From 68f78c26e3508b54f71585c2123c200a6875d363 Mon Sep 17 00:00:00 2001 From: Sam Date: Sat, 26 Mar 2022 20:30:37 +0100 Subject: [PATCH] API & Docs - update and fix documentation --- docs/_sources/api/auth.rst.txt | 7 +- docs/_sources/features.rst.txt | 16 +- docs/_sources/installation.rst.txt | 2 + docs/api/auth.html | 326 +++++++++++++++++++++++------ docs/api/configuration.html | 3 + docs/api/users.html | 35 +++- docs/features.html | 23 +- docs/http-routingtable.html | 25 ++- docs/installation.html | 4 + docs/objects.inv | Bin 1266 -> 1316 bytes docs/searchindex.js | 2 +- docsrc/source/api/auth.rst | 7 +- docsrc/source/features.rst | 16 +- docsrc/source/installation.rst | 2 + fittrackee/users/auth.py | 32 ++- fittrackee/users/users.py | 21 +- 16 files changed, 412 insertions(+), 109 deletions(-) diff --git a/docs/_sources/api/auth.rst.txt b/docs/_sources/api/auth.rst.txt index 9195d865..8d54d004 100644 --- a/docs/_sources/api/auth.rst.txt +++ b/docs/_sources/api/auth.rst.txt @@ -4,8 +4,9 @@ Authentication .. autoflask:: fittrackee:create_app() :endpoints: auth.register_user, + auth.confirm_account, + auth.resend_account_confirmation_email, auth.login_user, - auth.logout_user, auth.get_authenticated_user_profile, auth.edit_user, auth.edit_user_preferences, @@ -14,4 +15,6 @@ Authentication auth.edit_picture, auth.del_picture, auth.request_password_reset, - auth.update_password + auth.update_user_account, + auth.update_password, + auth.update_email diff --git a/docs/_sources/features.rst.txt b/docs/_sources/features.rst.txt index e013b0bd..4f917b52 100644 --- a/docs/_sources/features.rst.txt +++ b/docs/_sources/features.rst.txt @@ -44,9 +44,13 @@ Workouts - average speed (**new in 0.5.1**) - User records by sports: - average speed - - farest distance + - farthest distance - longest duration - maximum speed + +.. note:: + Records may differ from records displayed by the application that originally generated the gpx files. + - Workouts list and filter. Only sports with workouts are displayed in sport dropdown. .. note:: @@ -58,6 +62,7 @@ Account & preferences - A user can create, update and deleted his account - A user can set language, timezone and first day of week. - A user can reset his password (*new in 0.3.0*) +- A user can change his email address (*new in 0.6.0*) - A user can choose between metric system and imperial system for distance, elevation and speed display (*new in 0.5.0*) - A user can set sport preferences (*new in 0.5.0*): - change sport color (used for sport image and charts) @@ -82,6 +87,7 @@ Administration - maximum size of uploaded files - maximum size of zip archive - maximum number of files in the zip archive. If an archive contains more files, only the configured number of files is processed, without raising errors. + - administrator email for contact (*new in 0.6.0*) .. warning:: Updating server configuration may be necessary to handle large files (like `nginx `_ for instance). @@ -89,8 +95,12 @@ Administration - **Users** - - display users list and details - - edit a user to add/remove administration rights + - display and filter users list + - edit a user to: + - add/remove administration rights + - activate his account (*new in 0.6.0*) + - update his email (in case his account is locked) (*new in 0.6.0*) + - reset his password (in case his account is locked) (*new in 0.6.0*) - delete a user - **Sports** diff --git a/docs/_sources/installation.rst.txt b/docs/_sources/installation.rst.txt index b9d46376..66e03bda 100644 --- a/docs/_sources/installation.rst.txt +++ b/docs/_sources/installation.rst.txt @@ -298,6 +298,8 @@ For instance, copy and update ``.env`` file from ``.env.example`` and source the $ fittrackee_set_admin +.. note:: + If the user account is inactive, it activates it. From sources ^^^^^^^^^^^^ diff --git a/docs/api/auth.html b/docs/api/auth.html index 751b5193..f5e0a0db 100644 --- a/docs/api/auth.html +++ b/docs/api/auth.html @@ -130,7 +130,9 @@
POST /api/auth/register
-

register a user

+

register a user and send confirmation email.

