Chapter 5. Authenticating Users
In this chapter, we will add user authentication to our site. Being able to distinguish one user from another allows us to develop an entirely new class of features. For instance, we will see how to restrict access to the create, edit, and delete views, preventing anonymous users from tampering with site content. We can also display a user's draft posts to them, but hide them from everyone else. This chapter will cover the practical aspects of adding an authentication layer to the site, and wrap up with a discussion of how to use sessions to track anonymous users as well.
In this chapter we shall:
- Create a database model to represent users
- Install Flask-Login and add the LoginManager helper to our site
- Learn to securely store and validate passwords using cryptographic hash functions
- Build forms and views for logging users in and out of the site
- See how to reference the logged-in user in views and templates
- Limit access to views to logged-in users
- Add...