Building Data-Driven Web Apps with Flask and SQLAlchemy Transcripts
Chapter: User input and HTML forms
Lecture: Login code
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
With our login form in place
0:01
let's go write the code.
0:03
So, this is really all we need for that initial part.
0:06
But the bottom is actually so much like Register.
0:09
We're just going to grab what we did up here
0:11
and put it down there.
0:13
So this part comes like so.
0:16
There's a few things that we can skip.
0:18
We don't need to get their name, that doesn't matter.
0:21
We don't need to validate the name.
0:22
We're actually going to use a cool pattern
0:24
that moves this validation elsewhere.
0:26
So that's going to be real, real nice.
0:28
Do this, we're going to validate get the user
0:33
something like that.
0:34
Here we're going to say, login_user.
0:37
And we don't need the name.
0:38
So that's another function we have to write.
0:40
And then, let's just add a quick message
0:43
if you can't login. Something like that.
0:52
All right, then we still need to do our browser login
0:54
we'll deal with that in a little bit.
0:55
But let's just go right of this function here.
1:01
This is going to be a string, and just like before
1:04
it's going to return an optional user.
1:09
Super, okay so what we need to do, it looks a whole lot like
1:13
up here, we're going to go and create a session
1:16
and then we just need to return the user
1:18
that we're going to query for.
1:19
Actually, it seems like you could create for
1:21
but actually no, the way the password works
1:23
we can't quite just query.
1:24
so what we're going to do here is
1:26
we're going to go to the session
1:28
and we're going to do a query of user
1:31
and do a filter, with a user email
1:35
is this email, now first.
1:37
Now it seems like you might say
1:40
well and the password equals such and such.
1:42
But remember what we're storing is the hashed version.
1:45
And we can't recompute the hash ever.
1:48
Once it's computed, it's fine.
1:50
But we can't recompute it
1:51
'cause this randomly mixes in different result every time.
1:55
So it'll never give you the same answer.
1:56
But we can verify it.
1:58
So the way we have to do this is get it back
1:59
first check there's no user, return None
2:02
or the user would be the same.
2:04
And then we have to validate.
2:06
We can say, if not verify_hash.
2:11
What does this take?
2:12
It takes the hashtags
2:13
which would be user.hash_password.
2:16
And the plain text which would be password.
2:18
So that's not the case, also none
2:21
we don't find the user by email
2:23
or if we do find them but they have the wrong password
2:25
we don't give them back, otherwise, we return user.
2:29
Make sure you don't forget any of those steps
2:31
that would be super, super-bad.
2:33
Right, so now we've got to user
2:34
we send it back.
2:36
Looks like everything may be good.
2:37
Now what do we do?
2:39
Then we're going to validate the user
2:41
we're going to check their password
2:42
and either make sure that account exists
2:44
and the email's right.
2:46
We still got to do this little login.
2:48
Then we're going to go to our account page.
2:49
We should be able to test that real quick here.
2:52
So let's go back to our login page.
2:54
And we'll just do that.
2:56
Let's just try empty.
2:58
Ah, some required fields are missing.
3:00
Put the letter a, tries to get to it.
3:02
Account does not exist.
3:04
Put the real password.
3:06
if this passes gets the user back
3:08
it should redirect us over to our account page.
3:12
Bam, it does! All right, so.
3:14
Login, that was quick and easy, right?
3:16
Starting to get the feel for these forms
3:18
in this database interaction.