Level 3
The Level 3 requirements concentrate on being able to log in and out of the
application and see a page customised for the user. To meet this level you must implement another
set of procedures in the module user.py, and one more procedure in interface.py
and then extend your
web application to allow user login.
Unit Tests
This level adds four procedures in a new users
that deal with authenticating users
and managing user sessions, and another procedure
in the interface module to access images for a given user.
They act as an interface to the users and sessions tables in
the database. These procedures are
implemented in the module users.py; a version of
this file with just the procedure stubs is provided for you.
check_login
There is a procedure check_login in the users module
that takes three arguments, a database connection, a user nick and a password, and returns
True if the password is correct for this user and False otherwise.
Note that the password is stored in the database in encrypted form.
You can use the method db.crypt(text) to encrypt
a password (where db is a database connection).
generate_session
There is a procedure generate_session in the users module
that takes two arguments,
a database connection and a user nick. If the nick doesnt correspond to
an existing user, then it returns None. If this user doesnt already
have an active session (an entry in the sessions table) then a new
entry is created. If there is an existing entry, then the existing
session id is retrieved. The procedure then creates a cookie in the
Bottle response with the name sessionid and a value of the session id for this user.
The procedure returns the sessionid.
delete_session
There is a procedure delete_sessions in the users module
that takes two
arguments, a database connection and a user nick. The procedure
removes all entries for this user in the sessions table. It does
not return a value.
session_user
There is a procedure session_user in the users module
that takes
one arguments, a database connection, and
returns the name of the logged in user if one can be identified or
None if not. This is done by finding the session id from the cookie
in the Bottle request if present, and using it to look up
the user in the sessions table.
Functional requirements
As for level two plus:
Login Form
As a visitor to the site, when I load the home page, I see a form. with entry
boxes for nick and password and a button labelled Login.
The login form. will have the id loginform and
will use fields named nick and password.
The action of the login form. will be /login.
Logging In
As a registered user, when I enter my user nickname (eg. Bobalooba)
and password (bob) into the
login form. and click on the Login button, the response is a
redirect to the main application page (/). When my browser loads
that page I see the normal home page with the login form. replaced by the message "Logged in as Bobalooba" and a button labelled Logout.
The response generated by the successful login action
is a redirect (302 Found) response that redirects the user
to the home page.
The redirect response also includes a cookie with the
name sessionid that contains some kind of random string.
The logout button will be in a form. with id logoutform
and have an input submit field with
the name logout.
Failed Login
As a registered user, when I enter my email address but get my password
wrong and click on the Login button, the page I get in response contains
a message "Login Failed, please try again". The page also includes another
login form.
Posting a Job
As a registered user, I can fill out a form. on the main
page to create a new job listing (position), when I submit the form. I am redirected
to the main page and my new position appears in the list.
The form. to post a new position will have the id postform
The action attribute for the form. will be the URL /postLogout Button
As a registered user, once I have logged in, every page that I request
contains my name and the logout button.
Logging Out
As a registered user, once I have logged in, if I click on the Logout
button in a page, the page that I get in response is the site home
page which now doesnt have my name and again shows the login form.
The response to a logout request is again a redirect
(302 Found) response that redirects the user to the home
page.
When I now request the home page, I see the login form. again because
the session has been deleted.
Your Task
To achieve these requirements you will need to implement the new procedures
in interface.py and users.py and then make
use of these to extend your application to support user login and posting messages.
This may seem like a huge task but the number of features and tests listed
above are there to make your job as clear as possible. Take each
task a step at a time and read the requirements clearly.
The following chapters in the notes may be useful:
covers using cookies and a sessions table to create user sessions.
describes
handling form. input in a Bottle script.
describes the
way to send queries to SQLite and get results back.
looks at using
SQLite databases as part of an appliication.
covers running unit tests.