asyavee/medusa-store
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
d9636f46313cd0e514b36e2b4eddd2993b930d8b
medusa-store/www/apps/docs/content/modules/users/admin/manage-profile.mdx
Ira 44470bf8c5 Update all curl documentation examples and references with new x-medusa-access-token header (#6326) 
## What

This is to update incorrect documentation in regards to authentication to the Admin API - raised in https://github.com/medusajs/medusa/issues/6264.

## Why

Because the current documentation has been incorrect since the September 2023 release of [v1.17.0](https://github.com/medusajs/medusa/releases/tag/v1.17.0), which had breaking changes to API token usage.

## How

Simple search and replace. I was asked to replace occurrences under `www/apps/docs/content/` but there were also additional places where I thought references should also be updated:

- `packages/medusa/src/api/`
- `www/apps/api-reference/`

Feel free to revert them as needed.

There is also some inconsistency between the format shown in examples e.g. `<API_TOKEN>` vs `{api_token}` vs `{access_token}`.

I have kept the format the same in all cases as the original, as surrounding documentation text would not have format updated as well. I suggest maybe reviewing the documentation and keeping to a consistent format e.g. `<API_TOKEN>`.

 
## Testing 

I have not tested these changes. I would assume the `packages/medusa/src/api/` changes may need more thorough testing?
2024-02-07 08:41:38 +00:00

