1062401 - [buddyup] Add API authentication

Status: RESOLVED FIXED

(support.mozilla.org :: General, defect, P2)

Description

[Michael Cooper [:mythmon]]

The initial API authentication will be a simple token based authentication. There will be an API end point that a user can pass a username and password to. If the username and password match an existing SUMO user the API will return a token, along with some metadata.

Tokens will be stored in the database, and will have an expiration time. For now this expiration will be 30 days.

Future requests to the API can include this token in the Authorization HTTP header. If the token matches one on record, that user will be considered logged in for only that request. Every request will have to include the authorization token.

Expired tokens should be removed by a cronjob.

This bug covers making the API endpoint to generate tokens, creating the authorization method to log in a user with a token, the cronjob to remove expired tokens, and tests for the above.

Comment 1

[Michael Cooper [:mythmon]]

It turns out DRF did a lot of this already. Lowering this to 1pt considering how much time I spent on it.

PR: https://github.com/mozilla/kitsune/pull/2099

Comment 2

[Ricky Rosario [:rrosario, :r1cky]]

As discussed already with Kadir and Mike, these are moving to next sprint.

Comment 3

[Michael Cooper [:mythmon]]

Landed on master in: https://github.com/mozilla/kitsune/commit/26d305416afef3b7726ec5f361ae4e38f789ca14

This doesn't really have an affect on production yet, so I'm going to mark this as RESO/FIXED now without pushing.