Python Learning Journal: Security

This weeks learning journal assignments should be done on your own. You may consult with your classmates, but do the work in your own fork of the journal project. Each partner should submit a different pull request URL.

Tasks

Begin by opening a new branch security for the work in this assignment.

For this part of the assignment you will implement the security layer of your learning journal. Create an ACL that grants the view permission to any visitor and the edit and create permissions only to authenticated users. Configure an authentication system that will allow a single user to log in to the site if they provide a password. Do not store the password anywhere in plain text.

Next, add two views that provide login/logout functionality

  • The login view will display a form with inputs for username and password When the form is submitted, the view will validate the provided credentials and if validation passes, authenticate the user.
  • The logout view will remove all authentication data, returning the viewer to an anonymous state.

Now that you have authentication and authorization, use it protect those parts of your application that are sensitive. Using the create and edit permissions, ensure that no buttons leading to the creating or editing of entries are visible to anonymous users. Also ensure that the views themselves are not accessible.

Finally, ensure that both the create and edit forms for your journal are protected from CSRF attacks as described in class.

Add tests or update your existing tests to cover this new functionality. Ensure that the access controls you have implemented work. Be sure that you cannot see or access the pages for adding or editing entries unless you have logged in.

Submitting Your Work

When your work is complete and all your tests are passing, push your work to your fork of the repository in GitHub. Open a pull request from the security branch to master. Submit the URL for that pull request.

Use the comment feature in canvas to submit the following:

  • At least one well-formed question about the work you did for this assignment
  • At least one comment on what went well
  • At least one comment on what was particularly difficult or challenging