From 2c52e6bbaa052fb8ea2490335822047c56ec7949 Mon Sep 17 00:00:00 2001
From: Tibor Leupold <tibor@lpld.io>
Date: Tue, 31 Dec 2019 10:52:29 -1000
Subject: [PATCH 1/3] Django registration not compatible with Django 3

This commit mirrors the commit a18b64145199b4ecba37979dbd64620a08abfe53
by @bbelderbos which fixes this issue in days/053-056.
---
 days/069-072-django-rest/demo/requirements.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/days/069-072-django-rest/demo/requirements.txt b/days/069-072-django-rest/demo/requirements.txt
index 2241bd23..b4433424 100644
--- a/days/069-072-django-rest/demo/requirements.txt
+++ b/days/069-072-django-rest/demo/requirements.txt
@@ -1,5 +1,5 @@
-django
-django-registration
+django==2.2
+django-registration==3.0.1
 djangorestframework
 requests
 django-rest-swagger

From 70ee2b6cdc91c4196975e0b676dcca7eb281aff1 Mon Sep 17 00:00:00 2001
From: Tibor Leupold <tibor@lpld.io>
Date: Tue, 31 Dec 2019 11:15:19 -1000
Subject: [PATCH 2/3] Show errors in registration form error

This commit is mirroring ab86ca9b2a2083db633849e6505d43b6e9ee2830 in
days/053-056.

Previously, the registration form would not show any field errors
that might occur during registration. This commit updates the
`registration_form.html` template in the demo as well as the starter
code to show occurring field errors.
---
 .../registration_form.html                    |  21 ++++++++++++++++++
 days/069-072-django-rest/starter_code.zip     | Bin 24296 -> 23639 bytes
 2 files changed, 21 insertions(+)

diff --git a/days/069-072-django-rest/demo/mysite/templates/django_registration/registration_form.html b/days/069-072-django-rest/demo/mysite/templates/django_registration/registration_form.html
index 5df14191..0425b7aa 100644
--- a/days/069-072-django-rest/demo/mysite/templates/django_registration/registration_form.html
+++ b/days/069-072-django-rest/demo/mysite/templates/django_registration/registration_form.html
@@ -14,19 +14,40 @@ <h2>Sign up today!</h2>
   <div class="mui-textfield">
     {{ form.username.label }}
     {{ form.username }}
+    <div class="mui--text-danger">
+      {% for error in form.username.errors %}
+        {{ error }}
+      {% endfor %}
+    </div>
   </div>
   <div class="mui-textfield">
     {{ form.email.label }}
     {{ form.email }}
+    <div class="mui--text-danger">
+      {% for error in form.email.errors %}
+        {{ error }}
+      {% endfor %}
+    </div>
   </div>
   <div class="mui-textfield">
     {{ form.password1.label }}
     {{ form.password1 }}
+    <div class="mui--text-danger">
+      {% for error in form.password1.errors %}
+        {{ error }}
+      {% endfor %}
+    </div>
   </div>
   <div class="mui-textfield">
     {{ form.password2.label }}
     {{ form.password2 }}
+    <div class="mui--text-danger">
+      {% for error in form.password2.errors %}
+        {{ error }}
+      {% endfor %}
+    </div>
   </div>
+  <!-- {{ form.as_p }} -->
 
