Add session creation and return mechanism to API

Description

Following on from decision about session/authentication management process, this task is to implement that session process in the API, and ensure that the necessary information for the frontend to continue with an authenticated session is returned with the verification success message when user data is submitted.

Further details

The exact details of the implementation of this code is to be decided in the blocking issue.

This task should introduce (or re-use) a test endpoint that requires the accessing user to be authenticated via the decided method. E.g.: /crsid/current should return a json with {"crsid": <the crsid>}, with the CRSId being linked to that session. I.e. The session/token is associated with a user information object.

Task list

• Implement the authentication mechanism as decided
• Implement the "secret" endpoint for a crsid

Acceptance criteria

• Default Django authentication is turned off
• Default is to prevent requests (i.e. opt-in for unauthenticated pages).
• Django admin pages are turned off.
• Turn off social-auth (if present).
• Double check all settings in settings folder, especially middleware.
• Minimal, simple code that is separate from other application logic.
  • Separate Django "app" for this code and this code only.
• Server-side session expiry is 5 minutes of no use and/or per-token global expiry of 15 minutes.
• Ensure re-authentication possible with credentials.
• Agreed-upon session management functionality is present in the API.
• Test "secret" endpoint requires this authentication to access.
• All teamIdentity members have to review & approve this MR.

Links/references

• https://miro.com/app/board/uXjVLXHMJF4=/