define({ "api": [ { "type": "get", "url": "/", "title": "First factor page", "name": "Login", "group": "Authentication", "version": "1.0.0", "success": { "fields": { "Success 200": [ { "group": "Success 200", "type": "String", "optional": false, "field": "Content", "description": "

The content of the first factor page.

" } ] } }, "description": "

Serves the login page and create a create a cookie for the client.

", "filename": "shared/api.ts", "groupTitle": "Authentication" }, { "type": "get", "url": "/logout", "title": "Serves logout page", "name": "Logout", "group": "Authentication", "version": "1.0.0", "parameter": { "fields": { "Parameter": [ { "group": "Parameter", "type": "String", "optional": false, "field": "redirect", "description": "

Redirect to this URL when user is deauthenticated.

" } ] } }, "success": { "fields": { "Success 302": [ { "group": "Success 302", "optional": false, "field": "redirect", "description": "

Redirect to the URL.

" } ] } }, "description": "

Log out the user and redirect to the URL.

", "filename": "shared/api.ts", "groupTitle": "Authentication" }, { "type": "get", "url": "/secondfactor", "title": "Second factor page", "name": "SecondFactor", "group": "Authentication", "version": "1.0.0", "success": { "fields": { "Success 200": [ { "group": "Success 200", "type": "String", "optional": false, "field": "Content", "description": "

The content of second factor page.

" } ] } }, "description": "

Serves the second factor page

", "filename": "shared/api.ts", "groupTitle": "Authentication" }, { "type": "post", "url": "/1stfactor", "title": "Bind user against LDAP", "name": "ValidateFirstFactor", "group": "Authentication", "version": "1.0.0", "parameter": { "fields": { "Parameter": [ { "group": "Parameter", "type": "String", "optional": false, "field": "username", "description": "

User username.

" }, { "group": "Parameter", "type": "String", "optional": false, "field": "password", "description": "

User password.

" } ] } }, "success": { "fields": { "Success 204": [ { "group": "Success 204", "optional": false, "field": "status", "description": "

1st factor is validated.

" } ] } }, "error": { "fields": { "Error 401": [ { "group": "Error 401", "type": "none", "optional": false, "field": "error", "description": "

1st factor is not validated.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } }, "description": "

Verify credentials against the LDAP.

", "filename": "shared/api.ts", "groupTitle": "Authentication", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } } }, { "type": "post", "url": "/reset-password/request", "title": "Finish password reset request", "name": "FinishPasswordResetRequest", "group": "PasswordReset", "version": "1.0.0", "description": "

Start password reset request.

", "filename": "shared/api.ts", "groupTitle": "PasswordReset", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "parameter": { "fields": { "Parameter": [ { "group": "Parameter", "type": "String", "optional": false, "field": "identity_token", "description": "

The one-time identity validation token provided in the email.

" } ] } }, "success": { "fields": { "Success 200": [ { "group": "Success 200", "type": "String", "optional": false, "field": "content", "description": "

The content of the page.

" } ] } }, "error": { "fields": { "Error 403": [ { "group": "Error 403", "optional": false, "field": "AccessDenied", "description": "

Access is denied.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } } }, { "type": "get", "url": "/password-reset/request", "title": "Request username", "name": "ServePasswordResetPage", "group": "PasswordReset", "version": "1.0.0", "description": "

Serve a page that requires the username.

", "filename": "shared/api.ts", "groupTitle": "PasswordReset", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } } }, { "type": "post", "url": "/api/password-reset", "title": "Set new password", "name": "SetNewLDAPPassword", "group": "PasswordReset", "version": "1.0.0", "parameter": { "fields": { "Parameter": [ { "group": "Parameter", "type": "String", "optional": false, "field": "password", "description": "

New password

" } ] } }, "description": "

Set a new password for the user.

", "filename": "shared/api.ts", "groupTitle": "PasswordReset", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } } }, { "type": "get", "url": "/password-reset/identity/start", "title": "Start password reset request", "name": "StartPasswordResetRequest", "group": "PasswordReset", "version": "1.0.0", "description": "

Start password reset request.

", "filename": "shared/api.ts", "groupTitle": "PasswordReset", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "success": { "fields": { "Success 204": [ { "group": "Success 204", "optional": false, "field": "status", "description": "

Identity validation has been initiated.

