users

README

Users service

Users service provides an HTTP API for managing users. Through this API clients are able to do the following actions:

• register new accounts
• obtain access tokens
• verify access tokens

For in-depth explanation of the aforementioned scenarios, as well as thorough understanding of Mainflux, please check out the official documentation.

Configuration

The service is configured using the environment variables presented in the following table. Note that any unset variables will be replaced with their default values.

Variable	Description	Default
MF_USERS_LOG_LEVEL	Log level for Users (debug, info, warn, error)	error
MF_USERS_DB_HOST	Database host address	localhost
MF_USERS_DB_PORT	Database host port	5432
MF_USERS_DB_USER	Database user	mainflux
MF_USERS_DB_PASSWORD	Database password	mainflux
MF_USERS_DB	Name of the database used by the service	users
MF_USERS_DB_SSL_MODE	Database connection SSL mode (disable, require, verify-ca, verify-full)	disable
MF_USERS_DB_SSL_CERT	Path to the PEM encoded certificate file
MF_USERS_DB_SSL_KEY	Path to the PEM encoded key file
MF_USERS_DB_SSL_ROOT_CERT	Path to the PEM encoded root certificate file
MF_USERS_HTTP_PORT	Users service HTTP port	8180
MF_USERS_SERVER_CERT	Path to server certificate in pem format
MF_USERS_SERVER_KEY	Path to server key in pem format
MF_USERS_ADMIN_EMAIL	Default user, created on startup
MF_USERS_ADMIN_PASSWORD	Default user password, created on startup
MF_JAEGER_URL	Jaeger server URL	localhost:6831
MF_EMAIL_DRIVER	Mail server driver, mail server for sending reset password token	smtp
MF_EMAIL_HOST	Mail server host	localhost
MF_EMAIL_PORT	Mail server port	25
MF_EMAIL_USERNAME	Mail server username
MF_EMAIL_PASSWORD	Mail server password
MF_EMAIL_FROM_ADDRESS	Email "from" address
MF_EMAIL_FROM_NAME	Email "from" name
MF_EMAIL_TEMPLATE	Email template for sending emails with password reset link	email.tmpl
MF_TOKEN_RESET_ENDPOINT	Password request reset endpoint, for constructing link	/reset-request

Deployment

The service itself is distributed as Docker container. The following snippet provides a compose file template that can be used to deploy the service container locally:

version: "2"
services:
  users:
    image: mainflux/users:[version]
    container_name: [instance name]
    ports:
      - [host machine port]:[configured HTTP port]
    environment:
      MF_USERS_LOG_LEVEL: [Users log level]
      MF_USERS_DB_HOST: [Database host address]
      MF_USERS_DB_PORT: [Database host port]
      MF_USERS_DB_USER: [Database user]
      MF_USERS_DB_PASS: [Database password]
      MF_USERS_DB: [Name of the database used by the service]
      MF_USERS_DB_SSL_MODE: [SSL mode to connect to the database with]
      MF_USERS_DB_SSL_CERT: [Path to the PEM encoded certificate file]
      MF_USERS_DB_SSL_KEY: [Path to the PEM encoded key file]
      MF_USERS_DB_SSL_ROOT_CERT: [Path to the PEM encoded root certificate file]
      MF_USERS_HTTP_PORT: [Service HTTP port]
      MF_USERS_SERVER_CERT: [String path to server certificate in pem format]
      MF_USERS_SERVER_KEY: [String path to server key in pem format]
      MF_JAEGER_URL: [Jaeger server URL]
      MF_EMAIL_DRIVER: [Mail server driver smtp]
      MF_EMAIL_HOST: [MF_EMAIL_HOST]
      MF_EMAIL_PORT: [MF_EMAIL_PORT]
      MF_EMAIL_USERNAME: [MF_EMAIL_USERNAME]
      MF_EMAIL_PASSWORD: [MF_EMAIL_PASSWORD]
      MF_EMAIL_FROM_ADDRESS: [MF_EMAIL_FROM_ADDRESS]
      MF_EMAIL_FROM_NAME: [MF_EMAIL_FROM_NAME]
      MF_EMAIL_TEMPLATE: [MF_EMAIL_TEMPLATE]
      MF_TOKEN_RESET_ENDPOINT: [MF_TOKEN_RESET_ENDPOINT]

To start the service outside of the container, execute the following shell script:

