Working with token-based authentication

Now, we will make changes to use token-based authentication to retrieve, update, or delete pilots. Only those users that have a token will be able to make these operations with pilots. Hence, we will setup a specific authentication for pilots. It will still be possible to see the pilot's name rendered in unauthenticated requests.

The token-based authentication requires a new model named Token. Make sure you quit the Django's development server. Remember that you just need to press Ctrl + C in the terminal or command prompt window in which it is running.

Of course, in a production environment, we must make sure that the RESTful Web Service is only available over HTTPS, with the usage of the latest TLS versions. We shouldn't use a token-based authentication over plain HTTP in a production environment.

Open the restful01/restful01/settings.py file that declares module-level variables that define the configuration of Django for the restful01 project. Locate the lines that assign a strings list to INSTALLED_APPS to declare the installed apps. Add the following string to the INSTALLED_APPS strings list and save the changes to the settings.py file:

'rest_framework.authtoken'

The following lines show the new code that declares the INSTALLED_APPS strings list with the added line highlighted and with comments to understand what each added string means. The code file for the sample is included in the hillar_django_restful_08_02 folder in the restful01/restful01/settings.py file:

INSTALLED_APPS = [ 
    'django.contrib.admin', 
    'django.contrib.auth', 
    'django.contrib.contenttypes', 
    'django.contrib.sessions', 
    'django.contrib.messages', 
    'django.contrib.staticfiles', 
    # Django REST framework 
    'rest_framework', 
    # Drones application 
    'drones.apps.DronesConfig', 
    # Django Filters, 
    'django_filters', 
    # Token authentication

    'rest_framework.authtoken',
]

This way, we have added the rest_framework.authtoken application to our Django project named restful01.

Now, run the following Python script to execute all migrations required for the recently added authtoken application and apply the changes in the underlying database tables. This way, we will install the app:

    python manage.py migrate

The following lines show the output generated after running the previous command. Notice that the order in which the migrations are executed can differ in your development computer:

    Operations to perform:
      Apply all migrations: admin, auth, authtoken, contenttypes, 
      drones, sessions
      Running migrations:
      Applying authtoken.0001_initial... OK
      Applying authtoken.0002_auto_20160226_1747... OK

After we run the previous command, we will have a new authtoken_token table in the PostgreSQL database. This table will persist the generated tokens and has a foreign key to the auth_user table.

We will configure authentication and permission policies for the class-based views that work with the Pilot model. We will override the values for the authentication_classes and permission_classes class attributes for the PilotDetail and PilotList classes.

We will add the same lines of code in the two classes. We will include the TokenAuthentication authentication class in the authentication_classes tuple, and the IsAuthenticated permission class in the permission_classes tuple.

Open the restful01/drones/views.py file and add the following lines after the last line that declares the imports, before the declaration of the DroneCategorySerializer class. The code file for the sample is included in the hillar_django_restful_08_02 folder, in the restful01/drones/views.py file:

from rest_framework.permissions import IsAuthenticated 
from rest_framework.authentication import TokenAuthentication

Replace the code that declares the PilotDetail class with the following code in the same views.py file. The new lines are highlighted in the code listing. The code file for the sample is included in the hillar_django_restful_08_02 folder, in the restful01/drones/views.py file:

class PilotDetail(generics.RetrieveUpdateDestroyAPIView): 
    queryset = Pilot.objects.all() 
    serializer_class = PilotSerializer 
    name = 'pilot-detail' 
    authentication_classes = (
        TokenAuthentication,
        )
    permission_classes = (
        IsAuthenticated,
        )

Replace the code that declares the PilotList class with the following code in the same views.py file. The new lines are highlighted in the code listing. The code file for the sample is included in the hillar_django_restful_08_02 folder, in the restful01/drones/views.py file:

class PilotList(generics.ListCreateAPIView): 
    queryset = Pilot.objects.all() 
    serializer_class = PilotSerializer 
    name = 'pilot-list' 
    filter_fields = ( 
        'name',  
        'gender', 
        'races_count', 
        ) 
    search_fields = ( 
        '^name', 
        ) 
    ordering_fields = ( 
        'name', 
        'races_count' 
        ) 
    authentication_classes = (
        TokenAuthentication,
        )
    permission_classes = (
        IsAuthenticated,
        )
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.216.96.94