Skip to content
Niko Hernesniemi edited this page Nov 26, 2020 · 17 revisions

Endpoint starts with: /api/user

Provides access to login and register.

POST /api/user/login

This endpoint lets user login.
Request body should contain JSON:

    {
        username: String,
        password: String
    }

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains User object:

    {
        token: String,
        id: String,
        username: String,
        admin: Boolean,
        email: String,
        studentNumber: String,
        classGroup: String
    }

Errors

400 Bad Request with error message "Invalid username or password": if given username and password combination does not exist.

POST /api/user/register

This endpoint lets user register.
Request body should contain JSON with atleast fields username, password and email, but can also contain studentNumber and classGroup:

    {
        username: String,
        password: String,
        email: String
    }
    {
        username: String,
        password: String,
        email: String
        studentNumber: String,
        classGroup: String
    }

Response

Header Value
Content-Type application/json
Status Code 200 OK

Errors

400 Bad Request: with error messages: "Käyttäjänimen tulee olla uniikki.": if given username of the new user is not unique.\
400 Bad Request: with error messages: "Käyttäjänimen tulee olla enintään 100 merkkiä pitkä.", if given field username is more than 100 characters long.
400 Bad Request: with error messages: "Käyttäjänimi on pakollinen.", if given field username is empty.
400 Bad Request: with error messages: "Salasana on pakollinen.", if given field password is empty.
400 Bad Request: with error messages: "Salasanan täytyy olla vähintään 10 merkkiä pitkä.", if given field password is less than 10 characters long.
400 Bad Request: with error messages: "Salasanan täytyy olla enintään 100 merkkiä pitkä.", if given field password is more than 100 characters long.
400 Bad Request: with error messages: "Salasana on liian heikko. Paranna salasanasi turvallisuutta.", if given field password is too weak. The weakness of the password is determined by dropbox/zxcvbn. Error occures when score of the password is lower than two.
400 Bad Request: with error messages: "Salasana ei voi olla sama kuin muut syötetyt kentät.", if given field password is same as any of the other fields.
400 Bad Request: with error messages: "Vuosikurssin tule alkaa merkeillä 'C-' ja loppua lukuun.", if given field classGroup does not start with 'C-' and end with number.
400 Bad Request: with error messages: "Sähköpostiosoite on pakollinen.", if given field email is empty.
400 Bad Request: with error messages: "Sähköpostiosoite on virheellinen.", if given field email is not valid email address.
400 Bad Request: with error messages: "Opiskelijanumeron tulee olla luku.", if given field studentNumber is not number.

GET /api/user

This endpoint return a list of users excluding one fetching them.

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains array of User objects:

    [{
        username: String,
        admin: Boolean,
        email: String
        studentNumber: String,
        classGroup: String
    }]

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.

DELETE /api/user/:id

This endpoint lets teacher (admin role) or user itself to remove User object and retuns a empty body.

Response

Header Value
Content-Type application/json
Status Code 204 OK

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.

PUT /api/user/:id/promote

This endpoint lets teacher (admin role) to promote user to admin and retuns promoted User object.

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains User object:

    {
        username: String,
        admin: Boolean,
        email: String
        studentNumber: String,
        classGroup: String
    }

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.
400 Bad Request: with error message: "Annettua käyttäjää ei löydy tietokannasta." if promoted user does not exist.

PUT /api/user/:id/demote

This endpoint lets teacher (admin role) to demote admin to user and retuns demoted User object.

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains User object:

    {
        username: String,
        admin: Boolean,
        email: String
        studentNumber: String,
        classGroup: String
    }

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.
400 Bad Request: with error message: "Annettua käyttäjää ei löydy tietokannasta." if demoted user does not exist.

PUT /api/user

This endpoint lets user change his information Request body should contain JSON with atleast field password but can also contain newUsername, newPassword, newEmail, newStudentNumber and newClassGroup.

{
    password: String,
    newUsername: String,
    newPassword: String,
    newEmail: String,
    newStudentNumber: String,
    newClassGroup: String
}

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains User object:

{
    id: String,
    username: String,
    admin: Boolean,
    email: String,
    studentNumber: String,
    classGroup: String
}

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.
400 Bad Request: with error messages: "Käyttäjänimen tulee olla uniikki.": if given username of the new user is not unique.\
400 Bad Request: with error messages: "Käyttäjänimen tulee olla enintään 100 merkkiä pitkä.", if given field username is more than 100 characters long.
400 Bad Request: with error messages: "Käyttäjänimi on pakollinen.", if given field username is empty.
400 Bad Request: with error messages: "Salasana on pakollinen.", if given field password is empty.
400 Bad Request: with error messages: "Salasanan täytyy olla vähintään 10 merkkiä pitkä.", if given field password is less than 10 characters long.
400 Bad Request: with error messages: "Salasanan täytyy olla enintään 100 merkkiä pitkä.", if given field password is more than 100 characters long.
400 Bad Request: with error messages: "Salasana on liian heikko. Paranna salasanasi turvallisuutta.", if given field password is too weak. The weakness of the password is determined by dropbox/zxcvbn. Error occures when score of the password is lower than two.
400 Bad Request: with error messages: "Salasana ei voi olla sama kuin muut syötetyt kentät.", if given field password is same as any of the other fields.
400 Bad Request: with error messages: "Vuosikurssin tule alkaa merkeillä 'C-' ja loppua lukuun.", if given field classGroup does not start with 'C-' and end with number.
400 Bad Request: with error messages: "Sähköpostiosoite on pakollinen.", if given field email is empty.
400 Bad Request: with error messages: "Sähköpostiosoite on virheellinen.", if given field email is not valid email address.
400 Bad Request: with error messages: "Opiskelijanumeron tulee olla luku.", if given field studentNumber is not number.

POST /api/user/singleusepassword

This endpoint sends user a single use password as email.
Request body should contain JSON:

{
    username: String,
    email: String
}

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains success message:

{
    message: String
}

Errors

400 Bad request with error message "Sähköpostia ei voitu lähettää."
400 Bad request with error message "Käyttäjää ei löytynyt tai sähköposti on väärä."