Account module

This object only holds system information for the user (i.e., login-related), and what will be persistent. All personal information should be stored in User module.

Milestones

depends on: nothing (initial setup)
should start by: November 29
should be done by: December 8
migration by: December 14

Attributes

uuid
username (unique, permanent)
primary email (unique, verified)
secondary email (unique, verified)
password (not selectable by default)
system role
- ADMIN
- STAFF
- USER
status
- ACTIVE
  - PENDING (primary email not verified)
- BLOCKED
  - DEACTIVATED (i.e., soft delete)

Features

unknown client can create account
primary email must be verified to allow client to login
user can reset password without login
staff can reset account password (sent by email, not set by staff)
staff can block account
staff and admins can upgrade/downgrade account role (admin <-> staff <-> user)
admin can open/close new account registrations (set policy)
pending account (non verified email) cannot be used in the system (e.g., be added to a team roster)
primary email can only be changed to verified secondary email (swap values)

Endpoints

GET /accounts list accounts, requires privilege
GET /accounts/:username get account details
PUT /accounts/:username/password set new password
PUT /accounts/:username/primary-email, set new email, requires privilege
PUT /accounts/:username/secondary-email set new secondary email
PUT /accounts/:username/verify-email verify email
POST /accounts/:username/swap-emails swap primary and secondary
PUT /accounts/:username/role set role, requires privilege
PUT /accounts/:username/status set status, requires privilege
POST /accounts/:username/reset-password

Privileges

CAN_MANAGE_ACCOUNTS

Additional notes/Migrations

root account should be automatically created if DB is empty (install script)
what is the on deletion behaviour and consequences?
- It’s impossible to delete an account, just mark it as deactivated

Edited Dec 17, 2021 by Fabio Maschi