In this first part we define the requirements against the application, its initial domain model and that REST API which its front-end will be using. We start off by defining the user stories for registering and managing users.
When designing a new system, it’s worth thinking about that result users are expecting to achieve with it. Below you can found a list of those very basic features a user registration system should have.
Let’s take a look at the workflows what system is going to support. First of all, people should be able to register and login, these are fairly obvious functionalities.
However, we need to be cautious when it comes to the handling of confirmation tokens. As they can be used to perform privileged actions, we use disposable random tokens to handle password reset and email confirmation.
When a new token got generated by the user for whatever reason all the previous ones are invalidated. When some remembers their password, formerly issued and valid password reset tokens must be made expired.
User stories usually don’t define non-functional requirements, such as security, development principles, technology stack, etc. So let’s list them here separately.
For the first round implementation we’ve got only three entities, that is, User, ConfirmationToken and UserEvent.
Accessing most of endpoints below require authentication, otherwise they return an UNAUTHORIZED status code. They also return a client error (FORBIDDEN) if the user tries to query an entity which belong to some other user, unless he has administrative privileges. If the specified entity doesn’t exist the called endpoint returns NOT_FOUND.
Creating a session (POST /sessions) and registering a new user (POST /users) are public and they don’t require authentication.
Returns the details of the given session or NOT_FOUND if there is no such session with the given ID or if that’s already expired.
Create a new session provided that the specified email and password pair belongs to a valid user.
Deletes the given session (logout).
Finds a user with the given ID.
List all users in the system
Registers a new user
Deletes the given user.
Updates the profile of a given user.
Uses the token of the given user and performs the action related to the token’s type.