diff --git a/doc/6/controllers/security/create-credentials/index.md b/doc/6/controllers/security/create-credentials/index.md
new file mode 100644
index 000000000..2d278dd79
--- /dev/null
+++ b/doc/6/controllers/security/create-credentials/index.md
@@ -0,0 +1,56 @@
+---
+code: true
+type: page
+title: createCredentials
+description: Creates authentication credentials for a user
+---
+
+# createCredentials
+
+Creates authentication credentials for a user.
+
+
+
+```js
+createCredentials(strategy, kuid, credentials, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `strategy` | string
| Strategy to use |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `credentials` | object
| New credentials |
+| `options` | object
| Query options |
+
+### credentials
+
+The credentials to send. The expected properties depend on the target authentication strategy.
+
+Example for the `local` strategy:
+
+```js
+{
+ username: 'foo',
+ password: 'bar'
+}
+```
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the credentials are indexed |
+
+## Resolves
+
+An `object` representing the new credentials.
+The content depends on the authentication strategy.
+
+## Usage
+
+<<< ./snippets/create-credentials.js
diff --git a/doc/6/controllers/security/create-credentials/snippets/create-credentials.js b/doc/6/controllers/security/create-credentials/snippets/create-credentials.js
new file mode 100644
index 000000000..89de8127b
--- /dev/null
+++ b/doc/6/controllers/security/create-credentials/snippets/create-credentials.js
@@ -0,0 +1,23 @@
+try {
+ await kuzzle.security.createUser('foo', {
+ content: {
+ profileIds: ['default'],
+ fullName: 'John Doe'
+ },
+ credentials: {}
+ });
+
+ const response = await kuzzle.security.createCredentials(
+ 'local',
+ 'foo',
+ { username: 'foo', password: 'bar' }
+ );
+ console.log(response);
+ /*
+ { username: 'foo' }
+ */
+
+ console.log('Credentials successfully created');
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/create-credentials/snippets/create-credentials.test.yml b/doc/6/controllers/security/create-credentials/snippets/create-credentials.test.yml
new file mode 100644
index 000000000..6680c77c4
--- /dev/null
+++ b/doc/6/controllers/security/create-credentials/snippets/create-credentials.test.yml
@@ -0,0 +1,6 @@
+name: security#createCredentials
+description: Creates credentials for the specified strategy
+hooks:
+ after: curl -X DELETE kuzzle:7512/users/foo?refresh=wait_for
+template: default
+expected: Credentials successfully created
diff --git a/doc/6/controllers/security/create-first-admin/index.md b/doc/6/controllers/security/create-first-admin/index.md
new file mode 100644
index 000000000..5f056150b
--- /dev/null
+++ b/doc/6/controllers/security/create-first-admin/index.md
@@ -0,0 +1,66 @@
+---
+code: true
+type: page
+title: createFirstAdmin
+description: Creates a Kuzzle administrator account, only if none exist.
+---
+
+# createFirstAdmin
+
+Creates a Kuzzle administrator account, only if none exist.
+
+
+
+```js
+createFirstAdmin(kuid, body, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `kuid` | string
| Administrator [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `body` | object
| Administrator content & credentials |
+| `options` | object
| Query options |
+
+### body
+
+The `body` property must contain two objects:
+- `content`: Administrator additional information. Can be left empty.
+Any other attribute can be added.
+Make sure to [update the user mapping](/sdk/js/6/controllers/security/update-user-mapping) collection to match your custom attributes.
+- `credentials`: Describe how the new administrator can be authenticated. This object must contain one or more
+properties, named after the target authentication strategy to use. Each one of these properties are objects
+containing the credentials information, corresponding to that authentication strategy.
+
+Example:
+
+```js
+{
+ content: {
+ firstName: 'John',
+ lastName: 'Doe'
+ },
+ credentials: {
+ local: {
+ username: 'admin',
+ password: 'myPassword'
+ }
+ }
+}
+```
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `reset` | boolean
(`false`) | If true, restricted permissions are applied to `anonymous` and `default` roles |
+
+## Resolves
+
+A [`User`](sdk/js/6/core-classes/user/introduction) object containing information about the newly created administrator.
+
+## Usage
+
+<<< ./snippets/create-first-admin.js
diff --git a/doc/6/controllers/security/create-first-admin/snippets/create-first-admin.js b/doc/6/controllers/security/create-first-admin/snippets/create-first-admin.js
new file mode 100644
index 000000000..330e8fc48
--- /dev/null
+++ b/doc/6/controllers/security/create-first-admin/snippets/create-first-admin.js
@@ -0,0 +1,37 @@
+try {
+ const response = await kuzzle.security.createFirstAdmin(
+ 'admin',
+ {
+ content: {
+ firstName: 'John',
+ lastName: 'Doe'
+ },
+ credentials: {
+ local: {
+ username: 'admin',
+ password: 'myPassword'
+ }
+ }
+ }
+ );
+
+ console.log(response);
+ /*
+ User {
+ _id: 'admin',
+ content:
+ { profileIds: [ 'admin' ],
+ firstName: 'John',
+ lastName: 'Doe',
+ _kuzzle_info:
+ { author: '-1',
+ createdAt: 1560351009496,
+ updatedAt: null,
+ updater: null } } }
+ */
+
+ console.log('First admin successfully created');
+
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/create-first-admin/snippets/create-first-admin.test.yml b/doc/6/controllers/security/create-first-admin/snippets/create-first-admin.test.yml
new file mode 100644
index 000000000..ed92521d2
--- /dev/null
+++ b/doc/6/controllers/security/create-first-admin/snippets/create-first-admin.test.yml
@@ -0,0 +1,6 @@
+name: security#createFirstAdmin
+description: Creates first admin
+hooks:
+ after: curl -X DELETE kuzzle:7512/users/admin?refresh=wait_for
+template: default
+expected: First admin successfully created
diff --git a/doc/6/controllers/security/create-or-replace-profile/index.md b/doc/6/controllers/security/create-or-replace-profile/index.md
new file mode 100644
index 000000000..0963a495e
--- /dev/null
+++ b/doc/6/controllers/security/create-or-replace-profile/index.md
@@ -0,0 +1,45 @@
+---
+code: true
+type: page
+title: createOrReplaceProfile
+description: Creates a new profile or, if the provided profile identifier already exists, replaces it.
+---
+
+# createOrReplaceProfile
+
+Creates a new profile or, if the provided profile identifier already exists, replaces it.
+
+
+
+```js
+createOrReplaceProfile(id, body, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `id` | string
| Profile identifier |
+| `body` | object
| Profile definition content |
+| `options` | object
| Query options |
+
+### body
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `policies` | object
| [Profile content](/core/1/guides/essentials/security/#defining-profiles) |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the created/replaced profile is indexed |
+
+## Resolves
+
+A [`Profile`](/sdk/js/6/core-classes/profile/introduction) object representing the updated/created profile.
+
+## Usage
+
+<<< ./snippets/create-or-replace-profile.js
diff --git a/doc/6/controllers/security/create-or-replace-profile/snippets/create-or-replace-profile.js b/doc/6/controllers/security/create-or-replace-profile/snippets/create-or-replace-profile.js
new file mode 100644
index 000000000..2f4babed3
--- /dev/null
+++ b/doc/6/controllers/security/create-or-replace-profile/snippets/create-or-replace-profile.js
@@ -0,0 +1,37 @@
+try {
+ const response = await kuzzle.security.createOrReplaceProfile(
+ 'myProfile',
+ {
+ policies: [
+ {
+ roleId: 'default'
+ },
+ {
+ roleId: 'admin',
+ restrictedTo: [
+ {
+ index: 'someIndex',
+ collections: [
+ 'collection1',
+ 'collection2'
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ );
+ console.log(response);
+
+ /*
+ Profile {
+ _id: 'myProfile',
+ policies:
+ [ { roleId: 'default' },
+ { roleId: 'admin', restrictedTo: [Array] } ] }
+ */
+
+ console.log('Profile successfully updated');
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/create-or-replace-profile/snippets/create-or-replace-profile.test.yml b/doc/6/controllers/security/create-or-replace-profile/snippets/create-or-replace-profile.test.yml
new file mode 100644
index 000000000..0b47f4b69
--- /dev/null
+++ b/doc/6/controllers/security/create-or-replace-profile/snippets/create-or-replace-profile.test.yml
@@ -0,0 +1,6 @@
+name: security#createOrReplaceProfile
+description: Creates or replaces a profile
+hooks:
+ after: curl -XDELETE kuzzle:7512/profiles/myProfile?refresh=wait_for
+template: default
+expected: Profile successfully updated
diff --git a/doc/6/controllers/security/create-or-replace-role/index.md b/doc/6/controllers/security/create-or-replace-role/index.md
new file mode 100644
index 000000000..238b55a13
--- /dev/null
+++ b/doc/6/controllers/security/create-or-replace-role/index.md
@@ -0,0 +1,45 @@
+---
+code: true
+type: page
+title: createOrReplaceRole
+description: Creates a new role or, if the provided role identifier already exists, replaces it.
+---
+
+# createOrReplaceRole
+
+Creates a new role or, if the provided role identifier already exists, replaces it.
+
+
+
+```js
+createOrReplaceRole(id, body, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `id` | string
| Role identifier |
+| `body` | object
| Role definition content |
+| `options` | object
| Query options |
+
+### body
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `controllers` | object
| [Role definition](/core/1/guides/essentials/security/#defining-roles) |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the created/replaced role is indexed |
+
+## Resolves
+
+A [`Role`](/sdk/js/6/core-classes/role) object representing the created/replaced role.
+
+## Usage
+
+<<< ./snippets/create-or-replace-role.js
diff --git a/doc/6/controllers/security/create-or-replace-role/snippets/create-or-replace-role.js b/doc/6/controllers/security/create-or-replace-role/snippets/create-or-replace-role.js
new file mode 100644
index 000000000..d38b40c4b
--- /dev/null
+++ b/doc/6/controllers/security/create-or-replace-role/snippets/create-or-replace-role.js
@@ -0,0 +1,52 @@
+try {
+ const response = await kuzzle.security.createOrReplaceRole(
+ 'read-only',
+ {
+ controllers: {
+ auth: {
+ actions: {
+ getCurrentUser: true,
+ getMyCredentials: true,
+ getMyRights: true,
+ logout: true
+ }
+ },
+ collection: {
+ actions: {
+ getMapping: true,
+ list: true
+ }
+ },
+ document: {
+ actions: {
+ count: true,
+ get: true,
+ mGet: true,
+ scroll: true,
+ search: true
+ }
+ },
+ index: {
+ actions: {
+ list: true
+ }
+ }
+ }
+ }
+ );
+ console.log(response);
+ /*
+ Role {
+ _id: 'read-only',
+ controllers:
+ { auth: { actions: [Object] },
+ collection: { actions: [Object] },
+ document: { actions: [Object] },
+ index: { actions: [Object] } } }
+ */
+
+ console.log('Role successfully updated');
+
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/create-or-replace-role/snippets/create-or-replace-role.test.yml b/doc/6/controllers/security/create-or-replace-role/snippets/create-or-replace-role.test.yml
new file mode 100644
index 000000000..a46b8c0dc
--- /dev/null
+++ b/doc/6/controllers/security/create-or-replace-role/snippets/create-or-replace-role.test.yml
@@ -0,0 +1,6 @@
+name: security#createOrReplaceRole
+description: Creates or replaces role
+hooks:
+ after: curl -XDELETE kuzzle:7512/roles/read-only
+template: default
+expected: Role successfully updated
diff --git a/doc/6/controllers/security/create-profile/index.md b/doc/6/controllers/security/create-profile/index.md
new file mode 100644
index 000000000..13c8bbe33
--- /dev/null
+++ b/doc/6/controllers/security/create-profile/index.md
@@ -0,0 +1,40 @@
+---
+code: true
+type: page
+title: createProfile
+description: Creates a new profile
+---
+
+# createProfile
+
+Creates a new profile.
+
+
+
+```js
+createProfile(id, profile, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `id` | string
| Profile identifier |
+| `profile` | object
| [Profile definition content](/core/1/guides/essentials/security/#defining-profiles) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the created profile is indexed |
+
+## Resolves
+
+A [`Profile`](/sdk/js/6/core-classes/profile/introduction) object representing the created profile.
+
+## Usage
+
+<<< ./snippets/create-profile.js
+
diff --git a/doc/6/controllers/security/create-profile/snippets/create-profile.js b/doc/6/controllers/security/create-profile/snippets/create-profile.js
new file mode 100644
index 000000000..008433f90
--- /dev/null
+++ b/doc/6/controllers/security/create-profile/snippets/create-profile.js
@@ -0,0 +1,37 @@
+try {
+ const response = await kuzzle.security.createProfile(
+ 'myProfile',
+ {
+ policies: [
+ {
+ roleId: 'default'
+ },
+ {
+ roleId: 'admin',
+ restrictedTo: [
+ {
+ index: 'someIndex',
+ collections: [
+ 'collection1',
+ 'collection2'
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ );
+ console.log(response);
+
+ /*
+ Profile {
+ _id: 'myProfile',
+ policies:
+ [ { roleId: 'default' },
+ { roleId: 'admin', restrictedTo: [Array] } ] }
+ */
+
+ console.log('Profile successfully created');
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/create-profile/snippets/create-profile.test.yml b/doc/6/controllers/security/create-profile/snippets/create-profile.test.yml
new file mode 100644
index 000000000..77cad7466
--- /dev/null
+++ b/doc/6/controllers/security/create-profile/snippets/create-profile.test.yml
@@ -0,0 +1,6 @@
+name: security#createProfile
+description: Creates a profile
+hooks:
+ after: curl -XDELETE kuzzle:7512/profiles/myProfile?refresh=wait_for
+template: default
+expected: Profile successfully created
diff --git a/doc/6/controllers/security/create-restricted-user/index.md b/doc/6/controllers/security/create-restricted-user/index.md
new file mode 100644
index 000000000..a0bbf775b
--- /dev/null
+++ b/doc/6/controllers/security/create-restricted-user/index.md
@@ -0,0 +1,71 @@
+---
+code: true
+type: page
+title: createRestrictedUser
+description: Creates a new user in Kuzzle, with a preset list of security profiles.
+---
+
+# createRestrictedUser
+
+Creates a new user in Kuzzle, with a preset list of security profiles.
+
+The list of security profiles attributed to restricted users is fixed, and must be configured in the
+[Kuzzle configuration file](/core/1/guides/essentials/configuration/).
+
+This method allows users with limited rights to create other accounts, but blocks them from creating accounts with unwanted privileges (e.g. an anonymous user creating his own account).
+
+
+
+```js
+createRestrictedUser(body, [kuid], [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `body` | object
| User content & credentials |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid). If not provided, a random kuid is automatically generated |
+| `options` | object
| Query options |
+
+
+### body
+
+The `body` property must contain two objects:
+- `content`: User additional information. Can be left empty.
+- `credentials`: Describe how the new user can be authenticated. This object must contain one or more
+properties, named after the target authentication strategy to use. Each one of these properties are objects
+containing the credentials information, corresponding to that authentication strategy.
+
+Example:
+
+```js
+{
+ content: {
+ firstName: 'John',
+ lastName: 'Doe'
+ },
+ credentials: {
+ local: {
+ username: 'jdoe',
+ password: 'password'
+ }
+ }
+}
+```
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the user is indexed |
+
+
+## Resolves
+
+A [`User`](sdk/js/6/core-classes/user/introduction) object containing information about the newly created user.
+
+## Usage
+
+<<< ./snippets/create-restricted-user.js
diff --git a/doc/6/controllers/security/create-restricted-user/snippets/create-restricted-user.js b/doc/6/controllers/security/create-restricted-user/snippets/create-restricted-user.js
new file mode 100644
index 000000000..5ae9fd17f
--- /dev/null
+++ b/doc/6/controllers/security/create-restricted-user/snippets/create-restricted-user.js
@@ -0,0 +1,31 @@
+try {
+ const response = await kuzzle.security.createRestrictedUser({
+ content: {
+ fullName: 'John Doe'
+ },
+ credentials: {
+ local: {
+ username: 'jdoe',
+ password: 'foobar'
+ }
+ }
+ }, 'jdoe');
+ console.log(response);
+
+ /*
+ User {
+ _id: 'jdoe',
+ content:,
+ { profileIds: [ 'default' ],
+ fullName: 'John Doe',
+ _kuzzle_info:
+ { author: '-1',
+ createdAt: 1561379086534,
+ udpatedAt: null,
+ updater: null } } }
+ */
+
+ console.log('User successfully created');
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/create-restricted-user/snippets/create-restricted-user.test.yml b/doc/6/controllers/security/create-restricted-user/snippets/create-restricted-user.test.yml
new file mode 100644
index 000000000..f0ae1f924
--- /dev/null
+++ b/doc/6/controllers/security/create-restricted-user/snippets/create-restricted-user.test.yml
@@ -0,0 +1,6 @@
+name: security#createRestrictedUser
+description: creates a restricted user
+hooks:
+ after: curl -XDELETE http://kuzzle:7512/users/jdoe
+template: default
+expected: User successfully created
diff --git a/doc/6/controllers/security/create-role/index.md b/doc/6/controllers/security/create-role/index.md
new file mode 100644
index 000000000..b41dc986f
--- /dev/null
+++ b/doc/6/controllers/security/create-role/index.md
@@ -0,0 +1,45 @@
+---
+code: true
+type: page
+title: createRole
+description: Creates a new role
+---
+
+# createRole
+
+Creates a new role.
+
+
+
+```js
+createRole(id, body, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `id` | string
| Role identifier |
+| `body` | object
| Role definition content |
+| `options` | object
| Query options |
+
+### body
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `controllers` | object
| [Role definition](/core/1/guides/essentials/security/#defining-roles) |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the created role is indexed |
+
+## Resolves
+
+A [`Role`](/sdk/js/6/core-classes/role) object representing the created/replaced role.
+
+## Usage
+
+<<< ./snippets/create-role.js
diff --git a/doc/6/controllers/security/create-role/snippets/create-role.js b/doc/6/controllers/security/create-role/snippets/create-role.js
new file mode 100644
index 000000000..ab57c1e38
--- /dev/null
+++ b/doc/6/controllers/security/create-role/snippets/create-role.js
@@ -0,0 +1,52 @@
+try {
+ const response = await kuzzle.security.createRole(
+ 'read-only',
+ {
+ controllers: {
+ auth: {
+ actions: {
+ getCurrentUser: true,
+ getMyCredentials: true,
+ getMyRights: true,
+ logout: true
+ }
+ },
+ collection: {
+ actions: {
+ getMapping: true,
+ list: true
+ }
+ },
+ document: {
+ actions: {
+ count: true,
+ get: true,
+ mGet: true,
+ scroll: true,
+ search: true
+ }
+ },
+ index: {
+ actions: {
+ list: true
+ }
+ }
+ }
+ }
+ );
+ console.log(response);
+ /*
+ Role {
+ _id: 'read-only',
+ controllers:
+ { auth: { actions: [Object] },
+ collection: { actions: [Object] },
+ document: { actions: [Object] },
+ index: { actions: [Object] } } }
+ */
+
+ console.log('Role successfully created');
+
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/create-role/snippets/create-role.test.yml b/doc/6/controllers/security/create-role/snippets/create-role.test.yml
new file mode 100644
index 000000000..fcee0d453
--- /dev/null
+++ b/doc/6/controllers/security/create-role/snippets/create-role.test.yml
@@ -0,0 +1,6 @@
+name: security#createRole
+description: Creates a role
+hooks:
+ after: curl -XDELETE kuzzle:7512/roles/read-only?refresh=wait_for
+template: default
+expected: Role successfully created
diff --git a/doc/6/controllers/security/create-user/index.md b/doc/6/controllers/security/create-user/index.md
new file mode 100644
index 000000000..892f0cecc
--- /dev/null
+++ b/doc/6/controllers/security/create-user/index.md
@@ -0,0 +1,70 @@
+---
+code: true
+type: page
+title: createUser
+description: Creates a new user
+---
+
+# createUser
+
+Creates a new user.
+
+
+
+```js
+createUser(kuid, body, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `body` | object
| User content & credentials |
+| `options` | object
| Query options |
+
+### body
+
+The `body` property must contain two objects:
+- `content`: Contains the list of profile ids to attach the user to and potential additional information. At least the `profileIds` must be supplied.
+Any other attribute can be added.
+Make sure to [update the user mapping](/sdk/js/6/controllers/security/update-user-mapping) collection to match your custom attributes.
+- `credentials`: Describes how the new administrator can be authenticated. This object must contain one or more
+properties, named after the target authentication strategy to use. Each one of these properties are objects
+containing the credentials information, corresponding to that authentication strategy.
+
+Example:
+
+```js
+{
+ content: {
+ profileIds: [
+ 'default'
+ ],
+ firstName: 'John',
+ lastName: 'Doe'
+ },
+ credentials: {
+ local: {
+ username: 'admin',
+ password: 'myPassword'
+ }
+ }
+}
+```
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the created user is indexed |
+
+## Resolves
+
+A [`User`](sdk/js/6/core-classes/user/introduction) object containing information about the newly created user.
+
+## Usage
+
+<<< ./snippets/create-user.js
+
diff --git a/doc/6/controllers/security/create-user/snippets/create-user.js b/doc/6/controllers/security/create-user/snippets/create-user.js
new file mode 100644
index 000000000..78b36b533
--- /dev/null
+++ b/doc/6/controllers/security/create-user/snippets/create-user.js
@@ -0,0 +1,31 @@
+try {
+ const response = await kuzzle.security.createUser('jdoe', {
+ content: {
+ profileIds: [ 'default' ]
+ },
+ credentials: {
+ local: {
+ username: 'jdoe',
+ password: 'password'
+ }
+ }
+ });
+ console.log(response);
+
+ /*
+ User {
+ _id: 'john.doe',
+ content:,
+ { profileIds: [ 'default' ],
+ firstName: 'John',
+ lastName: 'Doe',
+ fullName: 'John Doe',
+ _kuzzle_info:
+ { author: '-1',
+ createdAt: 1561379086534,
+ updatedAt: null,
+ updater: null } } }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/create-user/snippets/create-user.test.yml b/doc/6/controllers/security/create-user/snippets/create-user.test.yml
new file mode 100644
index 000000000..d1c10d2b8
--- /dev/null
+++ b/doc/6/controllers/security/create-user/snippets/create-user.test.yml
@@ -0,0 +1,6 @@
+name: security#createUser
+description: creates user
+hooks:
+ after: curl -XDELETE kuzzle:7512/users/jdoe
+template: default
+expected: '^ { profileIds: \[ ''default'' \],$'
diff --git a/doc/6/controllers/security/delete-credentials/index.md b/doc/6/controllers/security/delete-credentials/index.md
new file mode 100644
index 000000000..477aad09a
--- /dev/null
+++ b/doc/6/controllers/security/delete-credentials/index.md
@@ -0,0 +1,41 @@
+---
+code: true
+type: page
+title: deleteCredentials
+description: Deletes user credentials for the specified authentication strategy
+---
+
+# deleteCredentials
+
+Deletes user credentials for the specified authentication strategy.
+
+
+
+```js
+deleteCredentials(strategy, kuid, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `strategy` | string
| Strategy to use |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the credentials deletion is indexed |
+
+## Resolves
+
+An acknowledgment message.
+
+## Usage
+
+<<< ./snippets/delete-credentials.js
diff --git a/doc/6/controllers/security/delete-credentials/snippets/delete-credentials.js b/doc/6/controllers/security/delete-credentials/snippets/delete-credentials.js
new file mode 100644
index 000000000..a64b973dd
--- /dev/null
+++ b/doc/6/controllers/security/delete-credentials/snippets/delete-credentials.js
@@ -0,0 +1,11 @@
+try {
+ const response = await kuzzle.security.deleteCredentials('local', 'john.doe');
+ console.log(response);
+ /*
+ { acknowledged: true }
+ */
+
+ console.log('Credentials successfully deleted');
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/delete-credentials/snippets/delete-credentials.test.yml b/doc/6/controllers/security/delete-credentials/snippets/delete-credentials.test.yml
new file mode 100644
index 000000000..30e106e2a
--- /dev/null
+++ b/doc/6/controllers/security/delete-credentials/snippets/delete-credentials.test.yml
@@ -0,0 +1,19 @@
+name: security#deleteCredentials
+description: deletes credentials
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": ["default"]
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "password"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create?refresh=wait_for
+ after:
+ curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: Credentials successfully deleted
diff --git a/doc/6/controllers/security/delete-profile/index.md b/doc/6/controllers/security/delete-profile/index.md
new file mode 100644
index 000000000..6a1536d8e
--- /dev/null
+++ b/doc/6/controllers/security/delete-profile/index.md
@@ -0,0 +1,40 @@
+---
+code: true
+type: page
+title: deleteProfile
+description: Deletes a security profile
+---
+
+# deleteProfile
+
+Deletes a security profile.
