-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove Account Update Route #5
Comments
👍 |
1 similar comment
👍 |
gr2m
added a commit
that referenced
this issue
Nov 21, 2015
BREAKING CHANGE: We decided to remove the ability to edit accounts by users themselves, as the business requirements are different from app to app, so the /requests API can be used for it instead. See #5
fixed via #7 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think we can remove the
PATCH /session/account
route entirely, and make all account properties after sign up read only, without exception. The security requirements / workflows to change a username or a password are app-specific, so I'd suggest that we use therequests
API for that. I think it's perfectly suited for that.In Hoodie’s implementation, the handlers for the different requests can be defined with
requests
option passed to the hapi plugin. For example the following request handler would require ax-password
header to be sent, and thePUT
request against CouchDB would happen with basic auth, using the username and password, and will therefore fail if the password is incorrect. The user's session is ignored entirely.That would also make the separation of accounts & profiles more clear.
Any thoughts @patriciagarcia @tthew?
The text was updated successfully, but these errors were encountered: