Python for Entrepreneurs Transcripts
Chapter: Sending and receiving email
Lecture: Demo: Setting the password
0:01 OK, we have an active reset code,
0:03 we have all the validation and details to pull it back from the database,
0:06 final thing to do, set the password, use up the reset code.
0:11 Let me open this in a second window here, there we go, so I can have the old one,
0:16 and have it in two places, we can see that it gets used up again,
0:21 OK, let's just do a bit of validation, we'll say "if vm.validate"
0:26 we haven't called this method yet but does that return an error? No, it doesn't.
0:31 So we'll just check for the error here.
0:38 Now, when we do get this correct, we want to redirect,
0:42 we don't want to redirect, we are just going to set the message, sorry.
0:45 So we are going to say vm.message= "Your password has been reset, please login.",
0:52 something to that effect, and then we'll return vm.to_dict.
0:57 OK, beautiful, now, what is left here? Well, actually doing the reset,
1:03 so we'll say AccountService and we want to do a couple of things, right,
1:08 remember this verified that we have a reset code that it is not expired,
1:13 it exists, things like that, so we can go over here and just use that,
1:17 so we have to do these two operations, and the order doesn't matter too much
1:20 but let's use up the reset code first.
1:23 So we'll say use_reset_code(vm.reset), which one do we want to pass?
1:30 It doesn't really matter, let's just pass the code, keep the dependencies a little lower,
1:35 it's just a string rather than actual class, I want to add this method here,
1:41 and so all we are going to do is we want to create a session,
1:47 we want to get the reset code, and we'll say "if not reset: return",
1:54 and then what we are going to do is we are just going to do a couple of things,
1:57 we also need to set the user ip so you can see we have three things to set,
2:02 the used_date, datetime.now, whether it was used,
2:08 I could combine those like I said, and then we want to set this.
2:11 Alright. So we are going to say our ip address is user_ip, was used is True,
2:22 actually I get this exactly right, used_date=datetime..., right,
2:36 so it was used now, and we don't want to forget to say session.commit.
2:41 And this probably should be reset_code.
2:47 OK, so what are we going to do? We are going to come in, we want to create a session,
2:50 we are going to query for the code, yes we got it before
2:52 but that was associated with this previous session, we got disconnected
2:56 when we left very likely, so let's just get it again.
3:01 We'll do a quick test to make sure in case some reason,
3:03 somebody calls this with an invalid code, we are not going to crash by working with None,
3:08 and then we are going to basically use up this code,
3:11 we are going to say that it was used by this ip address, on this date and yes it is used,
3:14 and then we are going to call save, which will push that back,
3:18 OK, that is step one, over here; step two will be set_password,
3:26 we are going to set the password for a particular user, so let's get the account,
3:31 we'll say AccountService.find_account_by_id, we have vm.reset, remember,
3:42 we have a user_id foreign key constraint there.
3:47 And I am not going to check if this account exists
3:49 because there is a foreign key constraint here, so this should always map to something.
3:55 So this should return something, maybe that is a bad assumption, we'll see.
3:59 We'll say let's just pass the account id over here.
4:14 OK, so this should actually be pretty easy, again,
4:18 we are going to get something from the database
4:21 and it's going to look really similar to this.
4:25 OK, so juggle this around a little, we are going to have plain text password,
4:29 we are going to pass it in, and we are going to pass the account id,
4:32 so we are going to get the account, and just again,
4:34 this could be called somewhere else without the same validation,
4:36 so let's just verify that this is not going to crash,
4:40 and then all we have to do is go to the account and set the password hash,
4:44 remember, we don't want to set it to the plain text password,
4:47 we are going to do this.
4:49 But luckily, we already have this method, something about hashing text,
4:53 and we'll give it the plain text password, and then we just call session.commit.
4:58 This is cool, this lets us set the password within code, any time we want to,
5:04 it just happens to be right now we are doing this in the context of
5:08 some kind of password reset workflow,
5:11 maybe there is some other mechanism where we want to manually create an account
5:14 and then set its password or I don't know,
5:17 but this method will let us set passwords for any account whatsoever.
5:21 Alright, let's take this thing for a spin, rerun it, if we come over here,
5:25 and let's just make sure everything is hanging together,
5:29 let me just do a quick test, here, show my password is this and it was test, T-E-S-T.
5:36 OK, great, come back and test that again in a minute, so I want to set it to "cat".
5:42 And, of course, remember I added that user ip well, we didn't pass it along, did we,
5:52 alright, so let's go ahead and pass it along,
5:55 we can click here and get right back to it,
5:56 so this is going to take the ip address,
5:58 and we can actually get that from self.request.remote_addr,
6:02 OK, try again, ready, let's just resubmit the form,
6:07 and we should probably change this color, it's not super obvious here,
6:12 maybe make a color, or make that a little more obvious,
6:15 but "Your password has been rest, please login."
6:18 Hey, I set it to "cat", let's try this again, so I am going to try my old password,
6:27 "test", no that's incorrect, let me try the new one I just set, "cat".
6:31 Alright, so it turns out that my try to login didn't work, why didn't it work,
6:39 well, I had a bit of a mistake right here, check this out,
6:43 AccountService.set_password, that's probably not the password I want to use, is it?
6:50 OK, let's actually set the password this way.
6:55 OK, I am going to set the password "cat", your password's been set,
7:00 let's try the old one first, "test", no, let's try the new one now, "cat".
7:05 Boom, we now have a new password, it is very secure it's called "cat".