" } ] } }, "error": { "fields": { "Error 403": [ { "group": "Error 403", "optional": false, "field": "AccessDenied", "description": "

Access is denied.

" } ], "Error 400": [ { "group": "Error 400", "optional": false, "field": "InvalidIdentity", "description": "

User identity is invalid.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } } }, { "type": "get", "url": "/secondfactor/totp/identity/finish", "title": "Finish TOTP registration identity validation", "name": "FinishTOTPRegistration", "group": "TOTP", "version": "1.0.0", "description": "

Serves the TOTP registration page that displays the secret. The secret is a QRCode and a base32 secret.

", "filename": "shared/api.ts", "groupTitle": "TOTP", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "parameter": { "fields": { "Parameter": [ { "group": "Parameter", "type": "String", "optional": false, "field": "identity_token", "description": "

The one-time identity validation token provided in the email.

" } ] } }, "success": { "fields": { "Success 200": [ { "group": "Success 200", "type": "String", "optional": false, "field": "content", "description": "

The content of the page.

" } ] } }, "error": { "fields": { "Error 403": [ { "group": "Error 403", "optional": false, "field": "AccessDenied", "description": "

Access is denied.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } } }, { "type": "get", "url": "/secondfactor/totp/identity/start", "title": "Start TOTP registration identity validation", "name": "StartTOTPRegistration", "group": "TOTP", "version": "1.0.0", "description": "

Initiates the identity validation

", "filename": "shared/api.ts", "groupTitle": "TOTP", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "success": { "fields": { "Success 204": [ { "group": "Success 204", "optional": false, "field": "status", "description": "

Identity validation has been initiated.

" } ] } }, "error": { "fields": { "Error 403": [ { "group": "Error 403", "optional": false, "field": "AccessDenied", "description": "

Access is denied.

" } ], "Error 400": [ { "group": "Error 400", "optional": false, "field": "InvalidIdentity", "description": "

User identity is invalid.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } } }, { "type": "post", "url": "/api/totp", "title": "Complete TOTP authentication", "name": "ValidateTOTPSecondFactor", "group": "TOTP", "version": "1.0.0", "parameter": { "fields": { "Parameter": [ { "group": "Parameter", "type": "String", "optional": false, "field": "token", "description": "

TOTP token.

" } ] } }, "success": { "fields": { "Success 302": [ { "group": "Success 302", "optional": false, "field": "Redirect", "description": "

to the URL that has been stored during last call to /api/verify.

" } ] } }, "error": { "fields": { "Error 401": [ { "group": "Error 401", "type": "none", "optional": false, "field": "error", "description": "

TOTP token is invalid.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } }, "description": "

Verify TOTP token. The user is authenticated upon success.

", "filename": "shared/api.ts", "groupTitle": "TOTP", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } } }, { "type": "post", "url": "/api/u2f/sign", "title": "Complete U2F authentication", "name": "CompleteU2FAuthentication", "group": "U2F", "version": "1.0.0", "success": { "fields": { "Success 302": [ { "group": "Success 302", "optional": false, "field": "Redirect", "description": "

to the URL that has been stored during last call to /api/verify.

" } ] } }, "error": { "fields": { "Error 403": [ { "group": "Error 403", "type": "none", "optional": false, "field": "error", "description": "

No authentication request has been provided.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } }, "description": "

Complete authentication request of the U2F device.

", "filename": "shared/api.ts", "groupTitle": "U2F", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } } }, { "type": "post", "url": "/api/secondfactor/u2f/register", "title": "Complete U2F registration", "name": "FinishU2FRegistration", "group": "U2F", "version": "1.0.0", "success": { "fields": { "Success 302": [ { "group": "Success 302", "optional": false, "field": "Redirect", "description": "

to the URL that has been stored during last call to /api/verify.

" } ] } }, "description": "

Complete U2F registration request.

", "filename": "shared/api.ts", "groupTitle": "U2F", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "error": { "fields": { "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } } }, { "type": "get", "url": "/secondfactor/u2f/identity/start", "title": "Start U2F registration identity validation", "name": "RequestU2FRegistration", "group": "U2F", "version": "1.0.0", "filename": "shared/api.ts", "groupTitle": "U2F", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "success": { "fields": { "Success 204": [ { "group": "Success 204", "optional": false, "field": "status", "description": "

Identity validation has been initiated.

