Title: Add User Authentication Feature
Description:
This pull request introduces user authentication functionality to our
web application. The main goal of this feature is to ensure that each
action performed on the platform is tied to a valid, logged-in user,
thus providing accountability and maintaining data security.
Changes:
New models: Added the User model to represent users in our system. This
model includes fields: username, password_hash, email etc.
User seriliazer and views: Implemented serializers and API views for
user registration, login, and logout.
Authentication Middlewares: Added middlewares to check for a valid
session or token before allowing access to certain views.
Tests: Included comprehensive test coverage for the new feature. Tests
were implemented to verify user registration, login, and logout
functionality, as well as checking authentication enforcement on
applicable views.
Documentation: Updated API documentation related to User endpoints.
This feature is expected to improve the overall security of our
application by properly managing user sessions and actions.
Note: You will see references to some helper tools like make_password
and check_password methods, these are security measures to ensure we are
not storing plain text passwords in the database.
This PR follows our Python coding standards and is fully linted and
tested.
Requesting review and feedback. If all points are clear and no issues
are detected during the review, we would appreciate it if this PR could
be merged at the earliest convenience.
Related Issue: #123
- Make register and login not take an instance by ownership
- Add README information to `lib.rs`
- Add more derives to ChorusUser and Instance
- Impl From reqwest::Error for ChorusError
- Add support for .well-known #449
- Remove "limited: bool" as an argument for `Instance::new` in favour of
dynamic instance limit checking #450
Closes#449.
+ `Instance::from_root_url(root_url: &str, limited: bool)`: Creates a
new Instance by trying to get the relevant instance urls (UrlBundle)
from a root url. Shorthand for
`Instance::new(UrlBundle::from_root_domain(root_domain).await?)`
+ `UrlBundle::from_root_url(url: &str)`: Performs a few HTTP requests to
try and retrieve a UrlBundle from an instance's root URL. The method
tries to retrieve the UrlBundle via these three strategies, in order:
- GET: $url/.well-known/spacebar -> Retrieve UrlBundle via
$wellknownurl/api/policies/instance/domains
- GET: $url/api/policies/instance/domains
- GET: $url/policies/instance/domains
The URL stored at .well-known/spacebar is the instance's API endpoint.
The API stores the CDN and WSS URLs under the
$api/policies/instance/domains endpoint. If all three of the above
approaches fail, it is very likely that the instance is misconfigured,
unreachable, or that a wrong URL was provided.
+ Add clippy warnings for: `clippy::todo,
clippy::unimplemented,
clippy::dbg_macro,
clippy::print_stdout,
clippy::print_stderr`
kozabrada123
bitfl0wer
Flori