Bummer! This is just a preview. You need to be signed in with a Basic account to view the entire video.
Start a free Basic trial
to watch this video
Now that users can sign up, we should let them sign in. Our `login()` view will be pretty straightforward, as will the template.
New terms
-
login_user
- Function to log a user in and set the appropriate cookie so they'll be considered authenticated by Flask-Login
-
0:00
Our login view is actually going to be a lot like a registration view.
-
0:04
We'll show a form, and process it on submission.
-
0:06
We'll need to check the password though, so that adds a new step.
-
0:09
Let's get to it.
-
0:11
All right. So, we need to build a login view.
-
0:15
As you can probably guess, our login view actually also needs to have a login form.
-
0:21
The nice thing is our login form isn't gonna be all that crazy, and
-
0:25
it's going to be pretty much the stuff we used in our registration form.
-
0:28
So, let's go ahead and make this real quick.
-
0:32
Class Loginform is a form, and it's going to have two fields.
-
0:38
So, we're just gonna do email.
-
0:39
And, we'll do a string field.
-
0:42
And, we'll say Email.
-
0:43
And, our validators for
-
0:46
this will be Datarequired and Email.
-
0:51
Now, I'd like you to notice I'm not validating here
-
0:55
that their email address and password is right.
-
0:57
We'll do that in the view.
-
0:59
And, then we're gonna have a Ppasswordfield, which will say Password.
-
1:03
And validators for that will just be that data is required,
-
1:08
they have to type in a password.
-
1:11
Okay, that's our form, pretty simple form.
-
1:14
Our view is going to be similar to our other view
-
1:19
let's see I'm gonna scroll that down, just so we can see a little more.
-
1:23
I'll have to go up here, and we need to add two imports.
-
1:27
So, we have our LoginManager and we need to bring in login_user which is
-
1:31
a function that will check to or that will actually login our user.
-
1:37
And, then we need to bring in our bcrypt library.
-
1:40
So, from flask.ext.bcrypt import check_password_hash.
-
1:48
All right.
-
1:50
So, now let's go make our login route.
-
1:53
I'll put it down here, app.route and we'll say, login.
-
1:59
And again our methods are GET and POST.
-
2:04
And we're going to call this login.
-
2:05
And, the reason we're going to call it login is because you remember, up here,
-
2:09
when we specified our login_view, we said it would be named login.
-
2:13
So, if you want to change the name, and
-
2:14
you don't want to call it login, you want to call it sign in, or, authenticate,
-
2:19
or something like that, you'll need to change that up there as well.
-
2:22
So, our form is going to be forms.Loginform.
-
2:25
And, we're going to say, if form.validate_on_submit just like before.
-
2:33
So, now we've got to try and look up the user.
-
2:36
So, let's do a try.
-
2:37
And, we're going to say user equals models.User.get,
-
2:44
and models.User.email is equal to form.email.data.
-
2:51
Okay? So, we're going to try and get this user.
-
2:54
But, if we get a models.Doesnotexist exception,
-
3:00
then we want to flash Your email or password doesn't match.
-
3:08
And, we want this to have a category of error.
-
3:11
Now, why did I say email or
-
3:13
password, when we know that it's the email that doesn't exist?
-
3:17
By doing it with email, we make it fairly easy for an attacker,
-
3:22
someone who maybe wants to take over someone else's account, to figure out,
-
3:26
okay, that's the right email, that's not the right email, whatever.
-
3:29
Like this, they don't know if they got the email wrong, or the password wrong, so
-
3:33
it makes it a bit more ambiguous.
-
3:35
Okay, but if that accept doesn't fire, so we did get our user,
-
3:40
then we want to do if check_password_hash.
-
3:45
And, we want the password of the user, cuz that's our hash, remember.
-
3:50
And, the form.password.data, which is the data they submitted.
-
3:54
So, if that comes back as true, then we're going to run login_user with the user.
-
4:02
So, that user is now gonna be logged in.
-
4:03
And, we're going to flash, You've been logged in.
-
4:10
And, we'll give this a category of success.
-
4:13
And, then we want to return a redirect to index.
-
4:19
Go back to the home page.
-
4:21
If that doesn't happen though, if our password check is incorrect,
-
4:26
then I actually want to do this all over again.
-
4:31
So right there, same message.
-
4:32
All right, and then if all of that stuff fails,
-
4:39
then we're going to render our template,
-
4:44
and we'll render login.html, and form is equal to form, okay.
-
4:51
So, it's not valid, whatever.
-
4:54
So, let's go build our register, or, sorry, our login form.
-
5:00
So, new file, login.html, all right, template, sorry.
-
5:05
So, this one is going to be almost identical to register.
-
5:09
So, let's actually just copy that, and past it in here.
-
5:14
The one thing we want to change is where it says Register,
-
5:17
we want that to say Login.
-
5:19
And, we probably want to put some links on here,
-
5:21
maybe to let people jump from Login to Register, and back and forth.
-
5:25
But, for right now, let's not worry about that too much.
-
5:28
So, if we come over here and we go to Login, there's our stuff.
-
5:33
It's gotta be filled in.
-
5:35
So, let's use an email address that we know is not in the account, or
-
5:40
not an account.
-
5:41
Login, you get this field is required.
-
5:44
Let's do, password doesn't even matter.
-
5:47
And, we get back to here.
-
5:48
Now, we don't see the flash messages,
-
5:49
cuz we haven't added those to our template yet.
-
5:52
But, you see it's not actually letting me login.
-
5:55
But, if I put in one that I know does exist.
-
5:57
[BLANK_AUDIO]
-
6:00
Then, now I went to the front page, and it asked me if, I want Google to save it.
-
6:05
I don't, but it's great to know that that does work.
-
6:09
Now, that user's can log in, we should let them log out.
-
6:13
Let's wrap up this stage with a simple view, just for that.
You need to sign up for Treehouse in order to download course files.
Sign up