   <input class="mui-btn mui-btn--primary" type="submit" value="{% trans 'Submit' %}" />
 </form>
diff --git a/days/069-072-django-rest/starter_code.zip b/days/069-072-django-rest/starter_code.zip
index 9e760e39c035f6efb9128f73c84e7134ec1e27dc..79e83ebf3bda4ec0a58a54f2a7371c4a943438f9 100644
GIT binary patch
delta 8286
zcmbVQ2~<;88h&9*1VTUp1P}y46a^&gV3b4@wIYI6!4^@(XrpWj+B&1f)QW8#ta=@_
zE}#zJnYxXQTKBEus8d_(q3YD7uB|hQ)$xqWD0TjuyyV^c^75(;CobpkegAsz{lEXt
zLCJ+ZlDxcO&Mxi@{`B<jmuvn9`-dyz%}mmlSN0iQ=*c+k^C(`V%`5t^M9E-?l99pB
z<-#5m#GmnATBP!V-~VZ^M{(uhMEv_p7q9FsmFct}`Ys3N!|>$@_%{6*Z={t3SQ%K0
zXu2d*FO@Y)2Y#gicn(Wpahvahr`7H9+0}*`z0G^p8?$j?WB?fVaSDt9_wg_PHo%wh
zUgoTfwdUuy0bpU7vq}&koX{`~=w?j^Yrv#&Ug88PReZ86yWWXmrny>D>M$yBQf(-o
zBA5zcyWPx@p&U1FzU^6V=}sf1vRU;Hrl)}I_g%<x@@oO{T3U#$MYX=B#!xY(I<9Iq
zP8!i9rViPC7l`S*@;Ux@fpe)`EGFnPw81ApFp<Jph%h4}1rfq2=xavAqHA9K93Xea
zTyV8!{qj?PfL8pB>S%rnVl9RP%POZBD&pR$DKFzkepj(Z0(Ad-uglg|5{4;q7R#u{
zOxK@Zm1jN~m;?3d{I^u#m<W~O4jJDi3kQzOEl^)xVki@G3$^&-Ajdt+jKx9H$Cl67
zpUu^h02%shxCh_6Rmx24U8gTwu4=%$I#KVqyt|>`Tz4K98tVTNsMdX1FzE%jwG-$Z
z2byVfOUb7>6tDznbW!qC^+0n-w1jb%5~6yQC!c0PU>16;>H<`kTv`-GKvN+~Wl4RK
zYEor|UNGwm0`)-VzpG6>5r}F;$%ss;EOo4TuZGuMs3>S25I%4^kUkg4j*Aj@H3u4i
zyn^{@Hzfpr;S4;6F?k!eLxa|IB9G_&!p0FmZ2R<Ld0s|vm*bK>9>wC1#{dq6@*+G?
zRlXNL-AB9DffGs1o6gS%W9#ATxcD4hI9eTMSGgl$)i@r%xy@BTQzuF_(B@e<stdRC
zYFqehpqdvq!#E3QmWonoZB$BgknW@GJZtDy26UHtHM$yrs#cUPo1zP;r7u-Rep>B5
zFW%Gj?3Gb-+{e16UI^`e+)Fb2NcPGl`|qw9-#PbZ=Y8#NpGO`)lk(lZk23uybefyq
zCa-AkbMknbYV*V7yj^qhhDl{Uxs$`Pzz_W867D{I9aVKMwBA-f9%Xhi7rk})KNf!w
zudI8bY2ESh^wA%0nQT1pp<;sj)*mi<7#1bgJ-A=p^Mey<zP@KX7oBUk^s+W`=eqe%
z-H%l%nkE&;D0ID@9>p1cULSKatf1>pGvfZdb#dO<`SJ~)-d?!n;>m-?mbwY)eZT#W
zGHd7|Q*KuCswcJ6MyBSTRjr!UCLI&v+GG8ow8F)M&P$!PxSv~{Ja$<(iMI9h{wpaL
z|MHQ4{EF(?LDIX~BZJQNzy0;S1&fC7kSA-?7H&@J(DkWLzO+vHNoDEfCpW|Tmj_3T
zOHH}?_dCx^bqyPf9}d}bq277$_p`jG9;m7_?09pF(*4AacmJvW)#aO7g%*9&Z-g><
z>i+u~*H=uvvG0oJRF5R|Z*@`5!Q7OdFVth|{Tk0d{JwN&bVtV3(f?}nHvQ;hdJ;al
zGHY#qMxg%vw@Xv=GG44Y*EW1l@>_1sD^r_yq1Ag6jaA!PS3hlO>s-0oca%Idzi--P
zO-zb<hgRV-^1#t^#hZt?Re#mGF#ho&2`*ee?}|T8hbyuVJ0S?abXimr`JijvJMj;m
