Create customers, manage authentication and authorization.

Customer account management

In order for a customer to place an order, he/she must create an account first. this allow customers to track their orders, and let the store admin had enough information to deliver the order.

Tradenity API offers the Customer resource which provides all the necessary infrastructure to create and manage user account, login and logout, safely store sensitive information such as password in encrypted format.

In this section we will learn how to integrate Tradenity Customer resource and related services within your application to allow your customers to create and manage their accounts.

To create a new customer

camerastore/account.py


@app.route("/register")
def register():
    form = RegistrationForm()
    return render_template("account/register.html", form=form)

The registration form looks like this:


<h2>Registration</h2>
<div class="registration-grids">
    <div class="reg-form">
        <div class="reg">
            <p>Welcome, please enter the following details to continue.</p>
            <p>If you have previously registered with us, <a href="/login">click here to login</a></p>
            <form action="/account/create" method="post" >
                <ul>
                    <li class="text-info">First Name: </li>
                    <li>{{ form.firstName() }}</li>
                </ul>
                <ul>
                    <li class="text-info">Last Name: </li>
                    <li>{{ form.lastName() }}</li>
                </ul>
                <ul>
                    <li class="text-info">Email: </li>
                    <li>{{ form.email() }}</li>
                </ul>
                <ul>
                    <li class="text-info">Username: </li>
                    <li>{{ form.username() }}</li>
                </ul>
                <ul>
                    <li class="text-info">Password: </li>
                    <li>{{ form.password() }}</li>
                </ul>
                <ul>
                    <li class="text-info">Re-enter Password:</li>
                    <li>{{ form.confirmPassword() }}</li>
                </ul>

                <input type="submit" value="REGISTER NOW"/>
                <p class="click">By clicking this button, you are agree to my  <a href="#">Policy Terms and Conditions.</a></p>
            </form>
        </div>
    </div>
</div>

To create a new Customer instance, we simply populate the Customer instance with data, then call Customer#create method.

camerastore/account.py


@app.route("/account/create", methods=['POST'])
def create():
    form = RegistrationForm(request.form)
    customer = Customer()
    if request.method == 'POST' and form.validate():
        form.populate_obj(customer)
        print "CUSTOMER: ", customer
        customer.create()
        return redirect("/login")
    else:
        return render_template("account/register.html", form=form)

Now, the customer created successfully. let’s implement the login functionality. We try to get a customer with the specified ID using Customer#find_by_username method. If it returns valid customer, we check the password.

Please note that the password stored as encrypted text using bcrypt algorithm, so to check for its validity, either use the provided Customer#is_valid_password or implement your own bcrypt matching. plain text comparison will not work.

camerastore/account.py


@app.route("/signin", methods=['POST'])
def signin():
    form = LoginForm(request.form)
    if form.validate():
        cust = Customer.find_by_username(form.username.data)
        if cust is not None and cust.is_valid_password(form.password.data):
            session['customer_id'] = cust.id
            if 'target_url' in session:
                target_url = session['target_url']
                session.pop('target_url', None)
            else:
                target_url = "/"
            return redirect(target_url)

    flash("Invalid credentials, try again!")
    return render_template("account/login.html", form=form)


camerastore/account.py


@app.route("/logout")
def logout():
    del session['customer_id']
    return redirect("/")