From 58dae3a0c98d6d817bc785e7b200b5c52a31f557 Mon Sep 17 00:00:00 2001
From: Jordan Bancino <jordan@bancino.net>
Date: Mon, 27 Feb 2023 18:02:35 +0000
Subject: [PATCH] Remove user create Admin endpoint, and the associated
 privilege.

If an admin wants to create a user, he or she should have the ISSUE_TOKEN
privilege. The admin can use that to create a one-time registration token,
and then just use the regular registration API with that token.
---
 proposals/1.md | 75 ++++++++------------------------------------------
 1 file changed, 12 insertions(+), 63 deletions(-)

diff --git a/proposals/1.md b/proposals/1.md
index 354c5cc..e5d70de 100644
--- a/proposals/1.md
+++ b/proposals/1.md
@@ -39,10 +39,6 @@ Here are all of the admin privileges a user can have:
         This allows users to create, modify and delete registration 
         tokens.
 
-    - CREATE_USERS:
-        Allows users with such privilege to create new users even if 
-        registration is completely turned off.
-
     - ALL:
         Users with this privilege can use *any* admin endpoint(and some
 		others)
@@ -53,6 +49,8 @@ Here are all of the admin privileges a user can have:
 
 ### GET `/_telodendria/admin/privileges`
 
+Get the priviledges of the user that owns the provided access token.
+
 |Requires token|Rate limited|
 |--------------|------------|
 |YES           |YES         |
@@ -60,8 +58,8 @@ Here are all of the admin privileges a user can have:
 
 |Error response|Description             |
 |--------------|------------------------|
-|200           |User was sucessfully    |
-|              |deactivated.            |
+|200           |Privileges successfully |
+|              |returned.               |
 
 200 Response JSON Format:
 
@@ -81,13 +79,12 @@ Here are all of the admin privileges a user can have:
 
 ### DELETE `/_telodendria/admin/deactivate/[localpart]`
 
+Deactivates a local user, optionally with a reason.
+
 |Requires token|Rate limited|Permissions|
 |--------------|------------|-----------|
 |YES           |YES         |DEACTIVATE |
 
-Description:
-Deactivates a local user, optionally with a reason.
-
 Request JSON Format:
 
 |Field      |Type       |Description          |Required|
@@ -190,14 +187,12 @@ Reactivates a local user.
 
 ### GET `/_telodendria/admin/tokens`
 
+Gets a list of *all* tokens present, and additional information.
+
 |Requires token|Rate limited|Permissions |
 |--------------|------------|------------|
 |YES           |YES         |ISSUE_TOKENS|
 
-Description:
-Gets a list of *all* tokens present, and additional information.
-
-
 |Error response|Description                |
 |--------------|---------------------------|
 |200           |Token list was sucessfully |
@@ -274,13 +269,12 @@ Gets a list of *all* tokens present, and additional information.
 
 ### GET `/_telodendria/admin/tokens/[token]`
 
+Returns information about a specific registration token.
+
 |Requires token|Rate limited|Permissions |
 |--------------|------------|------------|
 |YES           |YES         |ISSUE_TOKENS|  
 
-Description:
-Returns information about a specific registration token.
-
 |error response|description                |
 |--------------|---------------------------|
 |200           |token info was sucessfully |
@@ -329,13 +323,12 @@ Returns information about a specific registration token.
 
 ### POST `/_telodendria/admin/tokens`
 
+Adds a registration token, and setup expiry date and max uses.
+
 |Requires token|Rate limited|Permissions |
 |--------------|------------|------------|
 |YES           |YES         |ISSUE_TOKENS|  
 
-Description:
-Adds a registration token, and setup expiry date and max uses.
-
 Request JSON Format:
 
 |Field      |Type       |Description           |Required|
@@ -438,47 +431,3 @@ Deletes an existing registration token.
 }
 ```
 
-### POST /_telodendria/admin/user/create
-
-|Requires token|Rate limited|Permissions |
-|--------------|------------|------------|
-|YES           |YES         |CREATE_USERS|  
-
-Description:
-Creates a new user with password login.
-**NOTE**: This does not make the user login.
-
-Request JSON Format:
-
-|Field        |Type       |Description           |Required|
-|-------------|-----------|----------------------|--------|
-|name         |localpart  |The created user's lo-|YES     |
-|             |           |calpart.              |        |
-|-------------|-----------|----------------------|--------|
-|password     |string     |The created user's    |YES     |
-|             |           |password.             |        |
-
-Request Example:
-```json
-{
-  "name": "edward",
-  "password": "verysecurepassworddontworryaboutittoomuch"
-}
-```
-
-
-|Error response|Description                  |
-|--------------|-----------------------------|
-|204           |User was sucessfully created.|
-|--------------|-----------------------------|
-|403           |User does not have the       |
-|              |CREATE_USERS permission.     |
-
-403 Response JSON Format:
-
-```json
-{
-  "errcode": "M_FORBIDDEN",
-  "error": "Forbidden access. Bad permissions or not authenticated."
-}
-```