lock-unlock.md

Gerfect! I found the profile API endpoints. The error you're seeing (/api/v1/profile returns NotFoundError) is because there's no direct GET endpoint for listing profiles in v1. However, I can see from the routing that profiles can be accessed. Let me explain how to list all profiles:

How to List All Profiles in TheHive

Based on the codebase analysis, here are the ways to list profiles:

Option 1: Using v0 API (Recommended for listing)

The v0 API has a search endpoint for profiles:

Simple GET

GET http://localhost:9000/api/profile

Or POST with search

POST http://localhost:9000/api/profile/_search Content-Type: application/json

{ "query": {} }

Option 2: Using v1 API Query Endpoint

The v1 API uses a query-based approach through the ProfileCtrl which is registered in TheHiveQueryExecutor:

POST http://localhost:9000/api/v1/query?name=profiles Content-Type: application/json

{ "query": [ {"_name": "listProfile"}, {"_name": "page", "from": 0, "to": 15, "extraData": []} ] }

Option 3: Get a Specific Profile (v1)

If you know the profile name/ID:

GET http://localhost:9000/api/v1/profile/{profileId}

Examples:

GET http://localhost:9000/api/v1/profile/analyst GET http://localhost:9000/api/v1/profile/admin GET http://localhost:9000/api/v1/profile/org-admin

Available Endpoints from Router Analysis

From /home/anubhavg/Desktop/invinsense-case-management/thehive/a pp/org/thp/thehive/controllers/v1/Router.scala:176-179:

• POST /api/v1/profile - Create profile
• GET /api/v1/profile/{profileId} - Get specific profile
• PATCH /api/v1/profile/{profileId} - Update profile
• DELETE /api/v1/profile/{profileId} - Delete profile

From /home/anubhavg/Desktop/invinsense-case-management/thehive/a pp/org/thp/thehive/controllers/v0/Router.scala:198-204:

• GET /api/profile - List/search profiles
• POST /api/profile/_search - Search profiles
• POST /api/profile/_stats - Profile statistics
• POST /api/profile - Create profile
• GET /api/profile/{profileId} - Get specific profile
• PATCH /api/profile/{profileId} - Update profile
• DELETE /api/profile/{profileId} - Delete profile

Why /api/v1/profile Returns NotFoundError

Looking at the v1 Router, there's no route defined for GET /api/v1/profile without a parameter. The ProfileCtrl in v1 is set up as a QueryableCtrl, which means listing is done through the query API, not through a direct GET endpoint.

Recommended Approach

Use the v0 API for simple listing:

curl -u admin@thehive.local:secret
http://localhost:9000/api/profile

Or use the v1 query API for more advanced filtering:

curl -u admin@thehive.local:secret
-X POST
-H "Content-Type: application/json"
-d '{"query": [{"_name": "listProfile"}, {"_name": "page", "from": 0, "to": 50}]}'
http://localhost:9000/api/v1/query?name=profiles

Perfect! Now I have all the information. Let me provide you with the lock and unlock API endpoints:

Lock and Unlock User API Endpoints

Based on the codebase analysis, here are the available lock/unlock endpoints:

Method 1: Direct Lock (DELETE endpoint)

Lock a user:
DELETE /api/v1/user/{userId}

Example:

curl -u admin@thehive.local:secret
-X DELETE
http://localhost:9000/api/v1/user/testuser@example.com

v0 equivalent:
DELETE /api/user/{userId}

Method 2: Update User with Locked Field (PATCH endpoint)

Both lock AND unlock can be done via the update endpoint:

Lock a user:
PATCH /api/v1/user/{userId}
Content-Type: application/json

{
"locked": true
}

Example:

curl -u admin@thehive.local:secret
-X PATCH
-H "Content-Type: application/json"
-d '{"locked": true}'
http://localhost:9000/api/v1/user/testuser@example.com

Unlock a user:
PATCH /api/v1/user/{userId}
Content-Type: application/json

{
"locked": false
}

Example:

curl -u admin@thehive.local:secret
-X PATCH
-H "Content-Type: application/json"
-d '{"locked": false}'
http://localhost:9000/api/v1/user/testuser@example.com

Implementation Details

From /home/anubhavg/Desktop/invinsense-case-management/thehive/app/org/thp/thehive/controllers/v1/UserCtrl.s
cala:217:

• The update method accepts a locked boolean field
• When locked: true → calls userSrv.lock(user)
• When locked: false → calls userSrv.unlock(user)

Available Endpoints Summary

v1 API:

• DELETE /api/v1/user/{userId} - Lock user (line 96 in Router)
• PATCH /api/v1/user/{userId} with {"locked": true} - Lock user
• PATCH /api/v1/user/{userId} with {"locked": false} - Unlock user

v0 API:

• DELETE /api/user/{userId} - Lock user (line 227 in Router)
• Similar PATCH behavior for v0

Complete Example with Authentication

Lock user using DELETE

curl -u admin@thehive.local:secret
-X DELETE
http://localhost:9000/api/v1/user/analyst@example.com

Lock user using PATCH

curl -u admin@thehive.local:secret
-X PATCH
-H "Content-Type: application/json"
-d '{
"locked": true
}'
http://localhost:9000/api/v1/user/analyst@example.com

Unlock user using PATCH

curl -u admin@thehive.local:secret
-X PATCH
-H "Content-Type: application/json"
-d '{
"locked": false
}'
http://localhost:9000/api/v1/user/analyst@example.com

Important Notes

1. Permissions Required: You need manageUser permission to lock/unlock users
2. No Separate Unlock Endpoint: There's no dedicated DELETE /api/v1/user/{userId}/unlock endpoint - use
   PATCH with locked: false instead
3. DELETE = Lock Only: The DELETE endpoint only locks users, it doesn't delete them permanently
4. Force Delete: To permanently delete a user, use DELETE /api/v1/user/{userId}/force?organisation={orgName}
   (line 97 in Router)