feat: Create a user app for registration and authentication.

- Implement proper separation of 400/401/409 status codes for registration errors
- Implement proper separation of 400/401 status codes for authentication errors
- Add some tests for registration and authentication

Author: RandomProgramm3r

.flake8

@@ -1,6 +1,6 @@
 [flake8]
 max-line-length = 79
-application_import_names = promo_code
+application_import_names = promo_code, user
 import-order-style = google
 exclude = */migrations/, venv/, verdict.py, .venv/,  env/, venv, .git, __pycache__
 max-complexity = 10

.github/workflows/test.yaml

@@ -0,0 +1,79 @@
+name: Run tests
+
+on: deployment
+
+permissions:
+  contents: read
+  packages: write
+  attestations: write
+  id-token: write
+
+
+jobs:
+  build:
+    name: Build image
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    if: github.action != 'github-classroom[bot]'
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Save image name (lowercased)
+        run: echo "IMAGE_NAME=$(echo 'ghcr.io/${{ github.repository }}:run-${{ github.run_id }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      - name: Build and push image
+        uses: docker/build-push-action@v4
+        with:
+          context: ./solution
+          file: ./solution/Dockerfile
+          tags: ${{ env.IMAGE_NAME }}
+          push: true
+
+  tests:
+    needs: build
+    name: Run tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    if: github.action != 'github-classroom[bot]'
+    steps:
+      - name: Setup checker environment
+        uses: Central-University-IT/setup-test-2025-backend@v1
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Run tests
+        run: |
+          export IMAGE_SOLUTION=$(echo 'ghcr.io/${{ github.repository }}:run-${{ github.run_id }}' | tr '[:upper:]' '[:lower:]')
+          export IMAGE_ANTIFRAUD=docker.io/lodthe/prod-backend-antifraud
+          /usr/local/bin/checker
+        continue-on-error: true
+
+      - uses: actions/upload-artifact@v4.0.0
+        with:
+          name: result
+          path: ./result.json
+          if-no-files-found: error
+          compression-level: 0
+
+      - uses: bots-house/ghcr-delete-image-action@v1.1.0
+        continue-on-error: true
+        with:
+          owner: ${{ github.repository_owner }}
+          name: ${{ github.event.repository.name }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag: run-${{ github.run_id }}

.isort.cfg

@@ -1,7 +1,7 @@
 [settings]
 profile = black
 skip = migrations, venv/, venv
-known_first_party = promo_code
+known_first_party = promo_code, user
 default_section = THIRDPARTY
 force_sort_within_sections = true
 line_length = 79

promo_code/promo_code/settings.py

@@ -1,3 +1,4 @@
+import datetime
 import os
 import pathlib
 
@@ -26,19 +27,70 @@ def load_bool(name, default):
 
 DEBUG = load_bool('DJANGO_DEBUG', False)
 
-ALLOWED_HOSTS = []
-
+ALLOWED_HOSTS = ['*']
 
 INSTALLED_APPS = [
-    'core.apps.CoreConfig',
     'django.contrib.admin',
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.messages',
     'django.contrib.staticfiles',
+    #
+    'rest_framework',
+    'rest_framework_simplejwt',
+    'rest_framework_simplejwt.token_blacklist',
+    #
+    'core.apps.CoreConfig',
+    'user.apps.UserConfig',
 ]
 
