Skip to content
dkro edited this page Dec 7, 2014 · 10 revisions

This page shows the server protocol for the backend server that we will be using:

If you use the wrong HTTP method -> {"code":"MethodNotAllowedError","message":"{METHOD} is not allowed"}

General Authentication:

There are two ways of authenticating against the server.

  1. Username and Password
  2. Bearer Token For further reference I will use U&P or BEAR labels for every single request to the Server. If you see either one of these Labels you need to provide the correct authentication Headers,Body or you will receive the errors below. All route specific parameters will be added to each route below:

1. Username and Password

`req body username={username}&password={password}`

Wrong Username -> res { status: 'failure', message: 'Incorrect username.' }

Wrong Password -> res { status:'failure', message: 'Incorrect password.' }

2. Bearer Token

`req Header - Authorization : Bearer {token}`

Wrong Token -> res {"status":"failure","message":"Bearer realm=\"Users\", error=\"invalid_token\", error_description=\"Token not found.\""}

Token for a missing User -> {"status":"failure","message":"Bearer realm=\"Users\", error=\"invalid_token\", error_description=\"User not found.\""}

Expired Token -> {"status":"failure","message":"Bearer realm=\"Users\", error=\"invalid_token\", error_description=\"Token expired.\""}

Unprotected Routes

User signup.

{username} must be of valid email format. req post - /api/user/signup body username={username}&password={password}

success -> {"status":"success","message":"New user has been created successfully","username":"{username}","role":"participant","token":"{token}"}

username missing -> TODO

password missing -> TODO

password too short -> {"status":"failure","message":"Password too short. 7 chars minimum."}

invalid username... not email format -> {"status":"failure","message":"Invalid email address."}

already existing username -> {"status":"failure","message":"Email already in use."}

Retrieve Password

`req post - /api/user/retrievePassword
TODO`

User Routes

{username} and {password} must be in the database. A token will be returned. This token is valid for up to 30 minutes without any user activity. Every time a user request to a protected resource is made with that token the timeout time is reset. Loggin in and out will trigger the server to delete all tokens that are older than 30 minutes.

User Login (U&P).

`req post - /api/user/login`

success -> {"status":"success","message":"Login successful","username":"{email}","role":"{role}","token":"{token}"}

User Logout (BEAR)

`req post - /api/user/logout`

success -> {"status":"success","username":"{username}","message":"Logged out."}

User change password (BEAR)

`req post - /api/user/changePassword
 body   username={username}&oldPassword={oldPassword}&newPassword={newPassword}&newPasswordConfirmation={newPasswordConfirmation}`

success -> {"status":"success","message":"Password successfully changed."}

new password too short -> {"status":"failure","message":"New password is too short. Minimum of 7 chars."}

new password does not match the confirmation password -> {"status":"failure","message":"New passwords don't match."}

username is wrong -> {"status":"failure","message":"Incorrect username."}

old password is wrong -> {"status":"failure","message":"Incorrect password."}

Clone this wiki locally