Login Process
Last updated
Last updated
User logs in with username and password
API checks for user in the database
API checks for the users password if user is found
API hashes password provided again
The hashed password provided should match the hashed password in the database
If they match, user receives token
Fist we will have to set up a auth.py
file to keep it separate in the routers
folder
This makes more sense then having it in a single file
from fastapi import APIRouter, Depends, status, HTTPException, Response
from sqlalchemy.orm import Session
from .. import database
router = APIRouter(
tags=['Authentification']
)
@router.post("/login")
def login(db: Session = Depends(database.get_db())):
pass
We also need to create a schema for the user login
class UserLogin(BaseModel):
email: EmailStr
password: str
Now we will store this in our function
@router.post("/login")
def login(user_credentials: schemas.UserLogin, db: Session = Depends(database.get_db())):
pass
We have to make a request to our database, specifically our users table to retrieve the user based on email
from .. import database, schemas, models
@router.post("/login")
def login(user_credentials: schemas.UserLogin, db: Session = Depends(database.get_db())):
user = db.query(models.User).filter(models.User.email == user_credentials.email).first
If we do not have a user, we need to raise an exception
@router.post("/login")
def login(user_credentials: schemas.UserLogin, db: Session = Depends(database.get_db())):
user = db.query(models.User).filter(models.User.email == user_credentials.email).first
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials")
Now that we have the password, we need to compare this to the hashed password in our database
First we need to hash the provided password (we will create this in the utils.py
file)
def verify(plain_password, hashed_password):
return pwd_context.verify(plain_password, hashed_password)
Now we can import this function in our auth.py
file and verify the password
Additionally raise an exception if the password does not match
from .. import database, schemas, models, utils
@router.post("/login")
def login(user_credentials: schemas.UserLogin, db: Session = Depends(database.get_db())):
user = db.query(models.User).filter(models.User.email == user_credentials.email).first()
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials")
# Password Verification
if not utils.verify(user_credentials.password, user.password):
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail=f"Invalid Credentials")
Next steps would be:
Create Token
Return Token