19:["$","div",null,{"className":"bg-theme dark:bg-gray-1400 h-dvh w-dvw flex flex-col","children":[["$","a",null,{"href":"#main-content","className":"absolute left-4 top-0 focus-visible:top-4 bg-blue-700 text-white rounded-4 text-xs p-4 z-50 transform -translate-y-full focus-visible:translate-y-0 otransition","children":"Skip to main content"}],"$L36","$L37",["$","div",null,{"role":"main","id":"main-content","className":"relative overflow-y-auto items-center flex flex-col","tabIndex":-1,"children":[["$","div",null,{"className":"max-w-[62.5rem] w-full pt-24 lg:pt-48 px-20 md:px-24","children":["$","$L38",null,{"rootHref":"/learn/course-paths?courseSlug=securing-flask-todo-app-with-session-authentication&unitSlug=authenticating-users-with-login-functionality","pathBreadcrumb":{"key":"106","title":"Implementing MVC ToDo App with Flask","href":"/learn/paths/implementing-mvc-todo-app-with-flask"},"courseBreadcrumb":{"key":"511","title":"Securing Flask ToDo App with Session Authentication","href":"/learn/courses/securing-flask-todo-app-with-session-authentication","options":[{"key":"505","href":"/learn/courses/getting-started-with-flask-and-web-development","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/WZnD8NRWoWxStkPx3_cover1.jpg","numLessons":5,"numPractices":17,"active":false,"label":"Getting Started with Flask and Web Development","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"506","href":"/learn/courses/building-a-todo-app-with-flask","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/3702b08e-1978-4c10-b192-72cb25c8694e_optimized.jpg","numLessons":4,"numPractices":19,"active":false,"label":"Building a ToDo App with Flask","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"508","href":"/learn/courses/integrating-a-sql-database-to-flask","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/937faf37-fad6-4db2-9981-c8189cfc07b1_optimized.jpg","numLessons":4,"numPractices":17,"active":false,"label":"Integrating a SQL Database to Flask","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"510","href":"/learn/courses/enhancing-flask-with-additional-features","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/03df749a-d0bb-45b3-8529-74672e270b23_optimized.jpg","numLessons":4,"numPractices":16,"active":false,"label":"Enhancing Flask with Additional Features","completedAt":"$undefined","completionRatio":"$undefined"},{"key":"511","href":"/learn/courses/securing-flask-todo-app-with-session-authentication","imageUrl":"https://d3dq4v2xxejk8c.cloudfront.net/uploads/7eeb597a-d34c-4e98-9b09-de6dc6f78f11_optimized.jpg","numLessons":4,"numPractices":18,"active":true,"label":"Securing Flask ToDo App with Session Authentication","completedAt":"$undefined","completionRatio":"$undefined"}]},"lessonBreadcrumb":{"key":"3736","title":"Authenticating Users with Login Functionality","options":[{"key":"3734","href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/protecting-routes-with-authentication-middleware","active":false,"label":"Protecting Routes with Authentication Middleware","completedAt":"$undefined"},{"key":"3735","href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/implementing-secure-user-registration-in-flask","active":false,"label":"Implementing Secure User Registration in Flask","completedAt":"$undefined"},{"key":"3736","href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/authenticating-users-with-login-functionality","active":true,"label":"Authenticating Users with Login Functionality","completedAt":"$undefined"},{"key":"3737","href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/adding-user-logout-to-flask-app","active":false,"label":"Adding User Logout to Flask App","completedAt":"$undefined"}]}}]}],["$","div",null,{"className":"max-w-[62.5rem] w-full pt-24 pb-60 px-20 md:px-24 space-y-32 md:space-y-48","children":[["$","div",null,{"className":"mx-auto h-[12rem] w-[21.25rem] md:h-[25.5rem] md:w-[45rem] lg:h-[33.5rem] lg:w-[59.5rem] shrink-0","children":["$","$L39",null,{"src":"https://k3-production-bucket.s3.amazonaws.com/uploads/baad673d-e47c-4473-b13e-dd80126c6016_combined_video.mp4","thumbnailUrl":"https://k3-production-bucket.s3.amazonaws.com/uploads/a26e2224-2ac3-4f08-92c9-bf6bf542ed8e_slide-1.png","mimeType":"video/mp4","speed":1,"forcePause":false}]}],[["$","div","17635",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Authenticating Users with Login Functionality"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Welcome to the lesson on implementing user login functionality in your ",["$","strong","strong-0",{"children":"Flask ToDo App"}],". In previous lessons, we've set up the authentication middleware and added secure user registration. Building on these foundations, we'll now focus on allowing registered users to log in. This step is vital as it ensures a secure and personalized experience for users interacting with the app. You will learn how to authenticate users using their credentials and maintain their session for secure access to the app's features."]