Auth API v4

DCImanager 6

Documentation

DCImanager 6

Developer section

API

Auth API v4

Add to Favorites

Documentation

DCImanager 6

Developer section

API

Auth API v4

{"include":["https:\/\/gitlab-dev.ispsystem.net\/tools\/gitlab\/-\/raw\/master\/conan2\/conan2-bin.yml","https:\/\/gitlab-dev.ispsystem.net\/tools\/gitlab\/-\/raw\/master\/common\/common-include.yml","https:\/\/gitlab-dev.ispsystem.net\/tools\/gitlab\/-\/raw\/master\/SAST\/syft-scan.yml"],"deploy_to_confluence":{"image":"registry-dev.ispsystem.net\/docker\/py-ci-utility:default","stage":"deploy","script":["cp build\/dist\/opt\/ispsystem\/auth\/etc\/schema\/compat_auth.yaml .\/compat_auth.yml","curl -s -o merge_schema.py 'https:\/\/gitlab-dev.ispsystem.net\/tools\/gitlab\/raw\/master\/openapi\/merge_schema.py'","OPENAPI_DIR=${PWD} python3 merge_schema.py > auth_v4_api.json","curl -T \"auth_v4_api.json\" ftp:\/\/\"common:${FTP_COMMON_PASSWORD}\"@ru.download.ispsystem.com\/","curl -s -o deploy_openapi.py 'https:\/\/gitlab-dev.ispsystem.net\/tools\/gitlab\/-\/raw\/master\/openapi\/deploy_openapi.py'","python3 deploy_openapi.py --page '177964536' -t 'Auth API v4' -url 'https:\/\/download.ispsystem.com\/6\/common\/auth_v4_api.json' -parent '45661653'","python3 deploy_openapi.py --page '177964538' -t 'Auth API v4' -url 'https:\/\/download.ispsystem.com\/6\/common\/auth_v4_api.json' -parent '45661650'","python3 deploy_openapi.py --page '177964672' -t 'Auth API v4' -url 'https:\/\/download.ispsystem.com\/6\/common\/auth_v4_api.json' -parent '32034422'","python3 deploy_openapi.py --page '177964675' -t 'Auth API v4' -url 'https:\/\/download.ispsystem.com\/6\/common\/auth_v4_api.json' -parent '32034439'","curl -s -o deploy_astra_openapi.py 'https:\/\/gitlab-dev.ispsystem.net\/tools\/gitlab\/-\/raw\/master\/openapi\/deploy_astra_openapi.py'","python3 deploy_astra_openapi.py --page \"333825302\" -t \"Auth API v4\" -url \"https:\/\/download.ispsystem.com\/6\/common\/auth_v4_api.json\" -parent \"326840979\""],"rules":[{"if":"$CI_COMMIT_TAG"},{"when":"never"}],"artifacts":{"when":"always","paths":["auth_v4_api.json"]},"allow_failure":true},"generate_fe_pkg":{"image":"registry-dev.ispsystem.net\/docker\/node:latest","stage":"deploy","allow_failure":true,"script":["BETA_SUFFIX=$(echo $CI_COMMIT_REF_NAME | sed 's\/[^a-zA-Z0-9]\/-\/g')","API_VERSION=\"$(cat beta_version.env)\"","npm set registry https:\/\/verdaccio.ispsystem.net","npm i @ispdevkit\/contract@latest","npm list @ispdevkit\/contract","echo '\/\/verdaccio.ispsystem.net\/:_authToken=\"${NPM_VER_TOKEN_FROM_IMAGE}\"' >> .npmrc","cp build\/dist\/opt\/ispsystem\/auth\/etc\/schema\/compat_auth.yaml .\/compat_auth.yml","npx ispc g -p .\/compat_auth.yml -o .\/dest-dir\/generated-api  --apiId=auth --prefix AuthApi","if [ \"${CI_COMMIT_TAG}\" ];\n  then\n    npx ispc p -p .\/dest-dir\/generated-api -n '@ispdevkit\/auth-api-generated' -d 'AUTH API interfaces and Angular services generated from openapi schemas' --sources --ver $API_VERSION --stable;\n  else\n    npx ispc p -p .\/dest-dir\/generated-api -n '@ispdevkit\/auth-api-generated' -d 'AUTH API interfaces and Angular services generated from openapi schemas' --preId $BETA_SUFFIX --sources --ver $API_VERSION;\nfi\n"],"artifacts":{"when":"always","paths":["dest-dir\/generated-api\/"]},"only":{"changes":["compat\/auth\/openapi.yaml"]}},"testing":{"variables":{"DATABASE_HOST":"mysql","DATABASE_DRIVER":"mysql","DATABASE_USER":"root","DATABASE_NAME":"auth","MYSQL_ALLOW_EMPTY_PASSWORD":"yes","MYSQL_DATABASE":"auth","CONSUL_HOST":"consul","LDAP_SERVER":"ldap","LDAP_ADMIN_USERNAME":"admin","LDAP_ADMIN_PASSWORD":"adminpassword","LDAP_USERS":"user_ldap01,user_ldap02","LDAP_PASSWORDS":"custompassword1,custompasword2","LDAP_ROOT":"dc=example,dc=org","LDAP_ADMIN_DN":"cn=admin,dc=example,dc=org"},"services":[{"name":"mysql:8","alias":"mysql","command":["--mysql-native-password=ON","--authentication_policy=mysql_native_password"]},{"name":"docker-registry.ispsystem.com\/consul:1.8.5","alias":"consul"},{"name":"bitnamilegacy\/openldap:2.6.10-debian-12-r4","alias":"ldap"}]},"openapi":"3.0.2","info":{"title":"Auth API","description":"Authorization and authentication API for EXOsoft products (DCI, VM)","version":"4.0.0","contact":{"email":"help@ispsystem.com"}},"servers":[{"url":"http:\/\/localhost:1600"}],"x-json-schema-faker":{"locale":"en","min-items":0,"max-items":100,"optionalsProbability":0.5,"resolve-json-path":true},"paths":{"\/public\/roles":{"get":{"deprecated":true,"operationId":"GetPublicRoleList","summary":"Get list of additional role`s names","description":"It is not so deprecated as experimental. OpenAPI has no property to show this. Basically auth service does not know anything about builtin roles so you have to add them to environment variable BUILTIN_ROLES. For example, it's value could be \"@admin,@user\".","tags":["Permissions"],"responses":{"200":{"$ref":"#\/components\/responses\/200PublicRoleList"}}}},"\/role":{"get":{"summary":"Get list of custom roles","description":"That handler is used to get full information about all custom roles","operationId":"GetRoleList","deprecated":true,"tags":["Role"],"responses":{"200":{"$ref":"#\/components\/responses\/200RoleList"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"post":{"summary":"Create a custom role","description":"Add a custom role in the system","operationId":"CreateRole","deprecated":true,"tags":["Role"],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["name","data"],"properties":{"name":{"type":"string","description":"Role name for inner usage","example":"@admin_accounts","pattern":"^@\\w+"},"human_name":{"type":"string","description":"Role name for human beings","example":"Admin of accounts"},"human_descr":{"type":"string","description":"Role description for human beings","example":"Such admins could create new users"},"data":{"type":"object","description":"Created roles data","properties":{"GET":{"type":"array","items":{"type":"string","example":"@common_read"}},"POST":{"type":"array","items":{"type":"string","example":"@common_write"}},"DELETE":{"type":"array","items":{"type":"string","example":"@common_write"}}}}}}}}},"responses":{"201":{"$ref":"#\/components\/responses\/201Created"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/role\/{role_id}":{"get":{"summary":"Get information about selected custom role","description":"This handle returns same information like \/role does","operationId":"GetRole","deprecated":true,"tags":["Role"],"parameters":[{"$ref":"#\/components\/parameters\/RoleId"}],"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"},"200":{"description":"The role information","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/GetRole"}}}}}},"post":{"summary":"Edit a custom role","description":"Edit a existed custom role in the system","operationId":"EditRole","deprecated":true,"tags":["Role"],"parameters":[{"$ref":"#\/components\/parameters\/RoleId"}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"human_name":{"type":"string","description":"Role name for human beings","example":"Admin of accounts"},"human_descr":{"type":"string","description":"Role description for human beings","example":"Such admins could create new users"},"data":{"type":"object","description":"Created roles data","properties":{"GET":{"type":"array","items":{"type":"string","example":"@common_read"}},"POST":{"type":"array","items":{"type":"string","example":"@common_write"}},"DELETE":{"type":"array","items":{"type":"string","example":"@common_write"}}}}}}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}},"delete":{"summary":"Delete a custom role","description":"Delete a existed custom role in the system","operationId":"DeleteRole","deprecated":true,"tags":["Role"],"parameters":[{"$ref":"#\/components\/parameters\/RoleId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/self\/handles":{"get":{"summary":"Get available handlers for current user","operationId":"SelfHandles","tags":["Permissions"],"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"$ref":"#\/components\/responses\/200HandlesGet"}}}},"\/self\/session":{"get":{"summary":"Get current user sessions","operationId":"SelfSession","tags":["Session"],"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"$ref":"#\/components\/responses\/200SessionsGet"}}}},"\/self\/session\/{session_id}":{"delete":{"summary":"Delete the user session by ID","description":"Delete the user session by ID","operationId":"DeleteSelfSession","tags":["Session"],"parameters":[{"$ref":"#\/components\/parameters\/SessionId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/session":{"get":{"summary":"Get all users sessions","operationId":"Session","tags":["Session"],"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"$ref":"#\/components\/responses\/200SessionsGet"}}}},"\/session\/{session_id}":{"delete":{"summary":"Delete a session by ID","description":"Delete a session by ID","operationId":"DeleteSession","tags":["Session"],"parameters":[{"$ref":"#\/components\/parameters\/SessionId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/self\/subroles":{"get":{"summary":"Get current user subroles","operationId":"SelfSubroles","deprecated":true,"tags":["Role"],"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"$ref":"#\/components\/responses\/200SubRolesGet"}}}},"\/public\/has_first_user":{"get":{"summary":"Get flag about first user","operationId":"HasFirstUser","tags":["Users"],"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"$ref":"#\/components\/responses\/200HasFirstUserGet"}}}},"\/public\/token":{"post":{"summary":"Authenticate user using username and password","description":"Using this handler you just authenticate user in the system","operationId":"Auth","tags":["Token"],"security":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"email":{"type":"string","description":"User name (Now it can be username or email)","example":"admin@example.com"},"password":{"type":"string","description":"User password"},"confirmed":{"type":"boolean","description":"If token is not confirmed you must confirm it using handle \/public\/token\/confirm"},"ldap_id":{"type":"integer","description":"LDAP integration ID"},"use_local":{"type":"boolean","description":"Use local auth system for authorization","enum":[true]}},"required":["email","password"]}}}},"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/token":{"post":{"summary":"Create long life or infinite token","description":"Such tokens should be used for integration purpose only","operationId":"PostToken","tags":["Token"],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"expires_at":{"type":"string","format":"datetime","description":"Token expiration date","example":"2022-01-01 00:00:00"},"description":{"type":"string","maxLength":255,"description":"Any comment you want to add for new token","example":"Integration with google :)"}},"required":["expires_at"]}}}},"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/token\/{token_id}":{"delete":{"summary":"Remove token","description":"Most tokens has limited lifetime. But if you want to revoke access for some integrated applications or users you can manually remove their tokens","deprecated":true,"operationId":"DeleteToken","tags":["Token"],"security":[{"Token":[]},{"Internal":[]}],"parameters":[{"in":"path","name":"token_id","required":true,"description":"Token id or value","schema":{"type":"string"}}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/user\/{user_id}\/su":{"post":{"summary":"Create new token for trustee","description":"Makes possible to act as specified user. You should be administrator or trustee for this user","operationId":"UserSu","tags":["Token"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/self\/back":{"post":{"summary":"Get back to trustee account","description":"Makes possible to return to previous level after making SU","operationId":"SelfBack","tags":["Token"],"requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/user":{"get":{"summary":"Get list of the users","description":"Returns complete list of the users. To limit it you can use standard filtering and pagination query string syntax","operationId":"UserList","tags":["Users"],"parameters":[{"$ref":"#\/components\/parameters\/ListFilter"},{"$ref":"#\/components\/parameters\/ListWhere"},{"$ref":"#\/components\/parameters\/ListOrderBy"},{"$ref":"#\/components\/parameters\/ListLimit"},{"$ref":"#\/components\/parameters\/ListAction"}],"responses":{"200":{"description":"You will receive the list of the users","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/UserListGet"}}}},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"post":{"summary":"Create new user\/administrator","description":"Register new user in the system. User will not be able to login before he\/her will be granted access to some instance","operationId":"CreateUser","tags":["Users"],"requestBody":{"$ref":"#\/components\/requestBodies\/CreateUser"},"responses":{"201":{"$ref":"#\/components\/responses\/201Created"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/user_short":{"get":{"summary":"Get list of the users","description":"Returns only id and email for each users. To limit it you can use standard filtering and pagination query string syntax","operationId":"UserListShort","tags":["Users"],"parameters":[{"$ref":"#\/components\/parameters\/ListFilter"},{"$ref":"#\/components\/parameters\/ListWhere"},{"$ref":"#\/components\/parameters\/ListOrderBy"},{"$ref":"#\/components\/parameters\/ListLimit"},{"$ref":"#\/components\/parameters\/ListAction"}],"responses":{"200":{"description":"You will receive the list of the users","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/UserShortListGet"}}}},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/instance\/{instance_id}\/user":{"get":{"deprecated":true,"summary":"Get list of the instance users","description":"Returns complete list of the instance users. To limit it you can use standard filtering and pagination query string syntax","operationId":"InstanceUserList","tags":["Users"],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/ListFilter"},{"$ref":"#\/components\/parameters\/ListWhere"},{"$ref":"#\/components\/parameters\/ListOrderBy"},{"$ref":"#\/components\/parameters\/ListLimit"},{"$ref":"#\/components\/parameters\/ListAction"}],"responses":{"200":{"$ref":"#\/components\/responses\/200InstanceUserList"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/self\/password":{"post":{"summary":"Change current user password","description":"User can change password for himself only if he\/she can provide current one. Or he\/she can use password recovery procedure and change it via E-Mail","operationId":"SelfPassword","tags":["Users"],"security":[{"Token":[]}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"old_password":{"type":"string","description":"Old user password"},"password":{"type":"string","format":"password","minLength":8,"description":"New password"}},"required":["password","old_password"]}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/user\/{user_id}\/password":{"post":{"summary":"Change user password","description":"Administrator can change password for any user in the system","operationId":"ChangePassword","tags":["Users"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"password":{"type":"string","format":"password","minLength":8,"description":"New