Full Web Apps with FastAPI Transcripts
Chapter: Users and HTML forms
Lecture: Login, like registration, so we'll go fast
0:00 Because login and register are so super similar but require a lot of juggling of
0:04 little pieces, I'm just going to drop this little bit of code in here and let's
0:07 review it and add the final pieces.
0:09 So just like register, we're going to have a GET version and we're gonna have
0:14 a POST version and then do a redirect. In the GET version,
0:17 We're gonna have our LoginViewModel,
0:18 and then it's just gonna return the empty form.
0:20 Let's look at that really quick.
0:22 It's gonna have an email and a password,
0:24 as you can imagine, along with the base error message that might be sent over,
0:28 like you couldn't log in or wrong password or something.
0:32 And we're gonna do a load in our POST back to get that from the form,
0:35 just like we did before.
0:37 Over here, we create it,
0:38 and this time we await a load,
0:40 which means it has to be async up here.
0:43 This one doesn't actually have to be async,
0:45 I guess, because we're not doing async stuff. And we check for errors.
0:49 If there are, we reload the form with the same data, show the error. We're going to
0:53 need to write a login_user,
0:55 given the email and plain text password they submitted.
0:59 If it didn't work, then sorry we couldn't get that account.
1:02 Either it didn't exist or the password doesn't work, match or something. You want to
1:06 do a redirect with 302, set the auth cookie just like we did
1:10 before, and send that response back.
1:13 One thing we could do real quick here is we can create this function,
1:20 it's going to return an Optional of User like so, like that.
1:27 Now, the test we're gonna do this first time around is really,
1:30 really simple. So remember, we passed in an email and the password, which is 'abc', that
1:36 we stored? So let's just check against that. When we get to the database section
1:40 we're gonna actually store the hashed password in a really cool way.
1:44 But let's just go and add a simple test. We'll say
1:46 if password equal equal, let's say "abc",
1:52 then we'll return some basic user like this.
1:58 The email's what they passed in and the name will be "test_user"
2:01 or maybe that, more friendly name like that.
2:06 Otherwise, what we're gonna do is return
2:08 None, because that didn't match, right?
2:11 Either we didn't find it out of the database or they typed it in
2:14 wrong. Let's go just run through this experience real quick to make sure
2:17 our login works in a simple way.
2:19 So here we are, we're not logged in currently.
2:23 We're gonna log in, the password, the password is gonna be "ab",
2:27 which is not "abc".
2:28 So this should not let us in.
2:32 "The account does not exist or the password is wrong."
2:34 Oh, let me try that password again.
2:36 That's right, it was "abc". Now it should set that cookie log us in, redirect us to
2:40 our account page, and the navigation up here should say "Account" and "Logout".
2:46 Boom! just like that,
2:47 it does. Really, really similar to the registration stuff,
2:50 but we try to find the account instead of trying to create the account.
2:53 Go log out and we're back logged out.
2:55 So we have all of our account management stuff besides actually saving the users in the
2:59 database, which is the next chapter.
3:01 But we've got all the general HTML view,
3:04 view, model flow and validation of account management and HTML forms completely dialed