Chapter 11. Django revisited!

 

This chapter covers

  • Adding authentication
  • Unit-testing and functional-testing applications
  • Updating the database when models change
  • Serving static images and CSS style sheets

In Chapter 8, you built a simple todo list with Django, which allowed you to keep track of tasks you needed to do. Although useful for you, it’s not helpful to other people. In this chapter, we’ll look at some of the polishing steps you need to take to make your Django application useful to others. Let’s get started!

Authentication

Your application was pretty much finished from a functionality point of view—you can delete and change any of your todos, and add as many as you like. Here’s the problem: so can anyone else, if that person has access to your web interface. If that person is malicious, then all your todos might be deleted, or your important ones could be tampered with.

In order for your application to be safe, you’ll need to restrict who can access your application, and you shouldn’t be able to tamper with anyone else’s todos. In practice, this means you’ll introduce the following checks:

  • You should need to log in to the application.
  • Once logged in, you should only see your own todo items.
  • Whenever you try to add, change, or delete a todo, it should only work if it’s your todo.

Once these three constraints are in place, you should be safe against anyone trying to fiddle with anyone else’s todo list.

Logging in

Listing only your own todos

Testing!

Images and styles

Where to from here?

Summary