zb5ujFR3^E6dfOW4fm>7`@E-%1il|3_=8Q6d2Or&y+60tMzv!Pg0bRQ2Mb4*uw|a^}
zV1~HdLoR_iF(c+?y*uzNU^#^+0^6K8eP(5izFKfN5=P=VF}(0~#<*xRA{gzC=FbwQ
zYtd==ZG5w%<(*{k_bt)4F_q=HHYSu`p}O9!K%<tg+H?%kIaD;AYL;eP0e@CUrkLwM
zv;M^4=U0Jdo@fSPNW^(a8$aGqVW=5Do~;Ofb{1~BC^NVxFAUT0xLTZ!;M}~(IbeJv
zyfxg7!|yb#7U~OaYQZ`ltKyR-wNlvvM(LRV97Z;!4vT5&R<;d(S1`8zWJyY@lvP4K
ze@C4I!Ra42+#3qnEr74%;FJ*Dhy;ILf>3QjS-w<uaQm#k;@6=;lmf<NDmHu)V@oI6
zpB$8yxOaq9c0>E8(A~heOSF5yF^aWhQaMbvb`w3)B)tK_rtDdoI2bq!MLoqwYC}>W
zKiIaUt3dI?zN{IS0KQ4IkXREaG_RuxLd=NJ*U$thW<(^q|2BW1G@VHC#f^JrW3#U}
zq;J1y3S(HFsYP~!mL_c?<_WvFCU-n=+!4JGtUOoJ?RX>^k1)^a?Z!P1fTvFM1;7)o
zLKDwRziF&Sf;k>LO^f&y@~@<P@hhgaKknCtakhTVIAs?9rsjU7E^yC#1T0RQ0J`o4
zoI=Mv&p$^Fo{o_NHiBDqq5fYtf?L*WUihBDZsix-+_K&gnOP?#L#47uCpuQNLV8-=
z#N6_-c6@nBMadMseXpBx2I=sXqyB|?+8^kG%$brn`8iuI9sZibmGK0}%^z*M4*$(A
zT4c6GOWrUH=VBuFC;kMy$(YE(k!-MUTA|FQs!0ay0J%Q#qZooE4BoobvS7S*v4DlI
zOiu#buKOI~HG6N{w^)L}nHFOSAXu7=w}1t8c2cE)57q}n4DCyx+jY_C$PoY3(SXH!
zs@JjHuA2(jU~HC#a+xRBEMbJ%CgXO12I;D6W|!&XN~^1}ed|g?%y%;KcHL@MbbV-G
zn!WR!2jsG)8|A@|7~I`jI4*DwOD<GM!%fDSGP-coa^}?{VH**|Aj3c-?~<eIIVyor
zg!?Fh2&G;341>E16p@RC+_>~5z)i+CkYrdCS~4s!)vg8{oZPU)Qt*BXY<mE?qv0oj
zqal|p8j42igGxpu>n2yuC}+jJV-|9;LbE*V49;ZYj-;E3^MG8W^rt+yjjrV+qm{$u
zVtF8!Cv+Ou`GM&qymk@8lUtKa%6#VlGk$HZml&R0mBdl_E-G9Hyl4@_liLwGb+=Sd
zfJ`wgxd@?SKN1MGGy0lWD2`K4E<n0czV8kKybAA5?Co3n-+oO(z5>TW(b4=E+u_0c
z63ZpR)ty{?44{k$b;V%o+C;2($c+ch5rU57XWRSEnI|_K11a<Ja4?^N7KV%V9l6rb
zQh3*HHuqs6BIX0RipZuo?pZlP9O3c8f>gw`52gt4AsvN9+Uke57yJ^C5;%*pzp*<T
zgIPd}UCE^8CEu|o<Dn?}O18~EjvJB`y98OSw#jJfL9^LZGoMZPdZwRwuV|LcCYSjy
zCdCqnp9J%Ve017%L!yzcK>W2MrEoNr;(843f>pGm5@Ur(YT#4~AKlxG2lXs=LP+te
zrtlMxwjkNwG!?itY=(ZQx5nbQvnX}RpLDpBM#|qP%7qTh(*<b?<zgX_(w83fuAoJQ
zf%eTQ90FOoCgVgk-2tx{3#oS52F1dcfd<{gV=Sp+RWrXqxy+ElS4m|?m%w1XY#$p3
zCiN{nL%&F%V<VNaV`oThYjp<42BEnn(S)2xc1%a=TsrlQNeq_9_S3y^-N@M5b>Aj4
zSQw|<Png2!5F)MZI^PtG4i!Lic_l?}3W07i7Msy#!EEn5M?k9G7>eLVDmEX9Kq-q6
zkTRDh*qm-50EsL{Kx$liCUMnZf_O*A4a;Cs+*<p<(gu}i?KqXSC9x#tzbB-KC9ZGi
zpzr~72fe~uK&n~74_9FG$wGO>0S1wwlGLtVL=D=FJqNL#5b~GoVpkB)43hyrpZYP(
J7uooK{|996f?xmu

