LoginUserPassword

From Gvp-public
Revision as of 18:46, 4 June 2014 by Rcalvo (talk | contribs)
Jump to navigation Jump to search

Description

This method can be used by Trusted Devices to generate a token. The generated Token will carry all the information regarding the device, user, etc. and is required to consume most of the methods of UNIAPI with specific user context. The token generated is valid during the next 24 hours (configurable in GVP).

The logged token can be easily identified because it starts with the chars: AU_

This method will verify that the Device(deviceType/deviceId) provided is linked to the current user as TrustedDevice, and it will verify that the Device is enabled.

The UNIAPI will only allow users in Active status to login (excluded and suspended users will return an exception). For users in AwaitingEmailConfirmation status, it depends on a flag configured at instance level (GVP_INSTANCES.AllowLoginBeforeEmailConfirmationFlag):

  • If AllowLoginBeforeEmailConfirmationFlag = true, if the user tries to login in AwaitingEmailConfirmation status, the login will be allowed and the user status will be changed to Active status.
  • If AllowLoginBeforeEmailConfirmationFlag = false, then UserNotYetActivatedException is thrown.

TODO: link with enumeration.


Geo-Location

This method applies GeoLocation restriction. It extracts the IP address from the request and retrieves the Country of the IP from the MaxMind Database. Then, it verifies if the Country from where the request was generated is linked to the instance (GVP_INSTANCES). If not, UserTryingToRoamingException exception is thrown.

The user can be marked as Geoblocking whitelist (inside User Profile, GVP_USERS). In this case, the Geoblocking is not applied for this user.


BI

This method creates an entry in GVP_LogLogin collection (even if the login was successful or not)

Parameters

  • deviceType (int, required)
The device type code (see #DeviceTypeCodes enumeration to know the list of device types allowed)
  • instanceId (int, required)
The id of the instance (OB) for the current environment. This ID might vary depending on the environment.
  • userName (String, required)
E-mail from the user that wants to recover the password.
  • password (String, required)
Password sets by the customer in his settings.


Returns

Returns a JSON object containing the generated token and its expiration time (in UnixTimestamp format).

Example:

{

Login Object

}


Exceptions

Caching

This method is not cached.


Known issues

None


Version history

API Version Number Change description Changes author
1.0 Initial method design Harley Cabral
2.1 Added AllowLoginBeforeEmailConfirmationFlag business logic. Harley Cabral


See also