The user account management needs refactoring

Description / Overview

The current user model is partly broken. We need a general discussion about how to do authentication and how much effort should be spent on it. The current changes in the refactor branch are not satisfying (a lot of code that needs to be maintained for almost no additional use). Currently we use a combination of Option 2 and 3 of [1].

Simply using the abstract user might be the sanest approach.

Links / references

• [1] Possible optinons
• [2] Django docs

Feature checklist

• Adding information to a User is simple.
• Changing user information in the admin interface works as expected. See #40 (closed).
• The user object of HTTP requests in views can be easily distinguished. E.g. model contains info about group and associated pages.
• Django auth groups are not used.

added Backend Blocking Doing Migration labels

changed the description

added Needs assignment and removed Doing labels

For the general tutor/reviewer work-flow JWT #41 (closed) seems like good fit. Implementation is easy and security is high (already implemented in a5f6d70d ). It is however in it's uncustomized state not viable for the proposed system in #31 (closed) .

mentioned in issue #47 (closed)

added Doing and removed Needs assignment labels

assigned to @j.michal

added review and removed Doing labels

marked the checklist item Changing user information in the admin interface works as expected. See #40 (closed). as completed

marked the checklist item Adding information to a User is simple. as completed

changed the description

marked the checklist item Django auth groups are not used. as completed

The remaining checkbox becomes a new issues since this is not blocking.

closed

mentioned in issue #49 (closed)

mentioned in commit e9de903c

mentioned in commit ce91bfda