+
+
+
+```js
+deleteProfile(id, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `id` | string
| Profile identifier |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the profile deletion is indexed |
+
+## Resolves
+
+An acknowledgment message.
+
+## Usage
+
+<<< ./snippets/delete-profile.js
diff --git a/doc/6/controllers/security/delete-profile/snippets/delete-profile.js b/doc/6/controllers/security/delete-profile/snippets/delete-profile.js
new file mode 100644
index 000000000..e2c34c821
--- /dev/null
+++ b/doc/6/controllers/security/delete-profile/snippets/delete-profile.js
@@ -0,0 +1,17 @@
+try {
+ const response = await kuzzle.security.deleteProfile('myProfile');
+ console.log(response);
+ /*
+ { found: true,
+ _index: '%kuzzle',
+ _type: 'profiles',
+ _id: 'myProfile',
+ _version: 29,
+ result: 'deleted',
+ _shards: { total: 2, successful: 1, failed: 0 } }
+ */
+
+ console.log('Profile successfully deleted');
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/delete-profile/snippets/delete-profile.test.yml b/doc/6/controllers/security/delete-profile/snippets/delete-profile.test.yml
new file mode 100644
index 000000000..ef4b73bb4
--- /dev/null
+++ b/doc/6/controllers/security/delete-profile/snippets/delete-profile.test.yml
@@ -0,0 +1,9 @@
+name: security#deleteProfile
+description: deletes profile
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "policies": []
+ }' kuzzle:7512/profiles/myProfile/_create
+template: default
+expected: Profile successfully deleted
diff --git a/doc/6/controllers/security/delete-role/index.md b/doc/6/controllers/security/delete-role/index.md
new file mode 100644
index 000000000..8e8ca35e9
--- /dev/null
+++ b/doc/6/controllers/security/delete-role/index.md
@@ -0,0 +1,40 @@
+---
+code: true
+type: page
+title: deleteRole
+description: Deletes a security role
+---
+
+# deleteRole
+
+Deletes a security role.
+
+
+
+```js
+deleteRole(id, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `id` | string
| Role identifier |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the role deletion is indexed |
+
+## Resolves
+
+An acknowledgment message.
+
+## Usage
+
+<<< ./snippets/delete-role.js
diff --git a/doc/6/controllers/security/delete-role/snippets/delete-role.js b/doc/6/controllers/security/delete-role/snippets/delete-role.js
new file mode 100644
index 000000000..99a131988
--- /dev/null
+++ b/doc/6/controllers/security/delete-role/snippets/delete-role.js
@@ -0,0 +1,17 @@
+try {
+ const response = await kuzzle.security.deleteRole('myRole');
+ console.log(response);
+ /*
+ { found: true,
+ _index: '%kuzzle',
+ _type; 'roles',
+ _id: 'myRole',,
+ _version: 2,
+ result: 'deleted',
+ _shards: { total: 2, successful: 1, failed: 0 } }
+ */
+
+ console.log('Role successfully deleted');
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/delete-role/snippets/delete-role.test.yml b/doc/6/controllers/security/delete-role/snippets/delete-role.test.yml
new file mode 100644
index 000000000..47f9e3eb1
--- /dev/null
+++ b/doc/6/controllers/security/delete-role/snippets/delete-role.test.yml
@@ -0,0 +1,15 @@
+name: security#deleteRole
+description: deletes role
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "controllers": {
+ "*": {
+ "actions": {
+ "*": true
+ }
+ }
+ }
+ }' kuzzle:7512/roles/myRole/_create
+template: default
+expected: Role successfully deleted
diff --git a/doc/6/controllers/security/delete-user/index.md b/doc/6/controllers/security/delete-user/index.md
new file mode 100644
index 000000000..1c8c2894e
--- /dev/null
+++ b/doc/6/controllers/security/delete-user/index.md
@@ -0,0 +1,40 @@
+---
+code: true
+type: page
+title: deleteUser
+description: Deletes a user and all their associate credentials
+---
+
+# deleteUser
+
+Deletes a user and all their associated credentials.
+
+
+
+```js
+deleteUser(kuid, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the user deletion is indexed |
+
+## Resolves
+
+An object containing the `kuid` of the deleted user in its `_id` property.
+
+## Usage
+
+<<< ./snippets/delete-user.js
diff --git a/doc/6/controllers/security/delete-user/snippets/delete-user.js b/doc/6/controllers/security/delete-user/snippets/delete-user.js
new file mode 100644
index 000000000..f973f0a61
--- /dev/null
+++ b/doc/6/controllers/security/delete-user/snippets/delete-user.js
@@ -0,0 +1,11 @@
+try {
+ const response = await kuzzle.security.deleteUser('john.doe');
+ console.log(response);
+ /*
+ { _id: 'john.doe' }
+ */
+
+ console.log('User successfully deleted');
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/delete-user/snippets/delete-user.test.yml b/doc/6/controllers/security/delete-user/snippets/delete-user.test.yml
new file mode 100644
index 000000000..f82599c33
--- /dev/null
+++ b/doc/6/controllers/security/delete-user/snippets/delete-user.test.yml
@@ -0,0 +1,19 @@
+name: security#deleteUser
+description: Deletes a user
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": ["default"]
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "password"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create?refresh=wait_for
+ after:
+ curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: User successfully deleted
diff --git a/doc/6/controllers/security/get-all-credential-fields/index.md b/doc/6/controllers/security/get-all-credential-fields/index.md
new file mode 100644
index 000000000..cfcb427e2
--- /dev/null
+++ b/doc/6/controllers/security/get-all-credential-fields/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: getAllCredentialFields
+description: Retrieves the list of fields accepted by authentication strategies.
+---
+
+# getAllCredentialFields
+
+Retrieves the list of fields accepted by authentication strategies.
+
+
+
+```js
+getAllCredentialFields([options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An object with one property set per authentication strategy, each being an array of accepted field names.
+
+## Usage
+
+<<< ./snippets/get-all-credential-fields.js
diff --git a/doc/6/controllers/security/get-all-credential-fields/snippets/get-all-credential-fields.js b/doc/6/controllers/security/get-all-credential-fields/snippets/get-all-credential-fields.js
new file mode 100644
index 000000000..c96f3e5a4
--- /dev/null
+++ b/doc/6/controllers/security/get-all-credential-fields/snippets/get-all-credential-fields.js
@@ -0,0 +1,11 @@
+try {
+ const response = await kuzzle.security.getAllCredentialFields();
+
+ console.log(response);
+ /*
+ { local: [ 'username', 'password' ],
+ facebook: [ ] }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-all-credential-fields/snippets/get-all-credential-fields.test.yml b/doc/6/controllers/security/get-all-credential-fields/snippets/get-all-credential-fields.test.yml
new file mode 100644
index 000000000..6cd8709d5
--- /dev/null
+++ b/doc/6/controllers/security/get-all-credential-fields/snippets/get-all-credential-fields.test.yml
@@ -0,0 +1,4 @@
+name: security#getAllCredentialFields
+description: get all credential fields
+template: default
+expected: '{ local: \[ ''username'', ''password'' \] }'
diff --git a/doc/6/controllers/security/get-credential-fields/index.md b/doc/6/controllers/security/get-credential-fields/index.md
new file mode 100644
index 000000000..a91223303
--- /dev/null
+++ b/doc/6/controllers/security/get-credential-fields/index.md
@@ -0,0 +1,39 @@
+---
+code: true
+type: page
+title: getCredentialFields
+description: Retrieves the list of accepted field names by the specified authentication strategy
+---
+
+# getCredentialFields
+
+Retrieves the list of accepted field names by the specified authentication strategy
+
+
+
+```js
+getCredentialFields(strategy, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `strategy` | string
| Strategy identifier |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An array ofr accepted field names.
+
+## Usage
+
+<<< ./snippets/get-credential-fields.js
diff --git a/doc/6/controllers/security/get-credential-fields/snippets/get-credential-fields.js b/doc/6/controllers/security/get-credential-fields/snippets/get-credential-fields.js
new file mode 100644
index 000000000..76fb14789
--- /dev/null
+++ b/doc/6/controllers/security/get-credential-fields/snippets/get-credential-fields.js
@@ -0,0 +1,10 @@
+try {
+ const response = await kuzzle.security.getCredentialFields('local');
+
+ console.log(response);
+ /*
+ [ 'username', 'password' ]
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-credential-fields/snippets/get-credential-fields.test.yml b/doc/6/controllers/security/get-credential-fields/snippets/get-credential-fields.test.yml
new file mode 100644
index 000000000..4734bada3
--- /dev/null
+++ b/doc/6/controllers/security/get-credential-fields/snippets/get-credential-fields.test.yml
@@ -0,0 +1,4 @@
+name: security#getCredentialFields
+description: get credential fields
+template: default
+expected: '^\[ ''username'', ''password'' \]$'
diff --git a/doc/6/controllers/security/get-credentials-by-id/index.md b/doc/6/controllers/security/get-credentials-by-id/index.md
new file mode 100644
index 000000000..687a0b430
--- /dev/null
+++ b/doc/6/controllers/security/get-credentials-by-id/index.md
@@ -0,0 +1,45 @@
+---
+code: true
+type: page
+title: getCredentialsById
+description: Gets credential information for the user identified by the strategy's unique user identifier userId.
+---
+
+# getCredentialsById
+
+Gets credential information for the user identified by the strategy's unique user identifier `userId`.
+
+The returned object will vary depending on the strategy (see [getById plugin function](/core/1/plugins/guides/strategies/#optional-getbyid)), and can be empty.
+
+**Note**: the user identifier to use depends on the specified strategy.
+If you wish to get credential information using a [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) identifier, use the [getCredentials](sdk/js/6/controllers/security/get-credentials) action instead.
+
+
+
+```js
+getCredentialsById(strategy, id, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `strategy` | string
| Strategy identifier |
+| `id` | string
| Credential identifier (this is **not** the [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid)) |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An object containing the credential information (depends on the authentication strategy).
+
+## Usage
+
+<<< ./snippets/get-credentials-by-id.js
diff --git a/doc/6/controllers/security/get-credentials-by-id/snippets/get-credentials-by-id.js b/doc/6/controllers/security/get-credentials-by-id/snippets/get-credentials-by-id.js
new file mode 100644
index 000000000..dc271a398
--- /dev/null
+++ b/doc/6/controllers/security/get-credentials-by-id/snippets/get-credentials-by-id.js
@@ -0,0 +1,10 @@
+try {
+ const response = await kuzzle.security.getCredentialsById('local', 'jdoe');
+
+ console.log(response);
+ /*
+ { username: 'jdoe', kuid: 'john.doe' }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-credentials-by-id/snippets/get-credentials-by-id.test.yml b/doc/6/controllers/security/get-credentials-by-id/snippets/get-credentials-by-id.test.yml
new file mode 100644
index 000000000..073dd18d7
--- /dev/null
+++ b/doc/6/controllers/security/get-credentials-by-id/snippets/get-credentials-by-id.test.yml
@@ -0,0 +1,18 @@
+name: security#getCredentialsById
+description: get credentials by id
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": ["default"]
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "password"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create?refresh=wait_for
+ after: curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: '^{ username: ''jdoe'', kuid: ''john.doe'' }$'
diff --git a/doc/6/controllers/security/get-credentials/index.md b/doc/6/controllers/security/get-credentials/index.md
new file mode 100644
index 000000000..a89f602b6
--- /dev/null
+++ b/doc/6/controllers/security/get-credentials/index.md
@@ -0,0 +1,40 @@
+---
+code: true
+type: page
+title: getCredentials
+description: Gets a user's credential information for the specified authentication strategy.
+---
+
+# getCredentials
+
+Gets a user's credential information for the specified authentication strategy.
+
+
+
+```js
+getCredentials(strategy, kuid, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `strategy` | string
| Strategy identifier |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An object containing the credential information (depends on the authentication strategy).
