On 07/10/2016 14:08, John Peter wrote:
Does end-user require any setting to perform below requests. I always get
"HTTP Status 401 - User not authenticated".
POST
<http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
/users/self/changePassword
<http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/changePassword>
This endpoint is only accessible by users which were flagged with
'MustChangePassword' (from the admin console, for example).
POST
<http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
/users/self/confirmPasswordReset
<http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/confirmPasswordReset>
This is only accessible as anonymous (if you are resetting your
password, then you should not be able to authenticate).
POST
<http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
/users/self/requestPasswordReset
<http://135.249.22.223:8080/syncope/swagger/#%21/users%2Fself/requestPasswordReset>
This is only accessible as anonymous (if you want to reset your
password, then you should not be able to authenticate).
You can take a look at how dealing with such REST endpoints is supposed
to work by taking a look at
https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L256
for the password reset process and
https://github.com/apache/syncope/blob/2_0_X/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java#L358
for handling 'MustChangePassword'.
If you are instead only trying to understand how an user can update his
own password, then the REST endpoint is
PATCH /users/self
or
PUT /users/self
depending on the payload.
HTH
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
