Dj rest auth

[BethanyG]

What type of PR is this? (check all applicable)

• 🐛 Bug Fix
• ✨ Feature (e.g. API change, enhancement, addition, etc.)
• ♻️ Refactor
• 📝 Documentation
• 🔖 Release
• 🚩 Other (concerning: )

Context

We wanted to implement a user registration process that incorporated an email and verification of that email.
See issue #110 and discussion #178 for additional context.

Closes #110, #113, #114, #118

Other Related Tickets & Documents (as needed)

• Django-allauth
• dj-rest-auth
• SimpleJWT

Implementation Details

We had originally planned to use django-rest-auth, but it is no longer maintained, and doesn't play nice with django-allauth anymore. dj-rest-auth is the currently maintained fork of django-rest-auth. However, dj-rest-auth requires the django-simpleJWT library, so the current django-rest-framework-jwt library was replaced.

It was also decided that authorization and registration should live under the main API url instead of being "off to the side", so the URLs and code were refactored to support this. Additionally, settings changes were made to require a validated email upon user registration. Users will no longer be allowed to login without a "verified" email.

More refactor/changes may be needed as we refine user profiles and permissions.

Obtaining JWT tokens has moved to:

• api/v1/auth/token (obtain an access and refresh token pair),
• api/v1/auth/verify (verify the validity of a refresh or access token),
• api/v1/refresh (obtain new access toke by using non-expired refresh token)

Registration/Login/Logout are now located at:

• api/v1/auth/registration/ (now triggers a validation email to the email address a user enters.)
• api/v1/auth/verify-email/ (to POST a user's HMC email key for validating their email)
• api/v1/auth/login/ (Will require a validated email in order to sign in)
• api/v1/auth/logout/ (Will clear tokens from currently logged in user)

User Details and current_user are located at:

• api/v1/auth/user/ (to view currently logged in User Details)
  
• api/v1/auth/current_user (to view currently logged in User without email address)
  

Since these two are redundant, one may be omitted or changed later in the project.

New Libraries/Dependancies Introduced (Fill out as needed)

If you have added libraries or other dependancies, please list them (and links to their repos) below:

djangorestframework-simplejwt
dj-rest-auth==1.1.1
django-rest-authtoken==2.1.3

• I've updated project/requirements/base.txt

Any new migration files added?

• 👍 yes -- but these should happen in the course of installing the new apps/libraries.
• 🙅 no, because they aren't needed

Did you add tests?

Code added or changed without test coverage or good reason for exemption won't be approved.

• 👍 yes - more are needed, but the basics are covered.
• 🙋 no, because I need help
• 🙅 no, because they aren't needed

Did you add documentation?

• 📜 readme.md
• 📜 contributing.md
• 📜 wiki entry
• 🙋 I'd like some additional time to write documentation, and will file a new issue for it
• 🙅 no documentation needed

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (main@6f9a92f). Click here to learn what that means.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #187   +/-   ##
=======================================
  Coverage        ?   81.56%           
=======================================
  Files           ?       33           
  Lines           ?      548           
  Branches        ?        0           
=======================================
  Hits            ?      447           
  Misses          ?      101           
  Partials        ?        0           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6f9a92f...604bac8. Read the comment docs.

[lpatmo]

Yay!!! 👏👏👏

Excellent work, Bethany! I started reviewing this morning but didn't get a chance to finish testing and looking at everything, but will try to finish up tonight/tomorrow.

One small detail that can be fixed right now: project/core/templates/account/email/email _confirmation_subject.txt has an extra space near the underscore.

[BethanyG]

Hey @lpatmo - thanks for the sharp-eyed copyedit! Could you make that suggestion in the PR directly, so we can just accept it here -- or give me a file and line to reference? Not sure where the URL is is mis-typed? Thanks!

EDIT: NM! Found it. Will push a renamed file.

oooofh. Not sure why, but changing that file causes 17 test failures and an endless recursion. Reverting.

[BethanyG]

OK. I think I've fixed both the intermittent test failure and the mis-named file. Test are passing.

[lpatmo]

OK. I think I've fixed both the intermittent test failure and the mis-named file. Test are passing.

Yay, thanks for fixing!

TIL having EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' means the email is "sent" via stdout if I run docker-compose up without the -d flag :D

We may need to look into updating the "from" line (a future issue), but I'm very happy with this:

Again, thanks for this big chunk of work! 👏 Feel free to merge in when you're ready. Separately, I filed a FE ticket to look into the changes that need to be made on the FE side: codebuddies/frontend#161

[BethanyG]

OK. Mashing the big, green button. 😄