password"}},"required":["password"]}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/user\/{user_id}\/lock":{"post":{"summary":"Add blocking dependency","description":"User with as least one active dependency cannot be deleted","operationId":"UserLock","tags":["Internal"],"security":[{"Internal":[]}],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"service":{"type":"string","description":"Service name that have made this request"},"description":{"type":"string","description":"Description"}},"required":["service","description"]}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/user\/{user_id}\/lock\/{service}":{"delete":{"summary":"Remove blocking dependency","description":"Release user. Service should call this handler if it have locked this user before and does not need it existence any more","operationId":"UserUnlock","tags":["Internal"],"security":[{"Internal":[]}],"parameters":[{"$ref":"#\/components\/parameters\/UserId"},{"in":"path","name":"service","required":true,"description":"Service name was used to create blocking dependency","schema":{"type":"string"}}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/user\/{user_id}":{"post":{"summary":"Edit selected user","operationId":"EditUser","tags":["Users"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/EditUser"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"get":{"summary":"Get user details","operationId":"GetUser","description":"Getting user details by user identifier","tags":["Users"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200UserGet"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"delete":{"summary":"Completely delete user from the system","description":"User must not be owner of any instance in system. User can not delete himself","operationId":"UserDelete","tags":["Users"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/self":{"post":{"summary":"Edit yourself","operationId":"EditSelf","tags":["Users"],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","properties":{"full_name":{"type":"string","maxLength":255,"description":"User first and last name","example":"John Smith"},"lang":{"type":"string","description":"The user interface language","enum":["en","ru","es"],"example":"en"},"timezone":{"type":"string","description":"Custom timezone for current user","maxLength":64,"example":"Asia\/Irkutsk","pattern":"^[-_A-Za-z0-9\\\/]+$","x-faker":{"helpers.arrayElement":[["Asia\/Irkutsk","Pacific\/Niue","Pacific\/Pitcairn"]]}}}}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"get":{"summary":"Get yourself details","operationId":"GetSelf","description":"Getting details about yourself","tags":["Users"],"responses":{"200":{"$ref":"#\/components\/responses\/200UserGet"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/public\/first_user_invite":{"post":{"summary":"Get first user token","operationId":"FirtsUserInvite","tags":["Users"],"security":[],"requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"200":{"$ref":"#\/components\/responses\/200Token"},"400":{"$ref":"#\/components\/responses\/400UserExists"}}}},"\/public\/token\/{token}\/invite_first_user":{"post":{"summary":"Create first user","operationId":"CreateFirstUser","tags":["Users"],"security":[],"parameters":[{"$ref":"#\/components\/parameters\/FirstUserToken"}],"requestBody":{"content":{"application\/json":{"schema":{"type":"object","properties":{"email":{"type":"string","format":"email","maxLength":255,"description":"User E-Mail will be used as login name","example":"admin@example.com","x-faker":"internet.email"},"password":{"type":"string","format":"password","writeOnly":true,"minLength":8,"description":"First user password, we save only hash and nobody can read password"},"lang":{"type":"string","description":"The user interface language","enum":["en","ru","es"],"example":"en"}},"required":["email","password"]}}}},"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"400":{"$ref":"#\/components\/responses\/400BadRequest"}}}},"\/user\/{user_id}\/acl":{"post":{"summary":"Set users access control list (ACL)","deprecated":true,"description":"Sets IPs user allowed to login from","tags":["Acl"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"operationId":"EditUserAcl","requestBody":{"$ref":"#\/components\/requestBodies\/Acl"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"get":{"summary":"Get users access control list (ACL)","deprecated":true,"description":"Returns set of IPs user allowed to login from","operationId":"GetUserAcl","tags":["Acl"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Acl"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/self\/acl":{"post":{"summary":"Set users access control list (ACL)","deprecated":true,"description":"Sets IPs user allowed to login from","tags":["Acl"],"operationId":"SetSelfAcl","requestBody":{"$ref":"#\/components\/requestBodies\/Acl"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"get":{"summary":"Get users access control list (ACL)","deprecated":true,"description":"Returns set of IPs user allowed to login from","operationId":"GetSelfAcl","tags":["Acl"],"responses":{"200":{"$ref":"#\/components\/responses\/200Acl"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/public\/global\/whoami":{"get":{"summary":"Get your current roles to single instance services","description":"That handler is used by proxy to check access to single instance services when request contains token","deprecated":true,"operationId":"GetInternalWhoami","security":[],"parameters":[{"$ref":"#\/components\/parameters\/Token"}],"tags":["Proxy"],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/public\/instance\/{instance_id}\/whoami":{"get":{"summary":"Get your current roles on selected instance","description":"That handler is used by proxy to check access to multi instance services when request contains token","deprecated":true,"security":[],"parameters":[{"$ref":"#\/components\/parameters\/Token"},{"$ref":"#\/components\/parameters\/InstanceId"}],"tags":["Proxy"],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/whoami":{"get":{"summary":"Get your current session information","description":"That handler is used to check user session","parameters":[{"$ref":"#\/components\/parameters\/Token"}],"tags":["Token"],"responses":{"200":{"$ref":"#\/components\/responses\/200Whoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/instance\/{instance_id}\/import\/user":{"post":{"summary":"Create new user\/administrator in selected instance","description":"Register new user in the system and grant access to selected instance. For internal use only. Using simple '\/user' handle is more properly way to do it. '\/user' handle must be improved to accept encrypted passwords.","operationId":"InstanceUserImport","deprecated":true,"tags":["Internal"],"security":[{"Internal":[]}],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/InstanceUserImport"},"responses":{"200":{"$ref":"#\/components\/responses\/201Created"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/import\/user":{"post":{"summary":"Create new user\/administrator in global environment","description":"For internal use only. Using simple '\/user' handle is more properly way to do it. '\/user' handle must be imroved to accept crypted passwords.","operationId":"GlobalUserImport","deprecated":true,"tags":["Internal"],"security":[{"Internal":[]}],"requestBody":{"$ref":"#\/components\/requestBodies\/InstanceUserImport"},"responses":{"200":{"$ref":"#\/components\/responses\/201Created"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/instance\/{instance_id}\/user\/{user_id}":{"get":{"summary":"Get roles of selected user in selected instance","operationId":"GetUserPermissions","description":"That handler is used by proxy to check access to multi instance services when request doesn't contain token but has Internal-Auth header","deprecated":true,"tags":["Proxy"],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"post":{"summary":"Grant access to selected instance for selected user","operationId":"CreateUserPermissions","deprecated":true,"tags":["Permissions"],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/UserId"}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"roles":{"type":"array","items":{"type":"string"},"minItems":1}}}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"delete":{"summary":"Revoke access of selected user to selected instance","operationId":"RevokeUserPermissions","deprecated":true,"tags":["Permissions"],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/instance\/{instance_id}\/user\/{user_id}\/trustee\/{trustee_id}":{"get":{"summary":"Get roles of selected user\/trustee pair in selected instance","operationId":"GetTrusteePermissions","description":"That handler is used by proxy to check access to multi instance services when request doesn't contain token but has Internal-Auth header","deprecated":true,"tags":["Proxy"],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/TrusteeId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/instance\/{instance_id}\/user\/{user_id}\/trustee\/{trustee_id}\/roles":{"post":{"summary":"Grant access to selected instance for selected trustee","operationId":"CreateTrusteePermissions","deprecated":true,"tags":["Permissions"],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/TrusteeId"}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"roles":{"type":"array","items":{"type":"string"},"minItems":1,"default":["@user"]}}}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"delete":{"summary":"Revoke access of selected trustee to selected instance","operationId":"RevokeTrusteePermissions","deprecated":true,"tags":["Permissions"],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/TrusteeId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/user\/{user_id}\/resume":{"post":{"summary":"Allow user access","operationId":"UserAccessResume","tags":["Permissions"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/user\/{user_id}\/suspend":{"post":{"summary":"Restrict user access","operationId":"UserAccessSuspend","tags":["Permissions"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/user\/{user_id}\/trustee\/{trustee_id}":{"get":{"summary":"Get roles of selected user\/trustee pair","operationId":"GetTrustee","description":"That handler can be used by proxy to check access to single instance services when request doesn't contain token but has Internal-Auth header. But in general it never should be used (we don't need to grant trustee access to single instance services because most of such services are used to manipulate personal user settings)","deprecated":true,"tags":["Proxy"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/TrusteeId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/user\/{user_id}\/trustee\/{trustee_id}\/roles":{"post":{"summary":"Grant access to selected trustee","operationId":"EditTrustee","tags":["Permissions"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/TrusteeId"}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"roles":{"type":"array","items":{"type":"string"},"minItems":1,"default":["@user"]}}}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"delete":{"summary":"Revoke access of selected trustee","operationId":"DeleteTrustee","tags":["Permissions"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/TrusteeId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/public\/global\/whoami\/method\/{method}\/target\/{target}":{"get":{"summary":"Get your current roles to single instance services","description":"That handler is used by proxy to check access to single instance services when request contains token","security":[],"parameters":[{"$ref":"#\/components\/parameters\/Token"},{"$ref":"#\/components\/parameters\/Method"},{"$ref":"#\/components\/parameters\/Target"}],"tags":["Proxy"],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/public\/instance\/{instance_id}\/whoami\/method\/{method}\/target\/{target}":{"get":{"summary":"Get your current roles on selected instance","deprecated":true,"description":"That handler is used by proxy to check access to multi instance services when request contains token","security":[],"parameters":[{"$ref":"#\/components\/parameters\/Token"},{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/Method"},{"$ref":"#\/components\/parameters\/Target"}],"tags":["Proxy"],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/user\/{user_id}\/method\/{method}\/target\/{target}":{"get":{"summary":"Get roles of selected user in single instance services","description":"That handler is used by proxy to check access to single instance services when request doesn't contain token but has Internal-Auth header","tags":["Proxy"],"security":[{"Internal":[]}],"parameters":[{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/Method"},{"$ref":"#\/components\/parameters\/Target"}],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"},"500":{"$ref":"#\/components\/responses\/500InternalError"}}}},"\/rbac\/{rbac_id}\/owner\/{owner_id}\/match\/{pattern}\/value\/{value}":{"get":{"summary":"Get roles of selected user in single instance services","description":"That handler is used by proxy to check access to single instance services when request doesn't contain token but has Internal-Auth header","tags":["Proxy"],"security":[{"Internal":[]}],"parameters":[{"$ref":"#\/components\/parameters\/RbacId"},{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/Target"},{"$ref":"#\/components\/parameters\/Value"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Access"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"},"500":{"$ref":"#\/components\/responses\/500InternalError"}}}},"\/user\/{user_id}\/trustee\/{trustee_id}\/method\/{method}\/target\/{target}":{"get":{"summary":"Get roles of selected user\/trustee pair","description":"That handler can be used by proxy to check access to single instance services when request doesn't contain token but has Internal-Auth header. But in general it never should be used (we needent to grant trustee access to single instance services because most of such services are used to manipulate personal user settings)","tags":["Proxy"],"security":[{"Internal":[]}],"parameters":[{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/TrusteeId"},{"$ref":"#\/components\/parameters\/Method"},{"$ref":"#\/components\/parameters\/Target"}],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/instance\/{instance_id}\/user\/{user_id}\/method\/{method}\/target\/{target}":{"get":{"summary":"Get roles of selected user in selected instance","deprecated":true,"description":"That handler is used by proxy to check access to multi instance services when request doesn't contain token but has Internal-Auth header","tags":["Proxy"],"security":[{"Internal":[]}],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/Method"},{"$ref":"#\/components\/parameters\/Target"}],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/instance\/{instance_id}\/user\/{user_id}\/trustee\/{trustee_id}\/method\/{method}\/target\/{target}":{"get":{"summary":"Get roles of selected user in selected instance","deprecated":true,"description":"That handler is used by proxy to check access to multi instance services when request doesn't contain token but has Internal-Auth