API request call PATCH.
2. PATCH-password change request.
- 2.1. Check if the 'pwd' and optionally 'login' and 'name' field is present in the JSON body of the request.
- 2.2. Checking the relevance of the invitation based on the identifier passed to the URL.
- 2.3. Send password and optionally login and name change request to MDC and check the password complexity policy.
- 2.4. If successful, deletion of the entity system/Invites.

Service is performed by microservices mware, email, ws.

To successfully send emails, you must configure mail server profile, mail server account, and set it to 'isSystem'.

Requests

HTTP verb Endpoint Description

HTTP verb	Endpoint	Description
`POST`	`/rest/v1/iam/pwd_reset_requests`	Sending an invitation
`PATCH`	`/rest/v1/iam/pwd_reset_requests/<id>`	Replacing a forgotten password (without authorization)

POST

/rest/v1/iam/pwd_reset_requests

Sending an invitation

PATCH

/rest/v1/iam/pwd_reset_requests/<id>

Replacing a forgotten password (without authorization)

Sending an invitation

Executed by the domain administrator.

The invitation is allowed to be sent no more than once every 2 minutes for the same email address and from the same IP address.

Request

Request example

POST /rest/v1/iam/invites HTTP/1.1
Content-Type: application/json; charset=utf-8

{
  "userid": "12341234-1234-1234-1234-123412341234"
}

Response

Example of a successful response

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
  "error_code": 0,
  "result": true,
  "result_msg": "Email was ordered"
}

Example of an unsuccessful response

HTTP/1.1 412 Precondition failed
Content-Type: application/json; charset=utf-8

{
  "error_code": 1413,
  "error_message": "User not found."
}

Replacing a forgotten password (without authorization)

Step 2/2 of the two-step algorithm for recovering a forgotten password.

The login and name fields are optional and are not changed by default.

Request

Request example

PATCH /rest/v1/iam/invites/602c559c-0183-a834-ee7d-7cd30a921f58 HTTP/1.1
Content-Type: application/json; charset=utf-8

{
  "pwd": "ew!hIb3V",
  "login": "mylogin",
  "name": "My Name"
}

Response

Example of a successful response

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8

{
  "error_code": 0,
  "result": true,
  "result_msg": "Now login with new password",
  "user": {
    "domain": "pbx.era-platform.ru",
    "login": "mylogin"
  }
}

Example of an unsuccessful response

HTTP/1.1 412 Precondition failed
Content-Type: application/json; charset=utf-8

{
  "error_code": 1501,
  "error_message": "pwd contains invalid symbols. Expected: A-Za-z0-9_-.~!",
  "error_details":{
    "field": "pwd"
  }
}

Error codes

Description of the error message structure.

Possible message types (field 'error_details.msg_code'): 100xx, 101xx, 102xx, 151xx.