jimzah/Telodendria
1
0
Fork 0
forked from Telodendria/Telodendria
Code Pull requests Activity

Remove user create Admin endpoint, and the associated privilege.

Browse source 
If an admin wants to create a user, he or she should have the ISSUE_TOKEN
privilege. The admin can use that to create a one-time registration token,
and then just use the regular registration API with that token.
This commit is contained in:
Jordan Bancino 2023-02-27 18:02:35 +00:00
parent d89e3fd753
commit 58dae3a0c9
1 changed files with 12 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
proposals/1.md
View file

@ -39,10 +39,6 @@ Here are all of the admin privileges a user can have:
This allows users to create, modify and delete registration This allows users to create, modify and delete registration
tokens. tokens.
- CREATE_USERS:
Allows users with such privilege to create new users even if
registration is completely turned off.
- ALL: - ALL:
Users with this privilege can use *any* admin endpoint(and some Users with this privilege can use *any* admin endpoint(and some
others) others)
@ -53,6 +49,8 @@ Here are all of the admin privileges a user can have:
### GET `/_telodendria/admin/privileges` ### GET `/_telodendria/admin/privileges`
Get the priviledges of the user that owns the provided access token.
|Requires token|Rate limited| |Requires token|Rate limited|
|--------------|------------| |--------------|------------|
|YES |YES | |YES |YES |
@ -60,8 +58,8 @@ Here are all of the admin privileges a user can have:
|Error response|Description | |Error response|Description |
|--------------|------------------------| |--------------|------------------------|
|200 |User was sucessfully | |200 |Privileges successfully |
| |deactivated. | | |returned. |
200 Response JSON Format: 200 Response JSON Format:
@ -81,13 +79,12 @@ Here are all of the admin privileges a user can have:
### DELETE `/_telodendria/admin/deactivate/[localpart]` ### DELETE `/_telodendria/admin/deactivate/[localpart]`
Deactivates a local user, optionally with a reason.
|Requires token|Rate limited|Permissions| |Requires token|Rate limited|Permissions|
|--------------|------------|-----------| |--------------|------------|-----------|
|YES |YES |DEACTIVATE | |YES |YES |DEACTIVATE |
Description:
Deactivates a local user, optionally with a reason.
Request JSON Format: Request JSON Format:
|Field |Type |Description |Required| |Field |Type |Description |Required|
@ -190,14 +187,12 @@ Reactivates a local user.
### GET `/_telodendria/admin/tokens` ### GET `/_telodendria/admin/tokens`
Gets a list of *all* tokens present, and additional information.
|Requires token|Rate limited|Permissions | |Requires token|Rate limited|Permissions |
|--------------|------------|------------| |--------------|------------|------------|
|YES |YES |ISSUE_TOKENS| |YES |YES |ISSUE_TOKENS|
Description:
Gets a list of *all* tokens present, and additional information.
|Error response|Description | |Error response|Description |
|--------------|---------------------------| |--------------|---------------------------|
|200 |Token list was sucessfully | |200 |Token list was sucessfully |
@ -274,13 +269,12 @@ Gets a list of *all* tokens present, and additional information.
### GET `/_telodendria/admin/tokens/[token]` ### GET `/_telodendria/admin/tokens/[token]`
Returns information about a specific registration token.
|Requires token|Rate limited|Permissions | |Requires token|Rate limited|Permissions |
|--------------|------------|------------| |--------------|------------|------------|
|YES |YES |ISSUE_TOKENS| |YES |YES |ISSUE_TOKENS|
Description:
Returns information about a specific registration token.
|error response|description | |error response|description |
|--------------|---------------------------| |--------------|---------------------------|
|200 |token info was sucessfully | |200 |token info was sucessfully |
@ -329,13 +323,12 @@ Returns information about a specific registration token.
### POST `/_telodendria/admin/tokens` ### POST `/_telodendria/admin/tokens`
Adds a registration token, and setup expiry date and max uses.
|Requires token|Rate limited|Permissions | |Requires token|Rate limited|Permissions |
|--------------|------------|------------| |--------------|------------|------------|
|YES |YES |ISSUE_TOKENS| |YES |YES |ISSUE_TOKENS|
Description:
Adds a registration token, and setup expiry date and max uses.
Request JSON Format: Request JSON Format:
|Field |Type |Description |Required| |Field |Type |Description |Required|
@ -438,47 +431,3 @@ Deletes an existing registration token.
} }
``` ```
### POST /_telodendria/admin/user/create
|Requires token|Rate limited|Permissions |
|--------------|------------|------------|
|YES |YES |CREATE_USERS|
Description:
Creates a new user with password login.
**NOTE**: This does not make the user login.
Request JSON Format:
|Field |Type |Description |Required|
|-------------|-----------|----------------------|--------|
|name |localpart |The created user's lo-|YES |
| | |calpart. | |
|-------------|-----------|----------------------|--------|
|password |string |The created user's |YES |
| | |password. | |
Request Example:
```json
{
"name": "edward",
"password": "verysecurepassworddontworryaboutittoomuch"
}
```
|Error response|Description |
|--------------|-----------------------------|
|204 |User was sucessfully created.|
|--------------|-----------------------------|
|403 |User does not have the |
| |CREATE_USERS permission. |
403 Response JSON Format:
```json
{
"errcode": "M_FORBIDDEN",
"error": "Forbidden access. Bad permissions or not authenticated."
}
```