header","tags":["Proxy"],"security":[{"Internal":[]}],"parameters":[{"$ref":"#\/components\/parameters\/InstanceId"},{"$ref":"#\/components\/parameters\/UserId"},{"$ref":"#\/components\/parameters\/TrusteeId"},{"$ref":"#\/components\/parameters\/Method"},{"$ref":"#\/components\/parameters\/Target"}],"responses":{"200":{"$ref":"#\/components\/responses\/200InternalWhoami"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/acl":{"get":{"summary":"Get list of access control lists","description":"That handler is used to get full information about access control lists were setup on system","tags":["Acl"],"operationId":"AclList","deprecated":true,"responses":{"200":{"description":"You will receive the list of all existing ACLs","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/AclGet"}}}}}}},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"post":{"summary":"Create new access control list","description":"Create new one ACL, this handle allows create ACL and add members to it","tags":["Acl"],"operationId":"CreateAcl","deprecated":true,"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"name":{"type":"string","maxLength":255,"description":"Unique name"},"ip_list":{"type":"array","items":{"type":"string","format":"iprange","example":"192.168.0.0\/16"}},"members":{"type":"array","description":"List of ACL members","items":{"type":"string","maxLength":255,"description":"User name or user ID"}}},"required":["name","ip_list"]}}}},"responses":{"201":{"$ref":"#\/components\/responses\/201Created"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/acl\/{acl_id}":{"get":{"summary":"Get information about selected ACL","description":"This handle returns same information like \/acl does","tags":["Acl"],"operationId":"AclInfo","parameters":[{"$ref":"#\/components\/parameters\/AclId"}],"deprecated":true,"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"},"200":{"description":"You will receive single ACL","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/AclGet"}}}}}},"post":{"summary":"Modify ACL","description":"That handler allows to change ACL and manage its members. If members missed they will be unchanged","tags":["Acl"],"operationId":"EditAcl","parameters":[{"$ref":"#\/components\/parameters\/AclId"}],"deprecated":true,"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"name":{"type":"string","maxLength":255,"description":"Unique name"},"ip_list":{"type":"array","items":{"type":"string","format":"iprange","example":"192.168.0.0\/16"}},"members":{"type":"array","description":"List of ACL members","items":{"type":"string","maxLength":255,"description":"User name or user ID"}}}}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"delete":{"summary":"Delete ACL","description":"Completely remove ACL","operationId":"DeleteAcl","deprecated":true,"tags":["Acl"],"parameters":[{"$ref":"#\/components\/parameters\/AclId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/acl\/{acl_id}\/user\/{user_id}":{"post":{"summary":"Adds ACL member","description":"That handler is will add and return 201Created if new member was added to ACL or 200Ok if member already exists","tags":["Acl"],"operationId":"AclAddMember","parameters":[{"$ref":"#\/components\/parameters\/AclId"},{"$ref":"#\/components\/parameters\/UserId"}],"deprecated":true,"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"201":{"$ref":"#\/components\/responses\/201Created"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"delete":{"summary":"Removes ACL member","description":"That handler will remove member from ACL","tags":["Acl"],"operationId":"AclRemoveMember","parameters":[{"$ref":"#\/components\/parameters\/AclId"},{"$ref":"#\/components\/parameters\/UserId"}],"deprecated":true,"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/realip\/trusted_servers":{"get":{"summary":"Get information about current trusted servers","description":"This handle returns information about realip header and trusted ips","tags":["Setting"],"operationId":"TrustedServersInfo","responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"description":"Get trusted servers info","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/TrustedServers"}}}}}},"post":{"summary":"Set information about current trusted servers","description":"This handle sets information about realip header and trusted ips","tags":["Setting"],"operationId":"TrustedServersSet","requestBody":{"$ref":"#\/components\/requestBodies\/TrustedServers"},"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"200":{"$ref":"#\/components\/responses\/200Ok"}}},"delete":{"summary":"Reset information about current trusted servers","description":"This handle removes information about realip header and trusted ips","tags":["Setting"],"operationId":"TrustedServersDelete","responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"$ref":"#\/components\/responses\/200Ok"}}}},"\/self\/key":{"post":{"summary":"Create key for current user","description":"Create key that can be used to get token for current user","tags":["Key"],"security":[{"Token":[]}],"operationId":"SelfKey","responses":{"201":{"$ref":"#\/components\/responses\/201Key"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/user\/{user_id}\/key":{"post":{"summary":"Create key for specified user","description":"Create key that can be used to get token for selected user","tags":["Key"],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"operationId":"UserKey","responses":{"201":{"$ref":"#\/components\/responses\/201Key"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/public\/key":{"post":{"summary":"Use key to get authentication token","description":"Use key to get authentication token","tags":["Key"],"security":[],"operationId":"AuthByKey","requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"key":{"type":"string","description":"key was got using \/self\/key or \/user\/{user_id}\/key handles"}},"required":["key"]}}}},"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"400":{"$ref":"#\/components\/responses\/400UnknownKey"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/public\/recovery_password":{"post":{"summary":"Recovery user password by email","description":"Generate confirmation token and send to user email","tags":["Users"],"security":[],"operationId":"ResetPassword","requestBody":{"$ref":"#\/components\/requestBodies\/ResetPassword"},"responses":{"200":{"$ref":"#\/components\/responses\/200EmailSent"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/public\/confirmation\/{confirmation_id}\/change_password":{"post":{"summary":"Change password by confirmation token","description":"Use confirmation received by mail to change user password","tags":["Users"],"security":[],"operationId":"ChangePasswordByConfirmation","parameters":[{"$ref":"#\/components\/parameters\/ConfirmationId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/ChangePasswordByConfirmation"},"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/public\/confirmation\/{confirmation_id}\/invite_user":{"post":{"summary":"Activate invited user by confirmation token","description":"Use confirmation received by mail to activate user","tags":["Users"],"security":[],"operationId":"ActivateUserByConfirmation","parameters":[{"$ref":"#\/components\/parameters\/ConfirmationId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/ActivateUserByConfirmation"},"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/user\/{user_id}\/confirmation_id":{"post":{"summary":"Generate new confirmation token for user","description":"Generate new confirmation token for user with user_id. For internal use only.","tags":["Internal"],"security":[{"Internal":[]}],"operationId":"UserConfirmationToken","parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"201":{"$ref":"#\/components\/responses\/201Created"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/self\/2fa":{"post":{"summary":"Setup two factor authorization for current user","description":"After successful setup you will be forced to confirm your authentication token by secret code before using it","tags":["2FA"],"security":[{"Token":[]}],"operationId":"Setup2FA","requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"secret":{"type":"string","format":"base32","description":"It must be a base32 encoded sequence of 40 random bytes","minLength":64,"maxLength":64},"code":{"type":"integer","description":"Valid Multi-Factor verification 6-digit code"}},"required":["secret","code"]}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"delete":{"summary":"Turn off two factor authorization for current user","tags":["Token"],"security":[{"Token":[]}],"operationId":"DeleteSelf2FA","responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/user\/{user_id}\/2fa":{"delete":{"summary":"Turn off two factor authorization for selected user","tags":["2FA"],"security":[{"Token":[]}],"parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"operationId":"Delete2FAUser","responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/public\/token\/confirm":{"post":{"summary":"Confirm two factor authorization for current token","description":"If 2FA enable for current user you have to confirm your authorization token by calling this handle to use this token","tags":["2FA"],"security":[],"operationId":"TokenConfirm","requestBody":{"$ref":"#\/components\/requestBodies\/TokenConfirm"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/public\/2fa\/qrcode":{"post":{"summary":"Generate Google Authenticator PNG","description":"It is just generates PNG, no service data will be modified","tags":["2FA"],"security":[],"operationId":"GetQRCode","requestBody":{"$ref":"#\/components\/requestBodies\/GetQRCode"},"responses":{"200":{"description":"QR code image","content":{"image\/png":{"schema":{"type":"string","format":"binary"}}}},"400":{"$ref":"#\/components\/responses\/400BadRequest"}}}},"\/restrictions\/role":{"post":{"summary":"Change restrictions for some role","description":"Using this handler you can change authentification restrictiction policy for specific roles","operationId":"ChangeRoleRestrictions","tags":["Restrictions"],"security":[],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"attempts_max_count":{"type":"integer","description":"Maximum number of attempts for some role to get banned","example":10,"nullable":true},"time_to_unban":{"type":"integer","description":"Which time in seconds, user will be banned","example":600},"time_between_attempts":{"type":"integer","description":"Time in seconds, for how long user should wait, after incorrect login.","example":1},"attempts_counting_duration":{"type":"integer","description":"Specifies TTL (in seconds) for login attempts (e.g. after some time attempts will be reset to 0)","example":600},"role":{"type":"string","description":"User role starting with @","example":"@user"}},"additionalProperties":false,"required":["role"]}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}},"get":{"summary":"Get list of role restrictions","operationId":"GetRoleRestrictionList","description":"Using this for get list of role restrictions","tags":["Restrictions"],"responses":{"200":{"$ref":"#\/components\/responses\/200Restrictions"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/restrictions\/ban":{"get":{"summary":"Get the list of banned users","tags":["Restrictions"],"operationId":"GetBannedUserList","description":"Using this for get list of benned users","responses":{"200":{"$ref":"#\/components\/responses\/200Bans"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"403":{"$ref":"#\/components\/responses\/403Forbidden"}}}},"\/restrictions\/ban\/{user_id}\/{user_ip}":{"delete":{"summary":"Unban user by user id \/ user ip.","tags":["Restrictions"],"operationId":"UnbanUserByIdIp","description":"Using this for unban user by id and ip","parameters":[{"$ref":"#\/components\/parameters\/UserId"},{"in":"path","name":"user_ip","required":true,"schema":{"type":"string"},"description":"Ip address of user.","example":"172.31.36.3"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/restrictions\/ban\/{ban_id}":{"delete":{"summary":"Unban user by ban id","tags":["Restrictions"],"operationId":"UnbanUserById","description":"Using this for unban user by id","parameters":[{"in":"path","required":true,"name":"ban_id","schema":{"type":"integer"},"description":"Unique id of ban.","example":666}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"403":{"$ref":"#\/components\/responses\/403Forbidden"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/self\/2fa\/reserve\/generate":{"post":{"summary":"Generate a set of reserve codes","description":"Each code can be used once only instead of 2fa code","tags":["2FA"],"security":[{"Token":[]}],"operationId":"GenerateReserveCodes","requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"200":{"description":"Array of codes","content":{"application\/json":{"schema":{"type":"object","properties":{"codes":{"type":"array","items":{"type":"string","x-faker":{"datatype.number":{"min":100001,"max":999999}}}}}}}}}}}},"\/time":{"get":{"summary":"Get current server time","description":"The handler returns current time of the server (UTC timezone by default, it's controlling by docker container timezone)","tags":["Time"],"operationId":"Time","deprecated":true,"responses":{"200":{"description":"Current server time is received","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/Time"}}}}}}}}}},"\/setting\/{name}":{"get":{"summary":"Get global setting","operationId":"GetSetting","description":"Getting global setting value by name","tags":["Setting"],"parameters":[{"$ref":"#\/components\/parameters\/SettingName"}],"responses":{"200":{"$ref":"#\/components\/responses\/200SettingGet"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"post":{"summary":"Add and edit global setting","description":"Handler allows add and edit setting with name that controlled by the handler","tags":["Setting"],"security":[],"parameters":[{"$ref":"#\/components\/parameters\/SettingName"}],"operationId":"SettingName","requestBody":{"$ref":"#\/components\/requestBodies\/EditSetting"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"delete":{"summary":"Remove global setting","description":"Removes global setting (only for settings that allowed by handler)","operationId":"DeleteSetting","tags":["Setting"],"security":[],"parameters":[{"$ref":"#\/components\/parameters\/SettingName"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/self\/setting\/{name}":{"post":{"summary":"Add settings for current user","description":"Adding settings for current user. This handler is used for Frontend needs. Do not use it if you don't know what you are doing","tags":["Users"],"security":[{"Token":[]}],"operationId":"CreateSelfSetting","parameters":[{"$ref":"#\/components\/parameters\/UserSettingName"}],"requestBody":{"$ref":"#\/components\/requestBodies\/CreateSelfSetting"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"get":{"summary":"Get current user settings by the setting name","tags":["Users"],"security":[{"Token":[]}],"operationId":"GetSelfSetting","parameters":[{"$ref":"#\/components\/parameters\/UserSettingName"}],"responses":{"200":{"$ref":"#\/components\/responses\/200SelfSetting"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/self\/sshkey":{"post":{"summary":"Add public SSH key for current user","tags":["Users"],"security":[{"Token":[]}],"operationId":"CreateSelfSshkey","requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","additionalProperties":false,"description":"Public SSH key parameters for adding","required":["name","ssh_pub_key"],"properties":{"name":{"type":"string","maxLength":255,"description":"SSH key name","example":"My