Commit b700a735 authored by Yadd's avatar Yadd
Browse files


parent 04d1bf0e
# Lemonldap::NG::Portal REST API
* protect some entry points by vhost access rules ?
Yes: the portal will be an
handler (will inherit from `Handler::PSGI::Router`) but instead of rejecting
unauthenticated users, it will call an other function tree _(**NB**: `undef`
means same name in Common::PSGI::Router)_:
## Accounts
# REST paths for authenticated users
$self->addRoute( 'menu.html' => undef, ['GET'] )
->addRoute( 'applications' => undef, ['GET'] ),
->addRoute( 'accounts' => { ':id' => 'account' }, ['GET','POST'] ),
->addRoute( 'accounts' => { '*' => 'accounts' }, ['GET','POST'] );
$self->defaultRoute( 'menu.html' );
# REST paths for unauthenticated users
$self->addUnauthRoute( 'auth.html', undef, ['GET'] )
->addUnauthRoute( 'auth' => 'authenticate', ['POST'] );
$self->defaultUnauthRoute( 'auth.html' );
* Create account: `/account`, attr: firstname, lastname, mail
* Validate account: `/account/validate`, attr: mail
* Show account: `/account/<@mail>`, attr: mail
* List accounts: `/account/all`
# Part of API protected by web server
$self->addUnauthRoute( 'sessions' => { ':sessionId' => 'session' }, ['GET', 'POST', 'PUT'] )
->addUnauthRoute( 'sessions' => { '*' => 'sessions', ['GET', 'POST'] );
## Authentication
* `/account`
* `/account/validate`
* `/account/`
* `/account/all`
### Authentication with web form
### Available verbs:
Depending on the request:
* case classic POST: `POST /auth`, datas : `user=xx&password=yy`, HTML
* case Ajax request: same but response is JSON (menu entries ?). The idea is
that a full Ajax portal could be written with some HTML fragment storable in
cache (like manager forms). So only a few Ajax requests will be sent through
the network
* `GET`: see above (show or list account)
* `POST /account`: creates a new account and send a confirmation mail to user
## Menu
Menu will be full Ajax:
* `GET /` will be an alias for `GET /menu.html`. This page will not be
protected but all Ajax request will be (and if session is invalid, redirection
to `/`
* `GET /applications` will return a JSON file containing available applications
for current user
## Sessions
## Passwords
* Session content: `GET /sessions/<sessionId>`
* New session: `POST /sessions`
* Update session: `PUT /sessions/<sessionId>` with fields to changes
## Accounts
* Initialize password change: `/changePassword/init`, attr: mail
* Change password: `/changePassword/validate`, attr: mail, newpassword, [random]
* Create account: `POST /accounts`, post datas: _\<attribute names with values>_
* Validate account: `GET /accounts/<whatToTrace-field>?validate`
* Show account: `GET /account/<whatToTrace-field>`
* List accounts: `GET /accounts`, returns list of _`whatToTrace`_ values
* `/changePassword/init`
* `/changePassword/validate`
* `POST /accounts`
* `GET /accounts/`
* `GET /accounts/`
* `GET /accounts`
### Passwords
* Initialize password change (sends a mail to user): `POST /accounts/<whatToTrace-field>?passwordInit`
* Finalize password change (sends a mail to user): `POST /accounts/<whatToTrace-field>?validatePassword`
* Force password change enve if not initialized (sends a mail to user):
`PUT /accounts/<whatToTrace-field>?validatePassword&force`, data: password=_newValue_
### Available verbs:
## Other
* `POST /changePassword/init`: initialize a password change (sends a mail to user)
* `POST /changePassword/validate`: finalize the password change (sends a mail to user)
* `POST /changePassword/validate?force=1`: do the password change even if not initialized (sends a mail to user)
* Ping (session already available): `GET or POST /?ping`, response `{result: true}`
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment