refactor(oauth): improvements #315
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
elboletaire
changed the title
|
This PR introduces the following changes in the API documentation: diff --git a/docs/swagger.yaml b/docs/swagger.yaml
index 29739d4..c53c7e6 100644
--- a/docs/swagger.yaml
+++ b/docs/swagger.yaml
@@ -282,6 +282,21 @@ definitions:
format: hex
type: string
type: object
+ apicommon.OAuthLinkRequest:
+ properties:
+ address:
+ description: The address of the user
+ type: string
+ oauthSignature:
+ description: The signature made by the OAuth service on top of the user email
+ type: string
+ provider:
+ description: OAuth provider name (google, github, facebook)
+ type: string
+ userOAuthSignature:
+ description: The signature made by the user on top of the oauth signature
+ type: string
+ type: object
apicommon.OAuthLoginResponse:
properties:
expirity:
@@ -883,6 +898,9 @@ definitions:
firstName:
description: User's first name
type: string
+ hasPassword:
+ description: Whether the user has a password set (true if not OAuth-only)
+ type: boolean
id:
description: User ID as generated by the backend
type: integer
@@ -897,6 +915,12 @@ definitions:
password:
description: User's password (not returned in responses)
type: string
+ providers:
+ description: List of OAuth providers linked to this account (e.g., ["google",
+ "github"])
+ items:
+ type: string
+ type: array
verified:
description: Whether the user's email is verified
type: boolean
@@ -1278,8 +1302,7 @@ paths:
get:
consumes:
- application/json
- description: Get the list of organization addresses where the user has write
- access
+ description: Get the list of organization addresses the user belongs to
produces:
- application/json
responses:
@@ -1297,7 +1320,7 @@ paths:
$ref: '#/definitions/errors.Error'
security:
- BearerAuth: []
- summary: Get writable organization addresses
+ summary: Get a list of addresses the user belongs to
tags:
- auth
/auth/login:
@@ -1330,6 +1353,79 @@ paths:
summary: Login to get a JWT token
tags:
- auth
+ /auth/oauth/link:
+ post:
+ consumes:
+ - application/json
+ description: Link an OAuth provider to an existing authenticated account
+ parameters:
+ - description: OAuth link information
+ in: body
+ name: request
+ required: true
+ schema:
+ $ref: '#/definitions/apicommon.OAuthLinkRequest'
+ produces:
+ - application/json
+ responses:
+ "200":
+ description: OK
+ schema:
+ type: string
+ "400":
+ description: Invalid provider or provider already linked
+ schema:
+ $ref: '#/definitions/errors.Error'
+ "401":
+ description: Unauthorized or signature verification failed
+ schema:
+ $ref: '#/definitions/errors.Error'
+ "500":
+ description: Internal server error
+ schema:
+ $ref: '#/definitions/errors.Error'
+ security:
+ - BearerAuth: []
+ summary: Link OAuth provider to account
+ tags:
+ - auth
+ /auth/oauth/unlink/{provider}:
+ delete:
+ consumes:
+ - application/json
+ description: Unlink an OAuth provider from an authenticated account. Cannot
+ unlink the last authentication method.
+ parameters:
+ - description: OAuth provider name (google, github, facebook)
+ in: path
+ name: provider
+ required: true
+ type: string
+ produces:
+ - application/json
+ responses:
+ "200":
+ description: OK
+ schema:
+ type: string
+ "400":
+ description: Invalid provider, provider not linked, or cannot unlink last
+ auth method
+ schema:
+ $ref: '#/definitions/errors.Error'
+ "401":
+ description: Unauthorized
+ schema:
+ $ref: '#/definitions/errors.Error'
+ "500":
+ description: Internal server error
+ schema:
+ $ref: '#/definitions/errors.Error'
+ security:
+ - BearerAuth: []
+ summary: Unlink OAuth provider from account
+ tags:
+ - auth
/auth/refresh:
post:
consumes:
|
Pull Request Test Coverage Report for Build 19175006934Details
💛 - Coveralls |
elboletaire
force-pushed
the
f/multiple-oauth-providers-286
branch
3 times, most recently
from
de6cac8 to
b9bbd1a
Compare
- Adds a migration to make the user.password field non mandatory - Also creates the "oauth" object field for any existing user - The oauth login/signup endpoint now expects a "provider" key with the provider used (either google, facebook or github right now) - Added some extra useful information to the provider because why not - The down migration takes into consideration possible existing OAuth users with the new format, moving their new password to the old "password" field, to give some kind of backwards compatibility (and also to not break the migrations) refs #286
- Added a hasPassword field to the profile (/me) response - Also added a providers field to the same profile response with an array of already linked providers refs #286
elboletaire
force-pushed
the
f/multiple-oauth-providers-286
branch
from
cd4e364 to
a3af981
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
refs #286