91 lines
2.2 KiB
ReStructuredText
91 lines
2.2 KiB
ReStructuredText
|
REST auth/user/password backend
|
||
|
===============================
|
||
|
|
||
|
LL::NG Portal provides REST end points for auth/user/password:
|
||
|
|
||
|
- POST /proxy/pwdConfirm: check password
|
||
|
- POST /proxy/getUser: get user data
|
||
|
- POST /proxy/pwdReset: update password
|
||
|
|
||
|
These end points can be used to connect another LemonLDAP::NG server using :doc:`REST authentication backend<authrest>`.
|
||
|
|
||
|
API
|
||
|
---
|
||
|
|
||
|
Password confirm
|
||
|
~~~~~~~~~~~~~~~~
|
||
|
|
||
|
POST a JSON structure with ``user`` and ``password``.
|
||
|
It will return a JSON structure with ``result`` parameter (``true`` or ``false``).
|
||
|
|
||
|
Request:
|
||
|
|
||
|
.. code::
|
||
|
|
||
|
curl -H "Accept: application/json" -d '{"user":"dwho","password":"dwho"}' https://auth.example.com/proxy/pwdConfirm
|
||
|
|
||
|
Response:
|
||
|
|
||
|
.. code-block:: javascript
|
||
|
|
||
|
{"result":true}
|
||
|
|
||
|
Get user data
|
||
|
~~~~~~~~~~~~~
|
||
|
|
||
|
POST a JSON structure with ``user``.
|
||
|
It will return a JSON structure with ``result`` and ``info`` parameters.
|
||
|
|
||
|
Request:
|
||
|
|
||
|
.. code::
|
||
|
|
||
|
curl -H "Accept: application/json" -d '{"user":"rtyler"}' https://auth.example.com/proxy/getUser
|
||
|
|
||
|
Response:
|
||
|
|
||
|
.. code-block:: javascript
|
||
|
|
||
|
{"info":{"_utime":1651055131,"hGroups":{"users":{"name":"users"},"earthlings":{"name":"earthlings"}},"ipAddr":"127.0.0.1","_auth":"Demo","_url":null,"uid":"rtyler","mail":"rtyler@badwolf.org","_userDB":"Demo","_startTime":"20220427122531","UA":"curl/7.68.0","cn":"Rose Tyler","_user":"rtyler","_language":"en","groups":"users; earthlings","_whatToTrace":"rtyler"},"result":true}
|
||
|
|
||
|
Update password
|
||
|
~~~~~~~~~~~~~~~
|
||
|
|
||
|
POST a JSON structure with ``user`` or ``mail`` and ``password``.
|
||
|
It will return a JSON structure with ``result`` parameter.
|
||
|
|
||
|
Request:
|
||
|
|
||
|
.. code::
|
||
|
|
||
|
curl -H "Accept: application/json" -d '{"user":"rtyler","password":"secret"}' https://auth.example.com/proxy/pwdReset
|
||
|
|
||
|
Response:
|
||
|
|
||
|
.. code-block:: javascript
|
||
|
|
||
|
{"result":true}
|
||
|
|
||
|
Setup
|
||
|
-----
|
||
|
|
||
|
Manager
|
||
|
~~~~~~~
|
||
|
|
||
|
First, activate REST in ``General parameters`` » ``Plugins`` »
|
||
|
``Portal servers`` » ``REST authentication server`` and ``REST password reset server``.
|
||
|
|
||
|
Apache
|
||
|
~~~~~~
|
||
|
|
||
|
REST end points access must be allowed in Apache portal
|
||
|
configuration (for example, access by IP range):
|
||
|
|
||
|
.. code-block:: apache
|
||
|
|
||
|
# REST/SOAP functions for proxy auth and password reset (disabled by default)
|
||
|
<Location /index.fcgi/proxy>
|
||
|
Require ip 192.168.2.0/24
|
||
|
</Location>
|
||
|
|