[Cosmo-dev] Account activation design
Brian Moseley
bcm at osafoundation.org
Tue Jan 9 16:00:43 PST 2007
On 1/9/07, Travis Vachon <travis at osafoundation.org> wrote:
> 1) Instead of including <activationId>{activationId}</activationId>
> in the representation of unactivated users, we will include only an
> <unactivated/> tag.
will GET /user/username's response include <activated/>?
> 2) The only way to get the activation id for a user will be to check
> that user's e-mail.
should we have a way for a user to claim that he never got the
activation message (caught in spam filters, or whatever) and ask to
have it re-sent?
> 3) Therefore, in order to allow administrators to activate an account
> manually, we will add POST /cmp/activate/{username} to the list of
> methods available to administrative users. This will activate a user
> and return 200 on success and a 404 if the user has already been
> activated (indicating that the url is only valid when a user is
> unactivated).
403 seems like a better response than 404.
More information about the cosmo-dev
mailing list