Level 3

The Level 3 requirements concentrate on being able to log in and out of the
application and see a page customised for the user. To meet this level you must implement another
set of procedures in the moduleuser.py, and one more procedure ininterface.py
and then extend your
web application to allow user login.

Unit Tests

This level adds four procedures in a newusers
that deal with authenticating users
and managing user sessions, and another procedure
in theinterfacemodule to access images for a given user.
They act as an interface to theusersandsessionstables in
the database.   These procedures are
implemented in the moduleusers.py; a version of
this file with just the procedure stubs is provided for you.

1. check_login

   There is a procedurecheck_loginin theusersmodule
   that takes three arguments, a database connection, a user nick and a password, and returns
   True if the password is correct for this user and False otherwise.
   Note that the password is stored in the database in encrypted form.
   You can use the methoddb.crypt(text)to encrypt
   a password (wheredbis a database connection).

2. generate_session

   There is a proceduregenerate_sessionin theusersmodule
   that takes two arguments,
   a database connection and a user nick. If the nick doesn't correspond to
   an existing user, then it returns None.  If this user doesn't already
   have an active session (an entry in the sessions table) then a new
   entry is created.   If there is an existing entry, then the existing
   session id is retrieved. The procedure then creates a cookie in the
   Bottleresponsewith the namesessionidand a value of the session id for this user.
   The procedure returns thesessionid.

3. delete_session

   There is a proceduredelete_sessionsin theusersmodule
   that takes two
   arguments, a database connection and a user nick.  The procedure
   removes all entries for this user in the sessions table. It does
   not return a value.

4. session_user

   There is a proceduresession_userin theusersmodule
   that takes
   one arguments, a database connection, and
   returns the name of the logged in user if one can be identified or
   None if not.   This is done by finding the session id from the cookie
   in the Bottlerequestif present, and using it to look up
   the user in the sessions table.

Functional requirements

As for level two plus:

1. Login Form

   As a visitor to the site, when I load the home page, I see a form with entry
   boxes for nick and password and a button labelled Login.

• The login form will have the id 'loginform' and
  will use fields named 'nick' and 'password'.

• Theactionof the login form will be/login.

Logging In

As a registered user, when I enter my user nickname (eg. Bobalooba)
and password (bob) into the
login form and click on the Login button, the response is a
redirect to the main application page (/). When my browser loads
that page I see the normal home page with the login form replaced by the message "Logged in as Bobalooba" and a button labelled Logout.

• The response generated by the successful login action
  is a redirect (302 Found) response that redirects the user
  to the home page.

• The redirect response also includes a cookie with the
  namesessionidthat contains some kind of random string.

• The logout button will be in a form with idlogoutform
  and have aninputsubmit field with
  the namelogout.

Failed Login

As a registered user, when I enter my email address but get my password
wrong and click on the Login button, the page I get in response contains
a message "Login Failed, please try again".  The page also includes another
login form.

Posting a Job

As a registered user, I can fill out a form on the main
page to create a new job listing (position), when I submit the form I am redirected
to the main page and my new position appears in the list.

• The form to post a new position will have the idpostform

• The action attribute for the form will be the URL/post

Logout Button

As a registered user, once I have logged in, every page that I request
contains my name and the logout button.

Logging Out

As a registered user, once I have logged in, if I click on the Logout
button in a page, the page that I get in response is the site home
page which now doesn't have my name and again shows the login form.

• The response to a logout request is again a redirect
  (302 Found) response that redirects the user to the home
  page.

• When I now request the home page, I see the login form again because
  the session has been deleted.

Your Task

To achieve these requirements you will need to implement the new procedures
ininterface.pyandusers.pyand then make
use of these to extend your application to support user login and posting messages.

This may seem like a huge task but the number of features and tests listed
above are there to make your job as clear as possible.   Take each
task a step at a time and read the requirements clearly.

The following chapters in the notes may be useful:

• Session Management
  covers using cookies and a sessions table to create user sessions.

• Forms Processing describes
  handling form input in a Bottle script.

• Python and SQLite describes the
  way to send queries to SQLite and get results back.

• Web Applications with SQLite looks at using
  SQLite databases as part of an appliication.

• Testing Python
  Programs covers running unit tests.