Authentication and Authorization

This method is necessary for getting access to the system and any thurther interaction

Information request

Two ways of authentication are provided:

1. login + password combination in GET request parameters

--------------------------
login      | test_user 
password   | api_password
--------------------------

User’s email could also be used as a parameter in said combination (instead of login):

--------------------------------
email      | test_user@mail.com
password   | api_password
--------------------------------

2. login POST request and JWT token.

   In request <url_smartroad>/api/<version>/login body, next code expected to be inserted into.

{
    "username": "test_user",
    "password": "api_password"
}

Response:
{
    "access_token": "<new_access_token>",
    "refresh_token": "<new_refresh_token>",
    "expires_in": 900
}

For the next step use resulted JWT and insert it into Authentication request block with Bearer Token type selected.

When current token expires, update it by <url_smartroad>/api/<version>/token/refresh POST request: refresh_token value from previous request should be inserted into current request body.

{
    "token": "<refresh_token>"
}

Response: 
{
    "access_token": "<new_access_token>",
    "refresh_token": "<new_refresh_token>",
    "expires_in": 900
}

Authorization is required for any further requests.

Error handling

Sending request with spelling mistakes in login/refresh

Types of incorrect request:

---------------------------------------------------
https://{ip}:{port}/api/{version}/loooooofhgin
---------------------------------------------------

or

---------------------------------------------------
https://{ip}:{port}/api/{version}/refffffffffresh
---------------------------------------------------

the following response is expected to be received:

401 Unauthorized:
{
    "error": "Authorization header or login/email and password parameters are required"
}

Sending username instead of login parameter in request body

{
    "login": "test_user",
    "password": "api_password"
}

the following response is expected to be received:

404 Not Found
{
    "code": "PGRST202",
    "details": "Searched for the function api.login with parameters login, password or with a single unnamed json/jsonb parameter, but no matches were found in the schema cache.",
    "hint": "Perhaps you meant to call the function api.login(email, password, username)",
    "message": "Could not find the function api.login(login, password) in the schema cache"
}

Sending wrong login data in request body, the following response is expected to be received:

401 Unauthorized:
{
    "code": "PT401",
    "details": "Пользователь c параметрами: [test_user1] не может быть найден в системе или его учетная запись в настоящее время неактивна",
    "hint": "Убедитесь, что данные переданы правильно, и убедитесь, что учетная запись активна",
    "message": "Пользователь c параметрами: [test_user1] не найден или не активен"
}

Sending request with missing login in request body

--------------------------
login      |      //login missing
password   | api_password
--------------------------

the following response is expected to be received:

401 Unauthorized:
{
    "code": "PT401",
    "details": null,
    "hint": null,
    "message": "Должен быть передан один из параметров username или email"
}

Sending request with missing login and password

--------------------------
login      |      //login missing
password   |      //password missing
--------------------------

the following response is expected to be received:

404 Not Found
{
    "code": "PGRST202",
    "details": "Searched for the function api.login without parameters or with a single unnamed json/jsonb parameter, but no matches were found in the schema cache.",
    "hint": null,
    "message": "Could not find the function api.login without parameters in the schema cache"
}

Sending wrong password data in request body

--------------------------
login      | test_user
password   | wrong_password 
--------------------------

the following response is expected to be received:

403 Forbidden:
{
    "code": "PT403",
    "details": "The password provided for the user [test_user] is incorrect and does not match the stored credentials",
    "hint": "Check the password",
    "message": "User: [test_user] invalid password"
}  

Sending request with missing password in request body

--------------------------
login      | test_user
password   |      //password missing
--------------------------

the following response is expected to be received:

404 Not Found:
{
    "code": "PGRST202",
    "details": "Searched for the function api.login with parameter username or with a single unnamed json/jsonb parameter, but no matches were found in the schema cache.",
    "hint": "Perhaps you meant to call the function api.login(email, password, username)",
    "message": "Could not find the function api.login(username) in the schema cache"
}

Sending empty password value in request body, the following response is expected to be received:

401 Unauthorized:
{
    "code": "PT401",
    "details": null,
    "hint": null,
    "message": "Пароль не может быть пустым"
}