laptop key"},"ssh_pub_key":{"type":"string","format":"sshkey","description":"Public SSH key","example":"ssh-rsa XXXXXXX my@laptop.local"}}}}}},"responses":{"201":{"$ref":"#\/components\/responses\/201Created"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"get":{"summary":"Get current user public SSH keys","tags":["Users"],"parameters":[{"$ref":"#\/components\/parameters\/ListFilter"},{"$ref":"#\/components\/parameters\/ListWhere"},{"$ref":"#\/components\/parameters\/ListOrderBy"},{"$ref":"#\/components\/parameters\/ListLimit"},{"$ref":"#\/components\/parameters\/ListAction"}],"security":[{"Token":[]}],"operationId":"ListSelfSshkey","responses":{"200":{"$ref":"#\/components\/responses\/200ListSshkey"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/self\/sshkey\/{key_id}":{"post":{"summary":"Edit current user public SSH key","tags":["Users"],"security":[{"Token":[]}],"operationId":"EditSelfSshkey","parameters":[{"$ref":"#\/components\/parameters\/SshKeyId"}],"requestBody":{"required":true,"content":{"application\/json":{"schema":{"type":"object","additionalProperties":false,"description":"Public SSH key parameters for editing","properties":{"name":{"type":"string","maxLength":255,"description":"SSH key name","example":"My laptop key"}}}}}},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"get":{"summary":"Get current user public SSH key","tags":["Users"],"security":[{"Token":[]}],"operationId":"GetSelfSshkey","parameters":[{"$ref":"#\/components\/parameters\/SshKeyId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200GetSshkey"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"delete":{"summary":"Remove current user public SSH key","tags":["Users"],"security":[{"Token":[]}],"operationId":"DeleteSshkey","parameters":[{"$ref":"#\/components\/parameters\/SshKeyId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/user\/{user_id}\/sshkey":{"get":{"summary":"Get provided user public SSH keys","tags":["Users"],"security":[{"Token":[]}],"operationId":"ListUserSshkey","parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200ListSshkey"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/rbac":{"get":{"summary":"Enumerate RBAC roles","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"ListRbac","responses":{"200":{"$ref":"#\/components\/responses\/200ListRbac"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"post":{"summary":"Create RBAC role","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"CreateRbac","requestBody":{"$ref":"#\/components\/requestBodies\/EditRbac"},"responses":{"201":{"$ref":"#\/components\/responses\/201Created"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/rbac\/{rbac_id}":{"get":{"summary":"Get RBAC role","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"GetRbac","parameters":[{"$ref":"#\/components\/parameters\/RbacId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200GetRbac"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"post":{"summary":"Edit RBAC role","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"EditRbac","parameters":[{"$ref":"#\/components\/parameters\/RbacId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/EditRbac"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"delete":{"summary":"Delete RBAC role","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"DeleteRbac","parameters":[{"$ref":"#\/components\/parameters\/RbacId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/rbac\/{rbac_id}\/group":{"post":{"summary":"Assign RBAC role to the group","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"AssignRbacGroup","parameters":[{"$ref":"#\/components\/parameters\/RbacId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/AddItem"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"get":{"summary":"Get RBAC role group list","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"GetRbacGroupList","parameters":[{"$ref":"#\/components\/parameters\/RbacId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200RbacGroups"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/rbac\/{rbac_id}\/user":{"post":{"summary":"Assign RBAC role to user","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"AssignRbac","parameters":[{"$ref":"#\/components\/parameters\/RbacId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/AddItem"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}},"get":{"summary":"Get RBAC role user list","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"GetRbacUserList","parameters":[{"$ref":"#\/components\/parameters\/RbacId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200ORbacUser"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/rbac\/{rbac_id}\/group\/{group_id}":{"delete":{"summary":"Unassign RBAC role from group","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"UnassignRbacGroup","parameters":[{"$ref":"#\/components\/parameters\/RbacId"},{"$ref":"#\/components\/parameters\/GroupId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/rbac\/{rbac_id}\/user\/{user_id}":{"delete":{"summary":"Unassign RBAC role from user","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"UnassignRbac","parameters":[{"$ref":"#\/components\/parameters\/RbacId"},{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/user\/{user_id}\/rbac":{"get":{"summary":"Get RBAC role user list for selected user","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"GetUserRbacList","parameters":[{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Objects"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/self\/privilege":{"get":{"summary":"Get privilege for self","tags":["RBAC"],"security":[{"Token":[]}],"operationId":"GetSelfPrivilege","responses":{"200":{"$ref":"#\/components\/responses\/200Privilege"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/public\/sso":{"get":{"summary":"Get information needed to use SSO","tags":["OIDC"],"security":[],"operationId":"GetPublicSSO","responses":{"200":{"$ref":"#\/components\/responses\/200PublicSSO"}}}},"\/public\/oidc":{"post":{"summary":"Method handling redirects from the SSO","tags":["OIDC"],"security":[],"operationId":"HandlePublicOIDC","requestBody":{"$ref":"#\/components\/requestBodies\/CompleteOIDC"},"responses":{"201":{"$ref":"#\/components\/responses\/201Token"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"403":{"$ref":"#\/components\/responses\/403IpForbidden"}}}},"\/sso":{"get":{"summary":"Get current SSO configuration","tags":["OIDC"],"operationId":"GetSSO","responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"$ref":"#\/components\/responses\/200SSO"}}},"post":{"summary":"Update current SSO configuration","tags":["OIDC"],"operationId":"SetSSO","requestBody":{"$ref":"#\/components\/requestBodies\/SSO"},"responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"200":{"$ref":"#\/components\/responses\/200Ok"}}},"delete":{"summary":"Reset current SSO configuration","tags":["OIDC"],"operationId":"ResetSSO","responses":{"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"200":{"$ref":"#\/components\/responses\/200Ok"}}}},"\/lang":{"get":{"summary":"Get language setting","operationId":"GetLanguageName","description":"Getting language setting","tags":["Language"],"responses":{"200":{"$ref":"#\/components\/responses\/200LanguageSettingGet"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"post":{"summary":"Set language settings","operationId":"EditAllLanguagesSettings","description":"Set all languages settings including default","tags":["Language"],"requestBody":{"$ref":"#\/components\/requestBodies\/LanguageSettings"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/public\/lang":{"get":{"summary":"Get language setting","operationId":"GetLanguageName","description":"Getting language setting","tags":["Language"],"responses":{"200":{"$ref":"#\/components\/responses\/200LanguageSettingGet"}}}},"\/lang\/{lang}":{"post":{"summary":"Edit language setting properies","description":"Handler allows edit language setting properies","tags":["Language"],"security":[],"parameters":[{"$ref":"#\/components\/parameters\/LanguageName"}],"operationId":"SetLanguageProperties","requestBody":{"$ref":"#\/components\/requestBodies\/LanguageProperties"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/ldap":{"get":{"tags":["LDAP"],"summary":"Get list of integrated LDAP servers","description":"Get full list of integrated LDAP servers","operationId":"GetLdapList","responses":{"200":{"$ref":"#\/components\/responses\/200LdapList"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"post":{"tags":["LDAP"],"summary":"Create new LDAP integration","description":"Makes new LDAP integration","operationId":"CreateLdap","requestBody":{"$ref":"#\/components\/requestBodies\/EditLdap"},"responses":{"201":{"$ref":"#\/components\/responses\/201Created"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"400":{"$ref":"#\/components\/responses\/400BadRequest"}}}},"\/public\/ldap":{"get":{"tags":["LDAP"],"summary":"Get list of integrated LDAP servers (only public data)","description":"Get full list of integrated LDAP servers (only public data)","operationId":"GetPublicLdapList","responses":{"200":{"$ref":"#\/components\/responses\/200PublicLdapList"}}}},"\/ldap\/sync":{"post":{"tags":["LDAP"],"summary":"Pull users from all LDAP servers","description":"Syncing users from all integrated LDAP servers to platform","operationId":"SyncAll","requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/ldap\/groups":{"post":{"tags":["LDAP"],"summary":"Get list of groups","description":"Get list of groups for LDAP server was not registered in the platform","operationId":"CheckLdapGroups","requestBody":{"$ref":"#\/components\/requestBodies\/CheckLdapGroups"},"responses":{"200":{"$ref":"#\/components\/responses\/200LdapGroups"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"400":{"$ref":"#\/components\/responses\/400BadRequest"}}}},"\/ldap\/users":{"post":{"tags":["LDAP"],"summary":"Get list of users","description":"Returns list of the changes that will be applied to the user database after syncing","operationId":"CheckLdapUsers","requestBody":{"$ref":"#\/components\/requestBodies\/CheckLdapUsers"},"responses":{"200":{"$ref":"#\/components\/responses\/200LdapUsersToSync"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"400":{"$ref":"#\/components\/responses\/400BadRequest"}}}},"\/ldap\/{ldap_id}":{"get":{"tags":["LDAP"],"summary":"Get LDAP settings","description":"Get LDAP settings for the selected LDAP server","operationId":"GetLdapSettings","parameters":[{"$ref":"#\/components\/parameters\/LdapId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200LdapSettings"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"post":{"tags":["LDAP"],"summary":"Change LDAP settings","description":"Update settings for the selected LDAP server","operationId":"EditLdap","parameters":[{"$ref":"#\/components\/parameters\/LdapId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/EditLdap"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"},"400":{"$ref":"#\/components\/responses\/400BadRequest"}}},"delete":{"tags":["LDAP"],"summary":"Drop selected LDAP integration","description":"Delete LDAP settings and disactivates all it's users","operationId":"DeleteLdap","parameters":[{"$ref":"#\/components\/parameters\/LdapId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/ldap\/{ldap_id}\/groups":{"get":{"tags":["LDAP"],"summary":"Get list of groups","description":"Get list of groups for the selected LDAP server","operationId":"GetLdapGroups","parameters":[{"$ref":"#\/components\/parameters\/LdapId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200LdapGroups"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/ldap\/{ldap_id}\/sync":{"get":{"tags":["LDAP"],"parameters":[{"$ref":"#\/components\/parameters\/LdapId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200LdapUsersToSync"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"post":{"tags":["LDAP"],"summary":"Sync platform users with selected LDAP server","description":"Fetch users for selected groups and compare it with database","operationId":"setting_post_setting_post","parameters":[{"$ref":"#\/components\/parameters\/LdapId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/ldap\/{ldap_id}\/migrate":{"post":{"tags":["LDAP"],"summary":"Migrate LDAP server to use new implementation","description":"Migrate users from email to username@domain","operationId":"MigrateLdap","parameters":[{"$ref":"#\/components\/parameters\/LdapId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/Empty"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"409":{"$ref":"#\/components\/responses\/409Conflict"}}}},"\/ldap\/{ldap_id}\/rbac\/{rbac_id}":{"get":{"tags":["LDAP"],"parameters":[{"$ref":"#\/components\/parameters\/LdapId"},{"$ref":"#\/components\/parameters\/RbacId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200LdapGroups"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"post":{"tags":["LDAP"],"summary":"Link LDAP groups to RBAC role","description":"Associates LDAP groups of selected LDAP integration with selected RBAC role","operationId":"EditLdap2Rbac","parameters":[{"$ref":"#\/components\/parameters\/LdapId"},{"$ref":"#\/components\/parameters\/RbacId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/LdapGroups"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"delete":{"tags":["LDAP"],"summary":"Drop link between LDAP groups and RBAC role","description":"Delete assotiation between LDAP groups of selected LDAP integration and selected RBAC role","operationId":"DropLdap2Rbac","parameters":[{"$ref":"#\/components\/parameters\/LdapId"},{"$ref":"#\/components\/parameters\/RbacId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/ldap\/{ldap_id}\/group\/{group_id}":{"get":{"tags":["LDAP"],"parameters":[{"$ref":"#\/components\/parameters\/LdapId"},{"$ref":"#\/components\/parameters\/GroupId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200LdapGroups"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"post":{"tags":["LDAP"],"summary":"Link LDAP groups to group","description":"Associates LDAP groups of selected LDAP integration with selected group","operationId":"EditLdap2Group","parameters":[{"$ref":"#\/components\/parameters\/LdapId"},{"$ref":"#\/components\/parameters\/GroupId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/LdapGroups"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"delete":{"tags":["LDAP"],"summary":"Drop link between LDAP groups and group","description":"Delete assotiation between LDAP groups of selected LDAP integration and selected group","operationId":"DropLdap2Group","parameters":[{"$ref":"#\/components\/parameters\/LdapId"},{"$ref":"#\/components\/parameters\/GroupId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/group":{"get":{"summary":"Get list of all groups","tags":["Group"],"operationId":"GetGroupList","responses":{"200":{"$ref":"#\/components\/responses\/200GroupList"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"post":{"summary":"Create new group","tags":["Group"],"operationId":"CreateGroup","requestBody":{"$ref":"#\/components\/requestBodies\/GroupEdit"},"responses":{"201":{"$ref":"#\/components\/responses\/201Created"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}}},"\/group\/{group_id}":{"get":{"summary":"Get group