API & Docs - update and fix documentation

2022-03-26 20:30:37 +01:00 · 2022-03-26 20:30:37 +01:00 · 68f78c26e3
commit 68f78c26e3
parent ae1c55e91b
16 changed files with 412 additions and 109 deletions
--- a/docs/_sources/api/auth.rst.txt
+++ b/docs/_sources/api/auth.rst.txt
@ -4,8 +4,9 @@ Authentication
 .. autoflask:: fittrackee:create_app()
   :endpoints:
    auth.register_user,
    auth.confirm_account,
    auth.resend_account_confirmation_email,
    auth.login_user,
    auth.logout_user,
    auth.get_authenticated_user_profile,
    auth.edit_user,
    auth.edit_user_preferences,
@ -14,4 +15,6 @@ Authentication
    auth.edit_picture,
    auth.del_picture,
    auth.request_password_reset,
-    auth.update_password
+    auth.update_user_account,
    auth.update_password,
    auth.update_email
--- a/docs/_sources/features.rst.txt
+++ b/docs/_sources/features.rst.txt
@ -44,9 +44,13 @@ Workouts
    - average speed  (**new in 0.5.1**)
 - User records by sports:
    - average speed
-    - farest distance
+    - farthest distance
    - longest duration
    - maximum speed
 .. note::
  Records may differ from records displayed by the application that originally generated the gpx files.
 - Workouts list and filter. Only sports with workouts are displayed in sport dropdown.
 .. note::
@ -58,6 +62,7 @@ Account & preferences
 - A user can create, update and deleted his account
 - A user can set language, timezone and first day of week.
 - A user can reset his password (*new in 0.3.0*)
 - A user can change his email address (*new in 0.6.0*)
 - A user can choose between metric system and imperial system for distance, elevation and speed display (*new in 0.5.0*)
 - A user can set sport preferences (*new in 0.5.0*):
     - change sport color (used for sport image and charts)
@ -82,6 +87,7 @@ Administration
  - maximum size of uploaded files
  - maximum size of zip archive
  - maximum number of files in the zip archive. If an archive contains more files, only the configured number of files is processed, without raising errors.
  - administrator email for contact (*new in 0.6.0*)
  .. warning::
      Updating server configuration may be necessary to handle large files (like `nginx <https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size>`_ for instance).
@ -89,8 +95,12 @@ Administration
 - **Users**
-  - display users list and details
+  - display and filter users list
-  - edit a user to add/remove administration rights
+  - edit a user to:
      - add/remove administration rights
      - activate his account (*new in 0.6.0*)
      - update his email (in case his account is locked) (*new in 0.6.0*)
      - reset his password (in case his account is locked) (*new in 0.6.0*)
  - delete a user
 - **Sports**
--- a/docs/_sources/installation.rst.txt
+++ b/docs/_sources/installation.rst.txt
@ -298,6 +298,8 @@ For instance, copy and update ``.env`` file from ``.env.example`` and source the
   $ fittrackee_set_admin <username>
 .. note::
    If the user account is inactive, it activates it.
 From sources
 ^^^^^^^^^^^^
--- a/docs/api/auth.html
+++ b/docs/api/auth.html
@ -130,7 +130,9 @@
 <dl class="http post">
 <dt class="sig sig-object http" id="post--api-auth-register">
 <span class="sig-name descname"><span class="pre">POST</span> </span><span class="sig-name descname"><span class="pre">/api/auth/register</span></span><a class="headerlink" href="#post--api-auth-register" title="Permalink to this definition">¶</a></dt>
-<dd><p>register a user</p>
+<dd><p>register a user and send confirmation email.</p>
 <p>The newly created account is inactive. The user must confirm his email
 to activate it.</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">POST</span> <span class="nn">/api/auth/register</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
@ -138,14 +140,12 @@
 </div>
 <p><strong>Example responses</strong>:</p>
 <ul class="simple">
-<li><p>successful registration</p></li>
+<li><p>success</p></li>
 </ul>
-<div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">201</span> <span class="ne">CREATED</span>
+<div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">SUCCESS</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 <span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;auth_token&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;JSON Web Token&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;message&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;successfully registered&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;status&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;success&quot;</span><span class="w"></span>
 <span class="p">}</span><span class="w"></span>
 </pre></div>
@ -165,23 +165,24 @@
 <dl class="field-list simple">
 <dt class="field-odd">Request JSON Object</dt>
 <dd class="field-odd"><ul class="simple">
-<li><p><strong>username</strong> (<em>string</em>) – user name (3 to 12 characters required)</p></li>
+<li><p><strong>username</strong> (<em>string</em>) – username (3 to 30 characters required)</p></li>
 <li><p><strong>email</strong> (<em>string</em>) – user email</p></li>
 <li><p><strong>password</strong> (<em>string</em>) – password (8 characters required)</p></li>
 <li><p><strong>password_conf</strong> (<em>string</em>) – password confirmation</p></li>
 </ul>
 </dd>
 <dt class="field-even">Status Codes</dt>
 <dd class="field-even"><ul class="simple">
-<li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.2">201 Created</a></span> – successfully registered</p></li>
+<li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a></span> – success</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1">400 Bad Request</a></span> – <ul>
 <li><p>invalid payload</p></li>
-<li><p>sorry, that user already exists</p></li>
+<li><p>sorry, that username is already taken</p></li>
 <li><dl class="simple">
 <dt>Errors:</dt><dd><ul>
-<li><p>username: 3 to 12 characters required</p></li>
+<li><p>username: 3 to 30 characters required</p></li>
 <li><p>username:
 only alphanumeric characters and the underscore
 character “_” allowed</p></li>
 <li><p>email: valid email must be provided</p></li>
 <li><p>password: password and password confirmation don’t match</p></li>
 <li><p>password: 8 characters required</p></li>
 </ul>
 </dd>
@ -196,10 +197,82 @@
 </dl>
 </dd></dl>
 <dl class="http post">
 <dt class="sig sig-object http" id="post--api-auth-account-confirm">
 <span class="sig-name descname"><span class="pre">POST</span> </span><span class="sig-name descname"><span class="pre">/api/auth/account/confirm</span></span><a class="headerlink" href="#post--api-auth-account-confirm" title="Permalink to this definition">¶</a></dt>
