1
00:00:05,240 --> 00:00:10,400
Welcome back, everyone, to this lecture that now begins to take a look at the user model and authentication.

2
00:00:11,600 --> 00:00:16,400
So we've set up some very simple views and skeleton code for the basis of our library website.

3
00:00:16,880 --> 00:00:22,610
Now clearly we could take the time to keep adding more view template and URL combos based off our generic

4
00:00:22,610 --> 00:00:27,650
model views or views that we already know from class based views to add more pages.

5
00:00:27,980 --> 00:00:30,440
But we're going to switch gears now, focus on adding users.

6
00:00:30,560 --> 00:00:34,790
We believe that given that you're this far into the course, you could just keep making the connections

7
00:00:34,790 --> 00:00:40,100
to add in a class based view connected to a template and show more information, for example, at a

8
00:00:40,100 --> 00:00:42,020
class based view to list all the authors.

9
00:00:42,380 --> 00:00:44,720
Let's switch gears to focus on adding users.

10
00:00:44,720 --> 00:00:48,200
And the whole point of users is to actually create a user model.

11
00:00:48,410 --> 00:00:54,260
Maybe we could check the current user's checked out books and we want to be able to distinguish which

12
00:00:54,260 --> 00:00:56,880
pages are viewable by particular users.

13
00:00:56,900 --> 00:01:02,210
So we don't want to give everybody just full admin privileges to edit every page or add a book form,

14
00:01:02,210 --> 00:01:02,750
etc..

15
00:01:03,050 --> 00:01:05,780
Let's head back to our code and begin to explore this.

16
00:01:06,440 --> 00:01:06,770
All right.

17
00:01:06,770 --> 00:01:11,540
So I want to actually start off by showing you where Django sets this up for you.

18
00:01:11,630 --> 00:01:16,490
So you'll notice a lot of things will just seem to work right out of the box without us having to import

19
00:01:16,490 --> 00:01:16,970
anything.

20
00:01:17,270 --> 00:01:21,350
And that has to do with the settings Python file at a library level.

21
00:01:21,350 --> 00:01:26,810
And it really has to do with the fact that Django has a built in authentication system and you need

22
00:01:26,810 --> 00:01:32,960
to make sure under installed apps that you have django dot contrib off already to go as well as Django

23
00:01:32,960 --> 00:01:35,600
Doc contrib content types or content types.

24
00:01:36,020 --> 00:01:41,600
These should be by default enabled for you, but go ahead and make sure they're listed under installed

25
00:01:41,600 --> 00:01:42,020
apps.

26
00:01:42,020 --> 00:01:45,200
But for using Django foreign above those should be ready to go by default.

27
00:01:45,590 --> 00:01:50,480
You'll also notice as you go to middleware that there's middleware, it actually tracks sessions.

28
00:01:50,480 --> 00:01:54,230
So there's session middleware and there's also authentication middleware.

29
00:01:54,560 --> 00:01:57,620
Again, that's all going to be operating behind the scenes for us.

30
00:01:58,010 --> 00:02:03,170
And what we're going to do is show you the ability on how to create users for this.

31
00:02:03,320 --> 00:02:06,770
Let's go ahead and start off by doing it from an admin perspective.

32
00:02:07,220 --> 00:02:09,729
So I'm going to open up my website.

33
00:02:09,740 --> 00:02:16,220
So here I am at Create Book, but I'm actually going to go to forward slash admin and now I'm logged

34
00:02:16,220 --> 00:02:23,300
in as the Django Admin Superuser and you'll notice there's the ability to add groups and add users.

35
00:02:23,600 --> 00:02:26,240
So I'm actually going to add a new group of users.

36
00:02:26,570 --> 00:02:27,890
So let's add this here.

37
00:02:28,610 --> 00:02:32,000
And the group name is going to be library members.

38
00:02:35,130 --> 00:02:39,060
So the library members, the people that can actually check out books, that's the idea.

39
00:02:39,270 --> 00:02:41,910
They're going to be able to make a new book submission.

