Password recovery requests (pwd_reset_requests)
Overview
Manages user self-registrations.
Two-stage algorithm:
-
1. POST-a request from an unauthorized user to send an email with an email address confirmation link.
-
1.1. Check if 'domain', 'login', 'name', 'email' fields are present in JSON body of request. Domain from the list of those allowing self-registration (defaults.json, Settings fields) 'self_register_*').
-
1.2. Checks the correctness of the specified values, checks uniqueness if necessary.
-
1.3. Create an entity system/SelfRegisterRequests with a lifetime limit of 1 day.
-
1.4. Send an email to the user’s mail with a link containing the UUID of the registration request. The link leads to the system web application /app-root, but it contains an identifier that can be applied to a direct API request call PATCH.
-
-
2. PATCH-request for email confirmation and password assignment.
-
2.1. Check if the 'pwd' field is present in the JSON body of the request.
-
2.2. Checking the relevance of the invitation based on the identifier passed to the URL.
-
2.3. Send a request to create a user account in MDC and check the password complexity policy.
-
2.4. If successful, deletion of the entity system/SelfRegisterRequests.
-
The created user account is generated by combining the template (domain setting 'self_register_template') and the values set during self-registration: 'name', 'login', 'pwd', 'opts.email'. The identifier is generated randomly. It is set to 'true' field 'opts.self_registered'.
To successfully send emails, you must configure mail server profile, mail server account, and set it to 'isSystem'.
Requests
| HTTP verb | Endpoint | Description |
|---|---|---|
|
|
|
|
|
Sending an invitation
Step 1/2 of the two-step self-registration algorithm.
Creates a blank user account and sends an email to confirm the email address.
Executed by an unauthorized user.
Only an existing domain that allows self-registration can be specified as a domain (setting the 'self_register_allowed').
Querying is allowed no more than once every 2 minutes from the same IP address.
Request
POST /rest/v1/iam/self_register_requests HTTP/1.1
Content-Type: application/json; charset=utf-8
{
"domain": "pbx.era-platform.ru",
"login": "my_login",
"name": "My Name",
"email": "my.address@yandex.ru",
}Response
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"error_code": 0,
"result": true,
"result_msg": "Check your email box for confirmation URL"
}HTTP/1.1 412 Precondition failed
Content-Type: application/json; charset=utf-8
{
"error_code": 1501,
"error_message": "login already exists",
"error_details":{
"field": "login"
}
}Confirming the mailbox and setting a password
Step 2/2 of the two-step self-registration algorithm.
Request
PATCH /rest/v1/iam/self_register_requests/19738eb3-0183-b148-9420-7cd30a921f58 HTTP/1.1
Content-Type: application/json; charset=utf-8
{
"pwd": "ew!hIb3V"
}Response
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
{
"error_code": 0,
"result": true,
"result_msg": "Now login with new password",
"user":{
"domain": "pbx.era-platform.ru",
"login": "mylogin"
}
}HTTP/1.1 412 Precondition failed
Content-Type: application/json; charset=utf-8
{
"error_code": 1501,
"error_message": "pwd contains invalid symbols. Expected: A-Za-z0-9_-.~!",
"error_details":{
"field": "pwd"
}
}