Skip to content

Example

Pull Request [Example]

Pull Request Title:
(feature) Implement Authentication Mechanism

Type Trello Ticket Issue ID Time Expected/Taken
Feature Link to Jira ticket #1234 5/8 hours

Description

This PR implements the user authentication mechanism, which includes the registration, login, and password reset functionalities. The authentication uses JWT for secure token-based sessions, which aligns with our project’s security standards.

Changes

The following changes were made in this PR: - Added POST /api/auth/register endpoint for user registration. - Implemented POST /api/auth/login endpoint for user login, with JWT-based authentication. - Created POST /api/auth/password-reset endpoint for password reset functionality with email verification. - Added input validations for all authentication fields.

Screenshots

Registration API Response
Login API Success

Checklist:

  • My code follows the style guidelines of this project.
  • I have performed a self-review of my own code, locally and on GitHub.
  • I have commented and simplified my code, particularly in hard-to-understand areas.
  • I have made corresponding changes to the documentation.
  • My changes generate no new warnings.
  • I have added tests that prove my feature works.
  • Added new endpoints to the Postman collection.
  • Added changelog.
  • Ran perfomramnce testing review.

Tests

Name What is it testing
test_register_user Tests user registration with valid inputs
test_login_user Validates login functionality and JWT generation
test_password_reset Ensures password reset functionality works with email verification

Here’s a detailed, step-by-step guide on how to test the authentication feature end-to-end, including payloads and expected responses.

How to Use This Feature

User Registration

  1. Send a POST request to /api/auth/register with the following JSON payload:
   {
     "username": "testuser",
     "email": "testuser@example.com",
     "password": "SecurePass123!"
   }
  1. Confirm that the response includes the id, username, email, and token fields.
  2. Ensure the user can be viewed in the system with the provided details.
  3. Select changes from the db

User Login

  1. Send a POST request to /api/auth/login with the following JSON payload:
{
  "email": "testuser@example.com",
  "password": "SecurePass123!"
}
  1. Confirm the response includes a valid token which can be used for authenticated requests.
  2. Verify the message field to ensure the login is successful.
  3. Test token by using it in the Authorization header for a protected endpoint

Password Reset

  1. Send a POST request to /api/auth/password-reset with the following JSON payload:
{
  "email": "testuser@example.com"
}

  1. Check the inbox of testuser@example.com for the password reset email. This email should contain a link or token required for resetting the password.

  2. Click on the link or send a POST request to /api/auth/password-reset-confirm (if applicable) with the reset token and new password.

For example:

{
  "token": "password_reset_token",
  "new_password": "NewSecurePass123!"
}
  1. Confirm receipt of the password reset email.
  2. Verify that the new password can be used to log in with the /api/auth/login endpoint.
  3. Ensure that the old password no longer works for logging in, verifying the password reset was successful.