README
¶
Users service
Users service provides an HTTP API for managing users. Through this API clients are able to do the following actions:
- register new accounts
- obtain access tokens
- verify access tokens
For in-depth explanation of the aforementioned scenarios, as well as thorough understanding of Mainflux, please check out the official documentation.
Configuration
The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.
| Variable | Description | Default |
|---|---|---|
| MF_USERS_LOG_LEVEL | Log level for Users (debug, info, warn, error) | error |
| MF_USERS_DB_HOST | Database host address | localhost |
| MF_USERS_DB_PORT | Database host port | 5432 |
| MF_USERS_DB_USER | Database user | mainflux |
| MF_USERS_DB_PASSWORD | Database password | mainflux |
| MF_USERS_DB | Name of the database used by the service | users |
| MF_USERS_DB_SSL_MODE | Database connection SSL mode (disable, require, verify-ca, verify-full) | disable |
| MF_USERS_DB_SSL_CERT | Path to the PEM encoded certificate file | |
| MF_USERS_DB_SSL_KEY | Path to the PEM encoded key file | |
| MF_USERS_DB_SSL_ROOT_CERT | Path to the PEM encoded root certificate file | |
| MF_USERS_HTTP_PORT | Users service HTTP port | 8180 |
| MF_USERS_SERVER_CERT | Path to server certificate in pem format | |
| MF_USERS_SERVER_KEY | Path to server key in pem format | |
| MF_USERS_ADMIN_EMAIL | Default user, created on startup | |
| MF_USERS_ADMIN_PASSWORD | Default user password, created on startup | |
| MF_JAEGER_URL | Jaeger server URL | localhost:6831 |
| MF_EMAIL_HOST | Mail server host | localhost |
| MF_EMAIL_PORT | Mail server port | 25 |
| MF_EMAIL_USERNAME | Mail server username | |
| MF_EMAIL_PASSWORD | Mail server password | |
| MF_EMAIL_FROM_ADDRESS | Email "from" address | |
| MF_EMAIL_FROM_NAME | Email "from" name | |
| MF_EMAIL_BASE_TEMPLATE | Path to base template for e-mails sent from the service | base.tmpl |
| MF_HOST | URL Path of the frontend included in user-facing e-mails | http://localhost |
| MF_REQUIRE_EMAIL_VERIFICATION | Whether e-mail verification is required during self-registration | false |
| MF_INVITE_DURATION | Duration of validity of created platform invites | 168h |
Deployment
The service itself is distributed as Docker container. Check the users service section in
docker-compose to see how service is deployed.
To start the service outside of the container, execute the following shell script:
# download the latest version of the service
git clone https://github.com/MainfluxLabs/mainflux
cd mainflux
# compile the service
make users
# copy binary to bin
make install
# set the environment variables and run the service
MF_USERS_LOG_LEVEL=[Users log level] \
MF_USERS_DB_HOST=[Database host address] \
MF_USERS_DB_PORT=[Database host port] \
MF_USERS_DB_USER=[Database user] \
MF_USERS_DB_PASS=[Database password] \
MF_USERS_DB=[Name of the database used by the service] \
MF_USERS_DB_SSL_MODE=[SSL mode to connect to the database with] \
MF_USERS_DB_SSL_CERT=[Path to the PEM encoded certificate file] \
MF_USERS_DB_SSL_KEY=[Path to the PEM encoded key file] \
MF_USERS_DB_SSL_ROOT_CERT=[Path to the PEM encoded root certificate file] \
MF_USERS_HTTP_PORT=[Service HTTP port] \
MF_USERS_SERVER_CERT=[Path to server certificate] \
MF_USERS_SERVER_KEY=[Path to server key] \
MF_JAEGER_URL=[Jaeger server URL] \
MF_EMAIL_HOST=[Mail server host] \
MF_EMAIL_PORT=[Mail server port] \
MF_EMAIL_USERNAME=[Mail server username] \
MF_EMAIL_PASSWORD=[Mail server password] \
MF_EMAIL_FROM_ADDRESS=[Email from address] \
MF_EMAIL_FROM_NAME=[Email from name] \
MF_EMAIL_TEMPLATE=[Email template file] \
MF_TOKEN_RESET_ENDPOINT=[Password reset token endpoint] \
$GOBIN/mainfluxlabs-users
If MF_EMAIL_TEMPLATE doesn't point to any file service will function but password reset functionality will not work.
