Created API endpoint for GET request (list view) for USERS with proper JWT authentication #77
Conversation
Specifies how user data should be serialized
added UserCreateView to allow for the POST of users
added a view to deal with creating a new User
Added a check for authenticated users only to be able to send GET, POST, and PATCH requests for User info.
Esterello2
changed the title
|
Updated the PR by deleting the old files from the "users" directory, and adding the serializers, views, urls, and permissions files in a directory called API. |
|
Made a big update here, I added simple JWT authentication by importing the simpleJWT module from the rest_framework app. I incorporated three new views that deal with generating, refreshing, and verifying JWT tokens to properly authenticate API requests for POST and GET for User info. |
majorsylvie
changed the title
src/chigame/api/permissions.py
Outdated
There was a problem hiding this comment.
Any reason you check for unauthentication as opposed to authentication?
There was a problem hiding this comment.
Thanks for pointing this out, it was originally done like this because the only POST requests for Users I had in mind were when new users were creating accounts. I will remove this and update with the new implementation we agreed on that only admin users can create new users through API request.
src/chigame/api/serializers.py
Outdated
There was a problem hiding this comment.
Glad you condensed the user serializers! Any reason for the notification serializer in this PR specifically?
There was a problem hiding this comment.
Thank you for pointing this out, I was actually testing this out by making a serializer for the Notification model, but I will actually look to remove this now to keep the PR organized.
There was a problem hiding this comment.
Please leave the comments in, it helps with organization.
|
Added proper JWT authentication to a POST User API endpoint that allows a successful POST only if a valid JWT token is provided. Also, incorporated in the User List View all to ensure only Authenticated entities can see all users info. Deleted the extraneous code Conrad mentioned. |
Esterello2
changed the title
|
Made a final edit after consulting team to take off JWT Authentication method for POST new users, and only kept it for ListView of Users. |
Esterello2
changed the title
|
A quick overview of using Postman to test JWT authentication on the GET User listview API endpoint:
jwt-postman.snip.mp4 |
There was a problem hiding this comment.
I can successfully NOT access /api/users when I don't use JWT authentication.
Yet I can still POST users (as you've said the team has decided to allow)
Then I can successfully view the api/users when GET requesting the endpoint with a proper JWT token, as generated from api/token (and verifiable as a successful token by visiting api/token/verify and POSTing the access token I got from api/token.
There are multiple comments about extraneous code. Please resolve then we can merge your actual functionality!
src/chigame/api/urls.py
Outdated
| # LOBBY API URLS | ||
| path("tournaments/create/", views.TournamentCreateView.as_view(), name="create-tournament"), | ||
| path("tournaments/", views.TournamentListView.as_view(), name="tournament-list"), | ||
| path("register/", views.UserRegistrationView.as_view(), name="user-registration"), |
There was a problem hiding this comment.
What is the point of this register endpoint?
Upon trying to access it it, it doesn't allow get.
You don't mention it in your JWT walkthrough, nor have any code comments explaining this.
Please either remove this URL, or explain and justify why this endpoint should be in this PR!
There was a problem hiding this comment.
The register endpoint is the POST new user endpoint that does not have JWT, should I name it something more clear?
There was a problem hiding this comment.
could also be api/usersregister`
There was a problem hiding this comment.
Seeing that you removed the tournament code from this PR, this is almost good to merge! Please add a code comment and make the register endpoint named more clearly.
Other than that, given the JWT GET users functionality is working as it's supposed to, this will be good to merge!
src/chigame/api/urls.py
Outdated
| # LOBBY API URLS | ||
| path("tournaments/create/", views.TournamentCreateView.as_view(), name="create-tournament"), | ||
| path("tournaments/", views.TournamentListView.as_view(), name="tournament-list"), | ||
| path("register/", views.UserRegistrationView.as_view(), name="user-registration"), |
src/chigame/api/urls.py
Outdated
| # LOBBY API URLS | ||
| path("tournaments/create/", views.TournamentCreateView.as_view(), name="create-tournament"), | ||
| path("tournaments/", views.TournamentListView.as_view(), name="tournament-list"), | ||
| path("register/", views.UserRegistrationView.as_view(), name="user-registration"), |
There was a problem hiding this comment.
could also be api/usersregister`
Modified views.py, urls.py, and serialization.py to establish endpoint for GET User (List View) with JWT authentication. This included adding the simpleJWT module from rest framework, along with JWT token built-in API views to allow the for the generation and refresh of tokens.
A POST User request API endpoint was also created here, which was also originally meant to deal with JWT authentication, however, team decided to make it an open endpoint.