-
Updated API Response Format (
accounts/views.py)- All endpoints now return standardized responses with
success,data,message, anderrorfields - Login endpoint now accepts
emailinstead ofusername - User authentication now looks up users by email
- All endpoints now return standardized responses with
-
Updated Serializers (
accounts/serializers.py)- Register serializer now accepts
confirmPassword(camelCase) matching frontend - Username is auto-generated from email (e.g.,
user@example.com→user) - Added email uniqueness validation
- Register serializer now accepts
-
CORS & CSRF Configuration (
api/settings.py)- Enabled
CORS_ALLOW_CREDENTIALSfor session cookies - Added CSRF trusted origins for localhost:3000
- Configured session and CSRF cookie settings for cross-origin requests
- Enabled
-
Added CSRF Endpoint (
accounts/views.py,accounts/auth_urls.py)- New endpoint:
GET /api/auth/csrf/to initialize CSRF token
- New endpoint:
-
Updated API Service (
web/src/services/api.ts)- Removed Bearer token authentication (now uses session authentication)
- Added CSRF token handling from cookies
- Automatically initializes CSRF token before first POST request
- Configured
withCredentials: truefor session cookies
-
Updated Auth Service (
web/src/services/auth.service.ts)- Removed token-based authentication
- Uses session authentication with cookies
- Stores user info in localStorage (not token)
-
Updated Login & Register Components
- Uncommented real API calls
- Removed temporary mock navigation
- Added proper error handling
# Navigate to the project root
cd C:\Users\Brandon\Coding\CardSense
# Activate virtual environment (if you have one)
# venv\Scripts\activate
# Run migrations (if not done already)
python manage.py migrate
# Start the Django server
python manage.py runserverThe backend should be running at http://127.0.0.1:8000/
# Open a new terminal
cd C:\Users\Brandon\Coding\CardSense\web
# Install dependencies (if not done already)
npm install
# Start the React development server
npm startThe frontend should be running at http://localhost:3000/
- Navigate to
http://localhost:3000/register - Fill in the registration form:
- First Name: Your first name
- Last Name: Your last name
- Email: test@example.com
- Password: password123 (at least 8 characters)
- Confirm Password: password123
- Click "Create Account"
- You should be redirected to the dashboard
- Navigate to
http://localhost:3000/login - Use the credentials you just registered:
- Email: test@example.com
- Password: password123
- Click "Sign In"
- You should be redirected to the dashboard
GET /api/auth/csrf/- Get CSRF tokenPOST /api/auth/register/- Register new userPOST /api/auth/login/- Login userPOST /api/auth/logout/- Logout userGET /api/auth/me/- Get current user infoPATCH /api/auth/profile/- Update user profilePOST /api/auth/password/reset/- Request password resetPOST /api/auth/password/reset/confirm/- Confirm password reset
- Make sure both servers are running
- Check browser console for any CORS errors
- Try clearing cookies and refreshing the page
- Ensure backend is running on
http://127.0.0.1:8000 - Ensure frontend is running on
http://localhost:3000 - Check Django settings for CORS configuration
- Sessions are stored in cookies
- Make sure cookies are enabled in your browser
- Check that
withCredentials: trueis set in axios requests
- Check browser DevTools → Application → Cookies
- You should see
sessionidandcsrftokencookies - If cookies are missing, check CORS configuration
- First Request: Frontend calls
/api/auth/csrf/to get CSRF token - Registration/Login: Frontend sends credentials to backend
- Backend: Creates session and sends
sessionidcookie - Subsequent Requests: Frontend includes:
sessionidcookie (automatic viawithCredentials)X-CSRFTokenheader (extracted fromcsrftokencookie)
Once authentication is working, you can:
- Test other API endpoints (transactions, budgets, cards, optimizer)
- Implement the dashboard with real data
- Add protected routes
- Add user profile management
- Implement password reset flow