RESTful密码重置 [英] RESTful password reset
问题描述
构造用于重置密码的RESTful资源的正确方法是什么?
What is the proper way to structure a RESTful resource for resetting a password?
此资源用于为丢失或忘记密码的人提供密码重置功能.它会使他们的旧密码失效,并通过电子邮件将其发送给密码.
This resource is meant to be a password resetter for someone who has lost or forgotten their password. It invalidates their old password and e-mails them a password.
我有两个选择:
POST /reset_password/{user_name}
或...
POST /reset_password
-Username passed through request body
我很确定请求应该是POST.我不太自信选择了合适的名字.而且我不确定是否应该通过URL或请求正文传递user_name.
I'm pretty sure the request should be a POST. I'm less confident that I have selected an appropriate name. And I'm not sure if the user_name should be passed through the URL or the request body.
推荐答案
更新:(在下面进一步说明)
UPDATE: (further to comment below)
我会选择这样的东西:
POST /users/:user_id/reset_password
您有一个用户集合,其中单个用户由{user_name}
指定.然后,您将指定要执行的操作,在这种情况下为reset_password
.就像说为{user_name}
创建(POST
)新的reset_password
动作".
You have a collection of users, where the single user is specified by the {user_name}
. You would then specify the action to operate on, which in this case is reset_password
. It is like saying "Create (POST
) a new reset_password
action for {user_name}
".
上一个答案:
我会选择这样的东西:
PUT /users/:user_id/attributes/password
-- The "current password" and the "new password" passed through the body
您将有两个集合,一个用户集合,以及每个用户的一个属性集合.用户由:user_id
指定,属性由password
指定. PUT
操作更新集合的寻址成员.
You'd have two collections, a users collection, and an attributes collection for each user. The user is specified by the :user_id
and the attribute is specified by password
. The PUT
operation updates the addressed member of the collection.
这篇关于RESTful密码重置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!