549 lines
14 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
description: 'Learn how to implement user profile management features using the admin APIs. This includes user authentication, updating the profile, and resetting the password.'
addHowToData: true
---
import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem';
# How to Implement User Profiles
In this document, youll learn how to implement user profile management features using the admin APIs.
## Overview
The users admin APIs allow you to retrieve and perform admin functionalities on users.
### Scenario
You want to add or use the following admin functionalities:
- User authentication, meaning user log in and log out.
- Manage profile, including retrieving profile details and updating profile.
- Reset password
---
## Prerequisites
It is assumed that you already have a Medusa backend installed and set up. If not, you can follow the [quickstart guide](../../../development/backend/install.mdx) to get started.
### JS Client
This guide includes code snippets to send requests to your Medusa backend using Medusas JS Client, JavaScripts Fetch API, or cURL.
If you follow the JS Client code blocks, its assumed you already have [Medusas JS Client](../../../js-client/overview.mdx) installed and have [created an instance of the client](../../../js-client/overview.mdx#configuration).
### Medusa React
This guide also includes code snippets to send requests to your Medusa backend using Medusa React, among other methods.
If you follow the Medusa React code blocks, it's assumed you already have [Medusa React installed](../../../medusa-react/overview.mdx) and have [used MedusaProvider higher in your component tree](../../../medusa-react/overview.mdx#usage).
### Authenticated Admin User
Aside from the User Login and Reset Password steps, other API Routes require you to be an authenticated admin user.
You can learn more about [authenticating as an admin user in the API reference](https://docs.medusajs.com/api/admin#authentication).
---
## User Authentication
### User Login
You can log in a user by sending a request to the [User Login API Route](https://docs.medusajs.com/api/admin#auth_postauth):
<Tabs groupId="request-type" isCodeTabs={true}>
<TabItem value="client" label="Medusa JS Client" default>
```ts
medusa.admin.auth.createSession({
email: "user@example.com",
password: "supersecret",
})
.then(({ user }) => {
console.log(user.id)
})
```
</TabItem>
<TabItem value="medusa-react" label="Medusa React">
```tsx
import { useAdminLogin } from "medusa-react"
const Login = () => {
const adminLogin = useAdminLogin()
// ...
const handleLogin = () => {
adminLogin.mutate({
email: "user@example.com",
password: "supersecret",
})
}
// ...
}
export default Login
```
</TabItem>
<TabItem value="fetch" label="Fetch API">
```ts
fetch(`<BACKEND_URL>/admin/auth`, {
credentials: "include",
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
email: "user@example.com",
password: "supersecret",
}),
})
.then((response) => response.json())
.then(({ user }) => {
console.log(user.id)
})
```
</TabItem>
<TabItem value="curl" label="cURL">
```bash
curl -L -X POST '<BACKEND_URL>/admin/auth' \
-H 'Content-Type: application/json' \
--data-raw '{
"email": "user@example.com",
"password": "supersecret"
}'
```
</TabItem>
</Tabs>
This API Route requires the following request body parameters:
- `email`: a string indicating the users email.
- `password`: a string indicating the users password.
The request returns the logged-in user as an object.
### User Logout
You can log out a user by sending a request to the [User Logout API Route](https://docs.medusajs.com/api/admin#auth_deleteauth):
<Tabs groupId="request-type" isCodeTabs={true}>
<TabItem value="client" label="Medusa JS Client" default>
```ts
medusa.admin.auth.deleteSession()
.then(() => {
// logged out successfully
})
```
</TabItem>
<TabItem value="medusa-react" label="Medusa React">
```tsx
import { useAdminDeleteSession } from "medusa-react"
const Logout = () => {
const adminLogout = useAdminDeleteSession()
// ...
const handleLogout = () => {
adminLogout.mutate()
}
// ...
}
export default Logout
```
</TabItem>
<TabItem value="fetch" label="Fetch API">
```ts
fetch(`<BACKEND_URL>/admin/auth`, {
credentials: "include",
method: "DELETE",
})
.then((response) => response.json())
.then(() => {
// logged out successfully
})
```
</TabItem>
<TabItem value="curl" label="cURL">
```bash
curl -L -X DELETE '<BACKEND_URL>/admin/auth' \
-H 'x-medusa-access-token: <API_TOKEN>'
```
</TabItem>
</Tabs>
The API Route doesn't require any path or query parameters.
The request doesn't return any data. The response code will be `200` for successful log out.
---
## Retrieve User Profile Details
You can retrieve the current users details for their profile by sending a request to the [Get Current User API Route](https://docs.medusajs.com/api/admin#auth_getauth):
<Tabs groupId="request-type" isCodeTabs={true}>
<TabItem value="client" label="Medusa JS Client" default>
```ts
medusa.admin.auth.getSession()
.then(({ user }) => {
console.log(user.id)
})
```
</TabItem>
<TabItem value="medusa-react" label="Medusa React">
```tsx
import { useAdminGetSession } from "medusa-react"
const Profile = () => {
const { user, isLoading } = useAdminGetSession()
return (
<div>
{isLoading && <span>Loading...</span>}
{user && <span>{user.email}</span>}
</div>
)
}
export default Profile
```
</TabItem>
<TabItem value="fetch" label="Fetch API">
```ts
fetch(`<BACKEND_URL>/admin/auth`, {
credentials: "include",
})
.then((response) => response.json())
.then(({ user }) => {
console.log(user.id)
})
```
</TabItem>
<TabItem value="curl" label="cURL">
```bash
curl -L -X GET '<BACKEND_URL>/admin/auth' \
-H 'x-medusa-access-token: <API_TOKEN>'
```
</TabItem>
</Tabs>
This API Route doesn't require any parameters.
The request returns the current user as an object.
---
## Update Users Profile Details
You can update a users details in their profile by sending a request to the [Update User API Route](https://docs.medusajs.com/api/admin#users_postusersuser):
