Python for Entrepreneurs Transcripts
Chapter: Sending and receiving email
Lecture: Demo: Setting the password
0:01 OK, we have an active reset code, we have all the validation and details to pull it back from the database,
0:07 final thing to do, set the password, use up the reset code. Let me open this in a second window here, there we go, so I can have the old one,
0:17 and have it in two places, we can see that it gets used up again, OK, let's just do a bit of validation, we'll say "if vm.validate"
0:27 we haven't called this method yet but does that return an error? No, it doesn't. So we'll just check for the error here.
0:39 Now, when we do get this correct, we want to redirect, we don't want to redirect, we are just going to set the message, sorry.
0:46 So we are going to say vm.message= "Your password has been reset, please login.", something to that effect, and then we'll return vm.to_dict.
0:58 OK, beautiful, now, what is left here? Well, actually doing the reset, so we'll say AccountService and we want to do a couple of things, right,
1:09 remember this verified that we have a reset code that it is not expired, it exists, things like that, so we can go over here and just use that,
1:18 so we have to do these two operations, and the order doesn't matter too much but let's use up the reset code first.
1:24 So we'll say use_reset_code(vm.reset), which one do we want to pass?
1:31 It doesn't really matter, let's just pass the code, keep the dependencies a little lower,
1:36 it's just a string rather than actual class, I want to add this method here, and so all we are going to do is we want to create a session,
1:48 we want to get the reset code, and we'll say "if not reset: return", and then what we are going to do is we are just going to do a couple of things,
1:58 we also need to set the user ip so you can see we have three things to set, the used_date, datetime.now, whether it was used,
2:09 I could combine those like I said, and then we want to set this. Alright. So we are going to say our ip address is user_ip, was used is True,
2:23 actually I get this exactly right, used_date=datetime..., right, so it was used now, and we don't want to forget to say session.commit.
2:42 And this probably should be reset_code. OK, so what are we going to do? We are going to come in, we want to create a session,
2:51 we are going to query for the code, yes we got it before but that was associated with this previous session, we got disconnected
2:57 when we left very likely, so let's just get it again. We'll do a quick test to make sure in case some reason,
3:04 somebody calls this with an invalid code, we are not going to crash by working with None, and then we are going to basically use up this code,
3:12 we are going to say that it was used by this ip address, on this date and yes it is used,
3:15 and then we are going to call save, which will push that back, OK, that is step one, over here; step two will be set_password,
3:27 we are going to set the password for a particular user, so let's get the account,
3:32 we'll say AccountService.find_account_by_id, we have vm.reset, remember, we have a user_id foreign key constraint there.
3:48 And I am not going to check if this account exists because there is a foreign key constraint here, so this should always map to something.
3:56 So this should return something, maybe that is a bad assumption, we'll see. We'll say let's just pass the account id over here.
4:15 OK, so this should actually be pretty easy, again, we are going to get something from the database and it's going to look really similar to this.
4:26 OK, so juggle this around a little, we are going to have plain text password, we are going to pass it in, and we are going to pass the account id,
4:33 so we are going to get the account, and just again, this could be called somewhere else without the same validation,
4:37 so let's just verify that this is not going to crash, and then all we have to do is go to the account and set the password hash,
4:45 remember, we don't want to set it to the plain text password, we are going to do this.
4:50 But luckily, we already have this method, something about hashing text,
4:54 and we'll give it the plain text password, and then we just call session.commit.
4:59 This is cool, this lets us set the password within code, any time we want to, it just happens to be right now we are doing this in the context of
5:09 some kind of password reset workflow, maybe there is some other mechanism where we want to manually create an account
5:15 and then set its password or I don't know, but this method will let us set passwords for any account whatsoever.
5:22 Alright, let's take this thing for a spin, rerun it, if we come over here, and let's just make sure everything is hanging together,
5:30 let me just do a quick test, here, show my password is this and it was test, T-E-S-T.
5:37 OK, great, come back and test that again in a minute, so I want to set it to "cat".
5:43 And, of course, remember I added that user ip well, we didn't pass it along, did we, alright, so let's go ahead and pass it along,
5:56 we can click here and get right back to it, so this is going to take the ip address, and we can actually get that from self.request.remote_addr,
6:03 OK, try again, ready, let's just resubmit the form, and we should probably change this color, it's not super obvious here,
6:13 maybe make a color, or make that a little more obvious, but "Your password has been rest, please login."
6:19 Hey, I set it to "cat", let's try this again, so I am going to try my old password,
6:28 "test", no that's incorrect, let me try the new one I just set, "cat". Alright, so it turns out that my try to login didn't work, why didn't it work,
6:40 well, I had a bit of a mistake right here, check this out, AccountService.set_password, that's probably not the password I want to use, is it?
6:51 OK, let's actually set the password this way. OK, I am going to set the password "cat", your password's been set,
7:01 let's try the old one first, "test", no, let's try the new one now, "cat". Boom, we now have a new password, it is very secure it's called "cat".