/rainlab-user-api

A simple and extendable HTTP API for RainLab.User plugin

Primary LanguagePHPMIT LicenseMIT

rainlab-user-api

Build status Code coverage Code style MIT License

A simple and extendable HTTP API for RainLab.User.

Installation & configuration

To install the API, run the following commands from your root October directory:

git clone git@github.com:scottbedard/rainlab-user-api.git plugins/bedard/rainlabuserapi

By default, all routes are grouped behind a /api/rainlab/user prefix. To override this, add the following to a .env file at the root of your October installation. Alternatively, you can use October's file based configuration.

RAINLAB_USER_API_PREFIX="/your/custom/prefix"

To disable the API completely, add the following environment variable:

RAINLAB_USER_API_ENABLE=false

Basic usage

To get the authenticated user, use the AccountManager class.

use Bedard\RainLabUserApi\Classes\AccountManager;

$user = AccountManager::getAuthenticatedUser();

Using this method to fetch the User model will trigger a bedard.rainlabuserapi.afterGetUser event. This can be useful when other data is needed with the user. As an example, here we'll configure the API to load the user's avatar.

public function boot()
{
    Event::listen('bedard.rainlabuserapi.afterGetUser', function ($user) {
        $user->load(['avatar']);
    });
}

Adding Middleware

All endpoints use a base controller that can be extended. This can be used to add middleware that make the responses consistent with the rest of your API. To do this, add the following to your Plugin.php file. See the October documentation for more information on using middleware.

public function boot()
{
    \Bedard\RainLabUserApi\Classes\ApiController::extend(function($controller) {
        $controller->middleware('Path\To\Custom\Middleware');
    });
}

Endpoints

POST: /api/rainlab/user/auth/login

Authenticate a user.

ANY: /api/rainlab/user/auth/logout

Log out the authenticated user.

ANY: /api/rainlab/user/auth/stop-impersonation

Stop impersonating a user.

POST: /api/rainlab/user/users

Create user and trigger activation process.

GET: /api/rainlab/user/users/activate/{code}

Activate a new user.

POST: /api/rainlab/user/users/forgot-password

Send the user a link to reset their password.

POST: /api/rainlab/user/users/reset-password

Reset a user's password.

GET: /api/rainlab/user/account

Get information about the authenticated user. This route uses the AuthMiddleware, authentication is required to access it.

POST: /api/rainlab/user/account

Updates information about the authenticated user. This route uses the AuthMiddleware, authentication is required to access it. When changing passwords with safe password updates enabled, the user's current password must be included in the request as password_current.

DELETE: /api/rainlab/user/account/avatar

Deletes the authenticated user's avatar. This route uses the AuthMiddleware, authentication is required to access it.

License

MIT

Copyright (c) 2018-present, Scott Bedard.