<Tabs groupId="request-type" isCodeTabs={true}>
<TabItem value="client" label="Medusa JS Client" default>
```ts
medusa.admin.users.update(userId, {
first_name: "Marcellus",
})
.then(({ user }) => {
console.log(user.id)
})
```
</TabItem>
<TabItem value="medusa-react" label="Medusa React">
```tsx
import {
useAdminUpdateUser,
} from "medusa-react"
type Props = {
userId: string
}
const Profile = ({ userId }: Props) => {
const updateUser = useAdminUpdateUser(userId)
// ...
const handleUpdate = (firstName: string) => {
updateUser.mutate({
first_name: firstName,
}, {
onSuccess: ({ user }) => {
console.log(user.first_name)
}
})
}
// ...
}
export default Profile
```
</TabItem>
<TabItem value="fetch" label="Fetch API">
```ts
fetch(`<BACKEND_URL>/admin/users/${userId}`, {
credentials: "include",
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
first_name: "Marcellus",
}),
})
.then((response) => response.json())
.then(({ user }) => {
console.log(user.id)
})
```
</TabItem>
<TabItem value="curl" label="cURL">
```bash
curl -L -X POST '<BACKEND_URL>/admin/users/<USER_ID>' \
-H 'x-medusa-access-token: <API_TOKEN>' \
-H 'Content-Type: application/json' \
--data-raw '{
"first_name": "Marcellus"
}'
```
</TabItem>
</Tabs>
This API Route requires the ID of the user as a path parameter.
In the request body, you can pass any of the users fields that you want to update as a parameter. In the example above, you pass the `first_name` parameter to update the users first name. You can refer to the [API reference](https://docs.medusajs.com/api/admin#users_postusersuser) to learn about other available parameters.
The request returns the updated user as an object.
---
## Reset Password
This section explains how you can reset the password of a user if they forgot their password.
### Step 1: Request Password Reset
The first step is to request a password reset. This would create in the Medusa backend a reset password token, which you typically would use in an email sent to the user. The email would include a link that allows the user to enter a new password, and the link would accept a token query parameter to be used in step 2.
:::note
Sending the password reset email is not handled by default in the Medusa backend. You can either use the SendGrid plugin which handles it, or manually subscribe to the `user.password_reset` event and send the email.
:::
You can request a password reset by sending a request to the [Request Password Reset API Route](https://docs.medusajs.com/api/admin#users_postusersuserpasswordtoken):
<Tabs groupId="request-type" isCodeTabs={true}>
<TabItem value="client" label="Medusa JS Client" default>
```ts
medusa.admin.users.sendResetPasswordToken({
email: "user@example.com",
})
.then(() => {
// successful
})
```
</TabItem>
<TabItem value="medusa-react" label="Medusa React">
```tsx
import { useAdminSendResetPasswordToken } from "medusa-react"
const Login = () => {
const requestPasswordReset = useAdminSendResetPasswordToken()
// ...
const handleResetPassword = (
email: string
) => {
requestPasswordReset.mutate({
email
}, {
onSuccess: () => {
// successful
}
})
}
// ...
}
export default Login
```
</TabItem>
<TabItem value="fetch" label="Fetch API">
```ts
fetch(`<BACKEND_URL>/admin/users/password-token`, {
credentials: "include",
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
email: "user@example.com",
}),
})
.then((response) => response.json())
.then(() => {
// successful
})
```
</TabItem>
<TabItem value="curl" label="cURL">
```bash
curl -L -X POST '<BACKEND_URL>/admin/users/password-token' \
-H 'Content-Type: application/json' \
--data-raw '{
"email": "user@example.com"
}'
```
</TabItem>
</Tabs>
This API Route requires the `email` parameter in the request body, which is the email of the user requesting to reset their password.
The request does not return any data. The response code will be `204` if the request was processed successfully.
### Step 2: Reset Password
After the user resets their password and, typically, receives an email with a link to reset their password, they should enter their new password. The new password, along with the token passed to this page are used to reset the password on the Medusa backend.
You can reset the password by sending a request to the [Reset Password API Route](https://docs.medusajs.com/api/admin#users_postusersuserpassword):
<Tabs groupId="request-type" isCodeTabs={true}>
<TabItem value="client" label="Medusa JS Client" default>
```ts
medusa.admin.users.resetPassword({
token: "supersecrettoken",
password: "supersecret",
})
.then(({ user }) => {
console.log(user.id)
})
```
</TabItem>
<TabItem value="medusa-react" label="Medusa React">
```tsx
import { useAdminResetPassword } from "medusa-react"
const ResetPassword = () => {
const resetPassword = useAdminResetPassword()
// ...
const handleResetPassword = (
token: string,
password: string
) => {
resetPassword.mutate({
token,
password,
}, {
onSuccess: ({ user }) => {
console.log(user.id)
}
})
}
// ...
}
export default ResetPassword
```
</TabItem>
<TabItem value="fetch" label="Fetch API">
```ts
fetch(`<BACKEND_URL>/admin/users/reset-password`, {
credentials: "include",
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
token: "supersecrettoken",
password: "supersecret",
}),
})
.then((response) => response.json())
.then(({ user }) => {
console.log(user.id)
})
```
</TabItem>
<TabItem value="curl" label="cURL">
```bash
curl -L -X POST '<BACKEND_URL>/admin/users/reset-password' \
-H 'Content-Type: application/json' \
--data-raw '{
"token": "supersecrettoken",
"password": "supersecret"
}'
```
</TabItem>
</Tabs>
This API Route requires the following request body parameters:
- `token`: a string indicating the password reset token.
- `password`: a string indicating the new password for the user.
You can also optionally pass the `email` parameter in the request body.
The request returns the user as an object, and the user is automatically logged in.
---
## See Also
- [How to manage users](./manage-users.mdx)
Reference in New Issue View Git Blame Copy Permalink