+AUTH_USER_MODEL = 'user.User'
+
+REST_FRAMEWORK = {
+    'DEFAULT_RENDERER_CLASSES': ('rest_framework.renderers.JSONRenderer',),
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'user.authentication.CustomJWTAuthentication',
+    ],
+}
+
+SIMPLE_JWT = {
+    'ACCESS_TOKEN_LIFETIME': datetime.timedelta(hours=1),
+    'REFRESH_TOKEN_LIFETIME': datetime.timedelta(days=1),
+    'ROTATE_REFRESH_TOKENS': True,
+    'BLACKLIST_AFTER_ROTATION': True,
+    'UPDATE_LAST_LOGIN': False,
+    #
+    'ALGORITHM': 'HS256',
+    'SIGNING_KEY': SECRET_KEY,
+    'VERIFYING_KEY': None,
+    'AUDIENCE': None,
+    'ISSUER': None,
+    'JSON_ENCODER': None,
+    'JWK_URL': None,
+    'LEEWAY': 0,
+    #
+    'AUTH_HEADER_TYPES': ('Bearer',),
+    'AUTH_HEADER_NAME': 'HTTP_AUTHORIZATION',
+    'USER_ID_FIELD': 'id',
+    'USER_ID_CLAIM': 'user_id',
+    'USER_AUTHENTICATION_RULE': (
+        'rest_framework_simplejwt.authentication'
+        '.default_user_authentication_rule',
+    ),
+    #
+    'TOKEN_TYPE_CLAIM': 'token_type',
+    'TOKEN_USER_CLASS': 'rest_framework_simplejwt.models.TokenUser',
+    #
+    'JTI_CLAIM': 'jti',
+    #
+    'SLIDING_TOKEN_REFRESH_EXP_CLAIM': 'refresh_exp',
+    'SLIDING_TOKEN_LIFETIME': datetime.timedelta(minutes=5),
+    'SLIDING_TOKEN_REFRESH_LIFETIME': datetime.timedelta(days=1),
+    #
+    'ACCESS_TOKEN_CLASS': 'user.tokens.CustomAccessToken',
+}
+
 MIDDLEWARE = [
     'django.middleware.security.SecurityMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',

promo_code/promo_code/urls.py

@@ -3,5 +3,6 @@
 
 urlpatterns = [
     django.urls.path('api/ping/', django.urls.include('core.urls')),
+    django.urls.path('api/user/', django.urls.include('user.urls')),
     django.urls.path('admin/', django.contrib.admin.site.urls),
 ]

promo_code/user/__init__.py

@@ -0,0 +1,6 @@
+import django.apps
+
+
+class UserConfig(django.apps.AppConfig):
+    default_auto_field = 'django.db.models.BigAutoField'
+    name = 'user'

promo_code/user/apps.py

@@ -0,0 +1,20 @@
+import datetime
+
+import rest_framework.exceptions
+import rest_framework_simplejwt.authentication
+
+
+class CustomJWTAuthentication(
+    rest_framework_simplejwt.authentication.JWTAuthentication,
+):
+    def get_user(self, validated_token):
+        user = super().get_user(validated_token)
+        last_login_str = validated_token.get('last_login')
+        if last_login_str:
+            last_login = datetime.datetime.fromisoformat(last_login_str)
+            if user.last_login and user.last_login > last_login:
+                raise rest_framework.exceptions.AuthenticationFailed(
+                    'Token has been invalidated',
+                )
+
+        return user

promo_code/user/authentication.py

@@ -0,0 +1,77 @@
+# Generated by Django 5.2b1 on 2025-02-28 17:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='User',
+            fields=[
+                (
+                    'id',
+                    models.BigAutoField(
+                        auto_created=True,
+                        primary_key=True,
+                        serialize=False,
+                        verbose_name='ID',
+                    ),
+                ),
+                (
+                    'password',
+                    models.CharField(max_length=128, verbose_name='password'),
+                ),
+                (
+                    'is_superuser',
+                    models.BooleanField(
+                        default=False,
+                        help_text='Designates that this user has all permissions without explicitly assigning them.',
+                        verbose_name='superuser status',
+                    ),
+                ),
+                ('email', models.EmailField(max_length=120, unique=True)),
+                ('name', models.CharField(max_length=100)),
+                ('surname', models.CharField(max_length=120)),
+                (
+                    'avatar_url',
+                    models.URLField(blank=True, max_length=350, null=True),
+                ),
+                ('other', models.JSONField(default=dict)),
+                ('is_active', models.BooleanField(default=True)),
+                ('is_staff', models.BooleanField(default=False)),
+                ('last_login', models.DateTimeField(blank=True, null=True)),
+                (
+                    'groups',
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.',
+                        related_name='user_set',
+                        related_query_name='user',
+                        to='auth.group',
+                        verbose_name='groups',
+                    ),
+                ),
+                (
+                    'user_permissions',
+                    models.ManyToManyField(
+                        blank=True,
+                        help_text='Specific permissions for this user.',
+                        related_name='user_set',
+                        related_query_name='user',
+                        to='auth.permission',
+                        verbose_name='user permissions',
+                    ),
+                ),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+    ]