Skip to content

feat: modernize JWT auth (SimpleJWT) + fix CI + docs #209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
kamrankhan78694 wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat: modernize JWT auth (SimpleJWT) + fix CI + docs #209

kamrankhan78694 wants to merge 5 commits into from

Conversation

@kamrankhan78694
Copy link

@kamrankhan78694 kamrankhan78694 commented Dec 23, 2025
edited
Loading

Summary

  • Modernize auth: SimpleJWT + dj-rest-auth (replace drf-jwt + django-rest-auth).
  • Keep legacy: POST /api-token-auth/ returns token field; add SimpleJWT endpoints /api/token/ and /api/token/refresh/.
  • Update endpoints and headers: allow Authorization: Bearer and legacy Authorization: JWT .
  • Fix CI linter and docs; verify tests and docs build locally.

Changes

  • Dependencies: add djangorestframework-simplejwt==5.3.1 and dj-rest-auth[with_social]==2.2.8; remove drf-jwt and django-rest-auth.
  • Settings/URLs: configure SIMPLE_JWT AUTH_HEADER_TYPES=("Bearer", "JWT"); add /api/token/, /api/token/refresh/, and legacy /api-token-auth/; switch rest-auth routes to dj-rest-auth.
  • API: use rest_framework_simplejwt.authentication.JWTAuthentication in views; clean serializers and imports.
  • Lint/CI: bump flake8 hook to 7.1.1; add per-file-ignores for config/settings in setup.cfg; fix unused imports, bare except, None comparisons, and E402 across apps; pre-commit passes (black, isort, flake8).
  • Docs: README.md/README.rst and mdBook updated to "docker compose" (v2) and current JWT auth; fix docs build and HTML tag warnings; mdBook build clean.

Verification

  • Linter: pre-commit over all files passes (black, isort, flake8).
  • Tests: docker compose pytest passes (18 passed).
  • Docs: mdBook build succeeds (no warnings).

Backwards Compatibility

  • Legacy login endpoint maintained: POST /api-token-auth/ returns {token, access, refresh}.
  • Clients may use Authorization: Bearer (recommended) or Authorization: JWT (legacy).

How to Test

# Obtain tokens
curl -s -X POST http://localhost:8000/api/token/ \
  -H 'Content-Type: application/json' \
  -d '{"username":"<user>","password":"<pass>"}'

# Refresh token
curl -s -X POST http://localhost:8000/api/token/refresh/ \
  -H 'Content-Type: application/json' \
  -d '{"refresh":"<refresh>"}'

# Legacy token obtain
curl -s -X POST http://localhost:8000/api-token-auth/ \
  -H 'Content-Type: application/json' \
  -d '{"username":"<user>","password":"<pass>"}'

@kamrankhan78694
feat(api): modernize JWT auth
5693818 
- Replace drf-jwt + django-rest-auth with SimpleJWT + dj-rest-auth

- Add /api/token/ and /api/token/refresh/; keep /api-token-auth/ legacy alias

- Update API auth decorators and add smoke tests

Tests: docker compose -f local.yml run --rm django pytest -q codershq/api/tests.py
Copilot AI review requested due to automatic review settings December 23, 2025 10:02
Copilot AI reviewed Dec 23, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR modernizes the API authentication stack by replacing the deprecated drf-jwt and django-rest-auth packages with their modern equivalents: SimpleJWT and dj-rest-auth. The changes maintain backwards compatibility through a legacy endpoint while introducing new SimpleJWT-based authentication endpoints.

  • Replace deprecated JWT authentication packages with SimpleJWT and dj-rest-auth (pinned for django-allauth 0.47.0 compatibility)
  • Add modern JWT endpoints (/api/token/ and /api/token/refresh/) while maintaining backwards-compatible /api-token-auth/ endpoint
  • Update API views to use JWTAuthentication class from SimpleJWT
  • Add smoke tests for token authentication and legacy endpoint compatibility

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
requirements/base.txt Updates JWT and REST auth dependencies; also includes hiredis version upgrade (appears unrelated to JWT changes)
config/urls.py Replaces old JWT imports with SimpleJWT views; adds new token endpoints and legacy compatibility view
config/settings/base.py Updates installed apps to use dj-rest-auth; configures SimpleJWT with Bearer/JWT auth header support
codershq/api/views.py Replaces JSONWebTokenAuthentication with JWTAuthentication in view decorators; updates route list
codershq/api/auth_views.py New file implementing backwards-compatible legacy token endpoint that returns both old and new token formats
codershq/api/tests.py New test file with authentication smoke tests covering token obtain, permissions, and legacy endpoint
README.md Adds comprehensive JWT authentication documentation with usage examples

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kamrankhan78694 kamrankhan78694 changed the title feat(api): modernize JWT auth (SimpleJWT) feat: modernize JWT auth (SimpleJWT) + fix CI + docs Dec 23, 2025
@kamrankhan78694
feat: modernize JWT auth + fix CI linter + update docs
edfb4bd 
- Replace drf-jwt + django-rest-auth with SimpleJWT + dj-rest-auth
- Add /api/token/, /api/token/refresh/ endpoints; keep legacy /api-token-auth/
- Fix CI: bump flake8, add per-file-ignores, resolve lint violations
- Update docs: docker compose v2, JWT auth section, clean mdBook build
@kamrankhan78694
Copy link
Author

kamrankhan78694 commented Dec 23, 2025

can we proceed @alchatti @vatsalyagoel @Musab0 @naisofly ?

Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 40 out of 60 changed files in this pull request and generated 4 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

requirements/base.txt
Comment on lines +29 to +30
djangorestframework-simplejwt==5.3.1 # https://pypi.org/project/djangorestframework-simplejwt/
dj-rest-auth[with_social]==2.2.8 # https://pypi.org/project/dj-rest-auth/
Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version djangorestframework-simplejwt==5.3.1 was released in September 2023. As of the current date (January 2026), this version is over 2 years old. Consider upgrading to a more recent version to benefit from bug fixes, security patches, and new features. Check the changelog at https://github.com/jazzband/djangorestframework-simplejwt/releases for any important updates.

Copilot uses AI. Check for mistakes.
requirements/base.txt
django-cors-headers==3.13.0 # https://pypi.org/project/django-cors-headers/
django-rest-auth[with_social]==0.9.5 # https://pypi.org/project/django-rest-auth/
djangorestframework-simplejwt==5.3.1 # https://pypi.org/project/djangorestframework-simplejwt/
dj-rest-auth[with_social]==2.2.8 # https://pypi.org/project/dj-rest-auth/
Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version dj-rest-auth==2.2.8 was released in early 2023. Consider checking for a more recent version to ensure you have the latest bug fixes and security updates. The package is actively maintained, and newer versions may be available.

Copilot uses AI. Check for mistakes.
.pre-commit-config.yaml
Comment on lines 24 to 28
- repo: https://github.com/PyCQA/flake8
rev: 4.0.1
rev: 7.1.1
hooks:
- id: flake8
args: ["--config=setup.cfg"]
Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The flake8 version has been upgraded from 4.0.1 to 7.1.1, which is a major version jump (3 major versions). This is a significant upgrade that may introduce new linting rules or behavior changes. Ensure that all team members are aware of this upgrade and that any new linting errors are addressed. Consider documenting this change in the PR description or migration notes.

Copilot uses AI. Check for mistakes.
Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kamrankhan78694