RESTful密码重置 [英] RESTful password reset

问题描述

构造用于重置密码的RESTful资源的正确方法是什么?

What is the proper way to structure a RESTful resource for resetting a password?

此资源用于为丢失或忘记密码的人提供密码重置功能.它会使他们的旧密码失效，并通过电子邮件将其发送给密码.

This resource is meant to be a password resetter for someone who has lost or forgotten their password. It invalidates their old password and e-mails them a password.

我有两个选择:

POST /reset_password/{user_name}

或...

POST /reset_password
   -Username passed through request body

我很确定请求应该是POST.我不太自信选择了合适的名字.而且我不确定是否应该通过URL或请求正文传递user_name.

I'm pretty sure the request should be a POST. I'm less confident that I have selected an appropriate name. And I'm not sure if the user_name should be passed through the URL or the request body.

推荐答案

更新:(在下面进一步说明)

UPDATE: (further to comment below)

我会选择这样的东西:

POST /users/:user_id/reset_password

您有一个用户集合，其中单个用户由{user_name}指定.然后，您将指定要执行的操作，在这种情况下为reset_password.就像说为{user_name}创建(POST)新的reset_password动作".

You have a collection of users, where the single user is specified by the {user_name}. You would then specify the action to operate on, which in this case is reset_password. It is like saying "Create (POST) a new reset_password action for {user_name}".

上一个答案:

我会选择这样的东西:

PUT /users/:user_id/attributes/password
    -- The "current password" and the "new password" passed through the body

您将有两个集合，一个用户集合，以及每个用户的一个属性集合.用户由:user_id指定，属性由password指定. PUT操作更新集合的寻址成员.

You'd have two collections, a users collection, and an attributes collection for each user. The user is specified by the :user_id and the attribute is specified by password. The PUT operation updates the addressed member of the collection.

这篇关于RESTful密码重置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！