#100DaysOfWeb in Python Transcripts
Chapter: Days 57-60: Flask Login
Lecture: Incorporate Flask-Login

Learn more about this course
Login or purchase this course to watch this video and the rest of the course contents.
0:00 As you can imagine with a Flask login page you would need a page that would appear once you're logged in. So to get to it you have to be authenticated
0:10 and if you aren't, it doesn't work. So we're going to create one of those and it's going to be called pybites_dashboard.html.
0:19 We are also going to create the page called login page and that's your login page. That's where you enter in your login details
0:27 it gets verified against the database and then lets you log in or blocks you. I've already done this for us. Here's one I created earlier and quick
0:37 run-through, login_page.html. There we have it. There's your login page. This is the page where users will log in
0:44 to the site, got a simple form down here uses the post method, and it simply takes a username and a password, submits it through to the backend.
0:55 Nothing crazy there that we haven't seen before. And simply let's just cat out pybites_dashboard. It's quite literally just a H one tag that says
1:06 "This is the Pybites Dashboard. "You can only access this page once you're logged in." And that's our proof that the login system works.
1:17 So we'll call that in our routes.PY file. So let's head back, let's clear the screen make it look lovely, and hop into our routes.py file.
1:29 Now, don't be alarmed. I can see some extra code there that we didn't have before. It's just easier if I explain rather than making
1:36 you watch me type 'cause I'm sure you're sick of it by now. So let's begin by importing flask_login. So from flask_login import login_manager.
1:52 Now, let's use that before we move on to importing the other stuff. What we need to do here is we need to create
1:58 a LoginManager object from login_manager. And what this does is it then initializes our Flask app and can then work with it, all right?
2:11 So login manager.init underscore app and we specify the app that we've imported up here. And then we just do one last thing, we create
2:23 a login view for it to all work in and we're going to call that login view login page. You can make that whatever you want.
2:32 So let's pop down here and the first thing you will see is this newly-created app.route for pybites_dashboard. That's our logged-in page.
2:46 Now, what's special about this is that it has a login_required decorator. That means anything in this function
2:56 anything that is here on this pybites_dashboard route requires a successful login. So let's import that now from Flask login as we use it, of course.
3:13 And that's simply it. It's only returning if you go to this route here. You're just going to get the pybites_dashboard HTML page returned.
3:23 Nothing special, happy with that. Mind you, Flask does take care of all of this so if you weren't authenticated and you tried
3:32 to get there, you'd just get one of those simple forbidden messages. Let's save what we've done now. Okay and let's open it up again.
3:49 Now we have this login page route. This is going to be the code that manages that login page.html. So let's run through it really quickly.
4:01 It's actually not too complex. I know it looks a bit crazy but just go with it. So app.route login page, we're using the methods get and post.
4:10 Nothing new there. There's our function and now what we're doing here in these lines here if the form posts. If that form on that page clicks submit
4:22 this is the code that's getting activated, okay? So if there is a post from the page, and username is in the form, what are we going to do?
4:32 Well, let's look at this side first. We're actually going to query our database. So this here user is our database, right? We have a user database.
4:43 And we're going to query it and we're going to filter it by username. And what we're looking for here is from the request form, get the username
4:54 assign it to here, to this username object get the first return, all right? That's all we're doing here. This is SQL alchemy code.
5:08 And we're assigning that returned object to a user object, lowercase U, all right? And then we're saying, "Well, if user,"
5:18 we're using truthiness here, the Python truthiness, "If there is a user returned "from this, if it does exist, then what do we want?"
5:26 We want to grab their password and does that password match the password that was sent through our request form?
5:34 If it does, well then yes, let's log in that user. Let's get him through, let's get him done let's tag this user object as login user.
5:43 So to use that let's scoot up the top here. And import that as well from flask_login. Login user. Let's pop back down here again.
6:00 And after we've logged them in, what do we do? We redirect them, we redirect them to the pybites_dashboard.
6:07 Now, these are two functions we need to actually bring in from Flask. So we need to import those as well.
6:14 Pop up the top and there we go, I've already imported that. We have URL four and redirect. So we'll pop that down here and now if there
6:25 is no user, if the user that someone's entered is incorrect and it doesn't match our query to the database then watch how this lines up.
6:36 It lines up with the if statement, right? So then we just return invalid username or password. We don't care, we don't want to tell them what's wrong.
6:43 That's fine, they can figure it out themselves. And last but not least if no one has actually entered anything into the form, well then
6:54 we're simply just returning the render template for the login page. So as soon as you browse to the website or the URL for login page, you are going
7:03 to get login page.html. That was the template we filled out earlier. And that's pretty much it. That is Flask login.
7:11 We've just logged in using flask_login as long as the details are correct. There's one last little thing we need to do.
7:21 And we'll pop down to the bottom here. We'll throw him down here. Let's give us some space. And what we need to do is we actually need
7:28 to query the database for the user ID, all right? And that is so that we can have a user callback so that every time Flask log in, every time
7:41 the login manager plays with this user it knows what it's doing. So it knows what user it's grabbing I should say.
7:48 So manager, login_manager.user_loader. This is the decorator we need for this. Def load_user. We're going to grab the user ID of that user
8:02 and all we're doing is returning it returning the query. So we're going to query the database. So user.query.get and we know
8:12 it's an integer from our database from that field of the user ID column. And we want to grab the user ID, close it off. That's it.
8:22 This is a function used by login_manager. We don't really need to do anything with it. So after this let's save and run it.


Talk Python's Mastodon Michael Kennedy's Mastodon