WEBVTT 00:02.410 --> 00:07.480 So let's continue working on the authentication process and right now, I mean, Handler's dash appeared, 00:07.500 --> 00:14.620 I'd go and I'm looking at the creator of Token Handler and all we've done so far is to declare a variable 00:14.620 --> 00:22.600 here, user input, read the information into that using our region function and send back the bad requests 00:22.600 --> 00:23.460 if things go wrong. 00:23.470 --> 00:27.660 And then we've hardcoded a response down here that just says things worked as expected. 00:27.670 --> 00:31.270 And of course, all of this stuff in the middle is what we need to do. 00:31.270 --> 00:33.370 And as you can see, you have added a few comments here. 00:34.150 --> 00:39.100 And what we want to do is after we've got the input from the user, where we have their email and whatever 00:39.100 --> 00:44.890 password they've entered, we want to get that user or at least try to get that user from the database 00:44.890 --> 00:48.430 by email address and then send back some kind of error message. 00:48.430 --> 00:55.270 If the email is invalid, if the email is valid, the next step is to validate that password, to compare 00:55.270 --> 01:00.430 what they entered against the hash we have stored in the database and again, send an error back if 01:00.430 --> 01:07.600 there's an invalid password, if both of those things pass at that point, we want to generate the token 01:07.600 --> 01:10.450 we're going to send back to them and send that back as a response. 01:10.870 --> 01:13.950 So there's a few things we have to do before we can get too much further. 01:13.960 --> 01:17.580 So let's get started with this, getting the user from the database by email. 01:18.280 --> 01:25.600 So I'm going to go over to models DOT go and I'll just scroll the very bottom and I'll put a database 01:25.600 --> 01:29.260 method in here that allows us to look up a user by email address. 01:29.680 --> 01:32.340 And I'll call this func with a receiver of M. 01:32.530 --> 01:38.680 D model like everything else in this package, and we'll call it and get user by email, which seems 01:38.680 --> 01:39.160 logical. 01:39.430 --> 01:43.660 And we're going to take one parameter which we'll call email, and it's a string and we're going to 01:43.660 --> 01:49.610 return potentially a user if we can find the user and potentially an error if we cannot. 01:50.440 --> 01:56.020 So we'll use our standard context, logic, which I'll just copy from the insert customer because it's 01:56.020 --> 02:00.610 exactly the same and it will save some typing and paste that in here. 02:01.240 --> 02:07.510 And now I will actually take the email address that we've been handed and I'm going to convert that 02:07.510 --> 02:13.020 to lowercase because I'm only going to store email addresses in lowercase and sometimes people entered 02:13.030 --> 02:13.720 in the wrong way. 02:13.720 --> 02:22.210 So we'll use the strings package and we'll use that to lower function and convert email to lowercase. 02:23.320 --> 02:26.680 So now we have a valid email address we can use to look things up. 02:26.680 --> 02:29.860 So we'll create a variable to store a result for you as user. 02:31.240 --> 02:32.590 And I will query the database. 02:32.590 --> 02:33.700 So we're looking for a row. 02:34.510 --> 02:39.850 That's what we're getting back from DB query row context right there. 02:40.810 --> 02:47.110 And we had it the context and then we handed our query, which I'll just put right in here because it's 02:47.110 --> 02:47.650 pretty short. 02:47.740 --> 02:48.480 So I'll use back. 02:48.740 --> 02:50.320 So I have lots of room to type things. 02:53.770 --> 03:01.810 And the queries just select, which you have to spell, right, we're going to select Idy first name, 03:03.370 --> 03:22.300 last name, email password created at an update from users where email equals questionmark and I'll 03:22.300 --> 03:25.870 move this back, take up on the same line just so things are a little more attractive. 03:28.600 --> 03:31.450 And of course, our substitution is what we received email. 03:35.400 --> 03:42.970 So there's our call to the database now, we'll try to scan that into our variable, there is a sign 03:42.990 --> 03:45.120 the value of rodents can. 03:47.380 --> 03:54.980 Give ourselves more room and we're going to scan this into user, don't you, ID, and then we'll just 03:54.980 --> 03:56.210 duplicate this a few times. 03:58.510 --> 03:59.290 First name. 04:01.920 --> 04:05.400 Last name, email. 04:09.080 --> 04:09.740 Password 04:13.820 --> 04:14.330 created 04:17.180 --> 04:23.780 and updated, and we check for an error, if error is not equal to nil, 04:27.020 --> 04:28.640 return you and the error. 04:31.880 --> 04:37.100 Otherwise return, you know, and let's give this a comment, 04:43.010 --> 04:45.830 gets a user by email address. 04:48.820 --> 04:54.340 So we have that function available to us, that means we can go back to Handler's Dash API and actually 04:54.340 --> 05:04.600 try to get the user so user an error or assign the value of DB, get user by email and we're handing 05:04.600 --> 05:07.990 it user input email. 05:09.460 --> 05:11.740 Now, of course, at this point we want to check for an error. 05:12.130 --> 05:19.390 So if error is not equal to nil, we want to send a response back. 05:19.390 --> 05:23.290 And the response we want to send back is that this is invalid credentials. 05:23.300 --> 05:25.240 You didn't give me valid credentials. 05:25.240 --> 05:28.610 And in fact, that's the kind of status code we want to send back. 05:29.650 --> 05:34.660 Now, this is the sort of thing we might be doing fairly often, authenticating users, making sure 05:34.660 --> 05:39.540 that we have a valid username and password, whatever the case may be, we might do this more than once. 05:39.550 --> 05:45.460 So it seems to me it might be useful to go over to help restart, go and to write some kind of function, 05:45.460 --> 05:47.140 maybe invalid credentials. 05:47.530 --> 05:51.720 And then it's very easy for us to send back that message, invalid credentials. 05:52.300 --> 05:55.180 So let's take care of that and we'll do that in the next lecture.