WEBVTT

00:01.540 --> 00:02.080
Okay.

00:02.290 --> 00:06.850
Lets our users to register in our system.

00:06.850 --> 00:13.330
At the moment we have one user that we've created with create Superuser Command in the terminal, but

00:13.330 --> 00:17.260
this is not the way to do it for the users in our application.

00:17.260 --> 00:20.260
We should allow them to register.

00:20.500 --> 00:25.000
That means create an account in our system and then log in with that credentials.

00:25.000 --> 00:29.020
So where how we can actually do this.

00:29.050 --> 00:37.960
Normally we have user enabled in the Django, but we don't have anything here that we can use for registering

00:37.960 --> 00:39.220
new users.

00:39.430 --> 00:47.200
So what we could do is we can do it in many different ways and depending how you would like to use your

00:47.200 --> 00:53.560
application, basically you might have methods from the URLs that will create.

00:53.950 --> 01:00.490
So you you can gather all the username and password and whatever fields you will need to have and then

01:00.490 --> 01:03.230
you can create that object for for him.

01:03.230 --> 01:06.920
Like in the similar way we've done with our custom one.

01:06.920 --> 01:15.590
Or we can just implement the view set and we'll get all the methods that are coming with this view set

01:15.590 --> 01:17.510
and it will be available for us.

01:17.540 --> 01:24.800
So what I can do basically is I will copy whatever we have for the movie so far and I will paste it

01:24.800 --> 01:25.400
here.

01:25.880 --> 01:30.590
We don't have users yet or user view set and we can create one.

01:30.590 --> 01:35.900
So user view set will use this user.

01:35.900 --> 01:43.730
We have that user here imported from the out models that's built in Django user and we'll create a view

01:43.730 --> 01:46.160
set based on that user user.

01:46.160 --> 01:53.600
So we need to also have user serializer, we need to import it, but we don't have it yet.

01:53.600 --> 01:55.610
So I will create that in a second.

01:55.610 --> 01:57.350
So I will import that.

01:57.350 --> 02:00.290
So we have a new fresh new view set.

02:00.320 --> 02:07.250
This is exactly the same as we had it here, but for a different model that was for our own model and

02:07.250 --> 02:14.210
that's for a built model, but not it's actually change we will use the same way as we use it with our

02:14.210 --> 02:14.840
models.

02:14.840 --> 02:16.790
So we have our view set here.

02:16.790 --> 02:18.290
Let's do a serializer.

02:18.290 --> 02:22.370
Now we have user serializer imported, but we need to create it.

02:22.370 --> 02:26.360
So here we will do a similar thing here.

02:26.900 --> 02:32.570
So I will just duplicate it and we need to create.

02:34.800 --> 02:39.900
User serializer that will be model user.

02:40.320 --> 02:46.440
We need to import this user and we can import it just like that.

02:47.220 --> 02:53.520
So Django contrib out models and then import users and I will put it in the serializer here.

02:54.390 --> 02:56.460
So this is all gone.

02:56.460 --> 02:59.850
So we can do ID and user name.

03:01.090 --> 03:02.050
For now.

03:04.580 --> 03:06.760
And this is our serializer.

03:06.770 --> 03:11.740
That means we can actually use this serializer with an ID, a name.

03:11.750 --> 03:19.190
Also, I have to pass a password and I will tell you why in a second.

03:19.550 --> 03:28.430
Basically what's happening here is we want to use this serializer because that will be our default serializer

03:28.430 --> 03:31.010
in our views here.

03:31.010 --> 03:34.610
So we will use the serializer for all our methods.

03:34.610 --> 03:41.540
That means it will also be used for a post method, which is creating a record in our database, but

03:41.540 --> 03:43.820
we will use it as a register.

03:43.820 --> 03:50.060
That means whoever wants to register in our database, it will need to use the post method for this

03:50.090 --> 03:50.710
view set.

03:50.720 --> 03:56.450
So if we will use the view, set this one and this serializer.

03:56.450 --> 04:04.410
So this serializer needs to have username and password, but also we need to do extra few things that

04:04.410 --> 04:07.170
will prevent people to think that password.

04:07.170 --> 04:13.710
Otherwise you can just use a method get and then you will see that password for different users.

04:13.710 --> 04:24.180
So we also need to hash that password if we will send a request to our server or send username and password,

04:24.180 --> 04:31.470
we want to hash it and store it in a database hashed not like a normal string because password needs

04:31.470 --> 04:32.340
to be hashed.

04:32.910 --> 04:33.540
Okay.

04:34.170 --> 04:37.230
And hashed means there need to be decoded.

04:37.230 --> 04:42.540
So you can't just open the database and see people passwords this way.

04:42.660 --> 04:47.490
Another step we need to do is we need to go to the URL, but not this one.

04:47.490 --> 04:51.330
We need to go to the URLs for our API.

04:52.260 --> 04:58.020
And in the same way we register a view sets here, we can register our users.

04:58.020 --> 05:07.580
I will duplicate here, I can do users and then I can do user view set that is available here and I

05:07.580 --> 05:09.290
also need to import it.

05:09.680 --> 05:14.480
So we have new view set and we have that users.

05:14.720 --> 05:18.290
So all that is done now.

05:18.290 --> 05:25.130
So basically what we can do is if I go to Postman now, I could possibly do.