+
+## Usage
+
+<<< ./snippets/get-credentials.js
diff --git a/doc/6/controllers/security/get-credentials/snippets/get-credentials.js b/doc/6/controllers/security/get-credentials/snippets/get-credentials.js
new file mode 100644
index 000000000..ff90d5268
--- /dev/null
+++ b/doc/6/controllers/security/get-credentials/snippets/get-credentials.js
@@ -0,0 +1,10 @@
+try {
+ const response = await kuzzle.security.getCredentials('local', 'john.doe');
+
+ console.log(response);
+ /*
+ { username: 'jdoe', kuid: 'john.doe' }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-credentials/snippets/get-credentials.test.yml b/doc/6/controllers/security/get-credentials/snippets/get-credentials.test.yml
new file mode 100644
index 000000000..d2bb2f8e1
--- /dev/null
+++ b/doc/6/controllers/security/get-credentials/snippets/get-credentials.test.yml
@@ -0,0 +1,18 @@
+name: security#getCredentials
+description: get credentials
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": ["default"]
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "password"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create?refresh=wait_for
+ after: curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: '^{ username: ''jdoe'', kuid: ''john.doe'' }$'
diff --git a/doc/6/controllers/security/get-profile-mapping/index.md b/doc/6/controllers/security/get-profile-mapping/index.md
new file mode 100644
index 000000000..f76a60c0d
--- /dev/null
+++ b/doc/6/controllers/security/get-profile-mapping/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: getProfileMapping
+description: Gets the mapping of the internal security profiles collection
+---
+
+# getProfileMapping
+
+Gets the mapping of the internal security profiles collection.
+
+
+
+```js
+getProfileMapping([options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An object representing the internal profiles mapping, using [Elasticsearch mapping format](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/mapping.html).
+
+## Usage
+
+<<< ./snippets/get-profile-mapping.js
diff --git a/doc/6/controllers/security/get-profile-mapping/snippets/get-profile-mapping.js b/doc/6/controllers/security/get-profile-mapping/snippets/get-profile-mapping.js
new file mode 100644
index 000000000..6593cf4ea
--- /dev/null
+++ b/doc/6/controllers/security/get-profile-mapping/snippets/get-profile-mapping.js
@@ -0,0 +1,21 @@
+try {
+ const response = await kuzzle.security.getProfileMapping();
+
+ console.log(response);
+ /*
+ { mapping:
+ { policies:
+ { properties:
+ { restrictedTo:
+ { properties:
+ { collections:
+ { type: 'text',
+ fields: { keyword: { type: 'keyword', ignore_above: 256 } } },
+ index:
+ { type: 'text',
+ fields: { keyword: { type: 'keyword', ignore_above: 256 } } } } },
+ roleId: { type: 'keyword' } } } } }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-profile-mapping/snippets/get-profile-mapping.test.yml b/doc/6/controllers/security/get-profile-mapping/snippets/get-profile-mapping.test.yml
new file mode 100644
index 000000000..c8b0680ec
--- /dev/null
+++ b/doc/6/controllers/security/get-profile-mapping/snippets/get-profile-mapping.test.yml
@@ -0,0 +1,4 @@
+name: security#getProfileMapping
+description: get profile mapping
+template: default
+expected: '^{ mapping:'
diff --git a/doc/6/controllers/security/get-profile-rights/index.md b/doc/6/controllers/security/get-profile-rights/index.md
new file mode 100644
index 000000000..e28c3c6e8
--- /dev/null
+++ b/doc/6/controllers/security/get-profile-rights/index.md
@@ -0,0 +1,43 @@
+---
+code: true
+type: page
+title: getProfileRights
+description: Gets the detailed rights configured by a security profile
+---
+
+# getProfileRights
+
+Gets the detailed rights configured by a security profile
+
+
+```js
+getProfileRights(id, [options]);
+```
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `id` | string
| Profile identifier |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An array of objects. Each object is a security right described by the security profile:
+
+- `controller`: impacted controller
+- `action`: impacted controller action
+- `index`: index name
+- `collection`: collection name
+- `value`: tells if access if `allowed` or `denied`. If closures have been configured on the detailed scope, the value is `conditional`.
+
+## Usage
+
+<<< ./snippets/get-profile-rights.js
diff --git a/doc/6/controllers/security/get-profile-rights/snippets/get-profile-rights.js b/doc/6/controllers/security/get-profile-rights/snippets/get-profile-rights.js
new file mode 100644
index 000000000..4ff38cd1d
--- /dev/null
+++ b/doc/6/controllers/security/get-profile-rights/snippets/get-profile-rights.js
@@ -0,0 +1,23 @@
+try {
+ const response = await kuzzle.security.getProfileRights('myProfile');
+
+ console.log(response);
+ /*
+ [ { controller: 'auth',
+ action: 'login',
+ index: '*',
+ collection: '*',
+ value: 'allowed'
+ },
+ { controller: 'document',
+ action: 'get',
+ index: 'someIndex',
+ collection: '*',
+ value: 'allowed'
+ } [..]
+ ]
+
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-profile-rights/snippets/get-profile-rights.test.yml b/doc/6/controllers/security/get-profile-rights/snippets/get-profile-rights.test.yml
new file mode 100644
index 000000000..cde9df382
--- /dev/null
+++ b/doc/6/controllers/security/get-profile-rights/snippets/get-profile-rights.test.yml
@@ -0,0 +1,26 @@
+name: security#getProfileRights
+description: get profile rights
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "policies": [
+ {
+ "roleId": "admin",
+ "restrictedTo": [
+ { "index": "someIndex" },
+ {
+ "index": "anotherIndex",
+ "collections": [
+ "someCollection"
+ ]
+ }
+ ]
+ },
+ {
+ "roleId": "default"
+ }
+ ]
+ }' kuzzle:7512/profiles/myProfile/_create
+ after: curl -XDELETE kuzzle:7512/profiles/myProfile
+template: default
+expected: '^ value: ''allowed'' },$'
diff --git a/doc/6/controllers/security/get-profile/index.md b/doc/6/controllers/security/get-profile/index.md
new file mode 100644
index 000000000..c4780a125
--- /dev/null
+++ b/doc/6/controllers/security/get-profile/index.md
@@ -0,0 +1,39 @@
+---
+code: true
+type: page
+title: getProfile
+description: Gets a security profile
+---
+
+# getProfile
+
+Gets a security profile.
+
+
+
+```js
+getProfile(id, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `id` | string
| Profile identifier |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+The retrieved [`Profile`](/sdk/js/6/core-classes/profile/introduction) object.
+
+## Usage
+
+<<< ./snippets/get-profile.js
diff --git a/doc/6/controllers/security/get-profile/snippets/get-profile.js b/doc/6/controllers/security/get-profile/snippets/get-profile.js
new file mode 100644
index 000000000..87345fa57
--- /dev/null
+++ b/doc/6/controllers/security/get-profile/snippets/get-profile.js
@@ -0,0 +1,17 @@
+try {
+ const response = await kuzzle.security.getProfile('myProfile');
+
+ console.log(response);
+ /*
+ Profile {
+ _id: 'myProfile',
+ policies:
+ [ { roleId: 'admin',
+ restrictedTo:
+ [ { index: 'someIndex' },
+ { index: 'anotherIndex', collections: [ 'someCollection' ] } ] },
+ { roleId: 'default' } ] }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-profile/snippets/get-profile.test.yml b/doc/6/controllers/security/get-profile/snippets/get-profile.test.yml
new file mode 100644
index 000000000..b1bdc9dc1
--- /dev/null
+++ b/doc/6/controllers/security/get-profile/snippets/get-profile.test.yml
@@ -0,0 +1,26 @@
+name: security#getProfile
+description: get profile
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "policies": [
+ {
+ "roleId": "admin",
+ "restrictedTo": [
+ { "index": "someIndex" },
+ {
+ "index": "anotherIndex",
+ "collections": [
+ "someCollection"
+ ]
+ }
+ ]
+ },
+ {
+ "roleId": "default"
+ }
+ ]
+ }' kuzzle:7512/profiles/myProfile/_create
+ after: curl -XDELETE kuzzle:7512/profiles/myProfile
+template: default
+expected: '^ \[ { roleId: ''admin'', restrictedTo: \[Array\] },$'
diff --git a/doc/6/controllers/security/get-role-mapping/index.md b/doc/6/controllers/security/get-role-mapping/index.md
new file mode 100644
index 000000000..e9da031c7
--- /dev/null
+++ b/doc/6/controllers/security/get-role-mapping/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: getRoleMapping
+description: Gets the mapping of the internal security roles collection.
+---
+
+# getRoleMapping
+
+Gets the mapping of the internal security roles collection.
+
+
+
+```js
+getRoleMapping([options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An object representing the internal roles mapping, using [Elasticsearch mapping format](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/mapping.html).
+
+## Usage
+
+<<< ./snippets/get-role-mapping.js
diff --git a/doc/6/controllers/security/get-role-mapping/snippets/get-role-mapping.js b/doc/6/controllers/security/get-role-mapping/snippets/get-role-mapping.js
new file mode 100644
index 000000000..a897ec945
--- /dev/null
+++ b/doc/6/controllers/security/get-role-mapping/snippets/get-role-mapping.js
@@ -0,0 +1,10 @@
+try {
+ const response = await kuzzle.security.getRoleMapping();
+
+ console.log(response);
+ /*
+ { mapping: { controllers: { type: 'object', enabled: false } } }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-role-mapping/snippets/get-role-mapping.test.yml b/doc/6/controllers/security/get-role-mapping/snippets/get-role-mapping.test.yml
new file mode 100644
index 000000000..dc3260487
--- /dev/null
+++ b/doc/6/controllers/security/get-role-mapping/snippets/get-role-mapping.test.yml
@@ -0,0 +1,4 @@
+name: security#getRoleMapping
+description: get roles mapping
+template: default
+expected: '^{ mapping:'
diff --git a/doc/6/controllers/security/get-role/index.md b/doc/6/controllers/security/get-role/index.md
new file mode 100644
index 000000000..cf510c400
--- /dev/null
+++ b/doc/6/controllers/security/get-role/index.md
@@ -0,0 +1,39 @@
+---
+code: true
+type: page
+title: getRole
+description: Gets a security role
+---
+
+# getRole
+
+Gets a security role.
+
+
+
+```js
+getRole(id, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `id` | string
| Role identifier |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+The retrieved [`Role`](/sdk/js/6/core-classes/role) object.
+
+## Usage
+
+<<< ./snippets/get-role.js
diff --git a/doc/6/controllers/security/get-role/snippets/get-role.js b/doc/6/controllers/security/get-role/snippets/get-role.js
new file mode 100644
index 000000000..f9a844b41
--- /dev/null
+++ b/doc/6/controllers/security/get-role/snippets/get-role.js
@@ -0,0 +1,15 @@
+try {
+ const response = await kuzzle.security.getRole('myRole');
+
+ console.log(response);
+ /*
+ Role {
+ _id: 'myRole',
+ controllers:
+ { auth:
+ { actions: { login: true, getMyRights: true, updateSelf: true } },
+ document: { actions: { get: true, search: true } } } }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-role/snippets/get-role.test.yml b/doc/6/controllers/security/get-role/snippets/get-role.test.yml
new file mode 100644
index 000000000..e17e33b90
--- /dev/null
+++ b/doc/6/controllers/security/get-role/snippets/get-role.test.yml
@@ -0,0 +1,24 @@
+name: security#getRole
+description: get role
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "controllers": {
+ "auth": {
+ "actions": {
+ "login": true,
+ "getMyRights": true,
+ "updateSelf": true
+ }
+ },
+ "document": {
+ "actions": {
+ "get": true,
+ "search": true
+ }
+ }
+ }
+ }' kuzzle:7512/roles/myRole/_create
+ after: curl -XDELETE kuzzle:7512/roles/myRole
+template: default
+expected: '^ { auth: { actions: \[Object\] }, document: { actions: \[Object\] } } }$'
diff --git a/doc/6/controllers/security/get-user-mapping/index.md b/doc/6/controllers/security/get-user-mapping/index.md
new file mode 100644
index 000000000..0b34a8151
--- /dev/null
+++ b/doc/6/controllers/security/get-user-mapping/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: getUserMapping
+description: Gets the mapping of the internal users collection.
+---
+
+# getUserMapping
+
+Gets the mapping of the internal users collection.
+
+
+
+```js
+getUserMapping([options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `options` | object
| Query options |
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An object representing the internal users mapping, using [Elasticsearch mapping format](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/mapping.html).