+

The newly created account is inactive. The user must confirm his email +to activate it.

Example request:

POST /api/auth/register HTTP/1.1
 Content-Type: application/json
@@ -138,14 +140,12 @@

Example responses:

    -

  • successful registration

    • +

  • success

-
HTTP/1.1 201 CREATED
+
HTTP/1.1 200 SUCCESS
 Content-Type: application/json
 
 {
-  "auth_token": "JSON Web Token",
-  "message": "successfully registered",
   "status": "success"
 }
 

@@ -165,23 +165,24 @@
 

 
Request JSON Object

 
    
-
  • username (string) – user name (3 to 12 characters required)
    • 
+
  • username (string) – username (3 to 30 characters required)
    • 
 
  • email (string) – user email
    • 
 
  • password (string) – password (8 characters required)
    • 
-
  • password_conf (string) – password confirmation
    • 
 

 

 
Status Codes

 
    
-
  • 201 Created – successfully registered
    • 
+
  • 200 OK – success
    • 
 
  • 400 Bad Request
      
 
    • invalid payload
      • 
-
    • sorry, that user already exists
      • 
+
    • sorry, that username is already taken
      • 
 
    • 
 
      Errors:
        
-
      • username: 3 to 12 characters required
        • 
+
      • username: 3 to 30 characters required
        • 
+
      • username:
+only alphanumeric characters and the underscore
+character “_” allowed
        • 
 
      • email: valid email must be provided
        • 
-
      • password: password and password confirmation don’t match
        • 
 
      • password: 8 characters required
        • 
 
      
 
      
@@ -196,10 +197,82 @@
 
      
 

 
+

+

+POST /api/auth/account/confirm

+
activate user account after registration

+
Example request:

+
POST /api/auth/account/confirm HTTP/1.1
+Content-Type: application/json
+

+

+
Example response:

+
HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "auth_token": "JSON Web Token",
+  "message": "account confirmation successful",
+  "status": "success"
+}
+

+

+

+
Request JSON Object

+
    
+
  • token (string) – confirmation token
    • 
+

+

+
Status Codes

+

+

+

+

+
+

+

+POST /api/auth/account/resend-confirmation

+
resend email with instructions to confirm account

+
Example request:

+
POST /api/auth/account/resend-confirmation HTTP/1.1
+Content-Type: application/json
+

+

+
Example response:

+
HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "message": "confirmation email resent",
+  "status": "success"
+}
+

+

+

+
Request JSON Object

+
    
+
  • email (string) – user email
    • 
+

+

+
Status Codes

+

+

+

+

+
 

 

 POST /api/auth/login

 
user login

+
Only user with an active account can log in.

 
Example request:

 
POST /api/auth/login HTTP/1.1
 Content-Type: application/json
@@ -222,7 +295,7 @@
 
    
 
  • error on login
    • 
 

-
HTTP/1.1 404 NOT FOUND
+
HTTP/1.1 401 UNAUTHORIZED
 Content-Type: application/json
 
 {
@@ -235,7 +308,7 @@
 
Request JSON Object

 
    
 
  • email (string) – user email
    • 
-
  • password_conf (string) – password confirmation
    • 
+
  • password (string) – password
    • 
 

 

 
Status Codes

@@ -249,59 +322,10 @@
-
-
-GET /api/auth/logout
-

user logout

-

Example request:

-
GET /api/auth/logout HTTP/1.1
-Content-Type: application/json
-
-
-

Example responses:

-
    -

  • successful logout

    • -
-
HTTP/1.1 200 OK
-Content-Type: application/json
-
-{
-  "message": "successfully logged out",
-  "status": "success"
-}
-
-
-
    -

  • error on login

    • -
-
HTTP/1.1 401 UNAUTHORIZED
-Content-Type: application/json
-
-{
-  "message": "provide a valid auth token",
-  "status": "error"
-}
-
-
-
-
Request Headers
-
-
-
Status Codes
-
-
-
-
-
GET /api/auth/profile
-

get authenticated user info

+

get authenticated user info (profile, account, preferences)

