Account module
This object only holds system information for the user (i.e., login-related), and what will be persistent. All personal information should be stored in User module.
Milestones
- depends on: nothing (initial setup)
- should start by: November 29
- should be done by: December 8
- migration by: December 14
Attributes
- uuid
- username (unique, permanent)
- primary email (unique, verified)
- secondary email (unique, verified)
- password (not selectable by default)
- system role
- ADMIN
- STAFF
- USER
- status
- ACTIVE
- PENDING (primary email not verified)
- BLOCKED
- DEACTIVATED (i.e., soft delete)
- ACTIVE
Features
- unknown client can create account
- primary email must be verified to allow client to login
- user can reset password without login
- staff can reset account password (sent by email, not set by staff)
- staff can block account
- staff and admins can upgrade/downgrade account role (admin <-> staff <-> user)
- admin can open/close new account registrations (set policy)
- pending account (non verified email) cannot be used in the system (e.g., be added to a team roster)
- primary email can only be changed to verified secondary email (swap values)
Endpoints
-
GET /accountslist accounts, requires privilege -
GET /accounts/:usernameget account details -
PUT /accounts/:username/passwordset new password -
PUT /accounts/:username/primary-email, set new email, requires privilege -
PUT /accounts/:username/secondary-emailset new secondary email -
PUT /accounts/:username/verify-emailverify email -
POST /accounts/:username/swap-emailsswap primary and secondary -
PUT /accounts/:username/roleset role, requires privilege -
PUT /accounts/:username/statusset status, requires privilege POST /accounts/:username/reset-password
Privileges
CAN_MANAGE_ACCOUNTS
Additional notes/Migrations
- root account should be automatically created if DB is empty (install script)
- what is the on deletion behaviour and consequences?
- It’s impossible to delete an account, just mark it as deactivated
Edited by Fabio Maschi