...
- POST /register
- Send email to configured address abot
- E-mail address must be unique
Account approval
- Add approval endpoint, only available to admin or with token
- GET /requests/
- PUT /requests/user/
- Approve/Deny
- Send email to user
- Template
...
- Implement password hashing (bcrypy + salt)
- Add account status (approved unapproved)
- Add change password endpoint (authenticated user)
- /accounts/user/password?currentPassword=&newPasword=
- POST body:
- { "currentPassword": "123456", "newPassword": "this.is.actually.a.much.much.better.password" }
- Forgot password
- /accounts/user/password?email={email@email.com}
- POST body:
- { "email": "email@email.com" }
- send a reset password e-mail to the account matching this e-mail address
- { "user": "namespace" }
- send a reset password e-mail to the account matching this username / namespace
- { "email": "email@email.com" }
- Send email to user with link with temporary password that must be changed on login
...