Example request:

GET /api/auth/profile HTTP/1.1
 Content-Type: application/json
@@ -320,6 +344,7 @@
     "email": "sam@example.com",
     "first_name": null,
     "imperial_units": false,
+    "is_active": true,
     "language": "en",
     "last_name": null,
     "location": null,
@@ -402,7 +427,7 @@
 

 

 POST /api/auth/profile/edit

-
edit authenticated user

+
edit authenticated user profile

 
Example request:

 
POST /api/auth/profile/edit HTTP/1.1
 Content-Type: application/json
@@ -421,6 +446,7 @@
     "email": "sam@example.com",
     "first_name": null,
     "imperial_units": false,
+    "is_active": true,
     "language": "en",
     "last_name": null,
     "location": null,
@@ -489,8 +515,6 @@
 
  • location (string) – user location
    • 
 
  • bio (string) – user biography
    • 
 
  • birth_date (string) – user birth date (format: %Y-%m-%d)
    • 
-
  • password (string) – user password
    • 
-
  • password_conf (string) – user password confirmation
    • 
 
 
    
 
    Request Headers
    
@@ -503,7 +527,6 @@
 
  • 200 OK – user profile updated
    • 
 
  • 400 Bad Request
      
 
    • invalid payload
      • 
-
    • password: password and password confirmation don’t match
      • 
 
    
 
    • 
 
  • 401 Unauthorized
      
@@ -540,6 +563,7 @@
     "email": "sam@example.com",
     "first_name": null,
     "imperial_units": false,
+    "is_active": true,
     "language": "en",
     "last_name": null,
     "location": null,
@@ -862,10 +886,140 @@
 
    •
    +
    +
    +PATCH /api/auth/profile/edit/account
    +

    update authenticated user email and password

    +

    It sends emails:

    +
      +

    • Password change

      • +

    • Email change:

      +
        +

      • one to the current address to inform user

        • +

      • another one to the new address to confirm it.

        • +
      +
      • +
    +

    Example request:

    +
    PATCH /api/auth/profile/edit/account HTTP/1.1
+Content-Type: application/json
+
    +
    +

    Example response:

    +
    HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "data": {
+    "admin": false,
+    "bio": null,
+    "birth_date": null,
+    "created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
+    "email": "sam@example.com",
+    "first_name": null,
+    "imperial_units": false,
+    "is_active": true,
+    "language": "en",
+    "last_name": null,
+    "location": null,
+    "nb_sports": 3,
+    "nb_workouts": 6,
+    "picture": false,
+    "records": [
+      {
+        "id": 9,
+        "record_type": "AS",
+        "sport_id": 1,
+        "user": "sam",
+        "value": 18,
+        "workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
+        "workout_id": "hvYBqYBRa7wwXpaStWR4V2"
+      },
+      {
+        "id": 10,
+        "record_type": "FD",
+        "sport_id": 1,
+        "user": "sam",
+        "value": 18,
+        "workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
+        "workout_id": "hvYBqYBRa7wwXpaStWR4V2"
+      },
+      {
+        "id": 11,
+        "record_type": "LD",
+        "sport_id": 1,
+        "user": "sam",
+        "value": "1:01:00",
+        "workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
+        "workout_id": "hvYBqYBRa7wwXpaStWR4V2"
+      },
+      {
+        "id": 12,
+        "record_type": "MS",
+        "sport_id": 1,
+        "user": "sam",
+        "value": 18,
+        "workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
+        "workout_id": "hvYBqYBRa7wwXpaStWR4V2"
+      }
+    ],
+    "sports_list": [
+        1,
+        4,
+        6
+    ],
+    "timezone": "Europe/Paris",
+    "total_distance": 67.895,
+    "total_duration": "6:50:27",
+    "username": "sam"
+    "weekm": true,
+  },
+  "message": "user account updated",
+  "status": "success"
+}
+
    +
    +
    +
    Request JSON Object
    +
      +