40
00:02:41,910 --> 00:02:43,800
Maybe that would be something for a librarian.

41
00:02:44,250 --> 00:02:50,340
You could also let them actually have available permissions, like Cassie believes an author has the

42
00:02:50,340 --> 00:02:52,230
ability to view a book, etc..

43
00:02:52,530 --> 00:02:54,090
But for right now, we'll leave that all blank.

44
00:02:54,120 --> 00:02:58,470
I'm just going to say, library members, I haven't chosen any permissions and then I just hit save.

45
00:02:58,740 --> 00:03:02,120
I'm super zoomed in so this screen will look something more like this for you.

46
00:03:02,130 --> 00:03:07,500
So I just have library members and that choosing any available permissions you can see the permissions

47
00:03:07,500 --> 00:03:11,700
are essentially automatically can you add change to view up etc..

48
00:03:11,730 --> 00:03:16,290
So we're going to save library members don't need any permissions for them.

49
00:03:16,590 --> 00:03:21,270
We have our first group, you can imagine group being a collection of users.

50
00:03:21,870 --> 00:03:28,230
Speaking of which, let's add now a user trying to click Add on user and now I need to decide on a username

51
00:03:28,230 --> 00:03:28,900
and password.

52
00:03:29,100 --> 00:03:33,120
Clearly later on it should be a person that chooses their own username and password.

53
00:03:33,510 --> 00:03:35,610
For now, I'm just going to say my user.

54
00:03:36,860 --> 00:03:38,660
And then let's give them.

55
00:03:40,390 --> 00:03:46,820
My password has their password so not secure, but that should be fine for our demonstration purposes.

56
00:03:46,840 --> 00:03:48,910
So username, password and password.

57
00:03:48,910 --> 00:03:49,530
Confirmation.

58
00:03:50,140 --> 00:03:51,220
I'm going to hit save.

59
00:03:51,230 --> 00:03:54,940
Hopefully you don't get an error for such a simple password and passwords to common.

60
00:03:55,150 --> 00:03:58,000
So now I'm going to say my password.

61
00:03:58,600 --> 00:03:59,740
One, two, three.

62
00:04:00,430 --> 00:04:02,380
Hopefully it doesn't keep giving me an error.

63
00:04:03,040 --> 00:04:04,990
Otherwise, I'd have to actually think about something here.

64
00:04:05,380 --> 00:04:06,460
So now hit save.

65
00:04:06,790 --> 00:04:07,020
Okay.

66
00:04:07,040 --> 00:04:07,960
Looks like we're good to go.

67
00:04:08,260 --> 00:04:08,620
Okay.

68
00:04:09,070 --> 00:04:12,670
You'll notice that the raw passwords themselves are actually not stored.

69
00:04:12,790 --> 00:04:19,779
So by default, Django is storing your passwords, but it's doing a one way hash on them, meaning it's

70
00:04:19,779 --> 00:04:24,400
using what's known as a s h a a secure hashing algorithm.

71
00:04:24,730 --> 00:04:25,970
256 bit.

72
00:04:26,290 --> 00:04:30,520
To actually perform a one way transformation of the password.

73
00:04:30,850 --> 00:04:34,390
That means it's not storing my users password in raw text.

74
00:04:34,630 --> 00:04:35,470
My password.

75
00:04:35,470 --> 00:04:36,100
One, two, three.

76
00:04:36,430 --> 00:04:39,490
Instead it hashes that and then stores the hash that way.

77
00:04:39,500 --> 00:04:45,190
It just compares the hash version of what the user passes in as their password versus the hash version

78
00:04:45,190 --> 00:04:45,880
of what's saved.

79
00:04:46,270 --> 00:04:51,220
That means if for some reason this library website's hacked, the passwords themselves are not revealed.

80
00:04:51,250 --> 00:04:53,440
You only get to see this hash.

81
00:04:54,130 --> 00:04:54,490
Okay.

82
00:04:54,520 --> 00:04:59,650
Now, if I wanted to, I could keep adding more personal information, etc. but I've already saved the

83
00:04:59,650 --> 00:05:00,640
user successfully.

