Login View6:17 with Kenneth Love
Now that users can sign up, we should let them sign in. Our `login()` view will be pretty straightforward, as will the template.
login_user- Function to log a user in and set the appropriate cookie so they'll be considered authenticated by Flask-Login
Our login view is actually going to be a lot like a registration view. 0:00 We'll show a form, and process it on submission. 0:04 We'll need to check the password though, so that adds a new step. 0:06 Let's get to it. 0:09 All right. So, we need to build a login view. 0:11 As you can probably guess, our login view actually also needs to have a login form. 0:15 The nice thing is our login form isn't gonna be all that crazy, and 0:21 it's going to be pretty much the stuff we used in our registration form. 0:25 So, let's go ahead and make this real quick. 0:28 Class Loginform is a form, and it's going to have two fields. 0:32 So, we're just gonna do email. 0:38 And, we'll do a string field. 0:39 And, we'll say Email. 0:42 And, our validators for 0:43 this will be Datarequired and Email. 0:46 Now, I'd like you to notice I'm not validating here 0:51 that their email address and password is right. 0:55 We'll do that in the view. 0:57 And, then we're gonna have a Ppasswordfield, which will say Password. 0:59 And validators for that will just be that data is required, 1:03 they have to type in a password. 1:08 Okay, that's our form, pretty simple form. 1:11 Our view is going to be similar to our other view 1:14 let's see I'm gonna scroll that down, just so we can see a little more. 1:19 I'll have to go up here, and we need to add two imports. 1:23 So, we have our LoginManager and we need to bring in login_user which is 1:27 a function that will check to or that will actually login our user. 1:31 And, then we need to bring in our bcrypt library. 1:37 So, from flask.ext.bcrypt import check_password_hash. 1:40 All right. 1:48 So, now let's go make our login route. 1:50 I'll put it down here, app.route and we'll say, login. 1:53 And again our methods are GET and POST. 1:59 And we're going to call this login. 2:04 And, the reason we're going to call it login is because you remember, up here, 2:05 when we specified our login_view, we said it would be named login. 2:09 So, if you want to change the name, and 2:13 you don't want to call it login, you want to call it sign in, or, authenticate, 2:14 or something like that, you'll need to change that up there as well. 2:19 So, our form is going to be forms.Loginform. 2:22 And, we're going to say, if form.validate_on_submit just like before. 2:25 So, now we've got to try and look up the user. 2:33 So, let's do a try. 2:36 And, we're going to say user equals models.User.get, 2:37 and models.User.email is equal to form.email.data. 2:44 Okay? So, we're going to try and get this user. 2:51 But, if we get a models.Doesnotexist exception, 2:54 then we want to flash Your email or password doesn't match. 3:00 And, we want this to have a category of error. 3:08 Now, why did I say email or 3:11 password, when we know that it's the email that doesn't exist? 3:13 By doing it with email, we make it fairly easy for an attacker, 3:17 someone who maybe wants to take over someone else's account, to figure out, 3:22 okay, that's the right email, that's not the right email, whatever. 3:26 Like this, they don't know if they got the email wrong, or the password wrong, so 3:29 it makes it a bit more ambiguous. 3:33 Okay, but if that accept doesn't fire, so we did get our user, 3:35 then we want to do if check_password_hash. 3:40 And, we want the password of the user, cuz that's our hash, remember. 3:45 And, the form.password.data, which is the data they submitted. 3:50 So, if that comes back as true, then we're going to run login_user with the user. 3:54 So, that user is now gonna be logged in. 4:02 And, we're going to flash, You've been logged in. 4:03 And, we'll give this a category of success. 4:10 And, then we want to return a redirect to index. 4:13 Go back to the home page. 4:19 If that doesn't happen though, if our password check is incorrect, 4:21 then I actually want to do this all over again. 4:26 So right there, same message. 4:31 All right, and then if all of that stuff fails, 4:32 then we're going to render our template, 4:39 and we'll render login.html, and form is equal to form, okay. 4:44 So, it's not valid, whatever. 4:51 So, let's go build our register, or, sorry, our login form. 4:54 So, new file, login.html, all right, template, sorry. 5:00 So, this one is going to be almost identical to register. 5:05 So, let's actually just copy that, and past it in here. 5:09 The one thing we want to change is where it says Register, 5:14 we want that to say Login. 5:17 And, we probably want to put some links on here, 5:19 maybe to let people jump from Login to Register, and back and forth. 5:21 But, for right now, let's not worry about that too much. 5:25 So, if we come over here and we go to Login, there's our stuff. 5:28 It's gotta be filled in. 5:33 So, let's use an email address that we know is not in the account, or 5:35 not an account. 5:40 Login, you get this field is required. 5:41 Let's do, password doesn't even matter. 5:44 And, we get back to here. 5:47 Now, we don't see the flash messages, 5:48 cuz we haven't added those to our template yet. 5:49 But, you see it's not actually letting me login. 5:52 But, if I put in one that I know does exist. 5:55 [BLANK_AUDIO] 5:57 Then, now I went to the front page, and it asked me if, I want Google to save it. 6:00 I don't, but it's great to know that that does work. 6:05 Now, that user's can log in, we should let them log out. 6:09 Let's wrap up this stage with a simple view, just for that. 6:13
You need to sign up for Treehouse in order to download course files.Sign up