A Tale of Two Auths3:49 with Kenneth Love
Let's talk about authentication and authorization in Django! What are these two long words and how do they affect our Django-based applications?
Authentication - Identifying a user, often done through a username and password combination.
Authorization - Verifying that an authenticated user has permission to perform an action.
[NOISE] Hey all, I'm Kenneth, the Django teacher here at Treehouse. 0:00 If you've been following along with me, you've built a lot of stuff with Django. 0:07 But one thing you haven't really seen is how to do aut with Django, and 0:11 of course by aut, I mean both authentication and authorization. 0:14 Hm, those two words sound really similar. 0:18 Aren't they the same thing? 0:20 Actually no, 0:22 authentication is all about connecting some credentials to an incoming request. 0:23 In other words making sure a user is who they say they are. 0:27 By default Django does this with a username and password. 0:30 Once a user authenticates themselves that authentication is stored in their session 0:34 and that session authenticates the request. 0:38 Authorization on the other hand is about ensuring that the user has permission 0:40 to do the action they want to do. 0:44 For example, you might not want just any user to be able to delete job listings, 0:46 or cat photos. 0:49 Those actions are only for certain users who are authorized to do them. 0:51 Before you can determine if a user can do something, 0:54 you have to identify who they are. 0:57 Well, except for things you won't let just anyone do. 0:59 So, the first thing to look at is authentication. 1:02 I've built most of a project for 1:05 this course and it's missing a bunch of auth related features. 1:06 I figured we could build them together. 1:09 For now though, let's hop over to Work Spaces so I can give you a little tour. 1:11 So, I wanted to show you around this project before we start working on it 1:15 too much. 1:19 So I've named it MSG for message, 1:20 not for monosodium glutamate. 1:24 And so there it is, it's a social network, so you would join. 1:28 You would have communities that you could belong to. 1:31 You'd post messages to the communities or to the general public. 1:34 And just share your information and thoughts and everything. 1:38 This theme isn't from me, 1:44 it's not even from Treehouse actually it's from a site called creative Tim. 1:46 It was a free theme that I kind of mess around with a little bit. 1:50 So yeah it's pretty cool. 1:54 This is the home page and then if you go to the Posts page this is where you 1:55 see posts and you can see I basically ripped off Twitter. 1:59 There's a user icon, there's whatever display name you want. 2:03 There's a user name, there's when the thing was posted, where it was posted, 2:10 if it was posted anywhere and then what the actual post was. 2:15 You can go see the post, that a user has posted, you can go see 2:18 a specific post which you can see, these are marked down, which is kind of cool. 2:22 I realized now I should have had this on that page. 2:27 But hey, there's a thing for all of you to add in and 2:30 then you can also, sorry I may go back to here. 2:33 You can also go look at the posts that are in a given community. 2:36 Here we go. And you can join the community or 2:42 you can leave the community if you are logged in. 2:44 So, speaking of, I wanna talk about there's 2:49 this README here that has are the usual default information. 2:52 There is a todo here that has stuff that needs to be done. 2:56 Some of this we're gonna get to, some of this we may not. 3:01 And then there's the credits down here that I talked about with creative Tim and 3:04 icons8 for some of the icons. 3:08 All right, so let's try running these tests here. 3:11 I just wanna do python manage.py test. 3:16 And it's gonna run the test and if I remember correctly they should all pass. 3:19 Right, but we have an expected failure, so 3:24 I need to fix that, I don't want to be there to be an expected failure. 3:26 So that's something we'll get to in the next video. 3:29 I don't have tests written for the entire app, and everything that's missing. 3:34 But between tests and that README, I think everything is covered. 3:37 Now that you have an idea of what the site is, and what it's missing, 3:41 I think it's time to make some of those views require a user to be logged in. 3:44 That's coming in the next video. 3:48
You need to sign up for Treehouse in order to download course files.Sign up