The Level 3 requirements concentrate on being able to log in and out of the
application and see a page customised for the user. To meet this level you must implement another
set of procedures in the moduleuser.py, and one more procedure ininterface.py
and then extend your
web application to allow user login.
Unit Tests
This level adds four procedures in a newusers
that deal with authenticating users
and managing user sessions, and another procedure
in theinterfacemodule to access images for a given user.
They act as an interface to theusersandsessionstables in
the database. These procedures are
implemented in the moduleusers.py; a version of
this file with just the procedure stubs is provided for you.
check_login
There is a procedurecheck_loginin theusersmodule
that takes three arguments, a database connection, a user nick and a password, and returns
True if the password is correct for this user and False otherwise.
Note that the password is stored in the database in encrypted form.
You can use the methoddb.crypt(text)to encrypt
a password (wheredbis a database connection).
generate_session
There is a proceduregenerate_sessionin theusersmodule
that takes two arguments,
a database connection and a user nick. If the nick doesn't correspond to
an existing user, then it returns None. If this user doesn't already
have an active session (an entry in the sessions table) then a new
entry is created. If there is an existing entry, then the existing
session id is retrieved. The procedure then creates a cookie in the
Bottleresponsewith the namesessionidand a value of the session id for this user.
The procedure returns thesessionid.
delete_session
There is a proceduredelete_sessionsin theusersmodule
that takes two
arguments, a database connection and a user nick. The procedure
removes all entries for this user in the sessions table. It does
not return a value.
session_user
There is a proceduresession_userin theusersmodule
that takes
one arguments, a database connection, and
returns the name of the logged in user if one can be identified or
None if not. This is done by finding the session id from the cookie
in the Bottlerequestif present, and using it to look up
the user in the sessions table.
Functional requirements
As for level two plus:
Login Form
As a visitor to the site, when I load the home page, I see a form with entry
boxes for nick and password and a button labelled Login.
The login form will have the id 'loginform' and
will use fields named 'nick' and 'password'.
Theactionof the login form will be/login.
Logging In
As a registered user, when I enter my user nickname (eg. Bobalooba)
and password (bob) into the
login form and click on the Login button, the response is a
redirect to the main application page (/). When my browser loads
that page I see the normal home page with the login form replaced by the message "Logged in as Bobalooba" and a button labelled Logout.
The response generated by the successful login action
is a redirect (302 Found) response that redirects the user
to the home page.
The redirect response also includes a cookie with the
namesessionidthat contains some kind of random string.
The logout button will be in a form with idlogoutform
and have aninputsubmit field with
the namelogout.
Failed Login
As a registered user, when I enter my email address but get my password
wrong and click on the Login button, the page I get in response contains
a message "Login Failed, please try again". The page also includes another
login form.
Posting a Job
As a registered user, I can fill out a form on the main
page to create a new job listing (position), when I submit the form I am redirected
to the main page and my new position appears in the list.
The form to post a new position will have the idpostform
The action attribute for the form will be the URL/post
Logout Button
As a registered user, once I have logged in, every page that I request
contains my name and the logout button.
Logging Out
As a registered user, once I have logged in, if I click on the Logout
button in a page, the page that I get in response is the site home
page which now doesn't have my name and again shows the login form.
The response to a logout request is again a redirect
(302 Found) response that redirects the user to the home
page.
When I now request the home page, I see the login form again because
the session has been deleted.
Your Task
To achieve these requirements you will need to implement the new procedures
ininterface.pyandusers.pyand then make
use of these to extend your application to support user login and posting messages.
This may seem like a huge task but the number of features and tests listed
above are there to make your job as clear as possible. Take each
task a step at a time and read the requirements clearly.
The following chapters in the notes may be useful:
Session Management
covers using cookies and a sessions table to create user sessions.
Forms Processing describes
handling form input in a Bottle script.
Python and SQLite describes the
way to send queries to SQLite and get results back.
Web Applications with SQLite looks at using
SQLite databases as part of an appliication.
Testing Python
Programs covers running unit tests.