 <dd><p>activate user account after registration</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">POST</span> <span class="nn">/api/auth/account/confirm</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 </pre></div>
 </div>
 <p><strong>Example response</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 <span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;auth_token&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;JSON Web Token&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;message&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;account confirmation successful&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;status&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;success&quot;</span><span class="w"></span>
 <span class="p">}</span><span class="w"></span>
 </pre></div>
 </div>
 <dl class="field-list simple">
 <dt class="field-odd">Request JSON Object</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><strong>token</strong> (<em>string</em>) – confirmation token</p></li>
 </ul>
 </dd>
 <dt class="field-even">Status Codes</dt>
 <dd class="field-even"><ul class="simple">
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a></span> – account confirmation successful</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1">400 Bad Request</a></span> – invalid payload</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1">500 Internal Server Error</a></span> – error, please try again or contact the administrator</p></li>
 </ul>
 </dd>
 </dl>
 </dd></dl>
 <dl class="http post">
 <dt class="sig sig-object http" id="post--api-auth-account-resend-confirmation">
 <span class="sig-name descname"><span class="pre">POST</span> </span><span class="sig-name descname"><span class="pre">/api/auth/account/resend-confirmation</span></span><a class="headerlink" href="#post--api-auth-account-resend-confirmation" title="Permalink to this definition">¶</a></dt>
 <dd><p>resend email with instructions to confirm account</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">POST</span> <span class="nn">/api/auth/account/resend-confirmation</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 </pre></div>
 </div>
 <p><strong>Example response</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 <span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;message&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;confirmation email resent&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;status&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;success&quot;</span><span class="w"></span>
 <span class="p">}</span><span class="w"></span>
 </pre></div>
 </div>
 <dl class="field-list simple">
 <dt class="field-odd">Request JSON Object</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><strong>email</strong> (<em>string</em>) – user email</p></li>
 </ul>
 </dd>
 <dt class="field-even">Status Codes</dt>
 <dd class="field-even"><ul class="simple">
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a></span> – confirmation email resent</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1">400 Bad Request</a></span> – invalid payload</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1">500 Internal Server Error</a></span> – error, please try again or contact the administrator</p></li>
 </ul>
 </dd>
 </dl>
 </dd></dl>
 <dl class="http post">
 <dt class="sig sig-object http" id="post--api-auth-login">
 <span class="sig-name descname"><span class="pre">POST</span> </span><span class="sig-name descname"><span class="pre">/api/auth/login</span></span><a class="headerlink" href="#post--api-auth-login" title="Permalink to this definition">¶</a></dt>
 <dd><p>user login</p>
 <p>Only user with an active account can log in.</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">POST</span> <span class="nn">/api/auth/login</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
@ -222,7 +295,7 @@
 <ul class="simple">
 <li><p>error on login</p></li>
 </ul>
-<div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">404</span> <span class="ne">NOT FOUND</span>
+<div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">401</span> <span class="ne">UNAUTHORIZED</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 <span class="p">{</span><span class="w"></span>
@ -235,7 +308,7 @@
 <dt class="field-odd">Request JSON Object</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><strong>email</strong> (<em>string</em>) – user email</p></li>
-<li><p><strong>password_conf</strong> (<em>string</em>) – password confirmation</p></li>
+<li><p><strong>password</strong> (<em>string</em>) – password</p></li>
 </ul>
 </dd>
 <dt class="field-even">Status Codes</dt>
@ -249,59 +322,10 @@
 </dl>
 </dd></dl>
 <dl class="http get">
 <dt class="sig sig-object http" id="get--api-auth-logout">
 <span class="sig-name descname"><span class="pre">GET</span> </span><span class="sig-name descname"><span class="pre">/api/auth/logout</span></span><a class="headerlink" href="#get--api-auth-logout" title="Permalink to this definition">¶</a></dt>
 <dd><p>user logout</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">GET</span> <span class="nn">/api/auth/logout</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 </pre></div>
 </div>
 <p><strong>Example responses</strong>:</p>
 <ul class="simple">
 <li><p>successful logout</p></li>
 </ul>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 <span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;message&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;successfully logged out&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;status&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;success&quot;</span><span class="w"></span>
 <span class="p">}</span><span class="w"></span>
 </pre></div>
 </div>
 <ul class="simple">
 <li><p>error on login</p></li>
 </ul>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">401</span> <span class="ne">UNAUTHORIZED</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 <span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;message&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;provide a valid auth token&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;status&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;error&quot;</span><span class="w"></span>
 <span class="p">}</span><span class="w"></span>
 </pre></div>
 </div>
 <dl class="field-list simple">
 <dt class="field-odd">Request Headers</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><span><a class="reference external" href="https://tools.ietf.org/html/rfc7235#section-4.2">Authorization</a></span> – OAuth 2.0 Bearer Token</p></li>
 </ul>
 </dd>
 <dt class="field-even">Status Codes</dt>
 <dd class="field-even"><ul class="simple">
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a></span> – successfully logged out</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">401 Unauthorized</a></span> – provide a valid auth token</p></li>
 </ul>
 </dd>
 </dl>
 </dd></dl>
 <dl class="http get">
 <dt class="sig sig-object http" id="get--api-auth-profile">
 <span class="sig-name descname"><span class="pre">GET</span> </span><span class="sig-name descname"><span class="pre">/api/auth/profile</span></span><a class="headerlink" href="#get--api-auth-profile" title="Permalink to this definition">¶</a></dt>
-<dd><p>get authenticated user info</p>
+<dd><p>get authenticated user info (profile, account, preferences)</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">GET</span> <span class="nn">/api/auth/profile</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
@ -320,6 +344,7 @@
 <span class="w">    </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;first_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;imperial_units&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;is_active&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;language&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;en&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;last_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;location&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
@ -402,7 +427,7 @@
 <dl class="http post">
 <dt class="sig sig-object http" id="post--api-auth-profile-edit">
 <span class="sig-name descname"><span class="pre">POST</span> </span><span class="sig-name descname"><span class="pre">/api/auth/profile/edit</span></span><a class="headerlink" href="#post--api-auth-profile-edit" title="Permalink to this definition">¶</a></dt>
-<dd><p>edit authenticated user</p>
+<dd><p>edit authenticated user profile</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">POST</span> <span class="nn">/api/auth/profile/edit</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
@ -421,6 +446,7 @@
 <span class="w">    </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;first_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;imperial_units&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;is_active&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;language&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;en&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;last_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;location&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
@ -489,8 +515,6 @@
 <li><p><strong>location</strong> (<em>string</em>) – user location</p></li>
 <li><p><strong>bio</strong> (<em>string</em>) – user biography</p></li>
 <li><p><strong>birth_date</strong> (<em>string</em>) – user birth date (format: <code class="docutils literal notranslate"><span class="pre">%Y-%m-%d</span></code>)</p></li>
 <li><p><strong>password</strong> (<em>string</em>) – user password</p></li>
 <li><p><strong>password_conf</strong> (<em>string</em>) – user password confirmation</p></li>
 </ul>
 </dd>
 <dt class="field-even">Request Headers</dt>
@ -503,7 +527,6 @@
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a></span> – user profile updated</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1">400 Bad Request</a></span> – <ul>
 <li><p>invalid payload</p></li>
 <li><p>password: password and password confirmation don’t match</p></li>
 </ul>
 </p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">401 Unauthorized</a></span> – <ul>
@ -540,6 +563,7 @@
 <span class="w">    </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;first_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;imperial_units&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;is_active&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;language&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;en&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;last_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;location&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
@ -862,10 +886,140 @@
 </dl>
 </dd></dl>
 <dl class="http patch">
 <dt class="sig sig-object http" id="patch--api-auth-profile-edit-account">
 <span class="sig-name descname"><span class="pre">PATCH</span> </span><span class="sig-name descname"><span class="pre">/api/auth/profile/edit/account</span></span><a class="headerlink" href="#patch--api-auth-profile-edit-account" title="Permalink to this definition">¶</a></dt>
 <dd><p>update authenticated user email and password</p>
 <p>It sends emails:</p>
 <ul class="simple">
 <li><p>Password change</p></li>
 <li><p>Email change:</p>
 <ul>
 <li><p>one to the current address to inform user</p></li>
 <li><p>another one to the new address to confirm it.</p></li>
 </ul>
 </li>
 </ul>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">PATCH</span> <span class="nn">/api/auth/profile/edit/account</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 </pre></div>
 </div>
 <p><strong>Example response</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 <span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;data&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;admin&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;bio&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;birth_date&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;created_at&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Sun, 14 Jul 2019 14:09:58 GMT&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;first_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;imperial_units&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;is_active&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;language&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;en&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;last_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;location&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;nb_sports&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">3</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;nb_workouts&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">6</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;picture&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;records&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
 <span class="w">      </span><span class="p">{</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;id&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">9</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;record_type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;AS&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;sport_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;user&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;value&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">18</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;workout_date&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Sun, 07 Jul 2019 08:00:00 GMT&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;workout_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;hvYBqYBRa7wwXpaStWR4V2&quot;</span><span class="w"></span>
 <span class="w">      </span><span class="p">},</span><span class="w"></span>
 <span class="w">      </span><span class="p">{</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;id&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;record_type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;FD&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;sport_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;user&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;value&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">18</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;workout_date&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Sun, 07 Jul 2019 08:00:00 GMT&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;workout_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;hvYBqYBRa7wwXpaStWR4V2&quot;</span><span class="w"></span>
 <span class="w">      </span><span class="p">},</span><span class="w"></span>
 <span class="w">      </span><span class="p">{</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;id&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">11</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;record_type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;LD&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;sport_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;user&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;value&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;1:01:00&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;workout_date&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Sun, 07 Jul 2019 08:00:00 GMT&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;workout_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;hvYBqYBRa7wwXpaStWR4V2&quot;</span><span class="w"></span>
 <span class="w">      </span><span class="p">},</span><span class="w"></span>
 <span class="w">      </span><span class="p">{</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;id&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">12</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;record_type&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;MS&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;sport_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;user&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;value&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">18</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;workout_date&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Sun, 07 Jul 2019 08:00:00 GMT&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;workout_id&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;hvYBqYBRa7wwXpaStWR4V2&quot;</span><span class="w"></span>
 <span class="w">      </span><span class="p">}</span><span class="w"></span>
 <span class="w">    </span><span class="p">],</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;sports_list&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"></span>
 <span class="w">        </span><span class="mi">1</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="mi">4</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="mi">6</span><span class="w"></span>
 <span class="w">    </span><span class="p">],</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;timezone&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Europe/Paris&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;total_distance&quot;</span><span class="p">:</span><span class="w"> </span><span class="mf">67.895</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;total_duration&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;6:50:27&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;username&quot;</span><span class="p">:</span><span class="w"> </span><span class="nt">&quot;sam&quot;</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;weekm&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="p">},</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;message&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;user account updated&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;status&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;success&quot;</span><span class="w"></span>
 <span class="p">}</span><span class="w"></span>
 </pre></div>
 </div>
 <dl class="field-list simple">
 <dt class="field-odd">Request JSON Object</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><strong>email</strong> (<em>string</em>) – user email</p></li>
 <li><p><strong>password</strong> (<em>string</em>) – user current password</p></li>
 <li><p><strong>new_password</strong> (<em>string</em>) – user new password</p></li>
 </ul>
 </dd>
 <dt class="field-even">Request Headers</dt>
 <dd class="field-even"><ul class="simple">
 <li><p><span><a class="reference external" href="https://tools.ietf.org/html/rfc7235#section-4.2">Authorization</a></span> – OAuth 2.0 Bearer Token</p></li>
 </ul>
 </dd>
 <dt class="field-odd">Status Codes</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a></span> – user account updated</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1">400 Bad Request</a></span> – <ul>
 <li><p>invalid payload</p></li>
 <li><p>email is missing</p></li>
 <li><p>current password is missing</p></li>
 <li><p>email: valid email must be provided</p></li>
 <li><p>password: 8 characters required</p></li>
 </ul>
 </p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">401 Unauthorized</a></span> – <ul>
 <li><p>provide a valid auth token</p></li>
 <li><p>signature expired, please log in again</p></li>
 <li><p>invalid token, please log in again</p></li>
 <li><p>invalid credentials</p></li>
 </ul>
 </p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1">500 Internal Server Error</a></span> – error, please try again or contact the administrator</p></li>
 </ul>
 </dd>
 </dl>
 </dd></dl>
 <dl class="http post">
 <dt class="sig sig-object http" id="post--api-auth-password-update">
 <span class="sig-name descname"><span class="pre">POST</span> </span><span class="sig-name descname"><span class="pre">/api/auth/password/update</span></span><a class="headerlink" href="#post--api-auth-password-update" title="Permalink to this definition">¶</a></dt>
-<dd><p>update user password</p>
+<dd><p>update user password after password reset request</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">POST</span> <span class="nn">/api/auth/password/update</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
@ -885,7 +1039,6 @@
 <dt class="field-odd">Request JSON Object</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><strong>password</strong> (<em>string</em>) – password (8 characters required)</p></li>
 <li><p><strong>password_conf</strong> (<em>string</em>) – password confirmation</p></li>
 <li><p><strong>token</strong> (<em>string</em>) – password reset token</p></li>
 </ul>
 </dd>
@ -900,6 +1053,41 @@
 </dl>
 </dd></dl>
 <dl class="http post">
 <dt class="sig sig-object http" id="post--api-auth-email-update">
 <span class="sig-name descname"><span class="pre">POST</span> </span><span class="sig-name descname"><span class="pre">/api/auth/email/update</span></span><a class="headerlink" href="#post--api-auth-email-update" title="Permalink to this definition">¶</a></dt>
 <dd><p>update user email after confirmation</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">POST</span> <span class="nn">/api/auth/email/update</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 </pre></div>
 </div>
 <p><strong>Example response</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 <span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;message&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;email updated&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;status&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;success&quot;</span><span class="w"></span>
 <span class="p">}</span><span class="w"></span>
 </pre></div>
 </div>
 <dl class="field-list simple">
 <dt class="field-odd">Request JSON Object</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><strong>token</strong> (<em>string</em>) – password reset token</p></li>
 </ul>
 </dd>
 <dt class="field-even">Status Codes</dt>
 <dd class="field-even"><ul class="simple">
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a></span> – email updated</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1">400 Bad Request</a></span> – invalid payload</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1">500 Internal Server Error</a></span> – error, please try again or contact the administrator</p></li>
 </ul>
 </dd>
 </dl>
 </dd></dl>
 </section>
--- a/docs/api/configuration.html
+++ b/docs/api/configuration.html
@ -180,6 +180,7 @@
 <span class="p">{</span><span class="w"></span>
 <span class="w">  </span><span class="nt">&quot;data&quot;</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;admin_contact&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;admin@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;gpx_limit_import&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">10</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;is_registration_enabled&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">    </span><span class="nt">&quot;max_single_file_size&quot;</span><span class="p">:</span><span class="w"> </span><span class="mi">1048576</span><span class="p">,</span><span class="w"></span>
@ -193,6 +194,7 @@
 <dl class="field-list simple">
 <dt class="field-odd">Request JSON Object</dt>
 <dd class="field-odd"><ul class="simple">
 <li><p><strong>admin_contact</strong> (<em>string</em>) – email to contact the administrator</p></li>
 <li><p><strong>gpx_limit_import</strong> (<em>integer</em>) – max number of files in zip archive</p></li>
 <li><p><strong>is_registration_enabled</strong> (<em>boolean</em>) – is registration enabled ?</p></li>
 <li><p><strong>max_single_file_size</strong> (<em>integer</em>) – max size of a single file</p></li>
@ -213,6 +215,7 @@
 <li><p>provide a valid auth token</p></li>
 <li><p>signature expired, please log in again</p></li>
 <li><p>invalid token, please log in again</p></li>
 <li><p>valid email must be provided for admin contact</p></li>
 </ul>
 </p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.4">403 Forbidden</a></span> – you do not have permissions</p></li>
--- a/docs/api/users.html
+++ b/docs/api/users.html
@ -130,7 +130,9 @@
 <dl class="http get">
 <dt class="sig sig-object http" id="get--api-users">
 <span class="sig-name descname"><span class="pre">GET</span> </span><span class="sig-name descname"><span class="pre">/api/users</span></span><a class="headerlink" href="#get--api-users" title="Permalink to this definition">¶</a></dt>
-<dd><p>Get all users</p>
+<dd><p>Get all users (regardless their account status), if authenticated user
 has admin rights</p>
 <p>It returns user preferences only for authenticated user.</p>
 <p><strong>Example request</strong>:</p>
 <ul class="simple">
 <li><p>without parameters</p></li>
@ -160,6 +162,7 @@
 <span class="w">        </span><span class="nt">&quot;created_at&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Sun, 14 Jul 2019 14:09:58 GMT&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;admin@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;first_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;is_admin&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;imperial_units&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;language&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;en&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;last_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
@ -213,7 +216,8 @@
 <span class="w">        </span><span class="nt">&quot;timezone&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Europe/Paris&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;total_distance&quot;</span><span class="p">:</span><span class="w"> </span><span class="mf">67.895</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;total_duration&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;6:50:27&quot;</span><span class="p">,</span><span class="w"></span>
-<span class="w">        </span><span class="nt">&quot;username&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;admin&quot;</span><span class="w"></span>
+<span class="w">        </span><span class="nt">&quot;username&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;admin&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;weekm&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="w"></span>
 <span class="w">      </span><span class="p">},</span><span class="w"></span>
 <span class="w">      </span><span class="p">{</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;admin&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
@ -222,6 +226,7 @@
 <span class="w">        </span><span class="nt">&quot;created_at&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;Sat, 20 Jul 2019 11:27:03 GMT&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;sam@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;first_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;is_admin&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;language&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;fr&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;last_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">        </span><span class="nt">&quot;location&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
@ -248,7 +253,7 @@
 <li><p><strong>per_page</strong> (<em>integer</em>) – number of users per page (default: 10, max: 50)</p></li>
 <li><p><strong>q</strong> (<em>string</em>) – query on user name</p></li>
 <li><p><strong>order_by</strong> (<em>string</em>) – sorting criteria (<code class="docutils literal notranslate"><span class="pre">username</span></code>, <code class="docutils literal notranslate"><span class="pre">created_at</span></code>,
-<code class="docutils literal notranslate"><span class="pre">workouts_count</span></code>, <code class="docutils literal notranslate"><span class="pre">admin</span></code>)</p></li>
+<code class="docutils literal notranslate"><span class="pre">workouts_count</span></code>, <code class="docutils literal notranslate"><span class="pre">admin</span></code>, <code class="docutils literal notranslate"><span class="pre">is_active</span></code>)</p></li>
 <li><p><strong>order</strong> (<em>string</em>) – sorting order (default: <code class="docutils literal notranslate"><span class="pre">asc</span></code>)</p></li>
 </ul>
 </dd>
@ -274,7 +279,8 @@
 <dl class="http get">
 <dt class="sig sig-object http" id="get--api-users-(user_name)">
 <span class="sig-name descname"><span class="pre">GET</span> </span><span class="sig-name descname"><span class="pre">/api/users/</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="pre">user_name</span></em><span class="sig-paren">)</span><a class="headerlink" href="#get--api-users-(user_name)" title="Permalink to this definition">¶</a></dt>
-<dd><p>Get single user details</p>
+<dd><p>Get single user details. Only user with admin rights can get user details.</p>
 <p>It returns user preferences only for authenticated user.</p>
 <p><strong>Example request</strong>:</p>
 <div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">GET</span> <span class="nn">/api/users/admin</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
@ -294,6 +300,7 @@
 <span class="w">      </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;admin@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;first_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;imperial_units&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;is_admin&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;language&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;en&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;last_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;location&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
@ -418,10 +425,16 @@
 <dl class="http patch">
 <dt class="sig sig-object http" id="patch--api-users-(user_name)">
 <span class="sig-name descname"><span class="pre">PATCH</span> </span><span class="sig-name descname"><span class="pre">/api/users/</span></span><span class="sig-paren">(</span><em class="sig-param"><span class="pre">user_name</span></em><span class="sig-paren">)</span><a class="headerlink" href="#patch--api-users-(user_name)" title="Permalink to this definition">¶</a></dt>
-<dd><p>Update user to add admin rights</p>
+<dd><p>Update user account</p>
 <ul class="simple">
 <li><p>add/remove admin rights (regardless user account status)</p></li>
 <li><p>reset password (and send email to update user password)</p></li>
 <li><p>update user email (and send email to update user password)</p></li>
 <li><p>activate account for an inactive user</p></li>
 </ul>
 <p>Only user with admin rights can modify another user</p>
 <p><strong>Example request</strong>:</p>
-<div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">PATCH</span> <span class="nn">api/users/&lt;user_name&gt;</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
+<div class="highlight-http notranslate"><div class="highlight"><pre><span></span><span class="nf">PATCH</span> <span class="nn">/api/users/&lt;user_name&gt;</span> <span class="kr">HTTP</span><span class="o">/</span><span class="m">1.1</span>
 <span class="na">Content-Type</span><span class="o">:</span> <span class="l">application/json</span>
 </pre></div>
 </div>
@ -439,6 +452,7 @@
 <span class="w">      </span><span class="nt">&quot;email&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;admin@example.com&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;first_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;imperial_units&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">false</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;is_active&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;language&quot;</span><span class="p">:</span><span class="w"> </span><span class="s2">&quot;en&quot;</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;last_name&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
 <span class="w">      </span><span class="nt">&quot;location&quot;</span><span class="p">:</span><span class="w"> </span><span class="kc">null</span><span class="p">,</span><span class="w"></span>
@ -506,7 +520,10 @@
 </dd>
 <dt class="field-even">Request JSON Object</dt>
 <dd class="field-even"><ul class="simple">
 <li><p><strong>activate</strong> (<em>boolean</em>) – activate user account</p></li>
 <li><p><strong>admin</strong> (<em>boolean</em>) – does the user have administrator rights</p></li>
 <li><p><strong>new_email</strong> (<em>boolean</em>) – new user email</p></li>
 <li><p><strong>reset_password</strong> (<em>boolean</em>) – reset user password</p></li>
 </ul>
 </dd>
 <dt class="field-odd">Request Headers</dt>
@ -517,6 +534,12 @@
 <dt class="field-even">Status Codes</dt>
 <dd class="field-even"><ul class="simple">
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a></span> – success</p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1">400 Bad Request</a></span> – <ul>
 <li><p>invalid payload</p></li>
 <li><p>valid email must be provided</p></li>
 <li><p>new email must be different than curent email</p></li>
 </ul>
 </p></li>
 <li><p><span><a class="reference external" href="https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">401 Unauthorized</a></span> – <ul>
 <li><p>provide a valid auth token</p></li>