details","tags":["Group"],"operationId":"GetGroupSettings","parameters":[{"$ref":"#\/components\/parameters\/GroupId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200GroupSettings"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"delete":{"summary":"Delete selected group","tags":["Group"],"operationId":"DeleteGroup","parameters":[{"$ref":"#\/components\/parameters\/GroupId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}},"post":{"summary":"Update selected group settings","tags":["Group"],"operationId":"EditGroup","parameters":[{"$ref":"#\/components\/parameters\/GroupId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/GroupEdit"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/group\/{group_id}\/user":{"get":{"summary":"Get users of selected group","tags":["Group"],"operationId":"GetGroupUsers","parameters":[{"$ref":"#\/components\/parameters\/GroupId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Objects"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"post":{"summary":"Add user to selected group","tags":["Group"],"operationId":"AddUserToGroup","parameters":[{"$ref":"#\/components\/parameters\/GroupId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/AddItem"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/group\/{group_id}\/user\/{user_id}":{"delete":{"summary":"Remove user from selected group","tags":["Group"],"parameters":[{"$ref":"#\/components\/parameters\/GroupId"},{"$ref":"#\/components\/parameters\/UserId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/group\/{group_id}\/rbac":{"get":{"summary":"Get RBAC roles of selected group","tags":["Group"],"operationId":"GetGroupRbac","parameters":[{"$ref":"#\/components\/parameters\/GroupId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Objects"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"}}},"post":{"summary":"Add RBAC role to selected group","tags":["Group"],"operationId":"AddRbacToGroup","parameters":[{"$ref":"#\/components\/parameters\/GroupId"}],"requestBody":{"$ref":"#\/components\/requestBodies\/AddItem"},"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"400":{"$ref":"#\/components\/responses\/400BadRequest"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/group\/{group_id}\/rbac\/{rbac_id}":{"delete":{"summary":"Remove RBAC role from selected group","tags":["Group"],"parameters":[{"$ref":"#\/components\/parameters\/GroupId"},{"$ref":"#\/components\/parameters\/RbacId"}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"},"401":{"$ref":"#\/components\/responses\/401Unauthorized"},"404":{"$ref":"#\/components\/responses\/404NotFound"}}}},"\/public\/token\/{token_id}":{"delete":{"summary":"Remove token","description":"Most tokens has limited lifetime. But if you want to revoke access for some integrated applications or users you can manually remove their tokens","operationId":"DeleteToken","tags":["Token"],"security":[{"Token":[]},{"Internal":[]}],"parameters":[{"in":"path","name":"token_id","required":true,"description":"Token id or value","schema":{"type":"string"}}],"responses":{"200":{"$ref":"#\/components\/responses\/200Ok"}}}}},"components":{"requestBodies":{"AddItem":{"required":true,"content":{"application\/json":{"schema":{"type":"number","description":"Item ID","example":123456}}}},"GroupEdit":{"required":true,"content":{"application\/json":{"schema":{"type":"object","additionalProperties":false,"properties":{"name":{"type":"string","description":"Group name","example":"my_group"},"ip_list":{"type":"array","items":{"type":"string","format":"ipnet","description":"IP addresses of servers allowed to login from","example":"192.168.0.1"}}},"required":["name","ip_list"]}}}},"CheckLdapGroups":{"required":true,"content":{"application\/json":{"schema":{"type":"object","additionalProperties":true,"required":["base_dn","address","bind_dn"],"properties":{"ldap":{"type":"integer","title":"Ldap ID","description":"Registered LDAP server id to get password from","example":1},"base_dn":{"type":"string","title":"Base Dn","description":"Base Distinguished Name - the search will be started from such catalog object","example":"dc=example,dc=com"},"address":{"type":"string","title":"Address","description":"LDAP server address","example":"192.168.0.5"},"bind_dn":{"type":"string","title":"Bind Dn","description":"The bind user DN with database read right","example":"cn=admin,dc=example,dc=com"},"password":{"type":"string","title":"Password","description":"The bind user password","example":"PaSSwOrd"},"groups_dn":{"type":"string","title":"Groups Dn","description":"The part for searching groups with base DN","example":"cn=groups"},"type":{"type":"string","enum":["ldap","active_directory","free_ipa","ald_pro"],"description":"Type of LDAP server. If AD or FreeIPA some arguments could not be send, i.e. users DN","default":"ldap","example":"ldap"},"port":{"type":"integer","title":"Port","description":"LDAP server port","default":389,"example":389},"is_ssl":{"type":"boolean","title":"Is Ssl","description":"LDAP ssl connection","default":false,"example":false}}}}}},"CheckLdapUsers":{"required":true,"content":{"application\/json":{"schema":{"type":"object","additionalProperties":true,"required":["base_dn","address","bind_dn","groups_bind"],"properties":{"ldap":{"type":"integer","title":"Ldap ID","description":"Registered LDAP server id","example":1},"base_dn":{"type":"string","title":"Base Dn","description":"Base Distinguished Name - the search will be started from such catalog object","example":"dc=example,dc=com"},"address":{"type":"string","title":"Address","description":"LDAP server address","example":"192.168.0.5"},"bind_dn":{"type":"string","title":"Bind Dn","description":"The bind user DN with database read right","example":"cn=admin,dc=example,dc=com"},"password":{"type":"string","title":"Password","description":"The bind user password","example":"PaSSwOrd"},"users_dn":{"type":"string","title":"Users Dn","description":"The part for searching users with base DN","example":"cn=accounts"},"type":{"type":"string","enum":["ldap","active_directory","free_ipa","ald_pro"],"description":"Type of LDAP server. If AD or FreeIPA some arguments could not be send, i.e. users DN","default":"ldap","example":"ldap"},"port":{"type":"integer","title":"Port","description":"LDAP server port","default":389,"example":389},"is_ssl":{"type":"boolean","title":"Is Ssl","description":"LDAP ssl connection","default":false,"example":false},"groups_bind":{"type":"object","additionalProperties":{"items":{"type":"string"},"type":"array"},"title":"Groups Bind","description":"List of bind groups in LDAP","example":"{\"@admin\": [\"cn=admins,cn=groups,dc=example,dc=com\"]}"},"groups_bind_rbac":{"type":"object","additionalProperties":{"items":{"type":"string"},"type":"array"},"title":"Groups Bind","description":"List of bind groups in LDAP","example":"{\"1\": [\"cn=admins,cn=groups,dc=example,dc=com\"]}"},"groups_bind_group":{"type":"object","additionalProperties":{"items":{"type":"string"},"type":"array"},"title":"Groups Bind","description":"List of bind groups in LDAP","example":"{\"1\": [\"cn=admins,cn=groups,dc=example,dc=com\"]}"},"groupname_attr":{"type":"string","title":"Groupname Attr","description":"The name of group attribute for users searching","example":"memberOf"},"email_attr":{"type":"string","title":"Email Attr","description":"The name of email attribute for users searching","example":"mail"},"blocked_attr":{"type":"string","title":"Blocked Attr","description":"The name of blocked attribute for users searching","example":"nsaccountlock"}}}}}},"EditLdap":{"required":true,"content":{"application\/json":{"schema":{"type":"object","additionalProperties":false,"required":["name","settings"],"properties":{"name":{"type":"string","title":"LDAP integration name","description":"Abstract integration description","example":"default"},"comment":{"type":"string","title":"LDAP integration commentary","description":"Abstract integration description","example":"default"},"settings":{"type":"object","additionalProperties":false,"required":["base_dn","address","bind_dn","groups_bind"],"properties":{"base_dn":{"type":"string","title":"Base Dn","description":"Base Distinguished Name - the search will be started from such catalog object","example":"dc=example,dc=com"},"address":{"type":"string","title":"Address","description":"LDAP server address","example":"192.168.0.5"},"bind_dn":{"type":"string","title":"Bind Dn","description":"The bind user DN with database read right","example":"cn=admin,dc=example,dc=com"},"password":{"type":"string","title":"Password","description":"The bind user password","example":"PaSSwOrd"},"users_dn":{"type":"string","title":"Users Dn","description":"The part for searching users with base DN","example":"cn=users"},"groups_dn":{"type":"string","title":"Groups Dn","description":"The part for searching groups with base DN","example":"cn=groups"},"groupname_attr":{"type":"string","title":"Groupname Attr","description":"The name of group attribute for users searching","example":"memberOf"},"email_attr":{"type":"string","title":"Email Attr","description":"The name of email attribute for users searching","example":"mail"},"blocked_attr":{"type":"string","title":"Blocked Attr","description":"The name of blocked attribute for users searching","example":"nsaccountlock"},"type":{"type":"string","enum":["ldap","active_directory","free_ipa","ald_pro"],"description":"Type of LDAP server. If AD or FreeIPA some arguments could not be send, i.e. users DN","default":"ldap","example":"ldap"},"port":{"type":"integer","title":"Port","description":"LDAP server port","default":389,"example":389},"is_ssl":{"type":"boolean","title":"Is Ssl","description":"LDAP ssl connection","default":false,"example":false},"groups_bind":{"type":"object","additionalProperties":{"items":{"type":"string"},"type":"array"},"title":"Groups Bind","description":"List of bind groups in LDAP","example":"{\"@admin\": [\"cn=admins,cn=groups,dc=example,dc=com\"]}"},"auto_sync":{"nullable":true,"type":"string","title":"Auto Sync","description":"The automatically syncing period. Use cron format or null","example":"0 16 * * *"}}}}}}}},"SSO":{"required":true,"content":{"application\/json":{"schema":{"type":"object","nullable":true,"properties":{"discovery_uri":{"type":"string","format":"uri","description":"Link to the OIDC provider's configuration","example":"https:\/\/api.multifactor.ru\/.well-known\/openid-configuration"},"redirect_uri":{"type":"string","format":"uri","description":"The uri, SSO provider should redirect to"},"email_verified":{"type":"boolean","description":"Does email need to be verified in the SSO service","default":false},"client_id":{"type":"string","description":"Internal value to be fed to the OIDC provider"},"client_secret":{"type":"string","description":"Internal value to be fed to the OIDC provider"}},"required":["discovery_uri","redirect_uri","email_verified","client_id","client_secret"],"additionalProperties":false}}}},"CompleteOIDC":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"code":{"type":"string","description":"Authorization code"}},"required":["code"],"additionalProperties":false}}}},"EditSetting":{"required":true,"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/EditSettingRequest"}}}},"Acl":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"ip_list":{"type":"array","items":{"type":"string","format":"iprange","example":"192.168.0.0\/16"}}},"required":["ip_list"]}}}},"TrustedServers":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"header":{"type":"string","pattern":"^[a-zA-Z0-9-_]+$","example":"CF-Connecting-IP","description":"Name of the header containing the real ip of a client"},"ips":{"type":"array","items":{"type":"string","format":"ipnet","example":"10.0.0.0\/24","description":"List of ips optionally including masks"}}},"required":["header","ips"],"additionalProperties":false}}}},"Empty":{"content":{"application\/json":{"schema":{"additionalProperties":false,"properties":[],"type":"object"}}}},"CreateUser":{"content":{"application\/json":{"schema":{"type":"object","properties":{"email":{"type":"string","format":"email","maxLength":255,"description":"User E-Mail will be used as login name","example":"admin@example.com","x-faker":"internet.email"},"full_name":{"type":"string","maxLength":255,"description":"User first and last name","example":"John Smith"},"phone_number":{"type":"string","example":"+481231231212"},"password":{"type":"string","format":"password","writeOnly":true,"minLength":8,"description":"We save only hash so nobody can read it. But you can restore your password using E-Mail"},"roles":{"description":"Set of the roles for \"src\" service","type":"array","items":{"type":"string"},"minItems":1,"default":["@user"]},"auth_source":{"type":"string","default":"local","enum":["local","ldap"],"description":"Auth source for authentication"},"email_confirm":{"type":"boolean","default":false,"description":"Is email confirmed"},"timezone":{"type":"string","description":"Custom timezone for current user","maxLength":64,"pattern":"^[-_A-Za-z0-9\\\/]+$","example":"Asia\/Irkutsk","x-faker":{"helpers.arrayElement":[["Asia\/Irkutsk","Pacific\/Niue","Pacific\/Pitcairn"]]}},"lang":{"description":"The user interface language","type":"string","enum":["en","es","ru","es"],"example":"en"}},"required":["email"],"additionalProperties":false}}}},"EditUser":{"content":{"application\/json":{"schema":{"type":"object","properties":{"full_name":{"type":"string","maxLength":255,"description":"User first and last name","example":"John Smith"},"roles":{"type":"array","items":{"type":"string"},"minItems":1},"auth_source":{"type":"string","enum":["local","ldap"],"description":"Auth source for authentication"},"email_confirm":{"type":"boolean","description":"Is email confirmed"},"lang":{"description":"The user interface language","type":"string","enum":["en","es","ru","es"],"example":"en"},"timezone":{"type":"string","description":"Custom timezone for current user","maxLength":64,"pattern":"^[-_A-Za-z0-9\\\/]+$","example":"Asia\/Irkutsk","x-faker":{"helpers.arrayElement":[["Asia\/Irkutsk","Pacific\/Niue","Pacific\/Pitcairn"]]}}}}}}},"InstanceUserImport":{"content":{"application\/json":{"schema":{"type":"object","properties":{"email":{"type":"string","format":"email","maxLength":255,"description":"User E-Mail will be used as login name"},"encrypted_password":{"type":"string","format":"password","writeOnly":true,"minLength":8,"description":"It must be an encrypted string. We save it as is."