BE-10: User Login System Implementation

[tecnodeveloper]

Description:
Build login system using Flask/FastAPI + MongoDB. User enters email + password → backend checks → password verified → token created → user logged in → test with Postman → done.

---

User Story

Given user already has account
When user logs in
Then system should authenticate and return access token

---

Tasks

---

Backend Setup (Flask / FastAPI)

1. Extend Auth Module

   • Use existing /app/routes/auth.py
   • Update controller + service for login

---

Login API

2. Create Login Route

   • POST /auth/login
   • Accept JSON (email, password)

3. Validate Input

   • Check required fields
   • Validate email format

---

User Verification

4. Find User in MongoDB

   • Query users collection by email
   • If not found → return error

5. Verify Password

   • Compare hashed password using bcrypt
   • If wrong → return error

---

JWT Authentication

6. Install JWT Library

   • Install pyjwt or python-jose

7. Generate Token

   • Create JWT token
   • Include user ID + email
   • Set expiry time

8. Return Token

   • Send token in response
   • Include basic user info

---

Response Handling

9. Success Response

• Return "Login successful"
• Return JWT token

10. Error Handling

• Invalid credentials
• User not found
• Proper status codes

---

**Postman Testing **

11. Setup Postman

• Open Postman
• Create new POST request

12. Test Login API

• URL: http://localhost:8000/auth/login
• Body → JSON:

{
  "email": "test@gmail.com",
  "password": "123456"
}

13. Validate Response

• Check token returned
• Check status code (200)

14. Test Edge Cases

• Wrong password
• Non-existing user
• Empty fields

---

Frontend Setup

15. Create Login Page

• /login page
• Form (email, password)

16. Handle Form State

• Capture inputs
• Basic validation

---

Frontend ↔ Backend

17. Connect Login API

• Call /auth/login
• Send credentials

18. Store Token

• Save JWT (localStorage / cookies)

19. User Feedback

• Show success message
• Show error messages

---

Protected Routes

20. Setup Auth Guard

• Check token before accessing pages
• Redirect if not logged in

---

Run & Validate

21. Run Backend

• Start server
• Fix errors

22. Test Full Flow

• Login from Postman
• Login from UI
• Verify token stored

---

Acceptance Criteria

• Login API works
• Password verification correct
• JWT token generated
• Postman testing completed
• Token stored on frontend
• Protected routes working

---

Testing Steps

1. Run backend
2. Test login in Postman
3. Verify token
4. Test wrong credentials
5. Login from frontend
6. Access protected route

---

Definition of Done

• Login system fully working
• JWT authentication implemented
• Postman tests verified
• Frontend integration complete