delta 9007
zcmbuD2~<?q8OPrMgR&^d4zi4Z4k+6Iq9Dq?i4IdMiXN;EFz6)AKwzX81vDs0jill=
zCaow)L614EL5-TKZBsXDkJ{tbX!RtTh*6`_sBuld`(}9WUS@c_nBiQObGX0vegE&f
z%llv4FX=fXDOBZJ+t@Ss6S82UlKsW>P0IK(B^q6MWd3wJ#`^taRbeNLg*6V0#OASt
zVQk#sAMtejb1-vdmt2{Wyxesy{B;C|2jknU^76rR%a6nq;z7@CuKs9v?_~V!)<NlC
zB*MfgFx(kmq|fqXXX7U~nLQcJktC^mL&wjCS=`65H+0>iDy>0d%m7EwPX<N-`cgb0
z2#J;V`2JI1)3-d?6((=Wc8h1ld#y)r%H|*4Pu#rnPAk`BHd!&un^K06v5)pb_Br+f
z@^`(kT5SadupB<l9l}TRa->}T0|rsubpNe52%^r0VFFD6XIp13h{a}A?253Bw^H_Y
z0WQE<-4c)6Fu!>S!$1(m4m6dqN@Fl+_4BJDDi(3FT3{X+{Jl-Ti9uT;iMQu#)+LCY
z9X#M{zA%QiwI|<(#{3hE3GD1}6qRR-{ydZ~PKDXpK%Wk+<rW8)<ynpI_K#uF6<RY)
zxG@N{I@f`d)_i$&edM%WLNU;2mtEt4Q3NGQWEru+rR9~nhy?~+nUJ7chb7RYIZu<q
zaZ-4l8%a1R$AAGqXtpbzmEC8XuO>o7jS$f!UL1LGxxQ4}H!yRRx>RmSbYL4kn_2P#
zg4zR6Qti9$f@(`Wex{U488zf&6JQR*NaEu{*QO5T6gO`?ROh*x!d$l5>{JK{J&Xub
z(dKwL3L&O?r=f#hz7)n|?>R*gAPg{!YER-2=Axjf-WqE9eXGC5*TU3)!r(O#T9qio
zXDNly&QP`Qgw8YAF-!oPh$s4E9xthd?z0;HsWmVx?=GW(aW*eZ{LT{Fx#dCw#NP%Z
zm7P2W%~N>`$?%7OMmh)g+Rh4?-e^MXR;6>(E!1+AtcsexG@^1@HB4=Wkq!~;R>jN9
zbroeAgN9x|7AjIVViCo<Ji1k?1x`JTWG)*AR1hfG8<l}&l%m6wrLr_Y;E`#<sHXYV
z3!GPrN6N~|)g>~mV!U29vKIa{RI2q=vcQz$;_`)hgG^m)&{nGr+H$?DTptMkB3ryz
zhR@Ily;`S{)z;e6Cw`sNAVVrFHaqAJNCj`#Xs;?3{coB*7l*mJOy`<heM6LU<CB)6
zH$uC++e*$$zjBFZqHER^{9ygGIWG0U;z6$M`&NGPiAJ)qzVz_5qS8Xi;jBH;%<c5Q
zJ#cF(-F49Yy8Rwkmvi5qzj|Hy`76gmUFV$T+b8MPA4-^=ZJjPZ`l!BhNA~FN8Xnrd
z9iDn=_lQL|X4SORyw{%emy&r=8(TU8Jp--JW_@$#gAccbGADLBy*iWm`(sO_|9N9;
zgu|uaql-FjSB2ggR;%yU-H`N5JoMoPtKZI^f4Lzw{PMPU?FK#dKECaWJ~!s&s;x<$
z=iHx;J-teP&9SiX_<uvBKhE$9+uNh6|KgpO>oz=^@bXDTZ0fC>H(H(rRky7ick`QX
z<DWIZlGi<tse3L>+OXDd+KW49G8~>n-fWne`O}z&8o!F;so$+?_d7UvLr6zTW@OpY
zN0a0iVpX>8cT2|}h&!5iYf-26LI7O|$(8OM>!A^DunmC=fzIWHAl0;C==n%HuG1}a
zr^~2~lgSgf<DTYu2T<antZ<8=PT+-=WdoeP=+&q#RI?|9U2n1n)CwaGosqk9(OB3w
z9?FME2ENz5wXocvsrnW7x=s0Bzu*v`{&Mqzu@L`kIHy8krESU|j(VmGZJ}M)L&wuc