+
+## Usage
+
+<<< ./snippets/get-user-mapping.js
diff --git a/doc/6/controllers/security/get-user-mapping/snippets/get-user-mapping.js b/doc/6/controllers/security/get-user-mapping/snippets/get-user-mapping.js
new file mode 100644
index 000000000..34f0cb52e
--- /dev/null
+++ b/doc/6/controllers/security/get-user-mapping/snippets/get-user-mapping.js
@@ -0,0 +1,17 @@
+try {
+ const response = await kuzzle.security.getUserMapping();
+
+ console.log(response);
+ /*
+ { mapping:
+ { firstname:
+ { type: 'text',
+ fields: { keyword: { type: 'keyword', ignore_above: 256 } } },
+ lastname:
+ { type: 'text',
+ fields: { keyword: { type: 'keyword', ignore_above: 256 } } },
+ profileIds: { type: 'keyword' } } }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-user-mapping/snippets/get-user-mapping.test.yml b/doc/6/controllers/security/get-user-mapping/snippets/get-user-mapping.test.yml
new file mode 100644
index 000000000..878670ec5
--- /dev/null
+++ b/doc/6/controllers/security/get-user-mapping/snippets/get-user-mapping.test.yml
@@ -0,0 +1,4 @@
+name: security#getUserMapping
+description: get users mapping
+template: default
+expected: '^{ mapping:'
diff --git a/doc/6/controllers/security/get-user-rights/index.md b/doc/6/controllers/security/get-user-rights/index.md
new file mode 100644
index 000000000..70b36408b
--- /dev/null
+++ b/doc/6/controllers/security/get-user-rights/index.md
@@ -0,0 +1,45 @@
+---
+code: true
+type: page
+title: getUserRights
+description: Gets the detailed rights granted to a user
+---
+
+# getUserRights
+
+Gets the detailed rights granted to a user.
+
+
+
+```js
+getUserRights(kui, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An array of objects. Each object is a security right granted or denied to the user:
+
+- `controller`: impacted controller
+- `action`: impacted controller action
+- `index`: index name
+- `collection`: collection name
+- `value`: tell if access if `allowed` or `denied`. If closures have been configured on the detailed scope, the value is `conditional`.
+
+
+## Usage
+
+<<< ./snippets/get-user-rights.js
+
diff --git a/doc/6/controllers/security/get-user-rights/snippets/get-user-rights.js b/doc/6/controllers/security/get-user-rights/snippets/get-user-rights.js
new file mode 100644
index 000000000..4253d44bf
--- /dev/null
+++ b/doc/6/controllers/security/get-user-rights/snippets/get-user-rights.js
@@ -0,0 +1,14 @@
+try {
+ const response = await kuzzle.security.getUserRights('john.doe');
+
+ console.log(response);
+ /*
+ [ { controller: '*',
+ action: '*',
+ index: '*',
+ collection: '*',
+ value: 'allowed' } ]
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-user-rights/snippets/get-user-rights.test.yml b/doc/6/controllers/security/get-user-rights/snippets/get-user-rights.test.yml
new file mode 100644
index 000000000..e0a7de1ec
--- /dev/null
+++ b/doc/6/controllers/security/get-user-rights/snippets/get-user-rights.test.yml
@@ -0,0 +1,19 @@
+name: security#getUserRights
+description: get user rights
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": [ "default" ],
+ "fullName": "John Doe"
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "password"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create
+ after: curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: '^ value: ''allowed'' } ]$'
diff --git a/doc/6/controllers/security/get-user/index.md b/doc/6/controllers/security/get-user/index.md
new file mode 100644
index 000000000..4a946e6dc
--- /dev/null
+++ b/doc/6/controllers/security/get-user/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: getUser
+description: Gets a user
+---
+
+# getUser
+
+Gets a user.
+
+
+
+```js
+getUser(kuid, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+The retrieved [`User`](sdk/js/6/core-classes/user/introduction) object.
+
+## Usage
+
+<<< ./snippets/get-user.js
+
diff --git a/doc/6/controllers/security/get-user/snippets/get-user.js b/doc/6/controllers/security/get-user/snippets/get-user.js
new file mode 100644
index 000000000..7cae471b7
--- /dev/null
+++ b/doc/6/controllers/security/get-user/snippets/get-user.js
@@ -0,0 +1,19 @@
+try {
+ const response = await kuzzle.security.getUser('john.doe');
+
+ console.log(response);
+ /*
+ User {
+ _id: 'john.doe',
+ content:
+ { profileIds: [ 'default' ],
+ fullName: 'John Doe',
+ _kuzzle_info:
+ { author: -1,
+ createdAt: 1561447939790,
+ updatedAt: null,
+ updater: null } } }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/get-user/snippets/get-user.test.yml b/doc/6/controllers/security/get-user/snippets/get-user.test.yml
new file mode 100644
index 000000000..3857b743f
--- /dev/null
+++ b/doc/6/controllers/security/get-user/snippets/get-user.test.yml
@@ -0,0 +1,19 @@
+name: security#getUser
+description: get user
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": [ "default" ],
+ "fullName": "John Doe"
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "password"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create
+ after: curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: '^ fullName: ''John Doe'',$'
diff --git a/doc/6/controllers/security/has-credentials/index.md b/doc/6/controllers/security/has-credentials/index.md
new file mode 100644
index 000000000..97e674488
--- /dev/null
+++ b/doc/6/controllers/security/has-credentials/index.md
@@ -0,0 +1,39 @@
+---
+code: true
+type: page
+title: hasCredentials
+description: Checks if a user has credentials registered for the specified authentication strategy.
+---
+
+# hasCredentials
+
+Checks if a user has credentials registered for the specified authentication strategy.
+
+
+
+```js
+hasCredentials(strategy, kuid, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `strategy` | string
| Strategy identifier |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+A boolean telling whether the user can log in using the provided authentication strategy.
+
+## Usage
+
+<<< ./snippets/has-credentials.js
+
diff --git a/doc/6/controllers/security/has-credentials/snippets/has-credentials.js b/doc/6/controllers/security/has-credentials/snippets/has-credentials.js
new file mode 100644
index 000000000..81e9fa213
--- /dev/null
+++ b/doc/6/controllers/security/has-credentials/snippets/has-credentials.js
@@ -0,0 +1,10 @@
+try {
+ const response = await kuzzle.security.hasCredentials('local', 'john.doe');
+
+ console.log(response);
+ /*
+ true
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/has-credentials/snippets/has-credentials.test.yml b/doc/6/controllers/security/has-credentials/snippets/has-credentials.test.yml
new file mode 100644
index 000000000..81f335cd7
--- /dev/null
+++ b/doc/6/controllers/security/has-credentials/snippets/has-credentials.test.yml
@@ -0,0 +1,19 @@
+name: security#hasCredentials
+description: has credentials
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": [ "default" ],
+ "fullName": "John Doe"
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "password"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create
+ after: curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: ^true$
diff --git a/doc/6/controllers/security/index.md b/doc/6/controllers/security/index.md
new file mode 100644
index 000000000..80bfee617
--- /dev/null
+++ b/doc/6/controllers/security/index.md
@@ -0,0 +1,8 @@
+---
+code: true
+type: branch
+title: security
+description: Security controller
+---
+
+# Security
diff --git a/doc/6/controllers/security/m-delete-profiles/index.md b/doc/6/controllers/security/m-delete-profiles/index.md
new file mode 100644
index 000000000..1a91f61e1
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-profiles/index.md
@@ -0,0 +1,41 @@
+---
+code: true
+type: page
+title: mDeleteProfiles
+description: Deletes multiple security profiles.
+---
+
+# mDeleteProfiles
+
+Deletes multiple security profiles.
+
+Throws a partial error (error code 206) if one or more profile deletions fail.
+
+
+
+```js
+mDeleteProfiles(ids, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `ids` | array<string>
| Profile identifiers |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the profiles deletion is indexed |
+
+## Resolves
+
+An array of the deleted profile ids.
+
+## Usage
+
+<<< ./snippets/m-delete-profiles.js
+
diff --git a/doc/6/controllers/security/m-delete-profiles/snippets/m-delete-profiles.js b/doc/6/controllers/security/m-delete-profiles/snippets/m-delete-profiles.js
new file mode 100644
index 000000000..bcd9a2682
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-profiles/snippets/m-delete-profiles.js
@@ -0,0 +1,16 @@
+try {
+ const response = await kuzzle.security.mDeleteProfiles([
+ 'profile1',
+ 'profile2',
+ 'profile3',
+ 'profile4',
+ 'profile5'
+ ]);
+
+ console.log(response);
+ /*
+ [ 'profile1', 'profile2', 'profile3', 'profile4', 'profile5' ]
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/m-delete-profiles/snippets/m-delete-profiles.test.yml b/doc/6/controllers/security/m-delete-profiles/snippets/m-delete-profiles.test.yml
new file mode 100644
index 000000000..b017d8aea
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-profiles/snippets/m-delete-profiles.test.yml
@@ -0,0 +1,11 @@
+name: security#mDeleteProfiles
+description: mdelete profiles
+hooks:
+ before: |
+ for i in 1 2 3 4 5; do
+ curl -H "Content-type: application/json" -d '{
+ "policies": [{ "roleId": "default" }]
+ }' kuzzle:7512/profiles/profile${i}/_create
+ done
+template: default
+expected: '^\[ ''profile1'', ''profile2'', ''profile3'', ''profile4'', ''profile5'' \]$'
diff --git a/doc/6/controllers/security/m-delete-roles/index.md b/doc/6/controllers/security/m-delete-roles/index.md
new file mode 100644
index 000000000..77dd59675
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-roles/index.md
@@ -0,0 +1,41 @@
+---
+code: true
+type: page
+title: mDeleteRoles
+description: Deletes multiple security roles.
+---
+
+# mDeleteRoles
+
+Deletes multiple security roles.
+
+Throws a partial error (error code 206) if one or more role deletions fail.
+
+
+
+```js
+mDeleteRoles(ids, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `ids` | array<string>
| Role identifiers |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the roles deletion is indexed |
+
+## Resolves
+
+An array of the deleted roles ids.
+
+## Usage
+
+<<< ./snippets/m-delete-roles.js
+
diff --git a/doc/6/controllers/security/m-delete-roles/snippets/m-delete-roles.js b/doc/6/controllers/security/m-delete-roles/snippets/m-delete-roles.js
new file mode 100644
index 000000000..2cd3e878e
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-roles/snippets/m-delete-roles.js
@@ -0,0 +1,16 @@
+try {
+ const response = await kuzzle.security.mDeleteRoles([
+ 'role1',
+ 'role2',
+ 'role3',
+ 'role4',
+ 'role5'
+ ]);
+
+ console.log(response);
+ /*
+ [ 'role1', 'role2', 'role3', 'role4', 'role5' ]
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/m-delete-roles/snippets/m-delete-roles.test.yml b/doc/6/controllers/security/m-delete-roles/snippets/m-delete-roles.test.yml
new file mode 100644
index 000000000..5578d3834
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-roles/snippets/m-delete-roles.test.yml
@@ -0,0 +1,17 @@
+name: security#mDeleteRoles
+description: mdelete roles
+hooks:
+ before: |
+ for i in 1 2 3 4 5; do
+ curl -H "Content-type: application/json" -d '{
+ "controllers": {
+ "*": {
+ "actions": {
+ "*": true
+ }
+ }
+ }
+ }' kuzzle:7512/roles/role${i}/_create
+ done
+template: default
+expected: '^\[ ''role1'', ''role2'', ''role3'', ''role4'', ''role5'' \]$'
diff --git a/doc/6/controllers/security/m-delete-users/index.md b/doc/6/controllers/security/m-delete-users/index.md
new file mode 100644
index 000000000..b835fef65
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-users/index.md
@@ -0,0 +1,41 @@
+---
+code: true
+type: page
+title: mDeleteUsers
+description: Deletes multiple users
+---
+
+# mDeleteUsers
+
+Deletes multiple users.
+
+Throws a partial error (error code 206) if one or more user deletions fail.
+
+
+
+```js
+mDeleteUsers(kuids, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `kuids` | array<string>
| Array of user [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the users deletion is indexed |
+
+## Resolves
+
+An array of the deleted user ids.
+
+## Usage
+
+<<< ./snippets/m-delete-users.js
+
diff --git a/doc/6/controllers/security/m-delete-users/snippets/m-delete-users.js b/doc/6/controllers/security/m-delete-users/snippets/m-delete-users.js
new file mode 100644
index 000000000..7e523e9e4
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-users/snippets/m-delete-users.js
@@ -0,0 +1,14 @@
+try {
+ const response = await kuzzle.security.mDeleteUsers([
+ 'user1',
+ 'user2',
+ 'user3'
+ ]);
+
+ console.log(response);
+ /*
+ [ 'user1', 'user2', 'user3' ]
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/m-delete-users/snippets/m-delete-users.test.yml b/doc/6/controllers/security/m-delete-users/snippets/m-delete-users.test.yml
new file mode 100644
index 000000000..be9ebea3d
--- /dev/null
+++ b/doc/6/controllers/security/m-delete-users/snippets/m-delete-users.test.yml
@@ -0,0 +1,19 @@
+name: security#mDeleteUsers
+description: mdelete users
+hooks:
+ before: |
+ for i in 1 2 3; do
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": [ "default" ]
+ },
+ "credentials": {
+ "local": {
+ "username": "user'${i}'",
+ "password": "pass"
+ }
+ }
+ }' kuzzle:7512/users/user${i}/_create
+ done
+template: default
+expected: '^\[ ''user1'', ''user2'', ''user3'' \]$'
diff --git a/doc/6/controllers/security/m-get-profiles/index.md b/doc/6/controllers/security/m-get-profiles/index.md
new file mode 100644
index 000000000..f9b6724f8
--- /dev/null
+++ b/doc/6/controllers/security/m-get-profiles/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: mGetProfiles
+description: Gets multiple security profiles
+---
+
+# mGetProfiles
+
+Gets multiple security profiles.
+
+
+
+```js
+mGetProfiles(ids, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `ids` | array<string>
| Profile identifiers |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An array of retrieved [`Profile`](/sdk/js/6/core-classes/profile/introduction) objects.
+
+## Usage
+
+<<< ./snippets/m-get-profiles.js
+
diff --git a/doc/6/controllers/security/m-get-profiles/snippets/m-get-profiles.js b/doc/6/controllers/security/m-get-profiles/snippets/m-get-profiles.js
new file mode 100644
index 000000000..365cdba4e
--- /dev/null
+++ b/doc/6/controllers/security/m-get-profiles/snippets/m-get-profiles.js
@@ -0,0 +1,22 @@
+try {
+ const response = await kuzzle.security.mGetProfiles([
+ 'profile1',
+ 'profile2',
+ 'profile3'
+ ]);
+
+ console.log(response);
+ /*
+ [ Profile {
+ _id: 'profile1',
+ policies: [ [Object] ] },
+ Profile {
+ _id: 'profile2',
+ policies: [ [Object] ] },
+ Profile {
+ _id: 'profile3';
+ policies: [ [Object] ] } ]
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/m-get-profiles/snippets/m-get-profiles.test.yml b/doc/6/controllers/security/m-get-profiles/snippets/m-get-profiles.test.yml
new file mode 100644
index 000000000..d20ca0ba1
--- /dev/null
+++ b/doc/6/controllers/security/m-get-profiles/snippets/m-get-profiles.test.yml
@@ -0,0 +1,15 @@
+name: security#mGetProfiles
+description: mget profiles
+hooks:
+ before: |
+ for i in 1 2 3; do
+ curl -H "Content-type: application/json" -d '{
+ "policies": [{"roleId": "default"}]
+ }' kuzzle:7512/profiles/profile${i}/_create
+ done
+ after: |
+ for i in 1 2 3; do
+ curl -XDELETE kuzzle:7512/profiles/profile${i}
+ done
+template: default
+expected: '^ policies: \[ \[Object\] \] } \]$'
diff --git a/doc/6/controllers/security/m-get-roles/index.md b/doc/6/controllers/security/m-get-roles/index.md
new file mode 100644
index 000000000..151b2c030
--- /dev/null
+++ b/doc/6/controllers/security/m-get-roles/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: mGetRoles
+description: Gets multiple security roles
+---
+
+# mGetRoles
+
+Gets multiple security roles.
+
+
+
+```js
+mGetRoles(ids, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `ids` | array<string>
| Roles identifiers |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An array of retrieved [`Role`](/sdk/js/6/core-classes/role/introduction) objects.
+
+## Usage
+
+<<< ./snippets/m-get-roles.js
+
diff --git a/doc/6/controllers/security/m-get-roles/snippets/m-get-roles.js b/doc/6/controllers/security/m-get-roles/snippets/m-get-roles.js
new file mode 100644
index 000000000..a992bf825
--- /dev/null
+++ b/doc/6/controllers/security/m-get-roles/snippets/m-get-roles.js
@@ -0,0 +1,22 @@
+try {
+ const response = await kuzzle.security.mGetRoles([
+ 'role1',
+ 'role2',
+ 'role3'
+ ]);
+
+ console.log(response);
+ /*
+ [ Role {
+ _id: 'role1',
+ controllers: { '*': [Object] } },
+ Role {
+ _id: 'role2',
+ controllers: { '*': [Object] } },
+ Role {
+ _id: 'role3',
+ controllers: { '*': [Object] } } ]
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/m-get-roles/snippets/m-get-roles.test.yml b/doc/6/controllers/security/m-get-roles/snippets/m-get-roles.test.yml
new file mode 100644
index 000000000..ea2870d33
--- /dev/null
+++ b/doc/6/controllers/security/m-get-roles/snippets/m-get-roles.test.yml
@@ -0,0 +1,21 @@
+name: security#mGetRoles
+description: mget roles
+hooks:
+ before: |
+ for i in 1 2 3; do
+ curl -H "Content-type: application/json" -d '{
+ "controllers": {
+ "*": {
+ "actions": {
+ "*": true
+ }
+ }
+ }
+ }' kuzzle:7512/roles/role${i}/_create
+ done
+ after: |
+ for i in 1 2 3; do
+ curl -XDELETE kuzzle:7512/roles/role${i}
+ done
+template: default
+expected: '^ _id: ''role3'',$'
diff --git a/doc/6/controllers/security/replace-user/index.md b/doc/6/controllers/security/replace-user/index.md
new file mode 100644
index 000000000..5cbf7ab70
--- /dev/null
+++ b/doc/6/controllers/security/replace-user/index.md
@@ -0,0 +1,63 @@
+---
+code: true
+type: page
+title: replaceUser
+description: Replaces a user with new configuration.
+---
+
+# replaceUser
+
+Replaces a user with new configuration.
+
+
+
+```js
+replaceUser(kuid, body, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `body` | object
| User content |
+| `options` | object
| Query options |
+
+### body
+
+**mandatory properties**
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `profileIds` | array<string>
| Profile identifiers to assign the user to |
+
+**other properties**
+
+The body can be extended with any custom information.
+Make sure to [update the user mapping](/sdk/js/6/controllers/security/update-user-mapping) collection to match your custom attributes.
+
+example:
+
+```js
+{
+ profileIds: [ 'default' ],
+ firstName: 'John',
+ lastName: 'Doe'
+}
+```
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the created user is indexed |
+
+## Resolves
+
+An [`User`](sdk/js/6/core-classes/user/introduction) object containing information about the updated user.
+
+## Usage
+
+<<< ./snippets/replace-user.js
+
diff --git a/doc/6/controllers/security/replace-user/snippets/replace-user.js b/doc/6/controllers/security/replace-user/snippets/replace-user.js
new file mode 100644
index 000000000..b93c07d99
--- /dev/null
+++ b/doc/6/controllers/security/replace-user/snippets/replace-user.js
@@ -0,0 +1,24 @@
+try {
+ const response = await kuzzle.security.replaceUser('john.doe', {
+ profileIds: [ 'default' ],
+ firstName: 'John',
+ lastName: 'Doe'
+ });
+
+ console.log(response);
+ /*
+ User {
+ _id: 'john.doe',
+ content:
+ { profileIds: [ 'default' ],
+ firstName: 'John',
+ lastName: 'Doe',
+ _kuzzle_info:
+ { author: -1,
+ createdAt: 1561461975256,
+ updatedAt: null,
+ updater: null } } }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/replace-user/snippets/replace-user.test.yml b/doc/6/controllers/security/replace-user/snippets/replace-user.test.yml
new file mode 100644
index 000000000..4a1c8e239
--- /dev/null
+++ b/doc/6/controllers/security/replace-user/snippets/replace-user.test.yml
@@ -0,0 +1,18 @@
+name: security#replaceUser
+description: replace user
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": [ "default" ]
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "pass"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create
+ after: curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: '^ firstName: ''John'',$'
diff --git a/doc/6/controllers/security/search-profiles/index.md b/doc/6/controllers/security/search-profiles/index.md
new file mode 100644
index 000000000..82d186ec7
--- /dev/null
+++ b/doc/6/controllers/security/search-profiles/index.md
@@ -0,0 +1,47 @@
+---
+code: true
+type: page
+title: searchProfiles
+description: Searches security profiles, optionally returning only those linked to the provided list of security roles
+---
+
+# searchProfiles
+
+Searches security profiles, optionally returning only those linked to the provided list of security roles.
+
+
+
+```js
+searchProfiles([body], [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `body` | object
| Query including role identifiers to search for |
+| `options` | object
| Query options |
+
+### body
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `roles` | array<string>
| Role identifiers |
+
+### options
+
+| Property | Type
(default) | Description |
+| ---------- | ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `from` | number
(`0`) | Offset of the first document to fetch |
+| `size` | number
(`10`) | Maximum number of documents to retrieve per page |
+| `scroll` | string
(`""`) | When set, gets a forward-only cursor having its ttl set to the given value (ie `30s`; cf [elasticsearch time limits](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/common-options.html#time-units)) |
+
+## Resolves
+
+A [`SearchResult`](sdk/js/6/core-classes/search-result) object containing the retrieved [`Profile`](/sdk/js/6/core-classes/profile) objects.
+
+## Usage
+
+<<< ./snippets/search-profiles.js
+
diff --git a/doc/6/controllers/security/search-profiles/snippets/search-profiles.js b/doc/6/controllers/security/search-profiles/snippets/search-profiles.js
new file mode 100644
index 000000000..fd43b196f
--- /dev/null
+++ b/doc/6/controllers/security/search-profiles/snippets/search-profiles.js
@@ -0,0 +1,21 @@
+try {
+ const results = await kuzzle.security.searchProfiles({
+ roles: [ 'default' ]
+ });
+
+ console.log(results);
+ /*
+ ProfileSearchResult { aggregations: undefined,
+ hits:
+ [ Profile { _id: 'profile1', policies: [Array] },
+ Profile { _id: 'profile2', policies: [Array] },
+ Profile { _id: 'profile3', policies: [Array] },
+ Profile { _id: 'default', policies: [Array] } ],
+ fetched: 4,
+ total: 4 }
+ */
+
+ console.log(`Successfully retrieved ${results.total} profiles`);
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/search-profiles/snippets/search-profiles.test.yml b/doc/6/controllers/security/search-profiles/snippets/search-profiles.test.yml
new file mode 100644
index 000000000..8447e0ffd
--- /dev/null
+++ b/doc/6/controllers/security/search-profiles/snippets/search-profiles.test.yml
@@ -0,0 +1,15 @@
+name: security#searchProfiles
+description: search profiles
+hooks:
+ before: |
+ for i in 1 2 3; do
+ curl -H "Content-type: application/json" -d '{
+ "policies": [{ "roleId": "default" }]
+ }' kuzzle:7512/profiles/profile${i}/_create?refresh=wait_for
+ done
+ after: |
+ for i in 1 2 3; do
+ curl -XDELETE kuzzle:7512/profiles/profile${i}
+ done
+template: default
+expected: ^Successfully retrieved 4 profiles$
diff --git a/doc/6/controllers/security/search-roles/index.md b/doc/6/controllers/security/search-roles/index.md
new file mode 100644
index 000000000..cbf48aeca
--- /dev/null
+++ b/doc/6/controllers/security/search-roles/index.md
@@ -0,0 +1,47 @@
+---
+code: true
+type: page
+title: searchRoles
+description: Searches security roles, optionally returning only those allowing access to the provided controllers.
+---
+
+# searchRoles
+
+Searches security roles, optionally returning only those allowing access to the provided controllers.
+
+
+
+```js
+searchRoles([body], [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `body` | object
| Query including allowed controllers to search for |
+| `options` | object
| Query options |
+
+### body
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `controllers` | array<string>
| Role identifiers |
+
+### options
+
+| Property | Type
(default) | Description |
+| ---------- | ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `from` | number
(`0`) | Offset of the first document to fetch |
+| `size` | number
(`10`) | Maximum number of documents to retrieve per page |
+| `scroll` | string
(`""`) | When set, gets a forward-only cursor having its ttl set to the given value (ie `30s`; cf [elasticsearch time limits](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/common-options.html#time-units)) |
+
+## Resolves
+
+A [`SearchResult`](sdk/js/6/core-classes/search-result) object containing the retrieved [`Role`](/sdk/js/6/core-classes/role) objects.
+
+## Usage
+
+<<< ./snippets/search-roles.js
+
diff --git a/doc/6/controllers/security/search-roles/snippets/search-roles.js b/doc/6/controllers/security/search-roles/snippets/search-roles.js
new file mode 100644
index 000000000..a6ac3be5f
--- /dev/null
+++ b/doc/6/controllers/security/search-roles/snippets/search-roles.js
@@ -0,0 +1,21 @@
+try {
+ const results = await kuzzle.security.searchRoles({
+ controllers: ['auth']
+ });
+
+ console.log(results);
+ /*
+ RoleSearchResult {
+ aggregations: undefined,
+ hits:
+ [ Role { _id: 'admin', controllers: [Object] },
+ Role { _id: 'default', controllers: [Object] },
+ Role { _id: 'anonymous', controllers: [Object] } ]
+ fetched: 3,
+ total: 3 }
+ */
+
+ console.log(`Successfully retrieved ${results.total} roles`);
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/search-roles/snippets/search-roles.test.yml b/doc/6/controllers/security/search-roles/snippets/search-roles.test.yml
new file mode 100644
index 000000000..64cb86570
--- /dev/null
+++ b/doc/6/controllers/security/search-roles/snippets/search-roles.test.yml
@@ -0,0 +1,4 @@
+name: security#searchRoles
+description: search roles
+template: default
+expected: ^Successfully retrieved 3 roles$
diff --git a/doc/6/controllers/security/search-users/index.md b/doc/6/controllers/security/search-users/index.md
new file mode 100644
index 000000000..a7b0e5c4b
--- /dev/null
+++ b/doc/6/controllers/security/search-users/index.md
@@ -0,0 +1,47 @@
+---
+code: true
+type: page
+title: searchUsers
+description: Searches users
+---
+
+# searchUsers
+
+Searches users.
+
+
+
+```js
+searchUsers([query], [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `query` | object
| Search query |
+| `options` | object
| Query options |
+
+### query
+
+The search query to apply to users content, using [ElasticSearch Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/query-dsl.html) syntax.
+
+If left empty, the result will return all available users.
+
+### options
+
+| Property | Type
(default) | Description |
+| ---------- | ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `from` | number
(`0`) | Offset of the first document to fetch |
+| `size` | number
(`10`) | Maximum number of documents to retrieve per page |
+| `scroll` | string
(`""`) | When set, gets a forward-only cursor having its ttl set to the given value (ie `30s`; cf [elasticsearch time limits](https://www.elastic.co/guide/en/elasticsearch/reference/5.6/common-options.html#time-units)) |
+
+## Resolves
+
+A [`SearchResult`](sdk/js/6/core-classes/search-result) object containing the retrieved [`User`](/sdk/js/6/core-classes/user) objects.
+
+## Usage
+
+<<< ./snippets/search-users.js
+
diff --git a/doc/6/controllers/security/search-users/snippets/search-users.js b/doc/6/controllers/security/search-users/snippets/search-users.js
new file mode 100644
index 000000000..1d9279a40
--- /dev/null
+++ b/doc/6/controllers/security/search-users/snippets/search-users.js
@@ -0,0 +1,23 @@
+try {
+ const results = await kuzzle.security.searchUsers({
+ term: {
+ status: 'student'
+ }
+ });
+
+ console.log(results);
+ /*
+ UserSearchResult {
+ aggregations: undefined,
+ hits:
+ [ User { _kuzzle: [Kuzzle], _id: 'user2', content: [Object] },
+ User { _kuzzle: [Kuzzle], _id: 'user1', content: [Object] },
+ User { _kuzzle: [Kuzzle], _id: 'user3', content: [Object] } ],
+ fetched: 3,
+ total: 3 }
+ */
+
+ console.log(`Successfully retrieved ${results.total} users`);
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/search-users/snippets/search-users.test.yml b/doc/6/controllers/security/search-users/snippets/search-users.test.yml
new file mode 100644
index 000000000..cce40d830
--- /dev/null
+++ b/doc/6/controllers/security/search-users/snippets/search-users.test.yml
@@ -0,0 +1,19 @@
+name: security#searchUsers
+description: search users
+hooks:
+ before: |
+ for i in 1 2 3; do
+ curl -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": [ "default" ],
+ "status": "student"
+ },
+ "credentials": {}
+ }' kuzzle:7512/users/user${i}/_create?refresh=wait_for
+ done
+ after: |
+ for i in 1 2 3; do
+ curl -XDELETE kuzzle:7512/users/user${i}
+ done
+template: default
+expected: ^Successfully retrieved 3 users$
diff --git a/doc/6/controllers/security/update-credentials/index.md b/doc/6/controllers/security/update-credentials/index.md
new file mode 100644
index 000000000..4d98456a9
--- /dev/null
+++ b/doc/6/controllers/security/update-credentials/index.md
@@ -0,0 +1,56 @@
+---
+code: true
+type: page
+title: updateCredentials
+description: Updates a user credentials for the specified authentication strategy.
+---
+
+# updateCredentials
+
+Updates a user credentials for the specified authentication strategy.
+
+
+
+```js
+updateCredentials(strategy, kuid, credentials, [options]);
+```
+
+
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `strategy` | string
| Strategy to use |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `credentials` | object
| New credentials |
+| `options` | object
| Query options |
+
+### credentials
+
+The credentials to send. The expected properties depend on the target authentication strategy.
+
+Example for the `local` strategy:
+
+```js
+{
+ username: 'foo',
+ password: 'bar'
+}
+```
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the credentials are indexed |
+
+## Resolves
+
+An `object` representing the new credentials.
+The content depends on the authentication strategy.
+
+## Usage
+
+<<< ./snippets/update-credentials.js
diff --git a/doc/6/controllers/security/update-credentials/snippets/update-credentials.js b/doc/6/controllers/security/update-credentials/snippets/update-credentials.js
new file mode 100644
index 000000000..afe476a8e
--- /dev/null
+++ b/doc/6/controllers/security/update-credentials/snippets/update-credentials.js
@@ -0,0 +1,17 @@
+try {
+ const response = await kuzzle.security.updateCredentials(
+ 'local',
+ 'john.doe',
+ {
+ username: 'jdoe',
+ password: 'newPassword'
+ }
+ );
+
+ console.log(response);
+ /*
+ { username: "jdoe" }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/update-credentials/snippets/update-credentials.test.yml b/doc/6/controllers/security/update-credentials/snippets/update-credentials.test.yml
new file mode 100644
index 000000000..b089d1136
--- /dev/null
+++ b/doc/6/controllers/security/update-credentials/snippets/update-credentials.test.yml
@@ -0,0 +1,18 @@
+name: security#updateCredentials
+description: update credentials
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -f -d '{
+ "content": {
+ "profileIds": ["default"]
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "pass"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create
+ after: curl -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: '^{ username: ''jdoe'', kuid: ''john.doe'' }$'
diff --git a/doc/6/controllers/security/update-profile-mapping/index.md b/doc/6/controllers/security/update-profile-mapping/index.md
new file mode 100644
index 000000000..4b5c020df
--- /dev/null
+++ b/doc/6/controllers/security/update-profile-mapping/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: updateProfileMapping
+description: Updates the internal profile storage mapping.
+---
+
+# updateProfileMapping
+
+Updates the internal profile storage mapping.
+
+
+
+```js
+updateProfileMapping(mapping, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `mapping` | object
| Profile collection [mapping definition](/core/1/guides/essentials/database-mappings) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An acknowledgment message.
+
+## Usage
+
+<<< ./snippets/update-profile-mapping.js
+
diff --git a/doc/6/controllers/security/update-profile-mapping/snippets/update-profile-mapping.js b/doc/6/controllers/security/update-profile-mapping/snippets/update-profile-mapping.js
new file mode 100644
index 000000000..4703c7c24
--- /dev/null
+++ b/doc/6/controllers/security/update-profile-mapping/snippets/update-profile-mapping.js
@@ -0,0 +1,14 @@
+try {
+ const response = await kuzzle.security.updateProfileMapping({
+ properties: {
+ description: { type: 'text' }
+ }
+ });
+
+ console.log(response);
+ /*
+ { acknowledged: true }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/update-profile-mapping/snippets/update-profile-mapping.test.yml b/doc/6/controllers/security/update-profile-mapping/snippets/update-profile-mapping.test.yml
new file mode 100644
index 000000000..9c52a838e
--- /dev/null
+++ b/doc/6/controllers/security/update-profile-mapping/snippets/update-profile-mapping.test.yml
@@ -0,0 +1,4 @@
+name: security#updateProfileMapping
+description: update profile mapping
+template: default
+expected: '^{ acknowledged: true }$'
diff --git a/doc/6/controllers/security/update-profile/index.md b/doc/6/controllers/security/update-profile/index.md
new file mode 100644
index 000000000..c7e47f31a
--- /dev/null
+++ b/doc/6/controllers/security/update-profile/index.md
@@ -0,0 +1,40 @@
+---
+code: true
+type: page
+title: updateProfile
+description: Updates a security profile definition
+---
+
+# updateProfile
+
+Updates a security profile definition.
+
+
+
+```js
+updateProfile(id, profile, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `id` | string
| Profile identifier |
+| `profile` | object
| [Profile definition content](/core/1/guides/essentials/security/#defining-profiles) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the created profile is indexed |
+
+## Resolves
+
+A [`Profile`](/sdk/js/6/core-classes/profile/introduction) object representing the updated profile.
+
+## Usage
+
+<<< ./snippets/update-profile.js
+
diff --git a/doc/6/controllers/security/update-profile/snippets/update-profile.js b/doc/6/controllers/security/update-profile/snippets/update-profile.js
new file mode 100644
index 000000000..926c8ac24
--- /dev/null
+++ b/doc/6/controllers/security/update-profile/snippets/update-profile.js
@@ -0,0 +1,42 @@
+try {
+ const response = await kuzzle.security.updateProfile(
+ 'myProfile',
+ {
+ policies: [
+ {
+ roleId: 'default'
+ },
+ {
+ roleId: 'privileged',
+ restrictedTo: [
+ {
+ index: 'someIndex'
+ },
+ {
+ index: 'anotherIndex',
+ collections: [
+ 'coll1',
+ 'coll2'
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ );
+
+ console.log(response);
+ /*
+ Profile {
+ _id: 'myProfile',
+ policies:
+ [ { roleId: 'default' },
+ { roleId: 'privileged',
+ restrictedRo:
+ [ { index: 'someIndex' },
+ { index: 'anotherIndex', collections: [ 'coll1', 'coll2' ] } ] } ]
+ */
+
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/update-profile/snippets/update-profile.test.yml b/doc/6/controllers/security/update-profile/snippets/update-profile.test.yml
new file mode 100644
index 000000000..153b82ecb
--- /dev/null
+++ b/doc/6/controllers/security/update-profile/snippets/update-profile.test.yml
@@ -0,0 +1,10 @@
+name: security#updateProfile
+description: update profile
+hooks:
+ before: >
+ curl -H "Content-type: application/json" -d '{
+ "policies": []
+ }' kuzzle:7512/profiles/myProfile/_create
+ after: curl -XDELETE kuzzle:7512/profiles/myProfile
+template: default
+expected: '^ { roleId: ''privileged'', restrictedTo: \[Array\] } \] }$'
diff --git a/doc/6/controllers/security/update-role-mapping/index.md b/doc/6/controllers/security/update-role-mapping/index.md
new file mode 100644
index 000000000..5d247782f
--- /dev/null
+++ b/doc/6/controllers/security/update-role-mapping/index.md
@@ -0,0 +1,37 @@
+---
+code: true
+type: page
+title: updateRoleMapping
+description: Updates the internal role storage mapping.
+---
+
+# updateRoleMapping
+
+Updates the internal role storage mapping.
+
+
+
+```js
+updateRoleMapping(mapping, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `mapping` | object
| Role collection [mapping definition](/core/1/guides/essentials/database-mappings) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An acknowledgment message.
+
+## Usage
+
+<<< ./snippets/update-role-mapping.js
diff --git a/doc/6/controllers/security/update-role-mapping/snippets/update-role-mapping.js b/doc/6/controllers/security/update-role-mapping/snippets/update-role-mapping.js
new file mode 100644
index 000000000..3bc9dc520
--- /dev/null
+++ b/doc/6/controllers/security/update-role-mapping/snippets/update-role-mapping.js
@@ -0,0 +1,14 @@
+try {
+ const response = await kuzzle.security.updateRoleMapping({
+ properties: {
+ description: { type: 'text' }
+ }
+ });
+
+ console.log(response);
+ /*
+ { acknowledged: true }
+ */
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/update-role-mapping/snippets/update-role-mapping.test.yml b/doc/6/controllers/security/update-role-mapping/snippets/update-role-mapping.test.yml
new file mode 100644
index 000000000..161f83f5f
--- /dev/null
+++ b/doc/6/controllers/security/update-role-mapping/snippets/update-role-mapping.test.yml
@@ -0,0 +1,4 @@
+name: security#updateRoleMapping
+description: update role mapping
+template: default
+expected: '^{ acknowledged: true }$'
diff --git a/doc/6/controllers/security/update-role/index.md b/doc/6/controllers/security/update-role/index.md
new file mode 100644
index 000000000..49fae30c7
--- /dev/null
+++ b/doc/6/controllers/security/update-role/index.md
@@ -0,0 +1,47 @@
+---
+code: true
+type: page
+title: updateRole
+description: Updates a security role definition
+---
+
+# updateRole
+
+Updates a security role definition.
+
+**Note**: partial updates are not supported for roles, this API route will replace the entire role content with the provided one.
+
+
+
+```js
+updateRole(id, body, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `id` | string
| Role identifier |
+| `body` | object
| Role definition content |
+| `options` | object
| Query options |
+
+### body
+
+| Property | Type | Description |
+| --- | --- | --- |
+| `controllers` | object
| [Role definition](/core/1/guides/essentials/security/#defining-roles) |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the updated role is indexed |
+
+## Resolves
+
+A [`Role`](/sdk/js/6/core-classes/role) object representing the updated role.
+
+## Usage
+
+<<< ./snippets/update-role.js
diff --git a/doc/6/controllers/security/update-role/snippets/update-role.js b/doc/6/controllers/security/update-role/snippets/update-role.js
new file mode 100644
index 000000000..ca54743d2
--- /dev/null
+++ b/doc/6/controllers/security/update-role/snippets/update-role.js
@@ -0,0 +1,51 @@
+try {
+ const response = await kuzzle.security.updateRole(
+ 'read-only',
+ {
+ controllers: {
+ auth: {
+ actions: {
+ getCurrentUser: true,
+ getMyCredentials: true,
+ getMyRights: true,
+ logout: true
+ }
+ },
+ collection: {
+ actions: {
+ getMapping: true,
+ list: true
+ }
+ },
+ document: {
+ actions: {
+ count: true,
+ get: true,
+ mGet: true,
+ scroll: true,
+ search: true
+ }
+ },
+ index: {
+ actions: {
+ list: true
+ }
+ }
+ }
+ }
+ );
+
+ console.log(response);
+ /*
+ Role {
+ _id: 'read-only',
+ controllers:
+ { auth: { actions: [Object] },
+ collection: { actions: [Object] },
+ document: { actions: [Object] },
+ index: { actions: [Object] } } }
+ */
+
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/update-role/snippets/update-role.test.yml b/doc/6/controllers/security/update-role/snippets/update-role.test.yml
new file mode 100644
index 000000000..e865c6c1b
--- /dev/null
+++ b/doc/6/controllers/security/update-role/snippets/update-role.test.yml
@@ -0,0 +1,16 @@
+name: security#updateRole
+description: update role
+hooks:
+ before: >
+ curl -f -H "Content-type: application/json" -d '{
+ "controllers": {
+ "*": {
+ "actions": {
+ "*": false
+ }
+ }
+ }
+ }' kuzzle:7512/roles/read-only/_create
+ after: curl -f -XDELETE kuzzle:7512/roles/read-only
+template: default
+expected: '^ { auth: { actions: \[Object\] },$'
diff --git a/doc/6/controllers/security/update-user-mapping/index.md b/doc/6/controllers/security/update-user-mapping/index.md
new file mode 100644
index 000000000..395b33ae1
--- /dev/null
+++ b/doc/6/controllers/security/update-user-mapping/index.md
@@ -0,0 +1,38 @@
+---
+code: true
+type: page
+title: updateUserMapping
+description: Updates the internal user storage mapping.
+---
+
+# updateUserMapping
+
+Updates the internal user storage mapping.
+
+
+
+```js
+updateUserMapping(mapping, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `mapping` | object
| User collection [mapping definition](/core/1/guides/essentials/database-mappings) |
+| `options` | object
| Query options |
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+An acknowledgment message.
+
+## Usage
+
+<<< ./snippets/update-user-mapping.js
+
diff --git a/doc/6/controllers/security/update-user-mapping/snippets/update-user-mapping.js b/doc/6/controllers/security/update-user-mapping/snippets/update-user-mapping.js
new file mode 100644
index 000000000..2cab3b27d
--- /dev/null
+++ b/doc/6/controllers/security/update-user-mapping/snippets/update-user-mapping.js
@@ -0,0 +1,20 @@
+try {
+ const response = await kuzzle.security.updateUserMapping({
+ properties: {
+ firstName: { type: 'text' },
+ lastName: { type: 'text' },
+ birthDate: {
+ type: 'date',
+ format: 'yyyy-mm-dd'
+ }
+ }
+ });
+
+ console.log(response);
+ /*
+ { acknowledged: true }
+ */
+
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/update-user-mapping/snippets/update-user-mapping.test.yml b/doc/6/controllers/security/update-user-mapping/snippets/update-user-mapping.test.yml
new file mode 100644
index 000000000..3ad4e32bb
--- /dev/null
+++ b/doc/6/controllers/security/update-user-mapping/snippets/update-user-mapping.test.yml
@@ -0,0 +1,4 @@
+name: security#updateUserMapping
+description: update user mapping
+template: default
+expected: '^{ acknowledged: true }$'
diff --git a/doc/6/controllers/security/update-user/index.md b/doc/6/controllers/security/update-user/index.md
new file mode 100644
index 000000000..ea10c6771
--- /dev/null
+++ b/doc/6/controllers/security/update-user/index.md
@@ -0,0 +1,58 @@
+---
+code: true
+type: page
+title: updateUser
+description: Updates a user definition.
+---
+
+# updateUser
+
+Updates a user definition.
+
+
+
+```js
+updateUser(kuid, body, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `body` | object
| User content |
+| `options` | object
| Query options |
+
+### body
+
+The `body` contains the list of profile ids to attach the user to and potential additional information.
+Any other attribute can be added.
+Make sure to [update the user mapping](/sdk/js/6/controllers/security/update-user-mapping) collection to match your custom attributes.
+
+Example:
+
+```js
+{
+ profileIds: [
+ 'default'
+ ],
+ firstName: 'John',
+ lastName: 'Doe'
+}
+```
+
+### options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+| `refresh` | boolean
(`false`) | If set to `wait_for`, Kuzzle will not respond until the updated user is indexed |
+
+## Resolves
+
+A [`User`](sdk/js/6/core-classes/user/introduction) object containing information about the updated user.
+
+## Usage
+
+<<< ./snippets/update-user.js
+
diff --git a/doc/6/controllers/security/update-user/snippets/update-user.js b/doc/6/controllers/security/update-user/snippets/update-user.js
new file mode 100644
index 000000000..d02ecb9e7
--- /dev/null
+++ b/doc/6/controllers/security/update-user/snippets/update-user.js
@@ -0,0 +1,27 @@
+try {
+ const response = await kuzzle.security.updateUser(
+ 'john.doe',
+ {
+ profileIds: ['default'],
+ firstName: 'John',
+ lastName: 'Doe'
+ }
+ );
+
+ console.log(response);
+ /*
+ User {
+ _id: 'john.doe',
+ content:,
+ { profileIds: [ 'default' ],
+ fullName: 'John Doe',
+ _kuzzle_info:
+ { author: '-1',
+ createdAt: 1561379086534,
+ updatedAt: null,
+ updater: null } } }
+ */
+
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/update-user/snippets/update-user.test.yml b/doc/6/controllers/security/update-user/snippets/update-user.test.yml
new file mode 100644
index 000000000..bc1cc0125
--- /dev/null
+++ b/doc/6/controllers/security/update-user/snippets/update-user.test.yml
@@ -0,0 +1,13 @@
+name: security#updateUser
+description: update user
+hooks:
+ before: >
+ curl -f -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": ["default"]
+ },
+ "credentials": { }
+ }' kuzzle:7512/users/john.doe/_create
+ after: curl -f -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: '^ firstName: ''John'',$'
diff --git a/doc/6/controllers/security/validate-credentials/index.md b/doc/6/controllers/security/validate-credentials/index.md
new file mode 100644
index 000000000..54357bf86
--- /dev/null
+++ b/doc/6/controllers/security/validate-credentials/index.md
@@ -0,0 +1,55 @@
+---
+code: true
+type: page
+title: validateCredentials
+description: Checks if the provided credentials are well-formed. Does not actually save credentials.
+---
+
+# validateCredentials
+
+Checks if the provided credentials are well-formed. Does not actually save credentials.
+
+
+
+```js
+validateCredentials(strategy, kuid, credentials, [options]);
+```
+
+
+
+| Property | Type | Description |
+|--- |--- |--- |
+| `strategy` | string
| Strategy identifier |
+| `kuid` | string
| User [kuid](/core/1/guides/essentials/user-authentication/#kuzzle-user-identifier-kuid) |
+| `credentials` | object
| New credentials |
+| `options` | object
| Query options |
+
+### credentials
+
+The credentials to check. The expected properties depend on the target authentication strategy.
+
+Example for the `local` strategy:
+
+```js
+{
+ username: 'foo',
+ password: 'bar'
+}
+```
+
+### options
+
+Additional query options
+
+| Property | Type
(default) | Description |
+| --- | --- | --- |
+| `queuable` | boolean
(`true`) | If true, queues the request during downtime, until connected to Kuzzle again |
+
+## Resolves
+
+A `boolean` telling whether credentials are valid.
+
+## Usage
+
+<<< ./snippets/validate-credentials.js
+
diff --git a/doc/6/controllers/security/validate-credentials/snippets/validate-credentials.js b/doc/6/controllers/security/validate-credentials/snippets/validate-credentials.js
new file mode 100644
index 000000000..1a31f7348
--- /dev/null
+++ b/doc/6/controllers/security/validate-credentials/snippets/validate-credentials.js
@@ -0,0 +1,18 @@
+try {
+ const response = await kuzzle.security.validateCredentials(
+ 'local',
+ 'john.doe',
+ {
+ username: 'jdoe',
+ password: 'password'
+ }
+ );
+
+ console.log(response);
+ /*
+ true
+ */
+
+} catch (e) {
+ console.error(e);
+}
diff --git a/doc/6/controllers/security/validate-credentials/snippets/validate-credentials.test.yml b/doc/6/controllers/security/validate-credentials/snippets/validate-credentials.test.yml
new file mode 100644
index 000000000..5fd0cb927
--- /dev/null
+++ b/doc/6/controllers/security/validate-credentials/snippets/validate-credentials.test.yml
@@ -0,0 +1,18 @@
+name: security#validateCredentials
+description: validate credentials
+hooks:
+ before: >
+ curl -f -H "Content-type: application/json" -d '{
+ "content": {
+ "profileIds": ["default"]
+ },
+ "credentials": {
+ "local": {
+ "username": "jdoe",
+ "password": "password"
+ }
+ }
+ }' kuzzle:7512/users/john.doe/_create
+ after: curl -f -XDELETE kuzzle:7512/users/john.doe
+template: default
+expected: ^true$
diff --git a/doc/docker-compose.yml b/doc/docker-compose.yml
new file mode 100644
index 000000000..2404e52de
--- /dev/null
+++ b/doc/docker-compose.yml
@@ -0,0 +1,14 @@
+version: '3'
+
+services:
+ doc:
+ image: kuzzleio/documentation:dev
+ ports:
+ - 8080:8080
+ tty: true
+ volumes:
+ - cache:/var/app/node_modules/@vuepress/core/node_modules/.cache
+ - ./6:/var/app/src/sdk/js/6
+
+volumes:
+ cache:
diff --git a/package.json b/package.json
index c05998ded..8f4d97e80 100644
--- a/package.json
+++ b/package.json
@@ -22,6 +22,7 @@
"prepublish": "npm run build",
"test": "npm run --silent lint && npm run unit-testing && npm run functional-testing",
"unit-testing": "nyc --reporter=text-summary --reporter=lcov mocha",
+ "doc": "docker-compose -f doc/docker-compose.yml up",
"doc-testing": "bash test-docs.sh",
"functional-testing": "cucumber-js --exit --fail-fast",
"lint": "eslint --max-warnings=0 ./src ./test",
@@ -61,6 +62,7 @@
"should-sinon": "0.0.6",
"sinon": "^7.3.0"
},
+
"engines": {
"node": ">= 6.9.1"
}
diff --git a/test-docs.sh b/test-docs.sh
index 8cafa5887..122d2e261 100644
--- a/test-docs.sh
+++ b/test-docs.sh
@@ -1,7 +1,11 @@
#!/bin/bash
+
+here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd "$here"
+
docker-compose -f .ci/doc/docker-compose.yml pull
docker-compose -f .ci/doc/docker-compose.yml run doc-tests node index
EXIT=$?
docker-compose -f .ci/doc/docker-compose.yml down
-exit $EXIT
\ No newline at end of file
+exit $EXIT