8 User authentication
This chapter covers
- Registering and activating new user accounts
- Installing and creating Django apps
- Logging into and out of your project
- Accessing user profile information
- Testing authentication
Authentication and authorization are analogous to users and groups. In this chapter you learn about authentication by creating users; in a later chapter you learn about authorization by creating groups.
OWASP Top Ten #2
At the time of this writing, broken authentication is #2 on the OWASP Top Ten (https://owasp.org/www-project-top-ten/). What is the OWASP Top Ten? The Open Web Application Security Project (OWASP) foundation is a nonprofit organization working to improve software security. OWASP promotes the adoption of security standards and best practices through open source projects, conferences, and hundreds of local chapters worldwide. The OWASP Top Ten is designed to raise awareness about the most critical security challenges faced by web applications.
You begin this chapter by adding a new user registration workflow to the Django project you created previously. Bob uses this workflow to create and activate an account for himself. Next, you create an authentication workflow. Bob uses this workflow to log in, access his profile information, and log out. HTTP session management, from the previous chapter, makes an appearance. Finally, you write tests to verify this functionality.