You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In talking through the "New User Email" flow on 3/22, we identified multiple pieces of New User Registration & Authentication that need to be implemented/changed. One of those pieces is JWT Token auth.
Currently, a JWT token is issued for any valid POST to the /auth/obtain_token/ endpoint. This needs to change to a 403 - 'E-mail is not verified.' for any POST that contains an unverified and/or missing email address.
Implementing this will require a serializer change similar to the one outlined in This Stack Overflow Post.
Acceptance Criteria
Changes are made to userauth/serializers.py to require email validation
Changes are made to userauth/serializers.py change the return message for a POST that doesn't have a validated email
A JWT token is issued for all valid POSTs
Unittests are written in support of these changes.
Existing Unittests for auth/unauthed states are re-written to accommodate the new methods, flows and URLs required for these changes.
Do we want to stick with userauth/obtain_token as the canonical endpoint for both logging in returning users and registering new ones -- or do we want to create a separate route and URL specifically for new user registration?
UPDATE: The apps we are exploring all use a separate endpoint for registration/validation flow, so we will probably use/follow that convention.
Background
In talking through the "New User Email" flow on 3/22, we identified multiple pieces of New User Registration & Authentication that need to be implemented/changed. One of those pieces is JWT Token auth.
Currently, a JWT token is issued for any valid POST to the
/auth/obtain_token/endpoint. This needs to change to a403 - 'E-mail is not verified.'for any POST that contains an unverified and/or missing email address.Implementing this will require a serializer change similar to the one outlined in This Stack Overflow Post.
Acceptance Criteria
userauth/serializers.pyto require email validationuserauth/serializers.pychange the return message for a POST that doesn't have a validated emailThis Issue Depends On
#111 - Make(now closed and invalid) -- see https://github.com/codebuddies/backend/discussions/178for more details.emailRequired on BackendOpen Questions
userauth/obtain_tokenas the canonical endpoint for both logging in returning users and registering new ones -- or do we want to create a separate route and URL specifically for new user registration?UPDATE: The apps we are exploring all use a separate endpoint for registration/validation flow, so we will probably use/follow that convention.