Building Data-Driven Web Apps with Pyramid and SQLAlchemy Transcripts
Chapter: User input and HTML forms
Lecture: Login setup

Login or purchase this course to watch this video and the rest of the course contents.
0:00 Register sure seemed to work. Let's do login. Now again, it's going to follow the get post redirect pattern.
0:12 In fact, there's going to be so much similarity between those two, I'm just going to highlight all this and hit Command D to duplicate it.
0:19 All right so let's make sure we change this to login. Now we're not going to pass the name around. Just email and password, potentially
0:32 error as well, so we'll go with that. All right let's clean up some of this print stuff. This was just to show you where the data was coming from.
0:49 All right now we don't actually need to validate the password and stuff. We'll just try to login and either it's going to work or not.
0:56 So let's just do this little login bit here. This part, when I say login, I mean put like a cookie so we remember them as a session.
1:05 So here we'll just say do this login. If not this, hope it's not user. Here we'll say, the user could not be found or the password is incorrect.
1:22 All right this looks pretty good right? We'll come in here, I'm going to do a POST. Submit the form. It's going to have those two pieces of data.
1:28 We'll write this in a moment. If we go to the database and the user existed that email and the password is valid
1:35 then we're just going to send 'em along. Of course we want to save their session do some logging or recording all those sorts of things.
1:41 But for now, let's just put an error or no error depending on what we get. It's going to turn it optional of user It's going to return an optional
1:55 of user, 'cause maybe they don't login. Right they try, but they fail. All right so here's some interesting stuff.
2:02 Again we're going to need our session Again we're going to need our session. So we want to create the session and then we want to create a query.
2:10 So we'll just say. Let's see if we can do it super simple like this. Return session query of user when the filter is.
2:19 Actually hold on. Do it like this. email == email. Now one thing I really like to do is make sure we store these things in lowercase and stripped.
2:33 Not on the password, but on the email. So down here we can say if email. How about if not email, return None. And how about we say
2:51 And it's going to be one. So we may have a user back if we say if not user return None, user, whatever, same thing.
2:59 Now you might reasonably expect you could say well, let's just say hash the password and do the query in the database where
3:05 the email and the password matches. But every time you create a new password hash it generates a different salt. So what we need is to ask Passlib
3:15 to say, given the salt that you stored somewhere in that giant blob of goo take this raw password and validate that it is the same.
3:26 So we'll say, if not, verify_hash. What does it take? It takes the hashtext which will be user.hashpassword and the plaintext password.
3:41 Return None. And finally return user. Not super hard but you want to make sure you don't forget some of these steps. That would be bad. Let's try.
3:52 It's not going to turn out as well as you think. Where's our form? Well, now we should put our form in here.

Talk Python's Mastodon Michael Kennedy's Mastodon