# download the latest version of the service
git clone https://gitee.com/shtemmi/iotflux

cd mainflux

# compile the service
make users

# copy binary to bin
make install

# set the environment variables and run the service
MF_USERS_LOG_LEVEL=[Users log level] MF_USERS_DB_HOST=[Database host address] MF_USERS_DB_PORT=[Database host port] MF_USERS_DB_USER=[Database user] MF_USERS_DB_PASS=[Database password] MF_USERS_DB=[Name of the database used by the service] MF_USERS_DB_SSL_MODE=[SSL mode to connect to the database with] MF_USERS_DB_SSL_CERT=[Path to the PEM encoded certificate file] MF_USERS_DB_SSL_KEY=[Path to the PEM encoded key file] MF_USERS_DB_SSL_ROOT_CERT=[Path to the PEM encoded root certificate file] MF_USERS_HTTP_PORT=[Service HTTP port] MF_USERS_SERVER_CERT=[Path to server certificate] MF_USERS_SERVER_KEY=[Path to server key] MF_JAEGER_URL=[Jaeger server URL] MF_EMAIL_DRIVER=[Mail server driver smtp] MF_EMAIL_HOST=[Mail server host] MF_EMAIL_PORT=[Mail server port] MF_EMAIL_USERNAME=[Mail server username] MF_EMAIL_PASSWORD=[Mail server password] MF_EMAIL_FROM_ADDRESS=[Email from address] MF_EMAIL_FROM_NAME=[Email from name] MF_EMAIL_TEMPLATE=[Email template file] MF_TOKEN_RESET_ENDPOINT=[Password reset token endpoint] $GOBIN/mainflux-users

If MF_EMAIL_TEMPLATE doesn't point to any file service will function but password reset functionality will not work.

Usage

For more information about service capabilities and its usage, please check out the API documentation.

Documentation

Index

• Variables
• type Emailer
• type Group
• type GroupPage
• type GroupRepository
• type Hasher
• type Metadata
• type PageMetadata
• type Service
  • func New(users UserRepository, groups GroupRepository, hasher Hasher, ...) Service
• type User
  • func (u User) Validate() error
• type UserPage
• type UserRepository

Variables

var (

	// ErrConflict indicates usage of the existing email during account
	// registration.
	ErrConflict = errors.New("email already taken")

	// ErrGroupConflict indicates group name already taken.
	ErrGroupConflict = errors.New("group already exists")

	// ErrMalformedEntity indicates malformed entity specification
	// (e.g. invalid username or password).
	ErrMalformedEntity = errors.New("malformed entity specification")

	// ErrUnauthorizedAccess indicates missing or invalid credentials provided
	// when accessing a protected resource.
	ErrUnauthorizedAccess = errors.New("missing or invalid credentials provided")

	// ErrNotFound indicates a non-existent entity request.
	ErrNotFound = errors.New("non-existent entity")

	// ErrUserNotFound indicates a non-existent user request.
	ErrUserNotFound = errors.New("non-existent user")

	// ErrScanMetadata indicates problem with metadata in db.
	ErrScanMetadata = errors.New("failed to scan metadata")

	// ErrMissingEmail indicates missing email for password reset request.
	ErrMissingEmail = errors.New("missing email for password reset")

	// ErrMissingResetToken indicates malformed or missing reset token
	// for reseting password.
	ErrMissingResetToken = errors.New("missing reset token")

	// ErrRecoveryToken indicates error in generating password recovery token.
	ErrRecoveryToken = errors.New("failed to generate password recovery token")

	// ErrGetToken indicates error in getting signed token.
	ErrGetToken = errors.New("failed to fetch signed token")

	// ErrCreateUser indicates error in creating user.
	ErrCreateUser = errors.New("failed to create user")

	// ErrCreateGroup indicates error in creating group.
	ErrCreateGroup = errors.New("failed to create group")

	// ErrDeleteGroupMissing indicates in delete operation that group doesnt exist.
	ErrDeleteGroupMissing = errors.New("group is not existing, already deleted")

	// ErrAssignUserToGroup indicates an error in assigning user to a group.
	ErrAssignUserToGroup = errors.New("failed assigning user to a group")
)

Types

type Emailer

type Emailer interface {
	SendPasswordReset(To []string, host, token string) error
}

Emailer wrapper around the email

type Group

type Group struct {
	ID          string
	Name        string
	OwnerID     string
	ParentID    string
	Description string
	Metadata    map[string]interface{}
}

Group of users

type GroupPage

type GroupPage struct {
	PageMetadata
	Groups []Group
}

type GroupRepository

type GroupRepository interface {
	// Save persists the group.
	Save(ctx context.Context, g Group) (Group, error)

	// Update updates the group data.
	Update(ctx context.Context, g Group) error

	// Delete deletes group for given id.
	Delete(ctx context.Context, id string) error

	// RetrieveByID retrieves group by its unique identifier.
	RetrieveByID(ctx context.Context, id string) (Group, error)

	// RetrieveByName retrieves group by name
	RetrieveByName(ctx context.Context, name string) (Group, error)

	// RetrieveAllWithAncestors retrieves all groups if groupID == "",  if groupID is specified returns children groups
	RetrieveAllWithAncestors(ctx context.Context, groupID string, offset, limit uint64, gm Metadata) (GroupPage, error)

