A user can easily update its profil information from the user profil page. He needs to agree to the general term of use and the process of its information before sumitting any changes. To update the profil the application calls the authentication service. In its turn it makes the appropriate request to the legacy auth middleware and then generate a new JWT with the latest user information. Finally the authentication service replies to the application and set two cookies to replace the older ones.
A user can easily update its profil information from the user profil page. He needs to agree to the general term of use and the process of its information before sumitting any changes. To update the profil, the application calls the authentication service. In its turn it makes the appropriate request to the legacy auth middleware and then generate a new JWT with the latest user information. Finally the authentication service replies to the application with two cookies to replace the older ones.
Here's in bit more details the different exchanges that take place during the update of the user's profil.
```plantuml
!define BLACK #333745
!define RED #d5232a
!define GREEN #37A77C
' Base Setting
skinparam BackgroundColor transparent
skinparam Sequence {
ArrowThickness 1
ArrowColor RED
LifeLineBorderColor GREEN
ParticipantBorderThickness 1
}
skinparam Participant {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
skinparam note {
BackgroundColor #FFFFFF
BorderColor BLACK
FontColor BLACK
}
participant "Front" as front
participant "Authentication Service" as auth
participant "Middleware Legacy Auth" as middle
participant "Legacy Auth (Neogeo)" as django
participant "Kong" as kong
group User update
front -> auth : <b>PUT</b> /user/update
auth -> middle : <b>PUT</b> /user/update
middle -> django : <b>POST</b> /update_user/
middle <-- django : Ok
middle -> django : <b>POST</b> /get_user/
middle <-- django : { userInfo }
auth <-- middle : { userInfo with encrypted password as authzKey}
auth -> kong : <b>PUT</b> /consumers/:email
auth <-- kong : Ok
auth -> kong : <b>GET or POST</b> /consumers/:email/jwt (POST if no creadetials exist for this user)
auth <-- kong : { credentials }
front <-- auth : { token: jwt }
end
```
## Password update
From its profile page a user can access to the password update tab. He/she can change its password by filling the dedicated inputs. However the current password must be reentered.
The password update is done through a call to the [legacy auth middleware](../../middlewares/legacy-auth.md). If the request is successful the app will trigger a new login with the new credentials that will be transparent for the user. Doing so, the user wont be logged out on the next authenticated HTTP call (as the password would be outdated) and wont need to reconnect manualy while he/she just entered in the latter form.
middle --> auth : { userInfo with encrypted password as authzKey}
auth -> kong : <b>PUT</b> /consumers/:email
auth <-- kong : Ok
auth -> kong : <b>GET or POST</b> /consumers/:email/jwt (POST if no creadetials exist for this user)
auth <-- kong : { credentials }
front <-- auth : { token: jwt }
end
```
## Account deletion
From its profile page, one can also delete its account. A modal is asking for a confirmation in order to prevent that an unwanted click deletes the user account without any possible rollback.