}]]}]]}],["$","div","17636",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Checking Hashed Password"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["You may recall from our user registration lesson that we set up a User model to store user data securely. Now, let's create the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"check_password"}]," method, which will be crucial for verifying user credentials during login. This method will compare the hash of a provided password with the stored password hash in the database to ensure validity."]}],"\n",["$","p","p-1",{"children":["Here's how you can implement it in ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"app/models/user.py"}],":"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"python","onClickPlay":"$undefined","display":"block","children":"from werkzeug.security import check_password_hash\n\nclass User(db.Model):\n __tablename__ = 'users'\n\n id = db.Column(db.Integer, primary_key=True)\n username = db.Column(db.String(150), unique=True, nullable=False)\n password_hash = db.Column(db.String(200), nullable=False)\n\n def set_password(self, password):\n self.password_hash = generate_password_hash(password)\n \n # Method to compare given password with the hashed one\n def check_password(self, password):\n return check_password_hash(self.password_hash, password)"}]}],"\n",["$","p","p-2",{"children":["The ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"check_password"}]," method is designed to validate user-entered passwords by comparing them against the hashed password stored within the user model."]}],"\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"Password Validation"}],": It uses ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"check_password_hash"}]," to perform a secure comparison, ensuring that the hashed value of the provided password matches the one stored in the database."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"Return Value"}],": The method returns ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"True"}]," if the passwords match, allowing successful authentication, or ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"False"}]," if they do not match, indicating an authentication failure."]}],"\n"]}]]}]]}],["$","div","17637",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Implementing User Login Service"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Now, let's dive into the login functionality. We'll use the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"UserService"}]," to also handle the logic of authenticating a user with their credentials."]}],"\n",["$","p","p-1",{"children":["Here's the relevant function in ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"app/services/user_service.py"}],":"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"python","onClickPlay":"$undefined","display":"block","children":"from models.user import User, db\n\nclass UserService:\n \n # Register method... \n\n # Login method\n @staticmethod\n def login(username, password):\n # Retrieve user instance using its username\n user = User.query.filter_by(username=username).first()\n # Use the check_password method to compare the passwords\n if user and user.check_password(password):\n # Return the user object if login is successful\n return user\n # Return None if login fails due to invalid credentials\n return None"}]}],"\n",["$","p","p-2",{"children":"This function contains the logic needed for user authentication:"}],"\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"User Fetching"}],": We fetch the user based on the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"username"}],"."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"Password Checking"}],": If the user exists, we verify their password using the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"check_password"}]," method."]}],"\n",["$","li","li-2",{"children":[["$","strong","strong-0",{"children":"Return Value"}],": If both checks pass, the user object is returned. Otherwise, ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"None"}]," is returned to indicate unsuccessful login."]}],"\n"]}]]}]]}],["$","div","17638",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Creating User Login Route"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"Next, we'll implement the route that handles user login. This involves creating a route to process login requests and manage user sessions."