From 98d42d5dfa4727a62226c7e1e7106ad1e110bfec Mon Sep 17 00:00:00 2001 From: AbegaM <ebenezermelkamu@gmail.com> Date: Tue, 23 Apr 2024 17:11:44 +0300 Subject: [PATCH] Add notes for the user creation feature --- docs/auth.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/auth.md b/docs/auth.md index 29ddfa0..ca7df9a 100644 --- a/docs/auth.md +++ b/docs/auth.md @@ -2,7 +2,7 @@ Soul incorporates a robust user authentication system that handles user accounts, groups, permissions, and cookie-based user sessions. This section provides an overview of how the default implementation works. -Authentication is switched off by default in Soul, but is enabled when either of the `-a` or `--auth` flags are provided at the command line. +Authentication is switched off by default in Soul, but is enabled when either of the `-a` or `--auth` flags are provided at the command line. ### Overview @@ -132,4 +132,6 @@ Note that you need to be logged in using a user with a role that has creating us Additionally, it's important to note that the `/api/tables/_users/rows/` endpoint functions slightly differently compared to other `/api/tables/<table_name>/rows/` endpoints. When creating or updating user data through this endpoint, we need to provide the raw passwords, which are then automatically hashed before being stored in the `_hashed_password` field. This extra step enhances the security of the stored passwords. +When creating a user, the required fields are `username` and `password`. However, you also have the flexibility to include additional optional fields. To do this, you will need to modify the schema of the `_users` table in your database using a suitable database editor GUI tool. Simply add the desired field(s) to the database schema for the `_users` table. Once the schema is updated, you can pass the optional field(s) from your client application during user creation. + Furthermore, when retrieving user data, the endpoint automatically filters out sensitive information such as the `_hashed_password` and `_salt` fields. This precautionary measure is in place to address security concerns and ensure that only necessary and non-sensitive information is included in the returned results.