Level 3 web application Python CS
当前位置:以往案例 > >Level 3 web application Python CS
2018-10-18

Level 3

The Level 3 requirements concentrate on being able to log in and out of the
application and see a page customised for the user. To meet this level you must implement another
set of procedures in the moduleuser.py, and one more procedure ininterface.py
and then extend your
web application to allow user login.

Unit Tests

This level adds four procedures in a newusers
that deal with authenticating users
and managing user sessions, and another procedure
in theinterfacemodule to access images for a given user.
They act as an interface to theusersandsessionstables in
the database.   These procedures are
implemented in the moduleusers.py; a version of
this file with just the procedure stubs is provided for you.

  1. check_login

    There is a procedurecheck_loginin theusersmodule
    that takes three arguments, a database connection, a user nick and a password, and returns
    True if the password is correct for this user and False otherwise.
    Note that the password is stored in the database in encrypted form.
    You can use the methoddb.crypt(text)to encrypt
    a password (wheredbis a database connection).

  2. generate_session

    There is a proceduregenerate_sessionin theusersmodule
    that takes two arguments,
    a database connection and a user nick. If the nick doesn't correspond to
    an existing user, then it returns None.  If this user doesn't already
    have an active session (an entry in the sessions table) then a new
    entry is created.   If there is an existing entry, then the existing
    session id is retrieved. The procedure then creates a cookie in the
    Bottleresponsewith the namesessionidand a value of the session id for this user.
    The procedure returns thesessionid.

  3. delete_session

    There is a proceduredelete_sessionsin theusersmodule
    that takes two
    arguments, a database connection and a user nick.  The procedure
    removes all entries for this user in the sessions table. It does
    not return a value.

  4. session_user

    There is a proceduresession_userin theusersmodule
    that takes
    one arguments, a database connection, and
    returns the name of the logged in user if one can be identified or
    None if not.   This is done by finding the session id from the cookie
    in the Bottlerequestif present, and using it to look up
    the user in the sessions table.

Functional requirements


As for level two plus:

  1. Login Form

    As a visitor to the site, when I load the home page, I see a form with entry
    boxes for nick and password and a button labelled Login.

  • The login form will have the id 'loginform' and
    will use fields named 'nick' and 'password'.

  • Theactionof the login form will be/login.

  • Logging In

    As a registered user, when I enter my user nickname (eg. Bobalooba)
    and password (bob) into the
    login form and click on the Login button, the response is a
    redirect to the main application page (/). When my browser loads
    that page I see the normal home page with the login form replaced by the message "Logged in as Bobalooba" and a button labelled Logout.

    • The response generated by the successful login action
      is a redirect (302 Found) response that redirects the user
      to the home page.

    • The redirect response also includes a cookie with the
      namesessionidthat contains some kind of random string.

    • The logout button will be in a form with idlogoutform
      and have aninputsubmit field with
      the namelogout.

  • Failed Login

    As a registered user, when I enter my email address but get my password
    wrong and click on the Login button, the page I get in response contains
    a message "Login Failed, please try again".  The page also includes another
    login form.

  • Posting a Job

    As a registered user, I can fill out a form on the main
    page to create a new job listing (position), when I submit the form I am redirected
    to the main page and my new position appears in the list.


    • The form to post a new position will have the idpostform

    • The action attribute for the form will be the URL/post

  • Logout Button

    As a registered user, once I have logged in, every page that I request
    contains my name and the logout button.

  • Logging Out

    As a registered user, once I have logged in, if I click on the Logout
    button in a page, the page that I get in response is the site home
    page which now doesn't have my name and again shows the login form.


    • The response to a logout request is again a redirect
      (302 Found) response that redirects the user to the home
      page.

    • When I now request the home page, I see the login form again because
      the session has been deleted.

    Your Task

    To achieve these requirements you will need to implement the new procedures
    ininterface.pyandusers.pyand then make
    use of these to extend your application to support user login and posting messages.

    This may seem like a huge task but the number of features and tests listed
    above are there to make your job as clear as possible.   Take each
    task a step at a time and read the requirements clearly.

    The following chapters in the notes may be useful:



    在线提交订单