rambo
commented
10 months ago A side note: "invite-codes" are actually EnrollmentPool objects. Also, users do not have lock/unlock functionality. Revoking a user could be thought of the "lock" but once the certificate is revoked it's revoked and will not work ever again. In theory we could generate a new cert but the user has no way of getting it, their authentication cert was already revoked...
Thus instead of the lock/unlock I'd just have a DELETE /user/:callsign for generic revoke or if we want to specify a reason for the revoke POST /user/:callsign/revoke (the reason MUST be a valid value for validate_reason )
See notes from @3zk1m0 above.
In addition to those: Everything that acceps invitecode or callsign as parameter MUST also accept the primary-key of the object.
PKs are UUIDs are the route must accept both the classic string form of "20994228-d379-4acd-bdd8-4de88435381b" and base64 encoded form "yUb5X1onSSCPzAFmeeyzJg==" (see helpers for encoding/decoding this form)
Anything that outputs UUIDs SHOULD output the b64 form.