A robust Django-based authentication system utilizing JSON Web Tokens (JWT) for secure and scalable user authentication. This system includes JWT-based bearer token authentication, phone number and OTP login, and identity verification integration with the Zibal API.
This project provides a comprehensive authentication solution using JWT tokens. It includes features such as anonymous access tokens, phone number verification via OTP, and user identity verification using the Zibal API.
The core functionality revolves around generating and validating JWT tokens for authenticated and anonymous users, allowing secure access to various APIs within the system.
- JWT-Based Authentication: Secure APIs with JWT tokens, including mechanisms for token refresh and anonymous tokens.
- Anonymous User Access: Allow users to interact with the system as anonymous users with restricted access until they complete the login process.
- Phone Number & OTP Login: Authenticate users through phone number and OTP without requiring a password.
- User Identity Verification: Verify user identity against Zibal API, ensuring phone numbers and national IDs are correctly associated.
- Blocking Mechanism: Implement user blocking by leveraging Redis to manage the state of blocked users effectively.
- Nextcloud Integration: Integration with Nextcloud for document management.
- Python 3.8+
- Django 3.2+
- Django Rest Framework (DRF) 3.12+
- Redis (for managing blocked users)
- RabbitMQ (for asynchronous messaging)
- PostgreSQL (as the primary database)
- Docker & Docker Compose (for containerized deployment)
Follow these steps to set up the project locally:
Clone the repository:
git clone https://github.com/yourusername/JWTBasedAuthentication.git cd JWTBasedAuthenticationCreate and activate a virtual environment:
python -m venv venv source venv/bin/activate # On Windows use `venv\Scripts\activate`Install the dependencies:
pip install -r requirements.txtApply migrations:
python manage.py migrateRun the development server:
python manage.py runserver
For a production setup, use Docker and Docker Compose:
Build and start the Docker containers:
docker-compose up --buildAccess the application: Open your browser and navigate to
http:https://localhost:8000.
Configure the following environment variables in your .env file for the project:
# General settings SECRET_KEY=your_secret_key DEBUG=True# Redis configuration REDIS_HOST=localhost REDIS_PORT=6379
# PostgreSQL configuration DATABASE_HOST=localhost DATABASE_PORT=5432 POSTGRES_DB=your_db_name POSTGRES_USER=your_db_user POSTGRES_PASSWORD=your_db_password
# RabbitMQ configuration RABBITMQ_DEFAULT_USER=your_rabbitmq_user RABBITMQ_DEFAULT_PASS=your_rabbitmq_password RABBITMQ_URL=amqp:https://your_rabbitmq_user:your_rabbitmq_password@localhost:5672/
# Kavenegar API for OTP KAVENEGAR_API_KEY=your_kavenegar_api_key
# Zibal API for identity verification ZIBAL_TOKEN=your_zibal_token
# Nextcloud (Owncloud) configuration OWNCLOUD_VERSION=your_owncloud_version OWNCLOUD_DOMAIN=your_owncloud_domain OWNCLOUD_TRUSTED_DOMAINS=your_trusted_domains ADMIN_USERNAME_NEXT_CLOUD=your_admin_username ADMIN_PASSWORD_NEXT_CLOUD=your_admin_password ADMIN_USERNAME_MARIA_DB=your_mariadb_admin_username ADMIN_PASSWORD_MARIA_DB=your_mariadb_admin_password ROOT_PASSWORD_MARIA_DB=your_mariadb_root_password OWNCLOUD_ADMIN_USERNAME=your_owncloud_admin_username OWNCLOUD_ADMIN_PASSWORD=your_owncloud_admin_password OWNCLOUD_FLAGS_DIRECTORY_PATH=/path/to/owncloud/flags
Adjust any necessary settings in the settings.py file, particularly under JWTBasedAuthentication/settings.py and authentication/settings.py.
Example:
python# settings.pyimport os
SECRET_KEY = os.getenv('SECRET_KEY') DEBUG = os.getenv('DEBUG', 'False') == 'True'
# Database DATABASES = { 'default': { 'ENGINE': 'django.db.backends.postgresql', 'NAME': os.getenv('POSTGRES_DB'), 'USER': os.getenv('POSTGRES_USER'), 'PASSWORD': os.getenv('POSTGRES_PASSWORD'), 'HOST': os.getenv('DATABASE_HOST'), 'PORT': os.getenv('DATABASE_PORT'), } }
# Redis configuration REDIS_HOST = os.getenv('REDIS_HOST', 'localhost') REDIS_PORT = os.getenv('REDIS_PORT', '6379')
# RabbitMQ configuration RABBITMQ_URL = os.getenv('RABBITMQ_URL')
Here's a breakdown of the main endpoints available in this system:
- Anonymous User Token
POST /api/anonymous_user/: Generate a token for anonymous access.
- Phone Number Verification
POST /api/verification_code/: Request an OTP for phone number verification.
- User Login
POST /api/login/: Log in using phone number and OTP to receive a JWT token.
- Token Refresh
POST /api/token/refresh/: Refresh the JWT access token.
- User Profile
GET /api/profile/: Retrieve the authenticated user's profile information.
- Identity Verification
POST /api/verify_user/: Verify user identity using national ID and phone number.
- Anonymous Access: A user first interacts with the system as an anonymous user by obtaining an anonymous token.
- Phone Number Verification: The user requests an OTP to be sent to their phone number.
- Login: The user logs in using their phone number and OTP, receiving a JWT access token.
- Authenticated Access: The JWT access token is used to access authenticated endpoints.
- Token Refresh: The JWT token can be refreshed when needed.
The identity verification process involves validating the user's national ID and phone number against the Zibal API. Once the user is verified, their profile is updated with additional data such as birth date, full name, and alive status.
The project includes comprehensive unit and integration tests. To run the tests, use the following command:
python manage.py test
Tests are organized under:
authentication/v1/unit_tests/authentication/v1/integration_tests/
Contributions are welcome! Please follow these guidelines:
- Fork the repository and create your branch from
main. - Commit your changes: Ensure your changes include tests if applicable.
- Push to your branch and submit a pull request.
Please make sure to update tests as appropriate and adhere to the project's coding standards.