1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
//! API context: `user`.
//!
//! This API context is responsible for handling:
//!
//! - User registration
//! - User authentication
//! - User ban
//!
//! For more information about the API authentication, refer to the [`auth`](crate::web::api::server::v1::auth)
//! module.
//!
//! # Endpoints
//!
//! Registration:
//!
//! - [Registration](#registration)
//! - [Email verification](#email-verification)
//!
//! Authentication:
//!
//! - [Login](#login)
//! - [Token verification](#token-verification)
//! - [Token renewal](#token-renewal)
//!
//! User ban:
//!
//! - [Ban a user](#ban-a-user)
//!
//! # Registration
//!
//! `POST /v1/user/register`
//!
//! It registers a new user.
//!
//! **Post parameters**
//!
//! Name | Type | Description | Required | Example
//! ---|---|---|---|---
//! `username` | `String` | The username | Yes | `indexadmin`
//! `email` | `Option<String>` | The user's email | No | `indexadmin@torrust.com`
//! `password` | `String` | The password | Yes | `BenoitMandelbrot1924`
//! `confirm_password` | `String` | Same password again | Yes | `BenoitMandelbrot1924`
//!
//! **NOTICE**: Email could be optional, depending on the configuration.
//!
//! ```toml
//! [auth]
//! user_claim_token_pepper = "MaxVerstappenWC2021"
//! ```
//!
//! Refer to the [`RegistrationForm`](crate::web::api::server::v1::contexts::user::forms::RegistrationForm)
//! struct for more information about the registration form.
//!
//! **Example request**
//!
//! ```bash
//! curl \
//! --header "Content-Type: application/json" \
//! --request POST \
//! --data '{"username":"indexadmin","email":"indexadmin@torrust.com","password":"BenoitMandelbrot1924","confirm_password":"BenoitMandelbrot1924"}' \
//! http://127.0.0.1:3001/v1/user/register
//! ```
//!
//! For more information about the registration process, refer to the [`auth`](crate::web::api::server::v1::auth)
//! module.
//!
//! # Email verification
//!
//! `GET /v1/user/email/verify/{token}`
//!
//! If email on signup is enabled, the user will receive an email with a
//! verification link. The link will contain a token that can be used to verify
//! the email address.
//!
//! This endpoint will verify the email address and update the user's email
//! verification status. It also shows an text page with the result of the
//! verification.
//!
//! **Example response** `200`
//!
//! ```text
//! Email verified, you can close this page.
//! ```
//!
//! # Login
//!
//! `POST /v1/user/login`
//!
//! It logs in a user.
//!
//! **Post parameters**
//!
//! Name | Type | Description | Required | Example
//! ---|---|---|---|---
//! `login` | `String` | The password | Yes | `indexadmin`
//! `password` | `String` | The password | Yes | `BenoitMandelbrot1924`
//!
//! Refer to the [`LoginForm`](crate::web::api::server::v1::contexts::user::forms::LoginForm)
//! struct for more information about the login form.
//!
//! **Example request**
//!
//! ```bash
//! curl \
//! --header "Content-Type: application/json" \
//! --request POST \
//! --data '{"login":"indexadmin","password":"BenoitMandelbrot1924"}' \
//! http://127.0.0.1:3001/v1/user/login
//! ```
//!
//! For more information about the login process, refer to the [`auth`](crate::web::api::server::v1::auth)
//! module.
//!
//! # Token verification
//!
//! `POST /v1/user/token/verify`
//!
//! It logs in a user.
//!
//! **Post parameters**
//!
//! Name | Type | Description | Required | Example
//! ---|---|---|---|---
//! `token` | `String` | The token you want to verify | Yes | `eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJfaWQiOjEsInVzZXJuYW1lIjoiaW5kZXhhZG1pbiIsImFkbWluaXN0cmF0b3IiOnRydWV9LCJleHAiOjE2ODYyMTU3ODh9.4k8ty27DiWwOk4WVcYEhIrAndhpXMRWnLZ3i_HlJnvI`
//!
//! Refer to the [`JsonWebToken`](crate::web::api::server::v1::contexts::user::forms::JsonWebToken)
//! struct for more information about the token.
//!
//! **Example request**
//!
