Single-use login links generation #57
Description
TO-DO:
- Create a new database table called "login_tokens":
- ID,
- token_hash,
- user_id,
- used (boolean),
- expiry (48 hours?).
- Create an endpoint at POST
/user/{user_id}/login_linkcreating a login token in the database and returning a link ready to be used with an/auth/login/{token}endpoint (see below). - Create an
/auth/login/{token}endpoint allowing for authentication using single-use tokens generated with/user/{user_id}/login_link:- The token must not be used, nor expired,
- Upon successful authentication:
- The token is marked as used,
- A new session is created,
- A session cookie is created,
- An auth token is returned.
Testing
- Use the endpoints to generate a link and log in using it. Use some other endpoint to ensure successful login.
- Try logging out from a session created using a single-use link.
- Ensure using the same link twice has no effect (the server should return 403).