84
00:05:01,740 --> 00:05:06,360
Now let's go ahead and add my user here to the Library Members Group.

85
00:05:06,630 --> 00:05:10,470
So I simply select the group and I can pass it along with this button here.

86
00:05:11,040 --> 00:05:13,230
And so now it's part of library members.

87
00:05:13,770 --> 00:05:15,120
I could also add permissions.

88
00:05:15,330 --> 00:05:18,780
I could have like important dates like last logged in, date joined, etc..

89
00:05:19,110 --> 00:05:20,250
But now let's just hit save.

90
00:05:20,250 --> 00:05:21,690
We don't really need to do anything else for now.

91
00:05:23,230 --> 00:05:23,560
Okay.

92
00:05:23,980 --> 00:05:28,030
So I have the admin, which is the super user that can come in and change anything they want.

93
00:05:28,360 --> 00:05:33,430
And then I also have this my user notice they do not have staff status and they're part of my group

94
00:05:33,640 --> 00:05:34,930
called Library Members.

95
00:05:35,500 --> 00:05:39,670
So Django provides almost everything you need to actually create authentication pages to handle things

96
00:05:39,670 --> 00:05:43,840
like log in, log out and password management all out of the box.

97
00:05:43,840 --> 00:05:46,480
And that actually includes even a URL mapper.

98
00:05:46,660 --> 00:05:48,670
So let's go ahead and explore this.

99
00:05:49,830 --> 00:05:52,500
So we're going to go back to our code.

100
00:05:54,070 --> 00:06:01,360
And then underneath my URLs at a project level, you'll notice that we already have admin filled out

101
00:06:01,360 --> 00:06:01,900
for us.

102
00:06:02,110 --> 00:06:08,950
Now what I'm going to do is I'm actually going to include the Django dot contrib ofthese URLs.

103
00:06:09,190 --> 00:06:11,020
So I'm going to do it in the following way.

104
00:06:11,710 --> 00:06:12,850
I'm going to say comma here.

105
00:06:14,160 --> 00:06:14,730
Path.

106
00:06:16,460 --> 00:06:21,500
Account's forward slash and then say include.

107
00:06:23,410 --> 00:06:29,080
Django dark contrib the off thought your else.

108
00:06:29,710 --> 00:06:36,820
Now you may be wondering if I already am including catalog URLs and have my own your URL pattern set

109
00:06:36,820 --> 00:06:46,690
up if I'm adding underneath my project level urls this django contrib clips dot are thought urls where

110
00:06:46,690 --> 00:06:47,770
are these URLs set up?

111
00:06:48,190 --> 00:06:51,940
Well, these URLs are set up in the actual source code of Django.

112
00:06:52,420 --> 00:06:55,230
And the question becomes, what does this actually do?

113
00:06:55,240 --> 00:06:57,400
What are the URLs that are available to you?

114
00:06:57,820 --> 00:07:02,890
If you want, you could manually add in all the URLs associated automatically with contrib, the author

115
00:07:02,890 --> 00:07:03,340
URLs.

116
00:07:03,790 --> 00:07:10,750
But long story short, the new URLs that this single line of code adds in are the following.

117
00:07:10,750 --> 00:07:11,740
I was going to paste them here.

118
00:07:12,280 --> 00:07:13,660
It essentially does this for you.

119
00:07:13,990 --> 00:07:17,380
It lets you have all these URLs automatically created for you.

120
00:07:17,740 --> 00:07:21,460
So it does accounts for slash login log out.

121
00:07:21,940 --> 00:07:22,900
Password change.

122
00:07:23,110 --> 00:07:24,190
Password change done.

123
00:07:24,250 --> 00:07:28,090
Password reset, reset, done, reset and reset done.

124
00:07:28,540 --> 00:07:34,240
So essentially, do you want to be able to log in, log out, change your password or reset your password

125
00:07:34,240 --> 00:07:35,680
and then confirm etc.?

126
00:07:36,160 --> 00:07:41,950
All of these URLs automatically get created and linked to when you add in this one line of code.

127
00:07:42,520 --> 00:07:45,760
So we're just going to go ahead and leave it at that.

128
00:07:46,890 --> 00:07:48,810
Now, I didn't mention that.

129
00:07:48,810 --> 00:07:55,500
For example, the accounts for slash log in your URL and view have now been created for us with this

130
00:07:55,500 --> 00:07:56,220
URL pattern.

131
00:07:56,640 --> 00:07:58,980
But what happens if we actually go to that page?

132
00:07:59,010 --> 00:08:01,590
So I'm going to save this change in my early days.

133
00:08:02,070 --> 00:08:07,110
And now let's go to our well, here we are now at the homepage.

134
00:08:07,170 --> 00:08:08,010
But let's go to that.

135
00:08:08,010 --> 00:08:09,330
You are all I said exists.

136
00:08:09,900 --> 00:08:11,670
I'm going to go to forward slash.

137
00:08:12,570 --> 00:08:14,190
Account's forward slash.

138
00:08:14,550 --> 00:08:16,350
Log in, hit enter.

139
00:08:16,350 --> 00:08:19,170
And it's going to say, oh, the template doesn't exist.

140
00:08:19,470 --> 00:08:24,840
Which means while the URLs and views have been created for you, it's up to the user of Jango to actually

141
00:08:24,840 --> 00:08:27,270
create the template files, those HTML files.

142
00:08:27,630 --> 00:08:28,330
That's no problem.

143
00:08:28,350 --> 00:08:30,450
We're familiar creating HTML template files.

144
00:08:30,720 --> 00:08:31,890
Let's go ahead and do that.

145
00:08:32,250 --> 00:08:37,409
It's very similar to class based views where you just have to be aware of what is being passed back

146
00:08:37,530 --> 00:08:39,090
on a default level.

147
00:08:39,570 --> 00:08:41,309
So here's what we're going to do.

148
00:08:42,350 --> 00:08:49,250
We're going to create a new templates folder and it's going to be at a level of the local library.

149
00:08:49,730 --> 00:08:51,590
So instead of templates underneath catalog.

150
00:08:53,010 --> 00:08:57,660
I'm going to say that I have my overall library.

151
00:08:58,080 --> 00:09:00,300
I have catalog library.

152
00:09:00,390 --> 00:09:07,950
And at that same directory level, I'm going to create a new folder called templates because registration

153
00:09:07,950 --> 00:09:10,680
and logging in really doesn't happen at an application level.

154
00:09:10,920 --> 00:09:17,010
It happens at a site level, which is why underneath templates, I then create the default directory

155
00:09:17,010 --> 00:09:18,750
name which is called registration.

156
00:09:18,780 --> 00:09:19,950
It has to be called this.

157
00:09:21,210 --> 00:09:23,820
You could overwrite it, but just to keep everything the same.

158
00:09:23,850 --> 00:09:25,020
Go ahead and do registration.

159
00:09:25,410 --> 00:09:27,630
So I have library templates.

160
00:09:27,930 --> 00:09:28,860
Registration.

161
00:09:29,280 --> 00:09:29,670
Okay.

162
00:09:30,180 --> 00:09:36,120
Then what I'm going to do is up here in registration is where I can begin adding in the templates.

163
00:09:37,400 --> 00:09:41,960
However, as we've done this before, I want to make sure this is actually visible at a settings like

164
00:09:42,010 --> 00:09:42,890
profile level.

165
00:09:43,280 --> 00:09:47,810
So I open up my settings that profile again and there's different ways of doing this.

166
00:09:48,260 --> 00:09:53,600
The way I like to do it, which has done before, is import OS here and then scroll down until you get

167
00:09:53,600 --> 00:09:54,620
to templates.

168
00:09:55,160 --> 00:09:57,410
Remember, I already have the app directories equal to true.

169
00:09:57,680 --> 00:10:03,830
Now I just need to say as we done before os dot path dot join in.

170
00:10:03,830 --> 00:10:06,590
I joined the base directory with.

171
00:10:07,630 --> 00:10:12,280
Templates and that's all we need to do to save that and register that there.

172
00:10:12,370 --> 00:10:18,130
So now the overall project has the capability to view templates inside registration, which is going

173
00:10:18,130 --> 00:10:20,680
to automatically connect to authentication.

174
00:10:21,400 --> 00:10:24,430
So now let's go ahead and create that log in HTML file.

175
00:10:24,880 --> 00:10:28,780
So I have templates, registration, and now I'm going to create a new file here.

176
00:10:29,320 --> 00:10:31,900
And this one should be called log in that each HTML.

177
00:10:32,320 --> 00:10:36,100
And you have to be choosing these names because that's what Django's authentication system looks for.

178
00:10:36,790 --> 00:10:38,260
So what do we do now?

179
00:10:38,770 --> 00:10:43,570
Here is the log in page, which means I need to start checking if the user is authenticated or not.

180
00:10:43,690 --> 00:10:46,120
If not, I need them a form to log in.

181
00:10:47,200 --> 00:10:51,100
So there's a couple of things we are going to typically have on a log in form.

182
00:10:51,760 --> 00:10:53,770
The first one is to check for errors.

183
00:10:54,010 --> 00:10:56,770
So I want to check for errors.

184
00:10:56,980 --> 00:10:58,270
Let me comment that one out.

185
00:10:58,840 --> 00:10:59,500
Expand this.

186
00:10:59,920 --> 00:11:02,540
So I want to be able to I'm just going to type them out here.

187
00:11:02,560 --> 00:11:03,670
I want to check for errors.

188
00:11:04,240 --> 00:11:07,750
Then I want to check if user is authenticated.

189
00:11:08,410 --> 00:11:10,510
If not, I'm going to have them log in.

190
00:11:11,440 --> 00:11:13,480
And then I'm going to need a log in form.

191
00:11:13,720 --> 00:11:16,580
So let's set this up, starting with checking for errors.

192
00:11:16,600 --> 00:11:17,680
This is actually quite simple.

193
00:11:18,250 --> 00:11:20,320
I'm simply just going to need to say if statement.

194
00:11:20,650 --> 00:11:27,520
So if formed errors a form object is passed back by Django, then something happened.

195
00:11:27,520 --> 00:11:28,780
The form didn't sync up.

196
00:11:28,850 --> 00:11:32,290
So it's up to you to kind of say what you want.

197
00:11:32,530 --> 00:11:40,000
Typically, you're just going to say your username or password was incorrect.

198
00:11:41,310 --> 00:11:42,030
Try again.

199
00:11:42,120 --> 00:11:42,950
That is what she says.

200
00:11:42,960 --> 00:11:43,580
Something happened.

201
00:11:43,590 --> 00:11:48,000
The form didn't actually connect with the back end and they're either passing in their username wrong

202
00:11:48,000 --> 00:11:48,840
or their password wrong.

203
00:11:49,380 --> 00:11:53,760
You never really actually want to be specific saying Hey, your username is wrong or your password is

204
00:11:53,760 --> 00:11:58,350
wrong because if someone's trying to hack in to their profile, you don't want to give them more hints

205
00:11:58,350 --> 00:12:01,860
of Hey, your username was correct, but maybe try on the password if you know what I mean.

206
00:12:02,280 --> 00:12:05,310
So we'll just go ahead and say, Hey, your username or your password is incorrect.

207
00:12:05,520 --> 00:12:06,150
Try again.

208
00:12:07,410 --> 00:12:10,470
Up next, we need to handle a couple of situations.

209
00:12:10,620 --> 00:12:17,430
So there's going to be a couple of situations that a user may encounter and go straight to a login page.

210
00:12:17,910 --> 00:12:22,680
So the situations are that the user is logged in.

211
00:12:25,200 --> 00:12:26,880
But no access.

212
00:12:28,180 --> 00:12:31,060
There's a situation where the user is not logged in.

213
00:12:32,530 --> 00:12:36,670
So for example, they go to a page, they're not allowed to see it and they're not even logged in.

214
00:12:36,820 --> 00:12:38,890
We should just redirect them to this log in that HTML.

215
00:12:39,250 --> 00:12:43,750
So we need to have statements for if the user's logged in, but try to access the page where they don't

216
00:12:43,750 --> 00:12:44,500
have access to it.

217
00:12:44,950 --> 00:12:47,050
The user's not logged in so they got redirected.

218
00:12:47,050 --> 00:12:48,370
Is logging that HTML site.

219
00:12:48,400 --> 00:12:50,920
So what happens when your visit website says, Oh, please log in?

220
00:12:51,250 --> 00:12:52,900
So it redirects it to the log in page.

221
00:12:53,260 --> 00:12:56,380
And then the other thing we have to do is the actual form.

222
00:12:56,560 --> 00:12:58,480
So the log in form.

223
00:12:58,930 --> 00:13:02,140
So let's check out what if the user is logged in but doesn't have access?

224
00:13:02,350 --> 00:13:06,910
So if that happens, then Django sent them a stream query called Next.

225
00:13:07,090 --> 00:13:09,250
Essentially go to the next page.

226
00:13:09,730 --> 00:13:12,070
So we're gonna see if next.

227
00:13:12,190 --> 00:13:14,380
So that's something that the authentication system is going to return.

228
00:13:15,130 --> 00:13:21,040
And if they got next ID, so to speak, that means either they're not authenticated or they don't have

229
00:13:21,040 --> 00:13:22,240
permission to see that page.

230
00:13:22,480 --> 00:13:23,800
So that means I need to check for both.

231
00:13:24,790 --> 00:13:28,390
So we're going to say if and then a user object is passed back.

232
00:13:29,880 --> 00:13:31,740
And it has a bunch of different methods.

233
00:13:31,770 --> 00:13:34,800
One of them being is underscore authenticated.

234
00:13:34,830 --> 00:13:37,560
So we'll say if the person got next.

235
00:13:37,560 --> 00:13:39,100
So that means they try to visit a page.

236
00:13:39,120 --> 00:13:41,100
But, you know, they weren't logged in or don't have permission.

237
00:13:41,580 --> 00:13:45,840
If that user is authenticated, that means they were logged in and still got next to it anyways.

238
00:13:46,260 --> 00:13:48,360
Which means they don't have permission to see that page.

239
00:13:49,350 --> 00:13:54,630
So you don't have permission for this page.

240
00:13:55,440 --> 00:14:00,870
So just to be clear, again, if they got to redirect it to a log in its HTML with the next statement

241
00:14:01,050 --> 00:14:02,820
and the user was already authenticated.

242
00:14:03,150 --> 00:14:05,100
It means they don't have permission to see that page.

243
00:14:05,190 --> 00:14:07,830
So that means we have this if statement here.

244
00:14:08,250 --> 00:14:10,620
However, there's another situation that may occur.

245
00:14:11,670 --> 00:14:16,620
So we'll say else and that is they got next ID because they actually weren't logged in.

246
00:14:16,680 --> 00:14:19,680
In which case the user is not authenticated yet.

247
00:14:19,830 --> 00:14:21,720
So I need to ask them to please log in.

248
00:14:24,380 --> 00:14:27,710
And if they log in and get next to it again, then there's come back and see, Hey, you don't have

249
00:14:27,710 --> 00:14:28,640
permission for this page.

250
00:14:29,360 --> 00:14:33,080
So we'll say, please log in to Swift's.

251
00:14:35,160 --> 00:14:36,300
So you see this pitch.

252
00:14:37,290 --> 00:14:38,550
All right, then we're going to say.

253
00:14:39,300 --> 00:14:40,160
And if.

254
00:14:40,170 --> 00:14:41,100
And if.

255
00:14:42,420 --> 00:14:43,710
So we're checking out the users.

256
00:14:43,710 --> 00:14:44,740
Log in, but no access.

257
00:14:44,760 --> 00:14:45,810
Users not logged in.

258
00:14:46,050 --> 00:14:49,170
And then clearly we need to have a form here to actually log them in.

