Skip to content
Snippets Groups Projects
Commit 5ae26790 authored by FORESTIER Fabien's avatar FORESTIER Fabien Committed by ncastejon
Browse files

WIP user management

parent 43fcbda6
No related branches found
No related tags found
1 merge request!14Doc webapp
......@@ -141,10 +141,171 @@ end
## User update
A user can easily update its profil information from the user profil page. He needs to agree to the general term of use and the process of its information before sumitting any changes. To update the profil the application calls the authentication service. In its turn it makes the appropriate request to the legacy auth middleware and then generate a new JWT with the latest user information. Finally the authentication service replies to the application and set two cookies to replace the older ones.
A user can easily update its profil information from the user profil page. He needs to agree to the general term of use and the process of its information before sumitting any changes. To update the profil, the application calls the authentication service. In its turn it makes the appropriate request to the legacy auth middleware and then generate a new JWT with the latest user information. Finally the authentication service replies to the application with two cookies to replace the older ones.
Here's in bit more details the different exchanges that take place during the update of the user's profil.
```plantuml
!define BLACK #333745
!define RED #d5232a
!define GREEN #37A77C
' Base Setting
skinparam BackgroundColor transparent
skinparam Sequence {
ArrowThickness 1
ArrowColor RED
LifeLineBorderColor GREEN
ParticipantBorderThickness 1
}
skinparam Participant {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
skinparam note {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
participant "Front" as front
participant "Authentication Service" as auth
participant "Middleware Legacy Auth" as middle
participant "Legacy Auth (Neogeo)" as django
participant "Kong" as kong
group User update
front -> auth : <b>PUT</b> /user/update
auth -> middle : <b>PUT</b> /user/update
middle -> django : <b>POST</b> /update_user/
middle <-- django : Ok
middle -> django : <b>POST</b> /get_user/
middle <-- django : { userInfo }
auth <-- middle : { userInfo with encrypted password as authzKey}
auth -> kong : <b>PUT</b> /consumers/:email
auth <-- kong : Ok
auth -> kong : <b>GET or POST</b> /consumers/:email/jwt (POST if no creadetials exist for this user)
auth <-- kong : { credentials }
front <-- auth : { token: jwt }
end
```
## Password update
From its profile page a user can access to the password update tab. He/she can change its password by filling the dedicated inputs. However the current password must be reentered.
The password update is done through a call to the [legacy auth middleware](../../middlewares/legacy-auth.md). If the request is successful the app will trigger a new login with the new credentials that will be transparent for the user. Doing so, the user wont be logged out on the next authenticated HTTP call (as the password would be outdated) and wont need to reconnect manualy while he/she just entered in the latter form.
```plantuml
!define BLACK #333745
!define RED #d5232a
!define GREEN #37A77C
' Base Setting
skinparam BackgroundColor transparent
skinparam Sequence {
ArrowThickness 1
ArrowColor RED
LifeLineBorderColor GREEN
ParticipantBorderThickness 1
}
skinparam Participant {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
skinparam note {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
participant "Front" as front
participant "Authentication Service" as auth
participant "Middleware Legacy Auth" as middle
participant "Legacy Auth (Neogeo)" as django
participant "Email Service" as email
participant "Kong" as kong
group Get Public Key
front -> middle : <b>GET</b> /publicKey
front <-- middle : { publicKey }
end
group Password update
front -> middle : <b>PUT</b> /user/updatePassword
middle -> django : <b>GET</b> /get_user/
middle <-- django : Ok
middle -> django : <b>PUT</b> /update_user_password/
middle <-- django : Ok
front <-- middle : void
end
group Legacy login
front -> auth : <b>POST</b> /login/legacy
auth -> middle : <b>POST</b> /user/login
middle -> django : <b>POST</b> /get_user/
middle <-- django : { userInfo }
middle --> auth : { userInfo with encrypted password as authzKey}
auth -> kong : <b>PUT</b> /consumers/:email
auth <-- kong : Ok
auth -> kong : <b>GET or POST</b> /consumers/:email/jwt (POST if no creadetials exist for this user)
auth <-- kong : { credentials }
front <-- auth : { token: jwt }
end
```
## Account deletion
From its profile page, one can also delete its account. A modal is asking for a confirmation in order to prevent that an unwanted click deletes the user account without any possible rollback.
This diagrams shows the different exchanges made.
```plantuml
!define BLACK #333745
!define RED #d5232a
!define GREEN #37A77C
' Base Setting
skinparam BackgroundColor transparent
skinparam Sequence {
ArrowThickness 1
ArrowColor RED
LifeLineBorderColor GREEN
ParticipantBorderThickness 1
}
skinparam Participant {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
skinparam note {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
participant "Front" as front
participant "Middleware Legacy Auth" as middle
participant "Legacy Auth (Neogeo)" as django
group User account deletion
front -> middle : <b>DELETE</b> /user
middle -> django : <b>POST</b> /delete_user/
middle <-- django : Ok
front <-- middle : void
end
```
## User accesses
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment