added clients list to coach login response

This commit is contained in:
2026-05-22 12:59:57 +02:00
parent 03291862f7
commit c86372af2e
2 changed files with 72 additions and 5 deletions

View File

@ -50,6 +50,49 @@ Request:
Success:
```json
{
"ok": true,
"data": {
"token": "64-character-hex-token",
"user": "coach1",
"role": "coach",
"clients": [
{ "clientCode": "CLIENT-001" },
{ "clientCode": "CLIENT-002" }
]
}
}
```
For `coach` accounts, `clients` lists client codes currently assigned to that coach (`client.coachID`). Other roles omit this field or return an empty array.
If the account must change its password first, the response contains `mustChangePassword: true` and a temporary token. That temporary token cannot access questionnaire endpoints until the password is changed.
### Change password
`POST /api/auth/change-password`
Headers:
```http
Authorization: Bearer <token>
```
The token may be a normal session token or the temporary token returned when `mustChangePassword` is true.
Request:
```json
{
"username": "coach1",
"old_password": "temporary-or-current-password",
"new_password": "new-secret"
}
```
Success:
```json
{
"ok": true,
@ -61,7 +104,16 @@ Success:
}
```
If the account must change its password first, the response contains `mustChangePassword: true` and a temporary token. That temporary token cannot access questionnaire endpoints until the password is changed.
The server revokes the previous token and returns a new full session token. `new_password` must be at least 6 characters.
Common failures:
- `400 MISSING_FIELDS`: required fields missing.
- `400 PASSWORD_TOO_SHORT`: new password too short.
- `401 INVALID_CREDENTIALS`: old password incorrect.
- `403`: invalid, expired, or mismatched token.
There is no self-service signup endpoint. Coach accounts are created on the web by administrators.
## Fetch Questionnaires