Building Data-Driven Web Apps with Pyramid and SQLAlchemy Transcripts
Chapter: Client and server-side validation
Lecture: Server-side validation

Login or purchase this course to watch this video and the rest of the course contents.
0:01 We're also going to use this over here. And this is going to show you another aspect of these view models that is beautiful.
0:10 So notice over here that we're saying all right, some form data has been submitted to us. Right here it's, look at this email
0:18 look at this name, look at this password. Well instead of remembering to do this and on complicated forms with ten pieces
0:25 like this gets really tiresome really quick. We could actually just do like this. Even on the Get because state is going to come in
0:34 but it'll just be missing so we could come over and say self.requestdict.get('email') Or we could just say .email, whichever you feel like.
0:45 That solves those three lines. And then this validation, remember I said really really there should be three lines.
0:51 You're email is required. You didn't enter it? Oh, wait, you entered your email but your name is required.
0:56 You didn't enter it, and so on. Well let's go do that. We only want to compute those sorts of things on the form POST.
1:05 So let's add another validate function here. And when that happens we're going to basically say if not self.error equals?
1:16 You must specify an email address. And you can imagine, same for name, same for password. So over here that is this sort of stuff and remember
1:28 all of these things are already being tracked so watch how much simpler this becomes. vm.validate, and remember this is totally scalable.
1:36 Like this could become way more involved. And it, it means you're more likely to write that extra validation code.
1:44 Because it's not making this method even worse even harder to understand, right? There's, it never gets more complicated than just validate.
1:51 So then you just ask if vm.error if there is some kind of error were just going to return vm.to_dic(). Which includes the error.
2:00 Otherwise, we say, vm.password. Done, how sweet is that? So, look how clean this method becomes.
2:12 We create our view model and we ask for validation. And if there's a problem we just let it exchange other data back with potential
2:18 error messages, all sorts of stuff. And, otherwise, we carry on. Now let's do one more thing, let's go to this part here.
2:25 And let's add, say if Remember we stored this in a simplified form. We'll say email == Just to make sure.
2:36 I think we're doing that in the data layer as well but let's make sure the data is already prepared when it comes in.
2:43 And we can come over here and say things like if it's not there we'll just say strip on this as well. We're not going to mess with the password.
2:51 They owant their password to be space, they can have it. Alright, let's make sure we can still register. So over here, we register get, register post.
3:01 Let's see if things are still working. Come over here. Right now we're logged in so let's logout. And let's register as user, user2.
3:13 At, get my password. Actually, let's first leave some stuff out here. Let's leave out the name and the password.
3:22 You must spec, specify your name. User2 is my name. You must specify password. Alright, that's our password.
3:30 Now this should work and we should be logged in as user2. Ready, bam, there we go. So let's review, we've taken and created
3:41 this RegisterViewModel that has both the ability to load the data and then validate it. We saw our error handling checking
3:49 to make sure the user name was there the actual name was there, the password was there. We didn't check email but it's there.
3:56 And then, once all that stuff happens correctly we just use the values from it. So, what's really beautiful about this is it doesn't
4:04 no matter how much data you exchange, it doesn't get more complicated than this. The view model is in charge of validating the data
4:11 and exchanging the data with the form. You just work with the, the data that's gotten. It's real, real nice. On this one, they can interact with
4:21 the database as it needs to, all sorts of stuff like that. So here, it's going and getting the cookie from the request and then it's actually hitting
4:28 the database to populate the user. If it doesn't find it, we do some hard error handling, we just send them to login.
4:34 Otherwise it passes that onto the view which is why we saw that right there, user2. So these view models are super, super valuable.
4:43 And we'll be using them for the rest of this course. I'm going to go ahead and put view models in place for the remaining methods that you don't see.
4:51 Like on packages and so on, but I'm not not going to walk you through it because, guess what? It's exactly the same as what we've
4:56 been doing in the last two.

Talk Python's Mastodon Michael Kennedy's Mastodon