Allow to send unique, confirmed user aliases instead of user IDs
CrsiX opened this issue · comments
Some endpoints, e.g. POST /transactions
or POST /polls
require a user ID to know which user wants to send money to whom or wants to open a membership poll etc. This forces an application to do a username lookup before sending the actual request, i.e. an application must first determine the user ID based on their own user alias and then use the ID to perform the request.
It would make the applications much simpler if the user ID wasn't determined by the application, but by the server itself -- it only requires the server to know the unique, confirmed user alias of that application. All endpoints that currently use an integer for the user ID could be patched to either accept an integer (the user ID, unchanged behavior) or a string, which should be the aforementioned alias. The alias must be confirmed and unique, of course.
Important: The application has its own authentication token from the POST /login
call. This token is currently only used in the step of the authentication check (in the respective middle ware). It could also be used to identify the application where ever such an alias must be converted into a user ID, so that the application doesn't need to send its own ID along the request.
The behavior is currently implemented. It lacks test coverage via unittests, though. Therefore, the issue won't be closed for now.