Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement POST /user, POST /login, JWT-based authorization #31

Merged
merged 14 commits into from
Feb 7, 2022
Merged

Implement POST /user, POST /login, JWT-based authorization #31

merged 14 commits into from
Feb 7, 2022

Conversation

krashanoff
Copy link
Collaborator

@krashanoff krashanoff commented Feb 1, 2022
edited
Loading

This PR, based on #30, implements the "create user" endpoint on the backend. Users can create an account in the backend database, and are returned a JSON Web Token, to be included in the Authorization header of future transactions. It closes #22. It also adds the POST /login endpoint for users to log in, closing #20.

The final change in this PR just changes the default RDBMS login string in our main function to reflect the variables used in our Dockerfile.

Its specification is outlined in our backend documentation as such:

POST /user

Login as an user, returning a JWT for future requests. Please please please only send this on TLS.

Request Body

Field Possible Values
type professor, student
username *
password * 
{
  "type": "professor",
  "username": "Smallberg",
  "password": "MYSECRETPASSWORD DONT TELL ANYONE LOL"
}

Response Format

{
  "token": "SomeLongStringOfBase64"
}
Status Code Semantic
201 CREATED
400 Bad request (see format)
401 Unauthorized
409 Username already exists
500 Server error

POST /login

Login as an user, returning a JWT for future requests. Please please please only
send this on TLS.

Request Body

{
  "username": "Smallberg",
  "password": "MYSECRETPASSWORD DONT TELL ANYONE LOL"
}

Response Format

{
  "token": "SomeLongStringOfBase64"
}
Status Code Semantic
200 OK
400 Bad request (see format)
401 Unauthorized
500 Server error

@krashanoff krashanoff added backend Concerning the backend documentation Concerning documentation labels Feb 1, 2022
@krashanoff krashanoff added this to the MVP milestone Feb 1, 2022
@krashanoff krashanoff changed the title Implement POST /user, scaffold JWT-based authorization Implement POST /user, POST /login, JWT-based authorization Feb 3, 2022
@krashanoff
Add expiry, NBF fields to JWT. Implement login endpoint.
1273353
@krashanoff
Delete auth.py
1a7745c
@krashanoff
Move JWT functionality to auth.py.
7489104 
* Add doc comments throughout.
* Improve feedback for login failures, etc.
* Reformat SQL queries for readability.
@krashanoff
Format auth.
82f53a6
@krashanoff krashanoff requested a review from svetly-t February 5, 2022 09:15
svetly-t
svetly-t reviewed Feb 7, 2022
View reviewed changes
backend/main.py Outdated
"-s",
"--secret",
type=str,
default="gradbetter",
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit this was probably supposed to be "gradebetter".

svetly-t
svetly-t approved these changes Feb 7, 2022
View reviewed changes
Copy link
Collaborator

@svetly-t svetly-t left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides a minor string nitpick, everything looks good to me.

@krashanoff krashanoff merged commit 129b067 into main Feb 7, 2022
@krashanoff krashanoff deleted the krashanoff/auth branch February 7, 2022 00:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@svetly-t svetly-t svetly-t approved these changes

Assignees
No one assigned
Labels
backend Concerning the backend documentation Concerning documentation
Projects
None yet
Milestone
MVP
Development

Successfully merging this pull request may close these issues.

Add create user endpoint
2 participants
@krashanoff @svetly-t