Remove user create Admin endpoint, and the associated privilege.

If an admin wants to create a user, he or she should have the ISSUE_TOKEN privilege. The admin can use that to create a one-time registration token, and then just use the regular registration API with that token.
2023-02-27 18:02:35 +00:00 · 2023-02-27 18:02:35 +00:00 · 58dae3a0c9
commit 58dae3a0c9
parent d89e3fd753
1 changed files with 12 additions and 63 deletions
--- a/proposals/1.md
+++ b/proposals/1.md
@ -39,10 +39,6 @@ Here are all of the admin privileges a user can have:
        This allows users to create, modify and delete registration 
        tokens.

-    - CREATE_USERS:
-        Allows users with such privilege to create new users even if 
-        registration is completely turned off.
-
    - ALL:
        Users with this privilege can use *any* admin endpoint(and some
 		others)
@ -53,6 +49,8 @@ Here are all of the admin privileges a user can have:

 ### GET `/_telodendria/admin/privileges`

+Get the priviledges of the user that owns the provided access token.
+
 |Requires token|Rate limited|
 |--------------|------------|
 |YES           |YES         |
@ -60,8 +58,8 @@ Here are all of the admin privileges a user can have:

 |Error response|Description             |
 |--------------|------------------------|
-|200           |User was sucessfully    |
-|              |deactivated.            |
+|200           |Privileges successfully |
+|              |returned.               |

 200 Response JSON Format:

@ -81,13 +79,12 @@ Here are all of the admin privileges a user can have:

 ### DELETE `/_telodendria/admin/deactivate/[localpart]`

+Deactivates a local user, optionally with a reason.
+
 |Requires token|Rate limited|Permissions|
 |--------------|------------|-----------|
 |YES           |YES         |DEACTIVATE |

-Description:
-Deactivates a local user, optionally with a reason.
-
 Request JSON Format:

 |Field      |Type       |Description          |Required|
@ -190,14 +187,12 @@ Reactivates a local user.

 ### GET `/_telodendria/admin/tokens`

+Gets a list of *all* tokens present, and additional information.
+
 |Requires token|Rate limited|Permissions |
 |--------------|------------|------------|
 |YES           |YES         |ISSUE_TOKENS|

-Description:
-Gets a list of *all* tokens present, and additional information.
-
-
 |Error response|Description                |
 |--------------|---------------------------|
 |200           |Token list was sucessfully |
@ -274,13 +269,12 @@ Gets a list of *all* tokens present, and additional information.

 ### GET `/_telodendria/admin/tokens/[token]`

+Returns information about a specific registration token.
+
 |Requires token|Rate limited|Permissions |
 |--------------|------------|------------|
 |YES           |YES         |ISSUE_TOKENS|  

-Description:
-Returns information about a specific registration token.
-
 |error response|description                |
 |--------------|---------------------------|
 |200           |token info was sucessfully |
@ -329,13 +323,12 @@ Returns information about a specific registration token.

 ### POST `/_telodendria/admin/tokens`

+Adds a registration token, and setup expiry date and max uses.
+
 |Requires token|Rate limited|Permissions |
 |--------------|------------|------------|
 |YES           |YES         |ISSUE_TOKENS|  

-Description:
-Adds a registration token, and setup expiry date and max uses.
-
 Request JSON Format:

 |Field      |Type       |Description           |Required|
@ -438,47 +431,3 @@ Deletes an existing registration token.
 }
 ```

-### POST /_telodendria/admin/user/create
-
-|Requires token|Rate limited|Permissions |
-|--------------|------------|------------|
-|YES           |YES         |CREATE_USERS|  
-
-Description:
-Creates a new user with password login.
-**NOTE**: This does not make the user login.
-
-Request JSON Format:
-
-|Field        |Type       |Description           |Required|
-|-------------|-----------|----------------------|--------|
-|name         |localpart  |The created user's lo-|YES     |
-|             |           |calpart.              |        |
-|-------------|-----------|----------------------|--------|
-|password     |string     |The created user's    |YES     |
-|             |           |password.             |        |
-
-Request Example:
-```json
-{
-  "name": "edward",
-  "password": "verysecurepassworddontworryaboutittoomuch"
-}
-```
-
-
-|Error response|Description                  |
-|--------------|-----------------------------|
-|204           |User was sucessfully created.|
-|--------------|-----------------------------|
-|403           |User does not have the       |
-|              |CREATE_USERS permission.     |
-
-403 Response JSON Format:
-
-```json
-{
-  "errcode": "M_FORBIDDEN",
-  "error": "Forbidden access. Bad permissions or not authenticated."
-}
-```