    • email (string) – user email

      • +

    • password (string) – user current password

      • +

    • new_password (string) – user new password

      • +
    +
    +
    Request Headers
    +
    +
    +
    Status Codes
    +
      +

    • 200 OK – user account updated

      • +

    • 400 Bad Request

        +

      • invalid payload

        • +

      • email is missing

        • +

      • current password is missing

        • +

      • email: valid email must be provided

        • +

      • password: 8 characters required

        • +
      +

      • +

    • 401 Unauthorized

        +

      • provide a valid auth token

        • +

      • signature expired, please log in again

        • +

      • invalid token, please log in again

        • +

      • invalid credentials

        • +
      +

      • +

    • 500 Internal Server Error – error, please try again or contact the administrator

      • +
    +
    +
    +
    +
    POST /api/auth/password/update
    -

    update user password

    +

    update user password after password reset request

    Example request:

    POST /api/auth/password/update HTTP/1.1
 Content-Type: application/json
@@ -885,7 +1039,6 @@
 
    Request JSON Object
    
 
      
 
    • password (string) – password (8 characters required)
      • 
-
    • password_conf (string) – password confirmation
      • 
 
    • token (string) – password reset token
      • 
 
    
 
    
@@ -900,6 +1053,41 @@
    +
    +
    +POST /api/auth/email/update
    +

    update user email after confirmation

    +

    Example request:

    +
    POST /api/auth/email/update HTTP/1.1
+Content-Type: application/json
+
    +
    +

    Example response:

    +
    HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "message": "email updated",
+  "status": "success"
+}
+
    +
    +
    +
    Request JSON Object
    +
      +

    • token (string) – password reset token

      • +
    +
    +
    Status Codes
    +
    +
    +
    +
    + diff --git a/docs/api/configuration.html b/docs/api/configuration.html index 362aa3d7..266b8652 100644 --- a/docs/api/configuration.html +++ b/docs/api/configuration.html @@ -180,6 +180,7 @@ { "data": { + "admin_contact": "admin@example.com", "gpx_limit_import": 10, "is_registration_enabled": true, "max_single_file_size": 1048576, @@ -193,6 +194,7 @@
    Request JSON Object
      +

    • admin_contact (string) – email to contact the administrator

    • gpx_limit_import (integer) – max number of files in zip archive

    • is_registration_enabled (boolean) – is registration enabled ?

    • max_single_file_size (integer) – max size of a single file

      • @@ -213,6 +215,7 @@

    • provide a valid auth token

    • signature expired, please log in again

    • invalid token, please log in again

      • +

    • valid email must be provided for admin contact

  • 403 Forbidden – you do not have permissions

    • diff --git a/docs/api/users.html b/docs/api/users.html index 6c73e489..b23ab042 100644 --- a/docs/api/users.html +++ b/docs/api/users.html @@ -130,7 +130,9 @@
    GET /api/users
    -

    Get all users

    +

    Get all users (regardless their account status), if authenticated user +has admin rights

    +

    It returns user preferences only for authenticated user.

    Example request:

    • without parameters

      • @@ -160,6 +162,7 @@ "created_at": "Sun, 14 Jul 2019 14:09:58 GMT", "email": "admin@example.com", "first_name": null, + "is_admin": true, "imperial_units": false, "language": "en", "last_name": null, @@ -213,7 +216,8 @@ "timezone": "Europe/Paris", "total_distance": 67.895, "total_duration": "6:50:27", - "username": "admin" + "username": "admin", + "weekm": false }, { "admin": false, @@ -222,6 +226,7 @@ "created_at": "Sat, 20 Jul 2019 11:27:03 GMT", "email": "sam@example.com", "first_name": null, + "is_admin": false, "language": "fr", "last_name": null, "location": null, @@ -248,7 +253,7 @@

    • per_page (integer) – number of users per page (default: 10, max: 50)

    • q (string) – query on user name

    • order_by (string) – sorting criteria (username, created_at, -workouts_count, admin)

      • +workouts_count, admin, is_active)

    • order (string) – sorting order (default: asc)

    @@ -274,7 +279,8 @@
    GET /api/users/(user_name)
    -

    Get single user details

    +

    Get single user details. Only user with admin rights can get user details.

