My take on the TLM Ninja Coding Challenge 🐱👤
This project contains a reusable Django application that logs authentication events to database. It also provides a fully working project that demonstrates the use of the module.
- Install the package:
pip install git+https://github.com/francislr/coding-challenge-login-api - Add the application to
settings.py:INSTALLED_APPS = [ ... 'therewasanattempt.apps.security_auth_attempt.SecurityAuthAttemptConfig', ] - Run migrations:
python manage.py migrate
- Create and activate a Python Virtual Environment
- Install dependencies from
requirements.txt
pip install -r requirements.txt - Copy
therewasanattempt/settings.py.disttotherewasanattempt/settings.py - Edit
therewasanattempt/settings.py- By default, the
SECRET_KEYsetting is taken from theAPP_SECRETenvironment variable
- By default, the
- Run the usual Django setup commands:
python manage.py migratepython manage.py createsuperuser
- Install frontend dependencies by typing
yarnornpm install - Build the frontend:
yarn buildornpm run build
- therewasanattempt/
- Django project directory
- static/
- Frontend Assets
- deployment/
- Scripts for deployment with Docker
The project exposes an API endpoint which can be used to retrieve the 30 most recent authentication events.
For accessing the API, you must get an AccessToken.
URL
/api/login
Method
POST
Request Body
{
"username": "{username}",
"password": "{password}"
}
{
"token": "{accessToken}"
}
{
"non_field_errors": "Unable to log in with provided credentials."
}
Return the last 30 authentication events. You must supply a valid AccessToken
URL
/api/attempt-event
Method
GET
Request Header
Authorization: Token {AccessToken}
[
{
"time_created": "1970-01-01T00:00:00.215339Z",
"username": "ninja",
"ip_address": "1.1.1.1",
"user_agent": "Mozilla/5.0 (...",
"result": "SUCC"
},
...
]
{
"detail": "Authentication credentials were not provided."."
}
Your mission: Create and deploy a django application exposing a REST API that will provide details on login attempts.
Example details would be IP Address, Region, success and failure attempts count, anything else you think that sounds interesting.
- Expose a REST API
- Have a way to authenticate with the API
- Write unit tests to validate API behaviour
- Have a frontend app, page or django view to login and consume the API
- List login attempts with details
- Deployed applicaton must be used on a secure connection (https)
- Code must be open source
- There must be a license for the code (of your choice)
- You must use
git(you can fork this repo or create a new one) - Commit messages should follow the seven rules of a great Git commit message
- Your project should follow 12 factor principles
- Link to git repository
- Url to live application
- Credentials so we can try your application
- Try to design and implement your solution as you would do for real production code. Show us how you create clean, maintainable code that does awesome stuff. Build something that we'd be happy to contribute to. This is not a programming contest where dirty hacks win the game.
- Feel free to add more features!
- Documentation and maintainability is a plus.
- Don't you forget those unit tests.
- We don’t want to know if you can do exactly as asked (or everybody would have the same result). We want to know what you bring to the table when working on a project, what is your secret sauce. More features? Best solution? Thinking outside the box?
- Make sure you apply security good practices. Ninjas hide their secrets because pirates will find them.