Building Data-Driven Web Apps with Flask and SQLAlchemy Transcripts
Chapter: User input and HTML forms
Lecture: Login code

Login or purchase this course to watch this video and the rest of the course contents.
0:00 With our login form in place let's go write the code. So, this is really all we need for that initial part.
0:07 But the bottom is actually so much like Register. We're just going to grab what we did up here and put it down there. So this part comes like so.
0:17 There's a few things that we can skip. We don't need to get their name, that doesn't matter. We don't need to validate the name.
0:23 We're actually going to use a cool pattern that moves this validation elsewhere. So that's going to be real, real nice.
0:29 Do this, we're going to validate get the user something like that. Here we're going to say, login_user. And we don't need the name.
0:39 So that's another function we have to write. And then, let's just add a quick message if you can't login. Something like that.
0:53 All right, then we still need to do our browser login we'll deal with that in a little bit. But let's just go right of this function here.
1:02 This is going to be a string, and just like before it's going to return an optional user. Super, okay so what we need to do, it looks a whole lot like
1:14 up here, we're going to go and create a session and then we just need to return the user that we're going to query for.
1:20 Actually, it seems like you could create for but actually no, the way the password works we can't quite just query. so what we're going to do here is
1:27 we're going to go to the session and we're going to do a query of user and do a filter, with a user email is this email, now first.
1:38 Now it seems like you might say well and the password equals such and such. But remember what we're storing is the hashed version.
1:46 And we can't recompute the hash ever. Once it's computed, it's fine. But we can't recompute it
1:52 'cause this randomly mixes in different result every time. So it'll never give you the same answer. But we can verify it.
1:59 So the way we have to do this is get it back first check there's no user, return None or the user would be the same. And then we have to validate.
2:07 We can say, if not verify_hash. What does this take? It takes the hashtags which would be user.hash_password.
2:17 And the plain text which would be password. So that's not the case, also none we don't find the user by email
2:24 or if we do find them but they have the wrong password we don't give them back, otherwise, we return user.
2:30 Make sure you don't forget any of those steps that would be super, super-bad. Right, so now we've got to user we send it back.
2:37 Looks like everything may be good. Now what do we do? Then we're going to validate the user we're going to check their password
2:43 and either make sure that account exists and the email's right. We still got to do this little login. Then we're going to go to our account page.
2:50 We should be able to test that real quick here. So let's go back to our login page. And we'll just do that. Let's just try empty.
2:59 Ah, some required fields are missing. Put the letter a, tries to get to it. Account does not exist. Put the real password.
3:07 if this passes gets the user back it should redirect us over to our account page. Bam, it does! All right, so. Login, that was quick and easy, right?
3:17 Starting to get the feel for these forms in this database interaction.

Talk Python's Mastodon Michael Kennedy's Mastodon