ConnectX supports the following user roles:

• Admin - System administrators with full access
• Owner - Tenant owners who can manage their tenant's resources
• Member - Tenant members with limited access
• Customer - Regular users with basic access (default role)

The User model contains the following fields:

{
  "id": "UUID",
  "tenant": "UUID (optional)",
  "name": "string",
  "email": "string (unique)",
  "role": "string (admin|owner|member|customer)",
  "bio": "string (optional)",
  "phone_number": "string (optional)",
  "is_verified": "boolean",
  "avatar_url": "string (optional)",
  "is_active": "boolean",
  "is_staff": "boolean",
  "created_at": "datetime",
  "updated_at": "datetime"
}

Registration

1. User submits registration form with name, email, and password
2. System creates new user with default role "customer"
3. Verification email is sent to user's email address
4. User must verify email before being able to login

Login

1. User submits email and password
2. System verifies credentials and email verification status
3. If verified, system returns JWT tokens (access and refresh) and user data
4. If not verified, system returns error asking to verify email

Token Management

1. Access token is used for API requests (short-lived)
2. Refresh token is used to get new access token (long-lived)
3. Tokens are stored securely in the client

• POST /auth/login/ - User login
• POST /auth/refresh/ - Refresh access token
• POST /auth/verify-email/ - Verify email address
• POST /auth/resend-verification/ - Resend verification email
• POST /auth/password-reset-request/ - Request password reset
• POST /auth/password-reset/ - Reset password
• POST /auth/change-password/ - Change password

• All passwords are hashed using PBKDF2 with SHA256
• JWT tokens are signed using a secure secret key
• Access tokens have a short expiration time
• Refresh tokens are long-lived but can be revoked
• Email verification is required for all new accounts
• Password reset requires email verification