91 lines
2.2 KiB
ReStructuredText
91 lines
2.2 KiB
ReStructuredText
REST auth/user/password backend
|
|
===============================
|
|
|
|
LL::NG Portal provides REST end points for auth/user/password:
|
|
|
|
- POST /proxy/pwdConfirm: check password
|
|
- POST /proxy/getUser: get user data
|
|
- POST /proxy/pwdReset: update password
|
|
|
|
These end points can be used to connect another LemonLDAP::NG server using :doc:`REST authentication backend<authrest>`.
|
|
|
|
API
|
|
---
|
|
|
|
Password confirm
|
|
~~~~~~~~~~~~~~~~
|
|
|
|
POST a JSON structure with ``user`` and ``password``.
|
|
It will return a JSON structure with ``result`` parameter (``true`` or ``false``).
|
|
|
|
Request:
|
|
|
|
.. code::
|
|
|
|
curl -H "Accept: application/json" -d '{"user":"dwho","password":"dwho"}' https://auth.example.com/proxy/pwdConfirm
|
|
|
|
Response:
|
|
|
|
.. code-block:: javascript
|
|
|
|
{"result":true}
|
|
|
|
Get user data
|
|
~~~~~~~~~~~~~
|
|
|
|
POST a JSON structure with ``user``.
|
|
It will return a JSON structure with ``result`` and ``info`` parameters.
|
|
|
|
Request:
|
|
|
|
.. code::
|
|
|
|
curl -H "Accept: application/json" -d '{"user":"rtyler"}' https://auth.example.com/proxy/getUser
|
|
|
|
Response:
|
|
|
|
.. code-block:: javascript
|
|
|
|
{"info":{"_utime":1651055131,"hGroups":{"users":{"name":"users"},"earthlings":{"name":"earthlings"}},"ipAddr":"127.0.0.1","_auth":"Demo","_url":null,"uid":"rtyler","mail":"rtyler@badwolf.org","_userDB":"Demo","_startTime":"20220427122531","UA":"curl/7.68.0","cn":"Rose Tyler","_user":"rtyler","_language":"en","groups":"users; earthlings","_whatToTrace":"rtyler"},"result":true}
|
|
|
|
Update password
|
|
~~~~~~~~~~~~~~~
|
|
|
|
POST a JSON structure with ``user`` or ``mail`` and ``password``.
|
|
It will return a JSON structure with ``result`` parameter.
|
|
|
|
Request:
|
|
|
|
.. code::
|
|
|
|
curl -H "Accept: application/json" -d '{"user":"rtyler","password":"secret"}' https://auth.example.com/proxy/pwdReset
|
|
|
|
Response:
|
|
|
|
.. code-block:: javascript
|
|
|
|
{"result":true}
|
|
|
|
Setup
|
|
-----
|
|
|
|
Manager
|
|
~~~~~~~
|
|
|
|
First, activate REST in ``General parameters`` » ``Plugins`` »
|
|
``Portal servers`` » ``REST authentication server`` and ``REST password reset server``.
|
|
|
|
Apache
|
|
~~~~~~
|
|
|
|
REST end points access must be allowed in Apache portal
|
|
configuration (for example, access by IP range):
|
|
|
|
.. code-block:: apache
|
|
|
|
# REST/SOAP functions for proxy auth and password reset (disabled by default)
|
|
<Location /index.fcgi/proxy>
|
|
Require ip 192.168.2.0/24
|
|
</Location>
|
|
|