Documentation for auth/user/password REST services

2022-04-27 12:31:50 +02:00 · 2022-04-27 12:31:50 +02:00 · 1d597f64e5
parent 411c78c880
commit 1d597f64e5
3 changed files with 94 additions and 0 deletions
--- a/doc/sources/admin/index_plugins.rst
+++ b/doc/sources/admin/index_plugins.rst
@ -28,5 +28,6 @@ Plugins
   resetpassword
   resetcertificate
   restservices
+   restauthuserpwdbackend
   soapservices
   stayconnected
--- a/doc/sources/admin/restauthuserpwdbackend.rst
+++ b/doc/sources/admin/restauthuserpwdbackend.rst
@ -0,0 +1,90 @@
+REST auth/user/password backend
+===============================
+
+LL::NG Portal provides REST end points for auth/user/password:
+
+-  POST /proxy/pwdConfirm: check password
+-  POST /proxy/getUser: get user data
+-  POST /proxy/pwdReset: update password
+
+These end points can be used to connect another LemonLDAP::NG server using :doc:`REST authentication backend<authrest>`.
+
+API
+---
+
+Password confirm
+~~~~~~~~~~~~~~~~
+
+POST a JSON structure with ``user`` and ``password``.
+It will return a JSON structure with ``result`` parameter (``true`` or ``false``).
+
+Request:
+
+.. code::
+
+    curl -H "Accept: application/json" -d '{"user":"dwho","password":"dwho"}'  https://auth.example.com/proxy/pwdConfirm 
+
+Response:
+
+.. code-block:: javascript
+
+    {"result":true}
+
+Get user data
+~~~~~~~~~~~~~
+
+POST a JSON structure with ``user``.
+It will return a JSON structure with ``result`` and ``info`` parameters.
+
+Request:
+
+.. code::
+
+    curl -H "Accept: application/json" -d '{"user":"rtyler"}'  https://auth.example.com/proxy/getUser
+
+Response:
+
+.. code-block:: javascript
+
+    {"info":{"_utime":1651055131,"hGroups":{"users":{"name":"users"},"earthlings":{"name":"earthlings"}},"ipAddr":"127.0.0.1","_auth":"Demo","_url":null,"uid":"rtyler","mail":"rtyler@badwolf.org","_userDB":"Demo","_startTime":"20220427122531","UA":"curl/7.68.0","cn":"Rose Tyler","_user":"rtyler","_language":"en","groups":"users; earthlings","_whatToTrace":"rtyler"},"result":true}
+
+Update password
+~~~~~~~~~~~~~~~
+
+POST a JSON structure with ``user`` or ``mail`` and ``password``.
+It will return a JSON structure with ``result`` parameter.
+
+Request:
+
+.. code::
+
+    curl -H "Accept: application/json" -d '{"user":"rtyler","password":"secret"}'  https://auth.example.com/proxy/pwdReset
+
+Response:
+
+.. code-block:: javascript
+
+    {"result":true}
+
+Setup
+-----
+
+Manager
+~~~~~~~
+
+First, activate REST in ``General parameters`` » ``Plugins`` »
+``Portal servers`` » ``REST authentication server`` and ``REST password reset server``.
+
+Apache
+~~~~~~
+
+REST end points access must be allowed in Apache portal
+configuration (for example, access by IP range):
+
+.. code-block:: apache
+
+   # REST/SOAP functions for proxy auth and password reset (disabled by default)
+   <Location /index.fcgi/proxy>
+       Require ip 192.168.2.0/24
+   </Location>
+
--- a/doc/sources/admin/restservices.rst
+++ b/doc/sources/admin/restservices.rst
@ -21,6 +21,9 @@ example:

   $env->{HTTP_ACCEPT} !~ m:application/json:

+
+Another solution is using the :doc:`REST auth/user/password backend<restauthuserpwdbackend>`.
+
 API
 ^^^