 <li><p>signature expired, please log in again</p></li>
--- a/docs/features.html
+++ b/docs/features.html
@ -209,13 +209,19 @@
 <li><dl class="simple">
 <dt>User records by sports:</dt><dd><ul class="simple">
 <li><p>average speed</p></li>
-<li><p>farest distance</p></li>
+<li><p>farthest distance</p></li>
 <li><p>longest duration</p></li>
 <li><p>maximum speed</p></li>
 </ul>
 </dd>
 </dl>
 </li>
 </ul>
 <div class="admonition note">
 <p class="admonition-title">Note</p>
 <p>Records may differ from records displayed by the application that originally generated the gpx files.</p>
 </div>
 <ul class="simple">
 <li><p>Workouts list and filter. Only sports with workouts are displayed in sport dropdown.</p></li>
 </ul>
 <div class="admonition note">
@ -229,6 +235,7 @@
 <li><p>A user can create, update and deleted his account</p></li>
 <li><p>A user can set language, timezone and first day of week.</p></li>
 <li><p>A user can reset his password (<em>new in 0.3.0</em>)</p></li>
 <li><p>A user can change his email address (<em>new in 0.6.0</em>)</p></li>
 <li><p>A user can choose between metric system and imperial system for distance, elevation and speed display (<em>new in 0.5.0</em>)</p></li>
 <li><dl class="simple">
 <dt>A user can set sport preferences (<em>new in 0.5.0</em>):</dt><dd><ul>
@ -260,6 +267,7 @@
 <li><p>maximum size of uploaded files</p></li>
 <li><p>maximum size of zip archive</p></li>
 <li><p>maximum number of files in the zip archive. If an archive contains more files, only the configured number of files is processed, without raising errors.</p></li>
 <li><p>administrator email for contact (<em>new in 0.6.0</em>)</p></li>
 </ul>
 <div class="admonition warning">
 <p class="admonition-title">Warning</p>
@ -268,8 +276,17 @@
 </li>
 <li><p><strong>Users</strong></p>
 <ul class="simple">
-<li><p>display users list and details</p></li>
+<li><p>display and filter users list</p></li>
-<li><p>edit a user to add/remove administration rights</p></li>
+<li><dl class="simple">
 <dt>edit a user to:</dt><dd><ul>
 <li><p>add/remove administration rights</p></li>
 <li><p>activate his account (<em>new in 0.6.0</em>)</p></li>
 <li><p>update his email (in case his account is locked) (<em>new in 0.6.0</em>)</p></li>
 <li><p>reset his password (in case his account is locked) (<em>new in 0.6.0</em>)</p></li>
 </ul>
 </dd>
 </dl>
 </li>
 <li><p>delete a user</p></li>
 </ul>
 </li>
--- a/docs/http-routingtable.html
+++ b/docs/http-routingtable.html
@ -125,11 +125,6 @@
     <tr class="pcap"><td></td><td>&#160;</td><td></td></tr>
     <tr class="cap" id="cap-/api"><td></td><td>
       <strong>/api</strong></td><td></td></tr>
     <tr>
       <td></td>
       <td>
       <a href="api/auth.html#get--api-auth-logout"><code class="xref">GET /api/auth/logout</code></a></td><td>
       <em></em></td></tr>
     <tr>
       <td></td>
       <td>
@ -235,6 +230,21 @@
       <td>
       <a href="api/workouts.html#get--api-workouts-map_tile-(s)-(z)-(x)-(y).png"><code class="xref">GET /api/workouts/map_tile/(s)/(z)/(x)/(y).png</code></a></td><td>
       <em></em></td></tr>
     <tr>
       <td></td>
       <td>
       <a href="api/auth.html#post--api-auth-account-confirm"><code class="xref">POST /api/auth/account/confirm</code></a></td><td>
       <em></em></td></tr>
     <tr>
       <td></td>
       <td>
       <a href="api/auth.html#post--api-auth-account-resend-confirmation"><code class="xref">POST /api/auth/account/resend-confirmation</code></a></td><td>
       <em></em></td></tr>
     <tr>
       <td></td>
       <td>
       <a href="api/auth.html#post--api-auth-email-update"><code class="xref">POST /api/auth/email/update</code></a></td><td>
       <em></em></td></tr>
     <tr>
       <td></td>
       <td>
@ -305,6 +315,11 @@
       <td>
       <a href="api/workouts.html#delete--api-workouts-(string-workout_short_id)"><code class="xref">DELETE /api/workouts/(string:workout_short_id)</code></a></td><td>
       <em></em></td></tr>
     <tr>
       <td></td>
       <td>
       <a href="api/auth.html#patch--api-auth-profile-edit-account"><code class="xref">PATCH /api/auth/profile/edit/account</code></a></td><td>
       <em></em></td></tr>
     <tr>
       <td></td>
       <td>
--- a/docs/installation.html
+++ b/docs/installation.html
@ -557,6 +557,10 @@ $ <span class="nb">source</span> .env
 <div class="highlight-bash notranslate"><div class="highlight"><pre><span></span>$ fittrackee_set_admin &lt;username&gt;
 </pre></div>
 </div>
 <div class="admonition note">
 <p class="admonition-title">Note</p>
 <p>If the user account is inactive, it activates it.</p>
 </div>
 </section>
 <section id="from-sources">
 <h3>From sources<a class="headerlink" href="#from-sources" title="Permalink to this headline">¶</a></h3>
--- a/docs/objects.inv
+++ b/docs/objects.inv
--- a/docs/searchindex.js
+++ b/docs/searchindex.js
--- a/docsrc/source/api/auth.rst
+++ b/docsrc/source/api/auth.rst
@ -4,8 +4,9 @@ Authentication
 .. autoflask:: fittrackee:create_app()
   :endpoints:
    auth.register_user,
    auth.confirm_account,
    auth.resend_account_confirmation_email,
    auth.login_user,
    auth.logout_user,
    auth.get_authenticated_user_profile,
    auth.edit_user,
    auth.edit_user_preferences,
@ -14,4 +15,6 @@ Authentication
    auth.edit_picture,
    auth.del_picture,
    auth.request_password_reset,
-    auth.update_password
+    auth.update_user_account,
    auth.update_password,
    auth.update_email
--- a/docsrc/source/features.rst
+++ b/docsrc/source/features.rst
@ -44,9 +44,13 @@ Workouts
    - average speed  (**new in 0.5.1**)
 - User records by sports:
    - average speed
-    - farest distance
+    - farthest distance
    - longest duration
    - maximum speed
 .. note::
  Records may differ from records displayed by the application that originally generated the gpx files.
 - Workouts list and filter. Only sports with workouts are displayed in sport dropdown.
 .. note::
@ -58,6 +62,7 @@ Account & preferences
 - A user can create, update and deleted his account
 - A user can set language, timezone and first day of week.
 - A user can reset his password (*new in 0.3.0*)
 - A user can change his email address (*new in 0.6.0*)
 - A user can choose between metric system and imperial system for distance, elevation and speed display (*new in 0.5.0*)
 - A user can set sport preferences (*new in 0.5.0*):
     - change sport color (used for sport image and charts)
@ -82,6 +87,7 @@ Administration
  - maximum size of uploaded files
  - maximum size of zip archive
  - maximum number of files in the zip archive. If an archive contains more files, only the configured number of files is processed, without raising errors.
