Django project needs to have an authantication system, made by these rules:
Classical registration
================
The registration form consists of three fields: email, password, confirm password. So, as the login we use user's email.
If user with given email already exists, then:
- If password fits, we just authorize the user
- If password doesn't fit, show error "User already exists"
If password and password confirmation do not match, show error "Passwords don't match".
The user, who has just registered, we set status is_confirmed=False. Please note: it's not the same as is_active=True. After registration user gets an email with confirm-your-account link. Following that link changes is_confirmed to True.
User profile gets filled with default data: gender = male, picture = null, name = <random>. User can change it later (building profile page is not part of this particular task).
Classical authorization
=================
The sign in form consists of two fields: email and password. The list of something-went-wrong situations is pretty typical:
- User does not exist
- Wrong email or password
- User is banned (in case is_active is set to False)
Forgot your password?
=================
In order to restore the password user must fill the form: email, gender. If we can not find user with given data, we show error "User does not exist". Otherwise we send an email with set-new-password link. Important: before new password is set, the old one is still valid.
Social registration/authorization
=========================
User can get authorized via social services: Facebook, [login to view URL], Google and Odnoklassniki
When user is authorized with his/her social account, is_confirmed field is always set to True and we don't send confirm-your-account email.
After first social-authorization we try to match current user with already existed "classical" user by comparing emails. In case the match is fund, we connect accounts: change gender to what came from social network, set photo (if wasn't set before), change name to what came from social network
Summary
=======
- User profile consists of:
- Email (we use it as login)
- Name
- Photo
- Gender (defaults to "Male")
- Is confirmed
- + usual is_staff and is_active
User model can be found in portal.models.User. Nobody from outside of auth system can see differences between "social" and "classical" users: any user in other parts of project is treated as just user.