WEBVTT

00:01.720 --> 00:04.870
Okay, our data is finished.

00:04.900 --> 00:10.780
We can see everything in our serializers and we'll be able to see that in the front end.

00:11.200 --> 00:14.300
And let's allow users now to log in.

00:14.320 --> 00:20.890
We already remember how to do it with a Docker authentication, so let's enable that.

00:20.890 --> 00:24.220
In this application we need to go to the settings.

00:25.430 --> 00:28.550
And we need to add another application.

00:28.550 --> 00:29.960
So it's a rest.

00:31.960 --> 00:33.190
Framework.

00:36.450 --> 00:39.750
Out token like that.

00:40.440 --> 00:43.140
And then what we need to do if I will save it.

00:45.860 --> 00:46.430
Token.

00:46.430 --> 00:50.270
So what we will need to do is migrate now.

00:50.270 --> 00:53.420
So python three manage.

00:53.960 --> 00:56.060
PY migrate.

01:00.770 --> 01:03.860
So no module named rest framework.

01:04.220 --> 01:05.120
I misspell it.

01:05.120 --> 01:09.020
So frame like that.

01:09.740 --> 01:14.030
So we'll save it and I will migrate now.

01:14.600 --> 01:19.730
And I can see too, migration has been applied for our database.

01:20.210 --> 01:22.190
So that is done.

01:22.190 --> 01:27.350
What we need to do is we can go to our admin page now.

01:27.350 --> 01:28.760
I can go run.

01:30.330 --> 01:31.260
Run this.

01:32.310 --> 01:33.660
And then here.

01:35.080 --> 01:37.690
I can go slash admin.

01:39.770 --> 01:44.210
And we have tokens here, so I will generate a token for current user.

01:47.490 --> 01:49.380
And we have our token here.

01:49.530 --> 01:51.480
So that's been added.

01:51.510 --> 02:01.520
What we need to also do is we need to enable a kind of link that will give us some options to log in.

02:01.530 --> 02:07.740
That means we can provide a username and password and I will have that token back.

02:08.130 --> 02:10.140
So let's do that now.

02:10.410 --> 02:14.250
We'll come back here and then we need to go to the URLs.

02:14.280 --> 02:17.520
We can do it on either URL we like.

02:17.520 --> 02:25.260
We can have it here along with others, but I prefer to have a login on the main URL which is in the

02:25.380 --> 02:31.260
inside our projects here because it's an part of our API itself.

02:31.260 --> 02:34.890
It's a let's say extra top level.

02:34.980 --> 02:41.730
So what I can do is I will duplicate it and we can name it as we like, but out is kind of short and

02:41.730 --> 02:43.140
easy to remember.

02:43.140 --> 02:44.820
And then we need to.

02:47.150 --> 02:54.380
Add the method so from rest framework out.

02:55.780 --> 03:06.340
Token views, import, obtain authentication token and we can use it here.

03:08.650 --> 03:14.500
So what I will do, the server has been run, but I can refresh it just in case.

03:14.500 --> 03:16.900
And then we have another URL here.

03:16.900 --> 03:22.600
So let's come back here and then we can actually we can do it in Postman.

03:23.020 --> 03:27.310
So we have instead of API that's on the main URL.

03:27.310 --> 03:31.300
So it's authentication like this and let's test it.

03:31.300 --> 03:33.850
We get of course get is not allowed.

03:33.850 --> 03:40.510
So we need to do a post post and then we'll try this and you can see username and password is required.

03:40.510 --> 03:51.640
So let's go to body and instead of stars here we can do username and minus username is Christian and

03:51.640 --> 03:57.050
then we have password and the password was also Christian.

03:57.890 --> 04:03.110
So I will send this and I will send it here and we have that token back.

04:03.140 --> 04:13.790
I will copy that token here and that token I will be able to use in our application wherever we need.

04:13.790 --> 04:21.590
So if I will go to authorization here, I will go to headers here and then I will do authorization,

04:22.580 --> 04:37.190
I can pass token this one so I can get a let's do get and API movies.

04:39.960 --> 04:43.250
And I can send it with my request.

04:43.260 --> 04:47.340
At the moment we don't do anything with that token.

04:47.340 --> 04:57.450
And what we can do is first we will restrict only a login people to see the resources here.

04:57.450 --> 05:01.920
And also what we need to also do is to come back.

05:06.140 --> 05:07.730
Inside our views.

