Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User shall be able to change his/her mail adress by REST API #3583

Open
de-jcup opened this issue Nov 5, 2024 · 1 comment · May be fixed by #3821
Open

User shall be able to change his/her mail adress by REST API #3583

de-jcup opened this issue Nov 5, 2024 · 1 comment · May be fixed by #3821
Assignees
@lorriborri

Comments

@de-jcup
Copy link
Member

de-jcup commented Nov 5, 2024
edited by lorriborri
Loading

Situation

Currently only an administrator is able to change the user mail address

Wanted

A user shall be able to change his/her email address via REST.
The process shall ensure that the user has access to the mail address.

Solution

Should also work with go client
The process shall be similar to the registration process

REST:

  1. User request mail change over web-ui or go client with initial authenticated request:
    POST /api/mamangement/user/email/
    body={newEmail}
  2. SecHub Server checks request and sends verification link to new mail address (link valid for 24h)
  • generates JWT token
  • encrypts new email address
  • sends link: POST /user/change-email?accessToken=&email=
  • URL must be open to unauthenticated
  1. When user verifies the new mail, the mail is changed by the server
  2. The user is redirected to the login page (the Go client might ignore/ open browser)
  3. A notification is send to the old mail address
@de-jcup
Copy link
Member Author

de-jcup commented Nov 5, 2024

The process is related to #2374 - the rules shall be applied to user mail address changes from user side but also from administrator side!

lorriborri added a commit that referenced this issue Jan 22, 2025
@lorriborri
Added UC, openapi and path #3583
45eb3f8
lorriborri added a commit that referenced this issue Jan 22, 2025
@lorriborri
Basic functions and classes #3583
ebbcba6 
- NOT buildable
@lorriborri lorriborri self-assigned this Jan 22, 2025
@lorriborri lorriborri linked a pull request Jan 22, 2025 that will close this issue
Draft
lorriborri added a commit that referenced this issue Jan 31, 2025
@lorriborri
Added tests and JWT token #3583
1226a27 
- some tests are not working
lorriborri added a commit that referenced this issue Feb 4, 2025
@lorriborri
Added ControllerTest and RestDoc Tests #3583
9c32b97
lorriborri added a commit that referenced this issue Feb 4, 2025
@lorriborri
Added first INT test #3583
d1b5e67
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lorriborri lorriborri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

User self service: change own mail address mercedes-benz/sechub
2 participants
@de-jcup @lorriborri