Usage
For more information about service capabilities and its usage, please check out the API documentation.
Documentation
¶
Index ¶
- Constants
- Variables
- type EmailVerification
- type EmailVerificationRepository
- type Emailer
- type Hasher
- type Metadata
- type PageMetadata
- type PageMetadataInvites
- type PlatformInvite
- type PlatformInvites
- type PlatformInvitesPage
- type PlatformInvitesRepository
- type Service
- type User
- type UserPage
- type UserRepository
Constants ¶
View Source
const ( UserTypeInvitee = "invitee" UserTypeInviter = "inviter" InviteStatePending = "pending" InviteStateExpired = "expired" InviteStateRevoked = "revoked" InviteStateAccepted = "accepted" InviteStateDeclined = "declined" )
View Source
const ( EnabledStatusKey = "enabled" DisabledStatusKey = "disabled" AllStatusKey = "all" )
Variables ¶
View Source
var ( // ErrRecoveryToken indicates error in generating password recovery token. ErrRecoveryToken = errors.New("failed to generate password recovery token") // ErrPasswordFormat indicates weak password. ErrPasswordFormat = errors.New("password does not meet the requirements") // ErrAlreadyEnabledUser indicates the user is already enabled. ErrAlreadyEnabledUser = errors.New("the user is already enabled") // ErrAlreadyDisabledUser indicates the user is already disabled. ErrAlreadyDisabledUser = errors.New("the user is already disabled") // ErrEmailVerificationExpired indicates that the e-mail verification token has expired. ErrEmailVerificationExpired = errors.New("e-mail verification token expired") // ErrSelfRegisterDisabled indicates that self-registration is disabled in the service config. ErrSelfRegisterDisabled = errors.New("self register disabled") )
Functions ¶
This section is empty.
Types ¶
type EmailVerification ¶ added in v0.29.0
type EmailVerificationRepository ¶ added in v0.29.0
type EmailVerificationRepository interface {
// Save persists the EmailVerification.
Save(ctx context.Context, verification EmailVerification) (string, error)
// RetrieveByToken retrieves an EmailVerification based on its token.
RetrieveByToken(ctx context.Context, token string) (EmailVerification, error)
// Remove removes an EmailVerification from the database.
Remove(ctx context.Context, token string) error
}
type Emailer ¶
type Emailer interface {
SendPasswordReset(To []string, redirectPath, token string) error
SendEmailVerification(To []string, redirectPath, token string) error
SendPlatformInvite(to []string, inv PlatformInvite, redirectPath string) error
}
Emailer wrapper around the email
type Hasher ¶
type Hasher interface {
// Hash generates the hashed string from plain-text.
Hash(string) (string, error)
// Compare compares plain-text version to the hashed one. An error should
// indicate failed comparison.
Compare(string, string) error
}
Hasher specifies an API for generating hashes of an arbitrary textual content.
type Metadata ¶
Metadata to be used for Mainflux thing or profile for customized describing of particular thing or profile.
type PageMetadata ¶
type PageMetadata struct {
Total uint64
Offset uint64
Limit uint64
Email string
Status string
Metadata Metadata
Order string
Dir string
}
PageMetadata contains page metadata that helps navigation.
type PageMetadataInvites ¶ added in v0.30.0
type PageMetadataInvites struct {
apiutil.PageMetadata
State string `json:"state,omitempty"`
}
type PlatformInvite ¶ added in v0.30.0
type PlatformInvites ¶ added in v0.30.0
type PlatformInvites interface {
// CreatePlatformInvite creates a pending platform Invite for the appropriate email address.
