@@ -39,8 +39,8 @@ In case of using different services or configurations, `REDIS_HOST` and `MONGO_S
3939
4040## Users
4141
42- ` User ` model objects can be created using ` /user ` endpoint. Only admin
43- users are allowed to create user accounts .
42+ This section describes API user accounts and various endpoints for
43+ user management .
4444
4545### Create an admin user
4646
@@ -51,7 +51,7 @@ tool provided in the `kernelci-api` repository.
5151setup an admin user. We can use this admin user to create other user accounts.
5252
5353
54- ### Create user using endpoint
54+ ### Create user using endpoint (Admin only)
5555
5656Now, we can use above created admin user to create regular users and other
5757admin users using ` /user/register ` API endpoint. We need to provide token to the endpoint for the authorization.
@@ -81,6 +81,175 @@ $ curl -X 'POST' 'http://localhost:8001/latest/user/register' -H 'accept: applic
8181Another way of creating users is to use ` kci user add ` tool from kernelci-core.
8282
8383
84+ ### Verify user account
85+
86+ A user account needs to be verified before a user token can be retrieved
87+ for the account.
88+ Send API request to ` POST /user/request-verify-token ` endpoint to receive
89+ a verification token for provided email address:
90+
91+ ```
92+ $ curl -X 'POST' \
93+ 'http://localhost:8001/latest/user/request-verify-token' \
94+ -H 'accept: application/json' \
95+ -H 'Content-Type: application/json' \
96+ -d '{
97+ 98+ ```
99+
100+ The user will receive a verification token via email.
101+ Now, request ` POST /user/verify ` endpoint and provide the verification
102+ token in the request dictionary.
103+
104+ ```
105+ $ curl -X 'POST' \
106+ 'http://localhost:8001/latest/user/verify' \
107+ -H 'accept: application/json' \
108+ -H 'Content-Type: application/json' \
109+ -d '{
110+ "token": "<VERIFICATION-TOKEN-RECEIVED-BY-EMAIL>"
111+ }'
112+ {"id":"615f30020eb7c3c6616e5ac3","email":"[email protected] ","is_active":true,"is_superuser":false,"is_verified":true,"username":"test","groups":[]} 113+ ```
114+ ` is_verified:true ` in the response above denotes that a user account
115+ has been verified successfully. The user will also receive an email
116+ confirming the verification.
117+
118+
119+ ### Get authorization token
120+
121+ After successful user verification, the user can retrieve authorization
122+ token to use certain API endpoints requiring user authorization.
123+
124+ ```
125+ $ curl -X 'POST' \
126+ 'http://localhost:8001/latest/user/login' \
127+ -H 'accept: application/json' \
128+ -H 'Content-Type: application/x-www-form-urlencoded' \
129+ -d 'username=test&password=test'
130+ ```
131+ This will return an authorization bearer token.
132+
133+
134+ ### Get all existing users
135+
136+ To get information of all added user accounts, user ` GET /users ` request.
137+
138+ ```
139+ $ curl -X 'GET' \
140+ 'http://localhost:8001/latest/users' \
141+ -H 'accept: application/json' \
142+ -H 'Authorization: <USER-AUTHORIZATION-TOKEN>'
143+ {"items":[{"id":"6526448e7d140ee220971a0e","email":"[email protected] ","is_active":true,"is_superuser":true,"is_verified":true,"username":"admin","groups":[]},{"id":"615f30020eb7c3c6616e5ac3","email":"[email protected] ","is_active":true,"is_superuser":true,"is_verified":false,"username":"test-user","groups":[{"id":"648ff894bd39930355ed16ad","name":"kernelci"}]}],"total":2,"limit":50,"offset":0} 144+ ```
145+
146+
147+ ### Get user account matching user ID
148+
149+ To get user by ID, use ` /user ` endpoint with user ID as a path parameter:
150+ ```
151+ $ curl -X 'GET' \
152+ 'http://localhost:8001/latest/user/6526448e7d140ee220971a0e' \
153+ -H 'accept: application/json' \
154+ -H 'Content-Type: application/json' \
155+ -H 'Authorization: Bearer <USER-AUTHORIZATION-TOKEN>'
156+ {"id":"6526448e7d140ee220971a0e","email":"[email protected] ","is_active":true,"is_superuser":true,"is_verified":true,"username":"admin","groups":[]} 157+ ```
158+
159+
160+ ### Reset password
161+
162+ A user can reset password for the account in case the password is forgotten or lost.