  - administrator email for contact (*new in 0.6.0*)
  .. warning::
      Updating server configuration may be necessary to handle large files (like `nginx <https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size>`_ for instance).
@ -89,8 +95,12 @@ Administration
 - **Users**
-  - display users list and details
+  - display and filter users list
-  - edit a user to add/remove administration rights
+  - edit a user to:
      - add/remove administration rights
      - activate his account (*new in 0.6.0*)
      - update his email (in case his account is locked) (*new in 0.6.0*)
      - reset his password (in case his account is locked) (*new in 0.6.0*)
  - delete a user
 - **Sports**
--- a/docsrc/source/installation.rst
+++ b/docsrc/source/installation.rst
@ -298,6 +298,8 @@ For instance, copy and update ``.env`` file from ``.env.example`` and source the
   $ fittrackee_set_admin <username>
 .. note::
    If the user account is inactive, it activates it.
 From sources
 ^^^^^^^^^^^^
--- a/fittrackee/users/auth.py
+++ b/fittrackee/users/auth.py
@ -64,7 +64,7 @@ def send_account_confirmation_email(user: User) -> None:
@auth_blueprint.route('/auth/register', methods=['POST'])
 def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
    """
-    register a user
+    register a user and send confirmation email.
    The newly created account is inactive. The user must confirm his email
    to activate it.
@ -97,7 +97,7 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
      Content-Type: application/json
      {
-        "message": "Errors: email: valid email must be provided\n",
+        "message": "Errors: email: valid email must be provided\\n",
        "status": "error"
      }
@ -111,7 +111,8 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
        - sorry, that username is already taken
        - Errors:
            - username: 3 to 30 characters required
-            - username: only alphanumeric characters and the underscore
+            - username:
              only alphanumeric characters and the underscore
              character "_" allowed
            - email: valid email must be provided
            - password: 8 characters required
@ -177,7 +178,8 @@ def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
 def login_user() -> Union[Dict, HttpResponse]:
    """
    user login
-    Only user with active account can log in
+
    Only user with an active account can log in.
    **Example request**:
@ -205,7 +207,7 @@ def login_user() -> Union[Dict, HttpResponse]:
    .. sourcecode:: http
-      HTTP/1.1 404 NOT FOUND
+      HTTP/1.1 401 UNAUTHORIZED
      Content-Type: application/json
      {
@ -253,7 +255,7 @@ def get_authenticated_user_profile(
    auth_user: User,
 ) -> Union[Dict, HttpResponse]:
    """
-    get authenticated user info
+    get authenticated user info (profile, account, preferences)
    **Example request**:
@ -353,7 +355,7 @@ def get_authenticated_user_profile(
@authenticate
 def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
    """
-    edit authenticated user
+    edit authenticated user profile
    **Example request**:
@ -503,6 +505,14 @@ def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
    """
    update authenticated user email and password
    It sends emails:
    - Password change
    - Email change:
      - one to the current address to inform user
      - another one to the new address to confirm it.
    **Example request**:
    .. sourcecode:: http
@ -1283,6 +1293,8 @@ def update_email() -> Union[Dict, HttpResponse]:
    **Example response**:
    .. sourcecode:: http
      HTTP/1.1 200 OK
      Content-Type: application/json
@ -1340,6 +1352,8 @@ def confirm_account() -> Union[Dict, HttpResponse]:
    **Example response**:
    .. sourcecode:: http
      HTTP/1.1 200 OK
      Content-Type: application/json
@ -1400,6 +1414,8 @@ def resend_account_confirmation_email() -> Union[Dict, HttpResponse]:
    **Example response**:
    .. sourcecode:: http
      HTTP/1.1 200 OK
      Content-Type: application/json
--- a/fittrackee/users/users.py
+++ b/fittrackee/users/users.py
@ -51,7 +51,10 @@ def set_admin(username: str) -> None:
@authenticate_as_admin
 def get_users(auth_user: User) -> Dict:
    """
-    Get all users (regardless their account status)
+    Get all users (regardless their account status), if authenticated user
    has admin rights
    It returns user preferences only for authenticated user.
    **Example request**:
@ -140,7 +143,8 @@ def get_users(auth_user: User) -> Dict:
              "timezone": "Europe/Paris",
              "total_distance": 67.895,
              "total_duration": "6:50:27",
-              "username": "admin"
+              "username": "admin",
              "weekm": false
            },
            {
              "admin": false,
@ -250,7 +254,9 @@ def get_single_user(
    auth_user: User, user_name: str
 ) -> Union[Dict, HttpResponse]:
    """
-    Get single user details
+    Get single user details. Only user with admin rights can get user details.
    It returns user preferences only for authenticated user.
    **Example request**:
@ -402,9 +408,10 @@ def get_picture(user_name: str) -> Any:
 def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
    """
    Update user account
-    - add/remove admin rights
+
-    - reset password and send email to update user password
+    - add/remove admin rights (regardless user account status)
-    - update user email
+    - reset password (and send email to update user password)
    - update user email (and send email to update user password)
    - activate account for an inactive user
    Only user with admin rights can modify another user
@ -413,7 +420,7 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
    .. sourcecode:: http
-      PATCH api/users/<user_name> HTTP/1.1
+      PATCH /api/users/<user_name> HTTP/1.1
      Content-Type: application/json
    **Example response**: