8 User authentication

 

This chapter covers

  • Registering and activating new user accounts
  • Installing and creating Django apps
  • Logging into and out of your project
  • Accessing user profile information
  • Testing authentication

Authentication and authorization are analogous to users and groups. In this chapter, you’ll learn about authentication by creating users; in a later chapter, you’ll learn about authorization by creating groups.

Note

At the time of this writing, broken authentication is number 2 on the OWASP Top Ten (https://owasp.org/www-project-top-ten/). What is the OWASP Top Ten? It’s a reference designed to raise awareness about the most critical security challenges faced by web applications. The Open Web Application Security Project (OWASP) is a nonprofit organization working to improve software security. OWASP promotes the adoption of security standards and best practices through open source projects, conferences, and hundreds of local chapters worldwide.

You’ll begin this chapter by adding a new user-registration workflow to the Django project you created previously. Bob uses this workflow to create and activate an account for himself. Next, you’ll create an authentication workflow. Bob uses this workflow to log in, access his profile information, and log out. HTTP session management, from the previous chapter, makes an appearance. Finally, you’ll write tests to verify this functionality.

8.1 User registration

8.1.1 Templates

8.1.2 Bob registers his account

8.2 User authentication

8.2.1 Built-in Django views

8.2.2 Creating a Django app

8.2.3 Bob logs into and out of his account

8.3 Requiring authentication concisely

8.4 Testing authentication