-
Notifications
You must be signed in to change notification settings - Fork 0
Server Protocol
This page shows the server protocol for the backend server that we will be using:
If you use the wrong HTTP method -> {"code":"MethodNotAllowedError","message":"{METHOD} is not allowed"}
For post requests you need to use the Header: Content-Type : application/x-www-form-urlencoded
There are two ways of authenticating against the server.
- Username and Password
- Bearer Token For further reference I will use U&P or BEAR labels for every single request to the Server. If you see either one of these Labels you need to provide the correct authentication Headers,Body or you will receive the errors below. All route specific parameters will be added to each route below:
req body username={username}&password={password}
Wrong Username -> res { status: 'failure', message: 'Incorrect username.' }
Wrong Password -> res { status:'failure', message: 'Incorrect password.' }
req Header - Authorization : Bearer {token}
Wrong Token -> res {"status":"failure","message":"Bearer realm=\"Users\", error=\"invalid_token\", error_description=\"Token not found.\""}
Token for a missing User -> {"status":"failure","message":"Bearer realm=\"Users\", error=\"invalid_token\", error_description=\"User not found.\""}
Expired Token -> {"status":"failure","message":"Bearer realm=\"Users\", error=\"invalid_token\", error_description=\"Token expired.\""}
{username} must be of valid email format.
req post - /api/user/signup
body username={username}&password={password}
success -> {"status":"success","message":"New user has been created successfully","username":"{username}","role":"participant","token":"{token}"}
username missing -> TODO
password missing -> TODO
password too short -> {"status":"failure","message":"Password too short. 7 chars minimum."}
invalid username... not email format -> {"status":"failure","message":"Invalid email address."}
already existing username -> {"status":"failure","message":"Email already in use."}
req post - /api/user/retrievePassword
TODO
{username} and {password} must be in the database. A token will be returned. This token is valid for up to 30 minutes without any user activity. Every time a user request to a protected resource is made with that token the timeout time is reset. Loggin in and out will trigger the server to delete all tokens that are older than 30 minutes.
req post - /api/user/login
success -> {"status":"success","message":"Login successful","username":"{email}","role":"{role}","token":"{token}"}
req post - /api/user/logout
success -> {"status":"success","username":"{username}","message":"Logged out."}
req post - /api/user/changePassword
body username={username}&oldPassword={oldPassword}&newPassword= {newPassword}&newPasswordConfirmation={newPasswordConfirmation}
success -> {"status":"success","message":"Password successfully changed."}
new password too short -> {"status":"failure","message":"New password is too short. Minimum of 7 chars."}
new password does not match the confirmation password -> {"status":"failure","message":"New passwords don't match."}
username is wrong -> {"status":"failure","message":"Incorrect username."}
old password is wrong -> {"status":"failure","message":"Incorrect password."}