}],"\n",["$","p","p-1",{"children":["Let’s include it to ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"app/controllers/user_controller.py"}],":"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"python","onClickPlay":"$undefined","display":"block","children":"from flask import Blueprint, render_template, request, redirect, url_for, flash, session\nfrom services.user_service import UserService\n\nuser_service = UserService()\n\nuser_controller = Blueprint('user', __name__)\n\n# Routes for rendering the template and registration...\n\n# Route for handling login\n@user_controller.route('/login', methods=['POST'])\ndef login():\n # Retrieve username and password from the registration form\n username = request.form['username']\n password = request.form['password']\n # Try to login the user using the provided username and password\n user = user_service.login(username, password)\n # # If successful, add user.id to session and redirect to the list page\n if user:\n session['user_id'] = user.id\n return redirect(url_for('todo.list_todos'))\n # If it fails, add failure flash message and redirect to auth page\n else:\n flash(\"Invalid username or password.\")\n return redirect(url_for('user.auth_page'))"}]}],"\n",["$","p","p-2",{"children":"Let's break it down:"}],"\n",["$","ul","ul-0",{"className":"list-disc pl-16 space-y-8","children":["\n",["$","li","li-0",{"children":[["$","strong","strong-0",{"children":"Data Collection"}],": First, we capture the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"username"}]," and ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"password"}]," from the login form."]}],"\n",["$","li","li-1",{"children":[["$","strong","strong-0",{"children":"Authentication"}],": Next, we use the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"login"}]," function from ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"UserService"}]," to verify credentials."]}],"\n",["$","li","li-2",{"children":[["$","strong","strong-0",{"children":"Session Management"}],": On successful login, the user’s ID is stored in the session to maintain their login state."]}],"\n",["$","li","li-3",{"children":[["$","strong","strong-0",{"children":"Feedback to User"}],": Finally, we provide feedback with flash messages, redirecting users accordingly based on login success."]}],"\n"]}]]}]]}],["$","div","17639",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Updating Middleware to Include Login Route"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"With the login functionality now implemented in the controller, let's update the authentication middleware to ensure users can access the login route without being logged in."}],"\n",["$","p","p-1",{"children":["Add ",["$","strong","strong-0",{"children":"'user.login'"}]," to the open routes in ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"app/middlewares/authentication_middleware.py"}],":"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"python","onClickPlay":"$undefined","display":"block","children":"from flask import session, redirect, url_for, request\n\ndef require_login_middleware(app):\n @app.before_request\n def require_login():\n # Include 'user.login' to the accessible endpoints\n if request.endpoint not in ['user.auth_page', 'user.register', 'user.login', 'static']:\n if 'user_id' not in session:\n return redirect(url_for('user.auth_page'))"}]}],"\n",["$","p","p-2",{"children":"This update allows users to reach the login endpoint unauthenticated."}]]}]]}],["$","div","17640",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Updating the Auth Template"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":["Now, let's ensure that our ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"auth.html"}]," template has a defined action for the login button to direct requests to the correct route. This will enable the form to send a POST request to the appropriate endpoint for logging in. Here's how the relevant section of the ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"auth.html"}]," file should look:"]}],"\n",["$","div","pre-0",{"className":"my-24","children":["$","$L3a",null,{"language":"html","onClickPlay":"$undefined","display":"block","children":"\n"}]}],"\n",["$","p","p-1",{"children":["The login button now directs the form submission to the ",["$","code","code-0",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user.login"}]," route while the register button routes to ",["$","code","code-1",{"className":"px-4 py-2 rounded-4 bg-theme-strong dark:bg-theme-medium text-code-lg","style":{"fontVariantLigatures":"none"},"children":"user.register"}],", managing authentication and registration individually."]