163+
164+ First, send request to ` POST /user/forgot-password ` endpoint with the
165+ user email address:
166+ ```
167+ $ curl -X 'POST' \
168+ 'http://localhost:8001/latest/user/forgot-password' \
169+ -H 'accept: application/json' \
170+ -H 'Content-Type: application/json' \
171+ -d '{
172+ 173+ }'
174+ ```
175+
176+ The user will receive password reset token via email. The token should
177+ be sent to ` POST /user/reset-password ` request along with the new password to be set for the account:
178+ ```
179+ $ curl -X 'POST' \T' \
180+ 'http://localhost:8001/latest/user/reset-password' \
181+ -H 'accept: application/json' \
182+ -H 'Content-Type: application/json' \
183+ -d '{
184+ "token": "PASSWORD-RESET-TOKEN-RECEIVED-BY-EMAIL",
185+ "password": "<new-password>"
186+ }'
187+ ```
188+ The user will receive an email confirming a successful password reset.
189+
190+
191+ ### Update user password
192+
193+ A user can update password for the account with the request to
194+ ` /user/update-password ` endpoint. Please supply current password and new
195+ password along with the username for the account:
196+
197+ ```
198+ $ curl -X 'POST' \
199+ 'http://localhost:8001/latest/user/update-password' \
200+ -H 'accept: application/json' \
201+ -H 'Content-Type: application/x-www-form-urlencoded' \
202+ -d 'username=test&password=<current-password>&new_password=<new-password>'
203+ ```
204+
205+
206+ ### Update own user account
207+
208+ A user can update certain information for its own account, such as
209+ ` email ` , ` username ` , ` password ` , and ` groups ` with a ` PATCH /user/me ` request.
210+ For example,
211+ ```
212+ $ curl -X 'PATCH' \
213+ 'http://localhost:8001/latest/user/me' \
214+ -H 'accept: application/json' \
215+ -H 'Content-Type: application/json' \
216+ -H 'Authorization: Bearer <USER-AUTHORIZATION-TOKEN>' \
217+ -d '{
218+ "password": "<new-password-to-be-set>",
219+ "email": "<new-email-to-be-set>",
220+ }'
221+ ```
222+
223+ Please note that user management fields such as ` is_useruser ` , ` is_verified ` , and ` is_active ` can not be updated by this request for security purposes.
224+
225+
226+ ### Update an existing user account (Admin only)
227+
228+ Admin users can update other existing user accounts using a ` PATCH /user/<user-id> ` request.
229+
230+ For example, the below command will update an existing ` test ` user with a new email address and add it to ` kernelci ` user group.
231+
232+ ```
233+ $ curl -X 'PATCH' \
234+ 'http://localhost:8001/latest/user/615f30020eb7c3c6616e5ac3' \
235+ -H 'accept: application/json' \
236+ -H 'Content-Type: application/json' \
237+ -H 'Authorization: Bearer <ADMIN-USER-AUTHORIZATION-TOKEN>' \
238+ -d '{"email": "[email protected] ", "groups": ["kernelci"]}' 239+ ```
240+
241+
242+ ### Delete user matching user ID (Admin only)
243+
244+ Only admin users can delete existing user account by providing user ID to
245+ ` DELETE /user/<user-id> ` endpoint:
246+ ```
247+ $ curl -X 'DELETE' \
248+ 'http://localhost:8001/latest/user/658d1edecf0bce203d594f1c' \
249+ -H 'Authorization: Bearer <ADMIN-USER-AUTHORIZATION-TOKEN>'
250+ ```
251+
252+
84253## Nodes
85254
86255` Node ` objects form the basis of the API models to represent tests runs,
0 commit comments