search

fuzzymatter / hush-api

Hush API server
0 stars 0 forks source link

User sign up #1

Open jakeklassen opened 6 years ago

jakeklassen commented 6 years ago

Requirements

As a user I should be able to sign up.

$ hush signup <email>
> Enter your name: Jake Klassen
A verification email has been sent to <email>. It will expire in 5 minutes.
> Enter verification code: AJ4DJ3

Welcome to Hush.

Here is your master password: "we-will-generate-this-for-you"

Do not lose this. You cannot reset your master password and will be
forced to create a new PGP keypair if you lose it. We recommend
using a password manager to avoid losing your master password!

If a user with <email> already exists, a friendly warning message is shown: A user with email <email> already exists., and the operation is aborted.

Technical Details

When the user has completed data entry via the CLI, an email containing a six character code will automatically be sent to their email address.

If the email is already registered, display the friendly notification and abort.

Models

Keypair

A user may only have one active keypair. Many may exists due to recovery from hacks etc - not relevant to this feture.

When a new user is created a new keypair must be created.

{
  id: Number,
  fingerprint: String,
  public_key: String,
  private_key: String,
}

Signup

Only one active signup may exist for a user and is only valid for 5 minutes.

{
  id: Guid,
  email: String,
  code: String,
  status: String,
  expires_at: Date,
  created_at: Date,
  updated_at: Date,
}

User

{
  id: String,
  email: String,
  first_name: String,
  last_name: String,
}

Api Endpoints

POST /signups

When a new user signs up the client will POST to this route with the body noted below.

If a user already exists with this email address an error is returned. Otherwise a new signup is created containing a random 6 character code, which is only valid for 5 minutes.

Request body:

{
  email: String,
  name: String,
}

Responses

201 - Newly created

{
  id: Number, // Integer
  expiresAt: String, // ISO String
}

200 - Existing unverified signup

{
  id: Number, // Integer
  expiresAt: String, // ISO String
}

409 - Conflict, email already verified.

{
  message: "Email <email> has already been verified.",
}

POST /verified-signups

When a user enters a signup code, the cli attempts to verify it and must send:

{
  signupId: String,
  code: String,
  publicKey: String,
  privateKey: String
}

If the code is valid, a new user is created with the publicKey and privateKey provided in the request. The signup document status must be marked as "complete".

Responses

201 - Newly created

Response body not implemented in this version. Models and transactions needs to be planned first.

404 - Sign with id signupId not found.

409 - Conflict, email already verified.

jakeklassen commented 6 years ago

See #3 for first major batch of work. Still need to handle side effects of creating a verified signup. Such as, creating user, keypair, organization and auth token.