Full Web Apps with FastAPI Transcripts
Chapter: Users and HTML forms
Lecture: Login, like registration, so we'll go fast

Login or purchase this course to watch this video and the rest of the course contents.
0:00 Because login and register are so super similar but require a lot of juggling of
0:05 little pieces, I'm just going to drop this little bit of code in here and let's review it and add the final pieces.
0:10 So just like register, we're going to have a GET version and we're gonna have a POST version and then do a redirect. In the GET version,
0:18 We're gonna have our LoginViewModel, and then it's just gonna return the empty form. Let's look at that really quick.
0:23 It's gonna have an email and a password, as you can imagine, along with the base error message that might be sent over,
0:29 like you couldn't log in or wrong password or something. And we're gonna do a load in our POST back to get that from the form, just like we did before.
0:38 Over here, we create it, and this time we await a load, which means it has to be async up here. This one doesn't actually have to be async,
0:46 I guess, because we're not doing async stuff. And we check for errors.
0:50 If there are, we reload the form with the same data, show the error. We're going to need to write a login_user,
0:56 given the email and plain text password they submitted. If it didn't work, then sorry we couldn't get that account.
1:03 Either it didn't exist or the password doesn't work, match or something. You want to do a redirect with 302, set the auth cookie just like we did
1:11 before, and send that response back. One thing we could do real quick here is we can create this function,
1:21 it's going to return an Optional of User like so, like that. Now, the test we're gonna do this first time around is really,
1:31 really simple. So remember, we passed in an email and the password, which is 'abc', that
1:37 we stored? So let's just check against that. When we get to the database section we're gonna actually store the hashed password in a really cool way.
1:45 But let's just go and add a simple test. We'll say if password equal equal, let's say "abc", then we'll return some basic user like this.
1:59 The email's what they passed in and the name will be "test_user" or maybe that, more friendly name like that. Otherwise, what we're gonna do is return
2:09 None, because that didn't match, right? Either we didn't find it out of the database or they typed it in
2:15 wrong. Let's go just run through this experience real quick to make sure our login works in a simple way.
2:20 So here we are, we're not logged in currently. We're gonna log in, the password, the password is gonna be "ab", which is not "abc".
2:29 So this should not let us in. "The account does not exist or the password is wrong." Oh, let me try that password again.
2:37 That's right, it was "abc". Now it should set that cookie log us in, redirect us to
2:41 our account page, and the navigation up here should say "Account" and "Logout". Boom! just like that,
2:48 it does. Really, really similar to the registration stuff, but we try to find the account instead of trying to create the account.
2:54 Go log out and we're back logged out. So we have all of our account management stuff besides actually saving the users in the
3:00 database, which is the next chapter. But we've got all the general HTML view,
3:05 view, model flow and validation of account management and HTML forms completely dialed

Talk Python's Mastodon Michael Kennedy's Mastodon