    +

    It returns user preferences only for authenticated user.

    Example request:

    GET /api/users/admin HTTP/1.1
 Content-Type: application/json
@@ -294,6 +300,7 @@
       "email": "admin@example.com",
       "first_name": null,
       "imperial_units": false,
+      "is_admin": true,
       "language": "en",
       "last_name": null,
       "location": null,
@@ -418,10 +425,16 @@
 
    
 
    
 PATCH /api/users/(user_name)
    
-
    Update user to add admin rights
    
+
    Update user account
    
+
      
+
    • add/remove admin rights (regardless user account status)
      • 
+
    • reset password (and send email to update user password)
      • 
+
    • update user email (and send email to update user password)
      • 
+
    • activate account for an inactive user
      • 
+
    
 
    Only user with admin rights can modify another user
    
 
    Example request:
    
-
    PATCH api/users/<user_name> HTTP/1.1
+
    PATCH /api/users/<user_name> HTTP/1.1
 Content-Type: application/json
 
    
 
    
@@ -439,6 +452,7 @@
       "email": "admin@example.com",
       "first_name": null,
       "imperial_units": false,
+      "is_active": true,
       "language": "en",
       "last_name": null,
       "location": null,
@@ -506,7 +520,10 @@
 
    
 
    Request JSON Object
    
 
      
+
    • activate (boolean) – activate user account
      • 
 
    • admin (boolean) – does the user have administrator rights
      • 
+
    • new_email (boolean) – new user email
      • 
+
    • reset_password (boolean) – reset user password
      • 
 
    
 
    
 
    Request Headers
    
@@ -517,6 +534,12 @@
 
    Status Codes
    
 
      
 
    • 200 OK – success
      • 
+
    • 400 Bad Request
        
+
      • invalid payload
        • 
+
      • valid email must be provided
        • 
+
      • new email must be different than curent email
        • 
+
      
+
      • 
 
    • 401 Unauthorized
        
 
      • provide a valid auth token
        • 
 
      • signature expired, please log in again
        • 
diff --git a/docs/features.html b/docs/features.html
index 29f8c19b..065ef29e 100644
--- a/docs/features.html
+++ b/docs/features.html
@@ -209,13 +209,19 @@
 
      • 
 
        User records by sports:
          
 
        • average speed
          • 
-
        • farest distance
          • 
+
        • farthest distance
          • 
 
        • longest duration
          • 
 
        • maximum speed
          • 
 
        
 
        
 
        
 
        • 
+
      
+
      
+
      Note
      
+
      Records may differ from records displayed by the application that originally generated the gpx files.
      
+
      
+
        
 
      • Workouts list and filter. Only sports with workouts are displayed in sport dropdown.
        • 
 
      
 
      
@@ -229,6 +235,7 @@
 
    • A user can create, update and deleted his account
      • 
 
    • A user can set language, timezone and first day of week.
      • 
 
    • A user can reset his password (new in 0.3.0)
      • 
+
    • A user can change his email address (new in 0.6.0)
      • 
 
    • A user can choose between metric system and imperial system for distance, elevation and speed display (new in 0.5.0)
      • 
 
    • 
 
      A user can set sport preferences (new in 0.5.0):
        
@@ -260,6 +267,7 @@
 
      • maximum size of uploaded files
        • 
 
      • maximum size of zip archive
        • 
 
      • maximum number of files in the zip archive. If an archive contains more files, only the configured number of files is processed, without raising errors.
        • 
+
      • administrator email for contact (new in 0.6.0)
        • 
 
      
 
      
 
      Warning
      
@@ -268,8 +276,17 @@
 
      • 
 
    • Users
      
 
        
-
      • display users list and details
        • 
-
      • edit a user to add/remove administration rights
        • 
+
      • display and filter users list
        • 
+
      • 
+
        edit a user to:
          