259
00:14:49,800 --> 00:14:55,770
So we're going to create a form and then the action, we can actually use URL routing for this.

260
00:14:56,910 --> 00:14:59,190
So I can say go to the URL for login.

261
00:15:00,680 --> 00:15:02,510
So we'll add that in later as a name.

262
00:15:03,050 --> 00:15:04,700
And then the method here is post.

263
00:15:07,150 --> 00:15:09,010
And then finally, what we're going to do here.

264
00:15:10,360 --> 00:15:12,100
It set up our CSR a token.

265
00:15:13,850 --> 00:15:16,410
And then we just need to set up a simple form.

266
00:15:16,430 --> 00:15:21,950
So it's kind of up to you how you want to construct this, but you do get this form object and it's

267
00:15:21,950 --> 00:15:25,910
going to have the username as well as the username label type.

268
00:15:26,810 --> 00:15:28,640
So probably have that one come up first.

269
00:15:28,640 --> 00:15:33,050
So we'll say form that username, that label tag.

270
00:15:34,860 --> 00:15:37,620
So this is just a form object that's passed back by Django.

271
00:15:38,040 --> 00:15:41,340
So they're going to give you a username and then we also need their password.

272
00:15:42,440 --> 00:15:43,570
So let's pass that in as well.

273
00:15:43,580 --> 00:15:44,360
Form the.

274
00:15:45,720 --> 00:15:46,980
Password label tag.

275
00:15:49,310 --> 00:15:50,870
And then form that password.

276
00:15:52,770 --> 00:15:54,930
And then finally, we need an input here.

277
00:15:56,890 --> 00:16:00,430
So we'll say input type is equal to submit.

278
00:16:01,300 --> 00:16:03,970
And then we'll give it a value of a log in.

279
00:16:04,360 --> 00:16:09,400
And then we're going to have a hidden input, which has to do with the next.

280
00:16:09,400 --> 00:16:10,560
So we'll say hidden input.

281
00:16:12,270 --> 00:16:13,860
The name will be next.

282
00:16:13,860 --> 00:16:15,150
And this is essentially just checking.

283
00:16:15,450 --> 00:16:17,070
Does that person actually have.

284
00:16:18,080 --> 00:16:21,590
The permissions to see that page or will they get next to.

285
00:16:22,780 --> 00:16:24,790
So we needed essentially a form Django, by the way.

286
00:16:24,820 --> 00:16:27,760
This person was next to to get to this actual sexual logging page.

287
00:16:29,410 --> 00:16:35,130
So let's go ahead and save these changes and see what happens when I try to go to log in again.

288
00:16:35,140 --> 00:16:36,760
So I now have the template.

289
00:16:37,300 --> 00:16:43,360
If I refresh my page instead of getting that error, I now see something that looks like this.

290
00:16:43,720 --> 00:16:49,440
I remember I already have a user that is part of the library members, so let's try pushing that person

291
00:16:49,440 --> 00:16:49,570
in.

292
00:16:49,570 --> 00:16:53,320
So we'll say My user and then it's my password.

293
00:16:54,300 --> 00:16:55,380
One, two, three.

294
00:16:55,920 --> 00:16:57,330
But we should get an error here.

295
00:16:57,540 --> 00:17:03,330
So it's actually going to take us to another default page for post lock and redirect if you hit login.

296
00:17:03,990 --> 00:17:06,599
Remember, this person exists and it was technically correct.

297
00:17:06,839 --> 00:17:08,910
So that's what we're going to have for a four page.

298
00:17:08,940 --> 00:17:12,280
Four page not found by default after you log in.

299
00:17:12,540 --> 00:17:14,790
It takes you to a log in redirect.

300
00:17:15,150 --> 00:17:18,750
Now, you can actually set up a log in, redirect yourself.

301
00:17:18,930 --> 00:17:22,109
You'll notice by default it takes you to accounts forward slash profile.

302
00:17:22,589 --> 00:17:26,430
Maybe that makes sense for certain websites, or maybe it doesn't maybe actually need to go to the page.

