Building Data-Driven Web Apps with Pyramid and SQLAlchemy Transcripts
Chapter: Client and server-side validation
Lecture: Server-side validation

Learn more about this course
Login or purchase this course to watch this video and the rest of the course contents.
0:01 We're also going to use this over here.
0:04 And this is going to show you another aspect
0:06 of these view models that is beautiful.
0:09 So notice over here that we're saying
0:11 all right, some form data has been submitted to us.
0:15 Right here it's, look at this email
0:17 look at this name, look at this password.
0:20 Well instead of remembering to do this
0:22 and on complicated forms with ten pieces
0:24 like this gets really tiresome really quick.
0:27 We could actually just do like this.
0:29 Even on the Get because state is going to come in
0:33 but it'll just be missing so we could come over
0:34 and say self.requestdict.get('email')
0:39 Or we could just say .email, whichever you feel like.
0:44 That solves those three lines.
0:46 And then this validation, remember I said really
0:49 really there should be three lines.
0:50 You're email is required. You didn't enter it?
0:53 Oh, wait, you entered your email but your name is required.
0:55 You didn't enter it, and so on. Well let's go do that.
0:58 We only want to compute those sorts
1:01 of things on the form POST.
1:04 So let's add another validate function here.
1:07 And when that happens we're going to basically say
1:10 if not self.email self.error equals?
1:15 You must specify an email address.
1:17 And you can imagine, same for name, same for password.
1:23 So over here that is this sort of stuff and remember
1:27 all of these things are already being tracked
1:29 so watch how much simpler this becomes.
1:32 vm.validate, and remember this is totally scalable.
1:35 Like this could become way more involved.
1:38 And it, it means you're more likely
1:40 to write that extra validation code.
1:43 Because it's not making this method even worse
1:45 even harder to understand, right?
1:47 There's, it never gets more complicated than just validate.
1:50 So then you just ask if vm.error
1:52 if there is some kind of error
1:54 were just going to return vm.to_dic().
1:57 Which includes the error.
1:59 Otherwise, we say vm.email
2:02 vm.name, vm.password.
2:05 Done, how sweet is that?
2:07 So, look how clean this method becomes.
2:11 We create our view model and we ask for validation.
2:13 And if there's a problem we just let it exchange
2:15 other data back with potential
2:17 error messages, all sorts of stuff.
2:19 And, otherwise, we carry on.
2:20 Now let's do one more thing, let's go to this part here.
2:24 And let's add, say if self.email.
2:28 Remember we stored this in a simplified form.
2:30 We'll say email == self.email.strip().lower().
2:34 Just to make sure.
2:35 I think we're doing that in the data layer as well
2:37 but let's make sure the data is
2:38 already prepared when it comes in.
2:42 And we can come over here and say things like
2:44 if it's not there we'll just say strip on this as well.
2:49 We're not going to mess with the password.
2:50 They owant their password to be space, they can have it.
2:54 Alright, let's make sure we can still register.
2:56 So over here, we register get, register post.
3:00 Let's see if things are still working.
3:01 Come over here. Right now we're logged in so let's logout.
3:06 And let's register as user, user2.
3:12 At u2.com, get my password.
3:16 Actually, let's first leave some stuff out here.
3:19 Let's leave out the name and the password.
3:21 You must spec, specify your name.
3:23 User2 is my name.
3:25 You must specify password.
3:28 Alright, that's our password.
3:29 Now this should work and we should be logged in as user2.
3:33 Ready, bam, there we go.
3:38 So let's review, we've taken and created
3:40 this RegisterViewModel that has both the ability
3:44 to load the data and then validate it.
3:46 We saw our error handling checking
3:48 to make sure the user name was there
3:49 the actual name was there, the password was there.
3:52 We didn't check email but it's there.
3:55 And then, once all that stuff happens correctly
3:58 we just use the values from it.
4:00 So, what's really beautiful about this is it doesn't
4:03 no matter how much data you exchange, it doesn't
4:06 get more complicated than this.
4:08 The view model is in charge of validating the data
4:10 and exchanging the data with the form.
4:13 You just work with the, the data that's gotten.
4:16 It's real, real nice.
4:18 On this one, they can interact with
4:20 the database as it needs to, all sorts of stuff like that.
4:23 So here, it's going and getting the cookie from the request
4:26 and then it's actually hitting
4:27 the database to populate the user.
4:29 If it doesn't find it, we do some hard
4:31 error handling, we just send them to login.
4:33 Otherwise it passes that onto the view
4:35 which is why we saw that right there, user2.
4:39 So these view models are super, super valuable.
4:42 And we'll be using them for the rest of this course.
4:44 I'm going to go ahead and put view models in place for
4:47 the remaining methods that you don't see.
4:50 Like on packages and so on, but I'm not not going to
4:52 walk you through it because, guess what?
4:54 It's exactly the same as what we've
4:55 been doing in the last two.