Building Data-Driven Web Apps with Pyramid and SQLAlchemy Transcripts
Chapter: User input and HTML forms
Lecture: Login setup
Login or
purchase this course
to watch this video and the rest of the course contents.
0:00
Register sure seemed to work. Let's do login.
0:03
Now again, it's going to follow the
0:10
get post redirect pattern.
0:11
In fact, there's going to be so much similarity
0:13
between those two, I'm just going to highlight
0:15
all this and hit Command D to duplicate it.
0:18
All right so let's make sure we change this to login.
0:27
Now we're not going to pass the name around.
0:29
Just email and password, potentially
0:31
error as well, so we'll go with that.
0:40
All right let's clean up some of this print stuff.
0:42
This was just to show you where the data was coming from.
0:48
All right now we don't actually need to validate
0:51
the password and stuff.
0:52
We'll just try to login and either
0:54
it's going to work or not.
0:55
So let's just do this little login bit here.
0:58
This part, when I say login, I mean put
1:00
like a cookie so we remember them as a session.
1:04
So here we'll just say do this login.
1:07
If not this, hope it's not user.
1:09
Here we'll say, the user could not be found
1:14
or the password is incorrect.
1:21
All right this looks pretty good right?
1:22
We'll come in here, I'm going to do a POST.
1:24
Submit the form.
1:25
It's going to have those two pieces of data.
1:27
We'll write this in a moment.
1:29
If we go to the database and the user existed
1:32
that email and the password is valid
1:34
then we're just going to send 'em along.
1:36
Of course we want to save their session
1:38
do some logging or recording
1:39
all those sorts of things.
1:40
But for now, let's just put an error
1:44
or no error depending on what we get.
1:46
It's going to turn it optional of user
1:50
It's going to return an optional
1:54
of user, 'cause maybe they don't login.
1:57
Right they try, but they fail.
2:00
All right so here's some interesting stuff.
2:01
Again we're going to need our session
2:02
Again we're going to need our session.
2:05
So we want to create the session
2:07
and then we want to create a query.
2:09
So we'll just say.
2:10
Let's see if we can do it super simple like this.
2:12
Return session query of user when the filter is.
2:18
Actually hold on. Do it like this. email == email.
2:26
Now one thing I really like to do is make sure
2:28
we store these things in lowercase and stripped.
2:32
Not on the password, but on the email.
2:35
So down here we can say if email.
2:40
How about if not email, return None.
2:48
And how about we say user.email
2:50
And it's going to be one.
2:51
So we may have a user back if we say if not user
2:55
return None, user, whatever, same thing.
2:58
Now you might reasonably expect you could say
3:00
well, let's just say hash the password
3:02
and do the query in the database where
3:04
the email and the password matches.
3:07
But every time you create a new password hash
3:10
it generates a different salt.
3:12
So what we need is to ask Passlib
3:14
to say, given the salt that you stored
3:17
somewhere in that giant blob of goo
3:20
take this raw password and validate that it is the same.
3:25
So we'll say, if not, verify_hash.
3:30
What does it take? It takes the hashtext which will be user.hashpassword
3:35
and the plaintext password.
3:40
Return None. And finally return user.
3:44
Not super hard but you want to make sure
3:45
you don't forget some of these steps.
3:47
That would be bad. Let's try.
3:51
It's not going to turn out as well as you think.
3:54
Where's our form? Well, now we should put our form in here.