+
        • add/remove administration rights
          • 
+
        • activate his account (new in 0.6.0)
          • 
+
        • update his email (in case his account is locked) (new in 0.6.0)
          • 
+
        • reset his password (in case his account is locked) (new in 0.6.0)
          • 
+
        
+
        
+
        
+
        • 
 
      • delete a user
        • 
 
      
 
      • 
diff --git a/docs/http-routingtable.html b/docs/http-routingtable.html
index 8bfbcb2a..b2f6ddc1 100644
--- a/docs/http-routingtable.html
+++ b/docs/http-routingtable.html
@@ -125,11 +125,6 @@
       
      
        /api
-     
-       
-       
-       GET /api/auth/logout
-       
      
        
        
@@ -235,6 +230,21 @@
        
        GET /api/workouts/map_tile/(s)/(z)/(x)/(y).png
        
+     
+       
+       
+       POST /api/auth/account/confirm
+       
+     
+       
+       
+       POST /api/auth/account/resend-confirmation
+       
+     
+       
+       
+       POST /api/auth/email/update
+       
      
        
        
@@ -305,6 +315,11 @@
        
        DELETE /api/workouts/(string:workout_short_id)
        
+     
+       
+       
+       PATCH /api/auth/profile/edit/account
+       
      
        
        
diff --git a/docs/installation.html b/docs/installation.html
index 6450d409..b4f8a0f3 100644
--- a/docs/installation.html
+++ b/docs/installation.html
@@ -557,6 +557,10 @@ $ source .env
 
      $ fittrackee_set_admin <username>
 
      
 
      
+
      
+
      Note
      
+
      If the user account is inactive, it activates it.
      
+
      
 
 
      
 
