From 9d20b4748f93fb55fe5f85bb6bdc1905f7e3d760 Mon Sep 17 00:00:00 2001 From: FORESTIER Fabien <fabien.forestier@soprasteria.com> Date: Tue, 28 Jan 2020 17:19:05 +0100 Subject: [PATCH] Add doc on sign up --- docs/components/custom-apps/web-app/header.md | 2 +- .../custom-apps/web-app/sign-up-in-out.md | 0 .../custom-apps/web-app/user-management.md | 29 +++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) delete mode 100644 docs/components/custom-apps/web-app/sign-up-in-out.md create mode 100644 docs/components/custom-apps/web-app/user-management.md diff --git a/docs/components/custom-apps/web-app/header.md b/docs/components/custom-apps/web-app/header.md index 52df112..7fb71a9 100644 --- a/docs/components/custom-apps/web-app/header.md +++ b/docs/components/custom-apps/web-app/header.md @@ -50,4 +50,4 @@ This button can have different behaviors. If the user is anonymous, a click will * access to the user profil page * access to the user data accesses page -* sign out \ No newline at end of file +* sign out diff --git a/docs/components/custom-apps/web-app/sign-up-in-out.md b/docs/components/custom-apps/web-app/sign-up-in-out.md deleted file mode 100644 index e69de29..0000000 diff --git a/docs/components/custom-apps/web-app/user-management.md b/docs/components/custom-apps/web-app/user-management.md new file mode 100644 index 0000000..13facb3 --- /dev/null +++ b/docs/components/custom-apps/web-app/user-management.md @@ -0,0 +1,29 @@ +# User management + +## Sign up + +There are two steps to create an account on data.grandlyon.com. + +First of all the user must go to the sign up page accessible from the login page and fill the form. A few information are required such as the firstname, the lastname and the email. A password also has to be entered. It must: + +* have at least 6 characters +* contain at least one special character +* contain at least one uppercased character +* contain at least one lowercased character +* contain at least one number + +Passwords are always encrypted with a public key retrieved from the `legacy auth middleware` before they are sent accross the network. Only the legacy auth middleware knows the private key that allow the decryption of the password. + +Before being able to submit the form, the user has to accept the general terms of use and the processing of its information. + +When the form is submitted, the account is not directly created. In fact, a request is made to the [legacy auth middleware](../../middlewares/legacy-auth.md). The service stores temporarily the user account information in a Redis database and send an email to the user's email address through the [email service](../../services/mailer.md). The purpose of this email is to confirm the validity of the user's email address. Indeed the email contains a unique link which expires after 24h. + +The link is actually a link to the login page of our application that includes a `token` query param. When the `LoginComponent` of the Angular app detects a `token` param in the url, it sends an HTTP request to the `Legacy auth middleware` including the token. If the token is still valid the user account associated with this token is created in the real user database of the [legacy auth service](../../core/legacy-auth.md). + +For more information about this process read [this](../../../miscellaneous/authentication&authorization.md) section of the documentation. + +## Sign in + +## Sign out + +## Account deletion -- GitLab