User registration¶
To register a new user with the website that hosts the module, an endpoint of
'user/mobile/register'
is used.
The app must post the following inputs:
Name |
Value |
---|---|
firstname |
Required. A first name. |
secondname |
Required. A last name. |
Required. An email address for the new user. |
|
password |
Required. A password for the new user account. |
appname |
Required (unless anonymous). Must match the app name that was configured. |
appsecret |
Required. Must match the app secret set for the app name in the module configuration. |
The following responses may be returned:
Status |
Message |
Logged message (if enabled) |
Cause |
---|---|---|---|
400 |
Bad request |
Missing parameter |
Email, password or appsecret missing. |
400 |
Bad request |
Missing or incorrect shared app secret |
Incorrect appname-appsecret combination. |
400 |
Invalid email |
Invalid email |
Fails the Drupal valid_email_address() test. |
400 |
Invalid password |
Password not strong enough |
Zero length password. |
401 |
Invalid password |
Invalid password |
An email for an existing user has been supplied. |
409 |
First or second name missmatch |
First or second name missmatch |
An email and password for an existing user have been supplied. |
400 |
Missing name parameter |
First or secondname empty |
Firsname or secondname empty. |
200 |
user secret
firstname
secondname
error
|
User email registered |
Successful registration of the user on the website returns the variables as indicated. This may end with any error from user registration on the warehouse. |
The app needs to save the user secret that is returned on successful registration to use when submitting records.
Please check the example.
Validation of new users¶
Having sent a user registration request as described above, the user is sent an email to validate that the address is correct. Within the email is a link to click which calls the validation service.
The endpoint for validation is user/mobile/activate/%/%
where the first % is substituted with the
Drupal user id and the second with a unique confirmation code. This is a simple GET request and there are
no values to POST.
If the user id and confirmation code match with expected values then
The user account is enabled.
The user is redirected to a page of the website declared in the configuration.
If logging is enabled a message
Activating user $uid with code $code
is saved.
If the user id and confirmation code do not match with expected values then the user is simply redirected to a page declared in the configuration. If the page to which the user is redirected is the <front> page, which is the default, the user will not be aware that there has been a problem.
User login¶
A user may need to connect an app to an existing account on the host website under various circumstances.
An app may allow a user to log out so that a different user may log in.
A user may install the app on multiple devices.
A user may have previously created an account via the host website.
A host website may support multiple apps, one of which has previously created an account.
Logging in through the module uses the same endpoint as registering a new user account user/mobile/register
.
The app must post the following inputs:
Name |
Value |
---|---|
Required. The email address for the existing user. |
|
password |
Required. The password for the existing user account. |
appname |
Required (unless anonymous). Must match the app name that was configured. |
appsecret |
Required. Must match the app secret set for the app name in the module configuration. |
The following responses may be returned:
Status |
Message |
Logged message (if enabled) |
Cause |
---|---|---|---|
400 |
Bad request |
Missing parameter |
Email, password or appsecret missing. |
400 |
Bad request |
Missing or incorrect shared app secret |
Incorrect appname-appsecret combination. |
400 |
Invalid email |
Invalid email |
Fails the Drupal valid_email_address() test. |
400 |
Invalid password |
Password not strong enough |
Zero length password. |
401 |
Invalid password |
Invalid password |
The password was not correct. |
400 |
Missing name parameter |
First or secondname empty |
The email was not that of an existing user. |
200 |
user secret
firstname
secondname
error
|
Creating new shared secret
(if new shared secret needed)
Associating indicia user id
(if new id is needed)
User email logged in
|
Successful registration of the user on the website returns the variables as indicated. This may end with any error from user registration on the warehouse. |
The app needs to save the user secret that is returned on successful log in to use when submitting records. It probably wants to save the firstname and secondname too, in order to report who is logged in.
Please check the example.