// The user can optionally also be invited to an Organization with a certain role - the invites become visible once the user
// completes registration via the platform invite. Only usable by the platform Root Admin.
CreatePlatformInvite(ctx context.Context, token, redirectPath, email, orgID, role string) (PlatformInvite, error)
// RevokePlatformInvite revokes a specific pending PlatformInvite. Only usable by the platform Root Admin.
RevokePlatformInvite(ctx context.Context, token, inviteID string) error
// ViewPlatformInvite retrieves a single PlatformInvite denoted by its ID. Only usable by the platform Root Admin.
ViewPlatformInvite(ctx context.Context, token, inviteID string) (PlatformInvite, error)
// ListPlatformInvites retrieves a list of platform invites. Only usable by the platform Root Admin.
ListPlatformInvites(ctx context.Context, token string, pm PageMetadataInvites) (PlatformInvitesPage, error)
// ValidatePlatformInvite checks if there exists a valid, pending, non-expired platform invite in the database that matches
// the passed ID and user e-mail. If so, it marks that invite's state as 'accepted', and returns nil.
// If no such valid platform invite is found in the database, it instead returns errors.ErrAuthorization.
ValidatePlatformInvite(ctx context.Context, inviteID, email string) error
// SendPlatformInviteEmail sends an e-mail notifying the invitee about the corresponding platform invite.
SendPlatformInviteEmail(ctx context.Context, invite PlatformInvite, redirectPath string) error
}
type PlatformInvitesPage ¶ added in v0.30.0
type PlatformInvitesPage struct {
Invites []PlatformInvite
apiutil.PageMetadata
}
type PlatformInvitesRepository ¶ added in v0.30.0
type PlatformInvitesRepository interface {
// SavePlatformInvite saves one or more pending platform invites to the repository.
SavePlatformInvite(ctx context.Context, invites ...PlatformInvite) error
// RetrievePlatformInviteByID retrieves a single platform invite by its ID.
RetrievePlatformInviteByID(ctx context.Context, inviteID string) (PlatformInvite, error)
// RetrievePlatformInvites retrieves a list of platform invites.
RetrievePlatformInvites(ctx context.Context, pm PageMetadataInvites) (PlatformInvitesPage, error)
// UpdatePlatformInviteState updates the state of a specific platform invite denoted by its ID.
UpdatePlatformInviteState(ctx context.Context, inviteID, state string) error
}
type Service ¶
type Service interface {
// SelfRegister carries out the first stage of own account registration: it
// creates a pending e-mail verification entity and sends the user an e-mail
// with a URL containing a token used to verify the e-mail address and complete
// registration.
SelfRegister(ctx context.Context, user User, redirectPath string) (string, error)
// VerifyEmail completes the self-registration process by matching the provided
// email verification token against the database. If the token is valid and not expired, the e-mail
// is considered verified a new User is fully registered.
// Returns the ID of the newly-registered User upon success.
VerifyEmail(ctx context.Context, confirmationToken string) (string, error)
// RegisterByInvite performs user registration based on a platform invite.
// inviteID must correspond to a valid, pending and non-expired platform invite, and the user's supplied
// e-mail address must match the e-mail address of that platform invite. Upon success, marks the associated
// invite's state as 'accepted'. Returns the ID of the newly registered user.
RegisterByInvite(ctx context.Context, user User, inviteID, orgInviteRedirectPath string) (string, error)
// Register creates new user account. In case of the failed registration, a
// non-nil error value is returned. The user registration is only allowed
// for admin.
Register(ctx context.Context, token string, user User) (string, error)
// RegisterAdmin creates new root admin account. In case of the failed registration, a
// non-nil error value is returned. The user registration is only allowed
// for root admin.
RegisterAdmin(ctx context.Context, user User) error
// Login authenticates the user given its credentials. Successful
// authentication generates new access token. Failed invocations are
// identified by the non-nil error values in the response.
Login(ctx context.Context, user User) (string, error)
// ViewUser retrieves user info for a given user ID and an authorized token.
ViewUser(ctx context.Context, token, id string) (User, error)
// ViewProfile retrieves user info for a given token.
ViewProfile(ctx context.Context, token string) (User, error)
// ListUsers retrieves users list for a valid admin token.
ListUsers(ctx context.Context, token string, pm PageMetadata) (UserPage, error)
// ListUsersByIDs retrieves users list for the given IDs.
ListUsersByIDs(ctx context.Context, ids []string, pm PageMetadata) (UserPage, error)
// ListUsersByEmails retrieves users list for the given emails.
ListUsersByEmails(ctx context.Context, emails []string) ([]User, error)
// UpdateUser updates the user metadata.
UpdateUser(ctx context.Context, token string, user User) error
// GenerateResetToken email where mail will be sent.
GenerateResetToken(ctx context.Context, email, redirectPath string) error
// ChangePassword change users password for authenticated user.
ChangePassword(ctx context.Context, token, email, password, oldPassword string) error
// ResetPassword change users password in reset flow.
// token can be authentication token or password reset token.
ResetPassword(ctx context.Context, resetToken, password string) error
// SendPasswordReset sends reset password link to email.
SendPasswordReset(ctx context.Context, redirectPath, email, token string) error
// EnableUser logically enables the user identified with the provided ID
EnableUser(ctx context.Context, token, id string) error
// DisableUser logically disables the user identified with the provided ID
DisableUser(ctx context.Context, token, id string) error
// Backup returns admin and all users. Only accessible by admin.
Backup(ctx context.Context, token string) (User, []User, error)
// Restore restores users from backup. Only accessible by admin.
Restore(ctx context.Context, token string, admin User, users []User) error
PlatformInvites
}
Service specifies an API that must be fulfilled by the domain service implementation, and all of its decorators (e.g. logging & metrics).
func New ¶
func New(users UserRepository, verifications EmailVerificationRepository, invites PlatformInvitesRepository, inviteDuration time.Duration, emailVerifyEnabled bool, selfRegisterEnabled bool, hasher Hasher, auth protomfx.AuthServiceClient, e Emailer, idp uuid.IDProvider) Service
New instantiates the users service implementation
type User ¶
type User struct {
ID string
Email string
Password string
Metadata Metadata
Status string
Role string
}
User represents a Mainflux user account. Each user is identified given its email and password.
type UserRepository ¶
type UserRepository interface {
// Save persists the user account. A non-nil error is returned to indicate
// operation failure.
Save(ctx context.Context, u User) (string, error)
// UpdateUser updates the user metadata.
UpdateUser(ctx context.Context, u User) error
// RetrieveByEmail retrieves user by its unique identifier (i.e. email).
RetrieveByEmail(ctx context.Context, email string) (User, error)
// RetrieveByID retrieves user by its unique identifier ID.
RetrieveByID(ctx context.Context, id string) (User, error)
// RetrieveByIDs retrieves all users for given array of userIDs.
RetrieveByIDs(ctx context.Context, userIDs []string, pm PageMetadata) (UserPage, error)
// UpdatePassword updates password for user with given email
UpdatePassword(ctx context.Context, email, password string) error
// ChangeStatus changes users status to enabled or disabled
ChangeStatus(ctx context.Context, id, status string) error
// BackupAll retrieves all users.
BackupAll(ctx context.Context) ([]User, error)
}
UserRepository specifies an account persistence API.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
api
|
|
|
grpc
Package grpc contains implementation of users service gRPC API.
|
Package grpc contains implementation of users service gRPC API. |
|
http
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations.
|
Package api contains API-related concerns: endpoint definitions, middlewares and all resource representations. |
|
Package bcrypt provides a hasher implementation utilizing bcrypt.
|
Package bcrypt provides a hasher implementation utilizing bcrypt. |
|
Package postgres contains repository implementations using PostgreSQL as the underlying database.
|
Package postgres contains repository implementations using PostgreSQL as the underlying database. |
|
Package tracing contains middlewares that will add spans to existing traces.
|
Package tracing contains middlewares that will add spans to existing traces. |
Click to show internal directories.
Click to hide internal directories.