Full Web Apps with FastAPI Transcripts
Chapter: async databases with SQLAlchemy
Lecture: Async login user

Login or purchase this course to watch this video and the rest of the course contents.
0:00 The final user method that talks to the database that needs to be converted to this
0:05 async API is login_user. Again, pretty straightforward. So I'll come over here, like this, and we want to get a hold of the user by email so I'll
0:14 leave some of these tests in here. This is gonna be different, of course. We do a query, which is a select of User like this.
0:22 And then the filter goes on, but not the first, that goes to another location. Then we say result equals session.execute(query).
0:32 Now, remember, this is the async part right there. We're talking to the database, so we say await and then finally,
0:37 we're gonna get the user. Not by saying first, but results.scalar_one_or_none, that's how we did it. We check, are they there? So we get the user back.
0:46 If there's no user with that email, well obviously they're not logging in, are they? But if they do come back,
0:51 we want to verify their hashed password against rehashing the password. But if for some reason the password's wrong,
0:57 also return None. And then we return the user. As before we gotta asyncify this and then find where it's used and push that up the stack.
1:04 This one awaits it. And because we're doing the form stuff, those are always async the way that they work. So that method was already good to go.
1:18 Very cool. Let's go and try. to log this in here. Log out, close some other tabs. Let's go try to log in.
1:26 Let's go log in as Sarah here. Perfect, we logged in as Sarah Jones2. Let's log out, and how about Sarah Jones4? Yep, we can log in to Sarah Jones4.
1:37 And let's try one more, log in as other@gmail.com, "abc". Nope, there is no other. And also, let's make sure, even if we have the right email,
1:49 but the password is wrong, still can't log in. Pretty awesome, in fact, because the way async and await works,
1:56 we have the ability to do a little bit better here. In this login part, it is somewhat computational here,
2:05 but you'll find once you get your site on the Internet, after a while,
2:10 if it's popular, people are going to start hammering away on it for various reasons to just cause mayhem. Try to guess passwords,
2:16 all kinds of stuff. The one thing we could actually do here is we could go and say something kind of like time.sleep(5) And so you know what?
2:22 I'm not gonna get back to you for another five seconds to tell you whether or not that guess was right or wrong. However, if you do time.sleep(5),
2:28 this is gonna be bad. It's going to literally lock up the server on this whole thread for everyone.
2:34 Doesn't matter if you're using async and await or not. But if you go to asyncio, import that, there's a sleep right there and this one we can await.
2:47 So this one, it's just gonna stash it off in the queue and then pick it back up to run in five seconds. It won't have much overhead at all.
2:54 Let's go and try this one, that is a little more picky if you get the login wrong. So let's see, are we logged in?
3:01 No, let's first see that it logs in super fast, if you get it right. Bam! Yes, it does. Log out, log in maybe one more time. Even quicker.
3:11 Yeah, perfect. But if for some reason we get it wrong, put in junk for our password, for example 1 one thousand, 2 one thousand, 3
3:20 one thousand 4 on e thousand, 5. Yeah, there you go. No, that wasn't right. So if you want to slow people down,
3:27 if they're doing things like trying to guess at coupon codes, access codes, other pages, accounts, its really easy
3:35 to asynchronously just put them on the chills so they can't guess nearly as quickly which I think is kind of cool, actually.

Talk Python's Mastodon Michael Kennedy's Mastodon