}]]}]]}],["$","div","17641",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"User Flow Overview"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"To better understand how users interact with the login system in your Flask ToDo app, let's go through the flow step-by-step:"}],"\n",["$","ol","ol-0",{"className":"list-decimal pl-24 space-y-8","children":["\n",["$","li","li-0",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Registration"}],": A new user registers by providing a unique username and password. This information is securely stored in the database with the password hashed for security. Once registered, the user can proceed to log in."]}],"\n"]}],"\n",["$","li","li-1",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Login"}],": After registration, the user submits their username and password through the login form. The application processes the request, checking the credentials against the stored data."]}],"\n"]}],"\n",["$","li","li-2",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Authentication"}],": If the login credentials are correct, the user is authenticated. The app sets a session variable to keep the user logged in throughout their interaction with the app."]}],"\n"]}],"\n",["$","li","li-3",{"children":["\n",["$","p","p-0",{"children":[["$","strong","strong-0",{"children":"Access to Routes"}],": Once logged in, the user can try to access any route or feature in the app. The middleware now recognizes the user as authenticated, so it will not block or stop access to protected routes, allowing seamless navigation across the app's functionalities."]}],"\n"]}],"\n"]}],"\n",["$","p","p-1",{"children":"This flow ensures a secure and smooth user experience, guiding users from registration through login and authentication processes seamlessly."}]]}]]}],["$","div","17642",{"className":"space-y-32","children":[["$","div",null,{"className":"text-h-md text-theme-strong","children":"Summary and Practice Section"}],["$","div",null,{"className":"space-y-24 text-lg text-theme","children":[["$","p","p-0",{"children":"In this lesson, we’ve successfully implemented a login system for your Flask ToDo app, building on the previous registration setup. You now understand how to authenticate users through login credentials and secure sessions to provide access to protected routes."}],"\n",["$","p","p-1",{"children":"As you move on to the hands-on practice exercises, reinforce these concepts and experiment with them. You're doing great—keep it up!"}]]}]]}]],["$","div",null,{"className":"flex gap-16 justify-between md:justify-start","children":[[["$","div",null,{"className":"hidden md:block","children":["$","$L10",null,{"href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/implementing-secure-user-registration-in-flask","variant":"tertiary","size":"sm","LeadingIcon":"$3b","children":"Previous Lesson"}]}],["$","div",null,{"className":"md:hidden","children":["$","$L10",null,{"href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/implementing-secure-user-registration-in-flask","variant":"tertiary","size":"sm","LeadingIcon":"$3b","children":"Previous"}]}]],[["$","div",null,{"className":"hidden lg:block","children":["$","$L10",null,{"href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/adding-user-logout-to-flask-app","variant":"tertiary","size":"sm","TrailingIcon":"$3c","maxWidth":"47rem","children":"Next Lesson: Adding User Logout to Flask App"}]}],["$","div",null,{"className":"hidden md:block lg:hidden","children":["$","$L10",null,{"href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/adding-user-logout-to-flask-app","variant":"tertiary","size":"sm","TrailingIcon":"$3c","maxWidth":"33rem","children":"Next Lesson: Adding User Logout to Flask App"}]}],["$","div",null,{"className":"md:hidden","children":["$","$L10",null,{"href":"/learn/courses/securing-flask-todo-app-with-session-authentication/lessons/adding-user-logout-to-flask-app","variant":"tertiary","size":"sm","TrailingIcon":"$3c","children":"Next"}]}]]]}]]}],["$","div",null,{"className":"flex flex-col bg-gray-200 dark:bg-gray-1400 w-full px-20 md:px-24 pt-24 pb-48 items-center","children":["$","div",null,{"className":"max-w-screen-xl w-full flex flex-col lg:flex-row py-20 px-24 items-center justify-between gap-48 lg:gap-60 xl:gap-96","children":[["$","$L3d",null,{"alt":"Sign up","src":"/learn/img/signup-module.png","className":"h-auto w-[335px] md:w-[440px] lg:w-[480px] xl:w-[570px]","width":570,"height":336}],["$","div",null,{"className":"flex flex-col gap-32 ml-24 items-center lg:items-start","children":[["$","div",null,{"className":"text-h-md md:text-h-xl text-theme-strong text-center lg:text-start","children":"Join the 1M+ learners on CodeSignal"}],["$","div",null,{"className":"text-lg font-normal md:text-2xl text-theme text-center lg:text-start md:max-w-[536px] lg:max-w-none","children":"Be a part of our community of 1M+ users who develop and demonstrate their skills on CodeSignal"}],["$","$L35",null,{"size":"lg","pageType":"lessonPreview","uiRegion":"joinModule","children":"Start learning today!"}]]}]]}]}],"$L3e"]}]]}]