Lesson 1
User Authentication
Introduction to User Authentication

Welcome to the first step in building a full-featured To-Do list application! This unit will focus on user authentication, a crucial component for most web applications. We'll walk through how to allow users to register, log in, and log out of the application. Understanding user authentication ensures that your application can manage user-specific data securely and provide each user with a personalized experience.

What You'll Learn

In this unit, you'll learn how to implement basic user authentication by using the Django framework. We'll cover the following essential features:

  1. User Registration: You'll learn how to create a user registration system where new users can sign up with a username, email, and password. Here's a snippet to give you a sneak peek:

    Python
    1 @csrf_exempt
2 def register(request):
3     if request.method == 'POST':
4         data = request.POST
5         username = data.get('username')
6         email = data.get('email')
7         password = data.get('password')
8
9         if not username or not email or not password:
10             return JsonResponse({'error': 'Username, email, and password are required.'}, status=400) # 400 indicates bad request
11
12         if User.objects.filter(username=username).exists():
13             return JsonResponse({'error': 'Username already exists.'}, status=400)
14
15         user = User.objects.create_user(username=username, email=email, password=password)
16         user.save()
17         return JsonResponse({'message': 'User registered successfully'}, status=201) # 201 indicates that resource created
18     
19     return JsonResponse({'message': 'Only POST method is allowed'}, status=405) # 405 indicates the method not allowed

    We take the username, email, and password from the request and create a new user in the database. If the username already exists, we return an error message. Otherwise, we create a new user and return a success message.

    Notice, that we do not have a model for the user, instead we use the built-in User model from Django's auth module. This model provides all the necessary fields and methods to manage users in the application.

  2. User Login: We will implement a login mechanism to authenticate users before they access restricted parts of your application.

    Python
    1 @csrf_exempt
2 def user_login(request):
3     if request.method == 'POST':
4         data = request.POST
5         username = data.get('username')
6         password = data.get('password')
7         print(username, password)
8
9         if not username or not password:
10             return JsonResponse({'error': 'Username and password are required.'}, status=400)
11
12         user = authenticate(request, username=username, password=password)
13         if user is not None:
14             login(request, user)
15             return JsonResponse({'message': 'User logged in successfully'}, status=200)
16         return JsonResponse({'error': 'Invalid credentials'}, status=400)
17     
18     return JsonResponse({'message': 'Only POST method is allowed'}, status=405)

    The code demonstrates how to take the username and password from the request, authenticate the user, and log them in. If the credentials are valid, the user is logged in; otherwise, an error message is returned.

    The authenticate function checks the provided username and password against the user database. If the credentials are correct, it returns the user object; otherwise, it returns None.

    The login function logs the user in by creating a session for the user. We will discuss sessions in more detail in the upcoming units.

  3. User Logout: You'll also learn how to log users out securely.

    Python
    1 @csrf_exempt
2 def user_logout(request):
3     if request.method == 'POST':
4         logout(request)
5         return JsonResponse({'message': 'User logged out successfully'}, status=200)
6     
7     return JsonResponse({'message': 'Only POST method is allowed'}, status=405)

    In this code snippet, we log the user out by calling the logout function. This function deletes the user's session, effectively logging them out of the application.

Why It Matters

User authentication is a fundamental part of web applications for several reasons:

  • Security: It protects user data and prevents unauthorized access.
  • Personalization: By authenticating users, you can provide a tailored experience, showing user-specific to-do lists, notifications, and more.
  • Data Management: Authenticated users allow for better data organization as each user's data is securely separated.

By the end of this unit, you'll have the skills to implement user authentication in your Django applications, making them more robust and secure. Let's get started and make our To-Do list application more engaging and user-friendly!

Enjoy this lesson? Now it's time to practice with Cosmo!
Practice is how you turn knowledge into actual skills.