feat: modernize JWT auth (SimpleJWT) + fix CI + docs

[kamrankhan78694]

Summary

• Modernize auth: SimpleJWT + dj-rest-auth (replace drf-jwt + django-rest-auth).
• Keep legacy: POST /api-token-auth/ returns token field; add SimpleJWT endpoints /api/token/ and /api/token/refresh/.
• Update endpoints and headers: allow Authorization: Bearer and legacy Authorization: JWT .
• Fix CI linter and docs; verify tests and docs build locally.

Changes

• Dependencies: add djangorestframework-simplejwt==5.3.1 and dj-rest-auth[with_social]==2.2.8; remove drf-jwt and django-rest-auth.
• Settings/URLs: configure SIMPLE_JWT AUTH_HEADER_TYPES=("Bearer", "JWT"); add /api/token/, /api/token/refresh/, and legacy /api-token-auth/; switch rest-auth routes to dj-rest-auth.
• API: use rest_framework_simplejwt.authentication.JWTAuthentication in views; clean serializers and imports.
• Lint/CI: bump flake8 hook to 7.1.1; add per-file-ignores for config/settings in setup.cfg; fix unused imports, bare except, None comparisons, and E402 across apps; pre-commit passes (black, isort, flake8).
• Docs: README.md/README.rst and mdBook updated to "docker compose" (v2) and current JWT auth; fix docs build and HTML tag warnings; mdBook build clean.

Verification

• Linter: pre-commit over all files passes (black, isort, flake8).
• Tests: docker compose pytest passes (18 passed).
• Docs: mdBook build succeeds (no warnings).

Backwards Compatibility

• Legacy login endpoint maintained: POST /api-token-auth/ returns {token, access, refresh}.
• Clients may use Authorization: Bearer (recommended) or Authorization: JWT (legacy).

How to Test

# Obtain tokens
curl -s -X POST http://localhost:8000/api/token/ \
  -H 'Content-Type: application/json' \
  -d '{"username":"<user>","password":"<pass>"}'

# Refresh token
curl -s -X POST http://localhost:8000/api/token/refresh/ \
  -H 'Content-Type: application/json' \
  -d '{"refresh":"<refresh>"}'

# Legacy token obtain
curl -s -X POST http://localhost:8000/api-token-auth/ \
  -H 'Content-Type: application/json' \
  -d '{"username":"<user>","password":"<pass>"}'

[Copilot]

Pull request overview

This PR modernizes the API authentication stack by replacing the deprecated drf-jwt and django-rest-auth packages with their modern equivalents: SimpleJWT and dj-rest-auth. The changes maintain backwards compatibility through a legacy endpoint while introducing new SimpleJWT-based authentication endpoints.

• Replace deprecated JWT authentication packages with SimpleJWT and dj-rest-auth (pinned for django-allauth 0.47.0 compatibility)
• Add modern JWT endpoints (/api/token/ and /api/token/refresh/) while maintaining backwards-compatible /api-token-auth/ endpoint
• Update API views to use JWTAuthentication class from SimpleJWT
• Add smoke tests for token authentication and legacy endpoint compatibility

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
requirements/base.txt	Updates JWT and REST auth dependencies; also includes hiredis version upgrade (appears unrelated to JWT changes)
config/urls.py	Replaces old JWT imports with SimpleJWT views; adds new token endpoints and legacy compatibility view
config/settings/base.py	Updates installed apps to use dj-rest-auth; configures SimpleJWT with Bearer/JWT auth header support
codershq/api/views.py	Replaces JSONWebTokenAuthentication with JWTAuthentication in view decorators; updates route list
codershq/api/auth_views.py	New file implementing backwards-compatible legacy token endpoint that returns both old and new token formats
codershq/api/tests.py	New test file with authentication smoke tests covering token obtain, permissions, and legacy endpoint
README.md	Adds comprehensive JWT authentication documentation with usage examples

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[kamrankhan78694]

can we proceed @alchatti @vatsalyagoel @Musab0 @naisofly ?

[Copilot]

Pull request overview

Copilot reviewed 40 out of 60 changed files in this pull request and generated 4 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The version djangorestframework-simplejwt==5.3.1 was released in September 2023. As of the current date (January 2026), this version is over 2 years old. Consider upgrading to a more recent version to benefit from bug fixes, security patches, and new features. Check the changelog at https://github.com/jazzband/djangorestframework-simplejwt/releases for any important updates.

[Copilot]

The version dj-rest-auth==2.2.8 was released in early 2023. Consider checking for a more recent version to ensure you have the latest bug fixes and security updates. The package is actively maintained, and newer versions may be available.

[Copilot]

The flake8 version has been upgraded from 4.0.1 to 7.1.1, which is a major version jump (3 major versions). This is a significant upgrade that may introduce new linting rules or behavior changes. Ensure that all team members are aware of this upgrade and that any new linting errors are addressed. Consider documenting this change in the PR description or migration notes.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.