Implement authentication and registration back-end
Registration
- Get into the proper virtual environment.
- Do
pip install -r requirements.txt
. - Do
cp .environ/.env.dev .env
. - Do
docker-compose up -d
. - When the docker containers all start up, do
make dev.web.logs
. - When the containers are running, do
make migrate
. - Register a new user through the API. For example:
curl -X POST -H 'content-type: application/json' -d '{"username": "mslm", "password": "password123", "last_name": "Shahzad", "first_name": "Uman", "email": "uman@opencraft.com"}' http://localhost:1786/registration/register/
- You will see a verification link in the logs. Follow it and ensure the payload you receive makes sense and that you are thus verified.
Authentication
In order to see your user details (i.e. 'log in' from a client perspective), you need to authenticate using tokens.
- Obtain a token from http://localhost:1786/auth/token/obtain/. For example:
curl -X POST -d 'username={username}&password={password}' http://localhost:1786/auth/token/obtain/
- Copy the token you get back.
- See the details using the token. For example:
curl -X GET -H 'Authorization: Token {token}' http://localhost:1786/auth/user/{username}/
- See that you get back a bunch of user details (account will be
null
for now). - Change the token in the authorization header slightly, and see that you are denied access.
(Optional)
- Play around with revoking/verifying tokens using the http://localhost:1786/auth/token/revoke/ and http://localhost:1786/auth/token/verify/ endpoints, respectively. Both require a
POST
request with atoken
and ausername
. For example:
curl -X POST -d 'token={token}&username={username}' http://localhost:1786/auth/token/verify/
Account Details
Although it's trivial, I'm low on time so I have not written an endpoint for creating new Account models through the REST framework. So for now, create them in the admin using arbitrary details. Give as much (fake) information as possible. (I will add the endpoints in a later PR).
- You can't make users administrators through the API, so do
$ make shell
>>> user = User.objects.get()
>>> user.is_staff = True
>>> user.save()
>>> CTRL+D
- Login to http://localhost:1786/admin and make the
Account
model for your user. Also make aBankAccount
for the resultingAccount
as a separate but extra piece.
We're staff now so tokens are irrelevant. Verify endpoints directly in the browser view now.
- Go to http://localhost:1786/account/{username}/ and see that the info matches what you'd expect for account details.
- Go to http://localhost:1786/account/address/{username}/ and see that the info matches what you'd expect for address details.
Bank Details
Bank details require UUIDs to retrieve. Get them from the command line as I believe the admin doesn't have them showing.
- Go to http://localhost:1786/bank/{uuid}/ and see that the info matches what you'd expect for the bank details (not the bank account).
- Go to http://localhost:1786/bank/account/{uuid}/ and see that the info matches what you'd expect for the bank account details.
Hourly Rates
Hourly rates are a more complex feature. Any user account can be a provider or a client related to another user account which is the opposite (i.e. they're the client if you are the provider) and the relation between you would be the hourly rate in an arbitrary currency. You can even bill yourself.
For now, we must create these through the Django admin.
- Go to http://localhost:1786/admin/account/hourlyrate/ and create a new hourly rate between 2 accounts -- this may require you to make a new one. For example, make the real you the provider, and OpenCraft the client, so that you charge OpenCraft some EUR.
- Go to http://localhost:1786/account/rate/{provider_username}/{client_username}/ and ensure that you get what you expect for the hourly rate between the provider and client. Example link:
http://localhost:1786/account/rate/mslm/OpenCraft
- Create another hourly rate between the same provider and client (obviously not a very real scenario, but still).
- Go to the same link and see that you now can see a list of hourly rates between the two.