Skip to main content

Authentication

Password management, MFA settings, and authentication security.

Password Management

PUT /api/users/{username}/password

Change a user's password.

Request Body:

{
  "currentPassword": "oldPassword123",
  "newPassword": "newPassword456"
}

POST /api/users/{username}/_expire-password

Force password expiration.

Permissions: user:edit

Sets passwordExpiresAt to current date, requiring password change on next login.

PUT /api/users/reset-expired-password

Reset an expired password.

Request Body:

{
  "username": "john.doe",
  "currentPassword": "expiredPass",
  "newPassword": "newPassword123"
}

POST /api/users/{username}/force-password-reset

Force immediate password reset via email.

Permissions: user:edit

Sends password reset email to user.

Multi-Factor Authentication (MFA)

GET /api/users/{username}/mfa

Get user's MFA status.

Response:

{
  "enabled": true,
  "method": "totp",
  "enrolledAt": "2024-01-15T10:00:00Z"
}

PUT /api/users/{username}/mfa

Enable or configure MFA.

Request Body:

{
  "method": "totp",
  "secret": "BASE32SECRET"
}

DELETE /api/users/{username}/mfa

Disable MFA for user.

Permissions: user:edit or own account

Account Locking

PUT /api/users/{username}/unlock

Unlock a locked user account.

Permissions: user:edit

Response:

{
  "username": "john.doe",
  "locked": false,
  "lockedAt": null,
  "loginAttempts": 0
}

Behavior:

Resets locked, lockedAt, and loginAttempts fields.