      From sources
      
diff --git a/docs/objects.inv b/docs/objects.inv
index 7a18102342d48ebc4d5c619f288da80a0c82956c..2714876ab1074bd50cbec4b2ed5d518fc28826f2 100644
GIT binary patch
delta 1204
zcmV;l1WWt!38V^;fPcYqqc{+T?>q%nyNBeUq2`(!N$`Y<6DYuw+7qRKVpD^G0Wp*8
z1MC~@d0%lKVOvOGA+QIzyay-H>i_GO)RK^etIWbJ-B~zE%C?|ZQWkGny*GE1RyS4I
zQ1i3dJAK;Gef}FWA_O+XY)A-EFGPklf!3rUMcTVynw5oqfPXoN9E|L7mRoI=VoH|N
zI~5Wt8JCyaOe0I~E(0puG(XEa?RwAB|K1YdEGG7PG}h0C(CziWp6Pg%CA6&tEG0RC
zb`{6XGEj()f)-^p2dT@qEEkY1nKHm8BZT`5!Xjy=GyGhII@K{;U*Q6aX|kJgne_;`
zFYe<3s+zo!ntv1tY0k?X$%La}nyRenxeb!&yOZlv!THK}?AzQ+fg`4}Yx;md5lnnqo$78&byw-ji$V
z^&{@QCTTNIHEU)=k{S)_Q+%53$=Uc$Jfh<~UruArLe037S?-LAk~_*OxkodrSc1sQ
zxHHTB`2}-9RvI+9R3x5MDa(oDQ%y5Z^@M{X_*>ad7hG>wc!T?_T-xi#`on&A3;;Vb
ztziqf5r2lb*&W}g$8dR;`xYc{Xo}Meym&}17g8=3WgHLna>=k(vcvEM-(mP-okkM#
zoJ6dKZ1)7d-1*MSUoJW=Qie$I#YQa!Tb}y1dcRz145k&@O3R-`UgGqkIiP{6m(2e^
zcPzQZleWi|bp?OUNdaVN(9VG2OoWfjtLECe`hOFC@9_J${!~pro)!e^SkUQf1S|wB
z)U(vUMHvtErm^cHp+ko4`|;ZQVm36rA;pg$xCTU4z&V}g(&rs-Lca?|=-dTP6hAtD
zXbYpref|<^%3i$S(Ft@^_jY98+MyHQyPu_j11?=cGsFotk!n;7{kzMXdb*U(r}05Vmpcg_jVJx-m`|%_X3?j
zfdg}>+5gaazITGS8#)bH3^9n!Rh%b&E
zJwV5pQg7voj>82rN7_dEqNw~Kh8GTmlJ65KFx0t2|2yJ8ejFjEW^EMwh#`Wc|v!MfTg4$(5~XRSq2KxQP8ZcrXWrAniphl9eVc(ghkR^XZX1a
zb*f`HcpAjDJfZfXg-b=Cck^K_wEdl8J!Qw~ECOb*}k=67YU5Pz7YDqr(Voe$i)YcS2LQkfV+F`=(9O*Y2~UGo&9&P%NfI)9;UNCFG5
zRpr902zzItm8Zc$%B_lWSoFTac}cI8D$n8|rbMHXp1{gOD}$vmJ&mTAk#{X=;u3Gk
z!g_g+JFijN%u~&p*^s10d-W+k&9~%id?y~zaZ${tF@I;FX53MgJENlHjJ{b^NGVlM>9|L0D=?pE1c@1QuKC(w|AeEOMBf=f7tJi
z0bpmQ4QwIT!VtHc;~Vu5E?2p4K>~-yIL*Mbhvaf0<;kLq<6*vBGOU$sFg(F$624fc
zk;FVF5r3;C*_M=4?7aNtqGgdXM1n6iYAM+K)U*2Sa;Y(xR%k1&ew0Op(~IVS_Ef!O
z{(S9Naf6hq(WN5FQ0K=IGADLI}!n*nizc={3FFw}ekEa=dIu>+#fq;d8
zg?g46xUAy+eAC!N*ffL0K
z&fnU?C~}`ZhnliyFL-bQ9o3y3**A9R#CL9J->jV2_q-KEJ_oT5Rys0gX|GpN97cBJ
z-agvC`QN|4{+S6Fi;>|x+U`m-iRH=;A7U6f4b8n5MjGyrTx>^C;NGkw*L%`X`d*+D
zD1UIEhMN5kou@k|h`XWFkVP)cl+X#jfL1Ty+SL{KE6=`*m);5z)zE!eJFKqo(~bD-
z*wH<7j4Ab2u2_DtA9%M;7&hue&JEv58w9YnmrnWk8j0!a0-~u;?021oiZaumC62lqZrWc)r5EBm0)&J7|?qg
zcV3D&BO~Qu+zb3d3g+BfxwFe24R&Cm2GW63o#K~*3?-vxuDy>U-we3fjF{aR)p}V9
zwajVM;N&Y|Zigv4^j4-W`_ for instance).
@@ -89,8 +95,12 @@ Administration
 
 - **Users**
 
-  - display users list and details
-  - edit a user to add/remove administration rights
+  - display and filter users list
+  - edit a user to:
+      - add/remove administration rights
+      - activate his account (*new in 0.6.0*)
+      - update his email (in case his account is locked) (*new in 0.6.0*)
+      - reset his password (in case his account is locked) (*new in 0.6.0*)
   - delete a user
 
 - **Sports**
diff --git a/docsrc/source/installation.rst b/docsrc/source/installation.rst
index b9d46376..66e03bda 100644
--- a/docsrc/source/installation.rst
+++ b/docsrc/source/installation.rst
@@ -298,6 +298,8 @@ For instance, copy and update ``.env`` file from ``.env.example`` and source the
 
    $ fittrackee_set_admin 
 
+.. note::
+    If the user account is inactive, it activates it.
 
 From sources
 ^^^^^^^^^^^^
diff --git a/fittrackee/users/auth.py b/fittrackee/users/auth.py
index a6cbb5b7..1c315e40 100644
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@@ -64,7 +64,7 @@ def send_account_confirmation_email(user: User) -> None:
 @auth_blueprint.route('/auth/register', methods=['POST'])
 def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
     """
-    register a user
+    register a user and send confirmation email.
 