},"roles":{"description":"Set of the roles for \"src\" service","type":"array","items":{"type":"string"},"minItems":1},"email_confirm":{"type":"boolean","default":false,"description":"Is email confirmed"},"state":{"type":"string","enum":["active","disabled"],"description":"User state","example":"active","x-faker":{"helpers.arrayElement":[["active"]]}}},"required":["email","encrypted_password","roles"],"additionalProperties":false}}}},"ResetPassword":{"content":{"application\/json":{"schema":{"type":"object","properties":{"email":{"type":"string","format":"email","description":"User E-Mail","example":"admin@example.com"},"product":{"type":"string","description":"Product name","example":"vm"}},"required":["email","product"],"additionalProperties":false}}}},"ChangePasswordByConfirmation":{"content":{"application\/json":{"schema":{"type":"object","properties":{"password":{"type":"string","format":"password","minLength":8,"description":"New password"}},"required":["password"],"additionalProperties":false}}}},"ActivateUserByConfirmation":{"content":{"application\/json":{"schema":{"type":"object","properties":{"password":{"type":"string","format":"password","minLength":8,"description":"User password"},"lang":{"description":"The user interface language","type":"string","enum":["en","es","ru","es"],"default":"en"}},"required":["password"],"additionalProperties":false}}}},"GetQRCode":{"content":{"application\/json":{"schema":{"type":"object","properties":{"name":{"type":"string","description":"Name of the token in google authenticator"},"secret":{"type":"string","format":"base32","description":"It must be a base32 encoded sequence of 40 random bytes","minLength":64,"maxLength":64},"size":{"type":"integer","minimum":177,"maximum":1024,"default":256},"recovery":{"type":"string","enum":["low","medium","high","highest"],"default":"medium"}},"required":["name","secret"]}}}},"TokenConfirm":{"content":{"application\/json":{"schema":{"type":"object","properties":{"token":{"type":"string","description":"Token that was got using \/public\/token function"},"code":{"type":"integer","description":"Valid Multi-Factor verification 6-digit code"},"reserve_code":{"type":"string","description":"Reserve code for token verification"}},"required":["token"]}}}},"CreateSelfSetting":{"required":true,"content":{"application\/json":{"schema":{"type":"object","additionalProperties":true,"nullable":true,"description":"User settings","example":{"columns":[{"key":"name","fixed":false,"width":150},{"key":"owner","fixed":false,"width":160},{"key":"note","fixed":false,"width":35}],"compact":false}}}}},"EditRbac":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"name":{"type":"string","description":"RBAC role name","example":"my role","maxLength":255},"descr":{"type":"string","description":"detailed RBAC role description","example":"It is my first role. Just for testing","maxLength":255},"roles":{"type":"array","description":"list of the classical roles","items":{"type":"string"}}},"required":["name","descr","roles"]}}}},"LdapGroups":{"required":true,"content":{"application\/json":{"schema":{"type":"object","required":["groups"],"properties":{"groups":{"type":"array","items":{"type":"string","example":"cn=admins,cn=groups,dc=example,dc=com"}}}}}}},"LanguageProperties":{"required":true,"content":{"application\/json":{"schema":{"type":"object","properties":{"enabled":{"type":"boolean","description":"Is language enabled"}},"required":["enabled"],"additionalProperties":false}}}},"LanguageSettings":{"required":true,"content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/LanguageSettingGet"}}}}},"responses":{"200GroupList":{"description":"List of groups","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/Group"}},"size":{"type":"number"}},"required":["list","size"]}}}},"200GroupSettings":{"description":"Group settings","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Group"}}}},"200RbacGroups":{"description":"List of the groups with selected RBAC role","content":{"application\/json":{"schema":{"type":"object","properties":{"size":{"type":"number","description":"Total item count before limiting them","example":2},"list":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Group ID","type":"number","example":1},"name":{"description":"Group name","type":"string","example":"group name"},"users":{"description":"Amount of the users in the group","type":"number","example":3}},"required":["id","name","users"],"additionalProperties":false}}}}}}},"200Objects":{"description":"Universal list of the objects","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Object ID","type":"number","example":1},"name":{"description":"Object name","type":"string","example":"object name"}},"required":["id","name"],"additionalProperties":false}}}}}}},"200Privilege":{"description":"Universal list of the objects","content":{"application\/json":{"schema":{"type":"array","items":{"type":"string","example":"string1"}}}}},"200ORbacUser":{"description":"RbacUser list of the objects","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"type":"object","properties":{"id":{"description":"Object ID","type":"number","example":1}},"required":["id"],"additionalProperties":true}}}}}}},"200LdapUsersToSync":{"description":"List of the users that will be synced","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"type":"object","properties":{"id":{"nullable":true,"type":"number","description":"User ID in the platform (null for new users)"},"email":{"type":"string","description":"User E-Mail (login)"},"groups":{"type":"array","items":{"type":"integer","example":1},"description":"id of user's group"},"2fa":{"type":"boolean","description":"is enable 2fa"},"roles":{"type":"array","items":{"type":"string","example":"@admin"},"description":"User roles list"},"status":{"type":"string","enum":["new","removed","changed","blocked","unblocked","updated"],"description":"What's gone be done with user: * `new` - New user adding or user data changing * `removed` - The user was removed in LDAP and will be blocked at platform * `blocked` - The user was blocked in LDAP and will be blocked at platform * `changed` - The user role was changed in LDAP and will be changed at platform * `unblocked` - The user was unblocked or created in LDAP and will be unblocked at platform * `updated` - The user was updated from LDAP after sync"}}}}}}}}},"200LdapSettings":{"description":"LDAP integration details","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/LdapSettingsWithRbac"}}}},"200LdapList":{"description":"List of the configured LDAP integrations","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/LdapSettings"}},"size":{"type":"number","description":"Total integrations count"}}}}}},"200PublicLdapList":{"description":"List of the configured LDAP integrations (only public data)","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/LdapPublic"}},"size":{"type":"number","description":"Total integrations count"}}}}}},"200LdapGroups":{"description":"List of LDAP groups that could be used to match user's groups in the platform","content":{"application\/json":{"schema":{"type":"object","required":["groups"],"properties":{"groups":{"type":"array","items":{"type":"string","example":"cn=admins,cn=groups,dc=example,dc=com"}}}}}}},"200PublicSSO":{"description":"Public information about configured SSO service. If it's null, then it's not configured","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/PublicSSO"}}}},"200SSO":{"description":"Private information about SSO configuration. If it's null, then it's not configured","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SSO"}}}},"200PublicRoleList":{"description":"You will receive the list of the roles","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/RoleList"}}}},"200Acl":{"description":"Response format for user ACL","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SelfAcl"}}}},"200Ok":{"description":"Request complete successfully","content":{"application\/json":{"schema":{"anyOf":[{"type":"object","additionalProperties":false},{"type":"boolean"}]}}}},"200ListRbacUsers":{"description":"List of the users in selected RBAC role","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"type":"object","properties":{"user":{"description":"User ID","type":"number"}},"required":["user"]}},"size":{"type":"number","description":"Size of the list"}},"required":["list","size"]}}}},"200ListUserRbac":{"description":"List of the RBAC roles for selected user","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"type":"object","properties":{"rbac":{"description":"RBAC role ID","type":"number"}},"required":["rbac"]}},"size":{"type":"number","description":"Size of the list"}},"required":["list","size"]}}}},"200InternalWhoami":{"description":"Response format for proxy service","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/InternalWhoami"}}}},"200Access":{"description":"Response format for proxy service","content":{"application\/json":{"schema":{"type":"boolean","description":"access","example":true}}}},"200Whoami":{"description":"THe session information","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Whoami"}}}},"200InstanceUserList":{"description":"You will receive the list of the instance users","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/UserListGet"}}}},"200UserGet":{"description":"The user details was get successfully","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/UserGet"}}}},"200SettingGet":{"description":"The global setting details was get successfully","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SettingGet"}}}},"200Bans":{"description":"You will receive the list of the bans","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Bans"}}}},"200Restrictions":{"description":"You will receive the list of the restrictictions","content":{"application\/json":{"schema":{"type":"array","items":{"$ref":"#\/components\/schemas\/Restriction"}}}}},"200Token":{"description":"First user token","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/GetFirstUserToken"}}}},"200LanguageSettingGet":{"description":"The language setting details was get successfully","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/LanguageSettingGet"}}}},"201Token":{"description":"New token was successfully created","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/TokenCreate"}}}},"201Key":{"description":"New key was successfully made","content":{"application\/json":{"schema":{"type":"object","properties":{"id":{"type":"number","description":"New key id. It is needed to match key in database (for debug purpose only)"},"key":{"type":"string","description":"New key. It can be used to get security token only. Keys do not saved in database as plaintext and can not be recovered if you lose it. You will have to make new one"}}}}}},"400UserExists":{"description":"Platform already has users in it","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}},"400UnknownKey":{"description":"Provided key is bad or already used","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}},"401Unauthorized":{"description":"Provided token was incorrect or expired","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}},"403Forbidden":{"description":"Current user have no rights to call this handler or view selected object properties","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}},"403IpForbidden":{"description":"Current user does not allowed to access using current IP","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}},"404NotFound":{"description":"Required object does not exists","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}},"409Conflict":{"description":"Conflict has occurred","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Error"}}}},"400BadRequest":{"description":"Provided parameters does not match with schema","content":{"application\/json":{"schema":{"allOf":[{"$ref":"#\/components\/schemas\/Error"},{"type":"object","properties":{"field":{"type":"string","description":"Field name that have filed the check"}}}]}}}},"500InternalError":{"description":"An unexpected error occurred","content":{"application\/json":{"schema":{"allOf":[{"$ref":"#\/components\/schemas\/Error"},{"type":"object","properties":{"field":{"type":"string","description":"Internal error in service"}}}]}}}},"201Created":{"description":"Required object was created","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/CreateTask"}}}},"201SettingCreated":{"description":"Required object was created","content":{"application\/json":{"schema":{"type":"object","properties":{"name":{"type":"string","description":"Unique global setting name"}}}}}},"200SelfSetting":{"description":"User settings","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SelfSetting"}}}},"200ListSshkey":{"description":"Public SSH keys list","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/ListSshkey"}}}},"200GetSshkey":{"description":"Public SSH key information","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/Sshkey"}}}},"200RoleList":{"description":"You will receive the list of all existing custom roles","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/GetRoleList"}}}},"200HandlesGet":{"description":"Get available handlers","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SelfHandles"}}}},"200SubRolesGet":{"description":"Get user subroles","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SelfSubroles"}}}},"200HasFirstUserGet":{"description":"Get first user response","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/HasFirstUser"}}}},"200SessionsGet":{"description":"User's session list","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/SessionList"}}}},"200EmailSent":{"description":"Email sent","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/EmailSent"}}}},"200GetRbac":{"description":"Get single RBAC role","content":{"application\/json":{"schema":{"$ref":"#\/components\/schemas\/RbacGet"}}}},"200ListRbac":{"description":"List RBAC roles","content":{"application\/json":{"schema":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/RbacGet"}}}}}}}},"schemas":{"Group":{"type":"object","properties":{"id":{"type":"number","description":"Group ID","example":1},"name":{"type":"string","description":"Group name","example":"my_group"},"ip_list":{"type":"array","items":{"type":"string","format":"ipnet","description":"List of ips optionally including networks","example":["10.0.0.0\/24"]}},"users":{"type":"number","description":"Number of users in the group","example":0},"rbac":{"type":"array","description":"RBAC roles","items":{"type":"object","properties":{"id":{"type":"number","description":"RBAC role ID","example":1},"name":{"type":"string","description":"RBAC role name","example":"My role"}}}}},"required":["id","name","ip_list","users"],"additionalProperties":false},"LdapSettings":{"type":"object","required":["last_sync","settings","id","name","comment","domain","users_count"],"properties":{"id":{"type":"number","description":"Unique LDAP integration id"},"name":{"type":"string","description":"LDAP integration name"},"comment":{"type":"string","description":"LDAP integration comment","example":"some comment"},"last_sync":{"type":"string","nullable":true,"description":"Last LDAP synchronization date"},"settings":{"type":"object","properties":{"base_dn":{"type":"string","title":"Base Dn","description":"Base Distinguished Name - the search will be started from such catalog object","example":"dc=example,dc=com"},"address":{"type":"string","title":"Address","description":"LDAP server address","example":"192.168.0.5"},"bind_dn":{"type":"string","title":"Bind Dn","description":"The bind user DN with database read right","example":"cn=admin,dc=example,dc=com"},"users_dn":{"nullable":true,"type":"string","title":"Users Dn","description":"The part for searching users with base DN","example":"cn=users"},"groups_dn":{"nullable":true,"type":"string","title":"Groups Dn","description":"The part for searching groups with base DN","example":"cn=groups"},"groupname_attr":{"nullable":true,"type":"string","title":"Groupname Attr","description":"The name of group attribute for users searching","example":"memberOf"},"email_attr":{"nullable":true,"type":"string","title":"Email Attr","description":"The name of email attribute for users searching","example":"mail"},"blocked_attr":{"nullable":true,"type":"string","title":"Blocked Attr","description":"The name of blocked attribute for users searching","example":"nsaccountlock"},"type":{"nullable":true,"type":"string","enum":["ldap","active_directory","free_ipa","ald_pro"],"description":"Type of LDAP server. If AD or FreeIPA some arguments could not be send, i.e. users DN","default":"ldap","example":"ldap"},"port":{"nullable":true,"type":"integer","title":"Port","description":"LDAP server port","default":389,"example":389},"is_ssl":{"nullable":true,"type":"boolean","title":"Is Ssl","description":"LDAP ssl connection","default":false,"example":false},"groups_bind":{"nullable":true,"type":"object","additionalProperties":{"items":{"type":"string"},"type":"array"},"title":"Groups Bind","description":"List of bind groups in LDAP","example":"{\"@admin\": [\"cn=admins,cn=groups,dc=example,dc=com\"]}"},"auto_sync":{"nullable":true,"type":"string","title":"Auto Sync","description":"The automatically syncing period. Use cron format or null","example":"0 16 * * *"}}},"domain":{"type":"string","description":"Domain name","example":"ispsystem.net"},"users_count":{"type":"integer","description":"Number of users from the LDAP","example":1}}},"LdapSettingsWithRbac":{"type":"object","required":["last_sync","settings","id","name","comment","domain","users_count","groups_bind_groups","groups_bind_rbac","groups_bind_rbac_from_groups"],"properties":{"id":{"type":"number","description":"Unique LDAP integration id"},"name":{"type":"string","description":"LDAP integration name"},"comment":{"type":"string","description":"LDAP integration comment","example":"some comment"},"last_sync":{"type":"string","nullable":true,"description":"Last LDAP synchronization date"},"settings":{"type":"object","properties":{"base_dn":{"type":"string","title":"Base Dn","description":"Base Distinguished Name - the search will be started from such catalog object","example":"dc=example,dc=com"},"address":{"type":"string","title":"Address","description":"LDAP server address","example":"192.168.0.5"},"bind_dn":{"type":"string","title":"Bind Dn","description":"The bind user DN with database read right","example":"cn=admin,dc=example,dc=com"},"users_dn":{"nullable":true,"type":"string","title":"Users Dn","description":"The part for searching users with base DN","example":"cn=users"},"groups_dn":{"nullable":true,"type":"string","title":"Groups Dn","description":"The part for searching groups with base DN","example":"cn=groups"},"groupname_attr":{"nullable":true,"type":"string","title":"Groupname Attr","description":"The name of group attribute for users searching","example":"memberOf"},"email_attr":{"nullable":true,"type":"string","title":"Email Attr","description":"The name of email attribute for users searching","example":"mail"},"blocked_attr":{"nullable":true,"type":"string","title":"Blocked Attr","description":"The name of blocked attribute for users searching","example":"nsaccountlock"},"type":{"nullable":true,"type":"string","enum":["ldap","active_directory","free_ipa","ald_pro"],"description":"Type of LDAP server. If AD or FreeIPA some arguments could not be send, i.e. users DN","default":"ldap","example":"ldap"},"port":{"nullable":true,"type":"integer","title":"Port","description":"LDAP server port","default":389,"example":389},"is_ssl":{"nullable":true,"type":"boolean","title":"Is Ssl","description":"LDAP ssl connection","default":false,"example":false},"groups_bind":{"nullable":true,"type":"object","additionalProperties":{"items":{"type":"string"},"type":"array"},"title":"Groups Bind","description":"List of bind groups in LDAP","example":"{\"@admin\": [\"cn=admins,cn=groups,dc=example,dc=com\"]}"},"auto_sync":{"nullable":true,"type":"string","title":"Auto Sync","description":"The automatically syncing period. Use cron format or null","example":"0 16 * * *"}}},"domain":{"type":"string","description":"Domain name","example":"ispsystem.net"},"users_count":{"type":"integer","description":"Number of users from the LDAP","example":1},"groups_bind_groups":{"type":"array","description":"list of auth groups linked to ldap groups dn","items":{"type":"object","properties":{"group_id":{"type":"integer","description":"Unique group identification","example":1},"group_name":{"type":"string","description":"Unique group Name","example":"some name"},"groups_bind":{"type":"array","description":"list of ldap groups dn","items":{"type":"string","description":"ldap group dn","example":"cn=admins,cn=groups,dc=example,dc=com"},"example":["cn=admins,cn=groups,dc=example,dc=com"]}},"required":["group_id","group_name","groups_bind"]}},"groups_bind_rbac":{"type":"array","description":"list of auth rbac roles linked to ldap groups dn","items":{"type":"object","properties":{"rbac_id":{"type":"integer","description":"Unique rbac identification","example":1},"rbac_name":{"type":"string","description":"Unique rbac Name","example":"some name"},"groups_bind":{"type":"array","description":"list of ldap groups dn","items":{"type":"string","description":"ldap group dn","example":"cn=admins,cn=groups,dc=example,dc=com"},"example":["cn=admins,cn=groups,dc=example,dc=com"]}},"required":["rbac_id","rbac_name","groups_bind"]}},"groups_bind_rbac_from_groups":{"type":"array","description":"list of auth rbac linked to ldap groups dn via auth groups","items":{"type":"object","properties":{"group_id":{"type":"integer","description":"Unique group identification","example":1},"group_name":{"type":"string","description":"Unique group Name","example":"some name"},"groups_bind":{"type":"array","description":"list of ldap groups dn","items":{"type":"string","description":"ldap group dn","example":"cn=admins,cn=groups,dc=example,dc=com"},"example":["cn=admins,cn=groups,dc=example,dc=com"]},"rbac":{"type":"array","description":"list of auth rbac roles linked to auth group","items":{"type":"object","properties":{"id":{"type":"integer","description":"Unique group identification","example":1},"name":{"type":"string","description":"Unique rbac Name","example":"some name"}},"required":["id","name"]}}},"required":["group_id","group_name","groups_bind"]}}}},"LdapPublic":{"type":"object","required":["id","name"],"properties":{"id":{"type":"number","description":"Unique LDAP integration id"},"name":{"type":"string","description":"LDAP integration name","example":"ispsystem.net"}}},"EditSettingRequest":{"type":"object","properties":{"value":{"type":"string","pattern":"^[-A-Za-z0-9\/]+","description":"Value of the setting"}},"required":["value"]},"RbacGet":{"type":"object","properties":{"name":{"type":"string","description":"Unique RBAC role name"},"descr":{"nullable":true,"type":"string","description":"detailed RBAC role description"},"roles":{"type":"array","description":"array of classical role name with access prefix","items":{"type":"string"}},"user_count":{"type":"number","description":"number of users with with this role","example":0}}},"AclGet":{"type":"object","properties":{"id":{"type":"number","description":"Unique internal user Id"},"name":{"type":"string","description":"Unique ACL name"},"ip_list":{"type":"array","items":{"type":"string","format":"iprange","description":"Single ip address, network or range"}},"members":{"type":"array","items":{"type":"string","description":"User name"}}}},"TrustedServers":{"type":"object","nullable":true,"properties":{"header":{"type":"string","pattern":"^[a-zA-Z0-9-_]+$","example":"CF-Connecting-IP","description":"Name of the header containing the real ip of a client"},"ips":{"type":"array","items":{"type":"string","format":"ipnet","example":"10.0.0.0\/24","description":"List of ips optionally including masks"}}}},"CreateTask":{"type":"object","properties":{"id":{"type":"number","description":"Unique object id"},"task":{"type":"string","description":"Task id. Most objects are not created immediately. In most cases when you receive result only record in database was created. To finish object creation system will create 'task'. Only when task will be finished object will be ready. You can wait task using its Id or watching for object itself (it is preferred way). For details you should read Notifier documentation"}},"required":["id"]},"InternalWhoami":{"type":"object","properties":{"owner_id":{"description":"Authorized owner. That value will be used to check access for this session.","type":"number","x-faker":{"datatype.number":{"min":1,"max":1}}},"trustee_id":{"description":"Authorized user. It contains ID of user was used to login to system. owner_id and trustee_id pair identifies list of current session roles. If owner and trustee is a same user this property can be omitted","type":"number","x-faker":{"datatype.number":{"min":1,"max":1}}},"roles":{"nullable":true,"description":"Current users roles. If it is null - no handle was found (no one role was permitted to call it)","type":"array","items":{"type":"string","x-faker":{"helpers.arrayElement":[["@user","@admin","@advanced_user"]]}}}},"required":["roles"]},"Whoami":{"type":"object","properties":{"owner_id":{"description":"Authorized owner. That value will be used to check access for this session.","type":"integer","example":4,"x-faker":{"helpers.arrayElement":[[1]]}},"owner_email":{"description":"Authorized owner email. That value will be used to check access for this session.","type":"string","example":"user@example.com","x-faker":"internet.email"},"trustee_id":{"description":"Authorized user. It contains ID of user was used to login to system. owner_id and trustee_id pair identifies list of current session roles. If owner and trustee is a same user this property can be omitted","type":"integer","example":4,"x-faker":{"helpers.arrayElement":[[1]]}},"trustee_email":{"description":"Authorized user email. It contains email of user was used to login to system.","type":"string","example":"admin@example.com","x-faker":"internet.email"},"roles":{"description":"Current user (owner) roles","type":"array","items":{"type":"string","example":"@user","x-faker":{"helpers.arrayElement":[["@user","@admin","@advanced_user","@rbac"]]}}},"rbac":{"description":"Current user (owner) RBAC roles","type":"array","items":{"type":"object","properties":{"id":{"type":"integer","description":"RBAC role identification","example":1,"x-faker":{"helpers.arrayElement":[[1]]}},"name":{"type":"string","description":"RBAC role name","example":1,"x-faker":{"helpers.arrayElement":[["rbac-role"]]}},"roles":{"type":"array","description":"RBAC role entries","items":{"type":"string","example":"some-role","x-faker":{"helpers.arrayElement":[[["some-role"]]]}}}},"x-faker":{"helpers.arrayElement":[[{"id":1,"name":"rbac-role","roles":[]}]]}}}}},"SelfHandles":{"type":"object","properties":{"handles":{"type":"object","example":{"auth_v4":{"delete":["\/user\/{user_id}"],"get":["\/user\/{user_id}"],"post":["\/user\/{user_id}"]}},"additionalProperties":true},"user_id":{"type":"integer","description":"User unique identifier","example":1}}},"SessionList":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/Session"}},"size":{"$ref":"#\/components\/schemas\/ListSize"}}},"Session":{"required":["client_ip","created_at","id","is_active","last_used","owner","roles","trustee","trustee_email","user_agent"],"type":"object","properties":{"client_ip":{"type":"string","example":"127.0.0.1","description":"Client IP","x-faker":"internet.ipv4"},"created_at":{"type":"string","description":"Session create time","example":"2024-11-15 10:12:10","x-faker":"datatype.datetime"},"id":{"type":"integer","description":"Session unique identifier","example":134,"x-faker":{"datatype.number":{"min":1,"max":999}}},"is_active":{"type":"boolean","description":"Session active flag","example":true},"last_used":{"type":"string","description":"Session last used time","example":"2024-11-15 10:12:10","x-faker":"datatype.datetime"},"owner":{"description":"Authorized user. It contains ID of user was used to login to system. owner_id and trustee_id pair identifies list of current session roles. If owner and trustee is a same user this property can be omitted","type":"number","example":564,"x-faker":{"datatype.number":{"min":1,"max":999}}},"roles":{"type":"array","items":{"type":"string","description":"Role name","example":"@user","x-faker":{"helpers.arrayElement":[["@user","@admin","@advanced_user"]]}},"description":"User roles for 'src' service"},"trustee":{"description":"Authorized user. It contains ID of user was used to login to system. owner_id and trustee_id pair identifies list of current session roles. If owner and trustee is a same user this property can be omitted","type":"number","example":564,"x-faker":{"datatype.number":{"min":1,"max":999}}},"trustee_email":{"description":"Authorized user email. It contains email of user was used to login to system.","type":"string","example":"admin@example.com","x-faker":"internet.email"},"user_agent":{"nullable":true,"type":"string","description":"Client user agent data","example":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/130.0.0.0 Safari\/537.3","x-faker":"internet.userAgent"}}},"SelfSubroles":{"type":"object","properties":{"subroles":{"type":"array","description":"List of user subroles","items":{"type":"string","example":"@common_read"}},"user_id":{"type":"integer","description":"User unique identifier","example":1}}},"HasFirstUser":{"type":"object","properties":{"has_first_user":{"type":"boolean","description":"Flag about has first user","example":true}}},"SelfAcl":{"type":"object","properties":{"ip_list":{"type":"array","items":{"type":"string","format":"iprange","example":"192.168.0.0\/16"}}},"required":["ip_list"]},"SelfSetting":{"type":"object","properties":{"data":{"description":"User settings data","nullable":true,"type":"object","example":{"columns":[{"key":"name","fixed":false,"width":150},{"key":"owner","fixed":false,"width":160},{"key":"note","fixed":false,"width":35}],"compact":false}}}},"ListSshkey":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/Sshkey"}},"size":{"$ref":"#\/components\/schemas\/ListSize"}}},"TokenCreate":{"type":"object","properties":{"id":{"type":"number","description":"New token id. It can be used only for deletion","x-faker":{"datatype.number":{"min":1,"max":1000}}},"token":{"type":"string","description":"New token. It should be used as security token for all other requests. Tokens do not saved in database as plaintext and can not be recovered if you lose it. You will have to make new one","x-faker":"datatype.uuid"},"expires_at":{"type":"string","nullable":true,"description":"End of the token lifetime","example":"2023-03-19 12:00:00","x-faker":"date.future","format":"date-time"},"confirmed":{"type":"boolean","example":true,"description":"The user has to be validated by 2fa","x-faker":{"arrayElement":[true]}}}},"EmailSent":{"type":"object","properties":{"wait":{"type":"number","description":"Email resend counter, in seconds","example":300}}},"GetRoleList":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/GetRole"}}}},"GetRole":{"type":"object","properties":{"id":{"type":"integer","description":"Role unique identifier","example":1},"name":{"type":"string","description":"Role name for inner usage","example":"@admin_accounts"},"human_name":{"type":"string","description":"Role name for human beings","example":"Admin of accounts"},"human_descr":{"type":"string","description":"Role description for human beings","example":"Such admins could create new users"},"data":{"type":"object","description":"The role data","properties":{"GET":{"type":"array","items":{"type":"string","example":"@common_read"}},"POST":{"type":"array","items":{"type":"string","example":"@common_write"}},"DELETE":{"type":"array","items":{"type":"string","example":"@common_write"}}}}}},"Error":{"type":"object","properties":{"msg":{"type":"string","description":"Error description on english"},"code":{"type":"integer","description":"Error code. It was designed to be unique for each place where an error can occur","example":11111},"value":{"type":"string","description":"Error's additional value"}}},"GetFirstUserToken":{"type":"object","properties":{"token":{"type":"string","description":"First user token"}}},"PublicSSO":{"type":"object","nullable":true,"properties":{"sso_uri":{"type":"string","format":"uri","description":"The OIDC provider's address","example":"https:\/\/idp.multifactor.ru\/oidc"},"client_id":{"type":"string","description":"Internal value to be fed to the OIDC provider"},"redirect_uri":{"type":"string","format":"uri","description":"The uri, SSO provider should redirect to"}}},"SSO":{"type":"object","nullable":true,"properties":{"discovery_uri":{"type":"string","format":"uri","description":"Link to the OIDC provider's configuration","example":"https:\/\/api.multifactor.ru\/.well-known\/openid-configuration"},"redirect_uri":{"type":"string","format":"uri","description":"The uri, SSO provider should redirect to"},"email_verified":{"type":"boolean","description":"Does email need to be verified in the SSO service","example":true},"openid_configuration":{"type":"object","description":"configuration returned by the OIDC provider"},"client_id":{"type":"string","description":"Internal value to be fed to the OIDC provider"}}},"Restriction":{"type":"object","properties":{"id":{"type":"integer","description":"Unique id of restriction.","example":1},"attempts_max_count":{"type":"integer","description":"Maximum number of attempts for some role to get banned","example":10,"nullable":true},"time_to_unban":{"type":"integer","description":"Which time in seconds, user will be banned","example":600},"time_between_attempts":{"type":"integer","description":"Time in seconds, for how long user should wait, after incorrect login.","example":1},"attempts_counting_duration":{"type":"integer","description":"Specifies TTL (in seconds) for login attempts (e.g. after some time attempts will be reset to 0)","example":600},"role":{"type":"string","description":"User role starting with @","example":"@user"}}},"Bans":{"type":"object","required":["bans"],"properties":{"bans":{"type":"array","items":{"type":"object","required":["user_ip","user_id","banned_until"],"properties":{"user_ip":{"type":"string","example":"127.0.0.1","description":"User IP"},"user_id":{"type":"number","example":3,"description":"User ID"},"banned_until":{"type":"number","example":1663152889,"description":"Time in POSIX format."}}}}}},"UserListGet":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/UserGet"}}}},"UserGet":{"required":["id","uuid","email","full_name","roles","state","auth_source","auth_source_with_dn","email_confirm","lang","timezone","rbac","group","rbac_from_groups"],"type":"object","properties":{"id":{"type":"number","description":"Unique internal user Id","example":1,"x-faker":{"random.number":{"min":1,"max":2500}}},"uuid":{"type":"string","description":"Unique user Id. It should be used for all external links","example":"295cfef4-5eb4-4bb5-aea7-24c6d6990648","x-faker":"datatype.uuid"},"email":{"type":"string","description":"User E-Mail. It is also used as login name","example":"user@example.com","x-faker":"internet.email"},"full_name":{"nullable":true,"type":"string","description":"User first and last name","example":"John Smith","x-faker":{"helpers.arrayElement":[["John Doe","Igor Popov","Kelly Fox"]]}},"roles":{"type":"array","items":{"type":"string","description":"Role name","example":"@user","x-faker":{"helpers.arrayElement":[["@user","@damin","@advanced_user"]]}},"description":"User roles for 'src' service"},"state":{"$ref":"#\/components\/schemas\/UserState"},"phone_number":{"nullable":true,"type":"string","example":"+481234131312","x-faker":"phone.phoneNumber"},"auth_source":{"$ref":"#\/components\/schemas\/AuthSource"},"auth_source_with_dn":{"type":"string","description":"Domain name or local","example":"ispsystem.net"},"email_confirm":{"type":"boolean","description":"Is email confirmed"},"lang":{"description":"The user interface language","type":"string","example":"en","x-faker":{"helpers.arrayElement":[["en","ru","es"]]}},"timezone":{"nullable":true,"type":"string","description":"Custom timezone for current user","example":"Asia\/Irkutsk","x-faker":{"helpers.arrayElement":[["Asia\/Irkutsk","Pacific\/Niue","Pacific\/Pitcairn"]]}},"ldap":{"type":"object","description":"LDAP information","properties":{"id":{"nullable":true,"type":"integer","description":"Unique LDAP identification"},"name":{"nullable":true,"type":"string","description":"LDAP name"},"dn":{"nullable":true,"type":"string","description":"LDAP user dn"}}},"rbac":{"type":"array","description":"List of rbac roles","items":{"type":"object","properties":{"id":{"type":"integer","description":"Rbac role id","example":1},"name":{"type":"string","description":"Rbac role name","example":"some Name"},"roles":{"type":"array","description":"Rbac roles list","items":{"type":"string","description":"Role name","example":"@user","x-faker":{"helpers.arrayElement":[["@user","@admin","@advanced_user"]]}}}}}},"group":{"type":"array","description":"List of groups","items":{"type":"object","properties":{"id":{"type":"integer","description":"Group id","example":1},"name":{"type":"string","description":"Group name","example":"some name"}}}},"rbac_from_groups":{"type":"array","description":"List of rbac roles from groups","items":{"type":"object","properties":{"id":{"type":"integer","description":"Rbac role id","example":1},"name":{"type":"string","description":"Rbac role name","example":"some Name"},"roles":{"type":"array","description":"Rbac roles list","items":{"type":"string","description":"Role name","example":"@user","x-faker":{"helpers.arrayElement":[["@user","@admin","@advanced_user"]]}}}}}}}},"UserShortListGet":{"type":"object","properties":{"list":{"type":"array","items":{"$ref":"#\/components\/schemas\/UserGetShort"}}}},"UserGetShort":{"type":"object","properties":{"id":{"type":"number","description":"Unique internal user Id","example":1,"x-faker":{"random.number":{"min":1,"max":2500}}},"email":{"type":"string","description":"User E-Mail. It is also used as login name","example":"user@example.com","x-faker":"internet.email"},"rbac":{"type":"object","description":"Universal record description used by RBAC system to make filters and check access to the object","properties":{"owner":{"type":"number","description":"Unique internal user Id","example":1,"x-faker":{"random.number":{"min":1,"max":2500}}}}}}},"SettingGet":{"type":"object","properties":{"name":{"type":"string","description":"Unique global setting name.","example":"timezone"},"value":{"type":"string","description":"Value of the setting","example":"UTC"}}},"Time":{"type":"object","properties":{"current_time":{"type":"string","description":"Current server time","example":"2024-11-15 10:12:10"}}},"RoleList":{"type":"object","properties":{"roles":{"type":"array","items":{"type":"string","example":"@admin_support"}}}},"Sshkey":{"type":"object","properties":{"id":{"type":"integer","description":"Public SSH key unique identifier","example":1,"x-faker":{"datatype.number":{"min":1,"max":1000}}},"name":{"type":"string","description":"Public SSH key name","example":"My laptop key","x-faker":"hacker.phrase"},"ssh_pub_key":{"type":"string","format":"sshkey","description":"Public SSH key","example":"ssh-rsa XXXXXXX my@laptop.local","x-faker":{"lorem.paragraphs":[5]}}}},"ListSize":{"type":"integer","description":"Size of list","example":5,"x-faker":{"datatype.number":{"min":1,"max":200}}},"UserState":{"type":"string","enum":["active","disabled"],"description":"User state","example":"active","x-faker":{"helpers.arrayElement":[["active"]]}},"AuthSource":{"type":"string","default":"local","enum":["local","ldap"],"description":"Auth source for authentication"},"LanguageSettingGet":{"type":"object","properties":{"ru":{"type":"object","properties":{"enabled":{"type":"boolean","description":"Is russian language enabled","example":false}},"required":["enabled"]},"en":{"type":"object","properties":{"enabled":{"type":"boolean","description":"Is english language enabled","example":true}},"required":["enabled"]},"es":{"type":"object","properties":{"enabled":{"type":"boolean","description":"Is spanish language enabled","example":false}},"required":["enabled"]},"default_language":{"type":"string","description":"Default language","example":"en","enum":["en","ru","es"]}},"required":["ru","en","es","default_language"],"additionalProperties":false}},"securitySchemes":{"Token":{"type":"apiKey","in":"header","name":"X-XSRF-Token","description":"Token. See `POST \/token` or `POST \/public\/token`"},"Internal":{"type":"apiKey","in":"header","name":"Internal-Auth","description":"Internal-Auth header should contain complete response body from `\/whoami` handler. If a service receives such header in request it does not check cookie. No one request coming from outside can contain Internal-Auth header even if it does header will be removed by incoming proxy service. Also this header can have value 'on' means that it is internal system request with `@internal` role access"}},"parameters":{"Method":{"in":"path","name":"method","required":true,"schema":{"type":"string","enum":["GET","POST","DELETE"]}},"Target":{"in":"path","name":"target","required":true,"schema":{"type":"string"}},"Value":{"in":"path","name":"value","required":true,"schema":{"type":"string"}},"Token":{"in":"header","name":"X-XSRF-Token","required":true,"schema":{"type":"string"},"description":"Token that was got"},"UserId":{"in":"path","name":"user_id","required":true,"schema":{"oneOf":[{"type":"string","format":"email","maxLength":255},{"type":"number"}]},"description":"You can use user Id or user E-Mail"},"LdapId":{"in":"path","name":"ldap_id","required":true,"schema":{"type":"number"},"description":"Unique LDAP integration Id. It is internal value used only to distinguish objects in API"},"FirstUserToken":{"in":"path","name":"token","required":true,"schema":{"type":"string","format":"token","minLength":16,"maxLength":16,"description":"First user token"}},"AclId":{"in":"path","name":"acl_id","required":true,"schema":{"oneOf":[{"type":"string","maxLength":255},{"type":"number"}]},"description":"You can use ACL Id or ACL name"},"TrusteeId":{"in":"path","name":"trustee_id","required":true,"schema":{"oneOf":[{"type":"string","format":"email","maxLength":255},{"type":"number"}]},"description":"Trustee - user who was granted an additional access by some other user. Trustee always used with user_id (so called owner id). That value will be used to check objects owner if needed. As in `UserId` you can use user Id or user E-Mail for this value."},"InstanceId":{"in":"path","name":"instance_id","required":true,"description":"Existing instance ID. Minimal value - 1.","schema":{"type":"number"}},"ConfirmationId":{"in":"path","name":"confirmation_id","required":true,"description":"Confirmation token for the password restoration","schema":{"type":"string","maxLength":255}},"ListFilter":{"in":"query","name":"filter","schema":{"type":"string"},"description":"List field name. Gets set of unique field values. This parameter used to get values for select input in filtering forms. Filtering, pagination and order parameters will be ignored","example":"state"},"ListWhere":{"in":"query","name":"where","schema":{"type":"string"},"description":"Filtering rules for the list. You can use any list field name and set of logical operations (OR, AND, NOT, EQ(=), NE(<>), GT(>), GE(>=), LT(<), LE(<=) and CP(LIKE)) for making filtering conditions","example":"id GT 100 AND (name CP 'alex%' OR name CP 'georg')"},"ListOrderBy":{"in":"query","name":"orderby","schema":{"type":"string"},"description":"Sorting rules for the list. You can use any list field name and optionally ordering parameter (`ASC` and `DESC`). `ASC` is the default so you don't need to explicitly specify it","style":"form","explode":false,"example":"name, age DESC"},"ListLimit":{"in":"query","name":"limit","schema":{"type":"string"},"description":"Limits row count in result. It consists from one or two parts separated by ','. First (optional) - offset, sets first row number to return (counting from 1). Second - size, set maximum row count in result","example":"10,20"},"ListAction":{"in":"query","name":"action","schema":{"type":"string","enum":["select","save","delete"]},"deprecated":true,"description":"You can save your query params `orderby` and `where` or you can use saved one"},"SettingName":{"in":"path","name":"name","required":true,"schema":{"type":"string","maxLength":255},"description":"Name of the global setting"},"UserSettingName":{"in":"path","name":"name","required":true,"schema":{"type":"string","maxLength":255},"description":"User setting name"},"SshKeyId":{"in":"path","name":"key_id","required":true,"description":"Public SSH key unique identifier","schema":{"type":"integer"}},"RoleId":{"in":"path","name":"role_id","required":true,"description":"Role unique identifier","schema":{"type":"integer"}},"SessionId":{"in":"path","name":"session_id","required":true,"description":"Session unique identifier","schema":{"type":"integer"}},"RbacId":{"in":"path","name":"rbac_id","required":true,"description":"RBAC role unique identifier","schema":{"type":"integer"}},"LanguageName":{"in":"path","name":"lang","required":true,"schema":{"type":"string","maxLength":255,"enum":["en","ru","es"]},"description":"Name of the language setting"},"GroupId":{"in":"path","name":"group_id","required":true,"description":"Group unique identifier","schema":{"type":"integer"}}}},"tags":[{"name":"2FA","description":"set of handles to setup and use two factor authentication (2FA)"},{"name":"Acl","description":"access control lists management"},{"name":"Internal","description":"handles for internal use only"},{"name":"Key","description":"keys that can be used once to get authentication token"},{"name":"LDAP","description":"integration with LDAP servers"},{"name":"OIDC","description":"methods for integration with the OpenID Connect protocol"},{"name":"Permissions","description":"user roles management"},{"name":"Proxy","description":"set of handles designed for proxy to check request credentials"},{"name":"RBAC","description":"RBAC roles"},{"name":"Restrictions","description":"role restriction management"},{"name":"Role","description":"custom roles management"},{"name":"Session","description":"use session management"},{"name":"Setting","description":"global settings management"},{"name":"Time","description":"time, date and timezones operations"},{"name":"Token","description":"authentication tokens management"},{"name":"Users","description":"user management handles"},{"name":"Language","description":"platform language management"},{"name":"Group","description":"group management handles"}],"security":[{"Token":[]},{"Internal":[]}],"language":"go","go":[1.7],"script":["go test -v .\/..."]}

The article was last updated on 12.02.2025. The article was prepared by technical writers of ISPsystem