05:09.000 --> 05:12.660
And use that request user here.

05:12.660 --> 05:15.840
So let's say take a look what we have so far.

05:15.840 --> 05:17.400
We have rate movie.

05:17.400 --> 05:25.860
So I will go here and then I will have just one, let's say movie first and I will do rate rate movie

05:26.100 --> 05:34.250
and I will to try to use a method post, I will send it now and you need to provide stars.

05:34.260 --> 05:35.580
Of course we need to do that.

05:35.580 --> 05:40.620
So I will do stars like that.

05:41.460 --> 05:47.550
And then we need to also provide movie and we need to do a user.

05:47.700 --> 05:53.220
At the moment we don't need to have a user, so let's do stars and movie.

05:53.220 --> 05:54.780
So we'll do stars.

05:56.520 --> 06:00.050
Let's say two and the movie will be one.

06:00.060 --> 06:10.950
So if I will send it now, you can see rating has been updated and the user is one because we hardcoded

06:10.950 --> 06:11.250
that.

06:11.250 --> 06:15.300
So if I will replace it now with the user here.

06:17.880 --> 06:23.580
I can do print and let's try to see what's in the user.

06:23.580 --> 06:24.750
So I will go.

06:25.350 --> 06:27.840
I can print it extra information here.

06:28.320 --> 06:29.430
User.

06:31.590 --> 06:33.020
And that's been refreshed.

06:33.030 --> 06:36.360
Let's go back to the postman and try to do it again.

06:37.780 --> 06:43.490
So you can see here cannot assign automatically an anonymous user a rating.

06:43.510 --> 06:45.850
User must be a user instance.

06:46.240 --> 06:52.570
So the problem for this is I will show you before we have that error.

06:57.370 --> 07:01.450
You can see here we had user anonymous user.

07:01.450 --> 07:05.530
So despite the fact we provided and we pass.

07:07.980 --> 07:08.450
This.

07:08.970 --> 07:10.130
This headers here.

07:10.140 --> 07:11.600
Authorization token.

07:11.610 --> 07:19.020
It's still Django doesn't know how to deal with it is how to translate that token, how to use it.

07:19.020 --> 07:25.260
And we need to actually tell Django that we will use it in our.

07:27.140 --> 07:27.870
View set.

07:27.900 --> 07:36.230
So if I go here, you can see we have query set and we have serializer class, but we haven't tell Django

07:36.260 --> 07:39.860
that we would like to use our token so we can do it now.

07:40.790 --> 07:51.380
Authentication classes and we'll have a tuple here and then we can do token authentication like that.

07:51.740 --> 07:56.030
I also need to put a comma at the end and we need to import it.

07:57.640 --> 08:06.460
From rest framework authentication, import token authentication, and we have that.

08:07.630 --> 08:09.700
So if I will save it now.

08:12.180 --> 08:17.490
Actually, I can copy that and I can also include it for the rating.

08:18.180 --> 08:21.150
So we'll use token authentication for both.

08:21.630 --> 08:23.790
So let's refresh the server.

08:25.900 --> 08:27.520
And coming back here.

08:28.380 --> 08:29.850
I will send it again.

08:30.630 --> 08:35.850
And if now everything is fine, you can see user is here.

08:35.850 --> 08:42.480
And also if I go back here, you can see user Christian has been printed.

08:42.480 --> 08:47.640
And the reason why I see that printed here is because I have this.

08:47.640 --> 08:56.880
So now we switch from this fixed one to use the user from the token authentication.

08:56.880 --> 08:58.230
So if you.

09:01.300 --> 09:06.310
Pass in the headers authorization token and the token for your user.

09:06.340 --> 09:15.040
Django will extract from request that user because this token is connected with that user and we can

09:15.040 --> 09:21.550
have it from the request object available so we can actually remove this part.

09:21.550 --> 09:24.820
And now this is automatically extracted.

09:24.820 --> 09:31.270
So if I will be logged in as a different user and try to do a different rating, this will create a

09:31.270 --> 09:38.880
different rating object in our database because the unique together user and movie will be different.

09:38.890 --> 09:39.880
So that's it.

09:39.880 --> 09:42.160
That's our login.

09:43.140 --> 09:43.620
Option.

09:43.620 --> 09:52.440
We will need to also allow users to register and we can restrict some of our application to be available

09:52.440 --> 09:56.250
only for login user and we can do that in the next video.