zlVZrnTmAvE<^X4$iIJP{&uL-4N>J07qm-0w$BsO|3W%kEP_T#?ZhEEp9pZ4<SJZw1
zGr13YJ<In>pF3Bp*Ba)|C9hQGRq1ohAFfmdFM$}^VbPB=rXp9cAg#KLB$?;brHZJR
zOd;EC1>@!z4X|aPEnNGJ?PjX4uDnDuP{VZvM2*EtTRv&<J+@xq&Fw`4=B9bP@lFoN
zG!q8b{ibl#6%|zXn`_SGj_E#~pM7%jsoc{SbHhSHW}G+`ej;)-`dJZ6mGaQe>aF+)
z*a*W7V*FjS2UkjS)zCZ9Wm8GfzD{1{zYnJF1>xXEONoZpXn1jva2-%m%mM1vEpC5v
zOcoFei~&(Zb%{=^CwUfjk*wIsRDxd~Osl*MtSwMh_GO}gKdmh!cs=%Nzcs{H_Nchm
zy|VkUvjfE6HU8b+>FNx+ehwp!o$Qa26KzpzoEujn^ET@Gdz>r1;ANNAE9U~E2NVb+
zIN`JTi<7w$T@%I^(VXs`%l6*~P9wb9k(@j6JjX&jHVF@D&SR@LgI?k4LOl338Wo50
za^Z3^@8+&~i4qCdCGPv=N(avm#?OPdvlp=1plzuxfeqQfEsungF@;OaU-x!REViKz
zn?`?+Q>_q`>2#ogeGeOR9#W^aQ(gD)*voZCL93&-#$^?e#xE-i8cj<(A;}=umEs=r
z(<GSh0~!tO%}=M+tLJOT{<nZC&Pb8eORW5@jr)+fnc@Xm;*T?PHwFJRSu0YbwL)7X
zu-{@7{}xFbD@GKA$#g7B>P2bv)y=b<Ql|sZJUj|$ZnluXAXJtG`=wA^mbY3*hD>n>
zgvX}HSujF@^(DGvh49AFi^Qq^h$Pv=g%j+{F=AXf3>H5F-Ou(&%NG>NGKUWbbJhUI
zX8;agLE4}p1-}lQ;Iv;IPPY{OknN5Q8(|h75^dLzN)NYXS>WBUjW9qzncFsGdfNxn
zjX;?=1NKB9>nj?|X#DO$74y~*2HQCquT#z-iWEN-lY$2z@#@jW4w>;fmc-dS>4K%@
zfwaX#0#`V(p<%;Exczw;?e&nb<>+i~ve=ktqld&OTyadS?UQ4)eS~Vs2S!^yByogW
zFVXflv;icJOnW~h`Mf(vM&JaAO`djvNMNQX4+Kw0ERgntNZ=GN3=Br#4vDQW?Fx}F
zXC%psTr*|Rl#+6NuQ?%3LfR@KnLWTv5}PM&7m=7ReQ=(vc_f^t<qdc=wPL?Ur}HAj
zZg#YTM8=dEfX?KFVLM4UB)*5Wl$AuXGSE&{rr3~ZONqoNMxb4)1QqQsi7O%PEs@ZX
zfu=lJqe(bOUVhqSB6)*@SROb|!Yp1l+AJbj{|bVH<FRWbmPPv=B<tOgrnp$=L+k-Y
zyB;L3brgMoao18&1@TwX1_()BEoZPDA{-)L3i1@BFIzW5Od)c<h)`^Oi5^BUeY*({
zMQ!=s>B8qKUs~EBA(O1bAYW{kh%GJcl#ncsF)Ryg6R}H`woFJ?4r<LGD;!c^p^Q2O
za+?sol&%TKI^|J5ijercWVDMyhW0&X`qtByia03krjXF?NV-P|Z^be?-1rh=Sp>dW
zun4&d#^|zGCiQ)rp*<Ed$QA`1B<Hw@0{bgzTZJS?M>E)D5!*Mk!9s#=AxVLc@RH?g
zOuH&1=3Y#nOgWE5OsalzC2g>f=;f%j;I-b9=&SWEbicqySTD=H;m0iy_FWex&l(|&
z;q{`u7c!}tfRXk3Fv820$I%uHiMu!srOXOodEm#0<<V9Q$!m${c;L&3<<XW5$$K!t
z#B&kTYUb7q$tsvgw;FHMK&xS+M$mkymn&(LhD6(@(&%4yHY#bmh6F$0z-VlmlNb%~
mTPSVc@VvXrq#33_2{Wg^g(d~_h+z`oD+>_sXEF@9LH`F9)wR+9


