I proceeded with Phase 1 step 1 (phone-first auth + OTP hardening) and updated the plan context. Here’s the current state and the next steps.
What I implemented Phone-first auth endpoints with OTP → JWT issuance. views.py urls.py Phone normalization (KSA-focused, E.164 or Saudi mobile) and validation. phone.py serializers.py OTP protections: rate limit, resend cooldown, attempt counting. otp.py models.py Email is now optional to allow phone-only users. models.py 0002_phone_auth_fields.py Admin OTP visibility improved. admin.py Risks updated. risks.md
This commit is contained in:
@@ -26,6 +26,8 @@ After migrations, you can seed demo data:
|
||||
- `GET/PATCH /api/auth/me/`
|
||||
- `POST /api/auth/otp/request/`
|
||||
- `POST /api/auth/otp/verify/`
|
||||
- `POST /api/auth/phone/request/`
|
||||
- `POST /api/auth/phone/verify/`
|
||||
- `POST /api/auth/social/<provider>/` (placeholder)
|
||||
- `GET /api/salons/`
|
||||
- `GET /api/salons/<id>/`
|
||||
|
||||
Reference in New Issue
Block a user