Python for Entrepreneurs Transcripts
Chapter: User accounts and identity
Lecture: Demo: Account object creation
0:02 So we have our account table, now let's go insert some data into it. Let me run the app and remind you guys how this is supposed to happen,
0:09 so we come over here, clear that up a bit, we can register and we can put in our information right here.
0:16 But this did nothing before because we had no account class, and no data access, let's review.
0:22 So here is our account controller, and we have "signin" and we have "register".
0:26 Remember this follows the GET / POST / Redirect pattern and this is already fine, we just went to that page and it looked great.
0:35 What we want to do is we want to register here and let's just check the validation really quick,
0:40 it looks like the password and confirm password have to match we have to have a password and we have to have some kind of email,
0:46 you might want to check that this is like matching the regular expression or it's some kind of proper email, at least it has an @ and a dot in it.
0:52 Something like this. OK, so now what we are going to do is we want to create the user here,
0:56 now we don't want to just allocate a new instance of an account, set some properties and store it, this account creation and whatnot,
1:03 it's a little complex we are going to hash the passwords and we're going to do a few other things as well,
1:10 like the other major parts of our data access, we're going to have a service
1:13 whose job is to manage all that stuff and here we're just going to call create account
1:17 on the service thing, so I am going to call this account_service, it's going to handle things like generating password resets, changing passwords, etc.
1:26 OK, we'll create a class, AccountService, and it's going to be mostly static stuff, let's add a method here, called create_account.
1:38 Now, it's going to take the email, it's going to take the password, I think everything else is auto-generated, the user only enters their email,
1:46 their password and the confirm password which if they match, great, we'll just send one, if they don't then we won't ever let them get here.
1:53 But I want to be very clear here that this is the plain text password, this is not what we want to put into the database,
2:00 OK, so up here we're going to have to import the account and let's do it like this,
2:09 let's say "from that import account", I just want to work with that character right there and we are also going to need the session,
2:17 so we're going to need to start out like everything we do by creating a db session,
2:23 so we'll say "session = that", and later we want a session.commit(). And somewhere in between what we want to do is
2:31 we want to say "account = Account", like that, and we could set, remember, we could use keyword value arguments here
2:39 or we could just say "account.email = the email they passed in", and account.password hash = I'm just going to write something bad for a minute,
2:51 hash plus plain text password, right. The next thing we are going to do is talk about how to generate this,
2:56 this is just temporarily, please don't do this, just to show you how this whole process is going to work.
3:02 So, there is one final step and that's going to be session.add(account). Like that. Then we commit it, and then we're all done.
3:12 So we are going to actually come and create the user, and this is not imported, is it?
3:21 It's cool, we've got auto-completion for anyway but we're going to need to import it for this to work.
3:25 Now the other thing to be careful here is this is actually not "return", so just to use this thing here, we're going to print out the email address,
3:34 now, this should be complaining a little bit more, because we're not actually returning the account, there we go, so we're returning it,
3:41 we'll be able to print this out here, so we have this step right here, let me put this "send welcome email" down here
3:49 because we're not going to get to send welcome email until,
3:51 well we have email working there are we, but this part, this little step here, don't forget this.
3:55 There is a couple of places or ways which we could validate this, so we're going to have to do something like this.
4:04 So here we want to do something like find the account by email, right, this doesn't exist yet, we're going to write it in just a second, and,
4:11 if the account is not None, we want to do something like this, vm.error "An account with this email already exists",
4:19 and we'll just stay on the same form, so we'll say like so, remember how awesome our view models are? Well,
4:26 here they are being awesome again, so we are going to want to, this doesn't exist, we've got to write that,
4:29 we want to make sure that this is not already an account existing here for this email, right,
4:35 if they forgot they created account they might try to create it again
4:38 or if they have problems logging in, and they go maybe I never did create an account,
4:41 let me try and register, like "nope, you are going to need to reset your password", something to that effect but here we've created it
4:47 and we probably want to log something interesting but for now I am just going to print it out. OK, so let's finish this little part right here, right,
4:55 this is why we create this account service, there is going to be a bunch of these little helper methods, all to do with accounts,
5:02 and we can just stash them here, use them throughout our app and forget about it and not make really complicated action methods.
5:09 Alright, so again, we are going to need the session but this time instead of doing an insert we're going to do a query.
5:14 So we'll say account = session.query(Account), we want to do a filter OK, so we are going to get just the first one, now we could do one
5:31 but I think one will throw an exception of None is found and ideally, one won't be found in our particular use case here.
5:38 So first is better. Now we are not just going to use this for the register method,
5:41 we're going to use this for login, we're going to use this for all sorts of things
5:44 but we need it for register right now, so we're going to go ahead and write this, there is one thing you might want to be careful of,
5:51 what if there is a space in their email, right? When they entered it in the form, there was a little space,
5:56 or maybe it's upper case and you want a lower case, something like that, so we've got to be really careful here maybe we'll do a test,
6:03 we could do this in our view model, but the emails could come from all over the place
6:07 not just that one view model, so let's make sure this particular method is durable under bad inputs, so we'll say something like this, "if not email",
6:16 so if there is nothing here, we're just going to return None, so there is going to be no account, it's empty,
6:21 remember that's not nullable, and then we can just say this. Get the little case version, strip off all the white space,
6:31 and then we'll go through our little database trick here. Great, I think we are ready to roll, let's give this a test, in fact, let's debug it,
6:38 we'll step through our little account register step. Alright, are you guys ready to register?
6:44 I am here we go, OK, my email address is going to be let's say this one, it doesn't really matter, it's going to be test
6:52 and this will be test two, we'll just make sure our matching email works, so we come down here nope, it didn't validate, alright, let it go,
7:02 the password and confirmation don't match, OK let's just make this test one more time, I am going to step over, this time it should validate, alright,
7:09 so we're going to run this find_account_by_email, notice it came back None, right here, that's good, we don't have an existing account,
7:17 we just created the account, inserted into the database, we get back, now we have this account, let's open it up and have a look,
7:25 here we have our id look, the id is this big giant thing created as well,
7:28 here is what day and time it is right now, here is the email address I use, and so on. Great, so I am just going to let it go,
7:35 and we should have redirected to your account. Yes, it works. Now of course, we did not hash the password,
7:41 we are going to talk about that next, let's just look really quick. Here we got our id, and this and our HASH:test password,
7:50 not the best password there is but that is OK. Very cool. Let's try to log in again with this, and just test our code
7:57 make sure we are getting that one object back, so let's go, now, notice this still says sign in and register,
8:04 we haven't managed the whether or not the user is logged in within our web app, within the database, it's all done so let's put the same email address
8:11 and test, and test, register, and it's going to come down here and hopefully our little test about creating an account that exists,
8:19 oh look, here is an account that already exists by that same email address,
8:23 so guess what, there is a problem, this account already exists, let's go tell the user. Well, you can't register, that account already exists.