Challenge Overview
Mythril is a security analysis tool for Ethereum smart contracts. Mythril API (source code provided in the challenge forum) exposes this functionality as a network service. In this challenge you will add authentication functionality to the API.
Challenge Scope
- Add POST /auth/user endpoint.
Input: first and last names, email address, a boolean flag specifying whether user want to subscribe for news mailing list, a string uuid of the terms of service the user agreed to.
Validation: check that first and last names are provided, email is provided, correct, and unique, terms ID has a known value.
Error: in case of validation failure, or any other problem, reply with the correct error status and message.
Success:
- Create new user record in the database. User object should have an unique UUID (don't use email as UUID);
- Generate a new API key for that user, store it with user object to the DB, and return in the API response.
- Add GET /auth/user/check endpoint.
This will get email address as input, and report whether this address is correct and unique.
- Protect existing API endpoints with API key check.
- Update tests.
- Update Postman collection and environment.