REST API¶

EXT:login depends on a EXT:routes which is a yaml routes provider.

That way we ship a couple of useful routes out of the box.

Fetch currently logged in user information¶

curl --location --request GET 'api/login/users/current' \
    --header 'Content-Type: application/json' \
    --header 'Accept: application/json' \
    --header 'Cookie: fe_typo_user=bb9c335567f3330d668d2fbe394606ec' \
    --header 'X-CSRF-TOKEN: bb9c335567f3330d668d2fbe394606ec'

Note

Guarded by auth middleware.

[
    {
        "address": "",
        "city": "",
        "company": "",
        "country": "",
        "crdate": 0,
        "email": "user@example.com",
        "endtime": 0,
        "fax": "",
        "firstName": "Serhii",
        "forgotPasswordFormUrl": "",
        "image": null,
        "lastName": "Borulko",
        "lockMinutesInterval": 10,
        "locked": false,
        "loggedIn": true,
        "middleName": "",
        "name": "",
        "notLocked": true,
        "online": true,
        "telephone": "",
        "timeToUnlock": true,
        "title": "",
        "tstamp": 1582719491,
        "uid": 1,
        "unlockActionUrl": "",
        "username": "user",
        "www": "",
        "zip": ""
    }
]

Gives us an answer if the session is authenticated¶

curl --location --request GET 'api/login/users/authenticated' \
    --header 'Content-Type: application/json' \
    --header 'Accept: application/json'

{
    "authenticated": true
}

Terminates the existing session for the user. (Force logout)¶

curl --location --request GET 'api/login/logins/logout' \
    --header 'Content-Type: application/json' \
    --header 'Accept: application/json' \
    --header 'Cookie: fe_typo_user=bb9c335567f3330d668d2fbe394606ec' \
    --header 'X-CSRF-TOKEN: bb9c335567f3330d668d2fbe394606ec'

Note

Guarded by auth middleware.

Plain authentication attempt¶

curl --location --request POST 'http://login.ddev.site/api/login/logins/auth' \
    --header 'Content-Type: application/json' \
    --header 'Accept: application/json' \
    --data-raw '{"username":"user", "password":"passs", "remember":true}'

Note

Guarded by Throttle middleware with limited to 50 failed attempts.

Error response

{
    "errors": {
        "username": [
            "Provided username is not found."
        ],
        "password": [
            "Password is invalid"
        ]
    }
}

Success response

{
    "redirect": "http:example.com/after_login/sent"
}

Magic link request¶

curl --location --request POST 'http://login.ddev.site/api/login/magic-link' \
    --header 'Content-Type: application/json' \
    --header 'Accept: application/json' \
    --data-raw '{"email":"dummy@example.com"}'

Error response

{
    "errors": {
        "email": [
            "This email address is not connected to any user in our system."
        ]
    }
}

Success response

{
    "redirect": "http:example.com/after_magic_link/sent"
}

Forgot password request¶

curl --location --request POST 'http://login.ddev.site/api/login/reset-password-link' \
    --header 'Content-Type: application/json' \
    --header 'Accept: application/json' \
    --data-raw '{"email":"dummy@example.com"}'

Error response

{
    "errors": {
        "email": [
            "This email address is not connected to any user in our system."
        ]
    }
}

Success response

{
    "redirect": "http:example.com/after_forgot_password/sent"
}