Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

A Social Network with Flask

Preview

Start a free Courses trial
to watch this video

Sign up for Treehouse

Login View

6:17 with Kenneth Love

Now that users can sign up, we should let them sign in. Our `login()` view will be pretty straightforward, as will the template.

flask.ext.login is now flask_login

New terms

  • login_user - Function to log a user in and set the appropriate cookie so they'll be considered authenticated by Flask-Login

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    Our login view is actually going to be a lot like a registration view. 0:00
    We'll show a form, and process it on submission. 0:04
    We'll need to check the password though, so that adds a new step. 0:06
    Let's get to it. 0:09
    All right. So, we need to build a login view. 0:11
    As you can probably guess, our login view actually also needs to have a login form. 0:15
    The nice thing is our login form isn't gonna be all that crazy, and 0:21
    it's going to be pretty much the stuff we used in our registration form. 0:25
    So, let's go ahead and make this real quick. 0:28
    Class LoginForm is a form, and it's going to have two fields. 0:32
    So, we're just gonna do email. 0:38
    And, we'll do a string field. 0:39
    And, we'll say Email. 0:42
    And, our validators for 0:43
    this will be DataRequired and Email. 0:46
    Now, I'd like you to notice I'm not validating here 0:51
    that their email address and password is right. 0:55
    We'll do that in the view. 0:57
    And, then we're gonna have a PasswordField, which will say Password. 0:59
    And validators for that will just be that data is required, 1:03
    they have to type in a password. 1:08
    Okay, that's our form, pretty simple form. 1:11
    Our view is going to be similar to our other view 1:14
    let's see I'm gonna scroll that down, just so we can see a little more. 1:19
    I'll have to go up here, and we need to add two imports. 1:23
    So, we have our LoginManager and we need to bring in login_user which is 1:27
    a function that will check to or that will actually login our user. 1:31
    And, then we need to bring in our bcrypt library. 1:37
    So, from flask.ext.bcrypt import check_password_hash. 1:40
    All right. 1:48
    So, now let's go make our login route. 1:50
    I'll put it down here, app.route and we'll say, login. 1:53
    And again our methods are GET and POST. 1:59
    And we're going to call this login. 2:04
    And, the reason we're going to call it login is because you remember, up here, 2:05
    when we specified our login_view, we said it would be named login. 2:09
    So, if you want to change the name, and 2:13
    you don't want to call it login, you want to call it sign in, or, authenticate, 2:14
    or something like that, you'll need to change that up there as well. 2:19
    So, our form is going to be forms.LoginForm(). 2:22
    And, we're going to say, if form.validate_on_submit just like before. 2:25
    So, now we've got to try and look up the user. 2:33
    So, let's do a try. 2:36
    And, we're going to say user equals models.User.get, 2:37
    and models.User.email is equal to form.email.data. 2:44
    Okay? So, we're going to try and get this user. 2:51
    But, if we get a models.DoesNotExist exception, 2:54
    then we want to flash Your email or password doesn't match. 3:00
    And, we want this to have a category of error. 3:08
    Now, why did I say email or 3:11
    password, when we know that it's the email that doesn't exist? 3:13
    By doing it with email, we make it fairly easy for an attacker, 3:17
    someone who maybe wants to take over someone else's account, to figure out, 3:22
    okay, that's the right email, that's not the right email, whatever. 3:26
    Like this, they don't know if they got the email wrong, or the password wrong, so 3:29
    it makes it a bit more ambiguous. 3:33
    Okay, but if that accept doesn't fire, so we did get our user, 3:35
    then we want to do if check_password_hash. 3:40
    And, we want the password of the user, cuz that's our hash, remember. 3:45
    And, the form.password.data, which is the data they submitted. 3:50
    So, if that comes back as true, then we're going to run login_user with the user. 3:54
    So, that user is now gonna be logged in. 4:02
    And, we're going to flash, You've been logged in. 4:03
    And, we'll give this a category of success. 4:10
    And, then we want to return a redirect to index. 4:13
    Go back to the home page. 4:19
    If that doesn't happen though, if our password check is incorrect, 4:21
    then I actually want to do this all over again. 4:26
    So right there, same message. 4:31
    All right, and then if all of that stuff fails, 4:32
    then we're going to render our template, 4:39
    and we'll render login.html, and form is equal to form, okay. 4:44
    So, it's not valid, whatever. 4:51
    So, let's go build our register, or, sorry, our login form. 4:54
    So, new file, login.html, all right, template, sorry. 5:00
    So, this one is going to be almost identical to register. 5:05
    So, let's actually just copy that, and paste it in here. 5:09
    The one thing we want to change is where it says Register, 5:14
    we want that to say Login. 5:17
    And, we probably want to put some links on here, 5:19
    maybe to let people jump from Login to Register, and back and forth. 5:21
    But, for right now, let's not worry about that too much. 5:25
    So, if we come over here and we go to Login, there's our stuff. 5:28
    It's gotta be filled in. 5:33
    So, let's use an email address that we know is not in the account, or 5:35
    not an account. 5:40
    Login, you get this field is required. 5:41
    Let's do, password doesn't even matter. 5:44
    And, we get back to here. 5:47
    Now, we don't see the flash messages, 5:48
    cuz we haven't added those to our template yet. 5:49
    But, you see it's not actually letting me login. 5:52
    But, if I put in one that I know does exist. 5:55
    [BLANK_AUDIO] 5:57
    Then, now I went to the front page, and it asked me if, I want Google to save it. 6:00
    I don't, but it's great to know that that does work. 6:05
    Now, that users can log in, we should let them log out. 6:09
    Let's wrap up this stage with a simple view, just for that. 6:13

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up