Skip to content

Instantly share code, notes, and snippets.

@cooncesean

cooncesean/gears3 authentication.md

Created October 1, 2014 04:08
Show Gist options
  • Save cooncesean/455cc198719b1c53f534 to your computer and use it in GitHub Desktop.
Save cooncesean/455cc198719b1c53f534 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gears3 authentication.md

Gears Authentication

Functionality Overview

Using a 'temporary' user model (just use contrib.auth.models.User until we nail down our User models), I should be able to:

  1. Sign up for gears
  2. Login to gears
  3. Logout from gears

Endpoints

In order to accomplish the functionality outlined above, you will need to expose the following endpoints:

Notes: A few quick notes on these endpoints:

  1. Don't sweat the urlpatterns; we don't need to nail these down right now.
  2. You should hook up with Hogan to see if you need to support anything other than POST requests to these endpoints; IMO, you probably shouldn't.

Endpoints:

  1. Sign Up: Should process a request from an un-auth'd user to create a new account.
    • URL Pattern: /api/v1/authenticate/sign-up/
    • Required Data: username, email, password, csrf_token?
    • Responses:
      • 201: Successfully created a new user with the data provided. Should probably respond with an access token.
      • 409: Could not create new user b/c of conflict in data (ie: user already exists).
      • 400: Data submitted failed validation (ie: invalid email or password).
  2. Login: Should process a request from an existing user to log into their account.
    • URL Pattern: /api/v1/authenticate/log-in/
    • Required Data: username, password, csrf_token?
    • Responses:
      • 200: Successfully authenticated the user with the data provided. Should probably respond with an access token.
      • 400: Data submitted failed validation (ie: invalid email or password or the credentials provided do not match anything in our db).
  3. Logout: Should process a request from an existing user to log out the system
    • URL Pattern: /api/v1/authenticate/log-out/
    • Required Data: Needs an authenticated user; possibly needs their access token so we can revoke it?
    • Responses:
      • 200: Successfully revoked access. Should this return a 302 redirect back to the Gears landing page.

Data

This is a bit fluid, as we're trying to figure out the best authorization grant to use for the front-end, but there are a few data points that should be covered. Namely, a new User object should be created when a successful POST to the signup endpoint is processed. This will also likely trigger a new Access Token to be created -- but I leave the details to you.

Tests

There should be unit tests to cover all most of the complicated logic in your endpoints. There should also be integration tests that all functionality specified above; I can help with these.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment