Building data-driven web apps with Pyramid and SQLAlchemy Transcripts
Chapter: User input and HTML forms
Lecture: Login setup
0:00 Register sure seemed to work. Let's do login.
0:03 Now again, it's going to follow the
0:10 get post redirect pattern.
0:11 In fact, there's going to be so much similarity
0:13 between those two, I'm just going to highlight
0:15 all this and hit Command D to duplicate it.
0:18 All right so let's make sure we change this to login.
0:27 Now we're not going to pass the name around.
0:29 Just email and password, potentially
0:31 error as well, so we'll go with that.
0:40 All right let's clean up some of this print stuff.
0:42 This was just to show you where the data was coming from.
0:48 All right now we don't actually need to validate
0:51 the password and stuff.
0:52 We'll just try to login and either
0:54 it's going to work or not.
0:55 So let's just do this little login bit here.
0:58 This part, when I say login, I mean put
1:00 like a cookie so we remember them as a session.
1:04 So here we'll just say do this login.
1:07 If not this, hope it's not user.
1:09 Here we'll say, the user could not be found
1:14 or the password is incorrect.
1:21 All right this looks pretty good right?
1:22 We'll come in here, I'm going to do a POST.
1:24 Submit the form.
1:25 It's going to have those two pieces of data.
1:27 We'll write this in a moment.
1:29 If we go to the database and the user existed
1:32 that email and the password is valid
1:34 then we're just going to send 'em along.
1:36 Of course we want to save their session
1:38 do some logging or recording
1:39 all those sorts of things.
1:40 But for now, let's just put an error
1:44 or no error depending on what we get.
1:46 It's going to turn it optional of user
1:50 It's going to return an optional
1:54 of user, 'cause maybe they don't login.
1:57 Right they try, but they fail.
2:00 All right so here's some interesting stuff.
2:01 Again we're going to need our session
2:02 Again we're going to need our session.
2:05 So we want to create the session
2:07 and then we want to create a query.
2:09 So we'll just say.
2:10 Let's see if we can do it super simple like this.
2:12 Return session query of user when the filter is.
2:18 Actually hold on. Do it like this. email == email.
2:26 Now one thing I really like to do is make sure
2:28 we store these things in lowercase and stripped.
2:32 Not on the password, but on the email.
2:35 So down here we can say if email.
2:40 How about if not email, return None.
2:48 And how about we say user.email
2:50 And it's going to be one.
2:51 So we may have a user back if we say if not user
2:55 return None, user, whatever, same thing.
2:58 Now you might reasonably expect you could say
3:00 well, let's just say hash the password
3:02 and do the query in the database where
3:04 the email and the password matches.
3:07 But every time you create a new password hash
3:10 it generates a different salt.
3:12 So what we need is to ask Passlib
3:14 to say, given the salt that you stored
3:17 somewhere in that giant blob of goo
3:20 take this raw password and validate that it is the same.
3:25 So we'll say, if not, verify_hash.
3:30 What does it take? It takes the hashtext which will be user.hashpassword
3:35 and the plaintext password.
3:40 Return None. And finally return user.
3:44 Not super hard but you want to make sure
3:45 you don't forget some of these steps.
3:47 That would be bad. Let's try.
3:51 It's not going to turn out as well as you think.
3:54 Where's our form? Well, now we should put our form in here.