Dealing with Devices

[jensneuhaus]

☝️What is it? Why do we need it?

Security best practice now should be to take care of his lately used devices. We must make sure, a User does always know, what devices have been logged in lately - this is why the list would show logged in but also lately logged in (and now logged out) devices.

How it should work:

• One would get an email for each login on a new device (Template comes)
• One can see the list of devices
• One can delete an device - then the user would get the email again if this device logs in again

💭 Implementation details

• one can get a list of his lately used & logged in devices per API GET /users/me/devices
  • Date & Time
  • IP
  • Browser
  • Operating System
• one can delete an Device - DELETE /users/me/devices/<uuid> (it is removed from list and logged out)
• one can delete all Devices - DELETE /users/me/devices/ (all are removed from list and logged out)
• it should be possible to get an email for a login, if LOGIN_ON_NEW_DEVICE_EMAIL ENV is set to True.

📋 Todos

• [ ] API /users/me/devices
• [ ] Deleting one or all devices using DELETE
• [ ] Sending an email, if ENV is set
• [ ] Good documentation so that it can easily be used by a frontend

[jensneuhaus]

It would also be nice, if the code would be in its own folder structure and work pretty independent, maybe we could at one point add it as external django-rest-devices package or so.