From d9ee51b08ed05003603cc35a699c536a73486b1e Mon Sep 17 00:00:00 2001
From: Tibor Leupold <tibor@lpld.io>
Date: Tue, 31 Dec 2019 11:36:07 -1000
Subject: [PATCH 3/3] Hide user field in api front-end and set default

Before, it was possible in the api font-end for a logged-in user to set
the user value of a quote during create or update. This means, the user
could set another user as the owner of the quote.

This behavior seems unintended.

To prevent this option, the user field is defined as a hidden field in
the serializer. Hidden fields will not show up in the api frontend form.

A quote should have a user assigned to it (even if it is not required on
the model level) to allow management (update/delete) of the quote. The
quote can only be managed by it's owner. To prevent quotes without an
owner, the hidden user field is assigned the default value of the
currently logged-in user in the serializer.
---
 days/069-072-django-rest/demo/api/serializers.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/days/069-072-django-rest/demo/api/serializers.py b/days/069-072-django-rest/demo/api/serializers.py
index 7d811729..baebb6d0 100644
--- a/days/069-072-django-rest/demo/api/serializers.py
+++ b/days/069-072-django-rest/demo/api/serializers.py
@@ -5,6 +5,13 @@
 
 class QuoteSerializer(serializers.ModelSerializer):
 
+    # This is not included in the videos. Without this setting, it was possible
+    # to set the user value to something other than the currently logged-in
+    # user. This setting hides the user field from the form in the API frontend
+    # and sets the currently logged-in users as the field value by default.
+    # See also: https://stackoverflow.com/a/53193276
+    user = serializers.HiddenField(default=serializers.CurrentUserDefault())
+
     class Meta:
         model = Quote
         fields = ('quote', 'author', 'source', 'cover', 'user')