" } ] } }, "error": { "fields": { "Error 403": [ { "group": "Error 403", "optional": false, "field": "AccessDenied", "description": "

Access is denied.

" } ], "Error 400": [ { "group": "Error 400", "optional": false, "field": "InvalidIdentity", "description": "

User identity is invalid.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } }, "description": "

This request issue an identity validation token for the user bound to the session. It sends a challenge to the email address set in the user LDAP entry. The user must visit the sent URL to complete the validation and continue the registration process.

" }, { "type": "get", "url": "/secondfactor/u2f/identity/finish", "title": "Finish U2F registration identity validation", "name": "ServeU2FRegistrationPage", "group": "U2F", "version": "1.0.0", "description": "

Serves the U2F registration page that asks the user to touch the token of the U2F device.

", "filename": "shared/api.ts", "groupTitle": "U2F", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } }, "parameter": { "fields": { "Parameter": [ { "group": "Parameter", "type": "String", "optional": false, "field": "identity_token", "description": "

The one-time identity validation token provided in the email.

" } ] } }, "success": { "fields": { "Success 200": [ { "group": "Success 200", "type": "String", "optional": false, "field": "content", "description": "

The content of the page.

" } ] } }, "error": { "fields": { "Error 403": [ { "group": "Error 403", "optional": false, "field": "AccessDenied", "description": "

Access is denied.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } } }, { "type": "get", "url": "/api/u2f/sign_request", "title": "Start U2F authentication", "name": "StartU2FAuthentication", "group": "U2F", "version": "1.0.0", "success": { "fields": { "Success 200": [ { "group": "Success 200", "optional": false, "field": "authentication_request", "description": "

The U2F authentication request.

" } ] } }, "error": { "fields": { "Error 401": [ { "group": "Error 401", "type": "none", "optional": false, "field": "error", "description": "

There is no key registered for user in session.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } }, "description": "

Initiate an authentication request using a U2F device.

", "filename": "shared/api.ts", "groupTitle": "U2F", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } } }, { "type": "get", "url": "/api/u2f/register_request", "title": "Start U2F registration", "name": "StartU2FRegistration", "group": "U2F", "version": "1.0.0", "success": { "fields": { "Success 200": [ { "group": "Success 200", "optional": false, "field": "authentication_request", "description": "

The U2F registration request.

" } ] } }, "error": { "fields": { "Error 403": [ { "group": "Error 403", "type": "none", "optional": false, "field": "error", "description": "

Unexpected identity validation challenge.

" } ], "Error 500": [ { "group": "Error 500", "type": "String", "optional": false, "field": "error", "description": "

Internal error message.

" } ] } }, "description": "

Initiate a U2F device registration request.

", "filename": "shared/api.ts", "groupTitle": "U2F", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } } }, { "type": "get", "url": "/api/verify", "title": "Verify user authentication", "name": "VerifyAuthentication", "group": "Verification", "version": "1.0.0", "parameter": { "fields": { "Parameter": [ { "group": "Parameter", "type": "String", "optional": false, "field": "redirect", "description": "

Optional parameter set to the url where the user is redirected if access is refused. It is mainly used by Traefik that does not control the redirection itself.

" } ] } }, "success": { "fields": { "Success 204": [ { "group": "Success 204", "optional": false, "field": "status", "description": "

The user is authenticated.

" } ] } }, "error": { "fields": { "Error 302": [ { "group": "Error 302", "optional": false, "field": "redirect", "description": "

The user is redirected if redirect parameter is provided.

" } ], "Error 401": [ { "group": "Error 401", "optional": false, "field": "status", "description": "

The user get an error if access failed

" } ] } }, "description": "

Verify that the user is authenticated, i.e., the two factors have been validated. If the user is authenticated the response headers Remote-User and Remote-Groups are set. Remote-User contains the user id of the currently logged in user and Remote-Groups a comma separated list of assigned groups.

", "filename": "shared/api.ts", "groupTitle": "Verification", "header": { "fields": { "Header": [ { "group": "Header", "type": "String", "optional": false, "field": "Cookie", "description": "

Cookie containing "connect.sid", the user session token.

" } ] } } } ] });