Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
Let's talk about authentication and authorization in Django! What are these two long words and how do they affect our Django-based applications?
Authentication - Identifying a user, often done through a username and password combination.
Authorization - Verifying that an authenticated user has permission to perform an action.
[NOISE] Hey all, I'm Kenneth,
the Django teacher here at Treehouse.
0:00
If you've been following along with me,
you've built a lot of stuff with Django.
0:07
But one thing you haven't really seen
is how to do aut with Django, and
0:11
of course by aut, I mean both
authentication and authorization.
0:14
Hm, those two words sound really similar.
0:18
Aren't they the same thing?
0:20
Actually no,
0:22
authentication is all about connecting
some credentials to an incoming request.
0:23
In other words making sure
a user is who they say they are.
0:27
By default Django does this
with a username and password.
0:30
Once a user authenticates themselves that
authentication is stored in their session
0:34
and that session
authenticates the request.
0:38
Authorization on the other hand is about
ensuring that the user has permission
0:40
to do the action they want to do.
0:44
For example, you might not want just any
user to be able to delete job listings,
0:46
or cat photos.
0:49
Those actions are only for certain
users who are authorized to do them.
0:51
Before you can determine
if a user can do something,
0:54
you have to identify who they are.
0:57
Well, except for
things you won't let just anyone do.
0:59
So, the first thing to
look at is authentication.
1:02
I've built most of a project for
1:05
this course and it's missing
a bunch of auth related features.
1:06
I figured we could build them together.
1:09
For now though, let's hop over to Work
Spaces so I can give you a little tour.
1:11
So, I wanted to show you around this
project before we start working on it
1:15
too much.
1:19
So I've named it MSG for message,
1:20
not for monosodium glutamate.
1:24
And so there it is,
it's a social network, so you would join.
1:28
You would have communities
that you could belong to.
1:31
You'd post messages to the communities or
to the general public.
1:34
And just share your information and
thoughts and everything.
1:38
This theme isn't from me,
1:44
it's not even from Treehouse actually
it's from a site called creative Tim.
1:46
It was a free theme that I kind
of mess around with a little bit.
1:50
So yeah it's pretty cool.
1:54
This is the home page and then if you
go to the Posts page this is where you
1:55
see posts and you can see I
basically ripped off Twitter.
1:59
There's a user icon,
there's whatever display name you want.
2:03
There's a user name, there's when
the thing was posted, where it was posted,
2:10
if it was posted anywhere and
then what the actual post was.
2:15
You can go see the post,
that a user has posted, you can go see
2:18
a specific post which you can see, these
are marked down, which is kind of cool.
2:22
I realized now I should
have had this on that page.
2:27
But hey, there's a thing for
all of you to add in and
2:30
then you can also,
sorry I may go back to here.
2:33
You can also go look at the posts
that are in a given community.
2:36
Here we go.
And you can join the community or
2:42
you can leave the community
if you are logged in.
2:44
So, speaking of,
I wanna talk about there's
2:49
this README here that has
are the usual default information.
2:52
There is a todo here that has
stuff that needs to be done.
2:56
Some of this we're gonna get to,
some of this we may not.
3:01
And then there's the credits down here
that I talked about with creative Tim and
3:04
icons8 for some of the icons.
3:08
All right, so
let's try running these tests here.
3:11
I just wanna do python manage.py test.
3:16
And it's gonna run the test and if I
remember correctly they should all pass.
3:19
Right, but we have an expected failure, so
3:24
I need to fix that, I don't want to
be there to be an expected failure.
3:26
So that's something we'll
get to in the next video.
3:29
I don't have tests written for the entire
app, and everything that's missing.
3:34
But between tests and that README,
I think everything is covered.
3:37
Now that you have an idea of what
the site is, and what it's missing,
3:41
I think it's time to make some of those
views require a user to be logged in.
3:44
That's coming in the next video.
3:48
You need to sign up for Treehouse in order to download course files.
Sign up