Skip to main content

Authentication Finesse

 Authentication Finesse

So far, we've used Replit authentication as a bit of a bully. It's forced users to authenticate on every page.


For a blog engine, this will probably put users off. We want them to be able to read your online literary genius without being turned off by having to create an account and login.


Today is all about finessing the Replit authenticator so that it works in a more subtle way.


Custom Buttons

To start, I've turned on the authenticator from the files panel and then select or use a prebuilt login page. Make sure you do this before you write any code!


πŸ‘‰ This time though, I've clicked the use your own custom button link.



 Now I've got some lovely code snippets to steal work with.


Add an HTML template

πŸ‘‰ Next I add in a HTML template page where the button will appear. The page is called page.html and can be found in your file tree. Here's the code:

<html>

  <head>

    <title>My Website</title>

  </head>


  <body>

    <h1>Here's my site</h1>

    <p>Everyone can read this.</p>

  </body>  

</html>


 And we read that page into our main.py Flask code too:


from flask import Flask


app = Flask(__name__)


@app.route('/')

def index():

  page = ""

  f = open("page.html", "r")

  page = f.read()

  f.close()

  return page



app.run(host='0.0.0.0', port=81)


Edit page.html

πŸ‘‰ Let's add the authentication. To do this, I'm editing the page.html file.


I used the auto add HTML package button in the authentication panel and moved the code into the header.

I used the Insert Custom Button option to add the button code to the body.

Here's the code to update in page.html:


<html>

  <head>

    <title>My Website</title>

    <script src="https://replit.com/public/js/repl-auth-v2.js"></script>

  </head>

  

  <body>

    <h1>Here's my site</h1>

    <p>Everyone can read this.</p>

    

    <button onclick="LoginWithReplit()"> Login </button>

  </body> 

</html>


Stopping the code and re-running it will show you the login button on your page.


Build a 'hello' page

πŸ‘‰ Now, let's build a quick 'hello' page that we can redirect a recognized user to.


Add the necessary imports from flask import Flask, request, redirect.

Check for a recognized user (in the index subroutine) and redirect if they are recognized:


def index():

  if request.headers["X-Replit-User-Name"]:

    return redirect("/hi")`


Build a quick hi page that displays the username:


@app.route("/hi")

def hi():

  page = ""

  page += f"""<h1>{request.headers["X-Replit-User-Name"]}</h1>"""

  return page

Add a quick if that redirects if the user is not logged in. This stops the user from adding /hi directly to the URL to try and bypass the login.

def hi():

  if not request.headers["X-Replit-User-Name"]:

    return redirect("/")


Here's the whole code:

from flask import Flask, request, redirect


app = Flask(__name__)


@app.route('/')

def index():

  if request.headers["X-Replit-User-Name"]:

    return redirect("/hi")


  page = ""

  f = open("page.html", "r")

  page = f.read()

  f.close()

  return page


@app.route("/hi")

def hi():

  if not request.headers["X-Replit-User-Name"]:

    return redirect("/")

  

  page = ""

  page += f"""<h1>{request.headers["X-Replit-User-Name"]}</h1>"""

  return page


app.run(host='0.0.0.0', port=81)


What's the Best Key?

User name might not be the best piece of info to use to identify a user because the user can change this. The thing that's unique that never changes is their user ID - this would be a good piece of info to use as a key because it's unique and permanent for every user.


We can also get information about:


What teams a user belongs to.

Roles (teacher, student, Replit staff etc)

Profile pic

Display The Pic

Yeah, that would be great, wouldn't it. Like a book of faces, a picture book, a face novel....Ok, I'll stop now.


Anyway, let's add the user's profile pic to the hi page:


πŸ‘‰ Here's the whole code:


from flask import Flask, request, redirect


app = Flask(__name__)


@app.route('/')

def index():

  if request.headers["X-Replit-User-Name"]:

    return redirect("/hi")


  page = ""

  f = open("page.html", "r")

  page = f.read()

  f.close()

  return page


@app.route("/hi")

def hi():

  if not request.headers["X-Replit-User-Name"]:

    return redirect("/")

  

  page = ""

  page += f"""<h1>{request.headers["X-Replit-User-Name"]}</h1>"""


  ###### The new bit ##################

  page += f"""<img src="{request.headers["X-Replit-User-Profile-Image"]}" width="200">"""

  

  return page


app.run(host='0.0.0.0', port=81)


Comments

Post a Comment

Popular posts from this blog

Web Scraping

 Web Scraping Some websites don't have lovely APIs for us to interface with. If we want data from these pages, we have to use a tecnique called scraping. This means downloading the whole webpage and poking at it until we can find the information we want. You're going to use scraping to get the top ten restaurants near you. Get started πŸ‘‰ Go to a website like Yelp and search for the top 10 reastaurants in your location. Copy the URL.   url = "https://www.yelp.co.uk/search?find_desc=Restaurants&find_loc=San+Francisco%2C+CA%2C+United+States"   Import libraries πŸ‘‰ Import your libraries. Beautiful soup is a specialist library for extracting the contents of HTML and helping us parse them. Run the Repl once your imports are sorted because we want the Beautiful Soup library to be installed (it'll run quicker this way). import requests from bs4 import BeautifulSoup url = "https://www.yelp.co.uk/search?find_desc=Restaurants&find_loc=San+Francisco%2C+CA%2C+Unite...
Post a Comment
Read more

Client/Server Logins

 Client/Server Logins Waaay back when we learned about repl.db, we mentioned the idea of a client/server model for storing data in one place and dishing it out to multiple users. This model is the way we overcome the issue with repl.db of each user getting their own copy of the database. Well, now we can use Flask as a webserver. We can build this client server model to persistently store data in the repl (the server) and have it be accessed by multiple users who access the website via the URL (the clients). Get Started Previously, we have built login systems using Flask & HTML. We're going to start with one of those systems and adapt it to use a dictionary instead. πŸ‘‰ First, let's remind ourselves of the way the system works. Here's the Flask code. Read the comments for explanations of what it does: from flask import Flask, request, redirect # imports request and redirect as well as flask app = Flask(__name__, static_url_path='/static') # path to the static fil...
Post a Comment
Read more

HTTP & Sessions

 HTTP & Sessions One of the main protocols (rules that govern how computers communicate) on the web is called HTTP. HTTP is what is known as a stateless protocol. This means that it doesn't 'remember' things. It's a bit like having a conversation with a goldfish. You can ask a question and get a reply, but when you ask a follow up question, the original has already been forgotten, as has who you are and what you were talking about. So if HTTP is stateless, how come my news site remembers to give me the weather for my home town, my preferred South American river based online store tells me when it's time to order more multivitamins, and I'm justifiably proud of my #100days success streak? The answer is......... Sessions Sessions are a way of storing files on your computer that allows a website to keep a record of previous 'conversations' and 'questions' you've asked. By using sessions, we can store this info about the user to access later....
Post a Comment
Read more