Skip to content

User

Jump to bottom
millakortelainen edited this page Nov 20, 2020 · 17 revisions

Endpoint starts with: /api/user

Provides access to login and register.

POST /api/user/login

This endpoint lets user login.
Request body should contain JSON:

    {
        username: String,
        password: String
    }

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains User object:

    {
        token: String,
        username: String
        admin: Boolean
    }

Errors

400 Bad Request with error message "Invalid username or password": if given username and password combination does not exist.

POST /api/user/register

This endpoint lets user register.
Request body should contain JSON with atleast fields username, password and email, but can also contain studentNumber and classGroup:

    {
        username: String,
        password: String,
        email: String
    }
    {
        username: String,
        password: String,
        email: String
        studentNumber: String,
        classGroup: String
    }

Response

Header Value
Content-Type application/json
Status Code 200 OK

Errors

400 Bad Request: with error messages: "Käyttäjänimen tulee olla uniikki.": if given username of the new user is not unique.\
400 Bad Request: with error messages: "Käyttäjänimen tulee olla enintään 100 merkkiä pitkä.", if given field username is more than 100 characters long.
400 Bad Request: with error messages: "Käyttäjänimi on pakollinen.", if given field username is empty.
400 Bad Request: with error messages: "Salasana on pakollinen.", if given field password is empty.
400 Bad Request: with error messages: "Salasanan täytyy olla vähintään 10 merkkiä pitkä.", if given field password is less than 10 characters long.
400 Bad Request: with error messages: "Salasanan täytyy olla enintään 100 merkkiä pitkä.", if given field password is more than 100 characters long.
400 Bad Request: with error messages: "Salasana on liian heikko. Paranna salasanasi turvallisuutta.", if given field password is too weak. The weakness of the password is determined by dropbox/zxcvbn. Error occures when score of the password is lower than two. 400 Bad Request: with error messages: "Salasana ei voi olla sama kuin muut syötetyt kentät.", if given field password is same as any of the other fields. 400 Bad Request: with error messages: "Vuosikurssin tule alkaa merkeillä 'C-' ja loppua lukuun.", if given field classGroup does not start with 'C-' and end with number.
400 Bad Request: with error messages: "Sähköpostiosoite on pakollinen.", if given field email is empty.
400 Bad Request: with error messages: "Sähköpostiosoite on virheellinen.", if given field email is not valid email address.
400 Bad Request: with error messages: "Opiskelijanumeron tulee olla luku.", if given field studentNumber is not number.

GET /api/user

This endpoint return a list of users excluding one fetching them.

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains array of User objects:

    [{
        username: String,
        admin: Boolean,
        email: String
        studentNumber: String,
        classGroup: String
    }]

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.

DELETE /api/user/:id

This endpoint lets teacher (admin role) or user itself to remove User object and retuns a empty body.

Response

Header Value
Content-Type application/json
Status Code 204 OK

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.

PUT /api/user/:id/promote

This endpoint lets teacher (admin role) to promote user to admin and retuns promoted User object.

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains User object:

    {
        username: String,
        admin: Boolean,
        email: String
        studentNumber: String,
        classGroup: String
    }

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.
400 Bad Request: with error message: "Annettua käyttäjää ei löydy tietokannasta." if promoted user does not exist.

PUT /api/user/:id/demote

This endpoint lets teacher (admin role) to demote admin to user and retuns demoted User object.

Response

Header Value
Content-Type application/json
Status Code 200 OK

Response body contains User object:

    {
        username: String,
        admin: Boolean,
        email: String
        studentNumber: String,
        classGroup: String
    }

Errors

401 Unauthorized: with error message: "token missing or invalid" if current user is unauthorized.
400 Bad Request: with error message: "Annettua käyttäjää ei löydy tietokannasta." if demoted user does not exist.

Clone this wiki locally