//! ```bash
//! curl \
//! --header "Content-Type: application/json" \
//! --request POST \
//! --data '{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJfaWQiOjEsInVzZXJuYW1lIjoiaW5kZXhhZG1pbiIsImFkbWluaXN0cmF0b3IiOnRydWV9LCJleHAiOjE2ODYyMTU3ODh9.4k8ty27DiWwOk4WVcYEhIrAndhpXMRWnLZ3i_HlJnvI"}' \
//! http://127.0.0.1:3001/v1/user/token/verify
//! ```
//!
//! **Example response** `200`
//!
//! For a valid token:
//!
//! ```json
//! {
//! "data":"Token is valid."
//! }
//! ```
//!
//! And for an invalid token:
//!
//! ```json
//! {
//! "data":"Token invalid."
//! }
//! ```
//!
//! # Token renewal
//!
//! `POST /v1/user/token/verify`
//!
//! It renew a user's token.
//!
//! The token must be valid and not expired. And it's only renewed if it is
//! valid for less than one week.
//!
//! **Post parameters**
//!
//! Name | Type | Description | Required | Example
//! ---|---|---|---|---
//! `token` | `String` | The current valid token | Yes | `eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJfaWQiOjEsInVzZXJuYW1lIjoiaW5kZXhhZG1pbiIsImFkbWluaXN0cmF0b3IiOnRydWV9LCJleHAiOjE2ODYyMTU3ODh9.4k8ty27DiWwOk4WVcYEhIrAndhpXMRWnLZ3i_HlJnvI`
//!
//! Refer to the [`JsonWebToken`](crate::web::api::server::v1::contexts::user::forms::JsonWebToken)
//! struct for more information about the token.
//!
//! **Example request**
//!
//! ```bash
//! curl \
//! --header "Content-Type: application/json" \
//! --request POST \
//! --data '{"token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJfaWQiOjEsInVzZXJuYW1lIjoiaW5kZXhhZG1pbiIsImFkbWluaXN0cmF0b3IiOnRydWV9LCJleHAiOjE2ODYyMTU3ODh9.4k8ty27DiWwOk4WVcYEhIrAndhpXMRWnLZ3i_HlJnvI"}' \
//! http://127.0.0.1:3001/v1/user/token/renew
//! ```
//!
//! **Example response** `200`
//!
//! If you try to renew a token that is still valid for more than one week:
//!
//! ```json
//! {
//! "data": {
//! "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJfaWQiOjEsInVzZXJuYW1lIjoiaW5kZXhhZG1pbiIsImFkbWluaXN0cmF0b3IiOnRydWV9LCJleHAiOjE2ODYyMTU3ODh9.4k8ty27DiWwOk4WVcYEhIrAndhpXMRWnLZ3i_HlJnvI",
//! "username": "indexadmin",
//! "admin": true
//! }
//! }
//! ```
//!
//! You will get the same token. If a new token is generated, the response will
//! be the same but with the new token.
//!
//! **WARNING**: The token is associated to the user's role. The application does not support
//! changing the role of a user. If you change the user's role manually in the
//! database, the token will still be valid but with the same role. That should
//! only be done for testing purposes.
//!
//! # Ban a user
//!
//! `DELETE /v1/user/ban/{user}`
//!
//! It add a user to the banned user list.
//!
//! Only admin can ban other users.
//!
//! **Path parameters**
//!
//! Name | Type | Description | Required | Example
//! ---|---|---|---|---
//! `user` | `String` | username | Yes | `indexadmin`
//!
//! **Example request**
//!
//! ```bash
//! curl \
//! --header "Content-Type: application/json" \
//! --header "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjp7InVzZXJfaWQiOjEsInVzZXJuYW1lIjoiaW5kZXhhZG1pbiIsImFkbWluaXN0cmF0b3IiOnRydWV9LCJleHAiOjE2ODYyMTU3ODh9.4k8ty27DiWwOk4WVcYEhIrAndhpXMRWnLZ3i_HlJnvI" \
//! --request DELETE \
//! http://127.0.0.1:3001/v1/user/ban/indexadmin
//! ```
//!
//! **Example response** `200`
//!
//! If you try to renew a token that is still valid for more than one week:
//!
//! ```json
//! {
//! "data": "Banned user: indexadmin"
//! }
//! ```
//!
//! **WARNING**: The admin can ban themselves. If they do, they will not be able
//! to unban themselves. The only way to unban themselves is to manually remove
//! the user from the banned user list in the database.