#100DaysOfWeb in Python Transcripts
Chapter: Days 57-60: Flask Login
Lecture: Incorporate Flask-Login

Login or purchase this course to watch this video and the rest of the course contents.
0:00 As you can imagine with a Flask
0:02 login page you would need a page that would
0:05 appear once you're logged in.
0:07 So to get to it you have to be authenticated
0:09 and if you aren't, it doesn't work.
0:12 So we're going to create one of those
0:13 and it's going to be called pybites_dashboard.html.
0:18 We are also going to create the page called
0:21 login page and that's your login page.
0:24 That's where you enter in your login details
0:26 it gets verified against the database
0:28 and then lets you log in or blocks you.
0:31 I've already done this for us.
0:33 Here's one I created earlier and quick
0:36 run-through, login_page.html.
0:39 There we have it. There's your login page.
0:41 This is the page where users will log in
0:43 to the site, got a simple form down here
0:46 uses the post method, and it simply takes
0:49 a username and a password, submits it through
0:52 to the backend.
0:54 Nothing crazy there that we haven't seen before.
0:57 And simply let's just cat out pybites_dashboard.
1:02 It's quite literally just a H one tag that says
1:05 "This is the Pybites Dashboard.
1:07 "You can only access this page once you're logged in."
1:11 And that's our proof that the login system works.
1:16 So we'll call that in our routes.PY file.
1:19 So let's head back, let's clear the screen
1:21 make it look lovely, and hop into our routes.py file.
1:28 Now, don't be alarmed.
1:29 I can see some extra code there that we didn't have before.
1:32 It's just easier if I explain rather than making
1:35 you watch me type 'cause I'm sure you're sick of it by now.
1:38 So let's begin by importing flask_login.
1:43 So from flask_login import login_manager.
1:51 Now, let's use that before we move on
1:53 to importing the other stuff.
1:54 What we need to do here is we need to create
1:57 a LoginManager object from login_manager.
2:02 And what this does is it then initializes
2:05 our Flask app and can then work with it, all right?
2:10 So login manager.init underscore app
2:14 and we specify the app that we've imported up here.
2:19 And then we just do one last thing, we create
2:22 a login view for it to all work in
2:25 and we're going to call that login view login page.
2:29 You can make that whatever you want.
2:31 So let's pop down here and the first thing
2:35 you will see is this newly-created app.route
2:40 for pybites_dashboard.
2:43 That's our logged-in page.
2:45 Now, what's special about this is that
2:48 it has a login_required decorator.
2:51 That means anything in this function
2:55 anything that is here on this pybites_dashboard
2:58 route requires a successful login.
3:02 So let's import that now from Flask login
3:09 as we use it, of course.
3:12 And that's simply it.
3:14 It's only returning if you go to this route here.
3:17 You're just going to get the pybites_dashboard
3:20 HTML page returned.
3:22 Nothing special, happy with that.
3:26 Mind you, Flask does take care of all of this
3:29 so if you weren't authenticated and you tried
3:31 to get there, you'd just get one of those
3:33 simple forbidden messages.
3:37 Let's save what we've done now.
3:42 Okay and let's open it up again.
3:48 Now we have this login page route.
3:52 This is going to be the code that manages
3:56 that login page.HTML.
3:58 So let's run through it really quickly.
4:00 It's actually not too complex.
4:01 I know it looks a bit crazy but just go with it.
4:04 So app.route login page, we're using
4:07 the methods get and post.
4:09 Nothing new there.
4:11 There's our function and now what we're doing
4:14 here in these lines here if the form posts.
4:19 If that form on that page clicks submit
4:21 this is the code that's getting activated, okay?
4:24 So if there is a post from the page, and username
4:29 is in the form, what are we going to do?
4:31 Well, let's look at this side first.
4:34 We're actually going to query our database.
4:36 So this here user is our database, right?
4:40 We have a user database.
4:42 And we're going to query it and we're going
4:44 to filter it by username.
4:46 And what we're looking for here
4:49 is from the request form, get the username
4:53 assign it to here, to this username object
4:59 get the first return, all right?
5:03 That's all we're doing here.
5:05 This is SQL alchemy code.
5:07 And we're assigning that returned object
5:10 to a user object, lowercase U, all right?
5:15 And then we're saying, "Well, if user,"
5:17 we're using truthiness here, the Python
5:19 truthiness, "If there is a user returned
5:22 "from this, if it does exist, then what do we want?"
5:25 We want to grab their password and does
5:28 that password match the password that was sent
5:31 through our request form?
5:33 If it does, well then yes, let's log in that user.
5:36 Let's get him through, let's get him done
5:38 let's tag this user object as login user.
5:42 So to use that let's scoot up the top here.
5:46 And import that as well from flask_login.
5:53 Login user.
5:57 Let's pop back down here again.
5:59 And after we've logged them in, what do we do?
6:02 We redirect them, we redirect them to the pybites_dashboard.
6:06 Now, these are two functions we need to actually
6:09 bring in from Flask.
6:11 So we need to import those as well.
6:13 Pop up the top and there we go, I've already imported that.
6:15 We have URL four and redirect.
6:20 So we'll pop that down here and now if there
6:24 is no user, if the user that someone's entered
6:27 is incorrect and it doesn't match our query
6:31 to the database then watch how this lines up.
6:35 It lines up with the if statement, right?
6:37 So then we just return invalid username or password.
6:40 We don't care, we don't want to tell them what's wrong.
6:42 That's fine, they can figure it out themselves.
6:45 And last but not least if no one has actually
6:50 entered anything into the form, well then
6:53 we're simply just returning the render template
6:55 for the login page.
6:56 So as soon as you browse to the website
6:59 or the URL for login page, you are going
7:02 to get login page.HTML.
7:05 That was the template we filled out earlier.
7:08 And that's pretty much it.
7:09 That is Flask login.
7:10 We've just logged in using flask_login as long
7:14 as the details are correct.
7:16 There's one last little thing we need to do.
7:20 And we'll pop down to the bottom here.
7:21 We'll throw him down here.
7:23 Let's give us some space.
7:24 And what we need to do is we actually need
7:27 to query the database for the user ID, all right?
7:33 And that is so that we can have a user callback
7:37 so that every time Flask log in, every time
7:40 the login manager plays with this user
7:42 it knows what it's doing.
7:43 So it knows what user it's grabbing I should say.
7:47 So manager, login_manager.user_loader.
7:49 This is the decorator we need for this.
7:53 Def load_user.
7:56 We're going to grab the user ID of that user
8:01 and all we're doing is returning it
8:03 returning the query.
8:04 So we're going to query the database.
8:06 So user.query.get and we know
8:11 it's an integer from our database from that field
8:15 of the user ID column.
8:17 And we want to grab the user ID, close it off.
8:20 That's it.
8:21 This is a function used by login_manager.
8:23 We don't really need to do anything with it.
8:26 So after this let's save and run it.