     The newly created account is inactive. The user must confirm his email
     to activate it.
@@ -97,7 +97,7 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
       Content-Type: application/json
 
       {
-        "message": "Errors: email: valid email must be provided\n",
+        "message": "Errors: email: valid email must be provided\\n",
         "status": "error"
       }
 
@@ -111,8 +111,9 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
         - sorry, that username is already taken
         - Errors:
             - username: 3 to 30 characters required
-            - username: only alphanumeric characters and the underscore
-                        character "_" allowed
+            - username:
+              only alphanumeric characters and the underscore
+              character "_" allowed
             - email: valid email must be provided
             - password: 8 characters required
     :statuscode 403:
@@ -177,7 +178,8 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
 def login_user() -> Union[Dict, HttpResponse]:
     """
     user login
-    Only user with active account can log in
+
+    Only user with an active account can log in.
 
     **Example request**:
 
@@ -205,7 +207,7 @@ def login_user() -> Union[Dict, HttpResponse]:
 
     .. sourcecode:: http
 
-      HTTP/1.1 404 NOT FOUND
+      HTTP/1.1 401 UNAUTHORIZED
       Content-Type: application/json
 
       {
@@ -253,7 +255,7 @@ def get_authenticated_user_profile(
     auth_user: User,
 ) -> Union[Dict, HttpResponse]:
     """
-    get authenticated user info
+    get authenticated user info (profile, account, preferences)
 
     **Example request**:
 
@@ -353,7 +355,7 @@ def get_authenticated_user_profile(
 @authenticate
 def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
     """
-    edit authenticated user
+    edit authenticated user profile
 
     **Example request**:
 
@@ -503,6 +505,14 @@ def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
     """
     update authenticated user email and password
 
+    It sends emails:
+
+    - Password change
+    - Email change:
+
+      - one to the current address to inform user
+      - another one to the new address to confirm it.
+
     **Example request**:
 
     .. sourcecode:: http
@@ -1283,6 +1293,8 @@ def update_email() -> Union[Dict, HttpResponse]:
 
     **Example response**:
 
+    .. sourcecode:: http
+
       HTTP/1.1 200 OK
       Content-Type: application/json
 
@@ -1340,6 +1352,8 @@ def confirm_account() -> Union[Dict, HttpResponse]:
 
     **Example response**:
 
+    .. sourcecode:: http
+
       HTTP/1.1 200 OK
       Content-Type: application/json
 
@@ -1400,6 +1414,8 @@ def resend_account_confirmation_email() -> Union[Dict, HttpResponse]:
 
     **Example response**:
 
+    .. sourcecode:: http
+
       HTTP/1.1 200 OK
       Content-Type: application/json
 
diff --git a/fittrackee/users/users.py b/fittrackee/users/users.py
index 45db4193..3e821e44 100644
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@@ -51,7 +51,10 @@ def set_admin(username: str) -> None:
 @authenticate_as_admin
 def get_users(auth_user: User) -> Dict:
     """
-    Get all users (regardless their account status)
+    Get all users (regardless their account status), if authenticated user
+    has admin rights
+
+    It returns user preferences only for authenticated user.
 
     **Example request**:
 
@@ -140,7 +143,8 @@ def get_users(auth_user: User) -> Dict:
               "timezone": "Europe/Paris",
               "total_distance": 67.895,
               "total_duration": "6:50:27",
-              "username": "admin"
+              "username": "admin",
+              "weekm": false
             },
             {
               "admin": false,
@@ -250,7 +254,9 @@ def get_single_user(
     auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
     """
-    Get single user details
+    Get single user details. Only user with admin rights can get user details.
+
+    It returns user preferences only for authenticated user.
 
     **Example request**:
 
@@ -402,9 +408,10 @@ def get_picture(user_name: str) -> Any:
 def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
     """
     Update user account
-    - add/remove admin rights
-    - reset password and send email to update user password
-    - update user email
+
+    - add/remove admin rights (regardless user account status)
+    - reset password (and send email to update user password)
+    - update user email (and send email to update user password)
     - activate account for an inactive user
 
     Only user with admin rights can modify another user
@@ -413,7 +420,7 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
 
     .. sourcecode:: http
 
-      PATCH api/users/ HTTP/1.1
+      PATCH /api/users/ HTTP/1.1
       Content-Type: application/json
 
     **Example response**: