admin/DroneWars
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
24a26bd092540111226bb53c92d96cc8c876e202
DroneWars/specs/authentication.md
Matteo Rosati 266a1249d7 implement auth (register, login, logout)
2026-02-10 20:24:02 +01:00

3.4 KiB
Raw Blame History

Authentication

  • Write a fully functional API based authentication system for this application.
  • There must be two available endpoints, one for the registration, one for the login. Both only speak JSON and both are POST only.
  • The authentication must be token based. When a user authenticates, the response returns a token that uniquely identifies the user, and can be used for the next API calls.
  • The implementation must be secure, solid, and be production ready.
  • If necessary, add python / django packages to simplify the implementation.

You must interview the user on this specs to gather as many information as you think it's necessary to make this implementation solid as rock, then update this file with an accurate implementation plan.

Registration

The registration accepts two fields in the payload:

  • email: mandatory, valid email.
  • password: mandatory, 8 characters minimum.

The endpoint must validate the data and return meaningful JSON error messages. When it runs without errors, it creates a new user.

Login

The login endpoint accepts two fields in the payload:

  • email: mandatory, valid email.
  • password: mandatory

If the user is found in the database, the API returns a token for that user.

Logout

Provide also a logout mechanism that invalidates or deletes the current user token.

Implementation Plan

Assumptions (defaulted since only routes were confirmed):

  • Use Django REST Framework + SimpleJWT.
  • Access token lifetime: 15 minutes; refresh token lifetime: 7 days.
  • Enable token blacklist app to invalidate refresh tokens on logout.
  • Keep default Django User model; store email as the unique identifier, set username = email on registration.
  • Add throttling for login/registration to reduce abuse.
  • Routes: /api/auth/register, /api/auth/login, /api/auth/logout (JSON-only, POST).

Steps:

  1. Add packages
    • Add djangorestframework, djangorestframework-simplejwt, and djangorestframework-simplejwt[token_blacklist] to dependencies.
  2. Configure settings
    • Add rest_framework, rest_framework_simplejwt, and rest_framework_simplejwt.token_blacklist to INSTALLED_APPS.
    • Configure REST_FRAMEWORK defaults for JSON-only responses, authentication classes (JWT), and throttling classes/rates.
    • Configure SIMPLE_JWT lifetimes and blacklist settings.
  3. Add API routes
    • Create api/urls.py and include under dronewars/urls.py at path("api/", include(...)).
    • Add routes:
      • POST /api/auth/register
      • POST /api/auth/login
      • POST /api/auth/logout
  4. Implement serializers
    • RegistrationSerializer: validate email format, enforce minimum password length (>= 8), ensure email uniqueness, create user with set_password, set username=email.
    • LoginSerializer: validate credentials using authenticate, return SimpleJWT token pair.
  5. Implement views
    • RegisterView: create user; return token pair on success.
    • LoginView: return token pair for valid credentials; return JSON errors on failure.
    • LogoutView: accept refresh token, blacklist it, return success JSON.
  6. Error handling
    • Return consistent JSON errors with field-level messages for validation failures and authentication errors.
  7. Tests (if present or required)
    • Add basic tests for registration, login, and logout success/failure paths.

If any assumption should change (token lifetimes, user model, blacklist behavior, throttling), update this plan before implementation.

Reference in New Issue View Git Blame Copy Permalink