Difference between revisions of "LoginUserPassword"

From Gvp-public
Jump to navigation Jump to search
 
(5 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{Api_Method_Spec|
 
{{Api_Method_Spec|
Description=This method can be used by Trusted Devices to generate a token. The generated Token will carry all the information regarding the device, user, etc. and is required to consume most of the methods of UNIAPI with specific user context. The token generated is valid during the next 24 hours (configurable in GVP).
+
Description=This method can be used by to generate a valid token based on the users' credentials. The generated Token will carry all the information regarding the device, user, etc. and is required to consume most of the methods of UNIAPI with specific user context. The token generated is valid during the next 24 hours (configurable in GVP).
  
 
The logged token can be easily identified because it starts with the chars: <span style="color: #a11;">AU_</span>
 
The logged token can be easily identified because it starts with the chars: <span style="color: #a11;">AU_</span>
 
This method will verify that the Device(deviceType/deviceId) provided is linked to the current user as TrustedDevice, and it will verify that the Device is enabled.
 
  
 
The UNIAPI will only allow users in Active status to login (excluded and suspended users will return an exception). For users in AwaitingEmailConfirmation status, it depends on a flag configured at instance level (''GVP_INSTANCES.AllowLoginBeforeEmailConfirmationFlag''):
 
The UNIAPI will only allow users in Active status to login (excluded and suspended users will return an exception). For users in AwaitingEmailConfirmation status, it depends on a flag configured at instance level (''GVP_INSTANCES.AllowLoginBeforeEmailConfirmationFlag''):
 
* If ''AllowLoginBeforeEmailConfirmationFlag = true'', if the user tries to login in AwaitingEmailConfirmation status, the login will be allowed and the user status will be changed to Active status.
 
* If ''AllowLoginBeforeEmailConfirmationFlag = true'', if the user tries to login in AwaitingEmailConfirmation status, the login will be allowed and the user status will be changed to Active status.
 
* If ''AllowLoginBeforeEmailConfirmationFlag = false'', then [[UNIAPI_Specification#UserNotYetActivatedException|UserNotYetActivatedException]] is thrown.
 
* If ''AllowLoginBeforeEmailConfirmationFlag = false'', then [[UNIAPI_Specification#UserNotYetActivatedException|UserNotYetActivatedException]] is thrown.
 
  
  
Line 16: Line 13:
  
 
The user can be marked as Geoblocking whitelist (inside User Profile, GVP_USERS). In this case, the Geoblocking is not applied for this user.
 
The user can be marked as Geoblocking whitelist (inside User Profile, GVP_USERS). In this case, the Geoblocking is not applied for this user.
 
  
 
==== BI ====
 
==== BI ====
Line 26: Line 22:
 
|ParamType=int
 
|ParamType=int
 
|ParamRequired=required
 
|ParamRequired=required
|ParamDescription=The device type code (see #DeviceTypeCodes enumeration to know the list of device types allowed)
+
|ParamDescription=The device type code (see [[DeviceType]] enumeration to know the list of device types allowed)
 
}}
 
}}
 
{{Api_Parameter|
 
{{Api_Parameter|
Line 52: Line 48:
  
 
{
 
{
:    [[Login]] Object
+
:  "[[StatusCode]]": 0,
 +
:  "[[Severity]]": 1,
 +
:  "StatusMessage": "OK",
 +
:  "Content": {
 +
::    [[Login]] Object
 +
:  }
 
}
 
}
 +
 
|Exceptions=
 
|Exceptions=
 
* [[InvalidUserException]]
 
* [[InvalidUserException]]

Latest revision as of 09:08, 22 October 2015

Description

This method can be used by to generate a valid token based on the users' credentials. The generated Token will carry all the information regarding the device, user, etc. and is required to consume most of the methods of UNIAPI with specific user context. The token generated is valid during the next 24 hours (configurable in GVP).

The logged token can be easily identified because it starts with the chars: AU_

The UNIAPI will only allow users in Active status to login (excluded and suspended users will return an exception). For users in AwaitingEmailConfirmation status, it depends on a flag configured at instance level (GVP_INSTANCES.AllowLoginBeforeEmailConfirmationFlag):

  • If AllowLoginBeforeEmailConfirmationFlag = true, if the user tries to login in AwaitingEmailConfirmation status, the login will be allowed and the user status will be changed to Active status.
  • If AllowLoginBeforeEmailConfirmationFlag = false, then UserNotYetActivatedException is thrown.


Geo-Location

This method applies GeoLocation restriction. It extracts the IP address from the request and retrieves the Country of the IP from the MaxMind Database. Then, it verifies if the Country from where the request was generated is linked to the instance (GVP_INSTANCES). If not, UserTryingToRoamingException exception is thrown.

The user can be marked as Geoblocking whitelist (inside User Profile, GVP_USERS). In this case, the Geoblocking is not applied for this user.

BI

This method creates an entry in GVP_LogLogin collection (even if the login was successful or not)

Parameters

  • deviceType (int, required)
The device type code (see DeviceType enumeration to know the list of device types allowed)
  • instanceId (int, required)
The id of the instance (OB) for the current environment. This ID might vary depending on the environment.
  • userName (String, required)
E-mail from the user that wants to recover the password.
  • password (String, required)
Password sets by the customer in his settings.


Returns

Returns a JSON object containing the generated token and its expiration time (in UnixTimestamp format).

Example:

{

"StatusCode": 0,
"Severity": 1,
"StatusMessage": "OK",
"Content": {
Login Object
}

}


Exceptions


Caching

This method is not cached.


Known issues

None


Version history

API Version Number Change description Changes author
1.0 Initial method design Harley Cabral
2.1 Added AllowLoginBeforeEmailConfirmationFlag business logic. Harley Cabral


See also