Building data-driven web apps with Flask and SQLAlchemy Transcripts
Chapter: User input and HTML forms
Lecture: Login code
0:00 With our login form in place
0:01 let's go write the code.
0:03 So, this is really all we need for that initial part.
0:06 But the bottom is actually so much like Register.
0:09 We're just going to grab what we did up here
0:11 and put it down there.
0:13 So this part comes like so.
0:16 There's a few things that we can skip.
0:18 We don't need to get their name, that doesn't matter.
0:21 We don't need to validate the name.
0:22 We're actually going to use a cool pattern
0:24 that moves this validation elsewhere.
0:26 So that's going to be real, real nice.
0:28 Do this, we're going to validate get the user
0:33 something like that.
0:34 Here we're going to say, login_user.
0:37 And we don't need the name.
0:38 So that's another function we have to write.
0:40 And then, let's just add a quick message
0:43 if you can't login. Something like that.
0:52 All right, then we still need to do our browser login
0:54 we'll deal with that in a little bit.
0:55 But let's just go right of this function here.
1:01 This is going to be a string, and just like before
1:04 it's going to return an optional user.
1:09 Super, okay so what we need to do, it looks a whole lot like
1:13 up here, we're going to go and create a session
1:16 and then we just need to return the user
1:18 that we're going to query for.
1:19 Actually, it seems like you could create for
1:21 but actually no, the way the password works
1:23 we can't quite just query.
1:24 so what we're going to do here is
1:26 we're going to go to the session
1:28 and we're going to do a query of user
1:31 and do a filter, with a user email
1:35 is this email, now first.
1:37 Now it seems like you might say
1:40 well and the password equals such and such.
1:42 But remember what we're storing is the hashed version.
1:45 And we can't recompute the hash ever.
1:48 Once it's computed, it's fine.
1:50 But we can't recompute it
1:51 'cause this randomly mixes in different result every time.
1:55 So it'll never give you the same answer.
1:56 But we can verify it.
1:58 So the way we have to do this is get it back
1:59 first check there's no user, return None
2:02 or the user would be the same.
2:04 And then we have to validate.
2:06 We can say, if not verify_hash.
2:11 What does this take?
2:12 It takes the hashtags
2:13 which would be user.hash_password.
2:16 And the plain text which would be password.
2:18 So that's not the case, also none
2:21 we don't find the user by email
2:23 or if we do find them but they have the wrong password
2:25 we don't give them back, otherwise, we return user.
2:29 Make sure you don't forget any of those steps
2:31 that would be super, super-bad.
2:33 Right, so now we've got to user
2:34 we send it back.
2:36 Looks like everything may be good.
2:37 Now what do we do?
2:39 Then we're going to validate the user
2:41 we're going to check their password
2:42 and either make sure that account exists
2:44 and the email's right.
2:46 We still got to do this little login.
2:48 Then we're going to go to our account page.
2:49 We should be able to test that real quick here.
2:52 So let's go back to our login page.
2:54 And we'll just do that.
2:56 Let's just try empty.
2:58 Ah, some required fields are missing.
3:00 Put the letter a, tries to get to it.
3:02 Account does not exist.
3:04 Put the real password.
3:06 if this passes gets the user back
3:08 it should redirect us over to our account page.
3:12 Bam, it does! All right, so.
3:14 Login, that was quick and easy, right?
3:16 Starting to get the feel for these forms
3:18 in this database interaction.