Sessions

[rishabhKalakoti]

TODOs

• basic login/ register interface and handler
• logged_in function that matches cookies to check if a user is logged in
• add accessibility check for handlers using logged_in
• create_session function to create a new session if login successful
• finalize: logout and cookie expiry

fixes #117

[rishabhKalakoti]

@theSage21 need some help with cookies in python, i checked a few links but can't handle them till now... plz help regarding setting/ deleting/ retriving cookies
I tried using http.cookies

[theSage21]

Ah yes. Cookies are a pain to work with if you don't fully understand them. There are a few things to keep in mind:

1. cookies are set via response headers
2. browser can completely ignore them 😄 if it so chooses
3. cookies have a path. They are sent only for paths which contain that path. Default is the path that set the cookie
4. they have an age
5. they are sent only for certain domains

I suggest going through bottle's cookies docs and reading through all the options present there. Might help you understand a little better. In fact, see the code if it's still not clear.

Finally you'll have to do something like:

bottle.response.set_cookie(name, value, path='/')

[rishabhKalakoti]

What else can I add in this one? The ones mentioned in the issue have been handled

[theSage21]

checking to see if someone is logged in is used in a lot of places. What I like to do is use a python decorator. Then the code looks like this:

@app.get('/some/url')
@login_required
def myfunction():
    ...

While the login logic is retained in a single place which might look like this:

def login_required(function):
    def new_function():
        cookie = bottle.request.get_cookie('s_id')
        if not cookie_is_ok(cookie):
            return abort(403, 'Please login')
        # Now that everything is ok call the original function
        return function()
    return new_function

[theSage21]

We can do a single hidden field + show password button or something. I don't like double password entries. 😂

…

On Thu 16 May, 2019, 14:59 Rishabh Kalakoti, ***@***.***> wrote: ***@***.**** commented on this pull request. ------------------------------ In views/home.html <#122 (comment)>: > + <label>Password</label> + <input type="password" name="password" required /><br /> + <input class="btn btn-primary" type="submit" value="Login" /> + </form> + </div> + <div id="register" class="tab-pane container fade"> + <form name="register" method="post" action="/register"> + <label>Username:</label> + <input type="text" name="username" required /><br /> + <label>First name:</label> + <input type="text" name="firstname" required /><br /> + <label>Last name:</label> + <input type="text" name="lastname" /><br /> + <label>Password:</label> + <input type="password" name="password" required /><br /> + <label>Confirm Password:</label> I would prefer hidden instead of plaintext as it is a password field, your call. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#122?email_source=notifications&email_token=AB2WHUPANK66T3MHIDOBNLTPVUSRHA5CNFSM4HNI6GJKYY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOBYZ5P5Q#discussion_r284618977>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AB2WHUNLWODQANVDTYS7GIDPVUSRHANCNFSM4HNI6GJA> .

[rishabhKalakoti]

I tried something. Let me know if the decorator and message displaying is satisfactory. I kept just one password for now.