303
00:17:26,579 --> 00:17:28,109
Kind of depends on your web site.

304
00:17:28,560 --> 00:17:34,110
But what you could do is if you don't want to set up the account slash profile, redirect page.

305
00:17:34,440 --> 00:17:40,830
So, again, to be clear, by default, after you log in successfully, it takes you to this page.

306
00:17:40,860 --> 00:17:42,930
Forward slash accounts, forward slash profile.

307
00:17:43,440 --> 00:17:49,830
Or what you could do is come to settings until you find the log in redirect, or you can actually pass

308
00:17:49,830 --> 00:17:52,120
that in ourselves if it's not there.

309
00:17:52,140 --> 00:17:53,910
So let me zoom out so I can see the whole thing.

310
00:17:55,720 --> 00:17:57,700
And it's actually not there by default.

311
00:17:57,700 --> 00:17:58,480
So I'm going to add it in.

312
00:17:58,750 --> 00:17:59,710
So we're going to say.

313
00:18:00,780 --> 00:18:01,620
Log in.

314
00:18:03,010 --> 00:18:03,970
Redirect.

315
00:18:05,580 --> 00:18:06,390
You are l.

316
00:18:07,330 --> 00:18:08,290
Is equal to.

317
00:18:09,420 --> 00:18:10,080
And we'll just have it.

318
00:18:10,080 --> 00:18:11,010
Go to the homepage.

319
00:18:11,700 --> 00:18:12,360
Save that.

320
00:18:13,320 --> 00:18:14,700
Save our changes to log in.

321
00:18:14,700 --> 00:18:17,190
It's HTML and let's try that again.

322
00:18:17,610 --> 00:18:20,430
So let's actually restart the site.

323
00:18:21,360 --> 00:18:24,930
So when I say Python, manage that pie run server.

324
00:18:26,000 --> 00:18:28,490
And then I'm going to go back to that login page.

325
00:18:30,800 --> 00:18:33,080
And you should be visiting this in incognito mode.

326
00:18:34,490 --> 00:18:37,340
So I'm going to bring in now accounts log in.

327
00:18:38,150 --> 00:18:41,900
So here we can see the username and password set up again.

328
00:18:42,590 --> 00:18:45,620
So let's go with this, my user.

329
00:18:47,110 --> 00:18:48,850
And then it was my password.

330
00:18:50,110 --> 00:18:51,190
One, two, three.

331
00:18:52,000 --> 00:18:52,750
Log in.

332
00:18:53,750 --> 00:18:55,280
And now it takes us to the homepage.

333
00:18:55,910 --> 00:19:02,240
So so far we've been able to do is actually use the user authentication system to get logged then and

334
00:19:02,240 --> 00:19:04,010
then visit an actual page.

335
00:19:04,370 --> 00:19:05,030
Not so bad.

336
00:19:05,450 --> 00:19:06,680
We still have a lot of work to do.

337
00:19:06,710 --> 00:19:08,960
However, we still don't know about a log out template.

338
00:19:09,350 --> 00:19:14,480
And there's also things like password reset templates, password reset confirmations, as well as just

339
00:19:14,480 --> 00:19:17,240
testing certain pages against authenticated users.

340
00:19:17,690 --> 00:19:24,140
So right now, what we've done so far is someone can actually log in and then get redirected somewhere.

341
00:19:24,440 --> 00:19:28,640
And our site has this idea that this user is authenticated and logged in.

342
00:19:29,240 --> 00:19:35,540
Now the views need to decide whether or not someone has to be logged in to see the view.

343
00:19:35,900 --> 00:19:41,180
So what would be interesting is if you wanted to maybe see the homepage, you had to be logged then.

344
00:19:41,630 --> 00:19:48,560
So we're going to do in the next lecture is actually add in mix ins or decorators two views to actually

345
00:19:48,560 --> 00:19:51,440
view them and require that that user be logged in.

346
00:19:51,950 --> 00:19:52,250
Okay.

347
00:19:52,790 --> 00:19:54,020
We'll see that in the next lecture.