	// Memberships retrieves all groups that user belongs to
	Memberships(ctx context.Context, userID string, offset, limit uint64, gm Metadata) (GroupPage, error)

	// Assign adds user to group.
	Assign(ctx context.Context, userID, groupID string) error

	// Unassign removes user from group
	Unassign(ctx context.Context, userID, groupID string) error
}

GroupRepository specifies an group persistence API.

type Hasher

type Hasher interface {
	// Hash generates the hashed string from plain-text.
	Hash(string) (string, error)

	// Compare compares plain-text version to the hashed one. An error should
	// indicate failed comparison.
	Compare(string, string) error
}

Hasher specifies an API for generating hashes of an arbitrary textual content.

type Metadata

type Metadata map[string]interface{}

Metadata to be used for mainflux thing or channel for customized describing of particular thing or channel.

type PageMetadata

type PageMetadata struct {
	Total  uint64
	Offset uint64
	Limit  uint64
	Name   string
}

PageMetadata contains page metadata that helps navigation.

type Service

type Service interface {
	// Register creates new user account. In case of the failed registration, a
	// non-nil error value is returned.
	Register(ctx context.Context, user User) (string, error)

	// Login authenticates the user given its credentials. Successful
	// authentication generates new access token. Failed invocations are
	// identified by the non-nil error values in the response.
	Login(ctx context.Context, user User) (string, error)

	// User authenticated user info for the given token.
	User(ctx context.Context, token string) (User, error)

	// UpdateUser updates the user metadata.
	UpdateUser(ctx context.Context, token string, user User) error

	// GenerateResetToken email where mail will be sent.
	// host is used for generating reset link.
	GenerateResetToken(ctx context.Context, email, host string) error

	// ChangePassword change users password for authenticated user.
	ChangePassword(ctx context.Context, authToken, password, oldPassword string) error

	// ResetPassword change users password in reset flow.
	// token can be authentication token or password reset token.
	ResetPassword(ctx context.Context, resetToken, password string) error

	//SendPasswordReset sends reset password link to email.
	SendPasswordReset(ctx context.Context, host, email, token string) error

	// CreateGroup creates new user group.
	CreateGroup(ctx context.Context, token string, group Group) (Group, error)

	// UpdateGroup updates the group identified by the provided ID.
	UpdateGroup(ctx context.Context, token string, group Group) error

	// Group retrieves data about the group identified by ID.
	Group(ctx context.Context, token, id string) (Group, error)

	// ListGroups retrieves groups that are children to group identified by parenID
	// if parentID is empty all groups are listed.
	Groups(ctx context.Context, token, parentID string, offset, limit uint64, meta Metadata) (GroupPage, error)

	// Members retrieves users that are assigned to a group identified by groupID.
	Members(ctx context.Context, token, groupID string, offset, limit uint64, meta Metadata) (UserPage, error)

	// Memberships retrieves groups that user identified with userID belongs to.
	Memberships(ctx context.Context, token, groupID string, offset, limit uint64, meta Metadata) (GroupPage, error)

	// RemoveGroup removes the group identified with the provided ID.
	RemoveGroup(ctx context.Context, token, id string) error

	// Assign adds user with userID into the group identified by groupID.
	Assign(ctx context.Context, token, userID, groupID string) error

	// Unassign removes user with userID from group identified by groupID.
	Unassign(ctx context.Context, token, userID, groupID string) error
}

Service specifies an API that must be fullfiled by the domain service implementation, and all of its decorators (e.g. logging & metrics).

func New

func New(users UserRepository, groups GroupRepository, hasher Hasher, auth mainflux.AuthNServiceClient, m Emailer) Service

New instantiates the users service implementation

type User

type User struct {
	ID       string
	Email    string
	Password string
	OwnerID  string
	Owner    *User
	Groups   []Group
	Metadata Metadata
}

User represents a Mainflux user account. Each user is identified given its email and password.

func (User) Validate

func (u User) Validate() error

Validate returns an error if user representation is invalid.

type UserPage

type UserPage struct {
	PageMetadata
	Users []User
}

type UserRepository

type UserRepository interface {
	// Save persists the user account. A non-nil error is returned to indicate
	// operation failure.
	Save(ctx context.Context, u User) (string, error)

	// Update updates the user metadata.
	UpdateUser(ctx context.Context, u User) error

	// RetrieveByEmail retrieves user by its unique identifier (i.e. email).
	RetrieveByEmail(ctx context.Context, email string) (User, error)

	// RetrieveByID retrieves user by its unique identifier ID.
	RetrieveByID(ctx context.Context, id string) (User, error)

	// UpdatePassword updates password for user with given email
	UpdatePassword(ctx context.Context, email, password string) error

	// Members retrieves all users that belong to a group
	Members(ctx context.Context, groupID string, offset, limit uint64, um Metadata) (UserPage, error)
}

UserRepository specifies an account persistence API.