05:29.030 --> 05:34.520
Users and slash and then I can use method get.

05:38.000 --> 05:42.320
Uh, I think we need to run this first.

05:46.780 --> 05:48.490
And then send it now.

05:51.200 --> 05:56.360
So, Abe, I think I have two slashes here and then send it now.

05:56.360 --> 05:59.960
And you can see here my object is there.

06:00.890 --> 06:10.040
So for first, I should not be able to use that method because then I can see all the people in the

06:10.040 --> 06:16.490
system if I will hack that API so we can actually remove it from the view set.

06:16.490 --> 06:23.600
And then you can see here ID username and password and the password is that long string here that I

06:23.600 --> 06:23.930
have.

06:23.960 --> 06:31.100
This is hashed password because as you remember I put hash a password Christian but that has been hashed

06:31.100 --> 06:35.780
and converted to this long decoded characters here.

06:35.780 --> 06:42.740
So what we have here is already a view set that is working, but we need to do some extra steps here.

06:42.740 --> 06:51.080
And if I will go to the serializer, we can actually include some extra thing before we will start creating

06:51.180 --> 06:54.330
our users so we can include here.

06:59.880 --> 07:05.250
Extract works and that will be on an object.

07:05.250 --> 07:11.730
And we can include here password that will be another object.

07:12.840 --> 07:24.570
And we can do write only true and we can say required.

07:29.340 --> 07:30.680
Also true.

07:30.690 --> 07:38.420
So what we are saying here is we are passing more information for this field password.

07:38.430 --> 07:40.500
It will be write only.

07:40.500 --> 07:43.080
That means we won't be able to see it.

07:43.080 --> 07:46.790
And also it will be required if we want to register this.

07:46.800 --> 07:48.720
So I will save it now.

07:49.170 --> 07:51.960
And let's come back to the postman and see how it looks like.

07:51.960 --> 07:52.470
Now.

07:54.210 --> 07:59.850
You can see here the password is gone because this is write only.

07:59.850 --> 08:04.500
So we can send the password but will never be able to see that.

08:05.280 --> 08:07.320
And this is already gone.

08:07.320 --> 08:11.970
But it will be required if we want to send that post.

08:11.970 --> 08:14.010
So I will have a post now.

08:14.040 --> 08:18.240
I will go to the body and let's say I will do username.

08:21.110 --> 08:22.070
Christian, too.

08:22.280 --> 08:25.280
And that's the only thing I will send now.

08:25.280 --> 08:26.930
So I will try to send it.

08:27.200 --> 08:34.520
And you can see here, password is still required because we decided we will have write only so it will

08:34.520 --> 08:38.780
be hidden from the get, but it is required for sending.

08:38.840 --> 08:46.280
But if I will send it now this the password will be stored as a normal field because we'll just use

08:46.760 --> 08:51.080
send a username and password as a normal strings and that will be stored.

08:51.080 --> 08:59.750
We need to kind of override the built in function that is in the view set that is method create and

08:59.810 --> 09:03.290
will implement our own and then it will be hashed.

09:03.290 --> 09:07.130
All right, so I can show you how we can do that now.

09:07.130 --> 09:14.960
So definition create and you can see here ID is out of field all the all that.

09:15.080 --> 09:21.390
So we have self, which is the current data and we have validated data, the validated data.

09:21.390 --> 09:27.990
That means it's a data coming from request that are already meet all the requirements for our model

09:27.990 --> 09:28.950
for the user.

09:28.950 --> 09:39.630
So we have the validated data so we can have here a user, a variable, and then you can do user object,

09:41.400 --> 09:43.020
create user.

09:43.050 --> 09:49.950
That's a method here that we can use and that's a special method for this user.

09:49.950 --> 09:56.190
So it's great user and then we can do Asterix Asterix, validate the data.

09:56.190 --> 10:02.190
So we'll take the validated data that we sent to our request and we will use the create user special

10:02.190 --> 10:02.820
method.

10:02.820 --> 10:07.170
What we can do here is we can return that user.

10:07.800 --> 10:09.450
So I will save it now.

10:09.450 --> 10:16.200
And basically this create method was already included, but we overwrite it with our own version of

10:16.200 --> 10:16.560
it.

10:16.560 --> 10:22.280
And then we take the validate data and we use the create user, which is special function for creating

10:22.280 --> 10:22.730
users.

10:22.730 --> 10:25.790
And then we return that user that has been created.

10:25.790 --> 10:35.660
So let's come back to our postman and see what will happen if I will pass a username, a password here.

10:36.500 --> 10:38.630
So in this I can do.

10:38.680 --> 10:39.480
Christian.

10:42.500 --> 10:44.720
Christian up.

10:52.470 --> 10:53.130
Christian tool.

10:53.160 --> 10:57.480
So username and password password like that.

10:57.600 --> 11:04.590
I'm sending that now and you can see here ID is two and the username is Christian two.

11:05.160 --> 11:14.100
So we have created this username using the post method for this users.

11:14.490 --> 11:21.960
So we already have an option to log in and we already have an option to to register our user.

11:21.960 --> 11:24.410
So our API is almost ready.

11:24.420 --> 11:32.760
We need to do some extra steps to secure our API and turn it off the things that we don't want to expose

11:32.760 --> 11:33.780
in our API.